# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: crysan, 3losh, 3loshrat, resolverrat # Reference: https://twitter.com/suyog41/status/1130804704152305664 mikus192091.ddns.net # Reference: https://twitter.com/luc4m/status/1106618159522635776 queda212.duckdns.org # Reference: https://twitter.com/CERT_Polska/status/1072793091856392192 # Reference: https://www.cert.pl/news/single/trojan-oraz-ransomware-w-kampanii-podszywajacej-sie-pod-inpost/ 213.152.161.99:47390 213.152.161.100:47390 213.152.161.101:47390 213.152.161.102:47390 213.152.161.103:47390 213.152.161.232:47390 213.152.161.233:47390 213.152.161.234:47390 213.152.161.235:47390 213.152.161.99:47392 213.152.161.100:47392 213.152.161.101:47392 213.152.161.102:47392 213.152.161.103:47392 213.152.161.232:47392 213.152.161.233:47392 213.152.161.234:47392 213.152.161.235:47392 # Reference: https://twitter.com/Threat_hunts/status/1135810121227882499 # Reference: https://app.any.run/tasks/5ad34df1-b5a8-415f-9496-334d9bfdd7b1/ 95.167.151.253:7707 # Reference: https://twitter.com/James_inthe_box/status/1141072205771448320 kizzoyi.duckdns.org # Reference: https://twitter.com/powershellcode/status/1148234398703030273 internetexploter.duckdns.org systenfailued.ddns.com.br # Reference: https://twitter.com/DynamicAnalysis/status/1165901579536539649 79.134.225.90:4782 # Reference: https://twitter.com/James_inthe_box/status/1167217092245872640 # Reference: https://app.any.run/tasks/8eb2d184-08ec-40ab-8742-32f6988c5638/ 23.105.131.169:6606 193.56.28.173:7707 193.56.28.173:8808 rownip.3utilities.com rownip.mooo.com rownip.theworkpc.com rownip.dyndnss.net rowanyne.ooo # Reference: https://twitter.com/JAMESWT_MHT/status/1169142417754337281 # Reference: https://app.any.run/tasks/308651b4-37c0-4c66-87ba-5bf05d1ff411/ 79.134.225.115:4404 eg-east.com # Reference: https://twitter.com/dcTavvy/status/1188352813937463298 # Reference: https://app.any.run/tasks/6aedb064-1078-4304-b1e8-a8205a5ba698/ 193.161.193.99:43158 Lolikot-43158.portmap.host # Reference: https://twitter.com/JayTHL/status/1197240502699073537 5.62.41.111:5320 91.193.75.151:5320 netty.myftp.biz ify.insidedns.com # Reference: https://www.virustotal.com/gui/file/598ba7562062467fbf05d47bfadf27578a8ed4d5d5abdf17a5a4820ad71651bf/detection 3.19.3.150:6606 # Reference: https://twitter.com/w3ndige/status/1214596648644620288 # Reference: https://app.any.run/tasks/509acd2f-9474-44d4-aac2-d186a4716bef/ g.top4top.io # Reference: https://twitter.com/killamjr/status/1217630017116499968 # Reference: https://app.any.run/tasks/2517942c-3364-4d56-93ab-cfa47fd14299/ 101.86.170.36:1199 45.11.19.240:7707 xred.mooo.com # Reference: https://www.virustotal.com/gui/file/cc7a634047451f72a51766d1b6e33ce8a154579d80f6abcf9a109ff64c22f3a6/detection 177.98.43.164:7707 skypeprocesshost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/0c8a1d1eb4a0ee3ca2cf22cb4ede61f85e5170885549769984110edb6b64a236/detection 179.95.221.147:6606 179.95.221.147:7707 179.95.221.147:8808 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/b1a7fda679c569e51e4b1239d044bb6e6e1f3557ccd2060c32a11b0978919b2d/detection 177.206.102.68:7707 177.206.102.68:9830 # Reference: https://www.virustotal.com/gui/file/366c8707d33501338e524e4c70f8b10ac993341134aa28b32a550f06911ba646/detection 191.32.227.90:7707 # Reference: https://www.virustotal.com/gui/file/d60372f5bbed48ea826b894402e4412a478979b590bed2b9b0d1d84017549bd0/detection 177.133.237.246:9830 179.180.17.194:7707 # Reference: https://www.virustotal.com/gui/file/9fbc310b2579816b488dbc44485acd418b20a72ef8dceb558f645a735fe10f05/detection 177.98.43.164:6606 # Reference: https://www.virustotal.com/gui/file/4913ae8055d7c6f225c0bd63ffceb28138483b39d9887de8ebcc8773e9d0d46f/detection 177.98.43.164:9830 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/9a3e8a5bd3bfae58180089d27f1e23ba5f8118272b903a4ce99047969874a989/detection 177.133.246.134:9830 # Reference: https://www.virustotal.com/gui/file/ef332bc4cca2207ceb999f77d3e8a02b9d3b2c475d39310d2f1b09ae8f335de9/detection 177.133.246.134:7707 # Reference: https://www.virustotal.com/gui/file/6ede0a69b6d4d7b9cddc97ed35f58a284427fa92923d7a3e9e1442a5a0ad1b46/detection 177.98.127.109:7707 177.98.127.109:8808 # Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection 177.133.235.48:6606 177.133.235.48:8808 177.133.235.48:9830 # Reference: https://www.virustotal.com/gui/file/d0ca0770e89e27b72703029c7900853a655be67c65fb1bcbd0c652eceb3b384f/detection 177.75.41.182:6606 # Reference: https://app.any.run/tasks/5e7bb6ce-39e9-4243-8802-968c8fb28753/ cloudclout.duckdns.org 79.134.225.38:7707 # Reference: https://app.any.run/tasks/823454cc-ac69-47d8-821a-262f4226ca10/ sbmsbm20.duckdns.org 64.225.20.238:2030 # Reference: https://www.virustotal.com/gui/file/712bc10802ec06baeb0774fa92d2816c477d6a5dceb0ac9960120344fcf7e1f7/detection 141.255.159.75:6606 141.255.159.75:7707 141.255.159.75:8808 # Reference: https://www.virustotal.com/gui/file/55618c029549b2e2f8919902d09c19658e98390cc3e3faeb05743f091e22818d/detection 79.135.146.203:6606 79.135.146.203:7707 79.135.146.203:8808 # Reference: https://app.any.run/tasks/5bbbc0e9-1c84-413d-be8e-371aa483f11b/ 141.255.146.30:6606 141.255.146.30:7707 141.255.146.30:8808 # Reference: https://app.any.run/tasks/f44c32ed-727b-437b-9249-743b5ae74ed4/ 185.140.53.12:21000 # Reference: https://twitter.com/wwp96/status/1236015091029590017 # Reference: https://app.any.run/tasks/7a110950-e58a-4f0a-80ab-fc17c39d38cd/ 185.140.53.154:6606 185.140.53.154:7707 185.140.53.154:8808 # Reference: https://twitter.com/JayTHL/status/1240390421467074561 216.38.8.179:5505 216.38.8.179:6606 216.38.8.179:7707 216.38.8.179:8808 peacelist.ignorelist.com # Reference: https://app.any.run/tasks/96716bfb-5070-40e4-bda5-d6573d7e1e55/ # Reference: https://app.any.run/tasks/d292b50e-71d7-46c2-9c75-3c053b7c36cd/ 46.183.223.29:6606 46.183.223.29:7707 46.183.223.29:8808 # Reference: https://twitter.com/James_inthe_box/status/1243161779212935168 # Reference: https://app.any.run/tasks/393f52ea-8176-4081-9f69-2e4706e7f27a/ 51.75.154.242:1515 # Reference: https://www.virustotal.com/gui/file/77e5748478eb6c6064e118bd35ef28f90bfd0eb908eee0291b994c9a6d5b11f5/detection # Reference: https://www.virustotal.com/gui/file/b892431179d2ed7f4b5c68eff968491b7716a067b6ab16caa5e204c9766d5bcf/detection 41.104.11.200:7707 41.104.122.164:7707 41.104.221.163:7707 41.105.197.112:7707 41.109.189.104:7707 41.109.193.177:7707 41.109.228.158:7707 41.109.242.126:7707 91.109.176.6:7707 91.109.178.2:7707 91.109.178.6:7707 91.109.182.2:7707 91.109.182.3:7707 91.109.182.5:7707 91.109.186.5:7707 91.109.188.10:7707 91.109.190.2:7707 91.109.190.7:7707 # Reference: https://twitter.com/James_inthe_box/status/1248964446505947136 # Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/ 77.247.127.128:8855 88futur.xyz # Reference: https://twitter.com/James_inthe_box/status/1250441655452237825 # Reference: https://app.any.run/tasks/a8c80640-e0bc-499c-bd8b-de1c9166d4dc/ 45.32.167.239:6606 45.32.167.239:7707 45.32.167.239:8808 hdkshnfk.ddns.net # Reference: https://www.virustotal.com/gui/file/51482d0164957eec01b4916354b5a992e6705655bcb44ca4b0b2a520e3b64e6c/detection 192.169.69.25:6606 192.169.69.25:7707 192.169.69.25:8808 soucdtevoceumcuzao.duckdns.org # Reference: https://www.virustotal.com/gui/file/626879e64f571e21902bdc2f249ce247e03420e8656990d54f3ab4ceb99b4fb4/detection 105.111.80.222:4000 azure34.mywire.org # Reference: https://twitter.com/ScumBots/status/1250963567366545408 # Reference: https://www.virustotal.com/gui/file/b465ae7940f04cb8b6f6baf9a288eecb5e405290bf48b18fe70ba41e9cc97389/detection 192.169.69.25:4000 amazon34.duckdns.org # Reference: https://www.virustotal.com/gui/file/5abfea336ec1f8f078499dd4713d65b5e75c59243b6137af1f5297706413dc63/detection 105.103.214.89:4000 amazon3407.mooo.com # Reference: https://www.virustotal.com/gui/file/6f5567af58976eb61af59c7edf1e5cdad7e3cd2fc60c16b123dfa53cd44e8f6d/detection 85.229.141.17:1337 92.34.156.156:1337 bob1337.chickenkiller.com getconnected.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/762a570980637077dbf431c691c38de20e50474d0c67003b4483c6f20a16e533/detection 129.56.25.121:6743 asyncrat6743.ddns.net # Reference: https://www.virustotal.com/gui/file/5e6bd1b03148962cff91b0f6a1d4e915bafd1049931d5d4ff2bda151bd761e28/detection unknownamehost.ddns.net # Reference: https://www.virustotal.com/gui/file/f17981f481d0e31ac51cbf66b5c94d3f73d5a2647a158370ab9e6b3357a00f9f/detection unknowhostname.ddns.net # Reference: https://twitter.com/ScumBots/status/1250960155900104705 # Reference: https://www.virustotal.com/gui/file/5a4958af2c13c0a9a6eff86bb5f4fd339a85a66249a22278cc5b50cecd89188a/detection 88.208.245.177:1443 # Reference: https://www.virustotal.com/gui/file/8c344acd0dfc01ac093b4a4407cd2f126f74bae0ca5b66f92912d522160ac639/detection 103.82.249.19:8808 # Reference: https://twitter.com/mahnyan1/status/1251321072865042435 babyboyhammer2.duckdns.org # Reference: https://www.virustotal.com/gui/file/e9c607f263a990db1bf0465c8688ed7ce7e5f294845041fb56af313df34f45df/detection 176.31.26.213:6606 176.31.26.213:7707 # Reference: https://www.virustotal.com/gui/file/7bebcd498c41f74199691dd8c0d9144f562b4c71dc9c96607260689397ba2285/detection 178.209.46.144:20108 73ch91ch13f.100chickens.me # Reference: https://www.virustotal.com/gui/file/a0e26b77db21ef8899c3b18fa562a53f51b37a3cb8677034bbd8c2c5b37cf78b/detection 193.161.193.99:61436 karakan123-50010.portmap.io # Reference: https://www.virustotal.com/gui/file/dd8069de43a40341482301c95b3a05d0201a9386a5c586b17451ca37447dd1ac/detection 152.246.228.24:6606 152.246.63.32:6606 # Reference: https://www.virustotal.com/gui/file/1c7dccd9e95acff427990af9670ad69d54fcc056aa0eb7744ec8f22d35088c45/detection 193.161.193.99:56282 # Reference: https://twitter.com/ScumBots/status/1250963480783527938 # Reference: https://www.virustotal.com/gui/file/31345f8b3aefaaa13a783f4febe071bb8da7ae27f5f5c06024f9f29db0116321/detection 192.169.69.30:6606 192.169.69.30:7707 192.169.69.30:8808 # Reference: https://twitter.com/ScumBots/status/1250963998922739712 # Reference: https://www.virustotal.com/gui/file/91ecc56db47e5fe085075ff0d7fa76d2911e787734b95b81a4570a15a45444b9/detection 192.254.74.210:6606 192.254.74.210:7707 192.254.74.210:8808 # Reference: https://twitter.com/ScumBots/status/1250964170302009344 cmradelucifer.ddns.net # Reference: https://www.virustotal.com/gui/file/9ee035f65117dd6ead3f1da5a952df99efbaa39c7345fc11f8ccbbb6ecf86037/detection 168.197.229.117:6606 168.197.229.117:7707 168.197.229.117:8808 79.134.225.20:6606 79.134.225.20:7707 79.134.225.20:8808 # Reference: https://www.virustotal.com/gui/file/4a5cea334cdd0c4042498850f591717d0677fb606331d11210f7b5d2b3a27ff2/detection 213.213.206.18:3306 # Reference: https://www.virustotal.com/gui/file/d09e5b5fabdfa8578b377d46b44fcddc0772a92750e4ead921e2e56e97cdda35/detection 185.165.153.95:8989 # Reference: https://www.virustotal.com/gui/file/a3f870eeaf9cb8e486363b1ff8e1fb79937ed85bab6237ee6123125ad3a43290/detection 186.53.186.235:4132 yugdab.duckdns.org # Reference: https://www.virustotal.com/gui/file/1b5e3eb733257954a9dd28f6a3e081d941deaa73418d4b22beaa3200a8f96285/detection 41.140.208.184:6606 asco.dynu.net # Reference: https://www.virustotal.com/gui/file/0e0bf4239bf7472066cb37ab517d74b1102c69af9e0feca64d567dff879ae1eb/detection 69.171.248.112:5557 8701.viewdns.net # Reference: https://twitter.com/ScumBots/status/1251156576615849985 # Reference: https://www.virustotal.com/gui/file/419fa3facde23e4b18afe0c7f7198844f3ee9e28da6e39f2e2e9e60c41e83570/detection 193.161.193.99:63374 # Reference: https://www.virustotal.com/gui/file/9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422/detection 192.169.69.25:6606 192.169.69.25:7707 192.169.69.25:8808 number2.duckdns.org # Reference: https://www.virustotal.com/gui/file/aff7d626d09099f6aaf329f1b2e0623a378b45fdf4536ad83e63efc87e7e0865/detection 124.50.195.153:5050 kkk1046.kro.kr # Reference: https://twitter.com/ScumBots/status/1251180572711550983 103.18.14.217:1337 dedsee2c.accesscam.org # Reference: https://www.virustotal.com/gui/file/923092b6cec8aaa0cd11fefa625ed17f98702edac91c3a52beaf7e54f6e5f784/detection 13.235.76.244:1337 # Reference: https://www.virustotal.com/gui/file/582fb62f0d92afaee2dc79108622667cc62d298cafbde3d1e2ec1738c977f4a6/detection nohostname.ddns.net # Reference: https://twitter.com/ScumBots/status/1251180991995088900 103.244.74.228:46839 # Reference: https://www.virustotal.com/gui/file/36b272fbada18f510fa34a479fa391131797f13218f6756c52825d9e7711be6e/detection 41.103.199.216:1337 # Reference: https://www.virustotal.com/gui/file/850bcc510ee39c6d6dde91f041bcb276b74a8101c84279a35c0a3570a4e6440d/detection poiuytrewq3341.ddns.net # Reference: https://twitter.com/ScumBots/status/1251181425933647877 dqrkodz34.ddns.net # Reference: https://twitter.com/ScumBots/status/1251181595635126274 jess19991102.ddns.net # Reference: https://www.virustotal.com/gui/file/d4a629944bf1e03d43a04b530f9606d8315b84e847c83042427224011f3067ba/detection 193.161.193.99:36811 hussaryn-36811.portmap.host # Reference: https://www.virustotal.com/gui/file/c338d425a1293b82ac13c856c43d588ce0053b27349620b7353273a42a04d845/detection jess19991102ddns.com jess19991102.ddns.com # Reference: https://www.virustotal.com/gui/file/0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e/detection 204.14.73.154:8080 bomi.duckdns.org # Reference: https://twitter.com/ScumBots/status/1251182632517410817 salsamania.ddns.net # Reference: https://twitter.com/ScumBots/status/1251183213747277826 googledrive.dynu.net googledrive.linkpc.net # Reference: https://www.virustotal.com/gui/file/f71eaaf23ecba6aafc314f3d42badafb4430b1be62a1ba325c592b258b8f1319/detection 213.152.162.84:9040 # Reference: https://www.virustotal.com/gui/file/ee1e5a4ee19c1b613aaa82b48e313c6e3eeb5874d7593809c2207037254a57cc/detection fertun-29801.portmap.host # Reference: https://www.virustotal.com/gui/file/2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f/detection 176.232.239.198:5060 denemeiso1.duckdns.org # Reference: https://www.virustotal.com/gui/file/a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0/detection 13.235.23.234:1337 # Reference: https://www.virustotal.com/gui/file/e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12/detection noregisterdomain.zapto.org # Reference: https://twitter.com/ScumBots/status/1251185289055350784 87.14.96.105:1303 emmek.crabdance.com # Reference: https://www.virustotal.com/gui/file/b76b157a8d6ccfd5cc7ea8eed54af4d0aab9e97f8d641f886617252d9acc48bc/detection 41.100.199.86:5555 clayroot2016.duckdns.org # Reference: https://twitter.com/ScumBots/status/1251185716111069184 am164.kro.kr # Reference: https://www.virustotal.com/gui/file/f25f43f5cea51647e82413accd831b93fe8c2b7f072fc1468cd1d13bf08224ec/detection 136.243.31.186:1608 # Reference: https://www.virustotal.com/gui/file/1298f1fd280d2768e2a5e3f1089ec3ad18e17cade3fbeb78be864d9c3caff337/detection 173.238.140.238:6606 173.238.140.238:7707 173.238.140.238:8808 bshades.ddns.net dark-comet.ddns.net # Reference: https://www.virustotal.com/gui/file/47979eca9030c7f8de4c86c048e17efa02f66c6aed8a52c24dbd4bd7b0692b88/detection 75.80.221.198:1604 # Reference: https://www.virustotal.com/gui/file/5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47/detection sam144169-56334.portmap.io webforma.chickenkiller.com webdata.ddns.net # Reference: https://www.virustotal.com/gui/file/610a58f5e46ffe61093dad4ef8528df34894d29347a1eec0224a87bba7864b8f/detection 46.237.79.53:8080 rat24695.ddns.net # Reference: https://www.virustotal.com/gui/file/5b18ab7442af71b0ba9293b200fa26961e6de7b98d51456644aa58d307dc0e1f/detection 154.16.248.14:3230 # Reference: https://twitter.com/ScumBots/status/1251187877255528448 112.149.90.49:5050 hyungwoo.kro.kr # Reference: https://www.virustotal.com/gui/file/03a58d54e04d346d4d06637a40834795431147472e07c815a0fee27475bcc970/detection a24369093123.ddns.net # Reference: https://twitter.com/ScumBots/status/1251188552500723712 40.114.49.176:4040 # Reference: https://www.virustotal.com/gui/file/b796ac10d1f3133ca6b77141e50e414f1fc704299884d0b0fb676ab0db7fed89/detection yesweekend12.ddns.net # Reference: https://twitter.com/ScumBots/status/1251189068190318593 213.152.162.84:9040 # Reference: https://twitter.com/ScumBots/status/1251189153976516610 unregisteredhost.dynu.net # Reference: https://www.virustotal.com/gui/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/detection 23.249.168.43:9090 ccmorgan.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0eb9cb0a88f2e88881e06ce961c2da388475c1b595f2669c57e0cf1b5eb7677/detection 41.143.216.51:1738 asco.dynu.net # Reference: https://www.virustotal.com/gui/file/44e550a4dbdc40e1cacca65b7e516618558c0d2114b3641cda6ddd69190ed8b9/detection 141.255.155.90:9023 nonamehost1.zapto.org # Reference: https://twitter.com/ScumBots/status/1251189930300227584 anonauth.ddns.net # Reference: https://twitter.com/ScumBots/status/1251191403851505665 216.246.49.165:6606 216.246.49.165:7707 216.246.49.165:8808 # Reference: https://twitter.com/ScumBots/status/1251191570986082305 82.84.85.59:1608 # Reference: https://twitter.com/ScumBots/status/1251191655589445635 62.108.37.42:6606 62.108.37.42:7707 62.108.37.42:8808 # Reference: https://twitter.com/ScumBots/status/1251192193597014016 84.51.52.166:6606 84.51.52.166:7707 84.51.52.166:8808 kingspy.duia.eu kingspy.noip.pl # Reference: https://twitter.com/ScumBots/status/1251858682108956672 61.69.131.134:1604 yilmazkocakau.ddns.net # Reference: https://twitter.com/ScumBots/status/1251915307536580608 141.255.146.238:6606 141.255.146.238:7707 141.255.146.238:8808 alltricks.hopto.org # Reference: https://www.virustotal.com/gui/file/cd61eefce1bda8e8fd7d6f38bb9e6d70b4f1d90efb039a1346d890eeedbd63ef/detection # Reference: https://www.virustotal.com/gui/file/ae089f74371ab598c6cf00e6debbb9d70c091d90641c406b4aa4c88e3fa81c25/detection 41.42.6.83:6606 41.42.6.83:7707 41.42.6.83:8808 81031.ddns.net # Reference: https://www.virustotal.com/gui/file/5185c0e1245a6ef3f2e38459095098a085e1b3f0fb75c7aa657df068be3334dc/detection 41.35.15.87:6606 41.35.15.87:7707 41.35.15.87:8808 # Reference: https://www.virustotal.com/gui/file/31846d250a4f71ff4d5348ba0417584e560f6a93a949bba415a9efd261a41e17/detection 77.78.103.70:222 qwerty123123123.hopto.org # Reference: https://twitter.com/Racco42/status/1255493982420942856 # Reference: https://app.any.run/tasks/9e6d5087-6d1d-44b5-9ac4-349e14df5eb9/ 62.102.148.158:62727 panda45.duckdns.org # Reference: https://bazaar.abuse.ch/sample/5be39967ba90f3766fa81f354a61102a7ddf6bc19ec282e56727abb6dafb973c/ 185.244.29.175:7071 # Reference: https://www.virustotal.com/gui/file/3e9fc29f4f0edfaebea7d78f2de99dc5dfdcd440fc8afc2fc8be0d9a6e10466e/detection 188.52.75.171:5558 # Reference: https://www.virustotal.com/gui/file/646bd5449aa3c3d5d029daeb30efbb49c68209ec434f4216593952d1310343ab/detection 80.200.143.32:5353 # Reference: https://www.virustotal.com/gui/file/f6270d604a6e859c46733c14315da1dc07d7c50eea5cefd427e915c7c726cd24/detection 191.250.107.152:6606 191.250.107.152:7707 191.250.107.152:8808 pointblankbrasil.duckdns.org # Reference: https://www.virustotal.com/gui/file/ffb897728bb3cdaf183b6346255551615e9de81c4178a74cfdf92c8a03dc11c1/detection 91.109.188.2:1010 # Reference: https://www.virustotal.com/gui/file/9a512140b526841ae759063ba36e46b1812c105d9cc94f8dfe11ff69f3cbb336/detection 51.39.198.26:6606 51.39.198.26:7707 51.39.198.26:8808 # Reference: https://twitter.com/ScumBots/status/1257439484339277831 141.255.158.227:6606 141.255.158.227:7707 141.255.158.227:8808 jnhacker.con-ip.com # Reference: https://www.virustotal.com/gui/file/8e0bde81c9e355be99d2fd2a8cd0a1ff088ccb9e4d846323a07c20948e385497/detection 42.116.41.65:3979 kingspy.ddns.net # Reference: https://twitter.com/ScumBots/status/1257437270765953025 191.250.107.152:6606 191.250.107.152:7707 191.250.107.152:8808 mydnshome.ddns.net # Reference: https://www.virustotal.com/gui/file/78f70e9f02eb5434bb36715f107a092a695b060a3e4dba41e6d6213813d6f6e3/detection 86.7.195.44:7777 nfrurqcjthnjznd.ddns.net # Reference: https://twitter.com/ScumBots/status/1257468146027503618 93.22.123.135:6606 93.22.123.135:7707 93.22.123.135:8808 backdoor.mcrage.me # Reference: https://twitter.com/ScumBots/status/1257751258787700743 # Reference: https://www.virustotal.com/gui/file/046b3e5c4418660a9eed9ffc4e9769df9e133eb96b40e2585eec87cf202d9b0b/detection 41.109.165.237:3000 cappa.myq-see.com # Reference: https://www.virustotal.com/gui/file/509607c23436a0d4ef33b21734a19aa129fbcd63bad4cb2965f06fc3f32c2554/detection 41.105.203.238:3000 # Reference: https://app.any.run/tasks/4c0659cd-b563-45a9-93ca-77b82e795fba/ 193.161.193.99:56769 unity123-56769.portmap.host # Reference: https://app.any.run/tasks/bca9407f-6879-4ca7-9dc9-c5c7d9472e38/ 193.161.193.99:7112 193.161.193.99:45885 reality-45885.portmap.host # Reference: https://twitter.com/ScumBots/status/1257955102553448451 # Reference: https://www.virustotal.com/gui/file/5d5d00143b5f578c0293a7cd806009ecd8da5b30d713ebdfb4fcfb83b85e31c1/detection 108.168.118.205:4782 havingfun.chickenkiller.com # Reference: https://twitter.com/ScumBots/status/1258452953662439429 103.74.18.65:8899 103.74.18.65:9090 webdata.ddns.net poda.duckdns.org poda.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/e2dd6989c2d9bd1038f5c6e741f4cdfa9b4584739fabf98db244f7763607178f/detection asyncrat.ddns.net # Reference: https://bazaar.abuse.ch/sample/43264fd31d2b8ce6104a5daf7cf933d315e21e2a968998591361c13fbc365baf/ 194.5.97.223:6204 # Reference: https://www.virustotal.com/gui/file/b611859ca933afe409d9c00d3c75fb42a4049ccee735afd2123e566bbf066c29/detection 185.140.53.43:4444 lagba10.ddns.net # Reference: https://www.virustotal.com/gui/file/34e20c34bb369fb81054fe19e90916e62251720cca8b961942f9ebbcb669919a/detection 193.161.193.99:25270 hiddensick-25270.portmap.io # Reference: https://app.any.run/tasks/88548d77-fbc2-421d-be4b-2da16bd0b5f3/ 193.161.193.99:34785 Slxthy23rf-34785.portmap.io # Reference: https://twitter.com/ScumBots/status/1261669580067549186 5.9.221.55:6606 5.9.221.55:7707 5.9.221.55:8808 # Reference: https://www.virustotal.com/gui/file/32501c0b743c1a550d9f4a24c73a6e58cb7e7a24919cdea9e85bd7d417273806/detection 220.120.90.123:6060 am164.kro.kr # Reference: https://twitter.com/ScumBots/status/1262284883466096640 115.23.99.222:2256 dokdo2256.p-e.kr # Reference: https://twitter.com/ScumBots/status/1262417002142085121 79.134.225.101:5552 # Reference: https://twitter.com/ScumBots/status/1262647276843028480 59.26.17.108:1212 obidori.kro.kr # Reference: https://www.virustotal.com/gui/file/31f8ef6bce5d3c220c3fb531b699dc5026b343bd0e76f3dd9fc9359dc86936d0/detection 115.23.99.222:2256 dokdo2256.p-e.kr # Reference: https://twitter.com/ScumBots/status/1263461921547747329 128.199.41.159:2001 # Reference: https://twitter.com/ScumBots/status/1263674037227659264 61.81.92.38:1212 test9909.p-e.kr # Reference: https://twitter.com/JayTHL/status/1263709348422967296 123.240.25.197:1604 asdf3341.ddns.net # Reference: https://twitter.com/ScumBots/status/1266652411889926146 # Reference: https://www.virustotal.com/gui/file/298587d8c8a376568ed09d332f329f3a4282e96e905f4569fbf24223ed10e491/detection 77.162.55.86:6606 77.162.55.86:7707 77.162.55.86:8808 monsternetwork01.ddns.net # Reference: https://twitter.com/ScumBots/status/1268143488413118464 193.218.39.43:8686 # Reference: https://twitter.com/ScumBots/status/1268532368790491137 188.250.211.240:3715 diass.duckdns.org # Reference: https://twitter.com/ScumBots/status/1269007937349058560 193.161.193.99:21292 allan4053883-60334.portmap.io # Reference: https://twitter.com/ScumBots/status/1269358998307983361 64.225.66.117:1331 64.225.66.117:1332 kr142.duckdns.org # Reference: https://www.virustotal.com/gui/file/86636201a899e360ad6fae1b71304c625ed6395ddf99e6b09906617da53ee93b/detection 91.193.75.208:3000 # Reference: https://www.virustotal.com/gui/file/8228d1299256a23377e57d575160dbd58f9ac46598c5c90b321743e366f3d09a/detection 173.225.115.144:6606 173.225.115.144:7707 173.225.115.144:8808 # Reference: https://twitter.com/ScumBots/status/1269910131933921281 42.119.15.63:3189 kingspy1301.ddns.net # Reference: https://www.virustotal.com/gui/file/d2d1030a5a122043c7a99b3f2c1b1d456be205033ed1327a0b4780f723a5e362/detection 42.117.191.69:8386 # Reference: https://app.any.run/tasks/5b5cba25-c74c-4c2c-80c5-c2f2c9156e6c/ 128.74.42.86:6606 128.74.42.86:7707 128.74.42.86:8808 logan1h.ddns.net # Reference: https://www.virustotal.com/gui/file/b8ff21e26e0da11d7146dd250b71206c698275e312bff612b38380e38385a4c7/detection 193.161.193.99:42300 193.161.193.99:6606 193.161.193.99:7707 193.161.193.99:8808 xaz19og-42300.portmap.io # Reference: https://www.virustotal.com/gui/file/e235e749a792841f78e1fcc8ddfea4d9c31471aaaa3df6928a43a96a8235698e/detection 102.42.76.37:2001 al3bkri13456.ddns.net # Reference: https://www.virustotal.com/gui/file/b891b61de4a7c50a50bffa4fb1394c696c25f80717ed57363f4e1a4a216973bb/detection 94.60.172.123:4500 # Reference: https://app.any.run/tasks/01c6c449-cfe1-4e4a-b34c-3536b67599af/ 193.161.193.99:48736 WindowsDefenderNet-48736.portmap.io # Reference: https://app.any.run/tasks/38f351cc-2e3e-4980-9a6d-4ceb645e4cbb/ 195.2.93.77:8808 servesvpn.duckdns.org # Reference: https://twitter.com/ScumBots/status/1270744376042553345 # Reference: https://www.virustotal.com/gui/file/4e8ca2787e65b0edaa21180883b642d7b3b7f85140ab7fc03d09c30da124dc5b/detection 193.161.193.99:1337 193.161.193.99:52390 sdsd33-43977.portmap.host # Reference: https://www.virustotal.com/gui/file/ae84c5af88241d3bb2e75160c53c6cdaee23555e0a83f0b9b5f218fe525c67b0/detection 82.205.2.127:6606 82.205.2.127:7707 82.205.2.127:8808 googlexfx.ddns.net # Reference: https://twitter.com/ScumBots/status/1271484250349547521 109.247.81.119:23818 # Reference: https://twitter.com/ScumBots/status/1271514445739634689 105.108.81.5:333 b34.duckdns.org # Reference: https://www.virustotal.com/gui/file/b1421de897b9903d393051f42730ac0fc7c19a3115f7b2fb019f2f7edd28e2af/detection 185.140.53.247:4723 sukasa.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/3af55f9bb1a968506ea79b9f24d4a61f99d07e652af05bc5c557f13c19343a03/detection 18.197.239.5:10611 18.197.239.5:25565 # Reference: https://www.virustotal.com/gui/file/3f240073edad176ed8dc359ec2420361d67368ed7859bece7b94180c9deba172/detection 18.197.239.5:11328 # Reference: https://twitter.com/ScumBots/status/1272224126346964993 89.182.127.205:9955 fifa2020-ps4.ddns.net # Reference: https://www.virustotal.com/gui/file/6313e287489f083c691693a5582888ea7ab7e3d03c81612012dec332d27c66e2/detection 185.140.53.11:2079 185.140.53.11:6606 185.140.53.11:7707 185.140.53.11:8808 212.225.226.30:6606 212.225.226.30:7707 212.225.226.30:8808 bazilspain.dynu.net # Reference: https://www.virustotal.com/gui/file/67cd0179d490d478ba231ee4719aa7e1427045de0067a24a0adc91f33fdcac3d/detection 212.225.226.30:2079 # Reference: https://www.virustotal.com/gui/file/621b16461f4c6844bb3438e8cc872ae6d81414bd2e60cc097e2af348697fd088/detection 39.108.140.215:60006 39.108.140.215:9999 2ee51a1ab0951a62.natapp.cc # Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/ 84.38.134.21:6606 84.38.134.21:7707 84.38.134.21:8808 # Reference: https://twitter.com/ScumBots/status/1273960570220404739 193.161.193.99:62895 # Reference: https://twitter.com/ScumBots/status/1274107785345712132 45.74.26.57:5326 # Reference: https://twitter.com/ScumBots/status/1274213483081596929 43.251.103.150:8848 # Reference: https://twitter.com/ScumBots/status/1274349378992582657 193.218.118.190:6666 # Reference: https://twitter.com/ScumBots/status/1274432429110034432 45.138.157.147:1111 # Reference: https://www.virustotal.com/gui/file/f83df0f45665f9f5d7d1e888cf778bb4440850503e24821bb0d976e86a5e87e8/detection 77.30.137.105:6606 77.30.137.105:7707 77.30.137.105:8808 # Reference: https://www.virustotal.com/gui/file/7528e56efe65fa4b61c7f7156e8d178473051f88d1dc1174378867bdef381f05/detection 202.79.168.134:3399 # Reference: https://twitter.com/ScumBots/status/1274753289091874818 95.70.134.40:8565 # Reference: https://twitter.com/ScumBots/status/1275421447985430529 14.249.183.252:5555 1593572468.ddns.net # Reference: https://twitter.com/ScumBots/status/1276036748053745669 8.210.144.63:6688 # Reference: https://twitter.com/ScumBots/status/1277490072456171520 117.3.216.38:3589 spy9999.ddns.net # Reference: https://app.any.run/tasks/ca2adff9-796b-45c0-b901-6542eb02857f/ xSkewber-24412.portmap.host # Reference: https://app.any.run/tasks/86f951e0-a325-4f4d-9d00-dcc9f1a58754/ steamguard1337.myddns.me # Reference: https://twitter.com/ScumBots/status/1278645187594551296 67.211.213.207:8080 67.211.213.207:9090 # Reference: https://www.virustotal.com/gui/file/1f6ea95aa6e7d84c2db2f180e6964449d9fe0b8112b9661889b5b200120b5cb9/detection 213.152.161.239:9980 bien.airdns.org # Reference: https://twitter.com/ScumBots/status/1278879232505110529 # Reference: https://www.virustotal.com/gui/file/ab5f8fc012927d2a8f6f9e45891da8111e1de9adddd57969540ce7a39697a5e3/detection 105.154.111.193:1596 105.154.111.193:2695 105.154.111.193:4562 dellpower.theworkpc.com # Reference: https://twitter.com/ScumBots/status/1278301761690894337 45.61.136.48:6606 45.61.136.48:7707 45.61.136.48:8808 # Reference: https://twitter.com/ScumBots/status/1279766327733952512 154.209.74.134:3399 # Reference: https://www.virustotal.com/gui/file/dbb7d9edbc04874b351fe0277d7ec7ccb41023f17e87e18da28dc267b2878ebb/detection 114.129.198.91:6606 114.129.198.91:7707 114.129.198.91:8808 # Reference: https://www.virustotal.com/gui/file/afede1c861d5026ace0d1864ab10214cbbe9e46f2299f401ac2589f924fd4a28/detection vksaodyd.kro.kr # Reference: https://twitter.com/ScumBots/status/1281038456521740289 23.105.171.85:35247 # Reference: https://twitter.com/ScumBots/status/1281283822118723585 # Reference: https://www.virustotal.com/gui/file/6e8ae7b434f014a40003c7b24984bdb3751515c7ab4edd36af33b02881d9d82d/detection 186.233.178.201:6606 186.233.178.201:7707 186.233.178.201:8808 duckjigsaw.duckdns.org # Reference: https://twitter.com/hexfati/status/1281490222618939392 julian.linkpc.net # Reference: https://twitter.com/ScumBots/status/1281570951919013888 193.161.193.99:1437 # Reference: https://twitter.com/ScumBots/status/1281570862492274691 193.161.193.99:28472 Pomm2paingg-28472.portmap.host # Reference: https://twitter.com/abuse_ch/status/1281641153524375553 # Reference: https://bazaar.abuse.ch/sample/3f28fd2c56f0bb9501f62fa64c71f6475d7cca2ee1908e097febdfc5516358ed/ 194.5.98.8:8824 # Reference: https://www.virustotal.com/gui/file/b3a4d10421309deb064c7c31d143b704471d2dc60a6b15a14402d2d069daa3e8/detection 193.161.193.99:24207 portababy-24207.portmap.host # Reference: https://www.virustotal.com/gui/file/cf302c3f21b10392c776e72d3b13e5065b1b6f503a3b63ffb343d13c1d83a6dd/detection 84.210.40.80:5552 krypticon9332.duckdns.org # Reference: https://app.any.run/tasks/eec7d68b-fa8f-4654-9544-2b59b27dc6be/ 206.123.129.103:5456 # Reference: https://twitter.com/ScumBots/status/1283031589962878980 193.161.193.99:38891 193.161.193.99:4443 # Reference: https://www.virustotal.com/gui/file/2de91b424589709529fb7f6dd861ee8fe089e2ac0927971d2242362e09c29502/detection 176.205.153.139:9476 # Reference: https://www.virustotal.com/gui/file/ba42409b340eba51a84a63ef57b8944d952ca927a4889948e069f8fc2352b727/detection 118.68.139.26:3189 # Reference: https://twitter.com/ScumBots/status/1283424178268405760 185.140.53.68:1515 mavennezeliora.ddns.net # Reference: https://twitter.com/ScumBots/status/1284137629882159104 174.0.47.124:8574 lowkeyjust.ddns.net # Reference: https://twitter.com/ScumBots/status/1284303722840035330 193.161.193.99:4040 193.161.193.99:41801 Crowlinqs-41801.portmap.io # Reference: https://www.virustotal.com/gui/file/9fae837fb9b2e3389ac912a88518a953bfd2e78b39daf89191187ae9b520dea8/detection 110.141.6.190:6606 110.141.6.190:7707 110.141.6.190:8808 110.141.6.190:3389 server1738.ddns.net # Reference: https://www.virustotal.com/gui/file/8b003d7f7d72eba439d095c2321003840b05e80099fabdd29fce757db0f57043/detection 185.140.53.76:1604 blanco.linkpc.net # Reference: https://www.virustotal.com/gui/file/0948d7d120fa3bfd8eb53b747e9ea08c6703f231663671441edec451b6d72586/detection 27.70.237.210:6606 27.70.237.210:7707 27.70.237.210:8808 27.70.237.210:8888 nohop1998.ddns.net # Reference: https://www.virustotal.com/gui/file/fdc7c7b4a95ee6a1df9b61e24097e0e0d9b5fb967e0430ddfc092aeeaadc1f3c/detection 193.161.193.99:29353 vuadaubepz15-29353.portmap.host # Reference: https://www.virustotal.com/gui/file/cb2eaf3e9c009c32591913cd555aa2c51eff9bb7ab0a656bd059d5ddadab82ee/detection 118.217.154.223:6606 118.217.154.223:7707 118.217.154.223:8808 mact194.kro.kr # Reference: https://twitter.com/ScumBots/status/1284798238680387585 161.35.56.21:7001 # Reference: https://twitter.com/ScumBots/status/1284892597912313857 206.189.76.209:5252 # Reference: https://twitter.com/ScumBots/status/1284896544760762368 24.254.43.171:6606 24.254.43.171:7707 24.254.43.171:8808 # Reference: https://twitter.com/ScumBots/status/1285047538941394944 14.5.119.153:6606 14.5.119.153:7707 14.5.119.153:8808 # Reference: https://www.virustotal.com/gui/file/955bd3f4c3f39ae1e20ef7bb1b83adf6dd4ac55110cffc79a5843e7c06641a6b/detection 156.206.124.24:1025 erksene.dynu.net # Reference: https://www.virustotal.com/gui/file/b724abcdfe906318472e2c9dcc1e8bd211b10e881c689a600782d0462916701d/detection 216.170.126.139:4660 # Reference: https://www.virustotal.com/gui/file/2622f9874b537293700a77646a386b3c708e257f00e218cd72baf10aed32456a/detection 193.161.193.99:5556 anonissou.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0634bf7e0d376d34450c4752cdd0945aba11ba2b316e64d3bc9d57c6980f189/detection 220.122.40.142:8080 criticalvip.kro.kr # Reference: https://www.virustotal.com/gui/file/bfdfe76cd0b61105c6bbea1952de0380012c3decbfc51ad263e00564cdea1983/detection 182.221.160.164:8080 zcx.kro.kr # Reference: https://www.virustotal.com/gui/file/e14d03068fdc83cd2a6b16bf40553f78d39e0a6478af3f329e69f6cca0df919b/detection 185.222.57.150:3450 # Reference: https://www.virustotal.com/gui/file/b724d53c26514502a8dc138a9a9b5c48b2f699e43a29060ff68bdfd857ce3caf/detection 121.137.39.53:8080 # Reference: https://www.virustotal.com/gui/file/99e489abde6b13f45c6cfababe1b9e46cf8692b12134b015096a323402c71259/detection 121.137.39.53:6606 121.137.39.53:7707 121.137.39.53:8808 # Reference: https://www.virustotal.com/gui/file/7b5dd184f138daf820509d1240dc7b00938d555ba1e9eebe5000d0e8ff2d3889/detection 121.137.39.53:5050 # Reference: https://www.virustotal.com/gui/file/2e04efdd2de2a1be9a27be389987fed425a3ee6826f69180db9093c5383e4833/detection 209.200.39.2:4040 209.200.39.2:7070 209.200.39.2:8080 # Reference: https://www.virustotal.com/gui/file/34b6843018283be543557947fea752642b68d5e72c412a0ab3bdd28ea1c498f9/detection 193.161.193.99:45680 youcefmadskull-45680.portmap.host # Reference: https://www.virustotal.com/gui/file/3377c9208f9f7427e2d5134f7009a5427637432c49797fbd7d83925a5ea954cd/detection 193.161.193.99:1236 193.161.193.99:61574 hackthisishack-61574.portmap.host # Reference: https://www.virustotal.com/gui/file/0427b7e094b0ced7de6ecc37aa5d5ff6de9b13785b068e8480bf62ed2fdac0e3/detection 95.120.211.220:4665 holocmsv2.zapto.org # Reference: https://www.virustotal.com/gui/file/4abdc1b37c11f32707551f7a3479462a68c043e08a84f93b36ad308bfc8e4624/detection 54.95.64.241:1521 # Reference: https://app.any.run/tasks/5092ca08-de2c-4fea-a24c-98a224b251e7/ 185.140.53.11:9845 # Reference: https://app.any.run/tasks/7e29c9db-d891-425e-a793-badabc8fe75c/ 79.134.225.83:4783 superkicka.org # Reference: https://www.virustotal.com/gui/file/2faf5255c368288325aac011cd2066c6942ea0b755718490363fdb6606dec40f/detection 188.151.38.115:1717 schost.duckdns.org # Reference: https://app.any.run/tasks/01eae1cf-71f1-4732-86d6-321117b8382c/ 64.20.43.83:3123 advisorgoetia-dns.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1288860715143573505 # Reference: https://bazaar.abuse.ch/sample/54d46ffbefae7f6025765c0c274f7f87714e5467da8926967efb01025693bb8e/ 177.255.91.168:49737 177.255.91.168:8057 gfsgvbxcv.duckdns.org # Reference: https://www.virustotal.com/gui/file/30232515c14a00a60978fc801bff8ec6db9c540f88cf6ec8851512e892917719/detection 84.210.40.80:5555 # Reference: https://www.virustotal.com/gui/file/cda5b8bf4e397c606b20ebf098253dc1456f28cc3aeec5ec7a1332afb33bc5b4/detection 185.122.168.250:6606 185.122.168.250:7707 185.122.168.250:8808 # Reference: https://www.virustotal.com/gui/file/97bf01ea73fc39e6dc829aa7a0c45762526c86b7d348ec19f6e3b2897775a6e9/detection holocms.duckdns.org # Reference: https://www.virustotal.com/gui/file/5d6500005736439ccf00e8136c00a351bd7c69fb33fb9485a1be9908187a66da/detection holocmsv2.zapto.org # Reference: https://www.virustotal.com/gui/file/c1877080b35ea82105c4a242cc49c832cc2f7207e672712cc8d364d2b005cf81/detection 193.161.193.99:34540 # Reference: https://www.virustotal.com/gui/file/b174722176293ad63a56287567655d408293addcbd6e248fbd058816667d3cde/detection 176.168.187.199:6606 176.168.187.199:7707 176.168.187.199:8808 lolo0909.ddns.net # Reference: https://www.virustotal.com/gui/file/d7ec327d2a382d2035818a0376fd27bf68dab2d89a7f4e04b04babaef977b16a/detection 120.78.86.213:5917 120.78.86.213:5925 120.78.86.213:5936 120.78.86.213:5944 120.78.86.213:5951 # Reference: https://www.virustotal.com/gui/file/8ca05cad682799f231e0a0fb670a2a04fb6f361f801c884f62a607b26ccc25f4/detection 192.227.158.120:4770 # Reference: https://www.virustotal.com/gui/file/2485169398a574f4b8c68b612c29715f43ecd5a00d61a42def399034ed389517/detection 193.161.193.99:39075 zufair.duckdns.org # Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection 185.244.30.27:3381 # Reference: https://www.virustotal.com/gui/file/d7ec3ec2ac8cb6d1f2898f2d7eb02850e34fc088f71e3ef82e966d10dbfc203b/detection pensive-pond-55232.pktriot.net # Reference: https://www.virustotal.com/gui/file/bb1223e5556adf3f9cb6976fefe3c51af74baacb5c159fe34a03e49ffd43aa39/detection 161.97.82.232:4141 # Reference: https://twitter.com/ScumBots/status/1291947998524706816 # Reference: https://www.virustotal.com/gui/file/3a81c9e1bfe70ae9506eef64194e9b6b8a49a7c2f64fa427ed31d0a9444a785e/detection 121.214.208.2:1111 121.214.208.2:2222 121.214.208.2:30 121.214.208.2:6606 121.214.208.2:7707 121.214.208.2:8808 sirenhead.ddns.net # Reference: https://www.virustotal.com/gui/file/4df01904a9abf7085fc4aafc372c7614cb7077c7350446188ceafc98001fb5b1/detection # Reference: https://www.virustotal.com/gui/file/90e9abb1b28a06edc6ae7a174b6468cfdfc91dcc29cd27be8fcd10d3c746f26e/detection # Reference: https://www.virustotal.com/gui/file/a71149ae63fc78968c81e659eb4dba652ffd3ea8d2a1c58bb631b7fbbaae8e43/detection # Reference: https://www.virustotal.com/gui/file/4e022a47ae07545c1a28418a9beb0f6d360144ec8087bc0bd2ac0f086bea9ddd/detection # Reference: https://www.virustotal.com/gui/file/71922e073726160d1bec9230d8b87eace72792499ddf4c731047a446b6876ee6/detection 185.140.53.54:4923 185.165.153.186:4923 77.74.194.214:4923 79.134.225.96:4923 79.134.225.103:4923 91.193.75.69:4923 bambooo.dynu.net # Reference: https://www.virustotal.com/gui/file/f4cecaa360ee6ab479cbf9b99c15b45ba7e9f548b7e368063a0c9f686fbc2630/detection 212.251.116.161:1604 212.251.116.161:6606 212.251.116.161:7707 212.251.116.161:8808 62.1.59.224:1604 62.1.59.224:6606 62.1.59.224:7707 62.1.59.224:8808 # Reference: https://www.virustotal.com/gui/file/889e35bc6ff36524dd0df82fbcf8a8015fd3c95d94b00c0875e9bb239eb12e28/detection 91.193.75.146:4780 # Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection 185.244.30.27:3381 # Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection 193.161.193.99:54030 Zmining-54030.portmap.host # Reference: https://www.virustotal.com/gui/file/43f97c03faf5199c8ebc7c49c076e45ed95fdf3edc26b4859fdbd705be21dd1e/detection 172.94.42.34:1043 dnsnuev009.duckdns.org # Reference: https://www.virustotal.com/gui/file/8f40ea9560e30c37b6ab4a3d6501b7cbf3898c20d1ecc31e2b7fe360449c0b33/detection 8.210.158.0:6606 8.210.158.0:7707 8.210.158.0:8808 # Reference: https://www.virustotal.com/gui/file/1dfb088dd661a1ab2025603696ced23a04e00c837590ad881a49a24768e09de4/detection 172.94.28.17:2021 tusnalguitas.duckdns.org # Reference: https://www.virustotal.com/gui/file/28dc802c58e106829fa716e2b4b0a1834967709075076bdbf0aec64f5e124f62/detection 172.94.42.34:5623 nikiko.duckdns.org # Reference: https://www.virustotal.com/gui/file/3183e83479da8d8ef421e91538fb85085229673f4bd2f13d3de7c8be2fc96c1e/detection 5.152.206.196:6600 # Reference: https://www.virustotal.com/gui/file/ad8b72167b5dd6b0bcba0a0685ec2addf744bc6da79c70476dd7d138cec764a4/detection 34.73.5.116:4444 # Reference: https://www.virustotal.com/gui/file/565054fa53c89061f7a81e18737a2140457316a526b616349e1ae614db363814/detection 109.247.81.119:20000 # Reference: https://www.virustotal.com/gui/file/d78ddc2b6e359f4d23f06437a5ff498c5afde61d925889129a8da056817bef70/detection 177.98.227.24:6606 177.98.227.24:7707 177.98.227.24:8808 # Reference: https://www.virustotal.com/gui/file/8e3c7cd8bb4826e4919aa56481167a1fcf9cb2d0e2c4a9c74ec155523f5d180c/detection # Reference: https://www.virustotal.com/gui/file/9660ae0cf1fe3b7745287ab05d242247334cbf51ba64b900998fb5073bedf890/detection # Reference: https://www.virustotal.com/gui/file/75feac230513a5d543e2f9559068259554200ed7440c44749e7678feb19b470c/detection # Reference: https://www.virustotal.com/gui/file/6c24f8caa4f1f21a9dd8b714066bdfa5e2d8c84ab068d50672ef12b048c4518c/detection # Reference: https://www.virustotal.com/gui/file/02b62fd53cf9ed3c98a70aa7c4ead2b9c8851079517747d8e106873654098651/detection # Reference: https://www.virustotal.com/gui/file/cf234f8fcdab2a576d303c8b0821b7754ec13e1319be9d24d335b351f774b1f3/detection 179.178.236.31:2080 179.183.119.159:2080 179.183.119.159:6606 179.183.119.159:7707 179.183.119.159:8808 187.114.175.149:2080 187.114.178.10:2080 187.114.178.10:6606 187.114.178.10:7707 187.114.178.10:8808 191.250.65.147:2080 191.250.65.147:6606 191.250.65.147:7707 191.250.65.147:8808 191.33.110.91:6606 191.33.110.91:7707 191.33.110.91:8808 # Reference: https://www.virustotal.com/gui/file/2154f0eae29106cd24148ff7a4486eb7467c0d590f7979c6ffb517f4d99d4c37/detection 211.108.200.7:4872 211.108.200.7:4873 0743.hopto.org # Reference: https://www.virustotal.com/gui/file/557ea13e8175753fff89bdfb1ede7e27779f6a55b5ba69ff2ecd7d6e9255ab8a/detection 177.255.91.168:8057 fsdgfd.duckdns.org # Reference: https://www.virustotal.com/gui/file/bdd504540ae6cbfcef701abb424def21007a55d3df5ce5bd03034c4cc66464d6/detection 78.63.71.91:6606 78.63.71.91:7707 78.63.71.91:8808 youtude.ddns.net # Reference: https://www.virustotal.com/gui/file/c8c3c2b6c66710984751b0ec262a618829be47e3c926c3c0c706365d5d0aacd5/detection 103.207.39.83:1024 # Reference: https://www.virustotal.com/gui/file/a93b12c36e78db3c5e27c9a35a23d7f87a3d788adf60f811485890a33c726c7c/detection 90.46.146.196:5552 shadowstest.ddns.net # Reference: https://www.virustotal.com/gui/file/d0ba64c92f0512db66ff99cc87ffced9bebeb3bf15470865c81858f02e3302a6/detection 193.161.193.99:24255 193.161.193.99:42219 iskyze-24255.portmap.host # Reference: https://www.virustotal.com/gui/file/74d10507f05b48357e55b0349a24144874a509980c1e0aabf43f781fdac10fff/detection asdxcvxdfgdnbvrwe.ru marcristosc.ac.ug 194.5.98.95:6970 # Reference: https://www.virustotal.com/gui/file/d288f6645d0f90ddff285c41b2512a1496a8b5b7c34df8bcecda8070314939b6/detection 51.178.240.250:6606 51.178.240.250:7707 51.178.240.250:8808 # Reference: https://www.virustotal.com/gui/file/459fe6ce78839307fd87c192fca2545ed25e89fe63f602356022fd32c8db8aba/detection 179.124.220.225:6606 179.124.220.225:7707 179.124.220.225:8808 # Reference: https://www.virustotal.com/gui/file/65232e1c7aedfd29788abfdf468587c2858822e65cb2fb15169b4261e4be1ed1/detection 123.110.29.249:1604 andy1688.ddns.net # Reference: https://www.virustotal.com/gui/file/305aacda61fb9f14aa1bb5124841ac25b7f23ff254a886a56a3d40bdf5a1a5e4/detection 107.172.221.181:333 107.172.221.181:6606 107.172.221.181:7707 107.172.221.181:8808 # Reference: https://www.virustotal.com/gui/file/310a6b915908dbc78e3d9dd56d06bf0fb3fd11e1c4db826a18611f5e80f9bed3/detection 82.205.33.194:6606 82.205.33.194:7707 82.205.33.194:8808 # Reference: https://www.virustotal.com/gui/file/304663149c45d54a23e0cf65b9775538009a76db474912fff395bedd3e789a01/detection 193.161.193.99:48637 boneless-48637.portmap.host # Reference: https://www.virustotal.com/gui/file/90aaeb0077277b5e45a7cdcbe365ead4781b5a0a5fd755f99ed8a2ec79e5e58c/detection 193.161.193.99:58562 newcosmo-58562.portmap.host # Reference: https://www.virustotal.com/gui/file/de3db6f0d0d8dd22a21731e739dbbacf86b2bc8bc21ea2a0ade9a16581a1ac14/detection 193.161.193.99:31239 ioplololo-31239.portmap.host # Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection 193.161.193.99:54030 zmining-54030.portmap.host # Reference: https://www.virustotal.com/gui/file/9a95c0829cd7766087de65e50b32a3689a91e3ad05a7cc94365ef94d4f685cde/detection 193.161.193.99:37930 pritom-37930.portmap.host # Reference: https://www.virustotal.com/gui/file/441a169e51070282b35537e90edab11e0064e3a0e6c4eab8759773d79cf00ae1/detection 193.161.193.99:2510 193.161.193.99:25360 vasco-25360.portmap.host # Reference: https://www.virustotal.com/gui/file/5c05897f869e9c72390065f8bbeaab7b7fb3f9089f56a68eb7b358a5d12cf968/detection 193.161.193.99:25987 prem131bn-25987.portmap.host # Reference: https://www.virustotal.com/gui/file/4415b9d3c5fc2ceaa6f935864c1d9a573447802f30ec30efd212a8be4fd2a82d/detection 193.161.193.99:54729 ismailbourji-54729.portmap.host # Reference: https://www.virustotal.com/gui/file/b5a85b868ec6932c4577c11ce91e0bfce9ea5ae81b788133fefc640015c3b0bc/detection 193.161.193.99:20760 f2had-20760.portmap.host # Reference: https://www.virustotal.com/gui/file/c381f88012efb8742927995e6f91525c4a1f9b4f3b3a4f25d431e8269842836b/detection 193.161.193.99:25125 hmz04-25125.portmap.host # Reference: https://www.virustotal.com/gui/file/ab10554a3e0ce5270d2c02e884a097e271dae6cbe2e51a70703da7d4e89919bb/detection 193.161.193.99:36161 prodharani-36161.portmap.host # Reference: https://www.virustotal.com/gui/file/af37a83779f91b64f3b03bf0daa2d79bd531a3968141e0dcc2bcee677f4b701e/detection 193.161.193.99:58345 keyman-58345.portmap.host # Reference: https://www.virustotal.com/gui/file/1ee13968473a9b9733efdca8caf07f22d39730a2b2ebf9c2c8d467e6f385d826/detection 193.161.193.99:37695 anonjayy-37695.portmap.host # Reference: https://www.virustotal.com/gui/file/8b4592b2bb2a904be55ab95ff2cb69808b15d819498cccb6ec05b2f5b7b3d63f/detection 193.161.193.99:37692 madman-37692.portmap.host # Reference: https://www.virustotal.com/gui/file/e9db2ade37b84b00334f829395b6af092dda2ae1f559cfbdb772ec15c7a54d94/detection 42.119.90.242:3189 kubeodz92.ddns.net # Reference: https://www.virustotal.com/gui/file/a5d78beef4d80eb7def57f7fd7647d09ec76a16eeedb2a5a3fc6f445526c8f4a/detection 193.161.193.99:20050 pawianek2-20050.portmap.host # Reference: https://www.virustotal.com/gui/file/e28f8760f889ff458aec8aedd2139e44735cb9468d34d175aec42643b90291b5/detection 46.60.22.192:6606 46.60.22.192:7707 46.60.22.192:8808 82.205.33.194:6606 82.205.33.194:7707 82.205.33.194:8808 googledrive.myftp.org # Reference: https://www.virustotal.com/gui/file/08b15d045255c81dcb3e29b70ffcd1a8d614bf99549f079085bfbc54a994d109/detection 42.119.90.242:3189 kubeodz2019.ddns.net # Reference: https://www.virustotal.com/gui/file/5f8ff6fd7b8bbcb8efd6e69b2300be59a059061ed3bd2a2fd63ab6e98cd7cd2c/detection 192.169.69.25:1044 192.169.69.25:20485 193.161.193.99:20485 franktembo-20485.portmap.io samarakandi.duckdns.org # Reference: https://www.virustotal.com/gui/file/f198e0cfa503100d64d15ed39b2516587582587f42afea74ace075b28f663fb4/detection 193.56.29.251:6606 193.56.29.251:7707 193.56.29.251:8808 bogdanxx90900.servemp3.com # Reference: https://www.virustotal.com/gui/file/33d1d991a9bda6bdec91b6be82e7ddc684a8f7400ac8402917ffefa0a5dfd631/detection 121.214.208.2:3000 # Reference: https://www.virustotal.com/gui/file/fc9ee822f9872fd4ca4531d5a91e29adfdc3a4a9e2e8f6e668305fe3bfa9fada/detection 193.161.193.99:41892 oksosokak-41892.portmap.io # Reference: https://www.virustotal.com/gui/file/e021d822f3a44473cd7d12518402469b38d200a27065c7aa757d13a15ae607ee/detection 197.206.218.240:5555 clayroot2016.linkpc.net # Reference: https://www.virustotal.com/gui/file/54d53186682c7277d99c86cea69d45960d2867041477a0d9edae6f08c8e8b52d/detection 186.52.202.235:3040 cortanahost.ddns.net # Reference: https://www.virustotal.com/gui/file/910c9c2a61c8748fe9bd3417eeb284535db3bbc30c6405f102002ecef3d6304b/detection 81.61.77.92:6606 81.61.77.92:7707 81.61.77.92:8808 campestre.hopto.org # Reference: https://www.virustotal.com/gui/file/4f41374a921e33b06bb11f64e72bc02c2f928704ebea63682ec66b85b1349f44/detection 175.37.36.152:6606 175.37.36.152:7707 175.37.36.152:8808 kakejake.ddns.net # Reference: https://www.virustotal.com/gui/file/15753a223aa59f5e2265569080d31e8351d546e6b7316c6660757a39bda94887/detection 121.137.39.232:5050 # Reference: https://www.virustotal.com/gui/file/fa2cbc10aa98e5cfe362065b2c19556c67dc8b7d48871008404f4778e8537f3a/detection 34.66.124.165:5555 # Reference: https://www.virustotal.com/gui/file/851d536bdf21ad02eab1ed632b7ef36fc5734e628c421c9f7c8dcb05d30f4d32/detection 198.251.64.252:6606 198.251.64.252:7707 198.251.64.252:8808 # Reference: https://www.virustotal.com/gui/file/b69e8a276d2c444b502238383ae3611714822c8605f074ef5a0a9a99c69b49a8/detection 79.173.65.159:19638 79.173.65.159:6606 79.173.65.159:7707 79.173.65.159:8808 rootaccountadmin.ddns.net # Reference: https://www.virustotal.com/gui/file/1c02bb46103de9bf189deaf1b8915afa62186f1b0e1b90742b70b58e44962bf9/detection 178.33.93.88:19678 # Reference: https://www.virustotal.com/gui/file/20ef74b6ca8718706ca786c9cd8c9de916df7daf77c81f436ab23b6c50db0487/detection 49.175.99.35:1234 leepipi.kro.kr # Reference: https://www.virustotal.com/gui/file/c811c161d9d0be1c09173a50af290a718729fd9509b63ff953ad4b07e2501657/detection # Reference: https://www.virustotal.com/gui/file/f48d69fb64fe7ae544769ce22a0500e07ac2f945b12bc717b78ca77a7b5a6924/detection 91.168.196.175:6606 91.168.196.175:7707 91.168.196.175:8808 likatn.zapto.org # Reference: https://www.virustotal.com/gui/file/ca17a69a46caf3e05a1cd8bf2f1d6679b55aa6ecf46ee63bf323ee892f88f80e/detection 105.107.4.125:6606 105.107.4.125:7707 105.107.4.125:8808 # Reference: https://www.virustotal.com/gui/file/c7cb970a67b5c370741e139dda48d47433477ab400e51a62a99b7a379a6c0dbc/detection 138.197.189.80:6606 138.197.189.80:7707 138.197.189.80:8808 blackid-35823.portmap.host # Reference: https://app.any.run/tasks/b31c0049-b5de-40a8-9069-8c14e27b738f/ 193.161.193.99:32260 Kupcia-53901.portmap.io # Reference: https://www.virustotal.com/gui/file/81e96984130042d0ee70ae09a7bc9375974d513938e80877720d251330e4b37e/detection 39.122.189.147:1 fsft.p-e.kr # Reference: https://www.virustotal.com/gui/file/1f48d54ad69726c01a7ae1e7ceff7ae6093005be1e100a75968476d72d75cf06/detection 101.179.85.220:1111 101.179.85.220:6606 101.179.85.220:7707 101.179.85.220:8808 # Reference: https://www.virustotal.com/gui/file/dcaf6810871062a1a5a292c8e46667a8b7de908d292513ef1c443929ce8897c5/detection 18.157.68.73:15558 18.157.68.73:16155 18.157.68.73:4444 18.192.93.86:15558 18.192.93.86:16155 18.192.93.86:4444 # Reference: https://www.virustotal.com/gui/file/bbae735df39c1301901ca97c6993f2b6fd7233a0360761eab8b65f2556df4517/detection 145.239.201.157:8443 # Reference: https://www.virustotal.com/gui/file/ee5dbfca30be494b6ad8ac1c18255b6054339de4aba768180a1f32e9921a30ce/detection 193.239.147.16:6606 193.239.147.16:7707 193.239.147.16:8808 # Reference: https://www.virustotal.com/gui/file/ff081035cd38c28b8093f8f0887450407e27a89ee1ff254dd627849bd6334fb5/detection 193.161.193.99:53485 hack567832-53485.portmap.io # Reference: https://www.virustotal.com/gui/file/126a37d9189d9ef7872b74fb13f562bc8601622b6455e01fefd646b463966fa6/detection 193.161.193.99:39400 kepada9494-39400.portmap.io # Reference: https://www.virustotal.com/gui/file/32e6114d2ce3e3c8f778769261cb06eb874b5f38271436d88053c41930f1ce47/detection 202.182.121.93:5050 kny777.kro.kr # Reference: https://www.virustotal.com/gui/file/49510b87db400c9570b85eba6271642d0a157d0c8cd5457171a6564aa73e7795/detection avantgrajgrup.com.tr /ilksan_sorgu.php?tck= # Reference: https://www.virustotal.com/gui/file/7c3eeba909d90095b3ac593ccc111251212ebe3304d5f9725325d81b2e6acd14/detection 13.82.134.169:48166 13.82.134.169:5555 13.82.134.169:6606 13.82.134.169:7707 13.82.134.169:8808 ROCK19870-48166.portmap.io # Reference: https://www.virustotal.com/gui/file/292a0b69dfc9ff8aa030fdbe13e0bc047606177ea3250c597e06dfeec1c92304/detection 194.5.98.100:1337 blackhair.ddnsfree.com # Reference: https://twitter.com/ScumBots/status/1315367256235311105 # Reference: https://www.virustotal.com/gui/file/b07c2fbb1e0470cdbffd9c1147de5cf1763edcc4c5a918ddc63ad49d1ecbc563/detection 45.95.168.116:1333 45.95.168.116:1334 45.95.168.116:1335 45.95.168.116:1337 45.95.168.116:1338 45.95.168.116:1339 # Reference: https://www.virustotal.com/gui/file/a3074419485db4ee08451afe2693184a89c031b3237e0a51b7627eb33eddc342/detection 222.114.199.209:5050 pyeonno.kro.kr # Reference: https://app.any.run/tasks/5bc8c7e8-e45e-4fff-9fc6-7a380e82e03f/ 193.161.193.99:54987 papachullan-54987.portmap.host # Reference: https://www.virustotal.com/gui/file/7e3e36dfb02909a470035b63d7db577f62431689e631fc7e1f21198745ce339d/detection 185.165.153.140:6606 185.165.153.140:7707 185.165.153.140:8808 # Reference: https://www.virustotal.com/gui/file/39eb27e6d13e6a373bb1da0becb487e808ff2d3849d481eb0bd4aa3b6d398cc1/detection 79.145.12.52:1335 79.145.12.52:6606 79.145.12.52:7707 79.145.12.52:8808 # Reference: https://www.virustotal.com/gui/file/913033893ab065b61e551399c91cdd877c134dc7dadacacbc87c3dfd798653a1/detection 91.109.176.2:6606 91.109.176.2:7707 91.109.176.2:8808 mika201.duckdns.org # Reference: https://app.any.run/tasks/407ac320-c34a-4b59-966e-1f8403fe92e5/ 193.161.193.99:28793 saudis-28793.portmap.host # Reference: https://www.virustotal.com/gui/file/708ba499db884070420f378523658870927c31654d03d24cdac303b5d60b0ac4/detection 2.56.62.44:4444 2.56.62.44:6821 2.56.62.44:6606 2.56.62.44:7707 2.56.62.44:8808 fuckmyass.duckdns.org # Reference: https://www.virustotal.com/gui/file/0cd8a5e9deb573fb2fda25cca06453abcd0a42ee7b0de44420973aeff3e0fcbc/detection 185.161.209.16:6606 185.161.209.16:7707 185.161.209.16:8808 bitcoins.giize.com # Reference: https://app.any.run/tasks/ddf3cca3-adcc-4110-976a-b724a6aab722/ ectoraid.ddns.net # Reference: https://www.virustotal.com/gui/file/fcdc5a453e07582d39d35234b39a67bbf958832ac88f0a82d413961482bdbcc0/detection 175.203.53.37:5050 nsr0209.kro.kr # Reference: https://app.any.run/tasks/107f53fe-e988-40c3-9659-bb47c7283615/ 193.161.193.99:60167 elechine-60167.portmap.host # Reference: https://www.virustotal.com/gui/file/5979eee66faff5910c181a7b1af0111d68a0feda3dd974306f8e5c5624af7cdf/detection 51.75.169.41:6606 51.75.169.41:7707 51.75.169.41:8808 # Reference: https://app.any.run/tasks/7468050a-b7fe-4748-b667-6933722a010a/ 193.161.193.99:33504 Scambaiter123ASAS-33504.portmap.host # Reference: https://www.virustotal.com/gui/file/a95000dca55523f7c8a1293563a03693f973fc12f91618deb86ec5aeee353728/detection 151.240.194.206:7777 nethalpop.sytes.net # Reference: https://www.virustotal.com/gui/file/9b9f13a8e3663e2b05e3af0b00abec4bc662b823a7fde9447164b9031bc59fe7/detection 52.156.134.11:4892 jah0seh.duckdns.org # Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662 # Reference: https://www.virustotal.com/gui/file/49f9c9e79441d891f84d5a457fed44897f95f8f691b387fcab2e63ec9a505667/detection 194.5.97.76:2121 # Reference: https://www.virustotal.com/gui/file/0c323c02db0a52d9a1764a74e3cb5a7bcc8e7b9839160179a772de3a6bc8cf26/detection pounds1990.duckdns.org # Reference: https://www.virustotal.com/gui/file/ff734df4d09afad52e931fce898a5497b78081fbca44f091e55a3da4b47c1350/detection 185.140.53.141:2256 freshg.ddns.net # Reference: https://www.virustotal.com/gui/file/0840d78515e4bdaa61b7d285b710361e19d10c31e34a0cfc58e5fae89e118bbb/detection 193.161.193.99:4332 193.161.193.99:57654 # Reference: https://www.virustotal.com/gui/file/4124fa166c07644eb29d7b813889a90795f9f1448f7cae2040a1375006748617/detection 91.109.180.6:6606 91.109.180.6:7707 91.109.180.6:8808 # Reference: https://www.virustotal.com/gui/file/3ba05ff4ea1e849ad3ce6780aadb44af45e48442f058510fcc096e115c853d80/detection 91.109.188.7:6606 91.109.188.7:7707 91.109.188.7:8808 mika202.duckdns.org # Reference: https://www.virustotal.com/gui/file/9cca37bc8df3f2d7d439db0ffb0ed8d4a1c2f88c5c43754bc78b674009b35b05/detection 109.202.107.147:7113 # Reference: https://www.virustotal.com/gui/file/e1a9c9a66a236487973368591a6735b9e14dd6a8c7be77106f63ec5835cebd2c/detection 203.115.24.234:8282 # Reference: https://app.any.run/tasks/0a2ba392-8c95-48d9-b4e6-b192643675c9/ 193.161.193.99:26660 carminebongo-26660.portmap.host # Reference: https://www.virustotal.com/gui/file/6e5fdf8624b69aa1cbda80d760e5a77143aafcf2b54617485023d2c520e7c431/detection 103.207.39.131:6606 103.207.39.131:7707 103.207.39.131:8808 # Reference: https://www.virustotal.com/gui/file/4467e78c9356062cd52d9d9da5dee3329558749d764ef8c72c14977ae65d139e/detection 82.65.39.148:6606 82.65.39.148:7707 82.65.39.148:8808 # Reference: https://app.any.run/tasks/c5ef1463-1168-4ef0-8536-d42d953c919e/ 85.224.37.213:6606 85.224.37.213:7707 85.224.37.213:8808 # Reference: https://www.virustotal.com/gui/file/971226ecd2869473e61804629f46507232584393f74bf7f8cc11c6592e916ffc/detection 128.134.139.235:5050 # Reference: https://www.virustotal.com/gui/file/5052cc68d40a843a8500983cc7e8c84601e5221149f88f1aa135f328e9e1a9b7/detection 93.190.51.64:1234 # Reference: https://twitter.com/wwp96/status/1328325861456699394 # Reference: https://app.any.run/tasks/85c6b9fa-195f-43c2-b480-8dea0a699fb7/ # Reference: https://app.any.run/tasks/d6fa28e7-0425-49c1-a12f-0185af0ed4ab/ 185.239.242.76:6606 185.239.242.76:7707 185.239.242.76:8808 5.230.22.165:6606 5.230.22.165:7707 5.230.22.165:8808 # Reference: https://www.virustotal.com/gui/file/815e7085a1cf084e05f86a972b0d91b4e5555577f8d47528d79d85dcbb45bc4a/detection 79.134.225.99:6606 79.134.225.99:7707 79.134.225.99:8808 # Reference: https://www.virustotal.com/gui/file/17433a45b35d1eab013795ac90856a2349ed97974c05653030279c52a367774d/detection 137.135.73.55:18 137.135.73.55:6606 137.135.73.55:7707 137.135.73.55:8808 cemnasq.duckdns.org # Reference: https://app.any.run/tasks/e7870287-b274-4f3b-9246-e7104d7f9cc3/ 45.144.30.41:6606 45.144.30.41:7707 45.144.30.41:8808 # Reference: https://www.virustotal.com/gui/file/f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9/detection 212.239.144.144:1177 212.239.144.144:6606 212.239.144.144:7707 212.239.144.144:8808 liligharba5.ddns.net # Reference: https://www.virustotal.com/gui/file/1153ff7152d6470ab2893655f2cd50df6a5dc7d0169ea56e5e7f54704b136831/detection 78.161.81.149:1604 78.161.81.149:222 78.161.81.149:6606 78.161.81.149:7707 78.161.81.149:8808 ipmdegismismalcry.duckdns.org # Reference: https://www.virustotal.com/gui/file/d0f7a30d75237013c95ab544faf873ba165f252321c49e2ccc5e5b43126a4c3d/detection 84.117.241.36:1604 84.117.241.36:6606 84.117.241.36:7707 84.117.241.36:8808 sexpulapistol.ddns.net # Reference: https://www.virustotal.com/gui/file/c6565e82f8873c8064caf5e73f1fe276b103c131e6df769dfd5bce2da760dca0/detection 91.105.195.23:5679 # Reference: https://www.virustotal.com/gui/file/7017de5d73a4f3bb86c343d87148c3af0087191fd401632b2643368ad38d0929/detection 90.37.128.28:1111 90.37.128.28:6606 90.37.128.28:7707 90.37.128.28:8808 osinte555555.gotdns.ch # Reference: https://www.virustotal.com/gui/file/cf69b63b9cb0ecae224f272bbf7d02fefa14e31ea1e2dab90d2f7fad8b742edb/detection 45.153.243.96:8888 # Reference: https://app.any.run/tasks/57ef4913-3bdd-47c9-bbca-1d16df9b9c1f/ 193.161.193.99:24383 nullbytes.duckdns.org # Reference: https://www.virustotal.com/gui/file/32ac22ae67128eee2d9771d0d579ca2fd222dc5937480391df2b1f50af84bd1e/detection 23.95.13.157:5356 # Reference: https://www.virustotal.com/gui/file/99c1bb646297307dad07a81cc77cd283f6eb854ab9b33a322725add022528bec/detection 185.20.185.96:9091 giness.giize.com # Reference: https://www.virustotal.com/gui/file/a8e0a5a7a055e7d431c3e28f77d81c9d7a4a6f3449382c7a88ae52a52091cdd7/detection 185.20.185.96:6606 185.20.185.96:7707 185.20.185.96:8808 genlast.giize.com # Reference: https://www.virustotal.com/gui/file/67d0d003a313f542a40efad51c91a6b81f13a9d7da5059edc39c9d7ad5b1c166/detection 105.108.31.15:2020 frefiredll.servehttp.com # Reference: https://app.any.run/tasks/8be5fee5-16e7-46d2-8b79-186227574f25/ 201.219.204.73:1881 dfdfcdc1.duckdns.org # Reference: https://www.virustotal.com/gui/file/ee3e0599c68bd9454f2e9175faa65c9a474160bc41acb07532158b6309ba991c/detection # Reference: https://www.virustotal.com/gui/file/edab64dac1dee32fef52a0871d0323e1b5bf246d70aa0617d83dcc7975bef283/detection 14.231.186.175:5555 # Reference: https://app.any.run/tasks/6a264419-9242-4e6f-9974-abc8cc7c194d/ 14.231.186.175:8888 getcookies.ddns.net # Reference: https://www.virustotal.com/gui/file/fa26846e38ca581bcfeb41da686153970b4d29ed706e76352dd2771c12267cde/detection anunankis10.duckdns.org # Reference: https://www.virustotal.com/gui/file/c92433dcc69cb79b43a176f68820d85c4c8d7ef0a6b31881de5e9cfb70464d14/detection 85.214.37.238:9192 # Reference: https://www.virustotal.com/gui/file/4082d61ef1a193655d3d50eb923fb95e4d0026de3104f2d5f4e162597e6d37b6/detection 88.232.12.125:150 nonick55400.duckdns.org # Reference: https://www.virustotal.com/gui/file/d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b/detection # Reference: https://www.virustotal.com/gui/file/cf4ddce71aba43a35beb19ec82d3e90b0008c09b3e6018d286ba321616ced13b/detection 46.114.109.193:59999 83.135.171.146:59999 drei.ddns.net # Reference: https://www.virustotal.com/gui/file/c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820/detection 193.161.193.99:28070 lufeteme08-28070.portmap.host # Reference: https://www.virustotal.com/gui/file/9160bff6b2976faebb45e316ae521f76fc25893a85818c02317b3435163545c8/detection # Reference: https://www.virustotal.com/gui/file/7940abde1678d42fc39c4cc0c69a17d2903c462747d9f8115b2b68f4a0f3d768/detection 206.166.251.78:6606 206.166.251.78:7707 206.166.251.78:8808 # Reference: https://twitter.com/jorgemieres/status/1336699712796299264 # Reference: https://www.virustotal.com/gui/file/558af040bcfa1aaf774e953cca682eaaf38ec8c4f3ca4f3e24e0ea8a783ca1df/detection # Reference: https://www.virustotal.com/gui/file/1f89b0e486eb986a03b0a5cbbacc8f4e7552f5b9ed74c408ae9febd2e424dbdb/detection 23.105.131.244:1881 maraddiego763.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1342046396048932865 # Reference: https://bazaar.abuse.ch/sample/c397eb85439a20b9185e001ec8cd286281d27d6be336d32e93558e451e6aeeeb/ # Reference: https://app.any.run/tasks/74f1a309-b81d-447c-80c9-fc94ed5a0d41/ 3.22.15.135:14345 # Reference: https://www.virustotal.com/gui/file/ab62e63b551e5f354ec3fe9fd7142d9a07311af48a898ab02faa8a9067fa9894/detection 47.93.12.104:6000 # Reference: https://www.virustotal.com/gui/file/258d5d44809036c29e621367b7aec4338278950edf3766277e3a891bcb8200d6/detection 78.163.1.80:1608 78.163.1.80:6606 78.163.1.80:7707 78.163.1.80:8808 kurbanlar12.freedynamicdns.org # Reference: https://app.any.run/tasks/816acf79-0c72-436c-b229-3cae510f1308/ 118.91.123.84:6606 118.91.123.84:7707 118.91.123.84:8808 # Reference: https://www.virustotal.com/gui/file/82e765d576749be75f8eec64ab5cb4c934b494e30a74fc9a4f70b1c8d3cb25ef/detection 212.125.28.114:4096 # Reference: https://app.any.run/tasks/b1409386-ce03-4eea-8a2e-32434ba38ee5/ 37.120.208.40:49746 chongmei33.publicvm.com # Reference: https://app.any.run/tasks/c1f8c77d-4c72-4419-a381-8d166413e5e9/ 193.161.193.99:23074 # Reference: https://app.any.run/tasks/cf031967-ce6c-4a6e-8b9f-a718560ee709/ 68.235.43.126:56927 # Reference: https://app.any.run/tasks/005ff4be-a1df-4e61-9390-b61d968ed4c0/ 125.209.137.105:6606 # Reference: https://www.virustotal.com/gui/file/a6264de41b4d2ad578a3ec5e082b621dcbf3b716e9bbe86f66682d785c7fc476/detection 45.140.146.29:7979 45.84.1.78:7779 # Reference: https://app.any.run/tasks/4585a843-0924-4dfa-9714-322eb3a61d12/ 193.161.193.99:48622 crazynigga123-48622.portmap.host # Reference: https://app.any.run/tasks/fea4d4d7-cc76-4655-8e00-400d40f683ab/ 79.42.176.16:8080 backdoor.sopix.it # Reference: https://app.any.run/tasks/afd0acb5-ce1d-4a29-b525-cd198d6d69fd/ 3.13.191.225:12246 # Reference: https://app.any.run/tasks/85ac5faf-d2bd-4e6c-84f4-276c16c8c260/ 20.50.121.62:1604 arda3369.duckdns.org # Reference: https://app.any.run/tasks/fbf0f2b7-868b-4aad-b0b1-8028f3303b73/ 193.161.193.99:25740 skeetware-25740.portmap.host # Reference: https://twitter.com/Glacius_/status/1354914904004820992 # Reference: https://www.virustotal.com/gui/file/baec9d73487e85c2bdd78b6ae43abaa6a7fec4b969d92b14427e8aca0510a24b/detection 172.241.27.124:6666 fat7e0recovery.ddns.net # Reference: https://www.virustotal.com/gui/file/ca15972126b044ee0306f30aea6ee94ac41c3696c6c4789649a8554c8011acd2/detection 193.109.78.123:5454 193.109.78.123:6606 193.109.78.123:7707 193.109.78.123:8808 # Reference: https://www.virustotal.com/gui/file/1ee5494e35b15b468334a05ab0b8b233cf09d3fdaf6b2fbfa997f30bb7e95534/detection 179.124.220.225:6606 179.124.220.225:7707 179.124.220.225:8808 supertop2.duckdns.org # Reference: https://twitter.com/ScumBots/status/1355991497095700491 # Reference: https://www.virustotal.com/gui/file/a9c4777eaa8ebd606b60f1a40c3789fe3cc0fa874610fed377cf1aea7093d638/detection 118.91.99.226:6606 118.91.99.226:7707 118.91.99.226:8808 # Reference: https://www.virustotal.com/gui/file/6d46e1bb744cc57d651c3812520e5efa06f760631df2740987ade7b1340262dd/detection 3.138.45.170:14232 52.14.18.129:14232 # Reference: https://www.virustotal.com/gui/file/fc96f417ac8229c6b5bb9303f3256d0ed54e416ae2328360b31c72b8b77bd027/detection 3.14.182.203:15821 3.14.182.203:25565 3.138.45.170:6606 3.138.45.170:7707 3.138.45.170:8808 3.138.45.170:28856 # Reference: https://www.virustotal.com/gui/file/3f82201b874febc1f265408f7574966eedd494c87ab21e20099c0463341c4ec5/detection 51.83.21.214:1177 # Reference: https://app.any.run/tasks/0713ac99-9dc7-4ea8-b408-dfc72f582df0/ 62.228.99.44:25565 swiftyboiiiii.ddns.net # Reference: https://www.virustotal.com/gui/file/cf0ac94c2958739cad12578e671278f78e9a36ca8dfa060e7cb99beacf5443f1/detection 77.149.2.122:5552 hookshome.ddns.net # Reference: https://www.virustotal.com/gui/file/4864f1d1db04b797fd2e43e2a842afe736f7a8a69d985d20c0a506b2cd1e6710/detection 201.219.204.73:1881 ortegadani4521.duckdns.org # Reference: https://www.virustotal.com/gui/file/3794538f0e3b4c499c8f5edf04fa2ee3bbf61cf51c9185ee60184d1473db6c58/detection 91.109.190.8:6606 91.109.190.8:7707 91.109.190.8:8808 mrtx.duckdns.org # Reference: https://app.any.run/tasks/99dabdb4-e15c-4a04-a587-01ebe4a1ecb0/ 193.161.193.99:47970 Lollypopman34-47970.portmap.host # Reference: https://www.virustotal.com/gui/file/4fb8606551676da10e81801a00d3fc7899c064b4ceec54939b41e8cdd7f81159/detection 209.99.40.220:1000 updatersvc.duckdns.org windowsupdater.system-ns.net # Reference: https://www.virustotal.com/gui/file/292f5a19fadef7188670b8bc2e69bcd9d1f54c7e23928427392dc135dcdc8a0d/detection # Reference: https://tria.ge/210214-whb5qfxctj 23.102.129.234:6606 23.102.129.234:7707 23.102.129.234:8808 # Reference: https://www.virustotal.com/gui/file/c4c4c3ddd9cf42d0352a5135a9250a0cc64a40a8ed49ca860cf31061cfca5304/detection 40.75.8.74:6606 40.75.8.74:7707 40.75.8.74:8808 # Reference: https://app.any.run/tasks/9528fcbf-be7a-42a4-b363-808a22a624fd/ 52.14.18.129:11677 # Reference: https://twitter.com/reecdeep/status/1361585509387149315 # Reference: https://app.any.run/tasks/4c21b945-025a-4fe9-9296-eadb5f04cf50/ 103.151.123.132:6204 severdops.ddns.net # Reference: https://app.any.run/tasks/d343dc45-6f76-4c18-aeee-4f1cf7e1764e/ 193.161.193.99:55575 gzzzjc-55575.portmap.io # Reference: https://twitter.com/someinfosecguy/status/1362440625619144708 # Reference: https://tria.ge/210218-jmjxwxbpqx/behavioral2 193.161.193.99:26187 193.161.193.99:64861 malkalanok357-26187.portmap.io # Reference: https://app.any.run/tasks/654e69f2-b60d-4dd5-8cf4-895123bbbe08/ 95.252.85.20:8080 unbelratcomesideve.ddns.net # Reference: https://www.virustotal.com/gui/file/c75f28cdb21bec49700a7579d3b630074e3fb6de4cda70c5937dcd8424bbebbf/detection 121.137.39.135:5050 # Reference: https://www.virustotal.com/gui/file/fad55e42bde0dce163f94a0ac272418b17100a67e439574fdc49ab7e2b12bc3e/detection 220.78.222.190:5050 yohan002.kro.kr # Reference: https://app.any.run/tasks/5f595a39-7203-4809-8d78-e3431e057227/ 193.164.7.176:6606 193.164.7.176:7707 193.164.7.176:8808 # Reference: https://app.any.run/tasks/7cc3c6d0-fe7e-4491-8d55-9f1644649546/ 193.161.193.99:36606 sizetmp-36606.portmap.host # Reference: https://app.any.run/tasks/a542e55d-6ff8-4aaa-9f49-13ea77bdbfd5/ 69.136.25.93:54115 azxsdc.duckdns.org # Reference: https://www.virustotal.com/gui/file/2399e5acd8e6fec2e83de445cf83b598676f57fdfedd1f67a7872a5009866591/detection 154.16.67.107:1177 newss.myq-see.com # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1365774874870972416 # Reference: https://app.any.run/tasks/119bfa2f-93ed-46e1-8ade-2eb69c0165d2/ 194.5.97.132:35714 # Reference: https://twitter.com/wwp96/status/1366429485080457221 # Reference: https://app.any.run/tasks/d93648e9-999f-4a82-b7ee-3d318546c9c6/ 152.89.247.27:1210 3324546.duckdns.org owncablestdywirecord.dns.army # Reference: https://www.virustotal.com/gui/file/1b3d41d44659ff038cf8aafdc5ff021646771106d957783aecdff725158c216c/detection # Reference: https://tria.ge/210305-v3pe2f2w5s/behavioral2 177.124.77.43:4000 micomico.ddns.net # Reference: https://www.virustotal.com/gui/file/7b5ac1f2b4852a2c27afd5c5529660f71f0e7ad0f890208ed3f5e248d6e7b84a/detection # Reference: https://www.virustotal.com/gui/file/3decf98948eb4ae09dec3ff5955f33bd9c4ce38cdccae4107f3fa9bfffb7b050/detection 85.170.227.97:4000 85.170.227.97:5000 rat94522.ddnsking.com # Reference: https://www.virustotal.com/gui/file/b04d9a311d595e1d0a44992ecd4ea00528270378d0e52da5dc75b8ccc1ce5599/detection 31.220.4.216:1738 # Reference: https://www.virustotal.com/gui/file/b77906648505d304d711b3021f19104a70f7725f6021e4cee0d492fa96597028/detection potrq.ddns.net # Reference: https://www.virustotal.com/gui/file/fdbb642769e8cc0eec1e09d29c9635d76d5885abb07deca4d2ef5c84bbba5c67/detection 136.175.8.57:1177 100k1.ddns.net 100k2.ddns.net # Reference: https://www.virustotal.com/gui/file/bc796e4f7602321306d3762eca6dc809ee2c043caf03386deb17b1422209a1ec/detection 45.32.200.152:1177 fat7e07.ddns.net # Reference: https://www.virustotal.com/gui/file/67d8ec4d7cde7188fc49f8268a10855abe89cffffc13c6f6111ba904caebe6f7/detection 93.93.193.189:9341 corporation.warzonedns.com # Reference: https://www.virustotal.com/gui/file/78430db636f5d5be5dd3959a3f74b14792897b8fdea1de1c441eba120164cfb6/detection liverpoolsupporters9.com # Reference: https://www.virustotal.com/gui/file/3c7d9801bed9dc95108527bc38cbc100260c5bd76331adffb9b21620c91b5049/detection # Reference: https://www.virustotal.com/gui/file/c4b9e67adddddb84ad88135affcf47881c6ff4a560557e760da2990aaca02510/detection 186.4.232.55:6606 186.4.232.55:7707 186.4.232.55:8808 rcvasconez.ddns.net # Reference: https://www.virustotal.com/gui/file/2f9e71f1807b0e909226f4fced8c62fb38c787b2ae56ec8646ade0a6a54ec725/detection 193.161.193.99:43299 gammadoppler123-43299.portmap.host # Reference: https://www.virustotal.com/gui/file/0100972f01df9b75c0958a7198170d2d37a51f1d500501bcdbf122bb43253bcc/detection 102.36.149.155:30300 79.134.225.11:30300 rbltd.ddns.net # Reference: https://www.group-ib.com/blog/rats_nigeria # Reference: https://www.virustotal.com/gui/file/8613c29feb93ea1eb6a48e037da61e0643ca06234d51462814e0b314e2aa9b50/detection http://68.235.38.157 east-ge.com kingtexs-tvv.com mariotkitchens.com sommernph.com # Reference: https://www.virustotal.com/gui/file/fee6cda76d8c5b289b76deba1176049e529f51ac06f817a8a22ec77b17d74f35/detection 188.161.190.135:6606 82.205.21.99:6606 82.205.22.86:6606 188.161.190.135:7707 82.205.21.99:7707 82.205.22.86:7707 188.161.190.135:8808 82.205.21.99:8808 82.205.22.86:8808 squadx.hopto.org # Reference: https://www.virustotal.com/gui/file/95fbecb2d0b0aa0fa80e02732237fc9eb43fc9f8af1efff062435b44b57f1a03/detection 97.90.7.88:4782 97.90.7.88:6606 97.90.7.88:7707 97.90.7.88:8808 cademc.zapto.org # Reference: https://www.virustotal.com/gui/file/e706bf49908519c14eb135357c5cd822be3f139be7365a94081b54342db0eb91/detection 20.79.41.10:5967 tayfagreatie.duckdns.org # Reference: https://www.virustotal.com/gui/file/23d4837df84a76f96c674581c96e6a1729bac2981787d3b36ac5149d861f13e5/detection 160.152.102.175:8988 160.152.102.175:8992 loading8992.bounceme.net # Reference: https://www.virustotal.com/gui/file/668d4a42b6e049ee80146d86f93c706a6598c90156b670b966a4a413a83e58d1/detection 144.202.70.248:6821 # Reference: https://www.virustotal.com/gui/file/af8558a48c8cd10691fc61aba79b6522807ff92a85fe833556445dba63f149d6/detection 45.77.142.82:9797 # Reference: https://www.virustotal.com/gui/file/2f054e75bbe251c38dfa8a3a31d51123d71f80054720c909ed3901e14859c656/detection 49.12.11.240:6606 49.12.11.240:7707 49.12.11.240:8808 49.12.11.240:6821 # Reference: https://www.virustotal.com/gui/file/89c38091fdb1977853e9533b62a68082b65dfa61007bd7d7f9dfaa228646252b/detection 20.52.142.130:9797 # Reference: https://www.virustotal.com/gui/file/fe57fc52dcd3215bca8bc6cebb224eb2c2d2b5238f3b671e84147ae555af936d/detection 144.202.70.248:6606 144.202.70.248:7707 144.202.70.248:8808 144.202.70.248:6821 # Reference: https://www.virustotal.com/gui/file/ab09142c8ecb158bb84696cb92e922fea9959a57bc6e1bacc6d8e87ffc1c63f8/detection 45.32.211.35:6821 # Reference: https://www.virustotal.com/gui/file/96f0812b2f8c0589a04b40ea1a9438d41e901ef660ed493c3d5221c535c18b4a/detection 216.230.75.194:8621 # Reference: https://www.virustotal.com/gui/file/c64c2b5fd4c90ac4dd5c41b733d43669fd3dfa75342d98f29b7bd3178e6374de/detection 139.99.73.120:6606 139.99.73.120:7707 139.99.73.120:8808 139.99.73.120:5555 # Reference: https://www.virustotal.com/gui/file/30368f7cf5ab4464ed45c1cf1c7a21110663a56b56ee5fe94a4e9bb376e2d5e4/detection 91.109.180.5:6606 91.109.180.5:7707 91.109.180.5:8808 # Reference: https://www.virustotal.com/gui/file/c06fdc9f0dbfd0b42d74c9226ed28f3f52b5bfc04af70f58b8b5b16439196184/detection 185.19.85.167:3413 # Reference: https://www.virustotal.com/gui/file/f7b01c9dd7e2184231f40d009c54374d0cdcf563e987fe2a3586e6b767852dea/detection 175.144.21.17:2703 185.244.30.92:2703 192.169.69.25:49703 37.120.208.36:49746 79.134.225.92:49703 87.98.245.48:49746 chongmei33.publicvm.com rahim321.duckdns.org # Reference: https://www.virustotal.com/gui/file/62a8add7d225619b038ee5e87b9546fbdb796c98b1c65fc4ecdc4b079069500d/detection 95.211.239.205:777 tahoo.linkpc.net # Reference: https://www.virustotal.com/gui/file/dfc5f5a467242e30666b413878511d034ab02651a8b791732b70317a72c6a543/detection 105.103.141.231:777 domaineweb.publicvm.com # Reference: https://www.virustotal.com/gui/file/7081ef94c2d39376308f54702b74cc685f2489f90d95f1db288ff96c7e434202/detection 184.170.245.2:6606 184.170.245.2:7707 184.170.245.2:8808 hacker1313131dd.ddns.net # Reference: https://www.virustotal.com/gui/file/7cf0450f46dbf13e125b76f7358c0505a9b5e6655d908281ed00b8ce5c94a3dc/detection # Reference: https://app.any.run/tasks/409d87b3-2e1a-4699-9fb2-42bc6c107dda/ 105.112.46.168:2021 105.112.78.3:2021 kimjoy.ddns.net # Reference: https://www.virustotal.com/gui/file/c3566a97c163540e23dd172c1c872bb8e4dab98c1a049bacef3f3fbf68744835/detection 74.199.72.115:3702 nazinaturistic.ddns.net # Reference: https://www.virustotal.com/gui/file/bd30df969f3a11aabd58ff65c72fd14a507ee43efe4d77331338facbeaed77c4/detection 195.62.33.67:9911 bad96.ddns.net # Reference: https://www.virustotal.com/gui/file/9d9ea4fd548efa07e3051dcef175d5b0446958cdf0d7f623a0f98945acc1dbb8/detection 94.61.14.42:6606 94.61.14.42:7707 94.61.14.42:8808 robloxfanscripts.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1389666118294327297 # Reference: https://www.virustotal.com/gui/file/146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e/detection 79.134.225.18:2455 franco.ddns.net # Reference: https://www.virustotal.com/gui/file/9ee67445d4ffeedd7c11e1e14949bf0f6060f34352e3f2c8d2184ffe0b4d235f/detection 79.134.225.18:6606 79.134.225.18:7707 79.134.225.18:8808 bigman2021.duckdns.org # Reference: https://www.virustotal.com/gui/file/8d2b3f58baa5dc605a8618d66b3070c97b8f3f01c214c3e39b0d3df1c820f12f/detection 78.189.145.29:1064 cancan01.duckdns.org # Reference: https://www.virustotal.com/gui/file/192b8b333a2d956f13512165a108e109e79f73680e28af2e98f4aafbaea378f4/detection 89.160.26.37:1907 89.160.26.37:6606 89.160.26.37:7707 89.160.26.37:8808 leoz07.ddns.net # Reference: https://www.virustotal.com/gui/file/af844d4f524a764af31c6d600148248dae088a54356bbd63604f93602ae8a655/detection 41.105.36.185:1231 170293.ddns.net # Reference: https://www.virustotal.com/gui/file/aefeb07afc0d9f4d09ab09317db14edef1b58df175f70cf6ea88d7f6cdce8cfc/detection 159.242.234.220:8991 160.152.102.175:8991 160.152.128.216:8991 160.152.155.95:8991 160.152.184.22:8991 160.152.34.228:8991 160.152.57.245:8991 197.210.70.144:8991 197.210.71.96:8991 79.134.225.119:8991 adobe.myactivedirectory.com # Reference: https://www.virustotal.com/gui/file/d452cee94e3a2d58b05e9f62a4aa4004c0632d9b56fa8b57664d295bc88c4df0/detection 160.152.128.216:8988 160.152.155.95:8988 160.152.179.159:8988 160.152.71.32:8988 5.62.58.238:8988 79.134.225.119:8988 160.152.128.216:8989 160.152.155.95:8989 160.152.179.159:8989 160.152.71.32:8989 5.62.58.238:8989 79.134.225.119:8989 asin8988.ddns.net asin8989.ddns.net # Reference: https://www.virustotal.com/gui/file/e8aca8f27af178b2c191206c7bc04bfddc604a78b95699a72ca20c22f618c9b0/detection 160.152.187.169:8988 79.134.225.119:8988 160.152.187.169:8989 79.134.225.119:8989 160.152.187.169:8990 79.134.225.119:8990 asin8990.ddns.net # Reference: https://www.virustotal.com/gui/file/d88f2958d0acb7f06c1cfbf71f496477b5bae94fda49b9084def65709b211546/detection 41.102.72.91:2019 mrdiazdz.myq-see.com # Reference: https://www.virustotal.com/gui/file/7e2c927caec040c6a134fbcd520023dd48379be367b6af0a353dfc1e4d0bcc3d/detection 79.134.225.7:9476 sipex2021.ddns.net # Reference: https://www.virustotal.com/gui/file/af664ecd43c0dd5152022855d80d3faa80bf938477b7959fdfe3d67c50ab93d6/detection 14.191.50.101:8080 # Reference: https://www.virustotal.com/gui/file/2fd8dd35009746246e06cafdd744c0bea6862576483a55a93b3c00de75989876/detection 77.247.127.24:6666 # Reference: https://twitter.com/pmmkowalczyk/status/1392794233724100608 # Reference: https://www.virustotal.com/gui/file/d17a7a0afd4342b88db7bfdba2ed30b44e03d95104d27d5e869bf7641895ad5d/detection 46.101.140.16:47533 fnk3.playit.gg far-street.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/ea3e00b1c26220883d6e27179ec9391efa9a2062414eb1c5576db0e204291104/detection # Reference: https://www.virustotal.com/gui/file/8ab4f231ebf6150eb8bcfa302353732cce3f6c72ea7892f27a22e2720509dc37/detection 134.122.66.170:1604 134.122.66.170:1700 134.122.66.170:55772 134.122.66.170:8929 139.59.82.105:1604 139.59.82.105:1700 139.59.82.105:55772 139.59.82.105:8929 bng1.playit.gg fnk1.playit.gg roasted-egg.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/4cb3d0afec4c271f4d2351022cecd072a7ef96b7c2f63223144278de67067d42/detection 157.245.170.36:1604 157.245.170.36:55078 157.245.170.36:6606 157.245.170.36:7707 157.245.170.36:8808 crooked-wash.auto.playit.gg sf1.playit.gg # Reference: https://www.virustotal.com/gui/file/b3a697477ca999a3cedb88a7dfef0735ac12032f26106008a31c6db4bdf1b7c8/detection 134.209.194.210:56635 ams1.playit.gg gullible-substance.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/05030526532dbe4d0a3e49140489439468957d6dea9f482ff983e778b21c61d0/detection 147.189.168.238:1996 nova22.ddns.net # Reference: https://www.virustotal.com/gui/file/d3b9abaed3de3549b0fc83ec846a02612d91dfaca5a82aad2d7fa58b6e6c8f59/detection 134.122.66.170:59266 enchanted-sugar.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/5acd937d84b28e21755ea9707e88cb73eaa6f183f03568e69077eee97ff5c6ca/detection 134.209.194.210:56874 134.209.194.210:6606 134.209.194.210:7707 134.209.194.210:8808 bored-baby.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/4a69b932f7d7abe2e40d828020271ad2c82895fe0e45639a5e63898097383229/detection waiting-distribution.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/25b60ae10029b3dc5b7c9e0c4fda13f676fd138f9407fb3d515b16f307964987/detection 134.122.66.170:2626 134.122.66.170:52083 staking-afterthought.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/c984664d6300015a18c84ddf60d978b2cedcf5323dcf32365b72456766770dec/detection 134.122.66.170:56797 134.122.66.170:6606 134.122.66.170:7707 134.122.66.170:8808 parsimonious-elbow.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/f7aede4740b641f6ca71b683741b35e4cd8fcb9cd9aac929605e2f41de19db76/detection smelly-plantation.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/ae068da2d2b92d3884eebcb3b088d3764c64899341deab9e431bb0cf5af2f011/detection 134.122.66.170:52859 parallel-spade.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/4816d6f30051bd5fd3b3c585ab45068cc68b1698bedebdf829b6df2c1345787d/detection 151.115.36.90:51696 151.115.36.90:6157 scintillating-jeans.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/3c19eba85ce343b5cb5a2afd7036a2528c520c19dae153c9c50552ec2f33d548/detection 46.101.140.16:59842 # Reference: https://www.virustotal.com/gui/file/7787b0ad1912dfe4feac545132d8c27f2cd89f1f9a8cf1ed7d787a487e523e9b/detection # Reference: https://www.virustotal.com/gui/file/5c3d28aefe454f0503484f737fd56fb0303c93556c579c4568a72d684ee14ed3/detection 46.101.140.16:49723 little-toothbrush.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/0d937a6efda9883e93d429cf6c4d60dc145ed5f3fd69ddb744cb44a4a0b7396d/detection 46.101.140.16:47458 slippery-cactus.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/8e1ae1790f2ee8b22b8956cd8b1cedf9b0bf82246d5d5a998bc503ac780b3496/detection # Reference: https://www.virustotal.com/gui/file/f8e56bed47bf278dd23e4e8bbac71c8bc0464bfb91c07c242a2d26a37aa83d16/detection 46.101.140.16:47537 tremendous-icicle.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/822edf21c4b1bdd1a85dc45219158b462323339f5510c9780c900e12a8a125cf/detection 151.115.36.90:49057 151.115.36.90:6157 cloistered-dogs.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/b47b6d3289ae1968dbf8c2ade9b51b8648e422b1676e5ca320f588768b90a28c/detection 134.209.194.210:59208 46.101.140.16:59208 # Reference: https://www.virustotal.com/gui/file/29e7e0de201646f11e3ac7b7f861cc489e5f8343834871de5143e4842d1718ef/detection 46.101.140.16:46467 unkempt-silver.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/32b3b1966fae4e513fa11870958bf2fd585144a9b9a37b4ed0da8f9871f40176/detection 176.136.47.220:1605 176.136.47.220:6606 176.136.47.220:7707 176.136.47.220:8808 xuehue.freedynamicdns.net # Reference: https://www.virustotal.com/gui/file/90fab6977cc5f967959d3dd307d4dd99dfa8da7f7fe2c159c1e7911bc6f5105f/detection 20.52.37.83:6606 20.52.37.83:7707 20.52.37.83:8808 orospureaxx.duckdns.org # Reference: https://www.virustotal.com/gui/file/cdbbddacd34d002729ac3889252f36c544b936002005a2f357e831cb2f669d7b/detection 194.76.226.201:6606 194.76.226.201:7707 194.76.226.201:8808 # Reference: https://www.virustotal.com/gui/file/dc3e48d0b12659129b857a0293e2978a29809664572b4f6f556491ca4f677dbf/detection 150.107.31.190:9060 # Reference: https://www.virustotal.com/gui/file/69642f95f35b3d14f1123de60819e66e59c8f125defb58d23b8766f498597de3/detection 79.134.225.53:9872 # Reference: https://www.virustotal.com/gui/file/494924af556726976ac133cfe12a92b3d5b193f19df0d3ea785c645cea18e6fb/detection 24.101.234.141:4782 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1400166564268331009 # Reference: https://www.virustotal.com/gui/file/c810a1bde5027f6fcf656067381133c6c8e61349cd05b4f4c7a9695b9a44f31f/detection 195.174.209.145:1781 195.174.209.145:6606 195.174.209.145:7707 195.174.209.145:8808 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1399327839896342529 # Reference: https://www.virustotal.com/gui/file/e89d388de70b933316724146def5eeab047a08514b7bf70bcea3916e09162669/detection peebeekay-22139.portmap.io # Reference: https://www.virustotal.com/gui/file/6610572cbe4075996e903d9e13a29cf812537be7b7ed2d9f6bc341a3998f4459/detection # Reference: https://www.virustotal.com/gui/file/48b3e497f5e533a663b3686b731bcf2b486ba3aedb006091fd95d1f573944c90/detection 87.132.215.23:4250 89.182.98.3:3601 dontreachme5.ddns.net dontreachme.duckdns.org dontreachme1.duckdns.org # Reference: https://www.virustotal.com/gui/file/ec503a0e10888dfadfaa3716eb128b6dd7479fd708e45a181cba7c14e8ad59f9/detection # Reference: https://www.virustotal.com/gui/file/ee45e7b7efce62cdf53205e25010044bd2612498113e665e76f9731d4e2843e0/detection 162.255.119.29:54984 173.189.160.249:54984 snow-leopards.xyz # Reference: https://www.virustotal.com/gui/file/1c1aad21ca7a30cdb51deac733927ed1b603c242b7640c9e42605ea8202782f2/detection 106.214.237.83:8088 # Reference: https://www.virustotal.com/gui/file/f6f4e3772ac0e480939d5af16464ba425c44040e1f1ce6edb82591694d5e3f01/detection ooyeah-24044.portmap.io # Reference: https://www.virustotal.com/gui/file/44b58d71e60589298b48dbbdcd296ebd7b0330dceb8988369267a167a85d631c/detection # Reference: https://www.virustotal.com/gui/file/b564ee571c17fcf612bf67207a44d92e463f1c12c2558f205c4cbb45d8950839/detection 141.255.155.84:4444 141.255.157.163:4444 cryptserver.hopto.org # Reference: https://gist.github.com/myrtus0x0/deb815eadd362f660aabb41a7806e187 172.93.222.156:6606 172.93.222.156:7707 172.93.222.156:8808 173.63.124.155:1604 178.33.222.241:2703 178.33.222.241:49703 178.33.222.241:49714 178.33.222.241:49746 185.165.153.116:2703 185.165.153.116:49703 185.165.153.116:49714 185.165.153.116:49746 185.19.85.155:5080 185.244.30.92:2703 185.244.30.92:49703 185.244.30.92:49714 185.244.30.92:49746 194.5.97.249:9951 194.5.98.196:4529 194.5.98.107:6970 203.115.24.234:8282 37.120.208.36:2703 37.120.208.36:49703 37.120.208.36:49714 37.120.208.36:49746 45.153.243.96:8888 45.35.158.173:6606 45.35.158.173:7707 45.35.158.173:8808 54.246.188.45:6606 54.37.36.116:2703 54.37.36.116:49703 54.37.36.116:49714 54.37.36.116:49746 79.134.225.92:2703 79.134.225.92:49703 79.134.225.92:49714 79.134.225.92:49746 79.134.225.99:4726 79.134.225.99:6606 79.134.225.99:7707 79.134.225.99:8808 91.105.195.23:5679 agentpurple.ac.ug agentttt.ac.ug bruhmoment123123123.ddns.net dongreg202020.duckdns.org gateway.swat.host genjustu.hopto.org johnboo.hopto.org # Reference: https://www.virustotal.com/gui/file/6c9d744a929a0e67b79dbb669cf8be1ac357b0e8eb75074ace81fa90857e5552/detection 197.1.99.237:6606 197.1.99.237:7707 197.1.99.237:8808 197.1.99.237:9995 197.238.81.24:6606 197.238.81.24:7707 197.238.81.24:8808 197.238.81.24:9995 chromsec19.zapto.org # Reference: https://tria.ge/210528-3n4n93ztka 185.19.85.168:5946 shugardaddy.ddns.net # Reference: https://twitter.com/petrovic082/status/1397093409521905664 # Reference: https://app.any.run/tasks/a1d1ad79-e892-450e-99ff-19aea71774ce/ # Reference: https://www.virustotal.com/gui/file/51863340741893ed0860f30704e00ee4e4c4f0ac4b2c6eefd5e765008f20eb29/detection scarsofthesoul.com/wp-content/themes/45gHdoYZRK3EEBAC.jpg scarsofthesoul.com/wp-content/themes/SNavmh60gxje6Rii.jpg # Reference: https://www.virustotal.com/gui/file/2b8678fa955d08b909a9068aad612ed566a9a98c0476585770f6d1c8dc0c3f9e/detection 141.255.144.58:1604 # Reference: https://twitter.com/James_inthe_box/status/1406995650307256320 # Reference: https://tria.ge/210621-g8zj1sp5j6/behavioral1 88.234.171.239:555 asc1.linkpc.net # Reference: https://www.virustotal.com/gui/file/227f44cda2b2f73785a5ae5b258fe818dd3302ce533aa50837ab21d99cb8219a/detection 185.244.26.217:5892 exchangexe2021.ddns.net # Reference: https://www.virustotal.com/gui/file/068a691ba494e231b27af202af806ff1daac8b660993678a4c0b73ffc8a2d242/detection 185.140.53.169:8970 8970.ddns.net # Reference: https://twitter.com/ps66uk/status/1407090099699994626 # Reference: https://www.virustotal.com/gui/file/ca8929421ca89c108483865008ee79bd23e3386b899ffebdd897e1d072ad9e92/detection 172.111.244.39:46422 172.111.244.39:6578 leechong444.ddnsgeek.com # Reference: https://www.virustotal.com/gui/file/14a78e85a9719b24dd71fa5cded55f59c14d45211a18bf89f5196cd2e0cd45e5/detection 83.252.99.10:8080 keyloggerhacker.ddns.net # Reference: https://www.virustotal.com/gui/file/a72d1d21eaf2f89f06ea807db188ee0e4c6ada5e966568d8543e4c3dbd5c7c73/detection 135.148.134.17:8080 # Reference: https://twitter.com/BushidoToken/status/1416498021127409674 185.195.232.251:57667 # Reference: https://www.virustotal.com/gui/file/5f106bf6a105b2febc08dbc9885420f6341eae88eb5570d5b5454a3bee0c2a08/detection 3.22.15.135:6606 3.22.15.135:7707 3.22.15.135:8808 3.22.15.135:16029 3.129.187.220:6606 3.129.187.220:7707 3.129.187.220:8808 # Reference: https://www.virustotal.com/gui/file/878487e25eb96ab2c4ebd889e4bfc1739d730722c2af4736bc46ac3d11eca453/detection 206.123.141.239:7777 # Reference: https://www.virustotal.com/gui/file/d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827/detection 95.169.210.148:6666 # Reference: https://www.virustotal.com/gui/file/8b388efb71328e18ee3dd5b4c932387ddad5ee79b595751a79fe535533e2c4ed/detection 191.88.250.118:5020 marcelajarakmisdhuakfsg.duckdns.org # Reference: https://www.virustotal.com/gui/file/c4b86c9533e71721f549923868ca2f940e6bee5b9ef49b661343a5028a16b363/detection cabovela.duckdns.org # Reference: https://www.virustotal.com/gui/file/a0329b99847941ede2712082eca9b6fecf89a9150fa36160328b3e596f3c23fc/detection 45.134.225.35:7821 45.134.225.35:6606 45.134.225.35:7707 45.134.225.35:8808 # Reference: https://www.virustotal.com/gui/file/1677e0afc52a9166c9a433e5db3864f71fe5816a98784f6ee3e86540827da084/detection 86.107.197.52:6606 86.107.197.52:7707 86.107.197.52:8808 # Reference: https://www.virustotal.com/gui/file/fa34352f3aec8d28f7e9ebc21a01c3a32e98620790ca91e29ad385919c0e213d/detection 136.144.41.4:4771 # Reference: https://twitter.com/pmelson/status/1419399465207836674 # Reference: https://www.virustotal.com/gui/file/07ac588af0a2789108da9687b452144e346c0a05583ae21660b5b49ef9740046/detection 137.74.176.167:1177 host.aliveafterguard.store # Reference: https://www.virustotal.com/gui/file/fd78341536c5abe19c4beec49876f8f854819aa075092e3d9aec8c193339fcca/detection 171.235.78.216:4444 # Reference: https://www.virustotal.com/gui/file/b6444d49ebd6cf176222cd2ec2816c07727d334a8c6aed056e6e953796f7433a/detection 197.210.71.57:8971 makesuretobackup.loginto.me # Reference: https://www.virustotal.com/gui/file/0705b69d12b5171f99bb4e89191939fe874ef994ffacb2508abcc2057463b605/detection 104.227.146.200:8835 104.227.146.200:8970 104.227.146.200:8971 104.227.146.200:8973 8970.ddns.net # Reference: https://www.virustotal.com/gui/file/4e8bacc82d5684af7b56acbd3150ec033db6d6cc89e60bcf1d16ff13766d41e4/detection 185.140.53.169:8835 185.140.53.169:8970 185.140.53.169:8971 185.140.53.169:8973 # Reference: https://www.virustotal.com/gui/file/eeea15c1411e2f21445e11f510f4c3a3a9c8390085757daf352d48dcfa50d182/detection 104.227.146.200:8070 185.140.53.169:8070 35asyn88.ddns.net 7298hwor.ddns.net newagain.servep3.co # Reference: https://www.virustotal.com/gui/file/da8a2b68f14fab211ffe09dc43922790417dbb6e5fa437b461ad1d5ac7d4f788/detection 141.255.151.240:2880 xinpin.ddns.net # Reference: https://www.virustotal.com/gui/file/0da6b4eb3e0cd74821c92e1cf094e148f62749a6bc8a2d5e457ca320be2947da/detection 46.249.32.186:3000 46.249.32.186:4000 camfro9ksa.no-ip.biz jamal16a.no-ip.biz # Reference: https://www.virustotal.com/gui/file/c31f8b69245d8207cf420a1e7ca523553eccd96d649168314db28644203cea9e/detection 194.5.98.8:3030 adikremix.ydns.eu # Reference: https://www.virustotal.com/gui/file/19470ceb697cfe1039f344962da8fe0b1fe484bd0488db00afef27816ee62ae6/detection 185.244.26.165:9582 e29rava.ddns.net # Reference: https://www.virustotal.com/gui/file/623534bf150f2538edb27e51ed56b92f464adb5da8e2db378ec3a666fcb64772/detection 185.244.26.213:9872 # Reference: https://www.virustotal.com/gui/file/6693e9ce0848fe351b1df785a7540ec3bc1950fd698977cdd8cde1b3d4f19681/detection 177.126.146.148:6606 177.126.146.148:7707 177.126.146.148:8808 word.is-a-rockstar.com # Reference: https://www.virustotal.com/gui/file/df5909d3af4ca4654c190c579631cd6d9aae3e0270daa83e92c7ee4397322364/detection 79.134.225.109:9070 asyn101.duckdns.org # Reference: https://app.any.run/tasks/7e4869df-9ab6-4ee4-9772-f5af5721ca83/ 91.151.88.245:2070 # Reference: https://app.any.run/tasks/eb9ed5cc-ca36-4fcd-955b-81a360cda877/ 20.199.121.197:7707 # Reference: https://app.any.run/tasks/78c5b68f-1c96-46a6-8519-d7f8e475a714/ 151.237.185.211:20090 harnav1.ddns.net # Reference: https://www.virustotal.com/gui/file/c8b7234f8cbfaa32f5c52c02b259511861bfa602a447aea1b1e82f024f102e50/detection 37.49.230.185:5874 # Reference: https://twitter.com/James_inthe_box/status/1438506362107928582 # Reference: https://www.virustotal.com/gui/file/0d9937ff3380d575397c7dae4b22267d42a029956d45a16f956cddf479c3cf59/detection 194.5.98.132:1849 rick63.publicvm.com # Reference: https://www.virustotal.com/gui/file/4a0d7d71ba4692f70972ca28028f943a5cb56086f4fed16829f276a6d70fbc38/behavior/C2AE 195.133.40.157:9909 195.133.40.157:8808 rocking.ddns.net # Reference: https://www.virustotal.com/gui/file/a352ce2dcf084f7017ee2f287678a5852470b9f64f00988a51104d9370a442fd/behavior/C2AE microsoftstore.ddns.net # Reference: https://www.virustotal.com/gui/file/7bbc45943986a1f5886ca429f3fadde428a7936c2e3a421b5f8f24e06ace0308/behavior/VirusTotal%20Jujubox 196.170.63.108:6606 196.170.63.108:8808 zeroxzerox19.ddns.net # Reference: https://www.virustotal.com/gui/file/6c5a78bc2995bd9098af7b5b2cc18b3763a5c16b8960847d8d1518ea03fa5262/behavior/C2AE kalilinux123.ddns.net # Reference: https://www.virustotal.com/gui/file/3a466603350e269cc3c6d47e9467525319d96b93abf4a4f94aa81ef616409792/behavior/C2AE 192.169.69.26:1884 dgrthdg.duckdns.org # Reference: https://www.virustotal.com/gui/file/19261c2bcb77b1f207415ca68e845ee2d7bea24d870b0543233bb277c1c3416a/behavior/C2AE 142.126.121.109:9897 eeeeeeeeeee1111333.ddns.net # Reference: https://www.virustotal.com/gui/file/511be2e5f0ecf8da123bd5eaf462869233c658c88f4ab6c5472792f62a67a898/behavior/C2AE 91.109.186.6:8808 91.109.186.6:6606 91.109.186.6:7707 milla.publicvm.com # Reference: https://www.virustotal.com/gui/file/0cf2d9d9b8cf8181784372da15e5c19918577d9462eb38de60f2cd48ef793685/behavior/C2AE 185.157.160.198:1973 # Reference: https://www.virustotal.com/gui/file/4556c1debf74fe9cdc70eeae3ad1737867f12aafe5f129f2e4c32c3bca5d2373/behavior/C2AE 119.91.81.102:10050 vaoz.hopto.org # Reference: https://www.virustotal.com/gui/file/cef377096aa29c2d56751c604f9c12149596aed21307ae70889367b3717820c3/behavior/C2AE 41.225.94.19:6606 41.225.94.19:4444 41.225.94.19:8808 41.225.94.19:7707 nosnos89.ddns.net # Reference: https://www.virustotal.com/gui/file/49af85ae6afd7dd5c5df440d8c6043c2c14f206a8aaeda0dc2d8d2fa4942faa9/behavior/C2AE 128.127.209.204:1188 ethanily7lm.ddns.net # Reference: https://www.virustotal.com/gui/file/aa8b3ea0e61c4e7951f01a7934c1b500a57afabbac14f794036723048bdd2959/behavior/C2AE 193.161.193.99:6606 193.161.193.99:7020 193.161.193.99:45415 193.161.193.99:8808 193.161.193.99:7707 sherlmes2-45415.portmap.host # Reference: https://www.virustotal.com/gui/file/f77b792b18ed388d1223539319cac1d6c2ec1af3193325aca3d0094160049ad0/detection 91.109.176.3:1010 poplll.ddns.net # Reference: https://www.virustotal.com/gui/file/e55a4da819c806619edb25aba1ae1e1a4b95f46861b636f9958f910166e34cf9/detection # Reference: https://www.virustotal.com/gui/file/dd1fb521c590a121ce61b6a422c1ec3212248c4973f47be6ddcaa2189d410966/detection 91.109.176.3:1100 91.109.176.3:1122 shero21.ddns.net shero21.hopto.org # Reference: https://www.virustotal.com/gui/file/918aca7c4e894fac419afbf9d3b933604bd354f84c819a4241a8a9a7bd81c9ca/detection 91.109.176.3:3242 brikol32.hopto.org # Reference: https://www.virustotal.com/gui/file/c8ca46366ec70b0463b3ee7e747c1c22e1d42f7e7e77e0e896edf99aebdbeb10/detection 79.134.225.77:9532 79.134.225.77:9690 # Reference: https://twitter.com/pr0xylife/status/1450398699121750019 # Reference: https://www.virustotal.com/gui/file/3959233284f7f4a7bec2a314820e3b8e073591a31dfe8c43a03f7a24833b7fd3/detection 139.28.37.182:5200 # Reference: https://www.virustotal.com/gui/file/47ba489de1983d8cba9e284e4ff259ec8fee5fd95464953483c16af9ded7f499/detection 37.0.10.5:1553 # Reference: https://www.virustotal.com/gui/file/0a8ca65757f6c874a8d6124b06c9661f7066a6508d887ed93119539b17de39f3/detection 51.222.98.71:23411 # Reference: https://www.virustotal.com/gui/file/62b91b016641d20e062da305675e6b9ebdc8166c0406c6c151deb00a3b0eea35/detection # Reference: https://www.virustotal.com/gui/file/caaa9c3c18c70d0fa3ce8eeb331098923c5d66c85852d61ff35e44ef3717d552/detection 194.85.248.50:1616 45.144.225.178:1616 bbccdd.duckdns.org # Reference: https://www.virustotal.com/gui/file/44c2e5015639f92b300d495be689bb6f5973c650dc0ac861d77ae97cb21b7807/detection 144.126.141.41:6606 144.126.141.41:7707 144.126.141.41:8808 # Reference: https://www.virustotal.com/gui/file/ac89daad73dd89dc4a2f4fe58a4a5ab29b14bdecf1710a172bc58ea513e6c3e4/detection http://149.56.200.165 149.56.200.165:6606 149.56.200.165:7707 149.56.200.165:8808 # Reference: https://www.virustotal.com/gui/file/665dc88a9cccd536d40ac75c3eb23de8d1d5e95aee504f0ce31f4b31db81d468/detection # Reference: https://www.virustotal.com/gui/file/ea068c51c9036a7fabe4d259e1447154b9bce2ab58d8a5feec10012c72595955/detection # Reference: https://www.virustotal.com/gui/file/7768e84058b04954d258242e0e36804d74aa93cd96ea0c32aad85af86e2040c9/detection # Reference: https://www.virustotal.com/gui/file/2b7dbd887c6917e12d524ce2b2de699908df59566500acef015660d379cb8205/detection 186.169.35.22:9194 186.169.42.167:9194 186.169.52.151:9194 186.169.76.22:9194 anysdk.duckdns.org # Reference: https://www.virustotal.com/gui/file/6f194457591e38ef91c704ee2e78d676158721b7123c5d6f1f7ab893525c1d0f/detection 5.36.102.135:6606 5.36.102.135:7707 5.36.102.135:8808 # Reference: https://www.virustotal.com/gui/file/853274bbcb0c9406640b129d9b5ec887e31da0483b1c5b1204b13369361fa7cc/detection # Reference: https://www.virustotal.com/gui/file/3b378370df4ccdf42f83ac4ca27c77c7a84e76f370e6a1fd0f0cd997c7862eb5/detection 89.10.111.40:3074 getfucked69420.ddns.net # Reference: https://www.virustotal.com/gui/file/12547cac918d152b630f82bc88399322ea3537082f0eb167e5e3915fef512037/detection hhahkek.ddns.net # Reference: https://www.virustotal.com/gui/file/9a0bcd595c00fac69969827f5c83d08bbe6bb5f5d29b2a9bd294e9618ecf1cc4/detection 193.183.217.94:42431 # Reference: https://www.virustotal.com/gui/file/b0106b10a4ec8d9be9349ea21ce7d8810884a54e65a025a1c57d282eb5b49b73/detection 20.113.56.70:1939 yarakkurek31.duckdns.org # Reference: https://www.virustotal.com/gui/file/6ef6850e025b28edccc2d716a969257368082a7e64a6c73253315881fa3da18c/detection # Reference: https://www.virustotal.com/gui/file/d7275e118bd4932e36789d4c03147c3efe3a31ea9c719b8e93d8697baabfbe4f/detection 103.1.184.108:4000 216.250.97.121:1568 216.250.97.121:4000 216.250.97.121:6220 216.250.97.121:712 mycollege.duckdns.org ournewos.duckdns.org # Reference: https://www.virustotal.com/gui/file/8e57ba59e782cb55787620258867e2c64d2e30ee02924f02a6e9e61a9b6775a4/detection # Reference: https://www.virustotal.com/gui/file/7a2c578192832bb2e9282ff4c79c8d0b0c51e4c2b90680e4752f738e6ae37926/detection # Reference: https://www.virustotal.com/gui/file/0e3cda3174da3842c349bfcaa42f79b634314859cd2dbb60fb254ba2ea265524/detection 194.29.101.219:81 216.250.97.121:81 42.106.199.93:81 medicalservices.publicvm.com # Reference: https://twitter.com/ScarletSharkSec/status/1476615969191731215 # Reference: https://app.any.run/tasks/0560b542-81d1-4214-9f3a-d89ca1cf3adf/ 144.126.136.214:3101 imghost.myftp.org uspsform.info # Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b # Reference: https://www.virustotal.com/gui/file/769c5c1d9681b468b84a14af0c33ec4ee786f8c7a0eecf7819bd9286cab2d474/detection 185.140.53.178:1515 # Reference: https://www.virustotal.com/gui/file/f2e9cc84d53231470b1fa5491464a00cb7562000a56e0ce8264a61783e44ed75/detection 185.244.30.58:62750 # Reference: https://www.virustotal.com/gui/file/0df8f6927d1c11bddd28ac7ce0699bb205c36c7d690c5ca9db3109bcc319904f/detection # Reference: https://www.virustotal.com/gui/file/9bd27defdb0f664430d2775c7cdfe585bd87052e856ff07f124a416eacc01b32/detection # Reference: https://www.virustotal.com/gui/file/262fe30f28e10a70ff92f0936f1934664e6c55d6a0b7e9541370d75bb62165bb/detection 2.97.222.100:4272 2.97.222.100:5000 2.97.222.100:5321 2.97.220.50:5321 3.141.142.211:16656 3.141.142.211:4444 3.141.142.211:5321 3.141.142.211:6942 # Reference: https://www.virustotal.com/gui/file/c0f7710298626ad629721a8683adbea6d73db902d3bcdc782c7fd1b524646392/detection 92.15.9.84:5000 # Reference: https://www.virustotal.com/gui/file/4094cb0eaf6d140e67eb7f3a09043ae48a1ff92ed749ba81ff471bc24f2e3747/detection kingg32.ddns.net # Reference: https://www.virustotal.com/gui/file/96bf189c954cf26d2aa54d3e9da9e06d2fbefe5922b48b12b5302fbe0b64e2cb/detection 105.112.70.6:6606 105.112.70.6:7707 105.112.70.6:8808 rainbowsmile.freeddns.org # Reference: https://www.virustotal.com/gui/file/9945c3e1fd6ceb2e42f17983cbc5e71e28220bb9b9785fc5c7747f299312b2e2/detection 45.142.212.31:6606 45.142.212.31:7707 45.142.212.31:8808 # Reference: https://www.virustotal.com/gui/file/62e268ffe865dbd7d75337c7e9a3c0607942e4c57e67ff2d68f00bc68a4ece5e/detection http://119.17.214.76 # Reference: https://www.virustotal.com/gui/file/577060714ee5177e501acbc7cbffdb5589dc21bab72307062aa7883ed14f4442/detection 109.228.37.222:20000 213.171.211.204:21000 dlldns.xyz # Reference: https://www.virustotal.com/gui/file/48d25c5b9b73012e8b2df3579c75ffdaa1f9d1686d6155bea7c1d5a5065f229f/detection 79.134.225.79:6606 79.134.225.79:7707 79.134.225.79:8808 planst09991.duckdns.org pureloader1.ddns.net # Reference: https://www.virustotal.com/gui/file/c144524875b9b3d451ed3d075e879677cd84fa50093063a395648551717e3fa3/detection 207.246.86.113:8888 207.246.86.113:9999 # Reference: https://www.virustotal.com/gui/file/765a57140b17fcf2388544f17837ef208ad578e92602bc972e42fab41ef33834/detection 207.246.86.113:1986 # Reference: https://www.virustotal.com/gui/file/10a87fd245cbee46c1565d369a0276d9e25a4540977af9f132dae6257040b155/detection 207.246.86.113:1988 # Reference: https://www.virustotal.com/gui/file/fa07402a7655d9e2fc0558ab22b75c004602e35ec5e3310b7e264e6ec2a79fb5/detection 149.28.35.14:8668 # Reference: https://www.virustotal.com/gui/file/45995c61073b4228eef6414c0ffd9357429c6945f731e4d8150f779994143425/detection 173.225.99.230:9966 # Reference: https://www.virustotal.com/gui/file/6f3b7811c3e549e0d8b77fa1bd511ebf55ebc8f276446ce77184c6df665f8a28/detection 185.144.28.238:8848 # Reference: https://www.virustotal.com/gui/file/98c1afc5a3d52830e518a8ba4fb2950aa28147efd5cc8bf08386cde9b579c142/detection 104.207.152.120:1868 # Reference: https://www.virustotal.com/gui/file/d887313a40393517370c184c6afa227305a91c05d96d8eda6bf74f133654e572/detection 194.33.45.165:6666 ahmed2611.linkpc.net # Reference: https://www.virustotal.com/gui/file/2079ee598c065e370547a1522995502ccdff9ca9878963b86b285489c165b176/detection 2.56.57.210:1444 2.56.57.210:89 # Reference: https://www.virustotal.com/gui/file/23bb1ec79732017c4f1ce1a41a07bf9df4c9dcdbb8c79ebfa1b3e83f4538c573/detection # Reference: https://www.virustotal.com/gui/file/6cec9b24677f0912fe91b0b40836752be09888e6c2b1783f51c9a7aa6827b864/detection 154.118.104.174:61857 154.118.104.174:61974 2.56.57.210:61857 2.56.57.210:61974 artedriendfrim.hopto.org famesurvelizerditis.sytes.net haldriendfrifaimano.ddns.net reoildriend.sytes.net riemaldriendfri.sytes.net tancesucesm.chickenkiller.com universalchampionis.zapto.org # Reference: https://www.virustotal.com/gui/file/63ef801de07c0cad9af70847fff881fc454ed5430f289b95581399b4aee809a0/detection 103.151.123.194:7829 103.151.123.194:7840 103.151.123.194:7841 103.151.123.194:7842 asyncmoney.duckdns.org asyncpcc.duckdns.org # Reference: https://www.virustotal.com/gui/file/47f83bc0ad5cec2e365409f45ba67220e8ecf9a7313a38caef08fd9559e8a2ba/detection # Reference: https://www.virustotal.com/gui/file/edf90d101a43361dc1245ebc74132e08f54db942af670377c431003e85534b22/detection 13.82.65.56:4021 64.188.16.134:4021 yuri101.duckdns.org # Reference: https://www.virustotal.com/gui/file/68106918876232b746129b1161c3ac81914672776522f722062945f55166ba68/detection 23.102.1.5:6230 23.102.1.5:6231 23.102.1.5:6232 dccrypa.duckdns.org # Reference: https://www.virustotal.com/gui/file/b7f3d1dd2aa804eb498480b7a3b03ea003efb665005e844e51be5b8ab9dc8e79/detection 23.102.1.5:6121 asyncspread.duckdns.org # Reference: https://www.virustotal.com/gui/file/456ae44a137a75594a129beed2a917afa00e94b79825fd9500c6b07da69310b9/detection 103.151.123.194:1990 meunknown.duckdns.org # Reference: https://www.virustotal.com/gui/file/a3013ca2f3bee249886bfa72085ae98f31ff49ab7b0e0bb4de883e94d88cd9ed/detection # Reference: https://www.virustotal.com/gui/file/597e67048274e435928e11acf5e712b932695b1eb343398559fa83993c91296c/detection 88.111.229.212:6606 88.111.229.212:7707 88.111.229.212:8808 88.111.229.212:20000 88.111.229.212:21000 # Reference: https://www.virustotal.com/gui/file/7bc5ed12f076a174ab2b7e39ace5f88cfe695c75f3bc67701f42736be6de04a7/detection 88.111.236.191:6606 88.111.236.191:7707 88.111.236.191:8808 88.111.236.191:20000 88.111.236.191:21000 # Reference: https://www.virustotal.com/gui/file/c743735f89a5586315aeba456f9f4167a3365ea070d9d631e35aeaad4772d09e/detection 92.3.192.170:6606 92.3.192.170:7707 92.3.192.170:8808 92.3.192.170:20000 92.3.192.170:21000 # Reference: https://www.virustotal.com/gui/file/4d13e663aebabe2376c4f231356688108b5a124e0aafbc1717efa9f82e23f2b2/detection # Reference: https://www.virustotal.com/gui/file/eb918b8f920a7f710cbd2460ba6132a177996912cc0ef6144ac824e3e37e4fdb/detection 104.21.13.168:5380 172.67.200.214:5380 37.238.146.36:5380 91.109.190.3:5380 fact.azad.live # Reference: https://www.virustotal.com/gui/file/a672aa201c4172fb50bbf332a57a25c399e1c0a881f09ace05dbcc77d859627e/detection 46.246.6.11:9000 david123456.duckdns.org # Reference: https://twitter.com/1ZRR4H/status/1485771167948546048 # Reference: https://tria.ge/220125-adlgqacfg6/behavioral1 104.249.62.71:4212 strekhost202201.duckdns.org strekhost2024.duckdns.org strekhost2025.duckdns.org strekhost2028.duckdns.org strekhost2029.duckdns.org strekhost2030.duckdns.org strekhost2034.duckdns.org strekhost2035.duckdns.org strekhost2036.duckdns.org strekhost2045.duckdns.org strekhost2054.duckdns.org strekhost2057.ddns.net strekhost2061.ddns.net strekhost2063.ddns.net strekhost2067.ddns.net strekhost2074.duckdns.org strekhost2076.duckdns.org strekhost2084.con-ip.com strekhost2087.con-ip.com strekhost2091.con-ip.com # Reference: https://www.virustotal.com/gui/file/fd607e03512a15e3bf9dd3c80dbca2b9235012004cb9b69fa05df2f5344037ef/detection # Reference: https://www.virustotal.com/gui/file/8b022a46d08a7cf80f1141e534f647d1113fe87426e01dc35465f62bfd5052da/detection 189.146.59.185:81 201.121.135.170:4449 3.14.182.203:26008 3.17.7.232:26008 3.22.30.40:26008 venom5002sitask.6te.net venomsi.mypsx.net /venom5002SiTask/ # Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign # Reference: https://otx.alienvault.com/pulse/61f2ace89496fafe74bbb9c7 11l19secondpop.ddns.net 2pop.ddns.net elliotgateway.ddns.net newopt.servehttp.com newsa.ddns.net nomako.ddns.net pop11.ddns.net python.myvnc.com wthcv.sytes.net # Reference: https://www.virustotal.com/gui/file/d775bef532e71e692eb0e66292da60db38864a4f3dba5d2382ace1992ddd55f3/detection 212.192.246.239:1001 # Reference: https://www.virustotal.com/gui/file/9d17ef60c2fe51c9ddd8c03a519059d3eddfd2ac8803ac5d7d91a71075810887/detection 212.192.246.239:228 212.192.246.239:901 # Reference: https://www.virustotal.com/gui/file/4743f18e28808ce90f8c9197c112fe5ceeb91c20f41b92a00034e2884cab1907/detection 212.192.246.239:8000 # Reference: https://www.virustotal.com/gui/file/d0b02f3290dc695e0d9e63060a3dcad7d351c7db7570d656da965ba95f1368b7/detection # Reference: https://www.virustotal.com/gui/file/ee64468498a36ca484a8ea1079b6e125590749dd2535c7cbfb0b24050b10dd3c/detection 209.127.27.27:6606 209.127.27.27:7707 209.127.27.27:8808 crypto-support.network myvps2022.ddns.net # Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign 178.238.8.233:6606 178.238.8.233:7707 178.238.8.233:8808 python.blogsyte.com # Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection 194.127.179.238:8855 # Reference: https://www.virustotal.com/gui/file/f95c8ace1331a172303a2f2cea8edc805203156e499012df465a158246495cce/detection 216.250.249.156:1148 216.250.249.156:1560 216.250.249.156:1985 23.95.115.74:1465 23.95.115.74:1560 # Reference: https://www.virustotal.com/gui/file/f6092f6961226ced6b4858af475736af69ac36f35dea6f539eb552dad3b00fbc/detection 104.37.174.26:1985 104.37.174.26:4040 104.37.174.26:5050 216.250.249.156:1985 216.250.249.156:4040 216.250.249.156:5050 # Reference: https://www.virustotal.com/gui/file/f54d3ce36fea6ef51b10501d96f8e82deab82440005200ef16f88e4154d923ba/detection 216.250.249.156:6606 216.250.249.156:7707 216.250.249.156:8808 # Reference: https://www.virustotal.com/gui/file/f25eb7952a3cea441effa29b4b95ac46269fb8ab56e39166a0e56ade8f7bdf5a/detection 216.250.249.156:1148 216.250.249.156:1414 216.250.249.156:1465 216.250.249.156:1759 5.230.72.3:1148 5.230.72.3:1414 5.230.72.3:1465 5.230.72.3:1560 5.230.72.3:1759 5.230.72.3:1985 # Reference: https://www.virustotal.com/gui/file/ca2f1fd98c74804cf417f07a86db13a71baed4647e919a110a82df0bfba02e85/detection http://5.230.68.154 # Reference: https://www.virustotal.com/gui/file/c507346693107714c35dae061f39b4af97f7ee55a12e7fbb689ca62405af7414/detection 51.210.48.148:6606 51.210.48.148:7707 51.210.48.148:8808 # Reference: https://www.virustotal.com/gui/file/ba1c40946756613c5321bea71118ec169096783344d0aca7e9ee5e0ac62b07ef/detection 216.250.249.156:1980 216.250.249.156:1981 216.250.249.156:1982 216.250.254.208:1465 216.250.254.208:1560 216.250.254.208:1980 216.250.254.208:1981 216.250.254.208:1982 216.250.254.208:1985 # Reference: https://www.virustotal.com/gui/file/b135b4f9bbc86735c19170c9728466e972f5985ccef6f44fc39b50e24987b0fb/detection 104.37.174.26:1759 5.230.84.50:1465 # Reference: https://www.virustotal.com/gui/file/a576dd4d6b216109bf7044bc90ebd70a2205bffb43272b28f8f112b480eecea5/detection 193.29.104.186:1465 193.29.104.186:1560 193.29.104.186:6606 193.29.104.186:7707 193.29.104.186:8808 216.250.254.208:1465 216.250.254.208:1560 216.250.254.208:6606 216.250.254.208:7707 216.250.254.208:8808 # Reference: https://www.virustotal.com/gui/file/832ed387078d95665e268d6fc1da6b62f9c785049c1a479bdb9eb45e8945eadf/detection 14.18.141.27:33355 # Reference: https://www.virustotal.com/gui/file/5c7887914b2ebb56fc762b555093719b30978e7d603ee1ba198f288090bec15b/detection 104.37.174.26:4848 216.250.249.156:4848 # Reference: https://www.virustotal.com/gui/file/19247536d1bb8035395a3a2bca3ecb17c36ddf48fee86a00d9d6e3e4bf622f35/detection 104.37.174.26:2018 216.250.249.156:2015 # Reference: https://www.virustotal.com/gui/file/ceaeb1dd68355d7a47455dffd00f3ab735e295c2aad6d7c0d754f371af3e0093/detection # Reference: https://www.virustotal.com/gui/file/c0d614d65f3710bac72f12f0dbd86b77971f64a7fd3dad978ccde2d0e4d7d39f/detection # Reference: https://www.virustotal.com/gui/file/6c2ee1611af326cf2c791ef63f6816ee8364fcccfc7a2facb5dbbb82bf310fe3/detection 185.110.106.210:1337 185.163.218.120:1337 81.94.199.203:1337 kho8arje.ddns.net # Reference: https://www.virustotal.com/gui/file/fd8419faf4dbccd31e6305cb19cb9043dacaea147b38d1c0e78105802a9d99df/detection 45.144.154.150:1095 45.144.154.150:1097 45.144.154.150:1098 45.144.154.150:1604 45.144.154.150:18 45.144.154.150:4782 45.144.154.150:4784 45.144.154.150:59 45.144.154.150:5900 45.144.154.150:9495 alemdar571.duckdns.org # Reference: https://www.virustotal.com/gui/file/ef3108a8fa42fa5ed82f82a3c9d7d9f5cd2b35dd653127585977578321ce21d0/detection 189.38.106.99:8080 # Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_03.02.2022.txt documents.pro.br # Reference: https://www.virustotal.com/gui/file/00ecb52e6754df0b9b25f896e8d923d6fc11c80fa333df430d1c3e3c94a7a404/detection 201.212.135.172:3042 # Reference: https://www.virustotal.com/gui/file/a829a8001f09c89ec992913ea3a6d2bde958779e8a7788d9d2a0e1e319e316bc/detection 173.44.55.179:13294 173.44.55.155:48241 kumar.airdns.org minchia.airdns.org # Reference: https://www.virustotal.com/gui/file/5511ab25c4f241c5683ad0b26452c2c474841dce3666010d723243f987b06872/detection 3.131.123.134:24138 zealous-fire-94898.pktriot.net # Reference: https://www.virustotal.com/gui/file/2b4fcba2cacdd48089b43c746a24cda262ee87db830bd9aaf9ee82f5cb900de5/detection 79.134.225.90:83 confucanism.hopto.org # Reference: https://www.virustotal.com/gui/file/443858dce1aeb48c098475dcf1f04c286a6d69593a41613436f05fd12fb35bc9/detection 51.89.253.23:6606 51.89.253.23:7707 51.89.253.23:8808 3laallah.myvnc.com # Reference: https://twitter.com/peterkruse/status/1492796546525638656 # Reference: https://www.virustotal.com/gui/file/76854bcfb1fe0e8baf04c994cf4db49f5445e77201535ca49616a23c0ca69004/detection # Reference: https://www.virustotal.com/gui/file/4a7484b8027c04f1b339c56ab4bc40ba6b8bb876507d421a59807684aab1e83c/detection 159.65.243.143:8080 20.113.159.145:3162 # Reference: https://www.virustotal.com/gui/file/9cd3f611b2d854917d5d0229d7440b30f2610984d51a5cf591591fd156558973/detection # Reference: https://www.virustotal.com/gui/file/3cf3c75627a9a6813f7d5f708c88d2d41c6d18e92fe9dea86bb370c6b816bf40/detection 199.195.253.181:6606 199.195.253.181:7707 199.195.253.181:8089 199.195.253.181:8808 prhostings.duckdns.org # Reference: https://www.virustotal.com/gui/file/d9f2bab44100729ed79b2acaf2b8f1cf3b665d55988847e06b19ec0625f25fed/detection 37.221.122.76:6606 37.221.122.76:7707 37.221.122.76:8808 jeazerlog.duckdns.org # Reference: https://www.virustotal.com/gui/file/d8a413d1ff3f0d7cc9e07393e720b54403c0d180157065b7d0c81c090124a73c/detection 179.13.2.243:4204 strekhost2031.duckdns.org # Reference: https://www.virustotal.com/gui/file/bee9c217ba2e0a439775033e5abba4a999bebe29474dda7011d67e77173598aa/detection 107.128.170.0:1604 monkeygame.duckdns.org # Reference: https://www.virustotal.com/gui/file/b74da435a84b6a240fdefcb357abb948e5451fa11dd48e4381b9897abf1cd267/detection 46.183.220.49:46422 46.183.220.49:6578 chonglee575.duckdns.org # Reference: https://www.virustotal.com/gui/file/10037dcdfbe006f14125b3b5fec8ab336ce996c1fe8af03114597b51d446b843/detection 141.255.144.69:6665 141.255.156.217:2020 141.255.156.217:6663 45.164.102.81:2019 45.164.102.81:2020 45.164.102.81:5000 45.164.102.81:6662 45.164.102.81:6665 hotelposeidonia.ddns.net putha.duckdns.org # Reference: https://www.virustotal.com/gui/file/9917e1b3643ebd9b87d96eaa225e293b4ab0a92f78f0df1f99efd85cf220f469/detection 86.156.139.211:32244 86.156.139.211:6606 86.156.139.211:7707 86.156.139.211:8808 venos1245.ddns.net venos12678.ddns.net # Reference: https://www.virustotal.com/gui/file/61309fd4c88c63e431b06b603aa83b1e3b1326ade092502675597b1469150e39/detection 191.248.178.226:7777 kklele.ddns.net # Reference: https://www.virustotal.com/gui/file/f561b5e40ebff43e78dd61cb03ac5300aa6dce51cfe67bb288d3bec154effd69/detection 102.186.16.48:5556 asg1.ddns.net # Reference: https://www.virustotal.com/gui/file/d4d90420777353fb8faece913558695e0ffd478cc0fccdd6ef316ce68b118a83/detection 163.123.142.141:6606 163.123.142.141:7707 163.123.142.141:8808 163.123.142.251:6606 163.123.142.251:7707 163.123.142.251:8808 mywatermoney.ddns.net # Reference: https://www.virustotal.com/gui/file/c3d26b6aed4ef3cf1d0cf3d53e5280a11367cb792db7b13c50ffc695d77d0e80/detection 136.243.111.71:6606 136.243.111.71:7707 136.243.111.71:8808 # Reference: https://www.virustotal.com/gui/file/5bc250fe115f0af94d9d57840c5aa4ddc91b5c3f4100edba4e154cd438e8d682/detection 20.123.180.103:1337 20.123.180.103:6606 20.123.180.103:7707 20.123.180.103:8808 # Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_28.02.2022.txt 52.15.81.204:6606 52.15.81.204:7707 52.15.81.204:8808 nsysc.duckdns.org # Reference: https://www.virustotal.com/gui/file/3a2bcee2582e82d8caf5a85d4b3a8b5d779313aead59394e43cb0577e2ac5caa/detection 91.193.75.222:1337 # Reference: https://www.virustotal.com/gui/file/23d9cd92f8a143d8c11189ea65e238954e8dac8da8a8867cf243eb199af2a45f/behavior/Zenbox 216.250.97.121:4242 darkflood.ru # Reference: https://www.virustotal.com/gui/file/02c4db3938f02e93ac275981ac2121254191a76732235e574d20f70f89a415d0/behavior/Microsoft%20Sysinternals 20.113.168.5:5552 # Reference: https://www.virustotal.com/gui/file/a03a750c266a3440bad4bdbf1a6539a5f3108d4b1701049167dce3c21b8892c9/behavior/Zenbox 144.126.209.63:7707 144.126.209.63:1443 144.126.209.63:8808 # Reference: https://www.virustotal.com/gui/file/a42aaf89dfaf1dc938def40171798b2a5e641da48851a30cc83e46243d677341/behavior/VMRay 181.141.6.14:1543 async19.duckdns.org # Reference: https://www.virustotal.com/gui/file/b75253da4ffdfd8ffb110066ed246127053b71f331210dcab40581fe9529dd1b/behavior/Microsoft%20Sysinternals 105.155.171.124:1177 virustheonluone.ddns.net # Reference: https://www.virustotal.com/gui/file/f1d52de14a1e669c219644cb3cbd8f5e7155799334b9f43576cdaaf985feab29/behavior/Microsoft%20Sysinternals 156.204.146.6:1177 mokea.ddns.net # Reference: https://www.virustotal.com/gui/file/356d357fd1d8ebbce5b44f0e2fc758f08b0ddd8fbba0e5d705c7f3b823c61194/detection 41.140.166.138:8080 amineaskary234.ddns.net # Reference: https://www.virustotal.com/gui/file/c87370e8e2e08a93f6becca89df295a17a6c8136edadec5522360cee30b6a2d4/detection 2.89.88.55:8620 nydarcl0b.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1501663331458818057 # Reference: https://app.any.run/tasks/8cc8d2fc-f24a-42ea-9db8-ca2bceb791e6/ 217.64.31.3:6606 217.64.31.3:7707 217.64.31.3:8808 217.64.31.3:8437 # Reference: https://www.virustotal.com/gui/file/14217d54e50cb1750df957ee13ceddfb0775e9df7b286dbbe8bccfde89e8462c/detection 123.27.146.13:6606 123.27.146.13:7707 123.27.146.13:8808 spikevntm1.ddns.net # Reference: https://www.virustotal.com/gui/file/2d2351681ab5a3fc5d448474986d26cfe06fe6f889435523fd2a1f1c9e7b684c/detection 41.238.79.40:1177 41.238.79.40:4444 eeent2am1.ddns.net ennt2am11.ddns.net matrixhack9.ddns.net # Reference: https://www.virustotal.com/gui/file/fcd5fc495b4f81bf91491b52e1759cf93794bf135fed6469a5d1e0663dfb6c3e/detection 94.204.143.223:6606 94.204.143.223:7707 94.204.143.223:8808 exelelo.zapto.org # Reference: https://www.virustotal.com/gui/file/a9e0e20979d2a5ee73322a2dd94bed304e2586d91d01808130ffe1ae6c043a69/detection 142.114.120.140:8080 rezan.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1508822431422582785 # Reference: https://app.any.run/tasks/bbe72cb9-d347-4b41-8517-99be1dac9a07/ 79.134.225.89:5900 crazydns.linkpc.net # Reference: https://otx.alienvault.com/pulse/6244476ff6012996f9a9cba1 hahakek.ddns.net # Reference: https://www.virustotal.com/gui/file/abfbde0fea7eba7c409710cafb5a7fe2b2315b4a95898420117ad5088ad4c6b3/detection # Reference: https://www.virustotal.com/gui/file/a81a4b5eaea54fad12b6fc2e4b1eae62f30a2a9ba1d1abb94ca85e58dbfa8623/detection # Reference: https://www.virustotal.com/gui/file/a81a4b5eaea54fad12b6fc2e4b1eae62f30a2a9ba1d1abb94ca85e58dbfa8623/detection # Reference: https://www.virustotal.com/gui/file/a5488fe77d6f68e3512c20b5ffd2105265ae55f50f872fe9b3429b39ed16b7de/detection 43.133.1.136:48214 45.133.1.136:5579 sivnquldmiqa.ratkings.net # Reference: https://www.virustotal.com/gui/file/fa0a7de603a1fa1dc694862999423e093b8f5285498607d27c1a6074a00455f5/detection # Reference: https://www.virustotal.com/gui/file/9dee44e6c8075f0f369cde080e56edca0e2fb93b59520dd99a2884ea7b55c7f9/detection # Reference: https://www.virustotal.com/gui/file/75a1202f0bc5aafe9d205c52416c1bc5b1f2976edb490dffc812f4197bb02277/detection # Reference: https://www.virustotal.com/gui/file/4f1dcb5778a57d02f7cb485e2d76234ce1913bcc872535221966d596c78056d0/detection 2.56.59.227:4455 212.192.241.41:4455 pnake.000webhostapp.com vuqozgiamcvoe.ratkings.net # Reference: https://www.virustotal.com/gui/file/98e74bdca833fffdeadd8aaa3887c60eda29d658e35c7e02a6e364c6a0566039/detection 178.238.8.233:6606 178.238.8.233:7707 178.238.8.233:8808 pythonn.linkpc.net # Reference: https://www.virustotal.com/gui/file/00abaec0096cdb5a62684479e06fae3c39632e15adb436d2e7e975e9f2cf8c96/detection 89.134.228.127:45000 empirehosting.ddns.net # Reference: https://www.virustotal.com/gui/file/bd2260b469f9c0504fa2156fe99ce3eb54a093a185c09cb5e0729114ff13a100/detection 194.85.248.87:6606 194.85.248.87:7707 194.85.248.87:8808 194.85.248.87:9807 asylimited.duckdns.org # Reference: https://www.virustotal.com/gui/file/6e5bc57767ea314f50262e10884e592ac5e833165d85db41e2033baaa7c5682d/detection 185.19.85.133:6606 185.19.85.133:7707 185.19.85.133:8808 185.19.85.133:9807 # Reference: https://www.virustotal.com/gui/file/2a0eb4a2eace0686d5ef6c83dfbd9065f46055b8446e1bb67dc58df5be480d43/detection 91.193.75.132:6606 91.193.75.132:7707 91.193.75.132:8808 91.193.75.132:9807 # Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_05.04.2022.txt 195.62.47.132:5311 37.120.141.190:5311 hrjekd.duckdns.org mcgarryrob9.duckdns.org msmonday21.duckdns.org vernomqmonday.duckdns.org wsfgv.duckdns.org # Reference: https://www.virustotal.com/gui/file/642af4b4d12bb24a30e617317bc1785aafc4176e8c3ca8abadff04bd61368d18/detection 178.238.8.201:6666 helpher.linkpc.net # Reference: https://www.virustotal.com/gui/file/5383c008207a242411c692a017d677e0a7f4b790b2962ded2fe3f2b1a9e0accc/detection 208.51.61.44:128 help-microsoft.dnslive.net # Reference: https://www.virustotal.com/gui/file/d3502dc6519cc2395fd39b603c925d7ff61fef6d78cb89a23254905b9eeaff97/detection update.myiphost.com # Reference: http://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html anderione.com mekhocairos.linkpc.net n.myvnc.com # Reference: https://www.virustotal.com/gui/file/1ff86b4d3d1a04b48064bc64940010c469a106db236e261ac106053411641b7d/detection 136.243.111.71:1166 # Reference: https://tria.ge/220404-dwb8jshec2 212.193.30.54:9524 # Reference: https://tria.ge/220327-27nygsadap 71.81.138.151:6606 71.81.138.151:7707 71.81.138.151:8808 uhhfuckmedaddy.hopto.org # Reference: https://tria.ge/220330-ckkvwaeed9 118.184.78.78:6606 118.184.78.78:7707 118.184.78.78:8808 mytestserver.myftp.org # Reference: https://www.virustotal.com/gui/file/29ece6628445e46733703f70aa521fc207b5475fb1e620a97c2e8fe55f547fab/detection http://78.46.133.215 78.46.133.215:6606 78.46.133.215:7707 78.46.133.215:8808 # Reference: https://www.virustotal.com/gui/file/d45978f809cb4ce3ad9ef5ba7719b137b9d0ef02315d77f6fb30e10aa1c465f3/detection 177.36.170.206:6606 177.36.170.206:7707 177.36.170.206:8808 myhost47.accesscam.org # Reference: https://www.virustotal.com/gui/file/04adf54cb3faa4aa1fc78aa4a567a69e9e4b4d48661b2619c3d82dc9569f538c/detection 188.82.222.181:6622 davidgayne.ddns.net # Reference: https://www.virustotal.com/gui/file/a89725461034445d1b80d5fc5207595d1842cfcf1dc13d6dbb853617c0bdefa9/detection 64.188.13.46:8080 64.188.13.46:9788 # Reference: https://www.virustotal.com/gui/file/a157e62c8fcf8c20202cb64d6b295379fba158677d9776c6001db1352b4d9feb/detection 64.188.13.46:1786 # Reference: https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader # Reference: https://otx.alienvault.com/pulse/6144852424a73a80ade66aa3 # Reference: https://www.virustotal.com/gui/file/4591eda045e3587a714bb11062eb258f82ee6f0637e6aa4d90f2d0b447a48ef7/detection # Reference: https://www.virustotal.com/gui/file/cf09a3807622d7c2e0c9422bcee04ed53a08a230204de7f5818405e7f8dca16d/detection 185.163.45.104:456 gjghvga7ffgb.xyz huugbbvuay4.cn windowsupdatecdn.cn # Reference: https://www.virustotal.com/gui/file/794929f8ae932ae3bfd16c3f013b7b32a025a07a0583f2d9b2d272b736284ef0/detection 45.242.44.194:2323 updatefacebook.duckdns.org # Reference: https://www.virustotal.com/gui/file/b9eba1c7c318b24ba7a01b71e004b6e8b17d91d3e28721977e974696d8e88be6/detection 23.105.131.166:6606 23.105.131.166:7707 23.105.131.166:8808 # Reference: https://www.virustotal.com/gui/file/abe5225238fb82b6ad7d2942d931bb109538395e734d296bc9ac55ae1d6ddf71/detection 2.56.57.222:6606 2.56.57.222:7707 2.56.57.222:8808 # Reference: https://twitter.com/phage_nz/status/1516977615378079745 # Reference: https://tria.ge/220421-dfad1shgep 91.193.75.203:9217 sky01.publicvm.com # Reference: https://twitter.com/James_inthe_box/status/1517192899682701312 # Reference: https://app.any.run/tasks/1395aadc-27f1-415d-a1f8-6247c4a0aa8e/ 91.193.75.194:5900 # Reference: https://twitter.com/pmelson/status/1518724244103995392 # Reference: https://twitter.com/pmelson/status/1521221361829617666 # Reference: https://www.virustotal.com/gui/file/47598ae5503ecc9b4acfc063deb3cf77998ff762104e484a288eede075f0f7d5/detection 194.5.98.35:21000 dlldns.co.uk dlldns.xyz dlldns.duckdns.org # Reference: https://www.virustotal.com/gui/file/1c6ec68a3017dd39da5043ff4cecd25ae5dadcc4f2577ba7103c84547c228882/detection 128.90.115.36:3468 # Reference: https://www.virustotal.com/gui/file/6fa04b5325e52bb0db3b3b307d5e6e802bc468da09fb062f78f978c4efbadd82/detection # Reference: https://www.virustotal.com/gui/file/5b42476fbd6d402e3a77156da5b563e4450f0e142223f707157b223fce237f8b/detection # Reference: https://www.virustotal.com/gui/file/27712ba8e0925e351934d3ae04f5ee648a7ec733c2d4be2a3dd54712548d30b7/detection 77.78.103.129:2022 77.78.103.129:5000 salma6.ddns.net # Reference: https://www.virustotal.com/gui/file/72a638827d037d077f1f1672f2d280f657496fab48b8e79d99742b48bf8f39ee/detection 83.180.241.5:5000 333kuk333.ddns.net # Reference: https://www.virustotal.com/gui/file/b374241715d190e7731b63e2f4cee1038e3307d52836969fab3854a2090d0b89/detection 198.54.128.70:56781 slav934.ddns.net # Reference: https://www.virustotal.com/gui/file/9d72cb7c95bcec88f7bf4bfffdb2b0ebe5902f3da943d03794e8a6f586f0c1a3/detection # Reference: https://www.virustotal.com/gui/file/89fb709ed5ac5cc3342b9894af039dcbb1988848c87063ba15b4ab69399ae77d/detection # Reference: https://www.virustotal.com/gui/file/b0d62e927975627c720fcf734ea7bb49ebe0790defa6d1085ff93e4b39c74f57/detection # Reference: https://www.virustotal.com/gui/file/f8720cc2747a3518d13193a2fe9cb791be7e37396fbc448f63a8227d5f552e52/detection 149.28.31.166:29527 149.28.31.166:443 160.108.30.0:29527 168.108.118.0:29527 168.108.122.0:29527 168.108.24.0:29527 168.108.25.0:29527 168.108.32.0:29527 168.108.35.0:29527 168.108.37.0:29527 168.108.42.0:29527 168.108.43.0:29527 168.108.44.0:29527 168.108.45.0:29527 168.108.47.0:29527 34.150.70.89:29527 40.108.48.0:29527 80.176.90.0:29527 # Reference: https://www.virustotal.com/gui/file/ae1df83bad300c4f1cbe9f899c9f394e9b2a2c9bc69a55137bb07adefaed27f0/detection invison.xyz # Reference: https://www.virustotal.com/gui/file/0a33db379fb16265aa27569abcaafade7ba257d7adf518eee804b1e5c9514d24/detection 105.106.74.27:6606 105.106.74.27:7707 105.106.74.27:8808 doda.ddns.net # Reference: https://www.virustotal.com/gui/file/b1daa3bc8bae29f14939e7beea3593ced703a3b159f3fabaa3679df8186e2546/detection # Reference: https://www.virustotal.com/gui/file/67825f8d43671a1b2a021f371183007baa0dd8034daea8ae0f3c02dd5645e787/detection 77.250.44.30:4444 mariush91.ddns.net # Reference: https://www.virustotal.com/gui/file/68811404cce73244b2326ca2397d7e95b103a86f5f1dc0220096206438dd3b76/behavior/Zenbox dominostark2028.duckdns.org # Reference: https://www.virustotal.com/gui/file/79b8d9f481f0b24b5cb7115a90fbb74c9b6e0448ec908761824e22fa36f255f0/behavior/Microsoft%20Sysinternals 51.116.130.83:4496 # Reference: https://www.virustotal.com/gui/file/fccc5b2fe1d1b1c730e2854e5d68219fe84e0d9277049f69712a28fb6b0e700a/behavior/Zenbox 91.93.162.73:6666 167.71.56.116:6666 awesome-dew-72404.pktriot.net eu-central-7075.packetriot.net # Reference: https://www.virustotal.com/gui/file/bc51107a5224a0935006255b4121048f5184619f88020946f3c590f5a09361b3/behavior/Zenbox 177.255.88.25:5001 strekhost2037.duckdns.org # Reference: https://www.virustotal.com/gui/file/ccd98e1fd5051669cde7d0aa853f103d62407f044dbbce89226fadeef766981a/behavior/VirusTotal%20Jujubox 193.161.193.99:39592 trabajopanel1-39592.portmap.io # Reference: https://www.virustotal.com/gui/file/cce1f99874e7a0436fc4930a9c63e030064d42b39fc8012d76e0433f146838b8/behavior/Zenbox 31.142.90.220:22 wayto.duckdns.org # Reference: https://www.virustotal.com/gui/file/d720f60685f9f08d3ca9f47376c66b28ff8fdd4cab4a2ed88ca33c294d2bc16b/behavior/C2AE 132.232.169.101:6656 # Reference: https://www.virustotal.com/gui/file/f18391acc8f08909407a1319569d2f01b55ee51b9e317228abdff5aebe87968f/detection 173.225.115.253:8848 194.31.98.113:6606 194.31.98.113:7707 194.31.98.113:8808 194.31.98.113:9909 172.83.152.87:8848 172.83.152.65:8848 2.58.149.126:6606 2.58.149.126:7707 2.58.149.126:8808 2.58.149.126:9909 polarjwns.xyz # Reference: https://www.virustotal.com/gui/file/d14d9a7e754c71b0b15e03dce5dc0d8a58cc7be737c2e350bbb4fc99c5d64366/detection 23.105.131.227:4404 # Reference: https://www.virustotal.com/gui/file/3189f5b4f50c04b25cea385aee92275fd3007f9332c329d9975c0b1270c6d26b/detection 31.210.20.172:6606 31.210.20.172:7707 31.210.20.172:8808 # Reference: https://www.virustotal.com/gui/file/99fe56a2f1d965843780325665c2ac286cc9bc52f80509e606028bc063c49210/detection 85.215.229.157:6227 6227hallo6227.ddns.net # Reference: https://www.virustotal.com/gui/file/13d27cdf24f15d418b2197f6d017725bbd26ea1b8db7a61bdd648e90f1d269c5/detection 46.246.6.16:7090 46.246.80.3:7090 bendito2714.duckdns.org # Reference: https://www.virustotal.com/gui/file/43427de4b45f2aa2e6289d1a6d5e6859f4184e5cf638a4b6c185fafca6a85838/detection 185.140.53.150:1515 glengaidos2881.ddns.net # Reference: https://www.virustotal.com/gui/file/2f0dfcbd68df9ed438855a7b65bb08931df67234e6c55f78b6a16f2368f4d44e/detection 92.42.46.216:1996 xhoys.linkpc.net # Reference: https://www.virustotal.com/gui/file/fb67354e820721b6eb4684b167c1eb382936635843983ec24d06a72fdec8ad32/detection 24.15.119.31:1604 korruptinq.duckdns.org lulzsec.zapto.org # Reference: https://www.virustotal.com/gui/file/e91c4edb7c7cc1517cb8827127699e2e360596d240176f91e14556ac7ded8283/detection slicer.ddns.net # Reference: https://twitter.com/phage_nz/status/1529614527486013440 # Reference: https://tria.ge/220525-3tjmaaehd7 # Reference: https://tria.ge/220525-3v5wxaagfn 91.193.75.139:1345 91.193.75.165:3851 1biggie.publicvm.com ecx1hang.publicvm.com # Reference: https://www.virustotal.com/gui/file/56645ddbb6d65ff46e2db21ff0cd583d4b0ad988b6b6bcd140626a8b5eb81fa6/detection 188.232.176.99:7771 # Reference: https://twitter.com/Joseliyo_Jstnk/status/1531970265059573766 # Reference: https://www.virustotal.com/gui/file/fe8970a7f08ca9e71f485ba987cb78d1bb82d8973251962210e3fced77c15f99/detection # Reference: https://www.virustotal.com/gui/file/79068b82bcf0786b6af1b7cc96de1bf4e1a66b0d95e7e72ed1b1054443f6c5e3/detection 217.195.197.70:6606 217.195.197.70:7707 217.195.197.70:8808 # Reference: https://www.virustotal.com/gui/file/92a3c41d78e3fdb64c6313818bdba8d6c1652e507ee7ea08c4dd28cd8076e56e/detection 91.240.118.79:2727 91.240.118.79:2780 92.255.85.40:2707 92.255.85.40:2780 # Reference: https://www.fortinet.com/blog/threat-research/threat-actors-prey-on-eager-travelers 33b4-163-123-142-137.ngrok.io dc5b-163-123-142-137.ngrok.io dnets.ddns.net znets.ddns.net # Reference: https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/ # Reference: https://otx.alienvault.com/pulse/629dc0568c4a8863c10e59be palau.voipstelecom.com.au # Reference: https://twitter.com/James_inthe_box/status/1536418013691277312 # Reference: https://app.any.run/tasks/2d79a22c-84e3-4609-9436-3ceed9e36f36/ 185.70.104.87:3851 # Reference: https://tria.ge/220613-2s2wssfdf4/behavioral1 91.193.75.200:9217 # Reference: https://www.virustotal.com/gui/file/e2548ff0d1c69d0cad6504335aa2ef3fa21eaa9a429ead3acbddd9326129d819/detection 203.78.129.202:6666 # Reference: https://twitter.com/abuse_ch/status/1540590647022915584 74.201.28.166:6606 74.201.28.166:7707 74.201.28.166:8808 # Reference: https://twitter.com/c_APT_ure/status/1540053981648588804 193.233.185.132:6606 193.233.185.132:7707 193.233.185.132:8808 biz808080.duckdns.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2028062022 # Reference: https://tria.ge/220629-em9ccsgce5/behavioral2 103.156.90.165:4055 serviceserver.site venohvn.duckdns.org # Reference: https://www.virustotal.com/gui/file/676c79531be211041712ad8f9cf037a8cb4ed8c5362caf6cedde66d521314310/detection # Reference: https://www.virustotal.com/gui/file/a6f9557ec4704f2d7f00491e9dad466ca8483f61300f87708a93bf951138a4d6/detection 103.156.90.165:5050 venomcra25.duckdns.org venomcra3.duckdns.org # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-28%20AsyncRAT%20IOCs 147.189.168.74:6666 2dod.ddns.net rowadtqnee.online # Reference: https://asec.ahnlab.com/en/36315/ # Reference: https://otx.alienvault.com/pulse/62c69b05fe6a61daffeb9593 # Reference: https://www.virustotal.com/gui/file/0b357167f1d1e759b1b54d75bdb102da84578ecb5cb1a1d71733402deec91a83/detection http://154.19.203.208 154.19.203.208:6606 154.19.203.208:7707 154.19.203.208:8808 # Reference: https://tria.ge/220713-nxaffsggd9/behavioral1 185.200.116.219:9016 chinaco3.airdns.org # Reference: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/targeted-attack-on-government-agencies.html 107.173.143.111:6606 107.173.143.111:7707 107.173.143.111:8808 107.173.143.111:8989 # Reference: https://www.virustotal.com/gui/file/6659c7a1e89ce896ac616abf1cf6068381954c8c35b18a9d1fd24690ca9c4d3c/detection 198.23.212.148:6606 198.23.212.148:7707 198.23.212.148:8808 4Mekey.myftp.biz # Reference: https://www.virustotal.com/gui/file/10037dcdfbe006f14125b3b5fec8ab336ce996c1fe8af03114597b51d446b843/detection 141.255.144.69:8848 45.164.102.81:6663 93.46.8.90:6664 # Reference: https://www.virustotal.com/gui/file/c63dd27a4c9a42fd4c68bda6d2628e6791dae0ed3036b69f0b1e6433b5d7c473/detection 67.205.142.16:6606 67.205.142.16:7707 67.205.142.16:8808 # Reference: https://twitter.com/malwrhunterteam/status/1547857576359997440 # Reference: https://twitter.com/Iamdeadlyz/status/1547902451147108352 plutoniumwallet.ml /FaggotNiggerKysHaveFunTrying/ # Reference: https://www.virustotal.com/gui/file/40b6c05272cb9e3f7431f8afc74cef3ffbb21c86c3b57f94d9ac685b009c9ede/detection cdnofficecloud.com # Reference: https://www.virustotal.com/gui/file/02675ed3f879a7fbefabfcfa064bb53a2b925fb6751b7925d5dd2b25a51f4150/detection 194.187.251.115:8973 storage.nsupdate.info # Reference: https://www.joesandbox.com/analysis/596663/0/executive 141.255.146.167:2019 # Reference: https://www.virustotal.com/gui/file/2a9edc18b10a532f7632d6b44f2610ca3a823c2b2be7a3fd3126b55af2c68ede/detection 172.245.210.138:6606 172.245.210.138:7707 172.245.210.138:8808 189.201.235.59:6606 189.201.235.59:7707 189.201.235.59:8808 111234.ddns.net cdt2021.hopto.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2025072022 # Reference: https://tria.ge/220725-r8z22abab3 194.5.97.97:5069 194.5.97.97:6638 polimaplasko.duckdns.org # Reference: https://gist.github.com/stoerchl/ae32c9ec9d7003c608bb4c19e9fe7bd7 # Reference: https://twitter.com/James_inthe_box/status/1567597599984852992 # Reference: https://www.virustotal.com/gui/file/6f105d359fe32edd24c3e5a441f3f8d3f4be7fad856ce7b0e606e9e18b742024/detection # Reference: https://www.virustotal.com/gui/file/0671d1cf46c957d8ca3084d500f4ccb2e71f5f687868cb5f113127e560422e76/detection 45.14.224.94:444 51.81.105.238:1981 51.81.94.115:888 superfaster1.is-found.org superfaster22.selfip.info superha3y.is-a-geek.com superhay.is-a-geek.com superslo4w.is-a-nascarfan.com superslow.is-a-nascarfan.com superziad.is-a-liberal.com # Reference: https://twitter.com/1ZRR4H/status/1551713964660326402 # Reference: https://www.virustotal.com/gui/file/00bcbf44a3a8dfdd43324ad3dc7a868049bc1856237d97307cc1bbec2ce68ffe/detection # Reference: https://www.virustotal.com/gui/file/92c085aab941207d5aba2eb3b7c1f6542c075698310b213ba17aff352fee7810/detection # Reference: https://www.virustotal.com/gui/file/dd0528c7214c1ff510d922eff856d56d616341f689edfa40f4b2bbbca82b8aa8/detection 191.88.251.106:1990 albertogiraldolora09.duckdns.org freddysolanolora09.duckdns.org jhonatanmartinezmartinez09.duckdns.org julianmaldonalora09.duckdns.org luispereiralora09.con-ip.com mauroplatalora09.duckdns.org # Reference: https://www.virustotal.com/gui/file/8638697480078473d60b20cbeb522b7745dde8ae749159064356b0a31a825e88/detection 185.140.53.76:7738 # Reference: https://www.joesandbox.com/analysis/677285/0/html 194.213.3.182:6606 194.213.3.182:7707 194.213.3.182:8808 vvat22.con-ip.com # Reference: https://www.virustotal.com/gui/file/d2d84301495b692c57680cd232d752253011aeeea1cfe3de144c42c5189b8168/detection 37.0.14.198:6161 # Reference: https://tria.ge/220805-n2cflsaafj 185.225.73.221:5493 # Reference: https://www.virustotal.com/gui/file/00cb0795efc4104c5f4f121172a9728af0d5387cee5d8c7abf8e416f443acc05/detection 23.133.216.180:7582 did-diff.at.playit.gg # Reference: https://twitter.com/pmelson/status/1556425256046411776 # Reference: https://twitter.com/pmelson/status/1556425274853564416 # Reference: https://www.virustotal.com/gui/file/5d3fc59a805561bfbb27bd0d845c303d4523eefb796c5b815a22bec8973ec331/detection 134.35.6.44:6606 134.35.6.44:7707 134.35.6.44:8808 sabaye-d.space sabanjm2.ddns.net # Reference: https://www.virustotal.com/gui/file/d5a2e7315be0afecb9d4a0a5d4b8ee40552675c22405fe17f839023b74a232ad/detection 20.90.119.110:6606 20.90.119.110:7707 20.90.119.110:8808 # Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection # Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/ 147.185.221.180:14456 3.125.102.39:13643 3.126.224.214:11664 believe-stars.at.playit.gg positive-be.at.playit.gg # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2010082022 # Reference: https://tria.ge/220810-yl2exaecen/behavioral1 # Reference: https://tria.ge/220810-yqa4hsgdb9/behavioral2 2.58.56.32:6666 modymos.linkpc.net mosacor.co.za # Reference: https://www.virustotal.com/gui/file/8bc112ddd27f0fc2fdc5f50901f8bd15a999042383cc7fe93d3f2b2d8dd085ac/detection technologie.duckdns.org # Reference: https://www.virustotal.com/gui/file/40da5be82081d0f0a205474abc614379ce4a655ae84c048353a53b49780fa39f/detection blazevault.ddns.net # Reference: https://www.virustotal.com/gui/file/dc645f9fb41904317cc725625eb703c260b4bfea01abe8e31988a83c06930226/detection negritos.site # Reference: https://www.virustotal.com/gui/file/39fe79e59e8fc4e86513ec09959c895e5667a39e9d32bb90d8cf29ac892496d0/detection 107.173.255.227:2000 107.173.255.227:3000 107.173.255.227:4000 cdt2021.zapto.org # Reference: https://twitter.com/embee_research/status/1563149262707257344 173.209.51.37:5137 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2026082022 # Reference: https://tria.ge/220826-pb2s9adcd2/ 91.192.100.9:8976 # Reference: https://twitter.com/Iamdeadlyz/status/1562823487932100608 193.124.22.17:4449 # Reference: https://twitter.com/r3dbU7z/status/1564893492924538880 # Reference: https://twitter.com/r3dbU7z/status/1564940756950843392 # Reference: https://www.virustotal.com/gui/ip-address/54.236.21.218/relations # Reference: https://www.joesandbox.com/analysis/693848/0/html 54.236.21.218:6606 54.236.21.218:7707 54.236.21.218:8808 myacesverif.duckdns.org myverifyaccess.my03.com # Reference: https://twitter.com/0xToxin/status/1565599718000009216 # Reference: https://tria.ge/220902-f7pn5aghbj/behavioral1 139.28.219.37:2000 172.94.80.37:2000 dangerous1.ddns.net donzola.duckdns.org # Reference: https://ti-research-io.github.io/ti/ioc_extender/?name=TF_AsyncRAT ahmedhasan-43601.portmap.host darkvader94-36189.portmap.host dasdad2-27665.portmap.host freeedp.duckdns.org fresh02.ddns.net gaminghost873737-38124.portmap.io java.servebeer.com jul-perl.myvnc.com lordfish12312-53903.portmap.host minecrafthosting6969-35389.portmap.io realfive5-49318.portmap.host zeldorispiety-50433.portmap.host # Reference: https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/ # Reference: https://www.virustotal.com/gui/ip-address/20.78.19.235/relations # Reference: https://www.virustotal.com/gui/file/818d184a57f7cce89dda848cb17a503e0c5957803eb8d088491f809ad750cc21/detection # Reference: https://www.virustotal.com/gui/file/75ae08629e69a57887d2c8e6ba798e16ff9bd8e7af85a1ea029c0594c076ef59/detection # Reference: https://www.virustotal.com/gui/file/be88db263dee3dcd1a9a236c7dd4b7885ea664e6df404f910a5e0173d1be19c4/detection aeternam.me graviom.fr tf-bank.com nedbankplc.4nmn.com press.giize.com secure.graviom.fr # Reference: https://tria.ge/220907-s2q18acdf7/behavioral2 45.14.224.94:2001 45.14.224.94:444 # Reference: https://twitter.com/malwrhunterteam/status/1568182218127712256 # Reference: https://www.virustotal.com/gui/file/e5a27354665310d4b974f19bb79a01dd8eeb21dabde06eb6941c8d27b57bc689/detection 172.94.11.178:7878 g8787.ddns.net # Reference: https://www.virustotal.com/gui/file/85a13e4751a7a3dbccd46a23a441ec7838f5df8ce13f6a76e0347838200e47b9/detection rippeymp811.ml rippeymp811.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1568194124330713089 # Reference: https://www.virustotal.com/gui/file/c2eac887aeca169e624ea5922167854e32faa4c47d52d5cf01949f965d26f00c/detection 198.98.53.231:5677 # Reference: https://www.virustotal.com/gui/file/d01e1d3d771a443f0fb994b3b3583422124677d4fba4eec14ce6f387e97055c3/detection adobedata.webredirect.org cdt.3utilities.com # Reference: https://www.virustotal.com/gui/file/5f6579f4f7371307b56a578c760042466708f88f04ccf09b8291ed495ad97f5f/detection 45.74.38.17:6606 45.74.38.17:7707 45.74.38.17:8808 niiarmah.kozow.com # Reference: https://www.virustotal.com/gui/file/112bc23dbf145fb1c5c78e842b605a4da6202c9993114c7118fbdf902d6c7673/detection 3.22.30.40:13857 # Reference: https://tria.ge/221010-ggv9naafh4/behavioral1 193.161.193.99:40774 tienMonkey-40774.portmap.io # Reference: https://tria.ge/221010-t26bkscgck/behavioral1 64.44.167.136:46452 # Reference: https://twitter.com/pollo290987/status/1578046865987276806 # Reference: https://www.virustotal.com/gui/file/0e57f8d6bd3306206086c712cf06004c893f72f92374d0724579810b4ae20160/detection pushkin.ydns.eu # Reference: https://tria.ge/220719-e9y5xabean/behavioral2 212.193.30.230:79 # Reference: https://twitter.com/0xToxin/status/1581235287182966784 # Reference: https://tria.ge/221015-e6n6jafbe8/behavioral1 103.209.76.44:2000 # Reference: https://twitter.com/0xToxin/status/1581304132866301952 45.141.215.212:222 45.141.215.212:6606 45.141.215.212:7707 45.141.215.212:8808 red2056.freeddns.org # Reference: https://twitter.com/SquiblydooBlog/status/1581627679300030465 # Reference: https://tria.ge/221016-pnbgtshef9/behavioral1 45.138.16.240:6666 basejumper.io nasori.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/bf7e15bd062dd3a60eb36c7ee466d06439efcbf08afea2d166c7bd0707ee63f4/detection 83.51.53.98:1604 testing35123.duckdns.org # Reference: https://www.virustotal.com/gui/file/68fa24f693d9b5955eb2a34a6fbbd3ac7b9e4e8efa53b17b6a94ddd01baab2fe/detection 185.216.71.4:4449 45.155.165.234:4449 venom12345.duckdns.org venomunverified.duckdns.org # Reference: https://www.virustotal.com/gui/file/0a151bff139d2541495279ae8db6f3fede5f867337ee69b466023de228a9bacf/detection 141.255.144.193:4444 # Reference: https://www.virustotal.com/gui/file/84d2ec2e12cda6b36e0269b75fb40afeca89d0612e8b4091006348cf9a37530d/detection 51.255.152.131:6606 51.255.152.131:7707 51.255.152.131:8808 andojan.ddns.net # Reference: https://www.virustotal.com/gui/file/b26760b051260ea435c5c32f8e65cd200034495db040e58da7b453b3d57132a5/detection 85.209.134.94:6606 85.209.134.94:7707 85.209.134.94:8808 # Reference: https://www.virustotal.com/gui/file/5e3588e8ddebd61c2bd6dab4b87f601bd6a4857b33eb281cb5059c29cfe62b80/detection 109.206.241.84:6606 109.206.241.84:7707 109.206.241.84:8808 # Reference: https://www.virustotal.com/gui/file/c7dcb35fe7258ccbebe3b42065a24813c0a012a26fdd3990627114687ca3d3b3/detection 194.5.98.21:4000 dan4000.duckdns.org # Reference: https://twitter.com/r3dbU7z/status/1584710460737474560 # Reference: https://www.virustotal.com/gui/file/3fef9fb9da2241e00c15b8f0ebd58b5b7c1c7a4c0bf03f8d703a43f99b212bdb/detection 18.189.106.45:13405 18.189.106.45:15258 3.134.125.175:15258 3.134.125.175:8848 3.141.177.1:13405 3.141.210.37:13405 3.141.210.37:15258 # Reference: https://twitter.com/abuse_ch/status/1585666644101283843 # Reference: https://tria.ge/221027-r75wwscdg9/behavioral1 20.240.61.211:8080 kachininanayiyicem.swedencentral.cloudapp.azure.com # Reference: https://www.virustotal.com/gui/file/23704a63aeba9bdc475ee744cb79d6b2e0dbb6980fe7a0121f81a8eb4c97d143/detection 20.224.160.59:7000 # Reference: https://www.virustotal.com/gui/file/ef91ae5e27e371faf3f08f8bc68acde7ede075b799fe96d186fcec75ddf6ca10/detection 203.159.80.120:16518 203.159.80.120:4815 update.supportmozilla.org # Reference: https://otx.alienvault.com/pulse/63722ef12028314bb58019d8 # Reference: https://www.virustotal.com/gui/file/c7dc5f8604385b4b61489ec6910ebdc627bcef90cd6eb6c1a699c0d34c59d350/detection # Reference: https://www.virustotal.com/gui/file/2ffc476fcd66111e82bd4a24a475f9a59b47691268e3acf812769d73b62d9cd0/detection # Reference: https://www.virustotal.com/gui/file/2e160f9cd9333884fac63e6d730a746eb64e5ff47318e27934335caa330fdd2e/detection 159.89.35.152:6606 159.89.35.152:7707 159.89.35.152:8808 # Reference: https://tria.ge/221117-kq1ghsaa7x/behavioral1 207.244.231.35:9194 asyrz.duckdns.org # Reference: https://tria.ge/221117-kq1ghsaa7w/behavioral1 arrw.duckdns.org # Reference: https://twitter.com/ScumBots/status/1594105082077143042 # Reference: https://www.virustotal.com/gui/file/0b1482290fad57d42705337dcb0c45acdc60f4925c1e8fd673638ebf41c78c23/detection 146.190.69.247:6606 146.190.69.247:7707 146.190.69.247:8808 # Reference: https://www.virustotal.com/gui/file/1525076c87558a452430e1a867c8e889f0f15fc658162debd2cd29c617b372c7/detection 158.247.232.56:6606 158.247.232.56:7707 158.247.232.56:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ http://45.153.240.69 http://66.94.109.58 http://51.68.180.4 100.42.65.218:6606 100.42.65.218:8080 101.99.94.33:6606 101.99.94.33:7707 101.99.94.33:8808 103.117.72.103:8848 103.133.111.110:5200 103.147.185.182:1170 103.147.185.182:1814 103.147.185.182:9080 103.149.201.214:6606 103.149.201.214:7707 103.149.201.214:8808 103.151.123.194:7849 103.151.239.166:6606 103.151.239.166:7707 103.151.239.166:8808 103.153.73.37:6606 103.153.73.37:7707 103.153.73.37:8808 103.167.84.119:2257 103.195.238.235:16058 103.195.238.95:8808 103.213.111.207:6606 103.47.144.100:49746 103.47.144.126:2703 103.47.144.67:2703 103.47.144.71:2703 103.47.144.71:49746 103.74.101.124:2245 103.89.88.236:1998 104.128.189.120:6606 104.128.189.120:7707 104.128.189.120:8808 104.168.141.171:8713 104.168.152.36:7707 104.168.33.32:6606 104.168.33.32:7707 104.168.33.32:8808 104.168.33.53:6606 104.168.33.53:7707 104.168.33.53:8808 104.238.147.18:6606 104.238.147.18:7707 104.238.147.18:8808 104.243.37.4:6606 104.243.37.4:7707 104.243.37.4:8808 104.249.62.71:4211 104.250.180.32:2119 104.37.172.204:56777 105.112.154.175:7505 105.154.200.41:64 105.156.105.249:64 107.172.44.141:6606 107.172.44.141:7707 107.172.44.141:8808 107.173.62.21:6606 107.173.63.199:5656 107.182.128.19:6606 107.182.128.19:7707 107.182.128.19:8808 107.182.129.16:8010 107.182.237.14:58453 108.143.240.80:112 109.206.240.5:5992 109.206.241.215:1999 109.206.243.58:3306 111.90.143.12:4489 111.90.143.12:4899 111.90.143.12:8080 111.90.147.102:4449 111.90.147.102:56721 114.116.34.118:7777 114.116.34.118:8888 115.231.235.56:8848 115.64.43.254:25567 115.75.66.68:6606 115.75.66.68:6821 115.75.66.68:7707 115.75.66.68:8808 116.108.48.70:374 116.203.252.195:4449 119.45.104.153:8848 119.91.100.114:7890 121.40.151.214:8808 124.217.247.242:8808 124.223.14.242:443 129.151.91.127:7177 13.59.15.185:19091 13.66.153.98:1604 134.255.234.198:7777 135.125.27.236:22 135.148.113.4:6789 135.181.204.51:8848 136.144.41.223:8394 136.36.83.93:8888 137.74.157.86:4449 138.201.2.2:2022 138.201.81.121:38022 138.201.81.121:55686 138.99.209.222:2000 138.99.211.39:2119 139.180.143.50:11334 139.180.143.50:6606 139.180.143.50:7707 139.180.143.50:8808 14.173.70.169:8080 14.186.155.171:6788 141.101.173.15:2000 141.101.173.39:2000 141.255.144.117:2000 141.255.147.50:7707 141.94.112.3:9925 141.95.84.40:222 141.95.84.40:4040 141.95.89.79:2005 141.98.101.133:5503 141.98.102.235:16296 141.98.6.228:8808 142.202.240.108:5505 142.202.240.108:6606 142.202.240.108:7707 142.202.240.116:5555 142.202.240.82:5253 142.202.240.88:8808 142.202.242.181:6666 142.202.242.198:222 142.202.242.198:2222 142.202.242.198:5555 142.202.242.210:9090 144.126.209.63:1442 144.126.209.63:6606 144.76.65.183:57117 146.19.57.77:6606 146.70.128.174:55178 146.70.165.100:57508 146.70.165.10:61288 147.124.211.69:5050 147.135.106.246:6606 147.135.106.246:7707 147.135.106.246:8808 147.135.95.107:6606 147.185.221.180:1491 147.185.221.180:64654 147.185.221.180:6606 147.185.221.212:15420 147.189.169.46:4444 147.189.169.46:6606 147.189.169.46:7707 147.189.169.46:8808 147.189.172.218:6666 147.189.172.222:2222 147.189.174.182:6666 147.50.253.67:3926 147.50.253.67:6606 147.50.253.67:7707 147.50.253.67:8808 147.50.253.97:8454 148.163.80.206:7778 149.56.43.121:4199 15.204.170.1:8808 15.235.10.108:6606 154.204.180.237:8848 154.211.6.212:8848 154.212.139.228:1337 154.38.112.92:8848 154.39.252.24:8848 154.53.40.254:3110 154.91.228.23:8848 156.96.154.30:6668 156.96.154.30:7778 156.96.156.177:6666 157.90.202.235:5252 157.90.206.49:6606 157.90.206.49:7707 157.90.206.49:8808 158.101.188.195:1575 159.203.126.35:22174 159.203.126.35:5555 159.69.234.3:1010 159.69.234.3:6606 159.69.234.3:7707 159.69.234.3:8808 160.152.137.3:1604 160.177.92.182:64 160.178.160.73:66 160.178.206.45:65 161.129.44.189:8808 162.14.83.129:8848 162.55.179.46:6606 162.55.179.46:7707 162.55.179.46:8808 163.123.142.155:5764 163.172.225.185:412 163.172.225.185:441 163.172.225.185:551 163.172.225.185:6606 163.172.225.185:661 163.172.225.185:677 163.172.225.185:7707 163.172.225.185:8808 164.92.113.92:9007 165.227.31.192:22545 165.232.151.233:2022 167.71.56.116:22993 167.71.7.168:6606 167.71.7.168:7707 167.71.7.168:7770 167.71.7.168:8808 168.119.140.238:8848 171.22.30.33:8808 171.235.66.23:233 172.104.148.228:6606 172.111.147.42:2119 172.111.147.89:2119 172.111.149.2:1994 172.111.204.106:6606 172.111.204.106:8808 172.111.216.100:49746 172.245.251.219:2015 172.245.94.220:10090 172.81.184.73:8808 172.81.62.54:5085 172.86.120.88:4449 172.93.220.135:6606 172.93.220.135:7707 172.93.220.135:8808 172.94.111.4:2008 172.94.122.20:2000 172.94.15.163:5200 172.94.64.70:6606 172.94.80.56:2000 172.94.9.77:2119 173.234.105.145:5201 173.249.17.53:2252 176.232.184.98:1604 176.9.31.109:3674 176.9.31.109:7707 177.255.88.205:8042 177.255.88.25:4217 177.255.89.112:4203 177.255.89.43:4203 178.175.131.101:56064 178.20.44.131:6666 179.13.1.226:8042 179.13.3.107:4203 179.13.5.152:4203 179.13.5.152:4204 179.43.142.197:5789 179.43.162.20:1337 179.43.166.50:6606 179.43.187.19:2525 179.43.187.19:33 179.43.187.19:4523 179.43.187.19:5555 18.139.9.214:11409 18.141.129.246:11409 18.192.31.165:10108 18.192.31.165:13820 18.207.218.15:1337 181.131.216.129:8050 181.141.0.235:8050 181.141.3.105:7707 181.141.5.226:8091 181.214.48.40:6670 181.215.5.168:8809 181.71.216.22:7707 185.106.94.165:2323 185.132.176.192:4449 185.140.53.10:2121 185.140.53.12:6161 185.140.53.131:7171 185.140.53.136:2014 185.140.53.137:1604 185.140.53.15:3023 185.140.53.176:2376 185.140.53.242:2256 185.140.53.63:8721 185.162.74.65:5455 185.171.91.4:1604 185.176.220.145:6606 185.176.220.145:7707 185.176.220.145:8808 185.189.151.24:8808 185.19.85.172:5050 185.199.226.19:6606 185.199.226.19:7707 185.199.226.19:8808 185.205.209.206:2020 185.213.155.163:57808 185.222.57.137:3333 185.222.57.203:6606 185.222.57.238:4449 185.222.57.72:6606 185.222.57.72:7707 185.222.57.72:8780 185.222.57.72:8808 185.222.57.80:6275 185.222.58.50:4545 185.225.28.148:57652 185.225.28.150:57718 185.225.28.156:54873 185.225.73.150:8808 185.225.73.183:4782 185.225.74.38:6606 185.225.74.38:8808 185.227.70.219:8088 185.227.70.220:8808 185.227.70.254:8808 185.236.78.58:7707 185.236.78.58:8808 185.237.96.105:7707 185.241.208.144:5555 185.241.208.144:6666 185.241.208.148:6666 185.241.208.193:5001 185.241.208.233:5430 185.243.181.86:7707 185.244.30.237:1195 185.244.31.182:4000 185.244.31.182:8848 185.246.220.208:6606 185.246.220.208:7707 185.246.220.208:8808 185.246.220.26:12336 185.246.220.26:18867 185.246.220.26:19624 185.246.220.26:26993 185.246.220.26:51115 185.246.220.26:5200 185.246.220.26:6606 185.246.220.26:7707 185.246.220.26:8808 185.25.48.203:1703 185.250.149.180:25566 185.250.241.219:6066 185.250.241.219:6606 185.250.241.219:7707 185.250.241.219:8808 185.252.178.121:222 185.252.178.121:5126 185.252.178.121:6126 185.254.37.238:1432 185.254.37.238:1452 185.254.37.238:3306 185.255.95.191:99 185.29.8.22:4444 185.64.104.84:12312 185.64.105.42:470 185.66.91.81:6121 185.7.214.8:4449 185.81.157.117:1858 185.81.157.169:2022 185.81.157.202:2535 185.81.157.202:5555 185.81.157.244:6601 185.81.157.71:4343 185.81.157.71:4444 185.81.157.71:5555 185.81.157.7:2001 185.81.157.7:5522 186.152.129.124:2113 188.119.112.140:4449 188.132.156.147:1604 188.161.17.116:555 188.212.124.129:4444 188.227.57.46:22 190.123.44.184:3321 190.123.44.184:8012 190.123.44.184:8201 190.2.147.39:4449 190.2.147.39:8848 190.213.78.26:5000 191.101.130.243:7707 191.101.130.28:8808 191.101.30.41:4413 192.158.232.67:1431 192.158.232.67:8848 192.188.88.248:6606 192.210.201.53:8809 192.253.245.243:7771 192.3.101.108:4404 192.3.101.108:6606 192.3.101.108:7707 192.3.101.108:8808 192.3.101.190:2015 192.3.193.136:2023 192.3.205.21:2014 192.30.89.27:29843 192.30.89.51:29843 192.30.89.51:6253 192.30.89.51:6397 192.30.89.67:29843 192.99.180.181:6606 192.99.180.181:7707 192.99.180.181:8808 193.142.146.212:6606 193.142.146.212:8808 193.149.176.156:1337 193.149.176.156:4449 193.149.3.239:1938 193.164.7.108:1604 193.200.134.9:9969 193.203.238.103:6666 193.203.238.54:6666 193.23.160.250:8848 193.233.185.161:8808 193.233.191.150:6606 193.233.191.150:7707 193.233.191.150:8808 193.233.191.4:6606 193.233.191.4:8808 193.233.203.224:4444 193.233.48.17:8848 193.29.104.92:3579 193.37.255.162:9441 194.147.140.15:3030 194.156.91.122:6666 194.233.169.93:7707 194.26.192.121:7077 194.26.192.174:2005 194.26.192.174:6606 194.26.192.190:7707 194.26.192.221:2020 194.26.192.77:7707 194.26.192.77:8808 194.26.192.82:1010 194.26.192.82:2020 194.31.98.58:2405 194.31.98.80:6606 194.31.98.80:7707 194.31.98.80:8808 194.33.45.175:6666 194.37.96.118:54861 194.49.94.212:444 194.49.94.212:555 194.5.97.203:7070 194.5.97.228:5069 194.5.97.232:3738 194.5.97.41:5200 194.5.97.41:6606 194.5.97.41:7707 194.5.97.41:8808 194.5.97.88:5050 194.5.98.11:6606 194.5.98.120:4449 194.5.98.120:8647 194.5.98.178:3330 194.5.98.198:4545 194.5.98.227:8647 194.5.98.251:4598 194.5.98.6:20 194.55.224.44:6606 194.55.224.44:7707 194.55.224.44:8808 194.55.224.72:8808 194.59.218.147:8808 194.61.119.50:8884 194.87.151.125:7399 194.87.151.134:7878 194.87.218.241:8808 194.9.172.60:6606 194.9.172.60:7707 195.178.120.137:5097 195.178.120.137:6071 195.178.120.187:8848 195.178.120.6:1337 195.178.120.6:8808 195.206.235.234:1907 195.3.222.57:6001 196.65.134.20:64 196.77.237.119:55555 196.77.31.30:65 198.13.52.249:8080 198.23.145.147:1070 198.23.145.147:1137 198.23.145.147:2525 198.23.191.98:45674 198.23.191.98:6075 198.23.200.102:1759 198.23.200.102:7707 198.23.207.34:2023 198.23.207.34:6606 198.23.207.34:7707 198.23.207.34:8808 198.244.206.24:6606 198.244.206.24:6666 198.244.206.24:7707 198.244.206.24:8808 198.244.251.250:6666 199.195.253.181:1256 199.249.233.130:6253 199.249.233.130:6397 199.34.31.224:45005 2.224.144.191:2222 2.56.56.122:2022 2.56.56.180:4444 2.56.56.88:2406 2.56.57.210:7787 2.56.57.226:6606 2.56.57.55:7707 2.56.57.68:8754 2.56.59.167:420 2.56.59.167:6606 2.56.59.167:7707 2.56.59.167:8808 2.56.59.189:8898 2.58.56.106:6666 2.58.56.120:4433 2.58.56.148:5555 2.58.56.148:6666 2.58.56.148:8888 2.58.56.183:222 2.58.56.183:2222 2.58.56.22:5211 2.58.56.243:6121 2.58.56.41:1996 2.58.56.44:6666 2.59.119.56:3131 2.59.119.66:8080 2.59.119.84:7943 20.100.196.69:9281 20.107.115.162:50239 20.108.44.45:3152 20.111.19.215:3152 20.111.34.199:1604 20.111.63.231:7072 20.114.139.208:4498 20.117.208.193:8080 20.12.204.46:8080 20.125.118.35:2244 20.125.122.98:4449 20.127.4.172:8080 20.127.4.172:8848 20.151.221.59:1604 20.16.8.148:6606 20.16.8.148:7707 20.16.8.148:8808 20.16.8.148:8848 20.166.62.124:49264 20.169.104.228:6666 20.169.37.196:6666 20.171.107.243:6606 20.171.107.243:7707 20.171.107.243:8808 20.197.226.40:4448 20.199.101.68:3161 20.211.5.151:4449 20.212.19.59:51585 20.212.19.59:6606 20.212.19.59:7707 20.212.19.59:8808 20.224.162.224:6606 20.224.162.224:7707 20.224.162.224:8080 20.224.162.224:8808 20.226.0.95:6606 20.226.101.17:40 20.226.101.17:6606 20.226.101.17:7707 20.226.101.17:8808 20.226.120.127:22 20.238.78.172:6606 20.4.6.16:43521 20.42.114.46:8080 20.54.113.5:3131 20.54.113.5:6606 20.54.113.5:7707 20.54.113.5:8808 20.62.3.66:8000 20.62.3.66:8808 20.69.124.187:6606 20.69.124.187:7707 20.69.124.187:8808 20.77.254.176:2200 20.8.122.174:31682 20.83.245.27:1604 20.98.96.97:1605 203.78.128.202:7707 205.185.118.52:20000 206.123.132.35:2119 206.123.132.41:2119 206.123.132.68:2020 206.217.133.4:49815 206.53.55.8:1337 207.244.233.24:6666 207.244.235.47:6606 207.32.216.119:5555 207.32.216.119:6666 207.32.216.198:2233 207.32.216.198:6666 207.32.216.198:8808 207.32.216.212:5001 207.32.217.109:222 207.32.217.246:7707 207.32.217.247:6666 207.32.218.108:6666 207.32.218.11:1996 207.32.218.123:6666 207.32.218.12:6606 207.32.219.50:6666 207.32.219.80:6666 208.109.33.30:7777 208.109.33.30:8888 209.126.2.34:6606 209.126.2.34:7707 209.126.2.34:8808 209.126.83.213:8808 209.127.186.218:6305 209.141.44.112:8808 209.209.40.132:2 209.25.141.211:33901 209.90.234.22:6606 209.90.234.22:7707 209.90.234.22:8808 210.87.207.134:8808 211.149.180.60:8848 212.114.52.113:8888 212.114.52.212:1893 212.174.54.164:8808 212.192.219.56:5612 212.192.241.130:6606 212.192.241.130:7707 212.192.241.130:8808 212.192.241.194:7271 212.192.241.87:8754 212.192.246.87:5803 212.193.30.144:7331 212.193.30.230:7011 212.193.30.54:8754 212.193.30.54:8755 212.193.30.96:5022 212.227.169.228:4449 212.68.34.230:6606 213.152.161.117:56390 213.152.161.170:6751 213.152.161.211:50552 213.152.161.5:6253 213.152.161.5:6397 213.152.187.230:6751 216.126.224.171:6606 216.126.224.171:7707 216.126.224.171:8808 216.250.97.121:20000 217.195.197.85:6606 217.195.197.85:7707 217.195.197.85:8808 217.64.149.93:1973 217.64.31.3:9742 23.101.213.237:4546 23.102.122.72:8080 23.105.131.196:6606 23.105.131.196:7707 23.105.131.196:8808 23.105.131.196:9121 23.105.131.196:9128 23.105.131.209:1070 23.105.131.209:1137 23.105.131.209:19328 23.129.232.160:2222 23.129.232.160:6666 23.146.242.100:4449 23.226.77.22:4449 23.237.25.246:6606 23.237.25.246:7707 23.237.25.246:8808 23.94.159.212:6606 23.94.159.212:7707 23.94.159.212:8808 23.94.236.147:6606 23.94.236.147:7707 23.94.236.147:8808 23.94.82.24:10240 3.125.115.192:18 3.125.115.192:25 3.138.180.119:18729 3.141.210.37:12300 3.142.167.54:14923 3.144.124.4:7771 3.219.26.62:6606 3.219.26.62:7707 3.219.26.62:8808 3.237.100.172:8808 3.66.38.117:12104 3.68.171.119:12104 3.69.115.178:12104 3.69.157.220:12104 31.170.22.28:55775 31.192.236.139:3434 31.41.244.135:8808 34.125.144.45:5000 34.125.144.45:5001 34.125.144.45:5002 34.140.211.85:7707 37.0.10.214:6171 37.0.11.246:6606 37.0.11.246:7707 37.0.11.246:8808 37.0.14.196:2050 37.0.14.196:6161 37.0.14.196:6606 37.0.14.196:7707 37.0.14.196:8808 37.0.14.197:6060 37.0.14.197:7171 37.0.14.198:17086 37.0.14.203:1905 37.0.14.204:2019 37.0.14.204:2022 37.0.14.204:5631 37.120.210.219:48408 37.120.212.235:6606 37.120.217.243:6253 37.120.217.243:6397 37.249.78.26:5554 37.249.78.26:5555 38.105.209.167:8848 38.130.221.190:6606 38.130.221.190:7707 38.130.221.190:808 38.17.51.104:1989 38.47.205.151:8848 4.227.187.147:8080 4.229.235.23:8000 4.231.233.180:25310 41.141.211.80:64 41.216.183.175:4404 41.216.183.61:6751 41.251.4.158:64 41.72.146.10:6606 43.138.160.55:6606 43.139.124.22:6666 43.154.97.109:1981 43.154.97.109:8848 43.249.30.55:8848 44.192.67.149:4784 45.12.253.31:6606 45.12.253.58:1515 45.12.253.58:2323 45.133.1.152:6606 45.133.1.152:7707 45.133.1.152:8808 45.133.174.122:7707 45.134.140.152:60060 45.134.142.193:61341 45.134.142.193:6606 45.134.142.193:7707 45.134.142.193:8808 45.134.142.211:1337 45.134.142.211:56597 45.136.4.101:888 45.136.4.99:8808 45.137.22.111:8787 45.137.22.182:6606 45.137.22.182:7707 45.137.22.182:8808 45.137.22.41:4449 45.138.16.104:7707 45.138.16.109:6666 45.138.16.133:5555 45.138.16.162:6969 45.138.16.186:2004 45.138.16.218:2020 45.138.16.240:2222 45.138.16.39:6606 45.138.16.39:6666 45.138.16.71:8808 45.139.105.207:4782 45.139.105.252:6666 45.14.224.94:5020 45.140.146.4:25569 45.141.237.30:55055 45.143.8.181:13389 45.143.8.181:4449 45.143.8.181:8149 45.144.154.192:1604 45.144.30.31:25565 45.144.31.124:4444 45.154.98.151:7777 45.154.98.194:555 45.154.98.214:6606 45.154.98.87:8453 45.155.158.187:1337 45.158.77.78:10135 45.158.77.78:6606 45.158.77.78:7707 45.158.77.78:8808 45.176.91.143:9001 45.242.220.23:50 45.242.84.173:50 45.66.248.114:8899 45.74.4.244:7707 45.74.4.244:8808 45.80.158.108:555 45.80.158.108:6606 45.80.158.108:6666 45.80.158.108:7707 45.80.158.108:8808 45.80.158.114:6606 45.80.158.127:7707 45.80.158.160:6666 45.80.158.237:5558 45.80.158.65:7777 45.81.243.217:6606 45.81.243.217:7707 45.81.243.217:8808 45.88.67.12:6666 45.88.67.9:3306 45.88.67.9:3309 45.88.67.9:3358 45.88.79.224:54 45.88.79.224:55686 45.92.1.24:5001 45.92.1.59:6606 45.92.1.59:7707 45.92.1.71:8808 46.183.220.21:6606 46.183.223.109:8088 46.246.6.11:7090 46.3.199.101:4449 49.12.0.239:3760 5.161.115.90:6666 5.161.139.136:6666 5.161.139.136:7777 5.161.76.198:2003 5.181.234.149:51822 5.188.51.32:4449 5.188.86.237:6606 5.188.86.237:7707 5.188.86.237:8808 5.230.68.234:6606 5.230.68.234:7707 5.230.68.234:8808 5.230.70.13:6606 5.230.70.13:7707 5.230.70.13:8808 5.230.72.132:6606 5.230.72.132:7707 5.230.72.132:8808 5.39.15.167:88 5.68.138.73:3939 5.78.65.18:8848 51.116.125.149:3536 51.12.89.205:8361 51.222.69.7:6666 51.222.98.70:6606 51.222.98.70:8808 51.254.246.45:1974 51.255.130.2:6606 51.38.247.74:5555 51.68.180.4:4040 51.68.180.4:5058 51.68.180.4:6606 51.68.180.4:7707 51.68.180.4:8808 51.77.78.35:6606 51.77.78.35:6666 51.77.78.35:7707 51.77.78.35:8808 51.79.116.37:8848 51.81.126.39:1972 51.81.24.93:8000 51.83.137.127:6606 51.83.137.127:7707 51.83.137.127:8808 51.83.21.211:7707 51.83.231.254:6606 51.83.231.254:7707 51.83.231.254:8808 51.89.204.67:8808 51.89.205.213:8808 52.143.164.37:5555 52.178.132.52:6606 52.178.132.52:7707 52.178.132.52:8808 52.28.247.255:15066 52.90.30.10:7707 54.196.16.250:1337 54.37.42.165:4782 58.221.72.142:8848 61.14.233.88:6606 61.14.233.88:7707 61.14.233.88:8808 62.108.37.84:8848 62.108.37.84:8881 62.197.136.146:5672 62.197.136.146:6606 62.197.136.146:7707 62.197.136.146:8808 62.197.136.165:7777 62.197.136.165:8080 62.197.136.167:1111 62.197.136.167:6606 62.197.136.167:7707 62.197.136.167:8808 62.197.136.175:6606 62.197.136.175:7707 62.197.136.175:8808 62.197.136.195:3333 62.210.57.2:1284 64.56.68.152:8888 64.56.68.17:8888 64.56.68.209:8888 65.21.177.234:555 66.94.105.170:4449 66.94.109.58:6606 66.94.109.58:7707 66.94.109.58:8808 66.94.118.174:4001 67.214.175.69:7535 67.43.236.220:4151 68.235.43.172:59004 68.235.44.58:59335 70.36.108.28:4444 70.36.108.69:8888 70.36.110.176:8888 73.143.210.113:1337 73.143.210.113:56597 76.8.53.133:62520 77.192.68.90:1900 78.138.107.121:8808 78.138.107.121:8877 78.153.130.88:3232 78.170.251.123:7707 78.171.150.184:6606 78.171.173.96:1044 78.173.187.50:6606 78.186.210.130:8808 78.191.189.97:81 79.110.62.147:2025 79.134.225.11:7935 79.134.225.22:7936 79.134.225.23:6606 79.134.225.23:7707 79.134.225.23:8808 79.134.225.6:2782 79.134.225.72:2233 79.134.225.73:3030 79.134.225.74:6161 79.134.225.8:6161 79.134.225.97:4449 79.134.225.9:6060 8.210.121.56:10165 8.39.147.42:6606 8.39.147.42:7707 80.240.18.7:3131 80.253.246.144:6606 80.66.64.134:6161 80.66.64.151:7070 80.66.88.146:8848 82.115.223.14:4449 83.245.137.185:3306 84.38.130.171:9216 84.39.179.220:7707 84.52.187.222:8080 84.54.13.124:6606 84.54.13.124:8808 84.54.50.51:8848 85.104.99.83:4014 85.105.88.221:2531 85.202.169.14:855 85.202.169.230:8080 85.206.160.189:6606 85.215.214.84:7349 85.215.216.205:8088 85.31.45.38:8808 85.31.46.207:6606 85.31.46.207:7707 85.31.46.207:8808 86.48.18.223:7707 86.48.18.223:8808 86.57.195.165:8808 87.121.52.241:2000 87.237.165.133:6161 87.249.134.10:61341 87.249.134.10:6606 87.249.134.10:7707 87.249.134.10:8808 87.249.134.18:59004 87.249.134.1:61341 87.249.134.1:6606 87.249.134.1:7707 87.249.134.1:8808 87.251.79.126:18066 88.248.18.120:1604 88.248.18.120:33918 88.248.18.120:6606 88.248.18.120:7707 88.248.18.120:8808 89.117.21.144:6606 89.117.77.193:6606 89.223.71.59:5856 89.249.74.218:6253 89.249.74.218:6397 90.49.136.9:8080 91.109.176.14:6606 91.109.176.15:8808 91.109.176.6:6606 91.109.178.12:8808 91.109.178.13:6606 91.109.178.13:7707 91.109.178.14:6606 91.109.178.14:7707 91.109.178.14:8808 91.109.178.2:7707 91.109.178.3:7707 91.109.178.5:8808 91.109.178.5:9909 91.109.178.6:6606 91.109.178.8:8808 91.109.178.9:6606 91.109.180.11:6606 91.109.180.12:6606 91.109.180.13:8808 91.109.180.16:8808 91.109.180.9:7707 91.109.182.11:6606 91.109.182.9:6606 91.109.184.18:7707 91.109.184.3:6606 91.109.184.3:8808 91.109.184.4:7707 91.109.184.7:7707 91.109.184.9:7707 91.109.186.13:6606 91.109.186.2:7707 91.109.186.3:8808 91.109.186.5:8808 91.109.186.7:6606 91.109.186.7:8808 91.109.188.10:6606 91.109.188.10:8808 91.109.188.12:6606 91.109.188.14:8808 91.109.188.23:6606 91.109.188.5:7707 91.109.188.8:6606 91.109.188.8:7707 91.109.190.10:7707 91.109.190.7:8808 91.109.190.9:8808 91.134.187.20:4449 91.151.88.159:3131 91.151.94.59:1212 91.192.100.7:8282 91.192.100.8:8153 91.193.75.132:9191 91.193.75.135:3030 91.193.75.154:1515 91.193.75.204:5900 91.193.75.205:5900 91.193.75.249:5900 91.227.113.154:6666 91.245.253.84:4449 91.245.255.120:4040 92.118.36.201:3001 92.118.36.201:6606 92.118.36.201:7707 92.118.36.201:8808 92.138.188.75:7006 92.204.146.31:6666 92.204.146.31:8000 92.222.212.65:6606 92.222.212.65:7707 92.222.212.65:8808 94.130.208.107:2021 94.26.49.118:6606 95.13.149.131:7707 95.173.247.110:8806 95.179.130.232:1703 95.214.24.32:7790 95.214.27.226:6606 95.214.27.226:7707 95.214.27.226:8808 95.214.27.237:1515 95.214.27.237:1717 95.216.102.32:8808 95.216.192.137:8808 95.217.121.186:4449 95.70.151.185:8805 96.227.248.173:8751 admincairo.linkpc.net asmodeus666.ddns.net bbiy00362.duckdns.org bbrainx01.publicvm.com bigdipsOn.publicvm.com boxtest.publicvm.com clsuplementos.ddns.net corpoleve.3utilities.com corpoleve.duckdns.org craig.kozow.com danbochie2.dns.army darknode88.duckdns.org daveblack.publicvm.com dimascu.duckdns.org dpunktesting.ddns.net egrh.linkpc.net elgzar207070.kozow.com escanor2022.linkpc.net flingmodder-53370.portmap.io franc01.publicvm.com gfhhjgh.duckdns.org ijogaa.duckdns.org jok7oda.publicvm.com kkshdh.duckdns.org krnewfine.work.gd lyoni-55552.portmap.host mikeludomax.ddns.net mikeludoyyxx.ddns.net mikludoykxx.ddns.net mineawrtes.ddns.net mmten.publicvm.com mo1010.duckdns.org moaaaza.com monogon.cc n0fuzga.publicvm.com nasser.endofinternet.net new2023.ddnsfree.com new6000fix.duckdns.org nexsa111.sells-it.net nexss111.sells-it.net nexst111.sells-it.net nulled2nd.camdvr.org paris-comrademay17.duckdns.org pofsecure.worse-than.tv polymoly.info pop11.linkpc.net pop5.ddns.net portdin.publicvm.com quizzical-meadow-22997.pktriot.net reinfocomplete.us ridaq1.is-a-caterer.com ridaq2.is-a-caterer.com rider.giize.com services.work.gd snaxosveilbmoswar.ooguy.com tarjapreta.news vrln.linkpc.net waelrakha.com winhost.ddns.net wizzy.hopto.org wpmediatech.com xavierat.ddnsfree.com xxxpasoxxx.ddnsfree.com xxxsthebagsxxx.mywire.org # Reference: https://www.virustotal.com/gui/file/881168bc9d9b2dd0ab96a2ebf781069c7f0adb347d2aed6afffc40fc876440b2/detection gratedmonth.duckdns.org # Reference: https://www.virustotal.com/gui/file/00175798dec9209ec22acf95a8484f3fcc58524973ff82111268dc117f3647ad/detection 103.151.123.121:8891 handofhor.duckdns.org # Reference: https://www.virustotal.com/gui/file/fdaa11387459b12583b27ace60c86e5fee4d882eff1a3c84d934fe84a31a914f/detection 23.133.216.180:21340 # Reference: https://www.virustotal.com/gui/file/0031ede66d7106d7d02eeddba63722046419ee6acf14b1d0441fc6e57bb63bf4/detection 147.185.221.180:25384 147.185.221.180:4852 23.133.216.180:25384 23.133.216.180:4852 # Reference: https://tria.ge/221128-sds6nsga4v/behavioral2 # Reference: https://www.virustotal.com/gui/file/53f99ccc4b2f86fbd235ebb718b1425017f23c01bc1a2b5ba39da3d4d21ab2b8/detection 147.185.221.180:9969 # Reference: https://www.virustotal.com/gui/file/68ea91f5203fb365e373f3325f2388db0d3f83237381548418f92af5659b8d64/detection 90.166.185.205:6606 90.166.185.205:7707 90.166.185.205:8808 torpesito.ddns.net # Reference: https://www.virustotal.com/gui/file/3e3ef95e4d20e1cf759021d91f834b6f2c82a1a9dbab3cab1605a55bc85d5be5/detection 167.71.56.116:22823 # Reference: https://www.virustotal.com/gui/file/f1b069632065fa9b56ec7fe634303955294d883a43b66449467fd0e84ac41981/detection 103.156.90.165:6688 inthepinvbxss.duckdns.org # Reference: https://twitter.com/r3dbU7z/status/1600095143272402946 dybc.publicvm.com elgzar.kozow.com nasori.ddnsfree.com # Reference: https://mp.weixin.qq.com/s/J_A12SOX0k5TOYFAegBv_w (Chinese) # Reference: https://www.virustotal.com/gui/file/68573d7720dd2af77d97303843b1b8e80bff6650738c80df21fff51dac1075cc/detection 182.183.241.98:6666 tindertx.ddns.net # Reference: https://www.virustotal.com/gui/file/9f87770bad3dd34c91f94032c8d219f327fea68d9452355804a59359dc8fde5c/detection 63.250.60.207:3060 # Reference: https://twitter.com/suyog41/status/1603656406854520832 # Reference: https://www.virustotal.com/gui/file/3cb88219d3e69e3831a24c06a1bcab6e6689358af1ce39e72876a27e73f236fd/detection chasmic-slings.000webhostapp.com # Reference: https://www.virustotal.com/gui/file/b090e91734b2b0159a3c73193665c461c57f46d8d10e9a01f662149b98c228db/detection 198.23.212.148:8848 # Reference: https://www.virustotal.com/gui/file/96c34bd9fb09b04617ca76e8e4e1ece03c9307335a25c882ae1b4a8e9fdbcca4/detection 4.201.51.87:5786 guardionofthelimiar.duckdns.org # Reference: https://twitter.com/58_158_177_102/status/1607911624815542273 # Reference: https://www.virustotal.com/gui/file/f470c59c6294eb44a1710a494df0901093e8efef423e243bc41044a3f7349616/detection # Reference: https://www.virustotal.com/gui/file/d43adab8c5f838640ed5b27cd6117f7482fbd1548cdab806ac675ab021e3b4e4/detection # Reference: https://www.virustotal.com/gui/file/f6362f72ab7bf169e6f17cdfbf06871528526a210126f75dbd2f8ca8a2cb73cd/detection # Reference: https://www.virustotal.com/gui/file/f1a0466f8d953d09ec77419609e8050f76c76aa93e9626ce3fc50fe9c296ad7f/detection # Reference: https://www.virustotal.com/gui/file/9ea0227fe34a921ea91ee6780651f62011d3a17a67df57e22afeb4efb7ba75f4/detection # Reference: https://www.virustotal.com/gui/file/2a0485239bcd3617d9b6139a2ecd01e2c094eeec2fbe8ac0aeed9e1fa2f4d781/detection 105.154.204.219:64 160.176.131.9:64 160.176.70.134:64 160.179.101.16:65 196.64.173.7:65 peakypinkers.duckdns.org # Reference: https://www.virustotal.com/gui/file/f8f2577b633797d4f522bc7365c943b83e3a92062ff2bd22f807d3d2f9fe354b/detection # Reference: https://www.virustotal.com/gui/file/ead9e87d8a4aede84c362453156b467d3d0c31f26a670c4aea5a57ced4c6b4eb/detection 82.131.101.66:5552 1604.hopto.org # Reference: https://mobile.twitter.com/x3ph1/status/1610430091041046529 # Reference: https://www.virustotal.com/gui/file/a71286ed9bc67a7bc404b462229db4cb869d36b84f41bfbc36a9227759ed434c/detection 147.189.168.100:6606 147.189.168.100:7707 147.189.168.100:8808 synergymediplus.com 1bxb.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1612459856639971328 # Reference: https://app.any.run/tasks/8bd63423-0ecb-4836-8e46-6ef6028d5f3c/ 185.176.220.29:6606 185.176.220.29:7707 185.176.220.29:8808 mulla2022.hopto.org # Reference: https://twitter.com/malwrhunterteam/status/1612581159699107843 # Reference: https://www.virustotal.com/gui/file/afbc4002c8369634933a12c9d2963644e648e30dc1ab25e506696f593fda4a33/detection 20.25.94.83:6606 20.25.94.83:7707 20.25.94.83:8808 c1crt.axfree.com draxinc.linkpc.net # Reference: https://twitter.com/Racco42/status/1612697711475572738 # Reference: https://app.any.run/tasks/46f2915c-5ebc-447d-976c-f4cfc4339f67/ # Reference: https://www.virustotal.com/gui/file/b90713c5c5f654a3dec2c6cd9c6b38d34a371403aa307a84f3d8cce512e41c0c/detection # Reference: https://www.virustotal.com/gui/file/37d871a4da364d19f9a32d10a9845f808daa5b60479f9134d1d2d6501e21fa25/detection 109.206.243.198:6606 109.206.243.198:7707 109.206.243.198:8808 # Reference: https://www.virustotal.com/gui/file/da7c929bf15c5b5f503449155f5000987a35916cb8cd97ce46b3509a16cfd6ac/detection 141.95.84.40:3060 # Reference: https://www.virustotal.com/gui/file/d8ebb55bf18869dc3f5b0a3f3c1a5287b6499dd2749feb9aa42f9bd8f30fece1/detection 141.95.84.40:3030 # Reference: https://www.virustotal.com/gui/file/a70000522eeafcb0dabe06ae1f49b25257795d90269b6d47737b64cecbabb91c/detection def.sytes.net # Reference: https://www.virustotal.com/gui/file/137b0598d14eaba417a9e7a9aea72027aa2e98fc30c814df45b91a992824e6dc/detection 46.43.90.99:7788 # Reference: https://twitter.com/embee_research/status/1614805554261815297 1c76ec89.anchor.northphxchiro.com # Reference: https://twitter.com/phage_nz/status/1615132638288957440 # Reference: https://tria.ge/230116-3mxwbsfc89/behavioral1 154.12.250.38:6606 154.12.250.38:7707 154.12.250.38:8808 # Reference: https://twitter.com/petrovic082/status/1615628082353676288 179.96.121.149:8080 # Reference: https://www.virustotal.com/gui/file/5cad69a96f097577cf7c73adeb0b43857c1acca3cf901c23f1f14768a16ac350/detection 45.138.16.150:6666 d1x3x.linkpc.net # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-19%20AsyncRAT%20IOCs 154.12.234.207:6606 154.12.234.207:7707 154.12.234.207:8808 newtryex.ddns.net # Reference: https://www.virustotal.com/gui/file/4fe815a0f25f582df5512d777afceaa3dfe65da5ded46465fad849ff3487d170/detection 91.109.176.7:9441 bemviver-repouso.com.br cdt2023.ddns.net # Reference: https://twitter.com/1ZRR4H/status/1617696464230285313 2023foco.com.br # Reference: https://app.any.run/tasks/d332f444-028c-48d1-9e84-9311b233e9e9/ 95.216.102.32:6606 95.216.102.32:7707 # Reference: https://twitter.com/petrovic082/status/1618549394911170565 # Reference: https://www.virustotal.com/gui/file/fa3a9b975c2a6c0aafaba29157cb94daba8e5fe20da8c3c70c5552e2aaccf378/detection # Reference: https://www.virustotal.com/gui/file/1649b879a199aea927d7879701a8017d286c291cd294b31e46486d2137c7789e/detection 134.209.126.30:6666 159.65.235.56:6666 181.214.94.75:6666 morph.sytes.net # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-27%20AsyncRAT%20IOCs # Reference: https://www.virustotal.com/gui/file/e180cd1b7fcf1674287a2aa516901ab1491aaaf7d9beb067b8109e742d89a50b/detection # Reference: https://www.virustotal.com/gui/file/041201ea61adce22ef2f36f64f9ccac66d638bffcb043e48f53d33cc7d8692a6/detection http://109.107.174.128 109.107.174.128:6606 109.107.174.128:7707 109.107.174.128:8000 109.107.174.128:8808 # Reference: https://twitter.com/ScumBots/status/1621102979033010179 # Reference: https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia # Reference: https://www.virustotal.com/gui/file/55e25bce90136a80ea0e24c17e4fa2b6582d9d387b3defeb06d40e38313ea6fe/detection 46.246.80.9:1543 46.246.86.3:1543 asy1543.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1622654044899614737 # Reference: https://www.virustotal.com/gui/file/360e29b66b74183494f32501a184eb3f39b425459b57cf84a6e3f8061dc519a2/detection # Reference: https://www.virustotal.com/gui/file/cfd9d28726de527ffe41e35c827f4dbf94671b9f74d70fd0ac118ddd8bcd8485/detection 85.217.170.33:8008 fintran.site filetrinsf.xyz # Reference: https://www.virustotal.com/gui/file/6a5e14ed26730c4e7fcbcbbc98db1cb7bdc45b27af457fd7f349b78cc35da9f8/detection # Reference: https://www.virustotal.com/gui/file/8a1b62fe165e75fe0004fcfa274a2b1316cb4012fb57454a45c15514b693fdc8/detection 85.217.170.33:8090 filetrisnf.store # Reference: https://twitter.com/atomiczsec/status/1623112165212184583 # Reference: https://tria.ge/230207-2ydfdsga92/behavioral2 osostata.com # Reference: https://www.virustotal.com/gui/file/16b4a6fec76b452f77a6832871ff2e906d673e557a0e6c2673fc952181d1319b/detection 185.249.198.46:6666 # Reference: https://twitter.com/dr4k0nia/status/1624214043639660544 18.206.35.13:6666 40.113.131.31:6666 xe3x1.ath.cx xonxen.dnsalias.com # Reference: https://www.virustotal.com/gui/file/727b7a1920d25e48af6ff6c8ee65be66ca062ba068d156a8211510c6e906e126/detection 20.206.103.69:4448 operador.ddns.me # Reference: https://www.virustotal.com/gui/file/1b713a56ede95505160c5f6942799badd8c749a0cf767f34dbc276f31d5087e2/detection 20.195.202.119:4449 # Reference: https://www.virustotal.com/gui/file/1cf7ad31eb11c1ab20417351de431a3dd795ff9753e0f5e70c7ac3b7619283cd/detection 20.206.103.69:4449 # Reference: https://www.virustotal.com/gui/file/d4e1be1a339a03490a108e86604bd02f58aac556e4be18a52217bcc52816a936/detection 20.13.152.56:4449 # Reference: https://www.virustotal.com/gui/file/a1e5cd57d6884986e59bc05f2fc0b6bfb1199cba589ff293fbe538dfec78d835/detection http://20.166.20.230 20.195.163.160:4449 # Reference: https://www.virustotal.com/gui/file/9b9477b4a407bb0cd74e70a1ceae6249a65bcefcf8cc9b98a79b03bca1fbb826/detection 20.206.103.69:7788 bitflysecurity.s3.amazonaws.com operador.ddns.me # Reference: https://www.virustotal.com/gui/file/817fd089f6f29233a21a67a8adc3f01e5816017cc653504d25ce0e3e41bad02f/detection nofinebucket.s3.amazonaws.com # Reference: https://www.virustotal.com/gui/file/4644d5d8f56afb7b2095ca5c209e840ad3a7dddaa294fa6a074283f0f6b1d956/detection exodusdownload.s3.amazonaws.com # Reference: https://www.virustotal.com/gui/file/0160a5ab3ac93ff1cbc18c74777e65600ef2982a2b147697944ad3033c6fd115/detection esplogem.ga # Reference: https://twitter.com/0xToxin/status/1624368467511021569 207.244.236.205:6606 207.244.236.205:7707 207.244.236.205:8808 # Reference: https://twitter.com/malwrhunterteam/status/1625586060276162589 # Reference: https://www.virustotal.com/gui/file/8572c19e4037b11c860ad014609a29a906ca1cdbd06ae6f13a3bf2e32c3acfb7/detection 20.229.137.82:1337 nonly.live # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-14%20AsyncRAT%20IOCs 195.133.40.128:333 195.133.40.128:6606 195.133.40.128:7707 195.133.40.128:8808 # Reference: https://twitter.com/dr4k0nia/status/1625965366793961472 # Reference: https://www.virustotal.com/gui/file/75ace7d4e6c6cd5abb6e28deb7a902f361afa443b0b71af834ff9d38972a441a/detection # Reference: https://www.virustotal.com/gui/file/9e66a5a4ce6774b137b47c5feaa407b75b96349bbff3c2dfe24b522cfa06f46b/detection 185.241.208.233:1337 barbaraalle.camdvr.org barbaraallen.camdvr.org raymonddapson.camdvr.org # Reference: https://www.virustotal.com/gui/file/017f7fb81dad9de4238b0dc6e59989eda959d8626df7451e8afe1ece3892621d/detection http://185.11.61.245 185.11.61.245:6606 185.11.61.245:7707 185.11.61.245:8808 # Reference: https://www.virustotal.com/gui/file/5dd033f850835b3e0b4ae423aad9922a9759d6b3f7ea5ff2b171815bf3a18825/detection 194.5.97.59:6606 194.5.97.59:7707 194.5.97.59:8808 # Reference: https://www.virustotal.com/gui/file/ceb12c810554c6988f7a88335613971616ef832dfd7e9027ae3bdf76f0974ee4/detection 18.228.115.60:19289 18.229.146.63:19289 18.229.248.167:19289 18.231.93.153:19289 # Reference: https://www.virustotal.com/gui/file/1e5407baf23480666ea2e978ccf1ad1276118b002c82160d5780f093a7517297/detection 178.175.142.195:26741 # Reference: https://www.virustotal.com/gui/file/f2399be73420c3074326fc31451d2c126c862dad095be5bcfbc0a0c0b022e4c7/detection 185.65.135.177:56604 # Reference: https://www.virustotal.com/gui/file/9a0bcf924ffecb891bae26ba6d17c2deb44f59f51a9d4f529b480393077585a5/detection 185.65.135.177:8925 maltosen.ddns.net # Reference: https://www.virustotal.com/gui/file/26e95fe011f8d21bde28c916cc60ec5f7d817bba6f8df6302449a8fc0aaf729f/detection 185.65.134.181:56981 # Reference: https://www.virustotal.com/gui/file/cbe84d22f09c9a8eb3d15710e72eac9e21941400e66f3e890ce6fcca294b8ce1/detection # Reference: https://www.virustotal.com/gui/file/8170cd47490cd0a0e8769cc662fe9d7a4e975c34e5fe494b209e0d73bc0d6433/detection 185.225.28.158:54944 3.64.4.198:18640 3.67.112.102:18640 # Reference: https://www.virustotal.com/gui/file/14c5a30526484ef4edf641a38e56a9c150d4f94ae125af2bbc9d821056d20023/detection 193.138.218.162:55373 193.138.218.162:57296 # Reference: https://www.virustotal.com/gui/file/9cc2a804dd840e979b6481c0cbc8045c991422d193b3e6358bacd082dd657c35/detection 209.25.140.180:55682 whole-playback.at.ply.gg # Reference: https://twitter.com/malwrhunterteam/status/1630275606666440704 # Reference: https://www.virustotal.com/gui/file/b3051daf1bb20dfa1cbc49a1da48ad341ed3a3ccb86fa8ba5a264c4e98cdc0e0/detection http://176.113.115.123 176.113.115.123:6606 176.113.115.123:7707 176.113.115.123:8808 # Reference: https://www.virustotal.com/gui/file/38d27eca5b197c4352ac713713e13e52ffe90c9eb61675315b0027ffa7c2aaf4/detection 51.142.111.3:3779 yourfather101.duckdns.org # Reference: https://twitter.com/StopMalvertisin/status/1631318221465997314 # Reference: https://twitter.com/ThreatBookLabs/status/1632647230007173122 # Reference: https://www.virustotal.com/gui/file/90cb95264d0b555fe9a760de404196ac183a958c9cc1aad0689598e35fbb0c3b/detection 0ffice365update.blogspot.com urlcallinghta1.blogspot.com # Reference: https://twitter.com/StopMalvertisin/status/1631318233650446336 # Reference: https://twitter.com/c_APT_ure/status/1632327563921051648 # Reference: https://www.virustotal.com/gui/ip-address/212.87.204.83/relations # Reference: https://www.virustotal.com/gui/file/c64e61aaa97d1744f8ec61dbd9ca72f3f5443bf534ee98eab39832338be39204/detection # Reference: https://www.virustotal.com/gui/file/94c3945bc834baae76d1e1e9fe6f647fc3438cc8b2dd1cbcf71e1fa57ff777b8/detection 212.87.204.83:3000 212.87.204.83:5000 port3000newspm.duckdns.org port6000old.duckdns.org port7000old.duckdns.org # Reference: https://www.virustotal.com/gui/file/43905bff6b7bdac9698c9109764e7ac3ffddddf59b9d278c648dfd8e6b1403ac/detection 3.64.4.198:16972 3.67.161.133:16972 3.67.62.142:16972 3.67.62.142:19425 # Reference: https://www.virustotal.com/gui/file/13de2024361712c76d9e5aed5aa9efb5af58dbc42e0ef58fa9084f422e268195/detection 165.227.31.192:22832 us-west-11608.packetriot.net # Reference: https://twitter.com/TrackerC2Bot/status/1634253108975894528 # Reference: https://www.virustotal.com/gui/file/25beb3bb95290ffbb5b12ad678ca9c7eb1bc2a135ecd0ec35621d30a9bab31d3/detection 172.93.231.202:4442 172.93.231.202:5552 # Reference: https://www.virustotal.com/gui/file/52688b2d7ff1b147902bb6eade2be7d52e27efb10f318ede17e05eb398386cac/detection 181.141.1.250:2424 46.246.12.16:2424 telo2158.duckdns.org # Reference: https://any.run/malware-trends/asyncrat kmspico.one majul.com eltem.iptime.org fund-linda.at.playit.gg lesgoo.kozow.com mind-cpu.at.playit.gg nethttp.sytes.net trip-it.at.playit.gg trojeiros.duckdns.org # Reference: https://twitter.com/0xrb/status/1635946014031978497 # Reference: https://www.virustotal.com/gui/file/5379820f930466a3fd452e5161da9da7771db18a2c88050a9f7a908960e1d7c8/detection 185.136.161.11:1337 # Reference: https://github.com/RussianPanda95/Malware/blob/main/AsyncRAT/hindi_config-3-17-2023.txt chromedata.webredirect.org # Reference: https://www.virustotal.com/gui/file/486d9c1f259ee472964bf817ed2b8e218440f7b1145230ff8cbba6a3da3c8f55/detection 181.141.1.67:4243 dcleomessi.duckdns.org # Reference: https://twitter.com/pmelson/status/1640822646089678848 p24xy.xyz # Reference: https://www.virustotal.com/gui/file/0c6b9d6c37b17c04112ce5b33b8b7770c483cb70b1e28f66d06d1bbf8384c777/detection 91.192.100.36:4444 dlusercontent.net # Reference: https://www.virustotal.com/gui/file/c0414a72120a5810090003e67dfd5deb57d40b7114a427b3cb8b255d92e7e1cb/detection 37.166.213.98:6606 37.166.213.98:7707 37.166.213.98:8808 cloudflarenet.duckdns.org # Reference: https://www.virustotal.com/gui/file/1c5a1893e2d9ebec47e904cb5848c73160e44bbdc132ef4629ed01248c126bd0/detection 91.109.186.14:6606 91.109.186.14:7707 91.109.186.14:8808 seznam.zapto.org # Reference: https://app.any.run/tasks/d76a4082-1636-4122-9ac8-55a52a8c79d8/ 103.47.144.42:7045 # Reference: https://www.virustotal.com/gui/file/5faef14a931cb73235865309f5b8d151decefe3163036e6d15442325eeda14fa/detection 82.213.21.251:6606 82.213.21.251:7707 82.213.21.251:8808 ccleaner.hopto.org # Reference: https://app.any.run/tasks/842a3193-57c3-4a67-919d-f63d091ef85d/ # Reference: https://www.virustotal.com/gui/file/6dedc7da4dacf1e6bec9ca8b120343dfea5a46df41ca454f37284b163211ff78/detection http://185.81.157.135 185.81.157.209:2301 # Reference: https://twitter.com/malwrhunterteam/status/1643576221354033154 # Reference: https://www.virustotal.com/gui/file/cb977702b8e144294287783f421fa0c9648e91b2ae7a22c9564ef2986bd76675/detection 209.25.141.223:50753 overview-bm.at.ply.gg # Reference: https://www.virustotal.com/gui/file/b605abc87533cdc19417cb5d77523786566abea6d3c50f9726cb50e572a72a6d/detection 194.26.192.121:6606 194.26.192.121:7707 194.26.192.121:8808 mssssusa.accesscam.org mssssss47477474.casacam.net wmssssss47477474.casacam.net 6606.mssssusa.accesscam.org 7707.mssssusa.accesscam.org # Reference: https://www.virustotal.com/gui/file/f38e60203e63c6698a2ece1184f19377d9f42caf2c3d474b9f8a210d41313d00/detection win10.webredirect.org win11.giize.com # Reference: https://www.virustotal.com/gui/file/6d7250146b15601a91d4a0b1f7b61c92663ba3c292a7a599b729c0f63702534e/detection 185.65.134.182:15888 # Reference: https://www.virustotal.com/gui/file/a41eb1afcafeaa654907fcb9bf5933bf5fd628f921e846ac9337b9841300194d/detection 185.65.134.182:57274 # Reference: https://twitter.com/x3ph1/status/1646691991982333954 # Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT # Reference: https://www.virustotal.com/gui/file/e22683de5510cbc523e79448c8695ae6c07e03b6548acbd8960ce243282594c0/detection 147.189.170.192:6666 wbem.ddns.net # Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT # Reference: https://www.virustotal.com/gui/file/f12589613148fd8c49340d2a052055a904eebcb6be0139e88c195199e017ee7c/detection # Reference: https://www.virustotal.com/gui/file/d914868ffae77ca23a37923e9af6e4f4b006a1647de5312881abb32e86e1004b/detection # Reference: https://www.virustotal.com/gui/file/6c53e66888f9ea39e6742852b010583ba15026c20e175cfbf889681f72407b31/detection 2.56.56.223:1996 207.32.218.11:1996 zipcode96.ddns.net # Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT # Reference: https://www.virustotal.com/gui/file/b4a9322a15a084fe9b8347b2c7bceac6f82d838a808dadcdd82b48bd1763ae2c/detection 207.32.216.100:1999 bigflossy.ddns.net # Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT # Reference: https://www.virustotal.com/gui/file/0be38f7ea9f1a73de2b0d3a5780837eb07a46cdb784b1f89e355d4c4dab76eb2/detection 2.58.56.41:1996 cynax22.hopto.org # Reference: https://www.virustotal.com/gui/file/f5b225cee24542e5f59f4aeb62bc8dcfe407014e644987586c5effa2e443df91/detection 176.97.70.164:1177 # Reference: https://www.virustotal.com/gui/file/5f69e57505862bfe9efc097de17ffa99c93eedb60e86b073cbe494b00a2d9a37/detection 18.228.115.60:12097 18.229.146.63:12097 18.229.248.167:12097 18.231.93.153:12097 54.94.248.37:12097 # Reference: https://twitter.com/r3dbU7z/status/1649082685338402816 # Reference: https://www.virustotal.com/gui/file/d5a2a03d87b4f1471dabcc76c057b74ebf4557058bdc225194a444413964b13a/detection # Reference: https://www.virustotal.com/gui/file/b65be0351a717f4440b29a61d206acf4457c4755693f5d68e8cb39948ec5c1cf/detection http://51.89.207.173 51.161.107.21:666 usb.directory # Reference: https://www.virustotal.com/gui/file/33a24cdd53b8d0a52bd93e9b59482c4c7c933d119dba87f01f7c02a8c97bed0a/detection 147.185.221.223:24460 myfilesx.s3.us-west-004.backblazeb2.com /ddgqprb4fbn/fgtryh45c.txt /ddgqprb4fbn/ /fgtryh45c.txt # Reference: https://twitter.com/sicehice/status/1650703773839286272 # Reference: https://www.virustotal.com/gui/file/9bc6f7078b4a80e7363336194ffccb04d646da487bb093775b3caefd224f7d87/detection 31.192.235.146:8000 31.192.236.139:3434 # Reference: https://twitter.com/g0njxa/status/1652022542259896335 20.123.197.130:8080 # Reference: https://www.virustotal.com/gui/file/140e8710e1a8c2dfbeea2587180ffc0656523fca8824880e7e3de91a3a56d7a4/detection 81.161.229.121:4545 # Reference: https://www.virustotal.com/gui/file/0571c7fd18f633e731f93e93f82260c89157e2e014152b1d909cfbc1c7d68570/detection 179.43.154.184:8008 minijusfil.com # Reference: https://www.virustotal.com/gui/file/cd279fe4806f1925c2985f4a3f4a0052b140e85ffad9a2e46b27f8ff2cd99baa/detection bahrdevo.endoftheinternet.org # Reference: https://twitter.com/malwrhunterteam/status/1654111835136708608 # Reference: https://www.virustotal.com/gui/file/09cc73e85312daa39cbf1e5a523ed368a0611c0691cecbafd5f6b0c2d64eaaba/detection 46.21.153.135:9897 apatee40rm.gotdns.ch # Reference: https://www.virustotal.com/gui/file/817c463f2b2d6ad916bd11bdc8e81e232b443d333cb02a3943d28f11d206ccc3/detection 45.80.158.114:6606 45.80.158.114:7707 45.80.158.114:8808 1dog.ddns.net # Reference: https://www.virustotal.com/gui/file/3ebfbbd09064aae6f6238d019637a666740b3b35141e46cf76524c8dde88fb26/detection 103.30.126.242:8848 # Reference: https://twitter.com/Artilllerie/status/1655915223604244482 # Reference: https://www.virustotal.com/gui/file/4d275403b2993bb1dcf4d3262a5a70b32c0caa04e3cdb8c236420a3b1b1855b6/detection 190.2.142.239:5566 downlodanydesk.com # Reference: https://www.virustotal.com/gui/file/91971af253069cff21a8c104773ba2f80ac611a6e72db84d20432141136578f4/detection 104.234.119.55:50511 mortgage-service.duckdns.org # Reference: https://www.virustotal.com/gui/file/1141b995cd24c8f2eb4d83d08a3a9dba4f2c4cd5d6e1528f64aa8d51ddbd62bb/detection # Reference: https://www.virustotal.com/gui/file/afda04b91b8bff33be9e8f9c7a3cf441c4b2c92f9fcef42a00bcf35e495a9e67/detection 79.134.225.40:2211 vmware.trickip.org # Reference: https://www.virustotal.com/gui/file/0c32c4300e32863030d1ed5633f530a4f411df1c391d4388140c8ff2974638b0/detection 194.5.97.49:6970 83.151.238.37:8080 dvcfxgcvbbasfsd.ru xafsavxcfdgbdsfg.ru giuseppe.ug tamera.ug # Reference: https://twitter.com/0xToxin/status/1661101374166257664 strekhost2058.duckdns.org strekhost2065.duckdns.org strekhost2068.duckdns.org # Reference: https://gist.github.com/embee-research/f6af45017a3bb3c64a1654b7c4810525 109.230.238.142:6666 116.62.115.255:8808 120.146.185.63:443 142.202.240.126:5555 146.59.161.194:8808 149.102.132.253:3110 15.165.236.45:8808 172.81.60.205:8808 185.81.157.105:5130 185.81.157.135:7777 185.81.157.14:4444 185.81.157.168:7701 185.81.157.5:4152 190.28.148.168:2000 192.119.108.77:8713 192.119.108.78:8713 193.23.161.246:6666 194.156.91.127:8743 194.9.172.60:8808 198.244.251.230:2222 20.67.243.141:113 207.244.232.102:8808 207.32.217.71:5001 23.254.130.126:6667 23.254.227.121:6666 23.254.231.83:1002 38.242.242.149:7777 45.138.16.161:2020 45.138.16.202:6666 45.138.16.48:1234 45.141.215.81:888 45.141.215.84:222 45.143.99.54:1337 45.154.98.110:1989 45.154.98.192:222 45.58.190.125:8808 45.80.158.57:8888 5.224.222.214:4001 5.249.165.85:6666 51.120.120.162:8808 51.161.104.149:8808 51.161.105.119:7707 51.161.59.75:7707 51.81.126.13:222 51.81.24.93:7000 51.89.204.67:7707 51.89.207.166:8808 54.38.124.50:8096 54.38.234.73:8808 66.94.118.174:1188 66.94.122.207:8808 70.36.110.159:8888 74.222.22.72:8888 82.159.198.174:4002 85.206.172.156:444 85.215.190.69:8808 98.26.85.5:6969 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (04 Jun 2023) 111.90.149.195:5111 111.90.149.195:7766 151.80.52.38:4449 185.252.178.121:8808 192.71.244.54:8080 37.196.152.120:4449 43.226.49.147:8080 45.80.29.139:1337 64.235.61.43:8848 84.54.50.9:6606 84.54.50.9:7707 84.54.50.9:8808 88.198.206.217:4449 91.192.100.7:8808 95.214.27.44:6606 95.214.27.44:7707 95.214.27.44:8808 # Reference: https://www.virustotal.com/gui/file/74c1d1141cf501cd8b9d86f97acb67cc7dc7e9213f8722600ae991f5d254b68b/behavior websites.vpndns.net # Reference: https://www.virustotal.com/gui/file/28e1470bf46b1680e230c7bb57e4836d3b6bef4d35d2cc927984950416a4c1d7/detection # Reference: https://www.virustotal.com/gui/file/367831dcb90d2df723eeccb94c21fe58691a6946b4ea40cb9de2bac316319d9b/detection # Reference: https://www.virustotal.com/gui/file/ba5ed5f0f25b952f16a30d9dc97c1be2a9c1f7676345311b421584ca4c4c1405/detection 18.198.77.177:17851 3.121.139.82:17851 3.127.253.86:17851 3.127.59.75:17851 35.158.159.254:17851 52.28.112.211:17851 solarx.site # Reference: https://www.virustotal.com/gui/file/da642fc983f09b106c32181f7e66d0cad426924650594ca613e5ce5b25b71493/detection # Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection 141.95.84.40:456 141.95.84.40:916 # Reference: https://www.virustotal.com/gui/file/9b3c1321f7bee06e6790ee733d7ff90400f628040fee4e65d240340f957d00a1/detection 104.243.47.45:5230 104.243.47.45:6606 104.243.47.45:7707 104.243.47.45:8808 celsperial.hopto.org # Reference: https://www.virustotal.com/gui/file/f9171de76ea630a461f1764aa9c27fadf7e8fcbddfa7a2c3b44067867c029f05/detection 91.208.92.49:7001 miopsbn.con-ip.com # Reference: https://www.virustotal.com/gui/file/0747abd54dd664fed5dd0028ac579905845c91d5a0da537133ba4bfcb5fea15c/detection 181.142.211.88:7577 # Reference: https://www.virustotal.com/gui/file/71a2fe2a79055b9aca04daaa8288730f1027c0b186e2f10718b21e2d1e89355d/detection 64.235.61.43:42069 # Reference: https://www.virustotal.com/gui/file/cd704cdaf7397e725eaa339fb7ad3a0ab26f503428eb8eaaf4abb656ae949382/detection 188.126.90.211:3636 188.126.90.212:3636 46.246.12.211:3636 46.246.4.211:3636 planpnl.duckdns.org # Reference: https://www.virustotal.com/gui/file/132358ecc4d7b80efba0d2d57fe104b563673ecc9935efcd4e8440c886e0138c/detection 18.228.115.60:17832 18.229.146.63:17832 18.229.248.167:17832 18.231.93.153:17832 54.94.248.37:17832 # Reference: https://www.virustotal.com/gui/file/3ec57ea55466112ec38310d0066fc024e3600887785e768a8219230d236a7eb8/detection 18.228.115.60:16864 18.229.146.63:16864 18.229.248.167:16864 18.231.93.153:16864 54.94.248.37:16864 # Reference: https://www.virustotal.com/gui/file/c44075c86a18be51547cba1e2d357aaef5008a0bfb25daa4dba2c6c5e25f2ca1/detection 209.25.140.194:51862 209.25.141.194:51862 209.25.142.194:51862 194.ip.ply.gg # Reference: https://www.virustotal.com/gui/file/994385b5a04f107c65d45c3cb54483e847d63b6b75988ad8ecfd6c9df1cba295/detection 18.230.117.219:6000 # Reference: https://www.virustotal.com/gui/file/c7b9a1bf733e98f545d5cb946165c32923c564b4cc3603924eae9a44df203a3d/detection 18.231.156.119:7000 # Reference: https://www.virustotal.com/gui/file/fbc3ad3bdb040103596ab07b85d80331dcaa9868e55220481faba563c85f890a/detection 18.228.115.60:13552 18.229.146.63:13552 18.229.248.167:13552 18.231.93.153:13552 54.94.248.37:13552 # Reference: https://www.virustotal.com/gui/file/f8fc2647fffca9883e5eb6cc375c4efafdb56d2f4a11fce3b4444dadfb51d0cb/detection 192.119.108.74:8710 192.119.108.74:8712 microsoftdell5.duckdns.org # Reference: https://www.virustotal.com/gui/file/fd5b9cbb176cfea7cb3ba0b8f10e323eb1a9c1a914a0ab9182aa033c8ea18429/detection 181.141.4.153:8000 walder08.duckdns.org # Reference: https://www.virustotal.com/gui/file/d173f0a86e693ad02d756c7f8f1bee445c663aecf2b4f886f733ca01c0911345/detection 181.141.4.153:6969 an6969.duckdns.org # Reference: https://www.virustotal.com/gui/file/296a2cb7bf3fa274918f985358debd7983e2af29068fc37dd9cb99e070b9f0fd/detection 151.106.30.145:7410 741qu.bounceme.net # Reference: https://www.virustotal.com/gui/file/577047181197a34939a106666deec71d3e91e386deda32d412ef1e8b3de2b000/detection 198.12.123.17:5004 198.12.123.17:6606 198.12.123.17:6700 198.12.123.17:7707 198.12.123.17:8808 celesperial.ddns.net # Reference: https://www.virustotal.com/gui/file/67905601c2fc9f78274058e39de8c2714f46b40cfd29e5d5a06117fc7d07ab46/detection 172.111.136.105:2022 admina.duckdns.org # Reference: https://www.virustotal.com/gui/file/60ae5794afacdc55c75268040eedce59d20776dced641d2cba250bd768359d8a/detection alertgeeks.ddnsfree.com # Reference: https://www.virustotal.com/gui/ip-address/185.150.117.106/relations # Reference: https://www.virustotal.com/gui/ip-address/84.32.190.45/relations # Reference: https://www.virustotal.com/gui/ip-address/85.217.144.194/relations # Reference: https://www.virustotal.com/gui/file/9ae87c35d2a6209b208dcefea9785a31d69a1a9396a825883edddd3e030188e4/detection fox-news-checker.cc microsoft-auth-network.cc microsoft-service-checker.xyz security-service-api-link.cc update-checker-status.cc utorrent-backup-server.top utorrent-backup-server2.top utorrent-backup-server3.top utorrent-backup-server4.top utorrent-backup-server5.top utorrent-server-api.cc utorrent-servers.xyz win-network-checker.cc windows-services-update.com youtube-checker.cc # Reference: https://www.virustotal.com/gui/file/9a6aa7bc60f817e2c0761373100d5bb22207847da7d8452db757b17c03c18c9c/detection 185.174.101.94:5464 electroniccomerceanddatabasesforstudypurposesonly.online # Reference: https://www.virustotal.com/gui/file/b0fafe361aa7083b1d3482ec723158599dd01c5d26fa5ea3c30d78a325c9fb8a/detection 209.25.140.229:18084 209.25.141.229:18084 209.25.142.229:18084 decision-at.at.ply.gg # Reference: https://twitter.com/k3yp0d/status/1681973711774130176 nansen.accesscam.org # Reference: https://www.virustotal.com/gui/file/0c72727630c83e823fd60d776bad262f01c7e0a9e52ea92fdd9a3adf04910d6e/detection 209.25.140.181:26235 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-07-23) http://51.79.49.73 103.169.34.151:2245 103.170.118.35:6606 103.212.81.152:3845 103.212.81.152:3850 103.212.81.152:6606 103.212.81.152:7707 103.212.81.152:8808 104.255.175.12:8008 107.175.113.198:8011 108.58.155.197:6606 108.58.155.197:7000 108.58.155.197:7707 108.58.155.197:808 108.58.155.197:8808 108.58.155.197:8881 108.58.155.197:9909 109.195.94.247:8096 111.90.150.186:8977 116.62.11.90:8848 136.243.151.123:8808 136.243.151.123:9999 136.243.151.21:65 136.243.151.21:66 138.201.95.65:8808 141.98.6.105:5010 144.126.149.221:8888 146.59.161.10:8808 147.189.174.239:6666 149.202.0.249:8808 149.56.79.3:4007 154.12.252.41:4449 154.213.18.103:6000 154.213.18.70:6000 154.213.18.70:8808 154.213.18.84:8808 158.69.131.146:222 158.69.131.146:2222 166.88.209.145:1337 172.245.23.178:7777 179.13.0.238:4203 185.104.195.215:1981 185.104.195.215:2000 185.106.92.84:4449 185.17.3.72:7707 185.222.58.44:4040 185.225.74.254:6606 185.225.74.254:8808 185.24.55.37:8808 185.241.208.104:5555 185.241.208.142:6666 185.241.208.99:2222 185.241.208.99:6666 191.101.130.205:6606 191.101.130.205:7707 191.101.130.205:8808 191.89.243.236:5757 192.119.108.75:8713 192.119.108.76:8713 192.159.99.5:1010 192.159.99.5:2020 193.149.185.150:7707 193.23.3.123:6666 193.233.133.58:5631 193.26.115.74:888 194.213.3.18:6666 194.31.87.133:8808 194.32.149.80:8808 194.59.31.39:2025 194.87.151.87:8808 194.9.6.69:8808 2.58.56.143:222 2.58.56.143:2222 2.58.56.143:5555 20.150.193.28:4449 20.200.63.2:2727 207.32.218.20:8008 209.145.56.0:4017 209.25.140.212:34507 209.25.140.212:8848 209.25.141.180:6498 23.101.143.72:6666 23.101.143.72:7777 23.101.143.72:8888 23.229.67.133:5808 3.88.20.74:1111 45.12.253.107:6606 45.12.253.107:7707 45.12.253.107:8808 45.125.48.112:6606 45.125.48.112:7707 45.125.48.112:8808 45.136.6.79:6606 45.136.6.79:7707 45.136.6.79:8808 45.138.16.108:6606 45.138.16.108:7707 45.138.16.108:8808 45.138.16.145:2222 45.138.16.145:4444 45.138.16.145:6666 45.138.16.213:1194 45.138.16.235:6666 45.138.16.235:7777 45.141.215.109:6606 45.141.215.109:7707 45.141.215.109:8808 45.141.215.121:4444 45.141.215.121:6666 45.147.45.253:30303 45.154.98.201:6666 45.80.158.116:6666 5.161.192.28:6606 5.161.192.28:7707 5.161.192.28:8808 5.196.35.57:6606 5.196.35.57:7707 5.196.35.57:8808 5.224.222.63:4002 5.224.222.63:5001 5.224.222.63:5003 5.252.165.130:8808 51.142.112.141:113 51.75.52.3:2020 51.81.24.93:8088 52.28.112.211:19945 66.94.105.222:8808 68.219.184.180:3131 69.172.233.16:6666 69.172.233.44:6666 70.36.111.185:8888 77.73.131.83:8080 78.161.80.191:8808 78.47.172.152:5555 81.171.25.97:113 82.159.146.144:5000 84.54.50.31:8877 85.217.144.78:8808 87.121.221.53:6606 87.121.221.53:7707 87.121.221.53:8808 89.23.96.181:7777 91.109.176.4:8808 91.109.178.10:8808 91.109.182.6:6606 91.109.182.6:8808 94.142.138.19:443 windows10-11.ddns.net windows10-11.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/167ed73a98ed7c3ff1ff221117f497c8fb6fa98ee0c1160a567415ad6d39195a/detection 18.197.239.109:12694 18.197.239.109:66086 18.197.239.109:7707 18.197.239.109:8808 3.69.157.220:12694 3.69.157.220:6606 3.69.157.220:7707 3.69.157.220:8808 # Reference: https://www.virustotal.com/gui/file/1a4f3da692806a57a243e8d165a183019c0a0126e8c6f0aade81979679ab3d94/detection 181.52.111.53:3028 sept24stri.con-ip.com # Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html 111.90.150.186:6606 111.90.150.186:7707 111.90.150.186:8753 111.90.150.186:8808 111.90.150.186:9907 79.110.49.162:6606 79.110.49.162:7707 79.110.49.162:8753 79.110.49.162:8808 79.110.49.162:8977 79.110.49.162:9907 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-07-29) 142.202.240.126:6666 147.50.253.108:5505 147.50.253.108:6606 147.50.253.108:7707 147.50.253.108:8808 172.94.105.98:2000 185.246.222.170:1616 192.121.247.21:2000 20.124.90.72:5002 20.200.63.2:3232 92.178.8.159:8848 onadeatcamside.sytes.net ronadeatcamside.sytes.net # Reference: https://www.virustotal.com/gui/file/6c16c890ebece47d2e9c9160c366e632fc7577ac766ae32ef640070481ab8c3e/detection 157.90.51.195:58001 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-07-31) 147.185.221.16:10735 206.53.55.8:6606 206.53.55.8:7707 206.53.55.8:8808 213.238.177.40:8848 61.136.166.128:8848 91.109.176.13:6606 91.109.176.13:7707 91.109.176.13:8808 # Reference: https://app.any.run/tasks/6dc0de33-d560-47a1-9e99-8b678a549174/ 185.81.114.175:6606 185.81.114.175:7707 185.81.114.175:8808 # Reference: https://www.virustotal.com/gui/file/c3329f80f820ce5f4740cff9a03ebfb1a417f49cd81a6fac7f1174f8b9e65dc1/detection 208.67.107.168:9090 # Reference: https://www.virustotal.com/gui/file/a01b92a477bdf998362cd7ec70b0aa1a8fdc1cdbb2350ef47c5f17abcd422066/detection 208.67.107.168:9055 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-08-02) 185.180.230.132:1488 plazzasecretballeronline.onedumb.com # Reference: https://www.virustotal.com/gui/file/8627f2595a4e2b9b3e78fd956771b037772ce92c49ebc06fd0b53c247f9513bf/detection 201.185.208.130:7580 # Reference: https://www.virustotal.com/gui/file/cf85e1acf51f48393b1ebeb6cc99d5987a84c0d6536f39c264e1bd3d60c21db4/detection 162.194.106.79:8848 noxbot.ddns.net # Reference: https://threatfox.abuse.ch/ioc/1148970/ # Reference: https://www.virustotal.com/gui/file/763d970f36c8f7d30a356690884f8db111379153bafa55607b6f41bdb12fc01d/detection # Reference: https://www.virustotal.com/gui/file/fe145c31edc5e0541a4e5857b1c8a54bfae66d78a76937469e0d1a37a0739073/detection 51.75.41.118:6606 51.75.41.118:7707 51.75.41.118:8808 3llah23.run.place 3llah.vpndns.net # Reference: https://threatfox.abuse.ch/ioc/1149069/ 45.74.0.212:2000 # Reference: https://www.virustotal.com/gui/file/398bf921701c72139dfa6d11b2eb41810170eaf847cc73f16ff00c8f86d6d30a/detection 46.246.12.26:2106 46.246.84.5:2106 # Reference: https://www.virustotal.com/gui/file/e6d3b5e5e32627fd5ebfe02729366a88a0af661ac60cf50e5acba8a575908732/detection 46.246.14.15:5050 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-08-10) 77.232.132.25:5001 91.109.178.2:1018 # Reference: https://www.virustotal.com/gui/file/dc86ebc16af410e160c279988a5aebe2dd492d932100e83aeef785fee2ef201a/detection 104.220.158.189:7788 # Reference: https://www.virustotal.com/gui/file/978acff20319adccc0f9f6b576a421387b4085496a535c6676f4f1258d718a71/detection 104.220.158.189:7771 # Reference: https://www.virustotal.com/gui/ip-address/81.171.25.97/relations # Reference: https://www.virustotal.com/gui/file/73b3658f98fbf321844980d67ca63ca1c7d1b16ae50f112da68858b4924ac3d2/detection # Reference: https://www.virustotal.com/gui/file/0cc0e3fe599b7bd362dd160efafaefd26c692934682cc13e12575c05aa028a99/detection # Reference: https://www.virustotal.com/gui/file/f041884345406408839d2289106f09cd0f002fffd5a66bb2e34a141457bc7e82/detection 81.171.25.97:114 81.171.25.97:6606 81.171.25.97:7707 81.171.25.97:8808 new22.vpndns.net windowsignn.theworkpc.com # Reference: https://www.virustotal.com/gui/file/61be8cdec38d60d5a8a64fd0f891656f0410825d7c1181d7f40eb6aaf56d3521/detection 177.255.88.161:7575 2riandcra.duckdns.org # Reference: https://www.virustotal.com/gui/file/fd87155ae16286e44eb0068f8ea18a735bc8b8a1fbefc60f70b7a5a14538677b/detection 185.106.94.122:4449 # Reference: https://www.virustotal.com/gui/file/3e5129342dbb24524cf03acc4830c429e57ed7d54c0bfe996675c35680378326/detection 51.254.49.49:5005 augustsimillarity5045norep.ooguy.com # Reference: https://www.virustotal.com/gui/file/c69860ee4b8d0f24138de42421cd4123ef15e3618b08faa5becf9b52c69fc8e4/detection 41.98.125.239:1000 # Reference: https://threatfox.abuse.ch/ioc/1149939/ 185.225.75.5:3450 # Reference: https://threatfox.abuse.ch/ioc/1150150/ 20.200.63.2:3636 # Reference: https://www.virustotal.com/gui/file/04f21858d3b9bf77deda4fb7f68682cc3958b4ce07ff15be06272978dda62cd0/detection 94.156.102.141:1188 94.156.102.141:7575 freighteighttwocam.ddns.net freighteightonecam.sytes.net # Reference: https://twitter.com/r3dbU7z/status/1692693944713326673 # Reference: https://www.virustotal.com/gui/file/63a7fd8b6ff6ffbcd258d9809d672a7c14eb111da7b99995ad43441c7164ca03/detection # Reference: https://www.virustotal.com/gui/file/3d9240c729af948921184ce965f54cf1d3841d81465ed06f537e4ef838a01643/detection 206.53.55.190:1717 206.53.55.190:1990 206.53.55.190:1991 206.53.55.190:1992 206.53.55.190:1993 206.53.55.190:1996 206.53.55.190:1997 206.53.55.190:1998 206.53.55.190:6161 206.53.55.190:6606 206.53.55.190:7171 206.53.55.190:7707 206.53.55.190:8808 psmohmedhatx21.teaches-yoga.com xp3host.dynalias.com xp4flash.selfip.biz # Reference: https://www.virustotal.com/gui/file/7fb648fac5909411544f76c0444f0e2f285c1a965030661f573264818b2f8e8f/detection 103.145.13.69:9889 # Reference: https://irfan-eternal.github.io/analysing-.net-asyncrat-using-dnspy/ # Reference: https://www.virustotal.com/gui/file/8da2ee52332138905d6c21a8c2fd16c1ccb16aa057b64df7e66f2bd38664e86f/detection 185.252.178.121:6606 185.252.178.121:7707 josemonila.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/3cc1baf7b47138253df8ee572d99ab99a8d597cd8f72a9e2a5de264ba480933d/detection 181.52.102.110:6606 181.52.102.110:7707 181.52.102.110:8808 asynrat2023.duckdns.org # Reference: https://twitter.com/pmelson/status/1693342246563627400 # Reference: https://pastebin.com/BThmj07d 45.14.165.113:6606 45.14.165.113:7707 45.14.165.113:8808 # Reference: https://www.virustotal.com/gui/file/002f60e1c62d85643e17295edef3ba55f4f5c9487d76d9df279cf69ab3e9cd86/detection 37.3.242.75:4449 myhosas.ddns.net # Reference: https://twitter.com/suyog41/status/1693917329372102953 enesoftware.top # Reference: https://decoded.avast.io/martinchlumecky/hotrat-the-risks-of-illegal-software-downloads-and-hidden-autohotkey-script-within/ # Reference: https://otx.alienvault.com/pulse/64be7858d74c880dfcfe7615 # Reference: https://www.virustotal.com/gui/file/0b32aa65d2e322aa176f313791444b5dc313bddab13ec31dd7bcd278ee07e7bc/detection # Reference: https://www.virustotal.com/gui/file/9a294dbc6efbe24b7da955c62a7f12b6f142a41b10b9e168788e4b4e23ea3a4a/detection # Reference: https://www.virustotal.com/gui/file/73bd4c7a86d191c46a14cc37e901529de17df2705b6d7cbfd832d051cd72053c/detection # Reference: https://www.virustotal.com/gui/file/46f81e5fcd1cdd8b4dc3079f615bddbd1d75f1540e29b79201c7b284965b367f/detection # Reference: https://www.virustotal.com/gui/file/43e8b2afe0a807842cb12ec6b5b67f0d25c1031c0398c3e394df128958896e9e/detection # Reference: https://www.virustotal.com/gui/file/d6722a29d0c7f579f7c2190928090194fd9d02d6dbc605a29da6a52e43428efc/detection # Reference: https://www.virustotal.com/gui/file/288af01303abb4d064c4217d425c25d0b21388a3262dae56742891dbfaadfc45/detection # Reference: https://www.virustotal.com/gui/file/1f6d0c9cf3c2f6a006bb9bc518f700748c1ac9b56615e12c60009175359830a8/detection # Reference: https://www.virustotal.com/gui/file/b9965723a0480239544ec3990132ff2db7dfe18787122a3d0e91a282becb99eb/detection # Reference: https://www.virustotal.com/gui/file/8c1ca084dc5a5ff7d8488267ea077911718d43e369449afe346e8b631ba2a542/detection # Reference: https://www.virustotal.com/gui/file/198e2c9faec77fb6efcee8dbd2e910ab96e0aa8e080d7a43cd3b399c0fba6418/detection 108.143.240.80:771 13.80.133.110:70 185.205.209.206:1114 185.205.209.206:2012 20.218.135.231:306 209.145.56.0:2012 45.138.16.87:1113 78.181.128.17:4014 85.102.222.140:4015 88.229.26.95:4015 88.232.117.185:4015 88.249.141.131:55 88.252.196.9:91 51-83-136-132.xyz s1-filecr.xyz dynsys.is-a-guru.com fon1.sells-it.net foxn1.sells-it.net rec.casacam.net samaerx.ddnsfree.com srxy123.is-a-geek.com websites.theworkpc.com # Reference: https://www.virustotal.com/gui/file/ed7156a259cecc750c121faed21545185d9436de677556ef9e271e519073fb34/detection 78.170.251.123:6606 78.170.251.123:8808 81.214.76.150:6606 81.214.76.150:7707 81.214.76.150:8808 # Reference: https://www.virustotal.com/gui/file/817f9928ccca9886ff23d9c68894c6d510da21bf238f9955a909d7b9e4054a61/detection 78.161.80.94:4017 live.publicvm.com # Reference: https://www.virustotal.com/gui/file/7d5b09c3ff843a1196ce62f5d8b5c9d52b6c83b3bfff3e6d18534586ddb5010f/detection 78.169.11.161:6606 78.169.11.161:7707 78.169.11.161:8808 # Reference: https://www.virustotal.com/gui/file/390fa96690573ffd2037a1d21bc066f5c6ca16b67448cf677b92f09c0dd862d5/detection 45.138.16.48:66 assdwdssa.sells-it.net dsdwdwnsd.sells-it.net sotso.homedns.org # Reference: https://www.virustotal.com/gui/file/fb9c17a01cf868d55c0368d7d099f4509bed812409eeb5abf7200f1ab5817c32/detection 78.161.80.94:4018 88.237.201.81:4018 live.sells-it.net # Reference: https://twitter.com/ScumBots/status/1694109037594366260 # Reference: https://www.virustotal.com/gui/file/0467d797db1facd534f6d1e0093dbfc95de214e09bb180eb3d18ed24c474163d/detection 141.98.6.105:5010 141.98.6.105:6606 141.98.6.105:7707 141.98.6.105:8808 r0nj.ooguy.com # Reference: https://threatfox.abuse.ch/ioc/1151706/ 194.169.175.43:1339 # Reference: https://www.virustotal.com/gui/file/c60bcda1d38ac7b02ee20d89378b2c6bac63e1866aa4bc5fd218edbbad8c8066/detection 93.115.35.130:4418 # Reference: https://www.virustotal.com/gui/file/4b6ffa81db06ef905a14b9483472f506e642d9be730c7926b32b1aab98a8aedd/detection 91.92.120.18:4441 # Reference: https://threatfox.abuse.ch/ioc/1152320/ 85.239.241.136:1338 # Reference: https://threatfox.abuse.ch/ioc/1152406/ 138.197.66.62:22256 # Reference: https://threatfox.abuse.ch/ioc/1152460/ 213.3.43.23:58640 # Reference: https://www.virustotal.com/gui/file/0829db1ff9d39045943c0774e8d059593c4aada1527d34fa21889504fea3e153/detection 172.94.104.195:2000 78.101.189.42:2000 donzola.duckdns.org # Reference: https://threatfox.abuse.ch/ioc/1152519/ 95.173.247.110:8810 # Reference: https://www.virustotal.com/gui/file/0106b0d302d02505f7681a44f5390357e98d9d040a833b899cb74eee07303fe5/detection 95.173.247.110:8806 # Reference: https://www.virustotal.com/gui/file/352c232d90178707026177ddb1d09a36149f4167ae50323ac8d29ddd5dafdb03/detection 95.173.247.110:8807 # Reference: https://www.virustotal.com/gui/file/146a834437e2f564d98221dbf31b65fb7c8202439efffe188b92299983197391/detection # Reference: https://www.virustotal.com/gui/file/c868403af8ea5fcad690924167f28c1dc2aa8e1dd342d2ff14d3289f8870fb0b/detection 193.43.104.22:3232 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-08-31) 138.197.66.62:22596 147.185.221.16:30170 181.131.219.51:2727 38.6.189.150:8848 4.212.242.253:8848 80.66.79.27:4404 # Reference: https://www.virustotal.com/gui/file/28ffb4d5d61e7b2e35372c8b2a434c2d66825b1431ca1c2caf523584426dfc97/detection 43.159.134.109:6606 43.159.134.109:7707 43.159.134.109:8808 # Reference: https://www.virustotal.com/gui/file/dfc4a0222fb2f69e65438196a7935f86c6e42e3005c136930506a37542f6a0f9/detection 43.133.48.66:6606 43.133.48.66:7707 43.133.48.66:8808 # Reference: https://www.virustotal.com/gui/file/2293710fbf66e120d90e03f95a38b966da05d33ee0a1df2f14500e4811085494/detection 45.13.199.216:6606 45.13.199.216:7707 45.13.199.216:8808 # Reference: https://www.virustotal.com/gui/file/2a852589c52954a54a1e658a114fb19e936443aaa85b4fed48b3c64ff1162b81/detection 45.128.221.39:6606 45.128.221.39:7707 45.128.221.39:8808 # Reference: https://www.virustotal.com/gui/file/1ad2936e4d510633259697d0e7d692131c88de79716228963b39eb128a0dd301/detection 193.42.24.214:6606 193.42.24.214:7707 193.42.24.214:8808 193.42.24.214:8809 # Reference: https://www.virustotal.com/gui/file/641926faa61b285dc56392e849301861e5f786a3e45a7373dd334f34aa65d40d/detection 65.108.24.87:6606 65.108.24.87:7707 65.108.24.87:8808 # Reference: https://www.virustotal.com/gui/file/787f1dcd58cff8afb05bea4917395c330f5c4b5b129bee31009c824d9eac4cdf/detection # Reference: https://www.virustotal.com/gui/file/07442f6c22ad2b6a0d4f4c342c3e2a9095941147462b2722e2cb95c3ad77221f/detection 45.92.1.24:5001 febrawryman80noistry10.kozow.com # Reference: https://www.virustotal.com/gui/file/c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487/detection 172.94.40.145:8004 16agostok.duckdns.org # Reference: https://www.virustotal.com/gui/file/964555913ef321b88a1e52594f8438820230e704dd06f14768fafa9285038af9/detection 51.254.49.49:222 51.254.49.49:9191 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-04) 146.59.161.10:6606 146.59.161.10:7707 146.59.161.10:8808 147.124.209.80:222 15.204.170.1:6606 15.204.170.1:7707 15.204.170.1:8808 158.69.131.146:6606 158.69.131.146:7707 158.69.131.146:8808 185.252.179.66:6906 198.244.251.250:222 23.254.227.121:222 45.138.16.217:222 45.138.16.89:222 5.196.35.57:6606 5.196.35.57:7707 5.196.35.57:8808 51.161.105.119:6606 51.161.105.119:7707 51.161.105.119:8808 51.195.145.78:6606 51.195.145.78:7707 51.195.145.78:8808 51.195.251.7:6606 51.195.251.7:7707 51.195.251.7:8808 51.195.251.9:222 51.222.69.3:222 51.81.7.207:222 51.89.204.67:6606 51.89.204.67:7707 51.89.204.67:8808 51.89.207.166:6606 51.89.207.166:7707 51.89.207.166:8808 74.208.105.80:222 89.23.101.212:3232 95.214.25.236:4404 # Reference: https://www.virustotal.com/gui/file/1da13a6219c242b5216483316f8d98e64ef55cc44deb3b7023ed9ea3a1aa00ee/detection 218.89.171.135:23647 218.89.171.135:4139 218.89.171.135:6606 218.89.171.135:7707 218.89.171.135:8808 # Reference: https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4 192.155.91.72:5000 # Reference: https://www.virustotal.com/gui/file/ee666f67a09821bcfb7c7a19bf9fe04be8c0359884aa9b32bc887c9c26a4e579/detection 179.13.2.154:7000 nuevamenteeste.duckdns.org # Reference: https://www.virustotal.com/gui/file/d391692283a5dee65d00f4e3163e736da942ad2562136094da8613ac106fd5f0/detection 193.203.238.54:7777 mr1robot11.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/177.255.88.161/relations # Reference: https://www.virustotal.com/gui/file/e04cc364b53b6af7b8fe20a186f330dc67173f5d5e9b3ec9929f82092c72302f/detection 177.255.88.161:8525 informesespeciales123.duckdns.org mistersjsas1.duckdns.org newemprender.freeddns.org newpouelsen1.duckdns.org newzamrecarga.duckdns.org polusennew1.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-09) 194.180.48.53:6606 194.180.48.53:7707 194.180.48.53:8808 # Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/AsyncRAT/asyncrat_found_c2s_2020_to_2023.txt http://124.182.146.41 http://181.162.213.36 http://20.86.129.162 http://212.125.28.114 http://88.138.252.119 1.117.82.177:6689 1.117.82.177:8848 1.14.103.49:8848 101.33.208.151:6606 101.33.208.151:7707 101.33.208.151:8808 101.42.20.213:4449 101.43.254.90:8848 103.108.66.222:2023 103.108.66.222:2818 103.108.66.222:4449 103.108.66.225:2023 103.127.236.137:8848 103.138.108.71:1070 103.138.108.71:1137 103.138.108.71:2018 103.142.218.222:63979 103.147.184.53:1991 103.147.184.73:7920 103.147.185.192:7829 103.147.185.192:7840 103.147.185.192:7841 103.148.186.105:8848 103.149.13.196:8621 103.149.201.155:8925 103.149.201.162:2023 103.149.201.212:2023 103.149.201.212:20811 103.149.201.212:4449 103.149.201.212:8910 103.151.123.2:8621 103.153.79.210:8621 103.156.91.96:8621 103.167.90.172:06275 103.20.221.33:3232 103.231.254.62:8848 103.233.253.101:8921 103.233.253.118:8920 103.235.175.244:4448 103.235.175.244:4449 103.239.244.27:8848 103.254.108.50:1688 103.39.109.48:4449 103.39.109.63:4449 103.42.30.227:2023 103.42.30.227:8908 103.42.31.140:2023 103.42.31.140:2082 103.88.35.24:14449 104.129.26.162:7707 104.129.26.162:8809 104.152.188.104:1986 104.152.188.104:6606 104.152.188.104:7707 104.152.188.104:8808 104.194.156.4:3232 104.206.98.246:11903 104.223.106.133:3480 104.223.106.133:7700 104.223.106.133:7780 104.223.106.133:9800 104.233.228.116:8848 104.3.77.123:25566 104.37.174.26:1465 105.103.106.56:4449 107.148.13.135:1981 107.148.8.176:8848 107.150.4.162:4449 107.175.178.6:7277 107.182.237.15:55736 107.213.221.23:4449 109.120.188.95:8848 109.195.94.247:4782 109.248.200.191:6627 110.238.105.105:8848 111.67.201.24:8848 111.92.241.239:2023 112.150.137.53:6606 112.150.137.53:666 112.150.137.53:7707 112.150.137.53:8808 112.213.110.66:8848 114.132.125.213:8848 114.134.188.218:2023 118.195.199.246:8848 120.78.151.171:6658 121.45.37.175:6606 123.215.61.198:2020 123.215.61.198:6060 123.215.61.198:8080 124.248.229.210:8848 129.151.83.165:7177 13.233.168.154:8686 13.233.168.154:8687 13.36.178.139:4784 13.68.249.188:1881 13.72.107.36:7707 13.72.68.255:7707 13.77.164.68:7707 13.77.222.211:6650 13.77.222.211:6890 13.77.222.211:7829 13.77.222.211:9034 13.81.84.141:7788 134.122.167.65:8848 134.195.91.47:5555 135.181.53.40:4444 136.144.41.186:8848 136.144.41.24:3091 136.144.41.252:6606 136.144.41.252:7707 136.144.41.252:8808 136.144.41.83:4102 136.175.8.117:6606 136.175.8.117:7707 136.175.8.117:8808 136.243.191.199:18 136.243.191.199:4784 136.243.191.199:59 136.243.191.199:5900 136.244.94.164:3132 137.117.100.173:443 138.201.2.2:2002 139.28.235.223:6606 139.28.235.223:7707 139.28.235.223:8808 139.28.5.19:6606 139.28.5.19:7707 139.28.5.19:8808 139.99.73.120:34567 14.17.115.109:12356 14.17.115.109:22222 14.17.115.109:55555 14.17.115.109:8848 141.95.84.40:3020 141.95.84.40:3040 141.95.84.40:5055 141.95.84.40:555 141.95.84.40:911 141.95.84.40:912 141.98.11.72:4449 141.98.252.169:58750 142.11.209.177:6606 142.11.209.177:6821 142.11.209.177:7707 142.11.209.177:8808 142.4.200.50:6606 142.4.200.50:7707 142.4.200.50:8808 144.202.75.107:6606 144.202.75.107:7707 144.202.75.107:8808 144.217.68.78:3010 144.48.222.103:8848 147.124.208.212:6606 147.124.208.212:7707 147.124.208.212:8808 147.124.214.14:6606 147.124.214.14:7707 147.124.214.14:8808 147.185.221.161:15753 147.185.221.161:4449 147.185.221.16:11623 147.185.221.16:15753 147.185.221.16:41950 147.185.221.16:4429 147.185.221.16:4449 147.185.221.16:5050 147.185.221.180:8840 147.185.221.181:1024 147.185.221.181:16409 147.185.221.181:2044 147.185.221.181:53898 147.185.221.181:8848 147.185.221.212:46856 147.185.221.212:52456 147.185.221.223:5050 147.185.221.223:64895 147.189.171.186:1337 148.163.80.217:8542 149.104.148.244:8848 149.28.173.200:4784 15.235.10.108:8848 15.235.130.74:6606 15.235.130.74:7707 15.235.130.74:8808 151.248.122.243:6666 154.12.86.189:2023 154.12.87.239:2023 154.12.90.13:8922 154.12.90.2:2023 154.12.90.31:2023 154.12.90.49:8903 154.127.53.193:40404 154.127.53.26:1040 154.221.24.181:8848 154.23.176.93:4449 154.40.36.190:6606 154.47.25.194:1987 154.61.75.84:4444 154.61.75.84:5060 154.61.75.84:6659 154.61.75.84:8848 154.91.227.35:8848 155.94.129.4:4449 156.254.127.78:1443 157.230.255.179:5555 157.230.255.179:6606 157.230.255.179:7707 157.230.255.179:8808 162.14.197.20:8848 162.246.187.245:6128 162.246.187.245:6606 162.246.187.245:7707 162.246.187.245:8808 163.123.143.164:4747 164.155.129.86:4449 165.227.168.205:6606 167.71.56.116:22011 168.62.160.75:1604 168.62.160.75:222 170.39.185.242:6606 170.39.185.242:6821 170.39.185.242:7707 170.39.185.242:8808 172.0.0.1:8908 172.111.200.225:2768 172.111.252.131:9090 172.241.29.21:1608 172.241.29.21:3389 172.241.29.21:6606 172.241.29.21:8808 172.245.244.102:1809 172.93.163.101:6606 172.93.163.101:7707 172.93.163.101:8808 172.93.181.21:8848 172.93.222.169:6606 172.93.222.169:7707 172.93.222.169:8808 172.94.109.17:2703 172.94.109.17:46422 172.94.109.17:49746 172.94.109.17:6578 172.94.14.239:6606 172.94.47.80:4411 173.234.155.108:6666 173.243.112.143:6606 173.243.112.143:7707 173.243.112.143:8808 173.31.169.124:82 176.98.41.115:1938 176.98.41.49:6606 176.98.41.49:7707 176.98.41.49:8808 178.20.230.68:1604 178.208.94.113:4404 178.209.51.192:6663 178.211.139.47:4449 178.33.222.241:46943 178.33.222.243:2703 178.33.222.243:46943 178.33.222.243:49703 178.33.222.243:49746 179.43.139.10:4449 179.43.140.175:1678 179.43.140.208:6606 179.43.140.208:7707 179.43.140.208:8808 18.133.124.202:4784 18.156.13.209:10944 18.156.13.209:16608 18.156.13.209:4824 18.156.13.209:5403 18.157.68.73:16608 18.157.68.73:5403 18.158.249.75:12395 18.158.249.75:4824 18.192.93.86:15165 18.192.93.86:16608 18.192.93.86:4824 18.192.93.86:5403 18.197.239.109:16321 18.197.239.109:4824 18.197.239.5:16608 18.197.239.5:5403 18.212.29.200:4449 18.222.208.120:1938 18.222.33.57:7017 18.223.28.97:4784 180.214.239.36:6090 181.129.12.44:7777 181.162.213.36:4449 184.75.221.59:56390 184.90.251.249:7707 185.106.94.165:4449 185.112.146.237:8080 185.112.83.111:1338 185.128.25.29:6606 185.128.25.29:7707 185.128.25.29:8808 185.136.169.109:3480 185.136.169.109:6606 185.136.169.109:7707 185.136.169.109:8808 185.136.169.163:3480 185.136.169.163:6606 185.136.169.163:7707 185.136.169.163:8808 185.136.169.24:6606 185.136.169.24:7707 185.136.169.24:8808 185.140.53.133:2435 185.140.53.143:7707 185.140.53.162:8877 185.140.53.167:1515 185.140.53.192:1515 185.140.53.194:1002 185.140.53.213:6606 185.140.53.213:7707 185.140.53.227:6606 185.140.53.227:7707 185.140.53.227:8808 185.140.53.253:10001 185.140.53.41:5288 185.140.53.47:2424 185.140.53.67:10001 185.140.53.71:5622 185.140.53.7:6606 185.140.53.7:7707 185.140.53.7:8808 185.140.53.7:9090 185.140.53.8:6060 185.150.24.5:9171 185.157.160.136:1973 185.157.160.147:1973 185.157.161.205:1973 185.16.39.143:8848 185.165.153.116:46943 185.165.153.209:1990 185.165.153.215:6606 185.165.153.249:4371 185.165.153.249:4571 185.165.153.251:5050 185.165.153.251:6606 185.165.153.251:7707 185.165.153.251:8808 185.165.153.43:5007 185.172.111.229:27015 185.183.33.129:4449 185.183.35.122:4444 185.189.151.142:1122 185.189.151.142:5200 185.19.85.136:6060 185.19.85.143:9688 185.19.85.149:4898 185.19.85.149:6606 185.19.85.149:7707 185.19.85.149:8808 185.19.85.171:6606 185.19.85.177:54925 185.19.85.177:9961 185.19.85.179:6606 185.191.231.252:54984 185.195.79.212:5656 185.213.26.169:3389 185.214.10.196:6606 185.214.10.196:7707 185.214.10.196:8808 185.219.221.55:6606 185.219.221.55:7707 185.219.221.55:8808 185.22.154.160:33080 185.222.57.171:3678 185.222.57.203:7707 185.222.57.203:8808 185.222.57.233:2059 185.222.58.151:59668 185.222.58.151:59790 185.222.58.154:45216 185.222.58.154:51390 185.223.28.241:444 185.223.28.241:6606 185.223.28.241:7707 185.223.28.241:8808 185.239.242.166:5536 185.239.242.74:23500 185.241.208.97:5505 185.244.26.198:2021 185.244.26.234:4675 185.244.30.112:222 185.244.30.112:6606 185.244.30.121:7882 185.244.30.253:5050 185.244.30.253:6606 185.244.30.253:7707 185.244.30.253:8808 185.244.30.92:46943 185.246.222.249:4444 185.250.204.245:6606 185.250.204.245:7707 185.250.204.245:8808 185.33.234.204:4784 185.33.234.71:1337 185.33.234.96:2306 185.65.134.165:55160 185.65.134.165:55498 185.70.187.145:5555 185.81.157.117:9905 185.81.157.154:2424 185.81.157.169:2023 185.81.157.19:3312 185.81.157.19:6666 185.81.157.209:2312 185.81.157.46:1020 185.81.157.7:5523 185.92.74.18:3391 188.215.229.22:8900 188.215.229.44:7900 188.32.117.137:4200 188.72.112.72:1443 190.247.124.60:6821 191.101.193.202:6606 191.101.193.202:7707 191.101.193.202:8808 191.234.193.127:4449 191.96.236.162:22745 191.96.236.162:8000 192.210.214.230:6606 192.253.237.23:8848 192.253.255.182:6606 192.253.255.182:7707 192.253.255.182:8808 193.142.146.204:6606 193.142.146.204:7707 193.142.146.204:8808 193.149.185.169:6606 193.149.185.169:7707 193.149.185.169:8808 193.161.193.99:1500 193.161.193.99:25627 193.161.193.99:29069 193.161.193.99:38787 193.161.193.99:43453 193.161.193.99:43741 193.161.193.99:56777 193.164.7.105:4784 193.233.233.154:7781 193.239.147.156:6606 193.239.147.156:7707 193.239.147.156:8808 193.239.147.169:6606 193.239.147.169:7707 193.239.147.169:8808 193.239.147.169:8888 193.239.147.231:6606 193.239.147.40:8808 193.27.13.52:58107 193.27.13.57:58107 193.32.232.64:7777 193.56.28.20:5200 193.56.28.20:6606 193.56.28.20:7707 193.56.28.20:8808 194.127.178.3:3578 194.127.178.3:6606 194.127.178.3:7707 194.127.178.3:8808 194.127.179.127:6666 194.127.179.131:6666 194.147.140.145:9346 194.147.140.145:9955 194.156.90.31:5004 194.156.98.161:6606 194.156.98.161:7707 194.156.98.161:8808 194.180.48.177:4449 194.233.169.93:1604 194.233.169.93:6606 194.233.169.93:8808 194.233.92.247:4449 194.26.192.154:4449 194.33.45.109:7777 194.33.45.109:8888 194.49.94.163:6606 194.49.94.227:4449 194.5.97.165:5454 194.5.97.165:6606 194.5.97.165:7707 194.5.97.177:10011 194.5.97.208:4563 194.5.97.212:1199 194.5.97.21:2675 194.5.97.54:4449 194.5.97.6:7006 194.5.97.84:6606 194.5.97.84:7707 194.5.97.85:6606 194.5.97.85:7707 194.5.97.85:8808 194.5.97.85:9909 194.5.98.120:1515 194.5.98.129:5554 194.5.98.16:1337 194.5.98.174:1515 194.5.98.17:4545 194.5.98.231:6606 194.5.98.231:7707 194.5.98.231:8808 194.5.98.32:8808 194.5.98.32:9909 194.5.98.46:7707 194.5.98.52:18187 194.5.98.52:6606 194.5.98.52:7707 194.5.98.52:8808 194.5.98.64:1515 194.5.98.81:2510 194.5.98.81:3434 194.5.98.81:6128 194.5.99.181:4533 194.62.157.177:6969 195.133.18.181:8878 195.140.213.93:5220 195.174.142.168:4784 195.174.209.145:481 195.174.29.189:81 195.174.29.189:86 195.178.120.137:4001 195.206.105.12:2050 195.78.54.247:15491 195.78.54.247:23092 195.78.54.247:8080 195.85.201.65:6106 195.85.205.219:4449 197.210.55.94:3650 197.210.55.94:6606 197.210.55.94:7707 197.210.55.94:8808 198.44.167.128:4449 198.44.168.227:2023 198.44.168.246:4449 198.44.186.222:4449 198.46.141.251:6606 198.46.141.251:7707 198.46.141.251:8808 198.46.177.119:3480 198.46.177.119:6606 198.46.177.119:7707 198.46.177.119:8808 2.56.59.219:5643 2.56.62.12:2013 2.58.149.98:5634 2.59.119.56:3132 20.106.79.151:8808 20.112.14.182:1337 20.115.143.128:3152 20.172.182.62:8080 20.188.60.159:1881 20.197.177.229:6821 20.199.112.16:3535 20.203.178.116:2070 20.224.56.152:6606 20.224.56.152:7707 20.224.56.152:8808 20.36.21.13:2070 20.52.138.14:1881 20.52.138.14:1911 20.52.139.127:6821 20.52.151.53:1604 20.52.178.148:444 20.52.178.148:6606 20.52.178.148:7707 20.52.178.148:8808 20.52.33.123:2222 20.68.110.75:7272 20.69.152.28:7707 20.84.181.62:11647 20.84.181.62:25565 20.84.181.62:4355 20.84.181.62:7293 20.86.129.162:5205 20.86.129.162:6606 20.86.129.162:7707 20.86.129.162:81 20.86.129.162:8808 20.86.129.162:9999 20.86.25.230:1605 20.98.113.24:1604 20.98.113.24:6606 20.98.113.24:7707 20.98.113.24:8808 20.98.203.218:8080 201.111.223.252:6700 201.111.223.252:6702 201.97.129.143:6700 202.55.133.118:5200 202.95.14.199:8848 203.159.80.216:6606 203.159.80.216:7707 203.159.80.216:8080 203.159.80.216:8808 203.159.80.52:5800 203.186.44.219:6606 203.186.44.219:7707 203.186.44.219:8080 203.186.44.219:8808 206.189.139.209:2022 207.32.216.106:6606 207.32.216.106:7707 207.32.216.106:8808 207.32.217.131:6666 207.32.218.231:1111 207.32.218.231:7777 207.32.218.231:8888 207.32.218.43:5555 207.32.218.43:6666 207.32.218.84:6666 207.32.219.26:6666 207.32.219.92:1111 209.127.186.228:6606 209.145.56.157:6606 209.145.56.157:7707 209.145.56.157:8808 209.205.141.181:39858 209.25.141.180:13917 209.25.141.180:28818 209.25.141.180:4449 209.25.141.180:7878 209.25.141.181:23778 209.25.141.181:28050 209.25.141.181:39858 209.25.141.181:8080 209.25.141.212:11647 209.25.141.212:25565 209.25.141.212:4355 209.25.141.212:7293 209.54.104.73:8558 211.47.109.200:6606 211.47.109.200:7707 211.47.109.200:8808 212.129.4.112:6606 212.129.4.112:7707 212.129.4.112:8808 212.192.246.207:3162 213.142.159.41:6606 213.142.159.41:7707 213.142.159.41:8808 213.152.186.24:16941 213.226.119.176:6606 213.226.119.226:1881 213.226.119.28:6606 213.226.119.28:7707 213.226.119.28:8808 213.238.166.43:8080 213.238.172.124:1604 213.238.172.95:6606 213.238.172.95:7707 213.238.172.95:8808 216.230.75.194:6606 216.230.75.194:7707 216.230.75.194:8808 216.230.75.62:1107 216.250.252.148:6606 216.250.252.148:7707 216.250.252.148:8808 217.146.88.139:5220 217.182.78.12:56623 217.182.78.12:7119 217.64.149.101:1973 217.64.149.183:1975 222.211.72.47:8848 23.105.131.169:7707 23.105.131.169:8808 23.105.131.201:7776 23.105.131.207:10001 23.105.131.212:4409 23.105.131.236:4409 23.106.223.244:6668 23.238.217.173:6606 23.238.217.173:7707 23.238.217.173:8808 23.254.161.249:4444 23.254.225.164:4449 23.92.209.138:6606 23.92.209.138:7707 23.92.209.138:8808 23.95.115.74:1148 23.95.115.74:1759 23.95.115.74:1985 23.95.44.214:3306 27.124.12.12:8848 27.124.4.139:8848 27.254.163.62:1337 27.254.163.62:3306 27.254.163.62:6606 27.254.163.62:7707 27.254.163.62:8808 3.124.67.191:13184 3.124.67.191:4824 3.126.37.18:16608 3.126.37.18:5403 3.127.138.57:16608 3.127.138.57:4503 3.127.138.57:5403 3.127.59.75:11670 3.127.59.75:4824 3.128.29.88:4892 3.131.190.22:21200 3.135.234.129:4784 3.67.161.133:16225 3.67.161.133:5403 3.69.157.220:10147 3.69.157.220:4824 31.150.163.112:6606 31.150.163.112:7707 31.150.163.112:8808 31.17.132.37:8808 31.210.20.167:6606 31.210.20.167:7707 31.210.20.167:8808 31.210.20.192:8808 31.210.20.79:3311 31.223.35.146:4449 31.41.244.235:8848 34.223.60.188:6606 34.91.242.34:5472 34.91.242.34:6606 34.91.242.34:7707 34.91.242.34:8808 35.177.119.94:1508 36.255.96.200:4190 37.0.11.45:1604 37.0.11.45:3162 37.0.11.45:448 37.0.11.45:9495 37.0.8.17:46422 37.0.8.17:6578 37.0.8.93:7050 37.120.208.36:46943 37.19.210.29:60371 37.75.98.113:6666 37.8.111.210:5552 38.132.124.138:7777 38.132.99.156:6606 38.132.99.156:7707 38.132.99.156:8808 38.46.13.242:5555 38.46.13.242:8848 38.55.205.246:8848 40.113.56.160:6606 40.113.56.160:7707 40.113.56.160:8808 40.122.131.23:24175 40.74.229.0:6606 40.74.229.0:7707 40.74.229.0:8808 40.90.168.244:7707 40.90.168.244:8808 40.90.168.244:9909 40.90.210.21:3054 42.192.139.42:8880 43.137.15.104:8848 43.138.142.86:8848 43.140.202.229:8848 43.142.15.215:25566 43.143.12.71:8848 43.143.249.228:8848 43.143.249.228:9723 43.152.225.81:8848 43.249.8.248:2023 43.249.8.250:2023 45.119.84.166:3303 45.119.84.166:4404 45.119.84.166:5505 45.12.253.146:6606 45.12.253.146:7707 45.12.253.146:8808 45.131.1.70:1604 45.132.1.226:4342 45.133.174.122:6606 45.133.174.122:8808 45.137.20.108:8848 45.137.22.115:14496 45.137.22.115:29746 45.137.22.70:24626 45.137.22.70:32204 45.137.22.70:36374 45.137.65.94:4449 45.139.202.202:6606 45.139.202.55:4784 45.14.185.127:4449 45.143.223.34:3218 45.144.225.194:2424 45.145.185.245:1234 45.145.22.128:9495 45.145.22.142:6606 45.15.143.183:1336 45.15.143.183:1337 45.15.143.183:1338 45.15.143.183:1339 45.15.143.183:1400 45.15.143.191:6606 45.15.143.191:7707 45.15.143.191:8808 45.15.143.199:6606 45.15.143.199:7707 45.15.143.199:8808 45.154.98.42:4449 45.204.126.250:8848 45.227.255.194:6606 45.227.255.194:6969 45.227.255.194:7707 45.227.255.194:8808 45.32.48.250:6606 45.32.48.250:7707 45.32.48.250:8808 45.32.99.249:6606 45.32.99.249:7707 45.32.99.249:8621 45.32.99.249:8808 45.63.42.221:6821 45.66.230.191:8083 45.74.4.244:6606 45.76.219.163:6606 45.76.219.163:7707 45.76.219.163:8808 45.76.50.199:6606 45.76.50.199:7707 45.76.50.199:8808 45.76.56.26:6606 45.76.56.26:7707 45.76.56.26:8808 45.77.101.153:6606 45.77.101.153:7707 45.77.101.153:8808 45.80.158.113:8080 45.80.158.113:8848 45.91.92.112:8345 45.95.168.110:6606 45.95.168.110:7707 45.95.168.110:8808 45.95.168.110:9909 45.95.168.116:1336 45.95.168.116:1400 45.95.168.166:6666 45.95.169.112:6606 45.95.169.112:7707 45.95.169.112:7760 45.95.169.112:8808 46.1.54.174:85 46.1.54.174:87 46.153.20.70:11451 46.153.20.70:4449 47.111.31.251:1999 47.242.89.34:8848 47.54.37.55:6606 47.54.37.55:6821 47.54.37.55:7707 47.54.37.55:8808 5.152.206.196:6050 5.180.104.172:8579 5.180.107.130:1234 5.180.107.130:4782 5.180.107.130:6606 5.180.107.130:7707 5.180.107.130:8808 5.196.102.93:6606 5.196.102.93:7707 5.196.102.93:8808 5.196.174.49:433 5.230.69.11:1148 5.230.69.11:1465 5.230.69.11:1560 5.230.69.11:1759 5.230.70.106:1148 5.230.70.106:1465 5.230.70.106:1560 5.230.70.106:1759 5.230.84.50:1560 5.230.84.50:1759 5.230.84.50:1985 50.27.35.75:6606 50.27.35.75:7707 50.27.35.75:8808 51.138.76.245:6821 51.140.15.13:1604 51.141.172.115:1604 51.141.178.162:7707 51.178.148.147:54877 51.178.8.228:1337 51.178.8.228:6606 51.178.8.228:7707 51.178.8.228:8808 51.195.37.2:8808 51.254.27.116:4449 51.75.191.89:6606 51.75.191.89:7707 51.75.191.89:8808 51.79.197.196:6606 51.79.197.196:7707 51.79.197.196:8808 51.81.191.248:1281 51.81.241.89:6606 51.81.241.89:7707 51.81.241.89:8808 51.89.204.5:6666 52.144.47.89:4782 52.144.47.89:6606 52.144.47.89:7707 52.144.47.89:8808 52.148.154.111:2070 52.170.189.162:6606 52.170.189.162:7707 52.170.189.162:8808 52.170.189.162:8888 52.177.173.249:1604 52.191.174.30:2222 52.233.66.100:7707 52.250.64.247:6606 52.42.85.68:6606 54.236.46.72:1604 54.237.250.208:5552 54.36.220.171:5050 54.36.220.171:7707 54.36.220.171:8808 54.37.160.138:6601 54.37.191.165:8808 54.37.36.116:46943 54.89.93.238:6669 58.221.46.155:8848 58.221.58.124:8848 6.6.54.46:6606 6.6.54.46:7707 6.6.54.46:8808 6.6.54.46:9482 61.139.65.135:61638 61.160.213.14:8848 62.122.170.171:11647 62.122.170.171:25565 62.122.170.171:4355 62.122.170.171:7293 62.234.35.139:30441 62.37.96.229:30120 65.109.196.96:8080 66.154.113.12:6606 66.154.113.12:7707 66.154.113.12:8808 66.168.88.41:4444 66.42.72.69:1337 66.63.162.20:6606 68.235.44.53:56571 68.58.248.242:6606 69.30.227.43:4449 70.125.175.238:6606 70.125.175.238:7707 70.125.175.238:8808 72.176.161.178:10 72.176.161.178:20 72.176.161.178:9 73.140.59.149:333 73.168.2.231:4449 74.119.194.180:0 74.119.194.180:4449 74.119.194.180:44490 74.119.195.9:4821 74.141.196.43:32370 74.141.196.43:4449 74.201.28.178:6606 74.201.28.178:7707 74.201.28.178:8808 74.208.157.153:8191 76.223.249.60:6606 76.223.249.60:7707 76.223.249.60:8808 77.204.204.154:6606 77.247.127.9:6666 77.68.4.186:1604 78.140.241.23:6666 79.134.225.115:43765 79.134.225.117:1515 79.134.225.124:1515 79.134.225.125:1515 79.134.225.17:2022 79.134.225.18:1515 79.134.225.19:7941 79.134.225.21:8657 79.134.225.22:6606 79.134.225.22:7707 79.134.225.22:7734 79.134.225.22:7890 79.134.225.22:8808 79.134.225.23:30493 79.134.225.23:6667 79.134.225.26:6606 79.134.225.26:7707 79.134.225.26:8808 79.134.225.32:6606 79.134.225.32:7707 79.134.225.32:8808 79.134.225.34:6606 79.134.225.34:7707 79.134.225.34:8808 79.134.225.35:1004 79.134.225.36:4044 79.134.225.36:7570 79.134.225.36:8409 79.134.225.44:7450 79.134.225.45:2233 79.134.225.47:8420 79.134.225.50:6460 79.134.225.52:4022 79.134.225.53:8765 79.134.225.59:1515 79.134.225.69:1313 79.134.225.75:2050 79.134.225.78:5007 79.134.225.82:54280 79.134.225.83:7707 79.134.225.85:1515 79.134.225.91:1973 79.134.225.92:46943 79.134.225.92:6606 79.134.225.92:7707 79.134.225.95:7779 79.134.225.99:4449 79.134.225.99:4576 79.134.225.9:3030 79.86.49.168:30120 79.86.49.168:6606 79.86.49.168:7707 79.86.49.168:8808 80.178.10.107:1604 80.232.93.176:1604 80.232.93.176:18467 80.232.93.176:4040 80.232.93.177:1604 80.232.93.177:18467 80.232.93.177:4040 80.253.247.232:1638 80.89.230.176:4449 81.163.246.9:5020 82.102.28.107:62727 82.147.85.168:3232 82.197.208.225:55498 82.2.147.149:54984 82.2.147.149:6606 82.2.147.149:7707 82.2.147.149:8808 82.202.167.226:2600 82.202.167.226:6606 83.193.10.199:7006 84.21.172.33:6606 84.21.172.33:7707 84.21.172.33:8808 84.27.151.14:7707 84.51.52.166:1000 84.51.52.166:1001 84.51.52.166:1002 85.187.94.142:1337 85.187.94.142:6606 85.187.94.142:7707 85.187.94.142:8808 85.192.40.255:4449 85.31.45.6:4444 86.38.230.179:5552 87.249.134.33:1337 87.4.136.146:2306 87.98.245.48:2703 87.98.245.48:46943 87.98.245.48:49703 88.119.174.117:444 88.121.6.16:1604 88.121.6.16:6606 88.121.6.16:7707 88.121.6.16:8808 88.138.252.119:1807 88.138.252.119:2525 88.198.101.59:6606 88.198.101.59:7707 88.198.101.59:8080 88.198.101.59:8808 88.198.101.62:6606 88.198.101.62:7707 88.198.101.62:8080 88.198.101.62:8808 88.248.18.120:7894 88.80.224.150:420 88.80.224.150:6606 88.80.224.150:7707 88.80.224.150:8808 89.117.21.143:6606 89.117.21.143:7707 89.117.21.143:8808 89.208.103.42:4545 89.212.152.239:6606 89.223.125.80:7655 89.23.101.38:5306 89.238.150.43:57095 89.252.176.182:6606 89.252.176.182:7707 89.252.176.182:8808 89.40.13.195:4908 90.100.176.56:5501 90.100.176.56:5502 90.100.176.56:5503 90.100.176.56:5504 90.100.176.56:5505 90.100.176.56:5506 90.100.176.56:5507 90.100.176.56:5508 90.100.176.56:5509 90.100.176.56:5510 90.100.176.56:5555 90.79.207.194:56623 90.79.207.194:7119 91.116.253.83:6606 91.116.253.83:7707 91.116.253.83:8808 91.134.150.150:4449 91.134.150.151:6606 91.134.187.25:4449 91.134.214.15:4449 91.151.88.146:4530 91.151.88.146:6606 91.151.88.146:7707 91.151.88.146:8808 91.192.100.61:2323 91.192.100.61:4449 91.193.75.122:6606 91.193.75.122:7707 91.193.75.122:8808 91.193.75.132:5529 91.193.75.132:7779 91.193.75.132:8848 91.193.75.132:9109 91.193.75.132:9909 91.193.75.182:8808 91.193.75.189:1604 91.193.75.189:6606 91.193.75.189:7707 91.193.75.189:8808 91.193.75.199:11011 91.193.75.202:11011 91.211.250.207:6606 91.211.250.207:7707 91.211.250.207:8808 91.92.109.70:5353 91.92.136.123:4449 92.205.184.19:1337 93.190.8.71:3131 93.82.44.26:4040 93.95.27.97:6606 93.95.27.97:7707 93.95.27.97:8808 94.156.6.224:6606 94.156.6.224:7707 94.156.6.224:8808 94.156.6.65:1337 94.177.245.135:9656 94.46.187.194:7707 95.179.128.208:8088 95.179.142.67:6606 95.179.142.67:6656 95.179.142.67:7707 95.179.142.67:8808 95.214.24.134:1911 95.214.24.134:1912 95.216.52.21:7575 95.216.52.21:8848 95.68.162.99:7777 95.93.127.180:2511 96.9.210.115:4449 96.9.226.19:7707 99.75.73.147:8808 001011000101100010110.duckdns.org 08099311.duckdns.org 100k0.ddns.net 100k5.ddns.net 123defsq.duckdns.org 147lanaway.duckdns.org 14deoctubre.duckdns.org 1pop.ddns.net 2021bestasync.mypets.ws 211.ip.ply.gg 223.ip.ply.gg 239jj.duckdns.org 23wsfd.duckdns.org 26deagosto.duckdns.org 3enbah0st.ddns.net 3gfdsfgsfgsdfg-37612.portmap.io 4-hitler.publicvm.com 4343night.ddns.net 4dod.ddns.net 4heba.camdvr.org 4pyramid.duckdns.org 72093721.duckdns.org 7593352b2g.imdo.co 7dediciembre.duckdns.org 8079048a.e2.luyouxia.net 83961200.duckdns.org 9221new.ddns.net 9dediciembreconlabendicion.duckdns.org a.famsydev.top aa9064aa.e1.luyouxia.net aasdfqwe1234.duckdns.org abdul666.duckdns.org abhorrent-thrill.auto.playit.gg acronispandora.ddns.net actionsstartnow.duckdns.org activo1235.duckdns.org actualizaciondedatosgrupoaval.net adan993e8.duckdns.org adawdas-33789.portmap.io addimq.duckdns.org adgjmptw2.kro.kr advanced-hat.at.playit.gg adwa.ddns.net afdsagareg.duckdns.org ahmed21018.linkpc.net ahmed210183.linkpc.net aisviua77s.xyz ak.3.amazing2021.net aka2.ddns.net aka3.ddns.net akuasync.from-ca.com alan7-50232.portmap.io alddie7mg.ddns.net alfalf.con-ip.com alfmedallo.con-ip.com aliali785.ddns.net aliensoldier.duckdns.org allah3131.duckdns.org amarilopato12.duckdns.org amazonservers.bit amazonshipping.duckdns.org amazonsoftware.onthewifi.com ambiboss.ydns.eu ancesucess.chickenkiller.com andrearodrigues0913.duckdns.org anhphux4-60615.portmap.host anon345.ddns.net anonymouse3805-58890.portmap.io ansynmoney.duckdns.org antivirus-ssl.myiphost.com antoniosanchez19703.duckdns.org apahak.zapto.org apartmentdue.camdvr.org api.google-analytics.cloud april-spec.at.ply.gg aqq.linkpc.net arilariseverim.mentality.cloud asd1112.f3322.net asd2xxx.duckdns.org asdasud.xyz asdc4c5x.duckdns.org asdfdsg.duckdns.org asdghn.duckdns.org asdsasf.duckdns.org asidivuvuas8rnvns73.xyz aslavazgecme.duckdns.org asy33.duckdns.org async2020.duckdns.org async2021.duckdns.org async95.duckdns.org asyncat.duckdns.org asyncgeneration1.duckdns.org asyncman.duckdns.org asynco.ydns.eu asyncpc.duckdns.org asyncr.dyndns.org asynctypebeat.duckdns.org asynno.ddns.net asyynet.duckdns.org ate.westus2.cloudapp.azure.com autobasecars404.ddns.net autobasecars4040.ddns.net awfwafwaf.ddns.net awshosting.bit azazelxd.duckdns.org back114.ddns.net backvernomm.duckdns.org bad2.ddns.net balasid-48598.portmap.host beaned.ddns.net bevdona.theworkpc.com bichota.duckdns.org bigc6514.duckdns.org bigchungusatemyass.duckdns.org bigdaddy-service.biz bigdaddy.ddns.net biggismall.ddns.net bin.treatwellshome.xyz bisbossdma9sem.ooguy.com bition1.hopto.org bk2bk.duckdns.org blackbyte.ddns.net blackid-42037.portmap.host block.safeservice.cx bluetooth.duckdns.org bmxfghsh.duckdns.org bobbawb1000.duckdns.org bolilau456.duckdns.org booking-detail.ddns.net bozuksaatiniz.duckdns.org brat.dyndns.org brazzzyl-42474.portmap.host brig-38796.portmap.io browser-geology.at.ply.gg brytonwilliams8.ddns.net btsarmy.monogon.cc bujubanton.ddns.net burbenbrg.duckdns.org burk2n.dynu.net buy-dynamics.at.playit.gg buyandsell.ddns.net cafechef2.zapto.org cafechef22.zapto.org cailongithenhi.ddns.net caipirinhademorango.ddns.net callsip.serveblog.net capeview.duckdns.org capone.kozow.com carlosmenguallora09.duckdns.org carmnesarmienthasbfa.duckdns.org cassa.hopto.org cch2dw3sdsmcs.hopto.org cch2dw8oisnxss.hopto.org ceco.ddnsgeek.com ceda7x.vip cepas2023.duckdns.org certserver.zapto.org chefcafe.ddns.net chexfotii.ddns.net chimiechonga.ddns.net chimpail.com chinasea.duckdns.org chrisbli-25890.portmap.host chromeclusterspectr.ddns.net churchmon.ddns.net churchmon21.ddns.net churchmon22.ddns.net cigdem5.duckdns.org cisaui5.publicvm.com classic-parental.at.ply.gg cn-gx-plc-1.openfrp.top cobeckconstructioncompany.camdvr.org code2023.kozow.com cody-elzingery.com colombiamaleta.duckdns.org com86.endofinternet.net comav14.publicvm.com comebakk.myq-see.com comr4de.dynalias.org con22.duckdns.org connect.l0lz.co connect.servehttp.com considered-stars.at.ply.gg coolbixb0y.ddns.net coolmaneurokoolcom-26401.portmap.host copyright-convinced.at.ply.gg cpa2022.ddns.net cracke08.ddns.net crushco.ddns.net crvenazvezda.ddns.net d1x3x.dyndns.org d1x3x.gotdns.com d1x3x.selfip.biz d1x3x.selfip.com d1x3x.selfip.info d1x3x.selfip.net dada2020.linkpc.net damp1337-62649.portmap.host danielmaestrelora09.duckdns.org darknessdz.ddns.net darksqlrat.duckdns.org darkvezirv2.duckdns.org darudesandstorm1111-25323.portmap.host datacikerim.duckdns.org daue.kro.kr davidmalik07.ddns.net davidnoriegalora09.duckdns.org dazadiego.duckdns.org dbdgnry.duckdns.org dbegarv.duckdns.org dbgroup.publicvm.com dc1337.ddns.net dclimited.duckdns.org ddfgfdshg.duckdns.org decyzja-36420.portmap.host decyzja-42138.portmap.host default2.duckdns.org degree-imported.at.ply.gg devnodes.duckdns.org dfareterg.duckdns.org dfdagreyt.duckdns.org dfegvcxzvzxc.duckdns.org dfghsfgsjsk.duckdns.org dfsdgrg.duckdns.org dgjidsjgvcx2341.ddns.net dhayan.ip-dynamic.com dhciaicjzis.xyz dia6969.duckdns.org diciembrearbolitodebelen20222022.duckdns.org diciembrefeliz.duckdns.org diegoparra.duckdns.org diegovillareallora09.duckdns.org dilescemo.servegame.com dios.westus2.cloudapp.azure.com discordmod.duckdns.org disownnet.duckdns.org ditmemay.ddns.net djdlghk34.kro.kr dnsontopnegros.ddns.net docdns467.duckdns.org doddyfire.dyndns.info dodusiekkk-60757.portmap.host dola2611.linkpc.net doloresguerra.duckdns.org doloreshuerta.duckdns.org dom1337.duckdns.org dom45x.duckdns.org dominiodeprueba202220222022.duckdns.org dominostark07.duckdns.org doublezuckshhst.ddns.net dox2022.homeip.net drive.winupgrade.org dropout-35209.portmap.host dropout-37757.portmap.host dropy.ddns.net drxppedlpbbbb.ddns.net dry-dream-17049.pktriot.net dsijfiudsfiashvu7ds43.xyz dsrgdsfgdf.duckdns.org dtbvira.zapto.org duartesantiagoji22.con-ip.com duck3131.duckdns.org dv7ddw4sds8ds8.hopto.org dv7lv4sds8ds5.hopto.org dwdtte4wfjs0ds5.hopto.org eaglescof.centralus.cloudapp.azure.com ebuka.duckdns.org eds.edspeck.org eduardlarauhasdhau32ndanh.duckdns.org edwardthornton163.duckdns.org efweegfdg.duckdns.org egfcj56rgs.duckdns.org egoyibouda.linkpc.net ehadghsfyjsgah.duckdns.org ehjay2022.duckdns.org elchester789.duckdns.org elkinbarajasujsdfsa334.duckdns.org elpatocuacua.duckdns.org elpatodonal.duckdns.org elperood.duckdns.org eltigangiad02.duckdns.org emisparkled.duckdns.org emolovebosy.ddns.net enero2022async.publicvm.com eneroeneroenero2023202311.duckdns.org eniuu.duckdns.org enviocode.duckdns.org ericanabou.duckdns.org ericfresh.ddns.net ericmoney11.ddns.net ertyftgfg.duckdns.org escobaurch30.duckdns.org escolavolutaria.fun esxo.ddnsfree.com etonel.chickenkiller.com ewtwet.duckdns.org exos.mywire.org expresschiatto.freeddns.org ezinchcho.ddns.net f3k3jimashe.theworkpc.com f88vbv8b8erht8baos.com fabiancarrillolora09.duckdns.org fabianhenaosierra003.duckdns.org famous147.ddns.net famsydev.top fat7e114.ddns.net fat7eorami.ddns.net fdgfdgfdhgfj.duckdns.org fdhfghf.duckdns.org feb23-pandor.duckdns.org febreroynoesvisiesto20222022.duckdns.org fedeloperome09.duckdns.org fejong.duckdns.org felixojedamartinez09.duckdns.org fell.ddns.net fernandoguerralora09.duckdns.org fesfsefseg5.duckdns.org fessjacksrat.duckdns.org fforward20.duckdns.org ffuze.duckdns.org ffxzdgfshfd.duckdns.org fghnmvhdf.duckdns.org fhdtvbcxnvn.duckdns.org fhfgmjhmsdsdzx.duckdns.org fjrtjrjyjj.duckdns.org fjuj84hgoa84gn.xyz flingmodder-44266.portmap.io flubabapro.duckdns.org flurrybeatmecamtest.ddns.net flurrybeatmecamtest.sytes.net formbook.hopto.org formenn.linkpc.net fpt1.duckdns.org frajerte-37406.portmap.io frank12.ddnsgeek.com frankent2021.ddns.net frankrab.giize.com fransislopesierra09.duckdns.org frdan.mywire.org fredylopezlora09.duckdns.org free66.hopto.org fries1.ddns.net fromrusso.org frozeislegend.duckdns.org frp1.freefrp.net fsdgsgads.duckdns.org fsgetesvzxc.duckdns.org fsggasd.duckdns.org fuckyou98.ddns.net fusion71050500-40756.portmap.io fusion71050500.ddns.net fusioncore32023.hopto.org g896696.duckdns.org garsonpessutti.duckdns.org gazetrto.myddns.me gcgfjghjg.duckdns.org gdfhtrtyrtt.duckdns.org geeftniksbro.duckdns.org getcdnlist.com getupdated2021win2k.cn gfhdjksjd.duckdns.org gfhghgfcf.duckdns.org ggdhzyrd.duckdns.org ghankall40.duckdns.org ghdfvdfdf.duckdns.org ghgfkhdfgvvvvswqawer.duckdns.org ghjfhdtxcfbv.duckdns.org ghjghghfhj.duckdns.org ghoss.freeddns.org gingles.dynu.net godlymoney806.duckdns.org godtest.myddns.net gomaa.theworkpc.com gonzalesdelpilarmaria09.duckdns.org goodpc.theworkpc.com goods-generic.at.playit.gg googe.f3322.net googleipm1.ddns.net goosent323.duckdns.org gpmaw.duckdns.org grant123four5.ddns.net greatestyear2021.ddns.net grega0835.ddns.net griffins.hopto.org grotomnipobell.sytes.net grotomnipobell.zapto.org gru-s13.duckdns.org gsfdsfhghsff.duckdns.org gto7tuiyuighfgfdj.duckdns.org guasonliiiine.con-ip.com gv7lv454sds8ds5.hopto.org gw.allstaffs.net haberci.ddns.net hackas.ddns.net hackdns1.duckdns.org hacker-unknown-46140.portmap.io hackisking.ddns.net hajrkn.duckdns.org haldriemaldriendfrif.sytes.net hallmoney927.duckdns.org handmoety.duckdns.org hardrickkonsultg.ddns.net harry9171-41182.portmap.io harrypotta.ddns.net haxxservers.ddns.net hazardmain-37159.portmap.io hck453-58158.portmap.host hduisahidasr.ddns.net healthup.con-ip.com heatblast-33349.portmap.host heisne.casacam.net hellobozo.duckdns.org helpmetakeyoursoul.awsmppl.com helpserver.ddns.net hema55.publicvm.com hgjvhnfgg.duckdns.org hgukhs-39227.portmap.host highlifesearch.net hitl44.001www.com hitler0077.linkpc.net hitler5573.linkpc.net hiv.dyndns.org hiveys.duckdns.org hoang19008198.ddns.net hoaviet-54998.portmap.host hoc2021.ddns.net hognyusket.com holiday-wrote.at.ply.gg holl3-43069.portmap.host hope2023.sytes.net hortiag1npox901.ooguy.com houserent.camdvr.org hpdndbnb.duckdns.org hpwongrgbgames.ddns.net hsjdup.duckdns.org hsolic.duckdns.org hsthdfghgj.duckdns.org htr.ddd.amafo.cc httosd.duckdns.org hugh69021.duckdns.org hurensohnliste-31639.portmap.io icacxndo.ac.ug icando.ug icesmile.ddns.net ifemelumma.linkpc.net ifuyghiu.duckdns.org ii-usd.at.ply.gg iloveware.ddns.net imageline.dyndns.org info.ctxcel.com info07.ddns.net infodate.ddns.net ip2.p36.xyz iphy1.duckdns.org isabelaflores.fun itsource7.ddns.net iyanyaegodi.ddns.net jacktrade.ddns.net jaga.theworkpc.com jaimearaujonhiasiiwe32sa.duckdns.org jaimegarjhahsswda.duckdns.org jajo0.ddns.net jamesalex13-32442.portmap.host jamiekarvans.duckdns.org janwiggins-29366.portmap.io javierandresparramojica09.duckdns.org javierimssmarecolie.hopto.org jazminyshujtasvytassacadscd.duckdns.org jeanmichmich.ddns.net jeazerx.duckdns.org jen202.casacam.net jen203.camdvr.org jeremymass01-46300.portmap.host jesuisdonaldjtrump666.anondns.net jesusamado.duckdns.org jesuslopez19011.duckdns.org jetafunit.servebbs.org jhonvelasqueslora09.duckdns.org jilldoggyy.duckdns.org jinxzone.duckdns.org jj.byd66.cn jjajajajajadsdwasd-27002.portmap.host jkuifyghm.duckdns.org jntlmanaway.con-ip.com jntrojan.ddns.net jorgemoscotehgbayhjeq8u73cs.duckdns.org jorigt95.ddns.net joselamartineslora09.duckdns.org joseluissaldarriagalora09.duckdns.org jovial-haze-85764.pktriot.net jrg9hjsigfjs.duckdns.org juanconrradolora09.duckdns.org juanlunalora09.duckdns.org juerneshfguisdfo.duckdns.org julianmaldonadolora09.duckdns.org juliomotoalora09.duckdns.org juniormanco.duckdns.org jyzjkjj.com kadumello.ddns.net kaka.publicvm.com kandingon123.ddns.net kann5787.duckdns.org karalarbaglar.duckdns.org kaught-36793.portmap.host kaycee-64139.portmap.host kaygeorge456.duckdns.org kcfresh.ddns.net keke0001.duckdns.org kenmolle.ddns.net keyauth.ddns.net kgb.linkpc.net khejzetabneol-33665.portmap.host kiestdesignsyrev.sytes.net kiki1022.duckdns.org killam.ddns.net kindy.gotdns.ch kinholima.duckdns.org kissam.ddns.net kjbvjrvb.duckdns.org klept0wiz-33913.portmap.host kokomarko.theworkpc.com kolove.accesscam.org kometa.hopto.org kontakt-online.selfip.net kontakt-service.selfip.net kontakt-update.selfip.net kurtbloomberg.ddns.net kurtyusuf.duckdns.org kyarelixo-59275.portmap.host kza021.duckdns.org laboratoriogenfarp.linkpc.net lak0v1337.ddns.net lambertofield1.ddns.net lamerz.hopto.org largo777.kozow.com latte.dynv6.net laurabedoya624.duckdns.org lauracarrillo0sosa09.duckdns.org laurasofiherre10.duckdns.org lazuraa.ddns.net leetman.dyndns.info leetman.dynuddns.com legacyud.duckdns.org leonardodavinchi.duckdns.org leonelsaldarriaga01.duckdns.org lila152511.duckdns.org limakan-56623.portmap.io limakan.hopto.org limer.ignorelist.com lisazhang.duckdns.org litlehf.ddns.net lizalizalizasky.ddns.net lizalizasky.ddns.net lizasweetsky.ddns.net lleguen8383.duckdns.org loader2b.duckdns.org localhostu.dynuddns.com lollypopman4-29266.portmap.host lolojako.con-ip.com lookatmebitch.ddns.net lordban.ddns.net lorenbermu09.duckdns.org lozadiego998.duckdns.org lucky-unlock.tpddns.cn luiscetrelora09.duckdns.org lumar-59428.portmap.host lynnnn.duckdns.org machine-cheap.at.ply.gg machine3.duckdns.org mad311.duckdns.org maestroqueda.ddns.net maestroqueda.duckdns.org mafiaconnects.duckdns.org maidright.chickenkiller.com majid059.zapto.org makabuike.duckdns.org makesureeasteats.duckdns.org maksuda2230-52612.portmap.host malamutealaska.duckdns.org malware.ddns.net manifest.duckdns.org marbeyli.duckdns.org marcelodosanto09.duckdns.org marcozapatalora09.duckdns.org margotmejiabyusfnscdvds.duckdns.org marianalaverde03.duckdns.org marianavilla3008o.duckdns.org mariangonzjabyeuwrg.duckdns.org marifaculdolora09.duckdns.org marioddns.hopto.org markskith-28099.portmap.io marli27.duckdns.org marli27.kozow.com marmar1.linkpc.net martineliasdiazlora09.duckdns.org mashirong.top mass.ososfix99.ru mass2023.duckdns.org mauriciocarrascallora09.duckdns.org mauriciojavierhoyos09.duckdns.org maxdev-31558.portmap.host maximumthousands.ddns.net maxtodor-27383.portmap.host mayomayomayo202202222022.duckdns.org mazi.ddns.net mbit921.duckdns.org meanser.duckdns.org medotelegram.work.gd meganfoxx.duckdns.org megaplaneta01.ddns.net mehdoganmin70.duckdns.org mekhonet.dynip.org meltdili.duckdns.org mence.duckdns.org mendey.duckdns.org merat3131.duckdns.org mercadao.tech meskullzmint.com microsoft12.ddns.net microsoftserver.ddns.net microsoftupdate001.duckdns.org mifantuanzi1.e1.luyouxia.net miguellondono0315.duckdns.org mikedonohue.kozow.com milanooffice.hopto.org milenial.duckdns.org milinerds.duckdns.org milla.publicvm.org mimihard.ddns.net minecraftmods.myftp.biz minerboy123-61906.portmap.host minharola.hopto.org minjihuws.kro.kr mnbvclhg.duckdns.org mnvbvnvgc.duckdns.org modyhr.ddnsfree.com momo5050.ddns.net monastery2626.duckdns.org monedfghsja.duckdns.org moneios.linkpc.net moneyveno.duckdns.org monkeys11-39982.portmap.host monodofus.hopto.org mooroopecamroy.sytes.net morelogs22.sytes.net moveforme.ug mozzza.ddns.net mr7bashbab.ddns.net mrjeffy.duckdns.org mrkarik14-50898.portmap.io mrv001.linkpc.net mrv00100.publicvm.com ms47.zapto.org ms4747.loseyourip.com mtest.loseyourip.com muchodinero.duckdns.org muchodinero14deoctubre.duckdns.org mulla1.mywire.org mulla2.mywire.org multibit.hopto.org murderer.ddns.net mushrum.duckdns.org mvcx.serveftp.com mxmarve-24835.portmap.io mxtopsz.duckdns.org myconect.ddns.net myluckyhost.ddns.net mysubdomain873.duckdns.org nano-c.ddns.net nareshsemalty-30366.portmap.io nasihej725.hopto.org navaikargranites.line.pm ncbdgwe.duckdns.org ndospjn.ddns.net nessator.bounceme.net nessator.myddns.me netfamily.windowshost.ru new.investimer.name new.payeermine.com new11.ddns.net newbiesx-25518.portmap.host newbignninggood.duckdns.org newddnss.ddns.net newfrost.ddns.net newtechublil.ddns.net newtimnoip.freeddns.org newvpnasync.myq-see.com newworld.mypsx.net newx.ddns.net nexsa2111.sells-it.net nextboss.ddns.net niceone20.cn nicosircu1.ddns.net nigatex.ml nikopaskamaa-21457.portmap.host nisdfsuie.duckdns.org nixa21.zapto.org nmaxom.duckdns.org nngplic.ddns.net nnoport.ddns.net nobles35-22823.portmap.host noluyoruzawk.duckdns.org northem.ddns.net nov16665.ddns.net nova.servegame.com nova1.linkpc.net nova2.casacam.net novachrono.dyndns-ip.com ns1.l96.org ns1usaupload.myphotos.cc ns2.l96.org ntlplaast11.duckdns.org nuevoremremrem20232023.duckdns.org nunzioisbitch.serveftp.com nwoork.kozow.com nx22.myq-see.com oebonur600.duckdns.org oeiti-47629.portmap.host office-bcr-host.duckdns.org officiallysoldtoprof.ddnsfree.com ohgowhsnv.duckdns.org okaa0-51499.portmap.host olodofries888.ddns.net omahaclothingline.webredirect.org omkarusdajvc.ac.ug omnicrie.ddns.net omomom.ac.ug once-york.gl.at.ply.gg onlineisofilelandersbaseballer1.mrbonus.com ooof.hopto.org open.imgov.cn opium-network.ddns.net orc.dyndns.org orcus.dyndns.org orcusrat.dvrdns.org ouaff.ddns.net oxy01.duckdns.org p.webshare.io pacman.dynalias.com pacman.dyndns.org paisaloro.kozow.com palmgorohive.myddns.me parkerpublic.com parrarobertogali10.duckdns.org paython.myq-see.com pazmental.duckdns.org pedobusters.online pedroalcantaralora09.duckdns.org peniscocksucker4.hopto.org petersonsherian7.duckdns.org petrol-chem108.duckdns.org petropresidente.duckdns.org pettbull.ddns.net pfesp.duckdns.org phantom111-31422.portmap.host pibot.ug pics-starts.at.ply.gg piddix.duckdns.org pingo3000.hopto.org pksru.ddns.net pm-dome.at.ply.gg poder.kozow.com pompake.duckdns.org pop12.linkpc.net pop6.ddns.net portmaprat-26778.portmap.io potenzax999.linkpc.net powershell-test.duckdns.org primopumps.duckdns.org privat-sparkasse.de product62.duckdns.org productos.linkpc.net prontovibes.ddns.net protectgoogle.ddns.net prowantedo.ddns.net pruevapoiu-20286.portmap.io psmax.dnsalias.net psmax0.dnsdojo.net psshatx.accesscam.org pssmohammed.gets-it.net qovar.cf qz.dyndns.org r00tz-36170.portmap.io r0z.duckdns.org r4tt3r.duckdns.org rafaledrat.ddns.net ragebit.ddns.net ramlifaris684.duckdns.org ramps.duckdns.org rapraprat.duckdns.org ratcik0.duckdns.org ratsss.publicvm.com ratyedinbb.duckdns.org realtekhoster.ddns.net registry.ddns.net rej.rejgroups.com remiakbaba.duckdns.org remove.is-uberleet.com replyitselfmako.sytes.net reportbox0.duckdns.org reportss.duckdns.org resulttoday2.duckdns.org retregdsgzbz.duckdns.org reversethis.store revshell.3utilities.com rexm.xyz rggsrfbcx.duckdns.org rio.casacam.net rippeanut.duckdns.org rl.zuiwen.top rmlkin.duckdns.org robertobolanolora09.duckdns.org robertsaldarriagasoto09.duckdns.org roberurrutialora09.duckdns.org rock19870-48166.portmap.io rock87.ddnsfree.com rocky07.ddnsfree.com romarivanegamoauhsyhafjbaju233nsa.duckdns.org rony.ooguy.com roollingstonecam.sytes.net roollingstonecam.zapto.org root.kahharsoftware.com rositxado.tk rotte.ddns.net rownip.dyndnss.netrownip.dyndnss.net roy2023.kozow.com rtergsdfs.duckdns.org rvng.dyndns.org ry8325585.duckdns.org ryyeyq.duckdns.org s1995.ddns.net sadcgvc.duckdns.org saddlepoint.duckdns.org sadgfbvcnvccmb.duckdns.org saedmad.linkpc.net saico015.linkpc.net saikuzen-49289.portmap.io sakivivjasiv8cozo3.cn salutsalut.ddns.net sammiyoyo.linkpc.net sanael-62946.portmap.host sandobalvaleria214.duckdns.org sandyclark255.hopto.org sandyy.hopto.org saralynnp8.duckdns.org satrakyarab.ddns.net sau88b8yb7e7gf7g.cn sbdndbnb.duckdns.org sdfgfgdsdfgfd.duckdns.org sdfsbvfbfda.duckdns.org sdfsdfasdf.duckdns.org sdfsdgfgj.duckdns.org seamoney.duckdns.org sebasguerranjdd3ewdadf.duckdns.org secdb.duckdns.org security70.duckdns.org semetiooctubre2022202220222022.duckdns.org seniorpicchi-43516.portmap.host server.b92dt.com server.vukhitoithuong.co server2.raxana.net service32.sytes.net servicess.dynip.org servidor2050.ddns.net servr.jordangaming3.xyz seznam.publicvm.com sgfdhtw.duckdns.org sgrmbroker.duckdns.org shadowofsun.e5.luyouxia.net shambanzy202202.con-ip.com shortcut2021.duckdns.org silent-rain-87337.pktriot.net simple-drain.at.ply.gg sinki-43136.portmap.host siuw83.duckdns.org sivwbviw.duckdns.org skalleper.ddns.net skidnation.ddns.net skiler.duckdns.org skullzyboat-37846.portmap.host skylucky.duckdns.org slawdor.westus2.cloudapp.azure.com slpete1533.duckdns.org smartvodafone.duckdns.org smoothy.ddns.net soft.tjsosda.com some-cheapest.at.ply.gg southside.bounceme.net sparkinject.ddns.net speedplayers-23540.portmap.io spk.accesscam.org spongpoppp.myq-see.com spookyfroot-52933.portmap.host spring-consultation.at.ply.gg squeruu-39056.portmap.host sr5gsedfgwsers.freemyip.com sson.dnsup.net ssonn.v6.rocks starsat123.ddns.net steam008.ddns.net stellacy.tk stoo02093.duckdns.org strekhost2038.duckdns.org strekhost2039.duckdns.org strekhost2041.duckdns.org strekhost2043.duckdns.org strekhost2047.duckdns.org su2d.nerdpol.ovh subwoope.ooguy.com sukura.duckdns.org susiahat24199a.ddns.net swchiowbcjd.con-ip.com sym.publicvm.com takerman.ddns.net teambit.giize.com tearnservi11.duckdns.org techandro.giize.com techgames.duckdns.org technovez.duckdns.org tehliike.duckdns.org testetstest.ddns.net testfor.duckdns.org tfwed.duckdns.org tgjhgf.duckdns.org thebest39393.ddns.net thegamingclub.xyz thewatersmoney.hopto.org theyk6836.duckdns.org thoe409.duckdns.org thwit.ddns.net tienmonkey-40774.portmap.io timairvpn.ddns.net timmo-27933.portmap.host tjcoker123456.duckdns.org tksoficialbrasil.sytes.net torment.ddns.net torment1628.duckdns.org tox11.ddns.net tplinklocal.linkpc.net tr2.localto.net trabajo2021.duckdns.org travazap.duckdns.org tripdeep.duckdns.org tripleswagsir-42873.portmap.io trust.meldrez5x.xyz tuna91.duckdns.org type1520.duckdns.org ubiquitouslv-34772.portmap.host udmansoud-59712.portmap.host ufyu78r8r7.duckdns.org updateservicer.ignorelist.com uribeparaco.duckdns.org usa-man.accesscam.org utilityservice.ignorelist.com uvd88.duckdns.org v13cracker.ddns.net valentinmihai-48225.portmap.io vcnnxfdf.duckdns.org venelix.duckdns.org venmo8500.duckdns.org vernortoday.duckdns.org verynice.ddns.net veztechno.duckdns.org vfdhgfjdhgkjsf.duckdns.org vic1.duckdns.org vicentcastillnhdagg.duckdns.org victori55.duckdns.org view43748.viewdns.net violinud.duckdns.org vjwm.dyndns.org vl.io.vn vladmir001.myddns.me vlhoangkimpk.net vr-bank.com.de vtgfcgfcvvvvvvvavavvvaavavava.duckdns.org wabbus02.duckdns.org wai.dogelab.net wai.dogetaxi.io wai.squidgame.to walter12ryan.duckdns.org wanted12-62000.portmap.host warzon957.duckdns.org warzoneupdater.redirectme.net wasted9sss1-51443.portmap.host wasted9sss1-57562.portmap.host waterspourmoney.ddns.net wegrferhgbrtegerfewfwedwedewdew.hopto.org wertpkgc.duckdns.org wesdrfggkhgfd.ddns.net westernogetobarsbrmng.ooguy.com wggr6uncx.duckdns.org white-camcorders.at.ply.gg willtrojan.ddns.net windows-services-udpate.linkpc.net winhostconio.duckdns.org winlogon.ddns.net wispy-hill-25808.pktriot.net work114.ddns.net worldpassed.publicvm.com worldwreck.ddns.net wr.espielweinstein.pw xaft.camdvr.org xafvbndsfg.ru xiomarajerezasidhasfjafas.duckdns.org xlordbodyl-60544.portmap.io xsme.loseyourip.com xxxprofxxx.dnsdojo.com xxxsexyxxx.dnsdojo.com y1k0z3.hopto.org yatruopidf.giize.com yedbopds.duckdns.org yeetdskrt.ddns.net yenhack.ddns.net yhsfgs.duckdns.org yoperreosola.duckdns.org yubahack.duckdns.org yubarat.ddns.net yudith.duckdns.org yyutrer.duckdns.org zaza99.duckdns.org zazazazaz.duckdns.org zcvxcdsfew.duckdns.org zen3x.duckdns.org zero0.ddns.net zhudaji.f3322.net zkgwnqekr7qrgadf.duckdns.org zobbi.zobbi.com zockrellemile.sytes.net zopzw.ddns.net zuiwen.top zulakim.duckdns.org zxc123598.e2.luyouxia.net zzzpmax.ddns.net # Reference: https://twitter.com/IntezerLabs/status/1701230783837454369 # Reference: https://twitter.com/t3ft3lb/status/1701506318383956224 193.161.193.99:31507 # Reference: https://twitter.com/Jane_0sint/status/1701604129221890240 # Reference: https://www.virustotal.com/gui/file/11409951fd87917609f76566a567f768e8f2af92997618dbbf2536dce684b4d1/detection 123.99.200.175:4449 123.99.200.175:8950 # Reference: https://threatfox.abuse.ch/ioc/1163379/ 62.106.84.215:4444 # Reference: https://threatfox.abuse.ch/ioc/1163442/ 4.151.131.10:1010 # Reference: https://www.virustotal.com/gui/file/740705bda250b4aa10bc9ac53c45ea625baa4a7b982d76fcdd013644d7f0f5ae/detection 147.185.221.16:22080 193.161.193.99:22080 feature-fbi.gl.at.ply.gg # Reference: https://threatfox.abuse.ch/ioc/1163510/ 185.81.157.153:55 # Reference: https://threatfox.abuse.ch/ioc/1163511/ 185.81.157.153:100 # Reference: https://www.virustotal.com/gui/file/eb1b3103fc42ae087eedbdc261bddff18d9aaaa5bf3c4646153b0fe67b9ad2b2/detection esteesparahoy.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-22) 147.189.169.11:8848 185.117.91.202:999 185.81.157.154:2301 194.58.71.17:7771 206.53.55.186:8181 51.89.12.10:6606 51.89.12.10:7707 51.89.12.10:8808 78.171.102.209:3001 81.161.229.73:6606 81.161.229.73:7707 81.161.229.73:8808 95.214.27.6:2442 # Reference: https://www.virustotal.com/gui/file/7d8d345ba5e90f5eb674b3a0afeee3af3d7cdb8da249f92a5ff86f214d4ebc99/detection 84.54.50.42:1338 # Reference: https://www.virustotal.com/gui/file/1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc/detection 4.151.131.10:1011 # Reference: https://www.virustotal.com/gui/file/535884651e8ced605074dff4220651f4ceb02ea86025ff2721c816de2a94fd6a/detection 80.76.51.237:2023 # Reference: https://www.virustotal.com/gui/file/5fe0500266860557912ff1d77ed5e386f4c849bf21891e46dedabad62d78d328/detection 31.192.107.178:2525 # Reference: https://twitter.com/r3dbU7z/status/1705645264206184806 # Reference: https://www.virustotal.com/gui/file/d1dd950783c34f9d1a34a39b9068fb01023b537805ea97791b17dda03a95ebd9/detection # Reference: https://www.virustotal.com/gui/file/968f94101c97e3d7d7ba5a994409595c41f33645956454f4dce9d93c9abc9c79/detection # Reference: https://www.virustotal.com/gui/file/cad6a66eac36a2f482176d9636619dade6ece13f02613540184bbd341ee0983d/detection 93.123.118.253:39001 93.123.118.253:39002 93.123.118.253:39003 93.123.118.253:58001 93.123.118.253:7709 dingdang.ddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-25) http://74.133.86.50 101.34.3.12:8848 101.42.137.105:3593 103.108.66.216:9905 103.38.236.46:4449 103.42.31.134:9901 103.42.31.180:9904 123.99.200.153:4449 124.248.66.139:4449 124.248.66.140:4449 124.248.66.144:4449 134.255.254.224:7707 135.181.226.133:49287 140.143.167.227:3214 154.53.45.95:4449 185.17.0.246:4449 185.221.67.3:4449 198.44.165.77:6605 198.44.184.40:4449 2.59.254.111:5500 222.211.73.251:4848 42.51.40.184:6606 42.51.40.184:7707 42.51.40.184:8808 49.232.230.111:6630 5.104.84.227:4449 62.234.33.152:3502 62.234.35.139:5631 65.21.177.234:6606 65.21.177.234:7707 74.133.86.50:4449 90.62.249.133:2550 90.62.249.133:2551 90.62.249.133:2552 90.62.249.133:2553 90.62.249.133:2554 90.62.249.133:2555 90.62.249.133:2556 90.62.249.133:2557 90.62.249.133:2558 90.62.249.133:2559 90.62.249.133:2560 90.62.249.133:2561 90.62.249.133:2562 90.62.249.133:2563 90.62.249.133:2564 90.62.249.133:2565 90.62.249.133:2566 90.62.249.133:2567 90.62.249.133:2568 90.62.249.133:2569 90.62.249.133:2570 90.62.249.133:2571 90.62.249.133:2572 90.62.249.133:2573 90.62.249.133:2574 90.62.249.133:2575 90.62.249.133:2576 90.62.249.133:2577 90.62.249.133:2578 90.62.249.133:2579 90.62.249.133:2580 90.62.249.133:2581 90.62.249.133:2582 90.62.249.133:2583 90.62.249.133:2584 90.62.249.133:2585 90.62.249.133:2586 90.62.249.133:2587 90.62.249.133:2588 90.62.249.133:2589 90.62.249.133:2590 90.62.249.133:2591 90.62.249.133:2592 90.62.249.133:2593 90.62.249.133:2594 90.62.249.133:2595 90.62.249.133:2596 90.62.249.133:2597 90.62.249.133:2598 90.62.249.133:2599 90.62.249.133:2600 capitalizerutc.com de2.localto.net erorr2.webhop.net ewoiutz9dt9bzo89tz.com extra-hack.ddns.net iroexjds.work.gd nbnf43456httpshost.online non.accesscam.org popo01.mywire.org riewoti.work.gd saefigozower.fun sdfubuzoeoeiv.top seuriouhvhusr.cn slim1.thruhere.net telachapesu.com trx05.duckdns.org viper34.servebbs.net webwhatsapp.cc wpe.mysynology.net # Reference: https://www.virustotal.com/gui/file/c3f02339dcd6fbf6425fcc439a044416922c3f229d67e8f4e737dd29e7184e3b/behavior 23.105.131.172:2323 23.105.131.172:6606 23.105.131.172:7707 23.105.131.172:8808 dqdqededqedqe.tk bin.treatwellshome.xyz # Reference: https://threatfox.abuse.ch/ioc/1167640/ 95.214.27.6:5500 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-26) 185.25.51.99:444 185.225.73.105:7896 185.225.73.105:8675 185.81.157.150:2023 185.81.157.150:2035 194.180.49.190:9254 5.231.208.228:1337 51.103.217.70:6677 51.103.217.70:8585 74.208.105.80:2005 74.208.105.80:7777 80.85.153.152:28323 91.103.252.215:4449 # Reference: https://www.virustotal.com/gui/file/6841b9d41f26f9bbd98430b17aa75910e24e5a72aa4df3b40f251afba21d5297/behavior 18.228.115.60:14488 18.229.146.63:14488 18.231.93.153:14488 # Reference: https://twitter.com/beacon1ng/status/1708620162000396480 # Reference: https://app.any.run/tasks/c35e037b-a03f-4179-9764-1dcbb679dbc7/ 85.217.144.78:222 85.217.144.78:6606 85.217.144.78:7707 85.217.144.78:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-03) 185.225.73.105:6606 185.225.73.105:7707 185.225.73.105:8808 5.249.163.45:5555 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-06) 138.201.18.225:4449 185.241.208.184:6606 185.241.208.184:7707 185.241.208.184:8808 5.230.67.224:6606 5.230.67.224:7707 5.230.67.224:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-07) 185.16.38.41:2023 185.16.38.41:2035 185.241.208.114:5555 185.241.208.203:6606 185.241.208.203:7707 185.241.208.203:8808 185.241.208.42:2266 185.241.208.42:4444 185.81.157.21:2404 193.26.115.167:6606 193.26.115.167:7707 193.26.115.167:8808 209.145.56.0:57 4.151.131.10:2404 79.110.62.189:30305 # Reference: https://www.virustotal.com/gui/file/470556fb4a6a391d85e137d35fd76f1b8f9f984b4e4c8dadf3da3a072e901112/detection 193.26.115.188:8788 474ba67bdb289c6263b36dfd8.xyz # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-09) http://103.212.81.80 http://88.99.251.36 103.141.68.86:8080 107.175.113.198:6011 107.175.113.198:9901 107.175.243.138:6606 107.175.243.138:7707 107.175.243.138:8808 135.125.21.39:222 135.125.21.39:2222 136.243.151.123:4444 136.243.151.21:57 136.243.151.21:58 136.243.151.21:60 136.243.151.21:62 136.243.151.21:64 136.243.151.21:70 136.243.151.21:71 136.243.151.21:79 139.99.148.35:7707 142.11.241.177:2002 142.11.241.177:2003 142.11.241.177:2004 142.11.241.177:2005 142.11.241.177:4014 142.11.241.177:4016 142.202.240.116:6969 142.202.240.46:7707 142.202.242.171:2028 142.202.242.171:2205 144.126.149.221:1996 144.126.149.221:2106 147.50.253.12:9909 15.204.170.1:6666 158.69.131.146:555 158.69.131.146:5555 158.69.131.146:7777 162.244.210.198:7070 172.245.244.118:7070 172.245.244.118:9090 172.96.172.69:2002 172.96.172.69:2003 172.96.172.69:2004 172.96.172.69:2005 172.96.172.69:4014 172.96.172.69:4016 173.212.250.19:2000 173.212.250.19:5000 173.212.250.19:6000 173.212.250.19:7000 181.131.218.210:8000 185.104.195.215:1234 185.104.195.215:1975 185.104.195.215:1980 185.104.195.215:1985 185.104.195.215:1989 185.104.195.215:1990 185.104.195.215:1991 185.104.195.215:2001 185.104.195.215:2002 185.104.195.215:2004 185.104.195.215:2009 185.104.195.215:5555 185.104.195.215:7777 185.104.195.215:8888 185.117.91.202:7707 185.117.91.202:8808 185.117.91.202:9909 185.16.38.41:20000 185.16.38.41:2022 185.16.38.41:2033 185.161.210.60:4020 185.169.180.143:1604 185.169.180.209:1604 185.239.237.59:6666 185.239.237.59:7777 185.241.208.114:7777 185.241.208.29:6666 185.241.208.42:2244 185.241.208.42:6606 185.241.208.42:7707 185.241.208.42:8808 185.241.208.51:555 185.241.208.51:5555 185.241.208.51:6666 185.25.51.99:555 185.81.157.135:2323 185.81.157.149:2303 185.81.157.14:2301 185.81.157.14:2501 185.81.157.14:2502 185.81.157.14:2701 185.81.157.154:2303 185.81.157.154:2304 185.81.157.154:2525 185.81.157.174:8088 185.81.157.178:6606 185.81.157.178:7707 185.81.157.178:8808 185.81.157.218:9090 185.81.157.24:6006 185.81.157.24:8008 187.24.73.87:8888 187.24.73.87:9999 188.77.229.84:5001 191.101.206.33:6666 192.119.108.74:8713 192.119.108.75:8714 192.119.108.76:8714 192.119.108.77:8710 192.159.99.6:50 194.156.89.185:8080 194.156.90.168:2222 194.156.90.168:4444 194.156.90.168:5505 194.156.90.168:5555 194.156.90.168:6606 194.156.90.168:7707 194.156.90.168:7777 194.156.90.168:8808 194.180.49.17:6606 194.180.49.17:7707 194.180.49.17:8808 194.26.192.68:6606 194.26.192.68:6666 194.26.192.68:7707 194.26.192.68:8808 198.12.125.30:8808 198.12.125.30:8880 2.58.56.243:6606 2.58.56.243:6666 2.58.56.243:7707 2.58.56.243:8808 206.53.55.186:1000 206.53.55.186:7171 209.145.56.0:1234 209.145.56.0:2011 209.145.56.0:2022 209.145.56.0:4014 3.84.52.3:6606 3.84.52.3:7707 3.84.52.3:8808 34.29.228.84:1996 34.29.228.84:1997 35.197.164.151:443 38.180.69.154:6606 38.180.69.154:7707 38.180.69.154:8808 42.117.76.36:7569 42.117.76.36:7815 42.117.76.36:8010 42.117.76.36:8159 42.117.76.36:8579 45.138.16.41:6666 45.138.16.41:8888 45.141.215.91:6666 45.141.215.91:7777 45.141.215.91:8888 45.156.84.213:6666 45.81.39.78:115 45.92.1.142:333 45.92.1.142:6066 45.92.1.142:888 45.92.1.162:1996 46.246.82.9:2000 5.230.74.240:6666 5.230.74.240:7777 5.230.74.240:8888 51.161.107.68:555 51.161.107.68:5555 51.161.107.68:6666 51.195.145.78:4343 51.195.251.9:6606 51.195.251.9:7707 51.195.251.9:8808 51.254.49.49:5001 51.38.57.226:6606 51.81.126.13:2222 51.81.126.13:555 51.81.126.13:5555 51.81.126.13:777 51.81.126.13:7777 51.81.24.93:4242 51.81.7.207:6606 51.81.7.207:7707 51.81.7.207:8808 51.89.190.17:6000 51.89.190.17:7000 51.89.190.17:8000 51.89.190.17:8088 62.106.84.211:4444 62.106.84.211:6606 62.106.84.211:8808 62.106.84.212:6606 62.106.84.212:8808 62.106.84.213:4444 62.106.84.213:6606 62.106.84.213:8808 62.106.84.214:6606 62.106.84.214:8808 62.106.84.215:8808 64.56.68.203:8888 66.94.118.174:2000 66.94.120.244:6606 66.94.120.244:7707 66.94.120.244:8808 78.161.33.61:20000 84.54.50.9:8888 85.206.172.156:222 85.206.172.156:555 86.48.18.223:6606 88.119.175.231:444 88.119.175.231:555 88.119.175.231:5555 88.119.175.231:6666 88.119.175.231:8888 89.23.100.93:4449 91.109.116.34:8808 91.109.182.4:7707 91.109.188.3:8808 93.123.118.250:2222 93.123.118.250:4444 93.123.118.250:6666 94.130.130.51:112 94.130.130.51:113 94.130.130.51:114 94.130.130.51:6606 94.130.130.51:7707 94.130.130.51:8808 94.156.253.72:6606 94.156.253.72:7707 94.156.253.72:8808 94.228.168.80:10000 95.214.27.64:5505 95.214.27.64:6606 95.214.27.64:7707 95.214.27.64:8808 # Reference: https://www.virustotal.com/gui/file/dad4aa37fb7f808d7cdc3e81585c2a0b31fd07d5aeadf9bd6562e73250d7d81a/detection 208.64.33.62:4449 # Reference: https://www.virustotal.com/gui/file/1a06018f6c3e8b85ba401a081e96a71d3c6c795ea2b35cb586b33897bca4abe2/detection 194.180.48.105:6606 194.180.48.105:7707 194.180.48.105:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-10) 135.125.21.39:5555 135.125.21.39:7777 136.243.151.21:73 194.156.90.168:9999 209.145.56.0:1232 # Reference: https://twitter.com/r3dbU7z/status/1711882323367457217 185.81.157.213:222 185.81.157.213:6606 185.81.157.213:7707 185.81.157.213:8808 rxrr.duckdns.org # Reference: https://tria.ge/231010-11axlsgc97/behavioral1 46.1.103.69:2341 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-11) 108.165.237.62:8080 139.99.17.29:6606 139.99.17.29:7707 139.99.17.29:8808 144.126.159.54:8888 166.0.156.25:4444 169.150.249.71:8888 185.81.157.21:8888 192.119.108.74:8714 192.119.108.75:8710 192.119.108.76:8712 192.119.108.77:8712 192.119.108.78:8710 192.119.108.78:8712 198.12.125.30:6606 198.12.125.30:7707 198.12.125.30:8808 207.244.238.106:4444 46.196.24.46:6606 46.196.24.46:7707 46.196.24.46:8808 51.195.145.78:4242 51.89.190.17:6606 51.89.190.17:7707 51.89.190.17:8808 88.237.19.232:20000 91.109.184.2:6606 91.109.184.2:7707 91.109.184.2:8808 # Reference: https://www.virustotal.com/gui/file/724b95160127a1fac9bea14139ad0c773a9fd7f4bf0811c950e9a56003e3a49b/detection http://194.5.237.240 # Reference: https://twitter.com/karol_paciorek/status/1712422451534045305 # Reference: https://twitter.com/g0njxa/status/1712424483766550940 # Reference: https://tria.ge/231012-mwgbyaga58/behavioral1 181.235.14.39:9330 aaarr43.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-13) 101.35.255.93:8888 108.165.237.62:7070 116.98.23.227:257 173.212.250.19:6606 173.212.250.19:7707 173.212.250.19:8808 177.255.84.119:8000 185.117.91.202:6606 185.241.208.45:6606 185.241.208.45:6666 185.241.208.45:7707 185.241.208.45:8808 185.81.157.149:2301 185.81.157.174:8089 185.81.157.238:6603 187.24.0.226:8888 187.24.6.130:9999 188.77.229.84:4002 191.89.242.212:5757 192.119.108.75:8712 192.119.108.76:8710 192.119.108.77:8714 192.119.108.78:8714 193.23.3.37:4001 209.145.56.0:1955 213.195.120.176:4002 213.195.120.176:5001 42.194.128.203:6606 42.194.128.203:7707 42.194.128.203:8808 45.136.4.172:1453 45.81.39.77:111 49.12.7.88:1604 65.21.177.234:8808 78.161.41.50:20000 78.161.41.50:888 82.147.85.206:38002 91.109.182.2:6606 91.109.182.2:8808 91.208.92.183:6606 91.208.92.183:7707 91.208.92.183:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-16) 14.173.175.182:8080 147.189.169.231:6606 154.91.82.186:8888 173.212.250.19:1337 173.254.253.214:6606 173.254.253.214:7707 173.254.253.214:8808 185.81.157.201:8181 185.81.157.244:6606 185.81.157.244:7707 185.81.157.244:8808 193.26.115.55:9999 194.26.192.61:8888 195.85.205.141:6006 198.23.227.140:8880 213.195.120.176:4003 46.246.82.6:2000 82.65.203.216:443 91.109.176.4:7707 91.109.188.3:7707 91.109.190.4:7707 91.109.190.4:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-19) 103.212.81.159:1997 171.22.28.214:4404 185.241.208.21:888 185.81.157.105:6606 185.81.157.105:7707 185.81.157.105:8808 185.81.157.242:6606 185.81.157.242:7707 185.81.157.242:8808 185.81.157.252:6606 185.81.157.252:7707 185.81.157.252:8808 187.24.12.53:8888 20.211.121.138:4449 212.102.59.77:8888 46.246.12.9:2000 46.246.6.3:2000 46.246.86.17:8888 62.106.84.212:4444 62.106.84.214:4444 95.214.27.6:4545 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-20) 147.189.170.39:6666 185.81.157.24:6606 185.81.157.24:7707 185.81.157.24:8808 187.24.64.107:8888 187.24.64.107:9999 193.26.115.207:2001 198.12.125.30:8806 45.138.16.131:6606 45.138.16.131:7707 45.138.16.131:8808 51.77.230.223:2404 88.232.113.230:20000 88.232.113.230:888 91.109.176.9:6606 91.109.176.9:7707 91.109.176.9:8808 # Reference: https://twitter.com/smica83/status/1715700508818571717 # Reference: https://tria.ge/231021-nxvrdsfh66/behavioral2 82.131.152.206:4449 venomkarhel.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-23) 105.158.157.80:55555 147.189.169.231:6666 167.235.78.69:8888 172.111.233.177:3389 181.131.216.141:4040 185.81.157.103:6606 185.81.157.103:7707 185.81.157.103:8808 185.81.157.160:6606 185.81.157.160:888 187.24.2.121:8888 187.24.73.4:8888 187.24.73.4:9999 190.28.153.166:2000 190.28.161.89:2000 192.210.229.11:8880 192.210.229.8:8801 193.26.115.207:2002 193.26.115.207:2003 193.26.115.207:2004 193.26.115.207:2005 197.246.186.65:9999 197.246.197.142:9999 197.246.199.117:6666 197.246.235.14:9999 198.12.125.30:9901 209.145.56.0:2004 209.145.56.0:2005 209.145.56.0:2006 37.19.216.81:8888 45.141.215.141:7771 45.145.230.68:4449 78.161.14.145:20000 78.161.14.145:888 82.147.85.118:38002 85.109.221.202:20000 88.232.119.41:20000 88.232.119.41:888 91.109.176.7:7707 91.109.176.7:8808 91.109.184.3:7707 91.109.184.7:8808 91.134.150.159:4449 93.242.233.250:51125 93.43.214.206:7707 # Reference: https://www.virustotal.com/gui/ip-address/186.169.60.158/relations # Reference: https://www.virustotal.com/gui/file/b99b8c52dd67d2a9d4b8a58664056b7ce64f271e25efe3a3b8adf33c70d3db46/detection 186.169.60.158:1993 cotizacionesnuevas1.duckdns.org ibat21.duckdns.org # Reference: https://www.virustotal.com/gui/file/9906536e261362180e3b4c087a6e5941afd3766d077dfcfc3efbeb0ca91c9201/detection 186.169.60.158:1998 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-26) 116.203.24.34:2222 141.164.37.178:6606 141.164.37.178:7707 141.164.37.178:8808 172.111.233.109:3389 172.96.172.69:4019 178.73.192.20:8888 185.216.71.238:7708 185.216.71.238:8008 185.216.71.238:9909 185.81.157.112:6606 185.81.157.12:5555 185.81.157.12:6666 185.81.157.12:8888 187.24.69.150:8888 190.28.134.15:2000 194.156.89.178:2222 194.156.89.178:4444 197.246.196.91:9999 197.246.211.208:9999 198.12.125.30:8019 198.23.227.140:8080 198.23.227.140:8085 198.23.227.175:8080 209.145.56.0:6666 46.246.4.18:8888 91.109.184.4:8808 91.109.190.5:660666 91.109.190.5:7707 91.109.190.5:8808 91.208.92.210:1411 connect.servrweb.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-30) http://92.87.6.121 103.141.68.91:6606 107.172.76.170:1982 107.172.76.170:8909 135.125.21.39:444 136.243.151.123:1234 136.243.151.21:69 136.243.151.21:75 144.126.149.221:6666 144.126.159.54:6666 145.239.200.145:6606 145.239.200.145:6666 145.239.200.145:7707 145.239.200.145:8808 147.189.173.111:9999 161.97.151.222:2004 162.55.36.154:2222 177.143.216.81:3389 178.33.203.39:5010 181.214.240.179:7707 181.90.42.189:7707 182.253.153.225:10549 185.150.25.181:6666 185.196.8.53:6000 185.241.208.136:1177 185.249.197.248:2222 185.249.197.248:4444 185.81.157.12:6606 185.81.157.12:7707 185.81.157.12:8808 185.81.157.12:9999 185.81.157.238:366 186.102.163.66:2404 186.102.163.66:7777 186.102.163.66:8888 186.102.174.131:2404 186.102.174.131:8888 187.24.13.129:8888 187.24.70.241:8888 187.24.70.241:9999 187.24.71.243:5155 187.24.71.243:9999 190.28.166.77:2000 191.246.186.145:9999 191.88.249.96:2018 192.210.229.8:8891 197.246.187.103:9999 197.246.196.187:9999 197.246.199.162:7777 197.246.199.238:9999 198.12.125.30:8015 207.246.74.117:8000 209.127.186.195:2222 209.145.56.0:4444 213.195.120.176:6606 213.195.120.176:7707 213.195.120.176:8808 216.244.84.180:6606 216.244.84.180:7707 37.1.211.248:6606 37.156.26.161:10000 45.12.253.222:115 45.141.215.3:3306 45.141.215.40:7707 45.88.186.47:9999 5.75.182.255:2222 51.89.242.53:100 81.214.77.85:20000 81.214.77.85:888 85.206.172.156:6606 87.248.157.179:1604 88.248.212.24:20000 88.248.212.24:888 88.251.135.18:20000 88.251.135.18:888 89.137.121.142:4782 91.109.176.5:7707 91.109.176.5:8808 91.109.180.4:8808 91.109.182.7:7707 91.109.182.7:8808 91.109.186.2:8808 91.109.188.2:7707 91.109.188.2:8808 91.109.188.8:8808 91.92.240.157:6606 91.92.243.216:81 94.130.130.51:119 94.156.69.57:81 intclientpage.co foxgazafreego.mypsx.net # Reference: https://www.virustotal.com/gui/file/ed243022114ee48f4c5f9cfbc83cf3fed190052d413eeb50abff861582299bce/detection 141.255.156.206:21555 141.255.156.206:21666 141.255.156.206:21777 141.255.156.206:21888 141.255.156.206:21999 enterprise999.ddns.net mjtask.duckdns.org # Reference: https://www.virustotal.com/gui/file/ca92d9d3ed2415dd25079356940f9feec35b3e1b5e7d46c1de4e474ac5656d47/detection taaymhostv2.ddns.net # Reference: https://www.virustotal.com/gui/file/607b2909a0cd25015eb49d92b087870d750329254c641146059519008fd9874f/detection # Reference: https://www.virustotal.com/gui/file/120ff3fc38cc42844c647564284ccb431dd3e77f22da6284f7219229dec503e2/detection 45.88.180.17:7700 45.88.180.17:9700 couchelavable.ddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-12) 104.243.47.96:2222 142.202.188.173:9953 142.44.252.22:833 172.94.8.75:2020 185.25.51.99:222 185.62.86.134:666 185.81.157.150:6606 185.81.157.150:7707 185.81.157.150:8808 186.102.161.73:2404 186.102.161.73:7777 186.102.161.73:8888 186.168.71.240:8888 198.12.125.30:8191 37.1.211.248:7707 37.1.211.248:8808 45.141.215.5:7707 45.88.186.47:8888 46.1.103.69:2341 66.94.118.174:4002 72.11.142.131:8808 85.206.172.156:8808 85.239.241.136:1337 91.109.188.6:7707 # Reference: https://www.virustotal.com/gui/file/4c2d509873e08dc7e46df73f082502d116d13da9dc9cb52d9e69b921a0cdecc1/detection 91.92.241.80:4449 # Reference: https://www.virustotal.com/gui/file/4b317b533a355aa2a7410563ab6e3e4f9563dce4adea4926baaaa027037a29c4/detection 91.92.241.80:39001 # Reference: https://www.virustotal.com/gui/file/b9e5dd660dda0daa188d1dee546d4c97f5432e46a54bc812cac7e66e538dc43a/detection # Reference: https://www.virustotal.com/gui/file/01c52fb377d59ee5c9ac7db9cbf58186f6470f3a5c78d378bc2a0cb79627c2fe/detection 194.87.151.53:39001 194.87.151.53:4449 researchchemicals.ddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-15) http://136.243.151.21 103.47.147.204:2000 14.161.135.108:8080 181.235.82.111:2404 181.235.82.111:8888 181.235.87.205:2404 181.235.87.205:8888 185.81.157.103:2222 185.81.157.133:6666 185.81.157.135:2525 185.81.157.149:2024 185.81.157.236:4444 185.81.157.254:6606 185.81.157.254:7707 185.81.157.254:8808 186.112.202.44:2404 186.112.202.44:8888 186.168.71.240:2404 187.24.3.145:8888 190.28.181.222:2000 191.246.186.145:2021 193.23.3.37:4003 193.23.3.37:4545 198.23.227.175:8880 201.185.178.29:8888 31.11.194.49:1337 37.19.216.81:7777 45.154.98.86:4444 46.1.103.69:4263 46.1.103.69:7355 81.214.77.85:57 91.192.100.22:8000 91.208.92.74:4444 91.92.243.43:7719 panel.freeddns.org # Reference: https://www.virustotal.com/gui/file/2473f5514d45b2d56863331a9c24fdccf74b787e476b2b48963e40b0421462e0/detection 98.34.154.249:1605 ratlol.ddns.net # Reference: https://www.virustotal.com/gui/file/f9836e2f445c098ec9e41577906b5c25d419d780bbd0f12af29a1f1019981fd1/detection # Reference: https://www.virustotal.com/gui/file/f598e0fd21c125852521c64159f7400c7005d83ab8f071de9e95b23ad98c4980/detection # Reference: https://www.virustotal.com/gui/file/cd2cd968c9bdb300458c0cac8d95aecc487d7d0b9ac57126425d67756693eb01/detection # Reference: https://www.virustotal.com/gui/file/74a7a0f3461b71369a22c9b7e6cc89d02f41d4c4484966f545eb3fef56642206/detection 185.81.157.19:3306 185.81.157.19:3307 185.81.157.19:3309 45.141.215.3:3309 ns2usaupload.is-a-techie.com # Reference: https://www.virustotal.com/gui/file/e91838e3f9c6aa4e1e043fa30ac176081877347166e52aa9b9cb1e7f25acecbf/detection forlatinamerica.bumbleshrimp.com # Reference: https://www.virustotal.com/gui/file/7494ac575753c074738a4ea8aa3eb2dc0d7fe699b3e3f6dbbfb066b367aacc58/detection envio2023asy.bumbleshrimp.com # Reference: https://www.virustotal.com/gui/file/6bd3a9be98f3e06d4cefbc574149bd6f80e1bd96b6ac7131349313c2c9c19fae/detection 185.81.157.21:7777 bendicionesoctubre.ddnsguru.com # Reference: https://www.virustotal.com/gui/file/b53a2201e29a52a0ff66ce50fc05a3e0ab920b4b5c86773fc8766e9462aff871/detection 51.161.59.75:6606 51.161.59.75:8808 exrobotos2023.mywire.org # Reference: https://www.virustotal.com/gui/file/ebf8f470ffc1fa2c68fb9674c6e9842f9b5e5a15e2d37b11ffdb1de90d017b92/detection 141.255.147.253:8080 64.235.35.197:3333 parapowshell.blogdns.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-20) 1.120.227.126:4449 103.149.201.161:6106 103.233.253.8:8801 103.82.38.49:4449 104.129.27.19:6606 104.129.27.19:7707 104.129.27.19:8808 104.168.24.201:2345 121.62.23.38:5555 124.248.66.136:4449 124.248.66.143:4449 124.248.66.148:4449 124.248.66.154:4449 138.199.21.208:4449 147.185.221.16:47793 147.185.221.16:57444 154.221.25.208:8848 167.71.56.116:22863 172.111.138.100:4447 172.234.16.71:6606 172.234.16.71:7707 172.234.16.71:8808 185.221.67.19:18883 185.221.67.19:4449 198.37.108.208:5555 198.44.165.35:6602 198.44.165.35:8802 198.44.165.77:6105 199.36.223.62:52364 199.36.223.62:8848 20.201.123.99:30120 24.254.118.248:4449 4.229.227.81:8080 4.229.227.81:8081 45.138.16.87:998 45.88.186.47:4444 46.1.103.69:9371 65.21.8.16:4449 79.134.225.113:9346 91.107.228.216:4449 12tainss1s.xyz asdvua78v8ed4t6fhvha.cn asfyvisoeogtca3.fun bloxstrap.theworkpc.com bollon8.kozow.com dcemprendimiento.duckdns.org dkteamfix.webhop.net dool.ddns.net drippmedsot.mywire.org erouhisugvizi4.cn exrobotos.duckdns.org foodie.ooguy.com hmza.con-ip.com itskmc.run.place jauan2023.kozow.com jobsearchtest.com l11ol12s.sells-it.net lesson.webredirect.org lila152512.duckdns.org lol1112s.sells-it.net loveisthegreatest.ddnsfree.com microwsfp5555.ddns.net mloptuytonroyem.sytes.net modyforeditor.loseyourip.com newjakodns.con-ip.com nsairoet.kozow.com pacman.dontexist.org saofidubixo4r.top sdhvvy7vbysuxnvjdr6gtd64.com sen3tors.linkpc.net shady-mo.duckdns.org taaymhost.ddns.net w3llstore.work.gd webazssc.sytes.net webazsswebc.sytes.net webwdircetcc.sytes.net webwsetcc.sytes.net yaper.dynuddns.net # Reference: https://twitter.com/x3ph1/status/1726780232630198723 # Reference: https://www.virustotal.com/gui/file/6f9f2414e5ef9896fcef55deb74992200a418221aa6a169a76c688c82e9d7a5b/detection # Reference: https://www.virustotal.com/gui/file/b4b449797d6cf8c8ff86601d9b259c9a4a5d79fc48093f90fc4eb967ef527780/detection # Reference: https://www.virustotal.com/gui/file/f6a865b00b28e810029384d9941cbfe80deb2d24b992047f2a1634b6192ca4aa/detection 185.81.157.25:222 coffee.ddns.me # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-22) 104.243.32.185:6000 136.243.151.123:111 141.255.151.147:8888 144.126.159.54:7777 149.0.234.87:4444 162.244.210.198:6606 162.244.210.198:7707 162.244.210.198:8808 172.111.148.101:2020 173.212.250.19:1997 179.13.2.132:8020 181.214.240.179:6606 181.214.240.179:6666 181.214.240.179:8808 181.235.82.111:7777 181.90.42.189:8808 185.25.51.99:3333 185.81.157.246:6606 185.81.157.246:7707 185.81.157.246:8808 185.81.157.24:7007 186.170.115.82:8888 187.24.1.26:6606 187.24.1.26:9443 187.24.1.26:9999 187.24.70.150:9999 188.165.251.43:4242 190.28.170.122:2000 193.23.3.37:4002 194.213.3.100:7707 194.33.127.198:10000 195.178.121.53:6604 206.123.132.235:2000 213.195.120.176:5003 23.172.112.130:7707 23.172.112.130:8808 45.137.22.110:6606 45.138.16.48:8888 45.138.16.48:9999 45.88.186.47:5555 45.88.186.47:7777 45.92.1.15:9999 51.20.70.15:4443 51.38.57.226:7707 51.38.57.226:8808 78.161.26.61:20000 78.161.26.61:888 81.214.139.34:1604 91.92.242.246:4444 95.214.26.58:8808 # Reference: https://www.virustotal.com/gui/file/1761a57ada75a812d72141a1443aa22032bd9a2b2e167463d1cb06b2a1707c80/detection 51.222.31.217:3333 # Reference: https://www.virustotal.com/gui/file/729c57b7bfb87adeade5b33ad6af0b17c6ffa452d42caa42c6a1b4318601007f/detection 213.152.161.118:12184 timdynu23.freeddns.org # Reference: https://www.virustotal.com/gui/file/18cb72e1caa929417b210801b615149c10b7d7962e738526bdade965b7e2bec2/detection 128.242.245.125:777 95.211.140.160:777 webchek.redirectme.net # Reference: https://www.virustotal.com/gui/file/81bbf492816fdf74123d81ae5f01d85764f9be418fe4930e7c569fcdff1b3787/detection 186.169.35.157:8523 varo12l.duckdns.org # Reference: https://www.virustotal.com/gui/file/e08cde99d5c7427bd85cc6b26f9d6165561d80a52eac668f6883ffb66955ab63/detection 191.91.176.64:3035 asdfghtr.duckdns.org # Reference: https://www.virustotal.com/gui/file/2b8c89ff1e46b7f9955583390fe471e299e1af0156e25a10b1c48780000a6524/detection fdghjkhgf.duckdns.org # Reference: https://www.virustotal.com/gui/file/669e35994017a740f8d56ac2e06aa7c45c9747ac27000d0413b5e5d2bdcda9e6/detection 200.116.159.187:4041 monocell08.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-03) http://193.124.205.3 113.169.210.179:8080 113.207.105.241:17803 136.243.151.21:61 136.243.151.21:81 141.255.147.113:8888 141.255.151.249:8888 147.189.173.65:6666 154.16.67.94:8080 158.220.96.15:3318 181.90.42.189:6606 185.196.8.10:4449 185.62.85.197:444 185.81.157.147:6606 185.81.157.147:7707 185.81.157.147:8808 185.81.157.201:5008 187.24.66.236:9999 187.24.69.254:9999 188.215.229.107:1993 193.109.85.53:4449 193.149.176.5:7707 194.213.3.100:6606 194.213.3.100:8808 198.12.125.30:8818 2.58.56.160:7707 2.58.56.188:7707 2.58.56.37:7777 213.195.117.254:4002 213.195.117.254:4003 213.195.117.254:5001 213.195.117.254:5003 213.195.117.254:6606 213.195.117.254:7707 213.195.117.254:8808 213.195.125.89:4002 213.195.125.89:4003 213.195.125.89:5001 213.195.125.89:5003 213.195.125.89:6606 213.195.125.89:7707 213.195.125.89:8808 23.172.112.130:6606 45.92.1.59:8888 45.92.1.59:9999 5.249.161.42:9999 51.81.126.50:7777 66.94.118.174:9999 78.163.243.12:20000 78.163.243.12:888 82.165.74.190:1111 88.119.175.231:3333 88.229.10.198:3001 91.109.184.5:7707 91.109.186.8:7707 91.109.186.8:8808 91.109.188.9:9999 91.109.190.6:8808 91.92.244.203:4449 91.92.244.84:3232 91.92.248.239:6606 91.92.248.239:7707 91.92.248.239:8808 91.92.248.33:6606 91.92.248.66:6606 # Reference: https://twitter.com/banthisguy9349/status/1731374045218611702 http://138.68.144.100 143.110.162.255:81 159.65.215.80:81 162.244.210.198:222 # Reference: https://twitter.com/noexceptcpp/status/1731632258849673715 # Reference: https://gist.github.com/teixeira0xfffff/be875d101aa12bd4115d4d2133edd4ac#file-asyncrat_server-csv http://107.173.143.111 http://165.154.186.149 http://192.210.236.242 http://198.23.144.126 http://198.23.145.12 http://20.187.64.131 http://67.243.58.12 http://76.83.131.163 http://77.73.131.83 1.53.214.230:8443 102.176.1.40:3306 102.176.1.40:6068 102.176.9.223:9300 102.41.50.232:6606 103.212.180.182:8888 103.212.81.157:6606 103.212.81.77:111 103.47.57.94:8080 103.99.0.229:443 104.161.23.232:6666 104.194.128.64:6606 104.211.203.236:2000 104.250.169.22:2000 104.250.170.27:6606 104.250.170.27:7707 104.250.170.27:8808 104.255.175.11:5001 104.255.175.12:5001 105.158.129.43:55555 105.158.132.27:55555 106.75.36.196:6606 106.75.36.196:7707 106.75.36.196:8808 107.172.76.170:1978 107.173.143.111:8080 107.175.113.198:8891 108.165.237.60:7707 109.107.179.248:7707 109.230.238.142:7777 116.148.86.63:6666 116.148.86.6:7777 116.148.86.70:6666 117.147.92.57:6666 129.146.108.93:8808 13.69.153.63:8080 13.80.133.110:67 13.80.133.110:68 130.211.201.48:5001 134.255.232.141:5555 134.255.234.198:5555 134.255.234.198:6666 134.255.234.198:8888 134.255.252.149:7777 135.148.171.75:8081 136.243.111.71:2200 136.243.151.21:63 136.243.151.21:67 136.243.151.21:72 136.243.151.21:74 136.244.116.149:1515 139.99.3.41:8808 14.164.98.70:8080 14.173.68.236:8080 14.234.24.74:8080 14.234.25.79:8080 140.82.55.70:2222 140.82.55.70:7777 141.255.146.104:8880 141.255.147.254:8880 141.255.158.165:8880 141.98.6.105:9191 142.11.241.177:2001 142.202.240.126:505 142.202.240.126:8888 142.202.240.91:6666 144.172.122.159:6606 145.239.200.145:7777 146.158.73.209:7777 147.124.209.80:6060 147.124.209.80:6666 147.124.209.80:8808 147.189.172.222:5555 147.189.172.222:6666 147.189.172.222:7777 147.189.172.222:9999 147.189.172.2:7707 147.189.174.47:7777 147.50.253.12:6606 147.50.253.12:7707 147.50.253.12:8808 149.102.243.138:8743 149.202.0.249:6666 149.56.79.3:4343 154.38.172.60:6666 155.254.244.188:6606 156.225.129.86:1433 159.69.11.30:6606 159.69.11.30:7707 159.69.11.30:8808 159.75.177.150:8443 160.178.236.210:55555 160.179.188.127:55555 161.97.151.222:7788 170.39.187.29:8080 172.245.23.178:9090 172.86.70.30:7777 172.86.76.198:6600 172.94.104.179:2000 172.94.6.198:2000 172.94.9.83:2020 172.96.172.69:1003 173.212.199.134:5552 173.212.250.19:1993 173.212.250.19:6066 173.212.250.19:6666 173.238.144.207:7707 173.249.196.201:4466 177.255.88.17:8020 178.33.203.39:9191 178.73.192.4:2000 179.14.8.129:8000 18.163.74.152:2333 18.197.239.109:10041 181.131.217.94:8808 181.215.5.168:4444 181.215.5.168:6666 181.90.42.189:2112 183.80.59.98:7946 183.80.59.98:8416 183.80.59.98:8420 183.80.59.98:8481 183.80.59.98:8533 183.80.59.98:8568 183.80.59.98:8598 185.104.195.215:5001 185.114.157.168:8080 185.117.91.202:8088 185.154.13.125:6606 185.158.251.88:2023 185.16.38.41:2024 185.162.235.142:6606 185.162.235.142:7707 185.162.235.142:8808 185.216.71.90:6606 185.216.71.90:7707 185.216.71.90:8808 185.223.77.181:8080 185.225.73.13:5001 185.225.73.192:4444 185.225.74.63:6606 185.225.74.63:7707 185.225.74.63:8808 185.225.75.54:12499 185.241.208.104:6666 185.241.208.140:1111 185.241.208.142:7777 185.241.208.159:880 185.241.208.161:8808 185.241.208.173:5555 185.241.208.177:6666 185.241.208.177:7777 185.241.208.187:7777 185.241.208.239:1177 185.241.208.72:6666 185.249.197.248:6606 185.249.197.248:7707 185.249.197.248:7777 185.25.51.99:5555 185.25.51.99:6666 185.62.84.65:7777 185.62.84.66:7777 185.62.84.67:7777 185.62.84.68:7777 185.62.84.69:7777 185.62.85.197:666 185.62.86.134:444 185.62.86.134:777 185.81.157.105:5135 185.81.157.105:5140 185.81.157.105:5150 185.81.157.105:9014 185.81.157.105:9015 185.81.157.105:9016 185.81.157.105:9017 185.81.157.105:9018 185.81.157.105:9019 185.81.157.105:9020 185.81.157.105:9021 185.81.157.105:9022 185.81.157.105:9023 185.81.157.105:9024 185.81.157.105:9027 185.81.157.105:9028 185.81.157.12:7777 185.81.157.135:2024 185.81.157.135:4343 185.81.157.135:4444 185.81.157.135:5555 185.81.157.135:6666 185.81.157.148:5555 185.81.157.149:2025 185.81.157.14:1010 185.81.157.14:2024 185.81.157.14:4343 185.81.157.14:7777 185.81.157.150:20000 185.81.157.150:2024 185.81.157.150:6666 185.81.157.152:7777 185.81.157.157:9009 185.81.157.168:7702 185.81.157.174:8090 185.81.157.209:2306 185.81.157.209:2310 185.81.157.209:4343 185.81.157.209:7777 185.81.157.218:1010 185.81.157.218:2020 185.81.157.238:5503 185.81.157.238:5601 185.81.157.5:9019 185.81.157.5:9020 185.81.157.71:2024 185.81.157.71:7777 186.102.174.131:7777 186.170.115.82:7777 187.24.1.147:7707 187.24.1.26:6666 187.24.12.23:6666 187.24.6.130:8888 187.24.64.107:2021 187.24.68.152:9090 187.24.70.150:9441 187.24.73.4:6606 187.24.73.4:7707 187.24.73.87:2020 187.24.9.5:9999 188.77.229.84:5002 188.77.229.84:6606 188.77.229.84:7707 188.77.229.84:8808 190.213.184.38:6606 190.213.184.38:7707 190.28.134.141:2000 190.28.145.222:2000 190.28.155.162:2000 190.28.161.114:2000 190.28.176.211:2000 190.28.177.104:2000 190.28.223.143:2000 190.28.246.177:2000 190.28.249.178:2000 190.28.250.147:2000 190.28.251.148:2000 190.97.165.170:8808 191.88.249.14:6969 192.121.82.67:2000 192.129.253.82:4444 192.129.253.82:9999 192.129.253.83:4444 192.129.253.83:9999 192.129.253.84:2001 192.129.253.84:4444 192.129.253.84:9999 192.129.253.85:4444 192.129.253.85:9999 192.129.253.86:2001 192.129.253.86:4444 192.129.253.86:9999 192.210.201.49:8891 192.210.236.158:7070 192.210.236.242:8080 192.3.27.141:8000 192.3.27.141:8118 193.142.146.212:7707 193.23.161.246:7777 193.23.3.123:6606 193.23.3.123:7707 193.23.3.123:8808 193.23.3.37:4343 193.26.115.217:6666 193.26.115.217:7777 193.26.115.78:7777 193.34.69.105:6666 193.42.32.17:7777 193.42.33.216:3306 193.42.33.58:8808 193.53.126.35:443 193.56.29.146:7777 194.180.48.14:5600 194.213.3.111:444 194.213.3.18:7777 194.213.3.36:7777 194.26.192.144:7777 194.26.192.144:8888 194.26.192.174:1991 194.26.192.174:2000 194.26.192.174:2002 194.26.192.174:5001 194.26.192.174:5555 194.26.192.174:6666 194.26.192.174:7777 194.26.192.174:8008 194.26.192.22:2222 194.26.192.22:7777 194.31.87.133:8080 194.49.94.212:9999 195.178.120.6:8088 195.3.222.57:5001 195.3.222.57:5554 195.3.222.57:5555 195.3.222.57:6000 196.217.83.3:55555 196.217.85.101:55555 196.217.87.251:55555 197.14.239.140:1177 197.246.187.170:7777 197.48.87.159:6606 198.12.125.30:8815 198.12.125.30:8891 198.23.144.126:8080 198.23.144.126:8088 198.23.145.12:8088 198.23.227.140:8191 198.23.227.140:8905 198.244.251.230:4444 198.244.251.230:5555 198.244.251.230:6666 198.244.251.230:7777 198.244.251.230:8888 198.245.77.54:7777 198.27.97.88:7707 198.37.108.192:7777 198.50.243.177:6000 198.50.243.177:7000 198.50.243.177:8000 198.50.243.177:8088 2.155.153.144:5000 2.155.153.144:5001 2.155.153.144:7070 2.155.41.147:5001 2.155.41.147:5003 2.58.56.148:7777 2.58.56.183:5555 2.58.56.188:5555 2.58.56.243:3000 2.58.56.44:2222 2.58.56.72:1337 2.58.56.73:6666 2.59.254.111:5552 20.117.92.125:9999 20.124.90.72:443 20.125.135.51:6666 20.150.149.137:70 20.163.10.14:2222 20.169.37.196:8808 20.21.57.76:8080 20.214.161.67:6606 20.218.135.231:6666 20.231.104.157:6665 20.231.104.157:7777 205.234.231.52:8808 206.123.132.65:2020 206.53.55.190:5000 206.53.55.8:1717 206.53.55.8:6060 206.53.55.8:6066 206.72.202.44:8080 207.244.238.106:5555 207.244.238.106:6666 207.32.216.212:8008 207.32.217.109:2222 207.32.217.109:5555 207.32.217.122:6666 207.32.217.247:5555 207.32.217.71:8008 207.32.218.23:6666 207.32.218.23:8808 209.126.11.174:6606 209.126.11.174:7707 209.126.11.174:8808 209.141.47.27:6606 209.141.47.27:7707 209.141.47.27:8808 209.145.56.0:1956 209.145.56.0:2001 209.145.56.0:53 209.145.56.0:5555 209.145.56.0:8877 209.209.40.132:199 212.102.59.83:6666 212.102.59.83:7777 212.102.59.83:8888 213.170.135.22:7777 213.170.135.27:6666 213.170.135.27:7777 213.170.135.31:444 213.195.120.176:5002 23.106.125.206:443 23.254.227.121:20000 23.254.231.83:1001 23.254.231.83:2001 23.254.231.83:2002 23.254.231.83:2004 23.94.171.142:6606 23.94.171.142:7707 23.94.171.142:8808 24.133.200.15:6606 24.52.60.3:8080 27.78.181.161:257 34.125.63.198:5000 34.125.63.198:5001 34.125.69.88:5000 34.125.69.88:5001 34.125.83.204:5000 34.125.83.204:5001 34.125.83.204:5002 35.172.119.52:8888 37.139.129.145:8442 37.211.90.37:4782 38.242.242.149:1991 38.242.242.149:2000 40.113.131.31:7777 40.113.131.31:8888 41.155.10.158:135 41.155.10.158:1433 41.155.10.158:49152 41.155.10.158:49154 41.155.10.158:5432 41.155.10.158:8002 41.155.10.158:8081 41.155.10.158:8181 41.155.10.158:8880 41.155.3.95:2080 41.155.3.95:554 41.155.3.95:8020 41.155.3.95:8081 41.210.0.105:25 41.210.11.200:25 41.210.3.29:11000 41.210.3.29:9090 41.210.3.29:9100 41.35.23.138:6606 42.117.250.222:8084 42.117.76.36:8085 42.117.76.36:8252 42.117.76.36:8463 42.117.76.36:8589 45.128.234.233:8081 45.133.235.219:7777 45.137.22.236:5000 45.138.16.133:222 45.138.16.133:2222 45.138.16.133:7777 45.138.16.161:1010 45.138.16.186:1234 45.138.16.186:22 45.138.16.186:6666 45.138.16.186:7777 45.138.16.186:89 45.138.16.202:7777 45.138.16.206:1010 45.138.16.213:5555 45.138.16.252:1194 45.138.16.252:2222 45.138.16.39:5001 45.138.16.41:5555 45.138.16.48:4444 45.138.16.48:6666 45.138.16.48:7777 45.138.16.89:555 45.138.16.89:5555 45.139.199.152:4445 45.141.215.103:2021 45.141.215.103:7777 45.141.215.103:8888 45.141.215.121:2106 45.141.215.139:1010 45.141.215.141:7788 45.141.215.145:555 45.141.215.145:8888 45.141.215.3:3310 45.141.215.3:3312 45.141.215.41:7777 45.141.215.63:7777 45.141.215.77:1010 45.141.215.77:2020 45.141.215.81:5555 45.141.215.81:8888 45.141.215.84:2222 45.141.27.86:9999 45.147.45.253:7 45.147.45.253:81 45.15.157.71:6606 45.15.157.71:7707 45.154.98.110:1991 45.154.98.110:2000 45.154.98.110:2001 45.154.98.110:2002 45.154.98.110:5555 45.154.98.110:7777 45.154.98.151:6666 45.154.98.192:2222 45.154.98.192:444 45.154.98.192:4444 45.154.98.192:5555 45.154.98.192:6066 45.154.98.192:666 45.154.98.192:6666 45.156.85.189:7777 45.43.18.229:6666 45.58.190.125:6606 45.58.190.125:7707 45.61.128.122:8808 45.61.128.231:6666 45.61.129.206:7707 45.61.129.206:8808 45.61.166.56:8888 45.66.230.96:5552 45.76.46.64:6606 45.79.170.6:6606 45.79.170.6:7707 45.80.158.183:7707 45.80.158.57:2222 45.80.158.57:7777 45.80.158.66:2222 45.80.158.66:6666 45.80.158.66:7707 45.80.158.66:7777 45.81.39.110:8808 45.81.39.153:7707 45.81.39.77:6606 45.92.1.17:7707 46.109.232.207:6606 46.109.232.207:7707 46.246.12.19:2000 46.246.14.16:2000 46.246.14.21:8000 46.246.6.13:8000 46.246.6.17:2000 46.246.6.6:2306 46.246.6.8:5427 46.246.80.15:2424 46.246.82.17:2000 46.246.84.17:8000 46.246.86.8:8000 46.246.86.9:8000 47.120.0.195:6606 47.120.0.195:7707 5.161.111.38:7777 5.161.111.38:9999 5.161.182.109:7707 5.161.182.109:8808 5.161.67.9:7777 5.161.68.223:7777 5.180.81.207:7707 5.196.117.233:1975 5.224.222.63:5002 5.231.208.228:6606 5.231.208.228:7707 5.249.163.32:7777 5.249.163.45:7777 5.61.40.196:81 51.195.251.7:7000 51.195.251.7:8000 51.195.251.7:8088 51.222.69.3:8808 51.38.247.74:6666 51.81.76.84:9999 51.81.97.229:6666 51.89.190.17:5600 51.89.190.17:5700 51.89.204.172:3306 51.89.204.69:6606 51.89.204.69:7707 51.89.204.69:8990 62.106.84.211:7707 62.106.84.212:7707 62.106.84.213:7707 62.106.84.214:7707 62.106.84.215:6606 62.106.84.215:7707 69.172.233.16:6066 69.172.233.44:4433 69.172.233.44:4444 74.234.126.146:8080 77.228.78.243:5000 77.228.78.74:5000 77.228.78.74:6060 77.231.107.226:5001 77.231.107.226:5002 77.231.107.226:7070 77.231.37.221:5000 77.231.37.221:5001 77.73.129.60:7707 78.135.83.219:8080 78.161.26.61:3000 78.161.3.93:888 78.161.41.50:3000 78.161.41.50:3001 78.163.63.59:3001 78.164.59.222:888 78.180.125.80:8080 78.185.120.130:888 78.84.244.67:6606 78.84.244.67:7707 78.84.244.67:8808 78.84.249.41:8808 79.110.62.191:6606 81.214.77.85:3000 81.214.77.85:3002 81.214.77.85:777 81.230.10.189:443 82.159.146.144:5001 82.159.146.172:5001 82.159.170.113:5001 82.159.175.186:5000 82.159.175.186:5001 84.38.135.222:8808 85.107.56.38:3000 85.107.56.38:888 85.208.136.58:222 85.208.139.71:2222 85.208.139.71:4444 85.215.172.173:7777 85.215.205.213:6606 85.215.205.213:7707 85.215.205.213:8808 87.237.52.235:8888 87.237.52.40:5555 88.229.10.198:20000 88.229.11.248:3000 88.232.119.41:7777 88.237.19.232:3002 88.244.33.230:3000 88.251.135.18:3000 88.251.135.18:3001 89.117.21.144:7707 89.117.55.98:3110 89.117.72.232:8808 89.117.77.110:7707 89.117.77.193:7707 89.140.147.214:5000 89.140.147.214:5001 89.44.9.137:6606 89.44.9.137:7707 89.44.9.137:8808 91.109.176.4:8888 91.109.176.5:8888 91.109.176.6:8808 91.109.176.7:6606 91.109.176.7:8888 91.109.178.8:8888 91.109.180.3:8808 91.109.180.5:9090 91.109.190.11:6666 91.208.92.220:7777 91.208.92.68:7777 91.208.92.80:7707 91.208.92.83:444 91.208.92.9:444 91.208.92.9:7777 91.92.240.97:9191 91.92.252.69:111 93.43.214.206:6606 94.130.207.164:1010 94.26.246.198:8080 95.214.24.218:6606 95.214.24.218:7707 95.217.0.146:1604 95.217.121.188:8848 95.23.150.98:7707 95.23.150.98:8808 95.65.130.17:4444 2escob4r.ddns.net 44box.ddns.net jntls.publicvm.com money.ddnsgeek.com nets.homedns.org optimization-marketing.com s2x1ce.from-ma.com # Reference: https://twitter.com/banthisguy9349/status/1731596141278400938 http://91.92.244.16 91.92.244.16:222 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-04) 113.207.105.229:8302 136.243.151.21:76 141.255.144.96:8888 141.255.146.81:8888 141.255.159.47:8888 193.149.176.5:6606 193.149.176.5:8808 193.222.96.19:6606 193.222.96.19:7707 193.222.96.19:8808 5.249.161.42:8888 88.229.10.198:3004 91.109.178.9:8808 91.92.244.16:6606 91.92.244.16:8808 # Reference: https://www.virustotal.com/gui/file/4a880f082a6ded92d2b65ff46f3876ad5d15657c166a3290431c093f06430552/detection 207.32.218.138:4444 adad3.casacam.net # Reference: https://www.virustotal.com/gui/file/beb770ec5787870eba31691540aa5f7d30361afeb95ba5976ce432a3bf7a227f/detection 207.32.218.138:3333 syncca.theworkpc.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-05) 104.243.47.96:2233 107.175.113.198:7710 107.175.113.198:8018 107.175.113.198:8801 136.243.179.5:700 141.255.150.149:8888 144.126.149.221:9999 149.13.5.179:5050 154.38.172.60:555 154.38.172.60:5555 161.97.151.222:2006 162.244.210.198:6060 173.212.250.19:1717 173.212.250.19:1818 173.212.250.19:1998 173.212.250.19:1999 173.212.250.19:6060 185.62.85.197:555 185.81.157.103:1111 185.81.157.119:1111 185.81.157.201:9991 185.81.157.238:6301 190.28.157.161:2000 191.101.206.72:6666 191.233.245.58:60000 194.26.192.34:555 198.12.125.30:8011 2.58.56.37:6666 206.123.132.162:2000 209.145.56.0:2020 213.195.114.146:4002 213.195.114.146:4003 213.195.114.146:5001 213.195.114.146:5003 213.195.114.146:6606 213.195.114.146:7707 213.195.114.146:8808 213.195.125.89:4001 37.19.216.81:6666 41.251.193.151:66 45.32.173.196:6969 45.92.1.59:6666 78.163.243.12:3000 80.253.246.12:7707 85.209.176.108:8080 85.239.237.148:7788 88.229.10.198:3002 88.229.10.198:3003 91.109.188.4:7707 91.109.188.4:8808 94.130.130.51:5505 95.214.26.58:9909 mta1.candledmush.net # Reference: https://twitter.com/ScumBots/status/1732041986474180873 # Reference: https://www.virustotal.com/gui/file/779468167b7fb6ae608f098d8460a0c6f7a825e088fe60ed31ea4f9e8e664f00/detection 179.14.8.224:1984 diciembre12.duckdns.org # Reference: https://www.virustotal.com/gui/file/e8c2e235a5d47cbe374d5aadea5a7f5cc21616a1ffe1ed7a8217fba02c7620db/detection 91.92.251.143:8200 greatkingtravel8200.duckdns.org # Reference: https://www.virustotal.com/gui/file/e437950df0a59d8a6d6a0ca0a4ca52c3d8c733b02d263a8f63987dc211e40b30/detection # Reference: https://www.virustotal.com/gui/file/87aa05b65e67ddfb826e987343b64af0ab5b11b166ea2d35575c487076518a79/detection 91.92.251.143:8100 greatkingxlimited.duckdns.org # Reference: https://www.virustotal.com/gui/file/e879574d750ebd02a3affea08fca995185c05ed7deda29882463b3f81c25d6e1/detection 173.44.50.84:2016 window10.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-08) 103.161.112.130:4449 142.202.240.140:4444 149.0.232.42:4444 178.33.57.150:4449 181.41.200.232:4000 185.81.157.24:6126 20.168.112.95:8888 20.168.112.95:9999 209.145.56.0:2017 23.145.120.49:8808 27.64.157.66:257 38.181.25.204:5858 46.1.103.124:2341 46.1.103.124:9371 52.185.48.220:8585 82.165.74.190:2003 88.251.226.111:20000 91.92.248.48:5552 # Reference: https://www.virustotal.com/gui/file/5771678df53b5f26796bd57c74de0917e65ee23c9e6f46d67dd7a5e190f41ee6/detection 141.255.144.8:6606 141.255.144.8:7707 141.255.144.8:8808 # Reference: https://www.virustotal.com/gui/file/f5917e4093be8eda6413dc810e8a2156886e2ba03895784672b059753887adde/detection 85.215.218.19:2023 85.215.218.19:777 # Reference: https://www.virustotal.com/gui/file/96e14b48b61a6cd9748446ce2d54e0474d5852c18ce23c00bf95ca9ecf0c8e39/detection 85.215.218.19:2024 /arasramo # Reference: https://www.virustotal.com/gui/file/5bc5d0bac3cb3194ac6f62d1cfc4ae12964972c40e3becad4defc10c668615de/detection 85.215.218.19:2026 java-runtime.servehttp.com # Reference: https://www.virustotal.com/gui/file/2bc4c1c50a459ed02dbd8ee98d5ef346425e0125c5014ba9650b5c3af4a33fa1/detection 196.196.227.93:8521 01net.sytes.net # Reference: https://www.virustotal.com/gui/ip-address/85.215.218.19/relations updatedriver.3utilities.com utilitaires.servegame.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-12) 185.81.157.154:2727 213.195.115.111:4002 213.195.115.111:4003 213.195.115.111:5001 46.105.147.140:1602 84.38.129.116:8080 91.92.243.58:8808 95.15.65.177:20000 95.15.65.177:888 95.214.177.110:4444 # Reference: https://www.virustotal.com/gui/file/bd08d9ecd8e02b4eee95353fe94ce148f31758ee1271e63e6951ccac032ce58b/detection 204.44.124.113:3000 # Reference: https://www.virustotal.com/gui/file/c3287d43e42a5d93dbb7ee425d8f9d22678f900d8b9c9132e7ec4cf73c8a07b3/detection 204.44.124.113:6666 # Reference: https://www.virustotal.com/gui/file/3ad3a9385859a3063e5a8e1ea9a93ea41e113e5107baaf6efd23537662993c1d/detection 46.246.86.24:8000 reader08.duckdns.org # Reference: https://www.virustotal.com/gui/file/82bf98526028165b2b4700282a2a0e88f36015c1948ba4890aee7e53f14b2a50/detection 46.246.80.20:1618 46.246.84.18:1618 # Reference: https://www.virustotal.com/gui/file/cd3a8f6ea97d9b8879c0d7e623d94e5f12dac5cef00538f82b200f48daf45666/detection 46.246.84.8:1504 # Reference: https://twitter.com/V3n0mStrike/status/1736058054884388929 # Reference: https://www.virustotal.com/gui/file/dcbe457f09b71c4ed6fbb2183246f39d5229bc29ac5736a627604249398fb78e/detection # Reference: https://www.virustotal.com/gui/file/b988d864e59da4746ff4d24377c57942ae3f0e20e28164bae9b848e98c3bda23/detection # Reference: https://www.virustotal.com/gui/file/b988d864e59da4746ff4d24377c57942ae3f0e20e28164bae9b848e98c3bda23/detection # Reference: https://www.virustotal.com/gui/file/f5eb7f30ca962192527a03ef232e74274a727969ea42a761acc19db26b741703/detection 91.92.251.22:5122 innomac.duckdns.org mcwillis.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-17) 103.195.103.33:8808 136.175.8.57:4545 142.202.240.78:8888 181.32.146.243:7707 185.62.87.237:4444 185.62.87.239:4444 185.62.87.247:4444 185.81.157.103:4444 187.24.7.81:9999 194.33.127.198:2086 20.197.242.109:6060 207.246.82.230:5290 213.195.115.111:5003 213.195.115.111:6606 213.195.115.111:7707 213.195.115.111:8808 37.1.208.229:4444 37.1.208.229:8888 37.1.208.229:9999 5.161.200.142:333 5.75.147.113:3000 91.92.248.48:222 91.92.248.72:6606 95.216.41.33:81 # Reference: https://twitter.com/1ZRR4H/status/1736870188480434417 # Reference: https://www.virustotal.com/gui/file/048b743925b2f30e9300e30bafb67985185653f1c3adcef2dc3257db705020c2/detection # Reference: https://www.virustotal.com/gui/file/c2ae169495738288c01df97f582da3db67e4f4d4514be563a7e2cbc069b76448/detection http://91.92.245.38 193.26.115.142:2004 91.92.245.38:445 love1.loseyourip.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-22) 103.186.215.91:3390 103.186.215.91:4449 103.193.188.13:8080 103.193.188.13:8848 103.195.103.33:6606 103.195.103.33:7707 103.207.165.25:4449 106.53.119.74:8848 109.205.214.146:8848 109.248.151.48:1997 111.173.80.91:8848 111.173.80.92:8848 111.173.89.39:8848 111.229.116.176:8848 121.62.23.71:8848 123.99.200.134:2351 123.99.200.157:2450 123.99.200.157:2991 123.99.200.175:4595 123.99.200.184:2650 123.99.200.188:4449 123.99.200.191:4449 124.156.160.52:8848 124.221.43.13:5222 124.248.69.70:8848 124.248.69.71:8848 125.64.108.85:4449 134.122.133.177:4449 143.92.32.18:4449 143.92.35.85:4449 147.185.221.16:49190 147.185.221.17:20761 147.185.221.17:22684 147.185.221.17:2276 147.185.221.17:3767 147.185.221.17:6606 147.185.221.17:7707 147.185.221.17:8264 147.185.221.17:8808 154.12.87.251:8301 154.12.87.251:9601 154.91.229.111:4449 154.91.229.36:4449 154.91.230.208:4449 156.251.19.50:4449 159.69.85.54:4449 163.172.165.144:8080 165.73.249.21:6606 165.73.249.21:7707 165.73.249.21:8808 167.71.56.116:22942 176.129.191.64:5123 18.192.93.86:14444 182.43.76.21:7788 185.196.9.95:8008 185.62.87.238:4444 185.62.87.246:4444 185.81.157.19:3310 185.81.157.19:3314 185.94.29.178:4477 188.148.105.135:3113 193.161.193.99:41254 198.13.34.134:4449 198.23.227.140:6661 2.56.245.187:3232 202.63.172.63:8848 206.119.117.179:4449 206.123.140.95:3232 206.233.132.232:8848 206.233.240.31:4449 213.195.115.250:5001 3.64.4.198:15224 3.64.4.198:4824 31.214.243.202:8848 38.55.197.206:4449 42.51.39.90:4449 43.248.186.20:8848 43.251.16.74:5342 44.193.61.216:4449 45.125.46.201:57469 45.138.16.216:8888 45.141.215.230:4449 45.145.224.40:4449 45.145.229.151:8803 45.145.229.151:9603 45.152.66.153:8807 45.152.66.165:8808 45.152.66.165:9608 45.84.199.34:7000 62.234.175.104:9000 68.10.7.227:5620 81.11.198.38:4449 82.165.213.242:7771 82.64.54.249:3232 91.92.241.17:4449 91.92.248.33:7707 91.92.248.33:8808 94.130.130.51:206 1.err.line.pm a0880508.xsph.ru agent-thumbnail.gl.at.ply.gg aniuus.linkpc.net basgoingbrewca.serveirc.com bold-bush-09147.pktriot.net browse-classic.gl.at.ply.gg cn-bj1-kvlqs4ee.frp.cool country-wellness.gl.at.ply.gg dlitryuzoneu.sytes.net doradp.gleeze.com ecuadorasyn.duckdns.org enviofinal.kozow.com fat7ola07.ddns.net fhfgjghkgh.ddns.net flitryuzoneu.zapto.org getting-roommate.gl.at.ply.gg gnbeatscagig.sytes.net gtitryuzoneorji.zapto.org hdr.theworkpc.com hexrxr.duckdns.org iced.ddns.net loribard.ddnsfree.com luci2023.kozow.com mxrecordsipcordsss.ddns.net national-pension.gl.at.ply.gg nationalteams11.publicvm.com noescorrecto2023.kozow.com pasgoingcrewmoviand.3utilities.com pibirat.ddns.net pythondsh4.loseyourip.com reply.gl.at.ply.gg test56654.myddns.me tndeatcamside.sytes.net w3llstore.mywire.org win009.theworkpc.com windowsddns.duckdns.org wins23octok.duckdns.org xcrew1990.kozow.com xdatarfree.ddns.net zhangfeng123.eu.org # Reference: https://twitter.com/noexceptcpp/status/1738148336056647907 # Reference: https://www.virustotal.com/gui/ip-address/185.81.157.148/relations 185.81.157.148:777 ae-dhwaybill.com ae-express-delivery.com amaznemiratesapp.com chronopost-aidecolis.com express-ca-waybill.com express-ie-package.com express-ie-waybill.com express-ireland-waybill.com ie-dhwaybill.com instruc-for-iraq-pack-collection.com instruc-for-pack-collection.com iraqi-package-and-instruc-for-collect.com liefer-routing.de netflix-infopayment.com notifications-chronopost.fr payment-restriction.com sfr-espaceclientmessagerie.fr sfr-messageriemail.fr suivi-acheminements.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-24) 140.82.26.84:5959 185.81.157.119:2222 185.81.157.123:6606 185.81.157.123:7707 185.81.157.123:8808 185.81.157.183:2222 190.28.128.226:2000 190.28.155.51:2000 193.34.212.17:7777 206.123.132.227:2000 207.180.238.243:8888 213.195.115.250:4002 213.195.115.250:4003 213.195.115.250:5003 213.195.115.250:6606 213.195.115.250:7707 213.195.115.250:8808 38.242.236.116:8888 46.246.86.8:8889 5.51.198.41:1155 88.229.3.212:20000 88.229.3.212:888 91.109.182.6:7707 91.109.186.4:7707 91.92.241.23:8000 94.130.130.51:202 95.10.154.172:4444 like-sports.linkpc.net # Reference: https://embee-research.ghost.io/threat-intel-queries-with-fofabot/ 1.14.206.144:6606 103.252.136.171:6606 103.252.136.171:7707 103.252.136.171:8808 109.107.189.163:6606 109.230.238.165:6666 130.51.42.190:6606 135.125.27.218:6606 136.175.8.57:6606 136.175.8.57:7707 136.175.8.57:8808 136.243.151.21:7788 144.217.36.75:6606 144.217.36.75:7707 144.217.36.75:8808 147.189.169.67:5555 149.28.103.159:1234 151.80.238.21:6606 151.80.238.21:7707 151.80.238.21:8808 154.16.67.94:6606 154.16.67.94:6666 154.16.67.94:7707 154.16.67.94:8808 154.3.2.209:6606 154.3.2.209:7707 154.3.2.209:8808 16.170.146.242:6606 172.111.139.148:7707 172.86.98.98:6606 172.96.172.69:6606 172.96.172.69:7707 173.212.250.19:1990 173.212.250.19:1991 173.249.13.74:6606 173.249.13.74:7707 173.249.13.74:8808 178.33.203.39:6606 181.214.240.179:7777 185.16.38.38:6606 185.16.38.38:7707 185.16.38.38:8808 185.172.128.52:5555 185.25.51.99:8808 185.62.85.197:777 185.62.86.134:1411 185.81.157.103:3333 185.81.157.172:6666 185.81.157.172:7777 187.24.66.110:9443 188.2.200.58:6606 190.213.184.38:8808 193.26.115.142:7707 193.26.115.142:8808 193.26.115.142:9909 193.26.115.69:8808 194.26.192.57:6606 194.26.192.57:7707 194.33.191.242:7707 196.206.8.44:55555 198.12.125.30:5505 198.12.125.30:8091 198.12.125.30:8801 198.12.125.30:9990 20.168.112.95:7777 207.244.254.163:3331 207.32.218.155:6606 207.32.218.155:7707 207.32.218.155:8808 209.145.56.0:3331 212.13.186.180:10001 212.98.224.226:7707 212.98.224.226:8080 213.195.115.250:5002 216.250.253.166:6606 23.94.99.6:8808 31.215.109.21:8808 31.220.103.103:7707 31.220.103.103:8808 34.29.228.84:1998 34.71.108.66:4444 37.1.208.229:5555 37.1.208.229:7777 38.242.236.116:880 45.138.16.125:777 45.138.16.213:7777 45.154.12.105:7707 45.154.12.105:8808 45.154.98.34:6606 45.154.98.34:7707 45.154.98.34:8808 45.77.92.194:2021 45.88.186.145:8808 46.196.24.72:8808 47.95.197.160:8808 47.95.197.160:9898 5.161.182.109:6606 5.249.163.45:6666 51.195.94.209:6606 51.195.94.209:7707 51.195.94.209:8808 54.38.151.131:6606 54.38.151.131:7707 54.38.151.131:8808 78.161.78.78:3000 78.178.154.228:20000 78.84.235.110:6606 8.141.93.70:6606 8.141.93.70:7707 8.141.93.70:8808 85.239.237.141:6606 85.239.237.141:7707 85.239.237.141:8808 87.121.87.41:7707 87.121.87.42:7707 88.229.10.198:3005 88.229.3.212:3000 91.92.250.202:6606 91.92.251.62:6606 91.92.251.62:7707 91.92.251.62:8808 91.92.252.126:6606 91.92.252.126:7707 91.92.252.126:8808 91.92.254.36:8808 92.118.235.49:1604 94.130.130.51:9909 95.15.65.177:3000 95.214.177.110:8080 amazon-prime-support.com auth.optimization-marketing.com authsmtp.optimization-marketing.com box.optimization-marketing.com cpanel.ruankpp.top dev.optimization-marketing.com exchange.optimization-marketing.com gamcis.com greedylandshinjirulorder2.sexidude.com gw.optimization-marketing.com hermes.optimization-marketing.com imap.optimization-marketing.com juankorkie.net m.ruankpp.top mail.missiondentalcentre.com mail.optimization-marketing.com mail.palmexpilipinas.com mail.parachutisme-beziers.com mail.randyzadra.com mail.roelofkiers.com mail01.optimization-marketing.com mail10.optimization-marketing.com mail2.optimization-marketing.com mail4.optimization-marketing.com mail7.optimization-marketing.com mailbox.optimization-marketing.com mailer.optimization-marketing.com mailgate.optimization-marketing.com mailin.optimization-marketing.com mails.optimization-marketing.com missiondentalcentre.com ms.optimization-marketing.com mx02.optimization-marketing.com mx1.optimization-marketing.com mx10.optimization-marketing.com mx20.optimization-marketing.com mx3.optimization-marketing.com mx4.optimization-marketing.com mxs.optimization-marketing.com newmail.optimization-marketing.com ns.optimization-marketing.com ns1.optimization-marketing.com outmail.optimization-marketing.com palmexpilipinas.com parachutisme-beziers.com pbrand.optimization-marketing.com po.optimization-marketing.com pop.optimization-marketing.com post.optimization-marketing.com postmaster.optimization-marketing.com pourtousagir.com randyzadra.com relay.optimization-marketing.com remote.optimization-marketing.com roelofkiers.com root.optimization-marketing.com ruankpp.top server1.optimization-marketing.com smtp.ruankpp.top smtp1.optimization-marketing.com smtp2.optimization-marketing.com smtps.optimization-marketing.com smtpseguro.optimization-marketing.com spam.optimization-marketing.com taikang.com.optimization-marketing.com update.smartpromogroup.com webdisk.ruankpp.top webmail.optimization-marketing.com zimbra.optimization-marketing.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-01-01) http://212.13.186.180 1.14.206.144:7707 103.82.134.190:7707 104.161.27.4:8888 135.125.27.218:6000 135.125.27.218:7000 135.125.27.218:8000 135.125.27.218:8088 136.243.151.21:78 14.234.25.153:8080 144.126.128.158:7777 144.126.128.158:8888 15.235.3.1:2001 154.223.17.134:5959 155.133.27.6:2000 158.220.96.15:3320 163.5.215.211:4449 172.111.248.167:8088 172.94.122.166:8088 172.94.122.166:9999 172.96.172.69:1002 181.214.240.107:8808 185.16.38.41:2034 185.16.38.41:6666 185.172.128.52:7777 185.172.128.52:8888 185.172.128.52:9999 185.250.148.237:2424 185.81.157.154:2302 185.81.157.160:777 185.81.157.172:4444 185.81.157.172:8888 185.81.157.213:888 186.112.202.162:2404 186.112.202.162:8888 187.24.64.252:9999 190.28.142.129:2000 206.123.132.167:2000 206.123.132.170:2000 206.123.132.236:2000 209.145.56.0:4123 212.102.59.84:7777 212.102.59.84:8888 212.13.186.180:15618 212.13.186.180:17970 212.13.186.180:2082 212.13.186.180:33389 212.13.186.180:3497 212.13.186.180:37578 212.13.186.180:40000 212.13.186.180:54603 212.13.186.180:55524 212.13.186.180:5649 212.13.186.180:8000 213.195.112.94:5001 213.195.119.8:4001 213.195.119.8:4002 213.195.119.8:4003 213.195.119.8:5001 213.195.119.8:5003 213.195.119.8:6606 213.195.119.8:7707 213.195.119.8:8808 213.195.120.238:5001 23.225.40.139:8808 27.64.172.13:257 31.220.103.103:6606 37.1.214.209:2222 37.1.214.209:4444 37.1.214.209:8088 37.1.214.209:8888 37.1.214.209:9999 37.221.93.62:8080 38.180.91.62:8088 45.126.209.4:7707 45.88.186.145:7707 46.1.103.124:9876 47.95.197.160:6606 47.95.197.160:7707 51.20.249.187:8080 74.222.22.109:8888 78.178.154.228:3001 78.178.154.228:3003 78.178.154.228:3004 78.178.154.228:888 82.65.19.134:4443 87.121.87.195:6699 87.121.87.36:1335 87.121.87.92:6699 88.201.16.151:443 88.214.56.145:4444 88.214.56.145:8088 88.214.56.145:8888 88.214.56.145:9999 88.229.34.236:20000 88.229.34.236:3001 88.229.34.236:3004 88.235.35.170:20000 91.109.178.8:7707 91.109.186.9:7707 91.109.190.6:7707 91.92.243.45:6606 91.92.246.124:7707 91.92.250.243:4887 91.92.254.36:4747 92.46.172.137:10258 92.46.172.137:28363 92.46.172.137:29256 92.46.172.137:36274 92.46.172.137:427 92.46.172.137:46949 92.46.172.137:636 94.156.64.168:222 # Reference: https://twitter.com/banthisguy9349/status/1742109603133857897 http://94.156.69.26 # Reference: https://www.virustotal.com/gui/file/5d58c5fa7aa0f5a8c4d2448b0f5fbb8ffb835228bcb3e4b6fa53f5593a2166bb/detection 23.95.13.189:6606 23.95.13.189:7707 23.95.13.189:8808 # Reference: https://www.virustotal.com/gui/file/968a2f466fbd0e777f6e33eddb60bc3f953b4da4235758d60370dac5a99b6157/detection 46.199.193.93:3551 myhostfrfr0.ddns.net # Reference: https://www.virustotal.com/gui/file/1742b48fad9814441ee7726009a0e375757134dcc872f88ed584b6a2099c7473/detection 46.246.6.15:1234 46.246.6.15:8889 asegurarasyncrat.4cloud.click # Reference: https://www.virustotal.com/gui/file/2bf22438c6aeb5c825c35d92e3d31fd62b9fc2a997ed3618e1b71030e5e00b4f/detection 111.180.188.53:6606 111.180.188.53:7707 111.180.188.53:8808 # Reference: https://twitter.com/K_N1kolenko/status/1744626527210266949 116.204.169.212:26879 45.88.186.145:6606 # Reference: https://www.malware-traffic-analysis.net/2024/01/09/index.html 45.126.209.4:222 45.126.209.4:6606 45.126.209.4:8808 madmrx.duckdns.org # Reference: https://www.virustotal.com/gui/file/6e658c94d36a1177444666ade64855bbefc1a6ae0afe1616a76dadc41b8daa9d/detection peribzw.top /ritgzoe/us1/gde.php /ritgzoe/us2/gde.php /ritgzoe/us3/gde.php /ritgzoe/us4/gde.php /ritgzoe/us5/gde.php /ritgzoe/us6/gde.php /ritgzoe/us7/gde.php /ritgzoe/us8/gde.php /ritgzoe/us9/gde.php /ritgzoe/ # Reference: https://www.virustotal.com/gui/file/097aeda9f5d3d3c979d37b0b6bd8249254ff5b9636a2b0947c47702628086b6b/detection # Reference: https://www.virustotal.com/gui/file/9b8b9e6ce4e03da593d4c5591b4bd2c2b6b72ca5087eb142aa7c42de6a631abd/detection # Reference: https://www.virustotal.com/gui/file/836e7ddc748d65441117ca62254783a04cb1939e906c20329993ee694bcadf29/detection 140.82.27.51:14235 149.248.20.213:53245 34.174.61.199:6567 34.29.71.138:6567 45.32.94.58:6567 asdvua78v8ed4t6fhvha.cn asfyvisoeogtca3.fun erouhisugvizi4.cn saofidubixo4r.top sdhvvy7vbysuxnvjdr6gtd64.com # Reference: https://www.virustotal.com/gui/ip-address/164.90.149.198/relations akamai-cdn.top # Reference: https://www.virustotal.com/gui/ip-address/181.131.217.242/relations # Reference: https://www.virustotal.com/gui/file/02f7ef431654292b6b80cccbe9ecc391cafa706918ee2b3510a5c8dfd8378a15/detection 181.131.217.242:1984 bancolombia-token.duckdns.org hernanenvio.duckdns.org jairoee.ddns.net soslilolilo.duckdns.org soste2023.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-01-10) http://149.102.235.34 http://93.153.68.186 1.14.206.144:8808 103.195.103.138:5555 103.67.162.240:2256 104.131.167.132:4747 104.243.37.176:5555 104.243.37.176:6666 107.150.23.137:8020 109.234.34.210:4449 136.243.151.123:222 136.243.179.5:82 139.180.171.110:1604 139.180.171.110:22636 139.84.229.159:2017 141.255.156.121:4443 141.255.156.150:4443 142.67.130.172:31415 146.70.161.85:4217 147.124.212.75:2010 149.102.235.34:61125 158.220.83.114:9909 158.247.235.51:443 163.5.64.75:7391 172.234.95.198:8443 176.40.9.245:40249 176.40.9.245:42358 176.40.9.245:50126 176.40.9.245:62822 179.13.3.199:8020 181.131.219.252:4203 181.235.94.107:2404 181.235.94.107:8888 185.81.157.119:4444 185.81.157.129:7707 185.81.157.148:9999 185.81.157.150:777 185.81.157.152:6606 185.81.157.152:7707 185.81.157.152:8808 185.81.157.183:8181 185.81.157.1:6606 185.81.157.1:7707 185.81.157.1:8808 186.112.204.173:2404 186.112.205.208:8888 186.168.66.85:2404 186.168.66.85:8888 186.168.66.85:9999 187.24.11.12:9999 187.24.12.179:9999 187.24.65.44:9999 190.28.139.66:2000 190.28.171.243:2000 193.142.59.177:443 193.26.115.51:6606 193.26.115.51:7707 193.26.115.51:8808 194.213.3.123:6606 194.213.3.123:7707 194.213.3.123:8808 194.33.191.248:4449 203.20.113.158:6606 203.20.113.158:7707 203.20.113.158:8808 206.123.132.169:2000 207.32.217.14:8888 207.32.219.78:8888 212.118.52.86:4449 213.195.118.64:4002 213.195.118.64:4003 213.195.118.64:5001 213.195.118.64:5003 213.195.120.238:4002 213.195.120.238:4003 213.195.120.238:5003 45.74.34.32:1994 45.80.158.60:2003 45.80.158.60:2004 46.246.80.19:8889 46.4.37.212:81 72.11.158.94:8808 74.222.22.137:8888 80.79.7.197:8888 82.115.223.244:4449 83.213.157.103:4444 88.229.34.236:888 89.148.48.240:443 91.109.178.4:8808 91.109.182.12:9999 91.109.184.6:7707 91.109.184.6:8808 91.109.188.6:8808 91.109.188.9:7707 91.109.188.9:8808 91.92.240.159:8088 91.92.241.54:4782 91.92.248.67:6606 91.92.248.67:7707 91.92.248.67:8808 91.92.251.144:4449 91.92.255.187:4449 93.123.39.68:4449 93.153.68.186:61125 94.156.64.207:1337 94.156.66.169:4449 94.156.67.158:3392 94.156.68.120:7707 94.46.246.95:2404 elofizetesitearea.com 185azyn6606dec24rd13.ddns.net moonvenom4449.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1745382312483696766 # Reference: https://www.virustotal.com/gui/file/bd23b38717e8fec3a17dc23020ffc985172f7683d2d46d0080eff8a80825845c/detection # Reference: https://www.virustotal.com/gui/file/5d6cc4d7e7ce998cf1d7bc8b78f787f9b034ab3dbdf8c91a33ad0233ddef2ac4/detection # Reference: https://www.virustotal.com/gui/file/585f9d699807c982dac2f8384a20d510736aa771653de965fe7bb2c40b4a3fa8/detection # Reference: https://www.virustotal.com/gui/file/27ec0c704261af619ce67a04c2f71b34e5c74110970b555208afb4aa65b4a723/detection # Reference: https://www.virustotal.com/gui/file/26d19bf8f5b21152256f078fdd31a2749d85fb05a2bc34ff1de557b54a4dfca4/detection 194.33.191.248:7287 # Reference: https://www.virustotal.com/gui/file/a531f0dd0dafe349094b69c4c136961f07787b9b78b4778a8bbcc94ee1de94be/detection 91.92.250.149:3333 91.92.253.187:5531 # Reference: https://www.virustotal.com/gui/file/70bbe17e106d5112380cc14f8b2cf155910ea79544b1fe3c849e2d87b422e783/detection 91.92.253.186:5531 # Reference: https://www.virustotal.com/gui/file/d4076291918200b06355a617109b38fd7ee923db078fb1c46cc4ddf7f517de80/detection # Reference: https://www.virustotal.com/gui/file/8a77e94a47c7a06b194248676e3837dae7f5305cdd81fddb0affc6a2cff69ed9/detection 103.214.23.99:1599 # Reference: https://www.virustotal.com/gui/file/e4ebcfe60d19d3e2fdd578070af1ddcf25af1834335fa357761a165cb3bcf8a6/detection 91.92.250.222:8100 # Reference: https://www.virustotal.com/gui/file/4ea73062b3a81d30d88472993cc5f4dc9a3efbcb0c5ef27419b513bea41a1361/detection 94.156.65.114:4449 # Reference: https://twitter.com/K_N1kolenko/status/1747861984261898444 193.26.115.55:333 # Reference: https://www.virustotal.com/gui/file/fc6574ad10963a5edfaa488cfb4ba221eac437c85026b8efe77dbfa55cd01bd1/detection 46.246.84.13:9000 cocomelondc.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/185.81.157.150/relations # Reference: https://www.virustotal.com/gui/file/002e8d95c4d009cda92b5708f324a5107c42b7739c5a37b3960b245006170a6d/detection 185.81.157.150:2033 185.81.157.150:2034 185.81.157.150:2035 # Reference: https://www.virustotal.com/gui/file/090023db3b15f48bdb182b8d7c04ce0e2a55ad75d37816799117bd07d6a65fd4/detection 141.255.144.122:5554 disgold.ddns.net # Reference: https://twitter.com/1ZRR4H/status/1751310603916882357 # Reference: https://www.virustotal.com/gui/ip-address/91.92.251.163/relations # Reference: https://www.virustotal.com/gui/file/d576202174867dbed41a0dde9841b8deb1c4c3cb54bc3f3cb1311d97e0f1fd58/detection # Reference: https://www.virustotal.com/gui/file/2986cab6e805bdeeedf6b815ee439417e2c861c33ef67c77b4c1ad57ad9d6169/detection # Reference: https://www.virustotal.com/gui/file/ac702ccbd80c7f46d05ed6ecbbac34a930c0c1befe4dfc9e74bdcd7c7b4c09a4/detection # Reference: https://www.virustotal.com/gui/file/861c39ed6c9c822297b546d05fc0c5ea6011a29fc8ed9afd8c2a34b07aa043b9/detection # Reference: https://www.virustotal.com/gui/file/504be1f8bf80df47b6cbe74f1837864da5ec119e4ea91eae268e3652a626a4a9/detection 178.33.57.153:4449 # Reference: https://twitter.com/1ZRR4H/status/1751656174515098023 # Reference: https://twitter.com/r3dbU7z/status/1753692024216113625 # Reference: https://www.virustotal.com/gui/file/b69ec13ecdd61c9959d3a0a99efa0b23579c37bfbd5747e9647e1fd8439be3b6/detection # Reference: https://www.virustotal.com/gui/file/9ba372b8822cbf5a131c426cc16a1e7d1ded7ade81b1b2887ac70ad8c001beb8/detection http://91.92.254.14 http://91.92.255.205 91.92.254.14:4412 91.92.254.14:443 91.92.254.14:445 91.92.255.205:58001 91.92.255.205:58002 91.92.255.205:58003 # Reference: https://twitter.com/r3dbU7z/status/1752379313863709174 # Reference: https://www.virustotal.com/gui/file/96a45d777aeadce4f44c6208e7a8b335d1d75372af628174c256bb0dffde335e/detection # Reference: https://www.virustotal.com/gui/file/947fe877e46776464c29e85fae444e6c0ff1465f7b32543230eccf5e766e5b23/detection # Reference: https://www.virustotal.com/gui/file/65d6301d607eb8b0a5b95d13a57c779e4508aa28b07f74322e4d6cc5148e1cbf/detection 41.216.188.138:555 41.216.188.138:6606 41.216.188.138:7707 41.216.188.138:8808 cartel.theworkpc.com # Reference: https://www.virustotal.com/gui/file/eb5fb8d9eecb22126ad410533c44136dd28928e5ba1dbbba72dad0058dbbb20b/detection # Reference: https://www.virustotal.com/gui/file/1ba09bcd10729085d28a1c0377f351ad1f4c0029a4d173676b3aa7cc91a709cf/detection 95.217.208.125:3232 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-02-04) 151.67.33.99:8080 172.94.32.33:6606 172.94.32.33:7707 172.94.32.33:8808 172.94.32.33:8881 175.24.197.196:53576 178.73.192.6:2000 18.134.234.207:443 18.192.31.165:13832 185.81.157.135:8181 186.112.194.124:2404 186.112.194.124:8888 186.112.205.208:2404 20.106.168.188:8808 209.145.56.0:1995 216.250.254.227:7707 34.29.228.84:2000 45.141.215.222:8808 45.145.55.81:6606 46.246.84.15:2000 80.79.7.197:6606 80.79.7.197:7707 80.79.7.197:8808 87.98.177.182:1337 89.148.24.117:443 91.92.240.147:7000 91.92.240.147:8000 91.92.240.147:8088 94.156.67.155:8088 94.156.69.136:1337 # Reference: https://www.virustotal.com/gui/file/5d819ed56f094d863f70ab2654243b00f263646b48d0e680f9b76bac113ce76f/detection 103.48.85.6:9999 # Reference: https://www.virustotal.com/gui/file/a07b12177cd55059f812ca04ed2f6da5ab7a66a603a6995a6d480a7bf824fb68/detection 172.171.254.153:4748 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-02-11) 104.156.247.38:8000 107.161.81.150:6606 107.161.81.150:7707 107.161.81.150:8808 138.201.176.60:7707 154.16.67.94:8088 154.212.145.72:8008 154.212.146.81:8008 161.97.151.222:2011 172.96.172.203:6606 172.96.172.203:7707 172.96.172.203:8808 172.96.172.69:8808 181.235.80.187:2404 181.235.80.187:8888 185.81.157.104:6606 185.81.157.104:7707 185.81.157.104:8808 185.81.157.106:777 185.81.157.14:8181 185.81.157.179:6606 185.81.157.179:7707 185.81.157.179:8808 185.81.157.183:9696 187.24.66.48:9999 190.28.167.19:2000 194.26.229.212:8080 20.106.168.188:6606 20.106.168.188:7707 20.81.43.192:8080 206.123.132.163:2000 206.123.132.240:2000 216.250.254.227:6606 216.250.254.227:8808 27.79.88.176:8007 40.66.42.165:8808 45.141.215.222:6606 45.141.215.222:7707 45.145.55.81:7707 45.145.55.81:8808 45.154.98.190:6606 45.154.98.190:7707 45.154.98.190:8808 45.88.186.16:7707 46.246.82.3:2000 46.246.82.4:2000 68.67.203.245:80 78.161.49.74:20000 78.161.49.74:3003 78.161.49.74:888 91.92.255.64:6000 91.92.255.64:8000 91.92.255.64:8088 93.242.137.1:51124 94.156.68.217:3162 94.156.69.196:6000 94.156.69.196:8000 # Reference: https://www.virustotal.com/gui/ip-address/5.39.43.50/relations asyncrr.ddns.net moriatri.serveminecraft.net nechaev.hopto.org newfuture.hopto.org russianmurders.myvnc.com # Reference: https://www.virustotal.com/gui/file/fb76f99beccd51813b860fccb5ef75881a921be0fbfd354e83619ac02f332f0f/detection 192.177.98.104:1337 # Reference: https://www.virustotal.com/gui/file/f93a1d7d6fe9d5b8210963f708214c797855d976baf3a39d7b4475b170a910b7/detection 5.181.159.31:2106 contodapug.con-ip.com # Reference: https://twitter.com/ScumBots/status/1758508495589028007 # Reference: https://www.virustotal.com/gui/file/df37b362150d37374f604ed290c613701e5167d84abae499b82bc74f970d966b/detection 186.169.36.241:7082 186.169.60.26:7082 186.169.80.244:7082 # Reference: https://twitter.com/naumovax/status/1759572523539214715 # Reference: https://tria.ge/240219-kw6kqabf3w/behavioral1 # Reference: https://www.virustotal.com/gui/file/bc6005c0a53f37d259323fd3aeb2682b914050f20409fcfd21da5b31474a908b/detection # Reference: https://www.virustotal.com/gui/file/6564e424cf162beab08aef52693eb9f16d0716332ead8b7a956c18bbfa0fe898/detection 171.233.98.70:1337 171.233.98.70:18274 # Reference: https://www.virustotal.com/gui/file/6462c1ebef5a874a824bd055723d2784dc62e81849a8715a4d118db95106c431/detection 46.246.80.20:2023 # Reference: https://www.virustotal.com/gui/file/1874360499cbed040d9e1f182bb150c9ef6c20740419b0e36de80860cfe46f27/detection 46.246.82.18:2023 # Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-02-21-IOCs-from-SocGholish-AsyncRAT-infection.txt # Reference: https://www.virustotal.com/gui/ip-address/167.71.107.109/relations # Reference: https://www.virustotal.com/gui/ip-address/49.13.65.235/relations # Reference: https://www.virustotal.com/gui/ip-address/5.161.113.150/relations 0f2onmxtqv5ih2h.fun 0f2onmxtqv5ih2h.top bjlkchhaaigceke.top bo2fob5q7ieimav.top c9gvk11qg9v2zba.top dggnbheeebmnngl.top euuahsxqozcnddo.top eykle9pb40gl1hz.top fdbcngcjiifkjcf.top fjy1a0lbdrx5eid.top h4cg7rhbmieqskr.top hmndbhadcibafhn.top jjifagmhgbilbdh.top ldfgchkbbbdbmjc.top naajagigfikmhfj.top pbvzje4.top uzrn46l8bv5abtl.top vk530xh8kmmuouz.top vnveyd8sznqtcy9.top w89tu45t8e7dqzo.top x5jixoe8td3f2wd.top ytn9rv1th4ox312.top # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-02-24) http://5.252.74.133 http://77.105.132.94 104.210.36.227:8808 104.243.46.129:6666 109.199.104.52:8888 113.174.1.186:8080 136.243.111.71:5900 136.243.179.5:8888 138.201.176.60:6606 138.201.176.60:8808 147.124.213.188:4444 147.124.213.188:6006 147.124.213.188:8008 147.135.97.94:6606 147.135.97.94:7707 147.135.97.94:8808 147.189.172.103:6969 147.189.172.2:6666 154.212.146.81:7707 154.212.146.81:8808 172.111.148.12:222 172.111.148.20:222 172.94.111.213:8888 178.33.203.39:7707 178.33.203.39:8808 178.73.218.5:2000 181.131.216.198:6606 181.71.216.30:4040 185.222.58.40:1978 185.81.157.103:8888 185.81.157.106:443 185.81.157.21:7707 185.81.157.21:8808 185.87.150.199:2222 186.112.206.181:2404 186.112.206.181:8888 186.112.207.226:2404 186.112.207.226:8888 186.170.114.55:2404 186.170.114.55:8888 186.170.96.237:2404 186.170.96.237:8888 186.170.98.239:2404 186.170.98.239:8888 192.250.225.3:6000 192.250.225.3:7000 192.250.225.3:8000 192.250.225.3:8088 193.26.115.221:6606 193.26.115.221:7707 193.26.115.221:8808 193.26.115.42:6606 193.26.115.42:7707 194.67.204.7:88 196.112.147.229:5566 204.12.229.169:5600 206.123.135.63:2020 207.231.111.88:6606 207.231.111.88:7707 207.32.217.170:2004 212.193.11.40:7707 213.195.118.64:4001 213.195.119.244:4002 213.195.119.244:4003 213.195.119.244:5001 213.195.119.244:5003 34.176.21.185:8808 34.86.252.187:8808 37.1.214.209:1111 38.242.236.116:7707 38.242.236.116:8808 45.128.96.16:4449 45.134.83.162:8808 45.134.83.165:8808 45.138.16.248:9090 45.40.96.97:9441 45.80.158.25:5055 45.88.186.16:8808 45.88.186.65:6606 45.88.186.65:8808 46.246.4.7:2000 46.246.6.5:2000 46.246.82.18:2000 46.4.37.212:100 5.252.74.133:8080 51.89.199.122:6606 77.105.132.94:4449 77.105.132.94:465 77.105.132.94:8080 82.165.208.218:8888 85.215.197.98:8888 85.239.237.148:2006 88.214.59.174:9090 89.117.21.203:6606 89.117.21.203:7707 89.117.21.203:8808 91.92.242.133:2025 91.92.242.57:8008 91.92.243.63:5000 91.92.251.202:2024 # Reference: https://www.virustotal.com/gui/file/c29da2306b6d491c1907b6fa1150104854bc32530fd70f50cd7da4d37c1fcc26/detection 172.111.139.95:7771 # Reference: https://www.virustotal.com/gui/file/d96a05ace2861cae6b3143918c3e42004ee3d5740dabefb710028b6609e89114/detection 144.172.73.36:22 144.172.73.36:6606 144.172.73.36:7707 144.172.73.36:8808 193.176.29.231:1900 193.176.29.231:443 # Reference: https://www.virustotal.com/gui/ip-address/37.120.141.139/relations # Reference: https://www.virustotal.com/gui/file/e8fe2be82f8af0c2ba3570fdcf18bdd5d22f030dedec85b924ee89ede119a6d9/detection 37.120.141.139:25044 fornet-wire.duckdns.org pandora-ams.duckdns.org # Reference: https://urlhaus.abuse.ch/url/2773510/ 91.92.247.100:666 kareemovic22.webredirect.org # Reference: https://twitter.com/banthisguy9349/status/1765362836065141045 # Reference: https://www.virustotal.com/gui/file/c753aa350f21c0b97c8b84aacc92d07997b3f8c300ebacd20b458a02cfdb3401/detection 147.124.213.188:6606 147.124.213.188:7707 147.124.213.188:8808 45.154.98.24:222 strongandliving.ddnsfree.com # Reference: https://twitter.com/DonPasci/status/1765692054674251999 kolove.accesscam.org # Reference: https://twitter.com/Dkavalanche/status/1766180682584232361 # Reference: https://app.any.run/tasks/e24ad05b-7afe-4f0a-b2fa-d27833d7c452/ # Reference: https://www.virustotal.com/gui/file/4cf8aecd3c9028fa90f3d9090c77825e74d764f883eb3d240abf50e59ac28697/detection # Reference: https://www.virustotal.com/gui/file/13e222f0ed3ce85b8dde6dc7d39fa21acc66fbfadfadbef16d75086d318513fe/detection 46.246.4.22:1234 46.246.4.22:8889 91.92.244.103:2202 heztak.pro bg1.heztak.pro # Reference: https://www.virustotal.com/gui/file/06074b04985faa20b53a36bf8fa355041929c9bca9cd7a5707dbcd8b744d1eed/detection pepecasas123.mywire.org pepecasas123.net # Reference: https://www.virustotal.com/gui/file/ee08667ddd29bc7ae5129a14f8feefeda818bf8e165082225e3470b9999671e2/detection 186.169.80.244:7080 companinuevoano1.con-ip.com # Reference: https://twitter.com/1ZRR4H/status/1766223253360574957 # Reference: https://twitter.com/doc_guard/status/1769670285031100672 # Reference: https://www.malware-traffic-analysis.net/2024/03/14/index.html 101.99.94.234:8789 91.134.150.150:3232 91.92.252.234:3232 sunshine-bizrate-inc-software.trycloudflare.com # Reference: https://twitter.com/1ZRR4H/status/1766945121650569598 # Reference: https://www.virustotal.com/gui/ip-address/12.202.180.134/relations # Reference: https://www.virustotal.com/gui/file/43feb4c81e9e5be7b22c542dd0d54725075a67dbf592bb65b3b625c04256af55/detection 12.202.180.134:8890 194.48.251.9:8890 87.121.105.4:8890 febvenom8.duckdns.org jossmaybs.duckdns.org jsspreadew.duckdns.org markvenm2.duckdns.org mkys.duckdns.org momenttoday550.duckdns.org myday.duckdns.org nevinxwrm.duckdns.org vendjksld.duckdns.org vernotom6.duckdns.org vrnmmondays.duckdns.org dial-posters-corporations-des.trycloudflare.com # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-12%20ScreenConnect_AsyncRAT%20IOCS # Reference: https://www.virustotal.com/gui/file/a4307eefdf28abe7c3148164e0b539ac01c50b9037099afb972708ad13285d73/detection # Reference: https://www.virustotal.com/gui/file/b2435f2ad323243d174aea7cb04511ccc1d794a98c2b3b60a25c5841423c90b3/detection # Reference: https://www.virustotal.com/gui/file/6d385d3e4cc971a1d9528181514b1b087baf6d0dec5915cbae3fb7bd058d8a1e/detection http://45.74.19.84 15.204.170.41:555 15.204.170.41:6606 15.204.170.41:7707 15.204.170.41:8808 ahyoussef.webredirect.org akok.winconnection.net macafee.theworkpc.com # Reference: https://www.virustotal.com/gui/file/29f3c5f06270cc2b6edd54a49d485edf762a82054ea84f643c57a86e176d3799/detection 194.147.140.138:2200 reverseproxy.con-ip.com # Reference: https://www.virustotal.com/gui/file/493bf4b452ca75101bcadb25cfe9f2525f67c39e5f1a0c897416aeb8278eb7ec/detection 194.147.140.199:6606 194.147.140.199:7707 194.147.140.199:8808 roolingstone.sytes.net # Reference: https://www.virustotal.com/gui/file/a790b9a416ef7767ef09e45ad0971eec91f712d362b23f5b13070638f95e3ac9/detection # Reference: https://www.virustotal.com/gui/file/2ce1a4c789df5d7915e45c979acd87efd3294f9c86b04b1dcb68fdd4a5cae2a7/detection 49.13.200.170:7878 # Reference: https://any.run/malware-trends/asyncrat ansy.duckdns.org aobertoferndomip.con-ip.com asystore.duckdns.org fat7e007707.ddns.net johnjo.ddnsgeek.com johnsonville.ddnsgeek.com kdfsv.duckdns.org miguel2024.kozow.com proceso122024.duckdns.org torrentsports.co wangli.cyou # Reference: https://twitter.com/alex_lanstein/status/1769711805507486034 # Reference: https://www.virustotal.com/gui/file/b77024add128e3b0fd17dd694b06b41a9ff49f6a09488b69df6c981dc4bed62d/detection # Reference: https://www.virustotal.com/gui/file/b53d6081f93c3405d8bbd8b1ecc24ee73d3c5b7719c0d0bc6c6ddb8ca8c8cdfa/detection # Reference: https://www.virustotal.com/gui/file/cad704f67c07750fe76eaec079ebc850fa02a54fd5c978e5a8c8a82e147cba0a/detection 0ho.la # Reference: https://www.virustotal.com/gui/file/bc1dccf2aeeeda040449933ff595cbb7e243ef1be7709012e55134b673c53000/detection # Reference: https://www.virustotal.com/gui/file/5ea2e0e5450f0ac01aa2288a4f1a60e16965a47b32814dea6d5b308db4171b01/detection 85.102.113.105:9899 85.97.153.196:9899 88.226.148.207:9899 hlevcik.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-03-20) http://193.124.205.80 http://91.92.254.250 128.90.113.242:9999 128.90.113.56:9999 128.90.122.163:9999 128.90.128.157:9999 128.90.61.78:9999 135.125.21.74:4242 142.11.201.125:8712 142.113.120.107:8080 147.124.217.110:6666 147.124.217.110:8888 147.124.217.110:9999 15.228.170.102:5000 151.81.14.228:8080 154.16.67.94:4242 154.16.67.94:4444 154.27.70.229:4449 154.30.255.175:8887 172.111.148.11:222 172.111.148.61:222 178.73.192.17:2000 181.131.218.39:4041 184.147.209.221:8080 185.117.250.169:3393 185.174.101.80:6606 185.174.101.80:7707 186.170.114.55:1111 187.24.4.94:9999 188.126.90.14:2000 191.88.250.63:4203 191.88.250.63:4208 191.88.250.63:4210 192.159.99.54:8888 193.124.205.80:4608 193.32.162.198:8808 2.58.85.145:6004 2.58.85.145:8808 203.30.9.90:443 206.123.132.164:2000 213.195.119.244:4001 216.250.255.99:6606 216.250.255.99:7707 216.250.255.99:8808 23.26.201.73:5555 23.26.201.73:6666 23.26.201.73:8888 37.120.141.139:1113 38.180.30.53:8080 38.242.236.116:7777 45.134.83.162:6606 45.134.83.162:7707 45.134.83.165:6606 45.134.83.165:7707 45.138.16.228:9090 45.240.136.144:5055 45.94.31.49:8888 45.94.31.49:9999 46.246.84.11:2000 5.161.113.150:25658 51.161.107.68:8808 51.195.231.121:6606 51.195.231.121:7707 51.195.231.121:8808 51.77.68.50:1231 51.89.109.154:6606 51.89.109.154:7707 51.89.109.154:8808 66.225.254.138:7707 66.94.120.244:9999 69.64.95.233:6606 69.64.95.233:7707 69.64.95.233:8808 72.167.134.164:5055 85.99.80.60:888 89.117.49.133:1337 89.117.49.133:1996 89.117.49.133:2000 89.117.49.133:6006 91.92.246.100:4443 91.92.246.100:6606 91.92.246.100:7707 91.92.246.100:8808 91.92.246.134:8808 91.92.246.152:4747 91.92.250.61:3232 94.156.68.16:137 94.156.69.174:6606 94.156.69.174:7707 94.156.69.226:1337 94.156.69.251:6606 aireynvuw.homeunix.com scambaiter11.ddns.net windows11.loseyourip.com # Reference: https://www.virustotal.com/gui/ip-address/178.73.192.2/relations # Reference: https://www.virustotal.com/gui/file/6bab7f86a6b3d13bd73b22d2dc210713452130fd83d7e1fe455aac8945f6dab8/detection 178.73.192.2:9003 sostener200.duckdns.org winscapmarzo.duckdns.org # Reference: https://twitter.com/ULTRAFRAUD/status/1771590513973395666 # Reference: https://tria.ge/240323-vjw6macc4s/behavioral1 download-updata.com s2.download-updata.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-03-24) # Reference: https://www.virustotal.com/gui/file/94ece5a7d0c2fd5d90185356145b00e9ffa4f7b595ee02ae4b3771c0462c3bee/detection 103.48.85.6:4449 103.74.172.94:40288 103.74.172.94:4499 104.243.34.3:2003 104.243.34.3:2004 104.243.34.3:4016 107.148.49.57:39632 109.205.162.97:4739 109.205.162.97:8361 109.248.201.153:6606 109.248.201.153:7707 109.248.201.153:8808 113.128.118.199:6606 113.128.118.199:7707 113.128.118.199:8808 113.207.105.195:15806 113.207.105.200:3201 113.207.105.200:8301 113.207.105.224:16804 113.207.105.229:7302 113.207.105.241:9803 117.18.12.59:8880 119.42.170.7:443 120.46.33.65:8848 121.62.63.238:8848 123.99.200.157:2802 123.99.200.158:7223 123.99.200.175:8848 123.99.200.184:2140 124.166.95.10:4449 124.166.95.10:8080 124.248.66.160:6422 124.248.69.96:4449 128.90.122.92:9999 13.36.174.17:6606 13.36.174.17:7707 13.36.174.17:8808 13.66.133.43:6606 13.66.133.43:6821 13.66.133.43:7707 13.66.133.43:8808 13.66.221.58:7707 134.19.177.59:5003 136.244.89.250:3131 139.99.86.164:6606 139.99.86.164:7707 139.99.86.164:8808 141.105.130.87:6606 141.105.130.87:7707 141.105.130.87:8808 141.94.223.150:6677 141.95.84.40:4291 141.95.84.40:6262 142.11.201.122:8712 142.11.201.123:8714 142.11.201.126:8712 142.11.201.126:8714 142.202.242.170:6666 144.208.127.116:7707 144.208.127.116:8808 146.56.230.174:1720 146.56.230.174:4449 146.70.129.19:38371 147.124.212.80:6606 147.124.212.80:7707 147.124.212.80:7777 147.124.212.80:8808 147.124.212.80:8888 147.185.221.16:4040 147.185.221.16:63770 147.185.221.17:33732 147.185.221.17:48347 147.185.221.17:50732 147.185.221.184:41092 147.185.221.18:35708 147.185.221.18:41437 147.185.221.18:43941 147.185.221.18:4449 147.185.221.18:56236 147.185.221.18:7771 147.189.161.48:4449 147.189.161.48:4839 149.127.237.203:6606 149.127.237.203:7707 149.127.237.203:8808 15.237.210.97:4444 153.36.240.58:15092 153.36.240.58:15095 154.204.60.74:6610 154.221.22.54:4449 154.39.238.95:4449 154.48.237.186:8808 154.91.65.150:8848 154.91.65.153:8848 159.146.14.122:1604 159.146.14.122:18068 159.146.14.122:18840 159.146.14.122:4040 159.146.14.122:4782 163.5.215.225:1602 168.119.211.236:115 172.94.105.163:2222 176.150.69.221:42474 176.150.69.221:42475 176.150.69.221:4449 178.20.230.68:4784 179.127.14.82:29000 181.131.216.198:7707 182.254.221.150:4449 185.157.162.206:2191 185.234.247.30:4449 185.253.161.186:4444 186.112.193.255:2404 186.112.203.192:2404 186.168.67.211:2404 186.168.67.211:8888 192.161.193.99:5058 192.161.193.99:5228 192.161.193.99:8848 192.177.111.46:18200 192.177.111.46:4449 193.161.193.99:49207 193.161.193.99:64023 193.222.96.253:4449 193.222.96.47:4462 193.222.96.47:9471 193.233.132.186:4404 193.233.132.186:5505 193.233.132.186:6606 193.26.115.42:100 194.147.140.239:7707 194.33.191.245:2405 194.33.191.3:7391 195.213.0.34:2008 198.44.165.35:5602 198.44.167.139:38795 198.44.167.139:41352 198.44.167.139:57321 198.44.167.215:38795 198.44.167.215:41352 198.44.167.215:57321 198.44.167.231:38795 198.44.167.231:41352 198.44.167.231:57321 2.58.56.152:3232 20.69.96.235:7707 20.98.80.51:6606 20.98.80.51:7707 20.98.80.51:8808 207.32.217.101:8888 207.32.218.138:2002 207.32.218.138:2003 207.32.218.138:2004 207.32.218.138:2005 207.32.218.47:666 212.129.30.248:6000 213.195.124.90:4001 213.195.124.90:4002 213.195.124.90:5001 213.32.243.233:6606 217.64.31.3:3819 217.64.31.3:4871 23.105.131.217:83 24.50.117.82:8848 26.199.97.56:13377 3.6.115.182:11800 3.6.115.182:13997 3.6.115.182:4040 3.6.115.182:4444 3.6.115.182:6080 31.210.20.231:200 31.214.240.57:3232 37.114.41.142:8848 38.147.172.98:6307 38.165.8.185:7771 38.180.91.75:4444 38.54.1.41:4449 39.103.129.63:6606 39.103.129.63:7707 39.103.129.63:8808 40.66.40.50:4173 40.66.40.50:6214 43.138.156.178:6606 43.138.156.178:7707 43.138.156.178:8808 43.240.221.130:9833 43.248.140.94:8848 43.248.140.96:8848 43.251.17.199:4449 45.128.36.146:8848 45.128.96.133:8848 45.131.111.98:4449 45.138.99.2:6606 45.138.99.2:7707 45.138.99.2:8808 45.141.215.32:4449 45.145.224.55:7000 45.145.229.147:9606 45.145.229.148:9604 45.145.229.150:9605 45.15.143.164:6606 45.15.143.164:7707 45.15.143.164:8808 45.76.155.94:6606 45.76.155.94:7707 45.76.155.94:8808 45.76.232.247:6606 45.80.158.48:4449 45.83.31.113:2004 45.83.31.113:8888 45.83.31.113:9999 45.94.31.248:4447 46.246.4.5:2000 46.36.67.36:51566 46.36.67.36:8848 47.104.179.7:8848 47.104.236.243:8848 47.94.3.159:4455 47.94.3.159:8848 5.9.194.71:3232 50.29.244.5:5753 50.29.244.5:6606 50.29.244.5:7707 50.29.244.5:8808 51.195.231.121:6000 51.195.231.121:7000 51.195.231.121:8000 52.59.51.24:1932 54.39.29.90:6606 61.14.233.111:4404 61.14.233.111:5505 64.176.178.205:1989 64.44.167.67:6900 64.56.68.144:8888 66.135.22.80:6000 66.135.22.80:8000 66.135.22.80:8808 66.154.122.230:1337 67.205.154.243:4431 74.81.52.179:33643 76.70.94.161:4449 76.70.94.161:9999 78.186.152.249:1938 78.187.224.170:1604 79.134.225.21:8646 79.134.225.35:6606 79.134.225.35:7707 79.134.225.49:1984 79.134.225.82:3004 8.140.33.34:6606 8.140.33.34:7707 8.140.33.34:8808 80.48.119.72:8848 81.249.25.228:1605 85.105.88.221:6935 85.215.196.156:2222 86.153.66.129:443 86.20.95.188:8080 86.20.95.188:8848 88.232.116.241:3007 88.232.116.241:888 89.148.44.245:443 89.163.221.170:4444 90.8.19.214:7006 91.134.150.149:8808 91.92.242.227:6606 91.92.247.123:5531 91.92.247.161:5531 91.92.247.96:5531 91.92.250.147:5038 91.92.254.14:58004 93.190.10.16:7707 94.156.64.122:8888 95.164.3.135:4449 95.216.85.80:6606 96.9.215.146:6606 96.9.215.146:7707 96.9.215.146:8808 1hitler.accesscam.org 1tapfinn.ddns.net 23preguntas.duckdns.org 28febnde.dynv6.net 2hitler.ddnsgeek.com 404nothere5-52195.portmap.io 404nothere5-62048.portmap.host 404nothere5-63469.portmap.io 46tochristmas15dec.ddns.net 470krlio.shenzhuo.vip 5ra.webredirect.org 999triana999.1cooldns.com a0979283148.ddns.net alerts.linkpc.net aliveafterguard.icu allay.x3322.net ancy2024.kozow.com aoputer.crabdance.com armandocastillodominio.con-ip.com asdofugugja883.xyz asdugvua37vhax.cn azurecloud-bridge.cn bebefiin.duckdns.org bestcoder.duckdns.org bofa.su boty.theworkpc.com buike.kozow.com chichichi01.duckdns.org chingyen-23182.portmap.host cn-wh-plc-1.openfrp.top competent-elion.193-142-59-177.plesk.page copyright-sofa.gl.at.ply.gg cringelord6969.ddns.net cryptojoke.con-ip.com cutecat-46661.portmap.host cyesterbill.chickenkiller.com danielballesterosdominper.con-ip.com darkstorm275991.ddns.net davidricardodom.con-ip.com dohavevictem2024.duckdns.org drax2023.run.place e7team-54210.portmap.host eaxhost.ddns.net ech0.theworkpc.com ekuroak.hopto.org fat7ola0077.ddns.net fearme-45002.portmap.host fearme-55506.portmap.host fearme-62451.portmap.host febrerososte.duckdns.org finessebitcoin.duckdns.org fl-survivor.gl.at.ply.gg g6666lrd10424346129.ddns.net ggghmn8766vg.hopto.org h2mhost123ontop.ddns.net hassan.webhop.net helprxr.duckdns.org hitler55.dvrdns.org hitler55.dyndns.org hmnms.duckdns.org hoes-truth.gl.at.ply.gg hsm.theworkpc.com icant.theworkpc.com interstellar.onthewifi.com jksdghfsd.loseyourip.com jojomo.duckdns.org kapobiko1.mooo.com koradon.giize.com krallarcarding.duckdns.org kreyze.ddns.net lemback.dns.navy littlenerd.duckdns.org loan-mode.gl.at.ply.gg loliletnotnoobonf-28917.portmap.host lolzpopbob-31243.portmap.host magarodriajhsdbajifuqwe12341safqdv.duckdns.org mankemane-47945.portmap.io mariarizazapata09.duckdns.org martingonzalessoto09.duckdns.org mcehonline-48303.portmap.io meowpc-33643.portmap.host merthamurc.duckdns.org milan.giize.com momentdhs.duckdns.org mono2024.kozow.com mrrxr.duckdns.org mydogis.onthewifi.com myryam.con-ip.com mytestdns123.mooo.com mznhr.ddns.net nabeellasdfasdf-52048.portmap.host nagerproxysinintercavi8464perringuta.duckdns.org nasser.is-found.org ndichinnenanna0110.ddns.net newhost.dyndns.info nezo123-21027.portmap.host non.theworkpc.com nso1.nsolau.net okaa0-60956.portmap.host osso.camdvr.org patients-councils.gl.at.ply.gg podejrzanylink.xyz pooldiaz14.duckdns.org popo.office-on-the.net powellfrank.ddns.net proxy-shady.cloud quepasa2024.kozow.com rat.loseyourip.com rat2024.e3.luyouxia.net rat34.ddns.net ratdeniyoz7386.duckdns.org rawy.ooguy.com rem-new-2.duckdns.org reyfelipeborbon.loseyourip.com richard-foods.gl.at.ply.gg roscript.ddns.net rtx.con-ip.com sandraferreirodominiopersonal.con-ip.com scrubloader.ru sdd4514136100juciywrldl.ddns.net sebastianmindioladomini.con-ip.com selldrugs.duckdns.org ser.nrovn.xyz sfclog.ddns.net shailputrimt1.publicvm.com shoes-truth.gl.at.ply.gg sis.4cloud.click sis.is-a-blogger.com sosob9ta.line.pm spidermanbaba.ddns.net spiffy-balloon.auto.playit.gg spongethug.ddns.net stormx.dynu.net subdominiodesub.duckdns.org sunday-survivors.gl.at.ply.gg swifty123-23089.portmap.host swifty123-48281.portmap.host t3fakpraf.ddns.net talapain.ddns.net tanta.theworkpc.com testdamahe.duckdns.org testdns.ydns.eu tobacos.ddns.net torbrowser-39837.portmap.host torenta2.vpndns.net travisway-41408.portmap.host trbe.mentality.cloud tularz.duckdns.org usaugen.xyz utorrent.theworkpc.com volam2.club vx2sw7soh8ds5.hopto.org w3llsfarg0h0st.ddns.net wandering-field-84417.pktriot.net wassgoodmane-45751.portmap.host wassgoodmane-46736.portmap.host waytovwmk40.ddns.net whiteshadows.ddns.net win0090.theworkpc.com worldxw.xyz xfreddy2751.duckdns.org yubarats.ddns.net yy.webhop.me # Reference: https://www.virustotal.com/gui/file/c0a969afb972ff37818cbcdad02c52c1cf2a20e94e626eee7fc7c7322b92189c/detection 194.147.140.138:1549 team3004.myddns.me # Reference: https://twitter.com/malwarelab_eu/status/1772779102849614292 # Reference: https://app.any.run/tasks/1cbca783-8323-474e-aa6a-ca655ed6637e/ # Reference: https://www.virustotal.com/gui/file/e86017b846165690bcaf38242e09df96651aec60e9c2dae4bf50de8ace77f029/detection 154.30.255.175:8890 154.30.255.175:8895 154.30.255.175:8896 bagdg.duckdns.org hjkdnd.duckdns.org jdokds.duckdns.org mdgh.duckdns.org posters-dial.com vbdsg.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-03-31) 104.243.37.110:6667 109.199.120.42:2023 128.90.122.170:9999 142.11.201.124:8712 142.11.201.124:8714 172.94.125.164:2222 172.94.8.37:2222 172.94.9.23:222 185.196.10.233:6606 185.196.10.233:7707 185.196.10.233:8808 185.196.11.223:1339 192.227.177.214:7707 194.156.90.112:6666 2.58.56.109:9090 206.123.132.165:2000 38.180.92.22:4444 54.39.29.90:7707 54.39.29.90:8808 88.229.0.76:20000 89.163.221.180:4444 89.163.221.180:8888 91.92.120.13:8888 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-04-03) 128.90.122.249:9999 128.90.123.31:9999 146.103.11.88:6606 146.103.11.88:8808 172.111.137.194:2222 185.174.101.164:8888 185.174.101.246:6006 91.92.241.169:3434 91.92.254.251:8808 94.156.68.16:4443 94.156.69.11:1337 # Reference: https://www.virustotal.com/gui/file/17e26fd4612acbe0b3f6c597e7abac5e1bdfabb50b1017b93c1a836f57202b2c/detection 45.74.7.59:8898 # Reference: https://www.virustotal.com/gui/file/782bb5dccbd7b065aac6ab04ec053097bc9d8031d6e33a3a03692eb33e262926/detection 8.217.140.110:65503 91.204.226.63:65503 # Reference: https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins # Reference: https://www.virustotal.com/gui/file/8843b83e255dfacd3d78539a144db0a209d0a6772150102904c773a41b39b158/detection 185.252.179.71:8075 markjohnhvncpure.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-04-10) 103.47.147.22:2000 110.42.102.204:7000 123.253.32.76:22 128.90.102.230:9999 128.90.103.14:1018 128.90.103.14:9443 128.90.103.14:9999 128.90.123.160:9999 146.103.11.88:7707 157.254.223.38:6606 157.254.223.38:8808 16.171.25.219:8099 163.172.59.233:6606 167.88.168.110:9090 172.111.131.97:8808 172.111.137.179:2222 172.111.137.180:2222 172.111.245.38:2222 172.111.245.98:2222 172.94.73.133:2222 172.94.73.162:2222 172.94.8.100:2222 177.255.88.116:8020 178.73.218.12:2000 179.13.3.18:8020 185.174.101.246:4444 191.89.247.6:6606 194.26.192.34:666 195.3.223.146:4443 2.58.56.66:4443 207.32.217.79:9090 213.195.121.48:4001 213.195.121.48:4002 213.195.121.48:5001 213.195.121.48:6606 213.195.121.48:8808 31.124.151.205:9000 34.88.143.155:8808 38.180.31.223:2222 38.180.62.112:2222 45.138.16.235:2003 45.77.24.231:9090 46.246.84.8:2000 5.63.21.76:1604 51.116.96.182:3000 52.185.161.226:8808 91.207.102.163:9899 91.92.254.44:1339 91.92.255.45:2000 91.92.255.45:20000 94.156.64.122:9999 94.156.65.159:6606 94.156.65.159:7707 94.156.65.217:6606 94.156.65.217:7707 94.156.65.217:8808 94.156.65.9:6606 94.156.65.9:7707 94.156.65.9:8808 95.216.41.33:82 # Reference: https://www.virustotal.com/gui/ip-address/179.13.2.154/relations # Reference: https://www.virustotal.com/gui/file/56f60067ded74f202a942df75d72e8ea0f24c2d789658e5796ebba39947b5fa9/detection 179.13.2.154:2141 conesperasehetodo.duckdns.org conmuchafesi.duckdns.org deioreseesteo.duckdns.org dioasamigoayu.duckdns.org enladediosest.duckdns.org esesmiodio.duckdns.org estedominaya.duckdns.org horastenebb.duckdns.org listospordi.duckdns.org lostemasson.duckdns.org seanamia.duckdns.org semanticasto.duckdns.org senderodedios.duckdns.org seraestemidiadi.duckdns.org serastefssr.duckdns.org seremosgagdores.duckdns.org sistemasparajoy.duckdns.org trenemfdo.duckdns.org # Reference: https://www.virustotal.com/gui/file/a678475627246ac2716b5618ec5010e67660ab4441367bee23de473449d98c11/detection 185.183.106.85:42069 420.igboat.com # Reference: https://www.virustotal.com/gui/file/14c66a0b3a199d38a236bed7780258d84c8a3cf335f9397769dc06a17d5707e0/detection 46.246.4.3:8887 adminrodrem.duckdns.org bypass-asyn.4cloud.click proxy21.duckdns.org # Reference: https://twitter.com/banthisguy9349/status/1780489993762332900 103.47.147.18:11113 103.47.147.18:1140 103.47.147.18:12140 103.47.147.18:12141 103.47.147.18:12142 103.47.147.18:12143 103.47.147.18:2000 103.47.147.18:2053 103.47.147.18:222 103.47.147.18:3306 103.47.147.18:3954 103.47.147.18:7800 103.47.147.23:2000 104.156.247.38:2024 104.243.32.185:3389 104.243.32.185:47001 104.243.32.185:5985 151.106.34.168:2224 151.106.34.168:3389 151.106.34.168:5055 156.195.153.143:7547 178.73.218.8:2000 178.73.218.8:5357 178.73.218.8:8888 181.131.216.198:2222 181.131.216.198:8808 181.214.223.125:3389 181.214.223.125:47001 185.196.11.252:1337 185.196.11.252:3389 185.196.11.252:47001 185.196.11.252:5985 191.88.250.63:2869 191.88.250.63:7070 194.105.5.194:3389 194.105.5.194:4444 194.26.192.34:3389 194.26.192.34:47001 194.26.192.34:5357 194.26.192.34:5985 194.33.191.3:3389 194.33.191.3:7070 2.224.144.191:1188 20.2.223.28:3389 20.2.223.28:5555 20.2.223.28:7070 20.226.0.95:3389 20.226.0.95:7707 20.226.0.95:8808 207.32.217.79:3389 207.32.217.79:47001 207.32.217.79:5985 31.124.151.205:8085 45.138.16.235:3389 45.138.16.235:47001 45.138.16.235:5357 45.138.16.235:5985 5.63.21.76:3389 5.63.21.76:47001 5.63.21.76:5357 5.63.21.76:5985 51.81.126.50:3389 51.81.126.50:47001 51.81.126.50:5555 51.81.126.50:5985 51.81.126.50:5986 51.81.126.50:7070 77.134.63.213:1122 # Reference: https://twitter.com/banthisguy9349/status/1780500318846906644 147.124.213.188:222 192.159.99.43:222 192.3.109.131:222 207.244.249.35:222 207.32.219.92:222 212.23.222.206:222 35.233.238.201:222 45.94.31.103:222 51.195.94.201:222 87.120.84.91:222 # Reference: https://www.virustotal.com/gui/file/37c59b4a6bc52f2fa3398bba784ab89b2316c17edf13bb350e2c7dbf5933d285/detection 45.32.168.59:4040 powerdc.dynuddns.net # Reference: https://twitter.com/r3dbU7z/status/1780877399070015700 # Reference: https://www.virustotal.com/gui/ip-address/185.81.157.148/relations # Reference: https://www.virustotal.com/gui/file/aba88f736591e30f238049e3585ae6d67a83bc7aed9223b613010b29946939e4/detection # Reference: https://www.virustotal.com/gui/file/b797141148c613d952a1d86790620a705c3c385daa61eb805a46555105f518cb/detection 192.227.177.214:6606 192.227.177.214:7707 192.227.177.214:8808 raw223111.com raw3losh2321321w.com raw39w493.com # Reference: https://www.virustotal.com/gui/file/f5d4afb68b4ceacbb6d5a5b8b153d55e452f08f1c0c1674b35c904673da5e2cd/detection 82.114.186.73:6606 82.114.186.73:7707 82.114.186.73:8808 myserver7.sytes.net # Reference: https://www.virustotal.com/gui/file/be0c7f808c76369d03678fae7ed3dac43e292586c2cec1541af9424ade3f6fa5/detection # Reference: https://www.virustotal.com/gui/file/12cbff9bb36d6f63d5fec636980581530abfb0ad3d3bdd0bbad07892d2637b27/detection # Reference: https://www.virustotal.com/gui/file/257a49d59b2b2ae5f44688cf4d2cac26f583e121c826787e7046324d9890adee/detection 186.169.47.11:7081 186.169.62.202:1990 njverde1.duckdns.org # Reference: https://www.virustotal.com/gui/file/0c9b67e54ea019fcbcb375de464025d82eb3fb62de692a3492f67c6d6fb93212/detection 186.169.37.89:1988 statusnuevoano1.duckdns.org # Reference: https://www.virustotal.com/gui/file/dcf90d69b4a83839e6b741986745c373a2c386a1a5518cab19133fda1f7f6e16/detection 179.13.0.175:7090 preferenciales12.duckdns.org # Reference: https://twitter.com/banthisguy9349/status/1783059801255063882 http://91.92.252.220 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/45.94.31.69 45.94.31.69:222 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/51.38.95.108 51.38.95.108:222 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/51.195.94.205 51.195.94.205:222 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/80.94.95.238 http://80.94.95.238 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/87.120.84.126 87.120.84.126:222 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/104.243.32.185 http://104.243.32.185 104.243.32.185:222 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/109.199.101.109 http://109.199.101.109 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/149.102.147.106 http://149.102.147.106 # Reference: https://twitter.com/banthisguy9349/status/1783409848576516361 # Reference: https://urlhaus.abuse.ch/host/154.12.231.18 http://154.12.231.18 154.12.231.18:443 154.12.231.18:90 # Reference: https://www.virustotal.com/gui/file/731a20791887573ed4bd909011e707ae8be38524b43b54e798a97ab2d96d76b4/detection 80.133.66.162:7777 # Reference: https://www.virustotal.com/gui/file/90a2c2490d375e84023257c2698971641714043e140b07d90207fe31e6e20efa/detection 151.95.173.129:255 cholito1312.ddns.net # Reference: https://twitter.com/x3ph1/status/1784948127226568770 # Reference: https://www.virustotal.com/gui/file/64f373211953aa5e294e9d7dee8dee07866ceb7fa944f8c5845792489433afb6/detection 144.76.71.93:313 eve.now-dns.net # Reference: https://www.virustotal.com/gui/file/eb8cc36d9f0c3ac66b51583fa0674e50c911cfddcacdb3b7111583a0caf0ca76/detection 45.133.174.75:8795 aysmasterpro.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1786305462133997951 # Reference: https://www.virustotal.com/gui/ip-address/91.92.247.100/relations # Reference: https://app.validin.com/detail?find=Invoice%20Informations&type=raw&ref_id=03cfa3a9c25#tab=host_pairs http://91.92.247.102 invoiceinformations.com invoicesinformation.com liket.top myposty.bond au.liket.top au.myposty.bond # Reference: https://urlhaus.abuse.ch/browse/tag/AsyncRAT/ (# 2024-05-03) http://1.14.206.144 http://104.243.38.245 http://109.172.45.94 http://116.62.11.90 http://141.98.6.105 http://142.11.211.80 http://157.254.223.253 http://158.69.131.146 http://159.223.189.221 http://16.171.25.219 http://172.96.172.203 http://176.107.185.29 http://178.33.57.158 http://185.117.91.202 http://185.196.8.223 http://185.216.70.70 http://185.241.208.181 http://185.241.208.97 http://185.252.178.121 http://185.81.157.148 http://185.81.157.152 http://185.81.157.213 http://185.81.157.244 http://192.119.74.208 http://192.3.109.131 http://192.99.180.181 http://193.26.115.238 http://193.34.212.17 http://193.42.32.101 http://194.213.3.23 http://195.133.40.128 http://195.178.120.137 http://198.46.178.147 http://20.127.168.10 http://209.126.7.24 http://38.242.242.149 http://41.216.188.20 http://45.12.253.105 http://45.154.98.81 http://45.80.158.237 http://45.92.1.59 http://5.206.227.251 http://51.89.109.154 http://62.171.178.45 http://65.21.177.234 http://77.221.151.42 http://77.91.68.249 http://79.110.62.189 http://79.137.202.195 http://84.54.50.9 http://85.209.133.106 http://85.209.176.59 http://85.239.240.244 http://85.239.241.136 http://86.68.222.14 http://88.218.61.219 http://91.92.240.177 http://91.92.242.80 http://91.92.247.100 http://91.92.252.85 http://93.123.39.225 http://93.123.39.68 http://94.156.128.246 http://94.156.69.208 http://94.156.69.220 http://94.156.71.212 http://94.156.79.216 http://95.216.192.137 104.243.38.245:222 104.243.44.136:666 107.161.81.150:222 129.213.49.94:8888 141.98.6.105:222 147.124.212.80:222 156.96.156.177:222 18.118.199.163:353 185.16.38.38:555 185.81.114.175:642 185.81.157.104:222 185.81.157.108:222 185.81.157.142:222 185.81.157.150:222 185.81.157.152:222 185.81.157.152:333 185.81.157.1:222 185.81.157.219:222 185.81.157.244:222 185.81.157.24:222 193.26.115.174:222 193.26.115.230:555 198.12.81.135:222 198.20.177.229:444 200.98.145.181:8888 4.229.235.23:222 45.12.253.107:222 45.128.96.133:8000 45.128.96.204:222 45.138.16.39:222 45.141.215.109:555 45.76.232.247:222 45.80.158.168:222 45.81.39.110:222 45.90.222.198:8080 5.249.163.134:333 51.161.61.92:222 51.195.94.209:222 51.222.98.70:222 51.89.109.154:3000 51.89.212.151:222 84.54.50.9:222 86.48.18.223:666 91.92.240.177:888 91.92.253.239:888 91.92.254.77:222 94.156.69.35:222 94.72.113.52:770 24help.ooguy.com 2m-store.com a0920080.xsph.ru adminigobnal.store anonhost.in arm-cc.com arthurcambell.ac.ug autoenhancer.tech autoupdate.com.ua ayazsehk.beget.tech beautifulqueen.com.br buypropertyinuae.com carthagefire.net cdn-120.filechan.org cdn-130.filechan.org chrisco-upperroom.org documentacionrav003483980903884833.blogspot.com duckz.online eionsfsjk.tk f0868357.xsph.ru familyfontsview.mooo.com file-drop.cc fransceysse.ac.ug hydramecs.com invitadoscarlsjr.mx jonnyomar.xyz joshbystrom.com js-hurling.com kareemovic22.webredirect.org maincoon.frido19777.repl.co makkahmart.org mphasistech.com mrfreeman.shop mrfreeman.xyz nestlejobs.tk okokokokokok.khaby.lol paldo.ac.ug pmjo.fra1.cdn.digitaloceanspaces.com pub-bfce74d1910148989228a2ae7c102b8a.r2.dev rec4.tv s2r.tn s3rrrv3r.xyz sbs-sysco.com sinopecllc.top solutionsinengineering.com specialetrt.online theemirateshills.com thrivetrail.org totalhorsehealth.com tr62gf3t.ngrok.io tractorandinas.com upload.vina-host.com vps-135c3c5b.vps.ovh.ca vptriathlon.com winderswonders.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-05-03) 103.249.112.118:8848 128.90.103.36:9999 128.90.123.67:9999 128.90.128.169:9999 136.175.8.35:444 136.175.8.35:4444 139.99.133.66:6666 142.202.191.162:222 154.53.42.53:8448 154.53.42.53:8847 156.195.128.36:8000 163.5.210.97:3307 172.160.240.225:7654 172.160.240.225:8976 179.14.9.152:2020 181.131.217.222:4203 184.174.96.94:2222 184.174.96.94:4444 184.174.96.94:5555 184.174.96.94:8888 184.174.96.94:9999 194.26.192.196:1610 207.32.219.85:8888 213.252.247.202:222 213.252.247.202:6606 216.250.252.159:50545 41.43.199.238:8000 46.246.14.22:2000 51.195.145.87:7071 78.161.0.177:3001 78.185.140.143:81 85.97.168.208:20000 87.121.105.4:8797 88.229.18.221:20000 88.229.18.221:888 91.92.247.15:8008 91.92.250.227:7707 91.92.253.249:6606 91.92.253.249:7707 91.92.253.249:8808 93.71.184.63:6606 94.156.65.26:6006 94.156.65.26:7777 95.211.208.153:6606 95.211.208.153:7707 95.211.208.153:8808 hjdsasync.duckdns.org # Reference: https://www.virustotal.com/gui/file/0225ab7231a491eba5d422b3fc0589d02b3f35525740ed804c635c3272e43985/detection 194.26.192.57:222 194.26.192.57:5552 194.26.192.57:57114 194.26.192.57:8808 # Reference: https://www.virustotal.com/gui/file/71a53e0ee0dbb54b4125b864908a5335d7dbbafb723f6dcd60c5560f1fb6ed40/detection 197.58.43.133:54984 197.58.43.133:6606 197.58.43.133:7707 197.58.43.133:8808 # Reference: https://twitter.com/CyberRaiju/status/1787013536549679292 # Reference: https://twitter.com/c_APT_ure/status/1787046377035309389 102.188.149.156:6666 102.46.149.233:6666 102.47.223.168:6666 105.196.137.169:6666 194.127.178.224:6666 196.157.103.228:6666 197.132.65.63:6666 197.37.104.46:6666 197.37.111.190:6666 197.37.140.174:6666 197.37.198.12:6666 197.37.229.172:6666 197.37.233.55:6666 197.37.33.248:6666 197.58.154.105:6666 197.58.43.133:6666 41.43.12.86:6666 41.43.55.99:6666 41.68.112.224:6666 41.68.56.78:6666 41.69.33.153:6666 41.69.35.144:6666 41.69.47.180:6666 # Reference: https://twitter.com/banthisguy9349/status/1787421260575600786 # Reference: https://www.virustotal.com/gui/file/1b8a7847861a5325f1f0c4c1586e28fda420b9b32c6fcbfad31c4dbd479d5134/detection 103.195.103.142:443 103.195.103.142:90 103.195.103.142:6606 103.195.103.142:7707 103.195.103.142:8808 45.88.91.145:443 66.94.120.219:443 85.239.240.244:443 94.156.79.216:443 evolve27.com sirdff309.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/87.121.105.4/relations # Reference: https://www.virustotal.com/gui/file/15fe3ab91a5454d888ceec3916cac3d80de7b79fe650c843522605ff4b73122d/detection 87.121.105.4:8896 ghshe.duckdns.org hjxwrm5.duckdns.org kdke.duckdns.org nmds.duckdns.org undjsj.duckdns.org # Reference: https://twitter.com/alex_lanstein/status/1788269323020280277 # Reference: https://www.virustotal.com/gui/file/2f8dc972e9ec1b47d2beb064776d2df9778d253a5030870405843bed0fb32640/detection # Reference: https://www.virustotal.com/gui/file/4ee40029d668e951398af606ed60163cfba237dda047f98c13f53937411d9fde/detection 193.222.96.124:5050 193.222.96.124:7287 # Reference: https://twitter.com/karol_paciorek/status/1788556707620159734 # Reference: https://www.virustotal.com/gui/file/29841f038da6a26dac5df28f23b4adcb080f5b0a2312bf996c8073940849eef6/detection # Reference: https://www.virustotal.com/gui/file/4eedc7ed6ade620eef8eb160d18518afc9c59eb262baf8a9fdbe758fb611b6f0/detection http://45.88.186.125 193.222.96.193:81 45.61.150.201:6606 45.61.150.201:7707 45.61.150.201:8808 45.88.186.125:6606 45.88.186.125:7707 45.88.186.125:8808 beshomandotestbesnd.run.place # Reference: https://twitter.com/banthisguy9349/status/1789341523823169815 # Reference: https://urlhaus.abuse.ch/host/45.138.16.97/ 45.138.16.97:222 # Reference: https://www.virustotal.com/gui/file/3bc93aa2bfad02c3e93e87242b7789c657d72d983b8f10daaaccd6ad935b2a4e/detection 185.29.11.28:43147 obime.duckdns.org # Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-05-17-v10598/1649 bangkok-generally-ensemble-nfl.trycloudflare.com invoice.trycloudflare.com invoicetrycloudflare.com loaded-swift-degrees-packages.trycloudflare.com maintenance-princess-musical-vocational.trycloudflare.com nail-lists-compact-project.trycloudflare.com oral-career-renewable-bacterial.trycloudflare.com snap-guide-leeds-des.trycloudflare.com tired-shareholders-reservoir-talked.trycloudflare.com # Reference: https://x.com/banthisguy9349/status/1792886215479349594 141.11.109.151:8000 # Reference: https://x.com/karol_paciorek/status/1793201205050499327 185.196.11.223:1339 185.196.11.252:1339 85.239.241.136:1339 91.92.249.94:1339 94.156.64.207:1339 94.156.69.136:1998 94.156.69.226:1998 leetboy.dynuddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-05-22) http://156.195.80.192 http://156.195.84.201 http://181.214.223.125 http://193.111.125.200 http://88.138.253.60 http://94.156.8.44 103.1.40.154:8000 104.234.204.57:7707 104.250.169.165:2222 12.202.180.134:8797 128.90.103.12:9999 128.90.103.39:9999 128.90.122.129:9999 128.90.123.108:9999 128.90.123.87:9999 135.125.21.74:4545 136.175.8.56:9090 14.164.99.119:8080 147.135.165.29:6606 147.135.165.29:7707 148.163.101.182:6606 151.106.34.110:8081 156.195.143.153:443 156.195.80.192:8080 165.227.44.40:6606 172.105.121.169:6606 172.105.121.169:7707 172.105.121.169:8808 172.111.148.205:222 172.111.148.95:222 172.111.169.67:2222 172.111.216.199:7707 172.111.216.4:6606 172.111.216.4:8808 173.211.46.114:6606 173.211.46.114:7707 173.211.46.114:8808 178.215.236.224:4444 178.73.192.2:2000 179.13.4.37:8082 18.192.31.165:15221 185.104.195.215:1337 185.104.195.215:4444 185.196.11.252:4444 186.102.167.18:6606 186.137.33.82:2112 187.24.4.218:9999 192.227.228.34:8808 193.38.34.125:2000 195.26.240.251:9999 198.23.227.175:8881 199.223.235.67:8808 2.29.196.40:9000 200.9.154.160:10000 202.133.88.95:8080 204.12.199.30:6606 204.12.199.30:7707 204.12.199.30:8808 207.246.64.185:6161 209.145.56.0:7788 213.195.117.131:5001 213.195.126.87:5001 3.125.102.39:15221 3.125.209.94:15221 3.125.223.134:15221 34.41.72.142:2000 4.233.217.192:8808 45.126.209.172:5555 45.126.209.172:6666 45.126.209.21:4444 45.126.209.21:7707 45.126.209.21:7777 45.126.209.21:9999 45.126.209.49:6666 45.126.209.67:7707 45.126.209.70:6666 45.128.96.103:6666 45.128.96.103:8808 45.128.96.204:6666 45.141.215.159:8088 45.88.186.197:4444 45.88.186.197:6666 45.88.186.197:7777 45.88.186.197:8888 45.88.186.241:6606 45.88.186.241:6666 45.88.186.62:8888 45.88.90.224:2222 46.246.6.18:2000 46.246.80.12:2000 46.246.80.15:9004 47.245.105.90:9876 5.249.165.126:9090 5.252.53.186:1337 51.195.211.231:1337 51.195.94.205:6606 51.195.94.205:7707 51.195.94.205:8808 51.254.53.24:4449 51.81.105.250:8808 51.81.169.92:6606 51.81.169.92:7707 51.89.158.68:8888 54.39.216.104:2222 64.23.156.73:4047 66.66.146.74:9511 78.161.80.54:888 78.179.134.46:3000 78.179.134.46:888 78.179.247.213:888 79.110.49.252:6606 79.110.49.252:7707 79.110.49.252:8808 84.247.154.81:6606 84.247.154.81:7707 84.247.154.81:8808 84.38.134.107:59543 85.107.228.217:20000 85.107.228.217:3001 85.107.228.217:7070 85.107.228.217:888 85.114.96.11:1602 85.209.133.18:4545 85.239.237.148:2005 87.121.105.252:6606 89.39.106.35:1339 91.110.144.65:9000 91.219.62.14:8888 91.92.246.53:5554 91.92.248.82:4443 91.92.248.82:8900 91.92.250.227:6606 91.92.251.136:8900 91.92.251.153:8900 91.92.251.159:4443 91.92.251.159:8900 91.92.251.179:8900 91.92.251.245:8900 91.92.251.57:1337 91.92.254.201:4443 91.92.254.201:8900 91.92.254.21:8900 91.92.255.108:6606 91.92.255.108:7707 91.92.255.108:8808 91.92.255.16:8900 91.92.255.182:4444 91.92.255.190:6606 91.92.255.190:7707 91.92.255.190:8808 91.92.255.220:6606 91.92.255.25:4443 91.92.255.25:8900 91.92.255.79:8900 94.130.130.51:1919 94.156.10.12:443 94.156.64.21:4443 94.156.64.21:8900 94.156.64.51:4443 94.156.64.51:8900 94.156.64.5:8900 94.156.64.90:8900 94.156.65.181:3434 94.156.67.103:6606 94.156.67.103:7707 94.156.67.103:8808 94.156.67.112:6606 94.156.67.214:4444 94.156.67.214:6006 94.156.67.214:7777 94.156.67.214:8008 94.156.69.161:8900 94.156.69.163:8900 94.156.69.164:8900 94.156.69.165:4443 94.156.69.165:8900 94.156.69.166:8900 94.156.79.216:8888 94.156.8.44:443 94.228.162.82:6606 94.228.162.82:7707 94.228.162.82:8808 95.7.175.50:20000 afterksmelipandmahdiimadss.ddns.net character-acquisitions.gl.at.ply.gg comas.sells-it.net comm.sells-it.net coms.sells-it.net comss.sells-it.net de-engines.gl.at.ply.gg goodone.loseyourip.com linux-treatment.gl.at.ply.gg mark1234567.ddns.net nerakar.duckdns.org strekhost2085.con-ip.com twinks234.duckdns.org # Reference: https://x.com/banthisguy9349/status/1793331162502353303 http://94.156.69.134 http://94.156.69.246 # Reference: https://www.virustotal.com/gui/file/11d0a663c5d6ee1b77b3a62d755c11312598ebaa10fda764b1551b106ef517a8/detection 191.88.248.162:6606 191.88.248.162:7707 191.88.248.162:8808 telegramsystem32dn.duckdns.org # Reference: https://www.virustotal.com/gui/file/94907cb7c5a3d388de870383d35ed9d8564985fd5d913403b2888f8c42583dd5/detection 181.131.216.141:1524 canastapatrones.con-ip.com paseoencarro2024.con-ip.com pasoscon.con-ip.com pasticosmemos.con-ip.com remixripiolo.con-ip.com # Reference: https://www.virustotal.com/gui/file/a8eea383b255aa5e3f762534e08b635697ddf21aeba04bef038eb9c647b516f3/detection # Reference: https://www.virustotal.com/gui/file/a87e8ab853de960f05f82b36d0a604a50d1af983a6a14d764508402c2d8d2a69/detection # Reference: https://www.virustotal.com/gui/file/e5321f397068d010f4c218d85eea1d878a3905031b2477c2330ea218845d7727/detection 181.141.2.226:1013 181.141.4.186:1013 181.141.4.186:1014 loggedestadosundns.duckdns.org segundoservestadosuni.duckdns.org vanyplasserrem.duckdns.org # Reference: https://www.virustotal.com/gui/file/2b335c518a6168241e941c02c1fb91012dbd0f9171531718b60d1a162b1f28ab/detection 177.255.88.252:5023 aefw3rgevoyv7bgnwev.con-ip.com # Reference: https://app.validin.com/detail?find=181.141.0.0%2F24&type=ip&ref_id=cca0920a3a7#tab=resolutions # Reference: https://www.virustotal.com/gui/file/52abf2d9d26529b8d17b31ce9ae97329c68d1bea55033d5217f21b2370ae664e/detection 181.141.0.182:1800 asrhadhf.duckdns.org ayudamedios.con-ip.com bdmtnz.ddns.net bendicionespatoelmundo.duckdns.org carteraada.duckdns.org comercdgvhhn.duckdns.org dfghwfh.duckdns.org dfgsdkfasjfaslfnalf.duckdns.org dfjeyj.duckdns.org dfsdhdsvasgfh.duckdns.org dgfdsafyjdgj.duckdns.org dgjhdvfjdsklasdlas.duckdns.org dgysru.duckdns.org enviocacha.duckdns.org fagheklolkdhsk.duckdns.org fastidiasdf.duckdns.org fgfdshrt.duckdns.org fghff.duckdns.org fneibvuwcusd.duckdns.org gabriela2021.duckdns.org gdjsbdsbdkbk.duckdns.org gfhjrrb.duckdns.org gsgdgjghkfgbdf.duckdns.org guejsyatidjkgh.duckdns.org hdjdksnshjcsc.duckdns.org hjgxadfa.duckdns.org jfusdhakdnfjf.duckdns.org jgffgstst.duckdns.org relucas.con-ip.com rswerfressd.duckdns.org santuario.con-ip.com sdhqrth.duckdns.org sdhrt.duckdns.org volvimosfuertesdios.con-ip.com wrytrioag.duckdns.org # Reference: https://www.virustotal.com/gui/file/4f9ae5b89c89e5c79c53db694d4d67e2d9b3c47c7389c8c3899dedbc9e92be76/detection # Reference: https://www.virustotal.com/gui/file/c7c5e47db28796b3f6ece9dea26af6aa9b960c7a2e628434b245a344be469c3f/detection 20.117.108.240:5612 20.117.108.240:7825 # Reference: https://x.com/karol_paciorek/status/1797594552758411301 12.202.180.134:8797 asyncss.duckdns.org # Reference: https://www.virustotal.com/gui/file/250b462897a479fdcd5b11e5deb8b86decd999dc97e1062ea151cc4db997f168/detection dhhj.duckdns.org # Reference: https://www.virustotal.com/gui/file/e596d827af9b25d8348caffa981f5ef4a6ea88bfcfb35e5a5d2d337d6bf90aa9/detection 103.156.90.165:6703 103.156.90.165:7301 103.156.90.165:8890 strig3982.duckdns.org # Reference: https://x.com/K_N1kolenko/status/1798618849040113999 # Reference: https://www.virustotal.com/gui/file/a9ee57985d3757c31f8529dc176889069d0a1ff57d2cc0a02152f17266c0a725/detection # Reference: https://www.virustotal.com/gui/file/98436572cf0f7a2b027582b07c3327decea5a5ede68b0d49dfaf75b86ba9cdad/detection http://46.102.174.48 91.92.254.123:8848 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-07-08) 103.179.189.111:8848 110.42.248.7:4449 185.196.10.81:4449 191.88.248.178:3008 194.26.192.147:7244 194.59.31.74:5552 195.10.205.90:4608 198.55.115.39:6606 198.55.115.39:7707 198.55.115.39:8808 23.227.196.84:6606 66.235.168.242:3232 66.235.168.242:4449 80.76.49.162:4545 85.209.133.248:4449 91.92.243.101:1081 94.232.249.90:8848 unio.bumbleshrimp.com # Reference: https://urlhaus.abuse.ch/url/2864552/ postaipay.top # Reference: https://x.com/banthisguy9349/status/1799493903021723748 # Reference: https://www.virustotal.com/gui/ip-address/109.199.101.109/relations # Reference: https://www.virustotal.com/gui/file/dbf24ee62e11f79ecb32f6cda9e8ab0cec3e8c12789acaf9f73cae9db6a02ef1/detection # Reference: https://www.virustotal.com/gui/file/34f6634f4d992f3159096ba6bd46592ad15e43fafc40f589c0c77c3581a6e907/detection # Reference: https://www.virustotal.com/gui/file/193175474fa67a46cacd15c7c3221b4e9f50b1a68074437bc2a81bf9f10a225d/detection http://109.199.101.109 109.199.101.109:1000 109.199.101.109:770 ch3.theworkpc.com world1.webredirect.org # Reference: https://www.virustotal.com/gui/file/fd8d402ef7a6c8c46c03fac9f89893d71360d0dcff12b67f34024d66dbe04373/detection 184.75.214.163:12380 96.47.229.59:13293 asyn.airdns.org asyn.anondns.net # Reference: https://app.validin.com/detail?type=ip&find=64.42.179.59#tab=resolutions alex-ssh.airdns.org artemi.mooo.com bettyscupcakes.ddns.net campbellm.duckdns.org checkout.awsmppl.com hanli.dedyn.io jetbear.duckdns.org micropython.duckdns.org rbl.ddns.net runningbrushln.asuscomm.com # Reference: https://x.com/IronNetTR/status/1801285491431555328 135.181.65.141:4099 45.80.158.22:9090 45.94.31.124:6606 45.94.31.124:7707 45.94.31.124:8808 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-06-13) 168.119.119.140:8808 172.232.239.216:8808 45.74.25.39:6606 45.8.146.124:2005 51.81.30.54:7707 # Reference: https://www.virustotal.com/gui/file/c767c1608932a04a286984d8f940d9cb2acdeb4cfc4f885bb836518589fb65fd/detection # Reference: https://www.virustotal.com/gui/file/6927cee8b7d0f4b7934d9c439945ef0e9fe854a2e7e06ebd69e9e4860c6e1f1d/detection 157.173.197.177:6606 157.173.197.177:7707 157.173.197.177:8808 # Reference: https://x.com/banthisguy9349/status/1801548426288472405 61.160.213.14:48596 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-06-15) http://108.174.200.80 http://157.254.223.212 http://45.83.31.241 http://98.67.161.144 103.195.102.21:5555 104.223.22.86:7777 104.223.22.86:8888 104.234.195.153:8888 104.238.173.66:6606 107.175.31.172:6606 107.175.31.172:7707 108.165.237.196:7707 108.174.200.80:8808 115.223.43.224:8888 128.90.113.119:9999 128.90.113.241:9999 134.255.217.251:7707 136.243.111.71:3000 136.243.111.71:888 136.243.151.123:110 136.243.151.21:2000 136.243.151.21:6606 136.243.151.21:9990 136.243.151.21:9999 142.11.201.122:8715 142.11.201.122:8716 142.11.201.123:8715 142.11.201.123:8716 142.11.201.124:8715 142.11.201.124:8716 142.11.201.125:8715 142.11.201.125:8716 142.11.201.126:8715 142.11.201.126:8716 142.202.240.93:7777 142.202.240.93:8888 147.135.165.29:8808 149.56.30.19:8808 154.17.167.74:7707 154.194.50.163:6606 157.20.182.6:4443 158.220.83.114:6606 158.220.83.114:7707 162.244.210.243:6606 162.244.210.243:7707 162.244.210.243:8808 162.244.210.92:6606 162.244.210.92:7707 162.244.210.92:8808 162.244.210.96:6606 162.244.210.96:7707 162.244.210.96:8808 163.5.64.209:6000 163.5.64.209:7000 163.5.64.209:8000 168.119.211.236:116 168.119.211.236:117 168.119.211.236:119 172.81.60.16:443 178.73.192.10:2000 179.13.4.37:8020 185.196.11.252:1338 185.196.11.252:1999 185.212.47.40:1998 185.212.47.40:2000 185.212.47.40:20000 185.212.47.40:5000 185.212.47.40:5555 185.212.47.40:8888 185.241.208.213:8080 185.62.86.134:555 186.137.33.82:2113 192.250.225.3:5020 192.250.225.3:5600 192.250.226.28:7066 193.26.115.74:6606 193.26.115.74:7707 193.26.115.74:8808 194.26.192.194:6666 194.26.192.194:9999 194.26.192.34:222 195.3.223.146:6667 195.3.223.146:6668 207.174.26.100:5505 207.32.218.51:8080 213.195.117.131:4001 213.195.117.131:4002 213.195.117.131:5003 213.195.117.131:6606 213.195.117.131:7707 213.195.117.131:8808 213.252.247.202:555 213.252.247.202:8808 38.180.92.22:2222 38.180.92.22:3333 38.180.92.22:5555 41.216.188.58:8808 45.126.209.49:5555 45.126.209.67:6606 45.126.209.67:8808 45.8.146.124:2004 45.88.186.241:4848 45.88.186.241:7707 45.88.186.241:8808 46.4.37.212:82 51.195.76.65:6606 51.195.76.65:7707 51.195.76.65:8808 51.77.113.177:222 51.77.113.177:2222 51.77.113.177:6606 51.77.113.177:7707 51.77.113.177:8808 51.77.113.177:888 51.77.113.177:8888 51.81.105.250:6606 51.81.105.250:7707 51.89.207.240:8088 54.39.216.104:555 54.39.216.104:5555 54.39.216.104:777 54.39.216.104:7777 61.14.233.130:6606 61.14.233.130:7707 61.14.233.130:8808 66.225.254.182:443 66.225.254.182:6606 66.225.254.182:7707 66.225.254.182:8808 66.225.254.222:6606 66.225.254.222:7707 66.225.254.222:8808 93.123.39.166:2222 94.130.130.51:116 94.130.130.51:117 94.156.69.169:4444 94.156.69.169:5555 94.156.69.169:6006 94.156.69.169:6606 94.156.69.169:6666 94.156.69.169:7707 94.156.69.169:7777 94.156.69.169:8008 94.156.69.169:8808 94.156.8.181:7777 94.156.8.181:8888 94.156.8.54:9999 95.216.41.33:83 # Reference: https://x.com/karol_paciorek/status/1802255896355000653 12.202.180.114:8797 ghdsasync.duckdns.org # Reference: https://www.virustotal.com/gui/file/c067efbc87b2ada250df9e72f9daad58f3789fda430cfa38817fc17c4358ac0e/detection 106.54.204.119:5050 # Reference: https://www.virustotal.com/gui/file/b3228db9bbc763295df17ec8c46d2a68bb6bba6f3300251ad0d90006b10cd979/detection 110.42.255.125:5050 # Reference: https://x.com/k3yp0d/status/1802636686238638088 # Reference: https://perception-point.io/blog/operation-red-deer/ # Reference: https://www.virustotal.com/gui/file/2a27a38de7465dbbfcf49f70cba4c348af659fb2d2623c7c7756334bc548960c/detection 149.102.147.106:550 149.102.147.106:90 194.26.192.174:222 45.80.158.65:2005 salah2.webredirect.org # Reference: https://x.com/ShanHolo/status/1802993175637696869 # Reference: https://www.virustotal.com/gui/file/fb7138752fb4c7bce1d21471f820f05ef71ed77d1f761f4c56baca036b8d646b/detection # Reference: https://www.virustotal.com/gui/file/ee78fefba7a8a09c433a3d6a41e130f04a39b946e0334460d8d4f0456bb3aeab/detection # Reference: https://www.virustotal.com/gui/file/a921f5b1086e398f226a6e4d0720eec65548deae54e5c93f083b482f757ddd6b/detection # Reference: https://www.virustotal.com/gui/file/97af53988ade69e98cad451478796dcaaa01aae88175f959bb084218123a4202/detection # Reference: https://www.virustotal.com/gui/file/7eef14dbead999058d4128a195c533d0a016de055ac2364a87a131a677c18e40/detection http://89.213.177.87 89.213.177.87:443 # Reference: https://x.com/K_N1kolenko/status/1803380619587535355 72.5.43.15:4449 80.76.49.148:4545 # Reference: https://asec.ahnlab.com/en/66790/ # Reference: https://www.virustotal.com/gui/file/e4358dfec6b848ffd5cf195a4055a3619c47432170281da3617c7110ec8e9e72/detection # Reference: https://www.virustotal.com/gui/file/55f047455519bc3cd96322361a66cd3667293f50811afe16c553382fa443465c/detection 118.41.52.88:3255 119.201.129.13:3255 121.181.165.56:3255 # Reference: https://x.com/K_N1kolenko/status/1803687246203138405 123.56.8.218:9215 2.58.56.168:4449 # Reference: https://www.virustotal.com/gui/file/a595fea24e86e504bc4e5936979f51b6376e5bec1fd7ba25be00eddb067805eb/detection 160.154.253.51:3615 # Reference: https://www.virustotal.com/gui/file/1b43831c91e21c1d2b8854f0d871d0770473132cf0c4f6e9e82152f96f60049b/detection 160.154.253.51:8204 endgame.sytes.net # Reference: https://x.com/K_N1kolenko/status/1805833957214241211 1.26.179.43:8848 1.31.93.59:8848 110.6.28.25:8848 110.6.31.1:8848 124.67.198.80:8848 194.55.186.121:1313 94.156.8.65:8080 # Reference: https://x.com/K_N1kolenko/status/1806200263536947587 86.208.62.200:4449 93.123.39.250:31145 # Reference: https://x.com/banthisguy9349/status/1806367283746332812 # Reference: https://x.com/NDA0E/status/1806371737522552833 104.243.47.93:222 172.93.111.165:6666 # Reference: https://www.virustotal.com/gui/file/bb3f2ff46e9dae66cf62c6e7606a66d02b65abc8dac96e96acd554ebf6fd40ad/detection 136.243.111.71:5500 services-line2.freeddns.org # Reference: https://www.virustotal.com/gui/file/18e58d0adbdcb4dd150e75f6580e612afc92da61bdeaf32d768e4393a1ebafe0/detection 85.100.179.157:20000 88.246.94.229:20000 ultra.webredirect.org webextension.accesscam.org # Reference: https://www.virustotal.com/gui/file/da8cbc01230c7de6230f933355c8db5c5ec8b0d4df8b0fe2b293477a99332ade/detection 147.185.221.20:45478 during-goto.gl.at.ply.gg # Reference: https://x.com/K_N1kolenko/status/1806586425044804026 194.55.186.155:2424 94.156.79.137:5650 # Reference: https://x.com/ShanHolo/status/1806608159491924450 # Reference: https://www.virustotal.com/gui/file/e35692b4f8b054ac141f02c5eafadf49340f89a51aea1aecc163460516b8dfb4/detection 136.243.111.71:155 # Reference: https://x.com/80vul/status/1807059491340333475 35.194.215.14:111 35.194.215.14:5985 35.194.215.14:85 # Reference: https://www.virustotal.com/gui/file/44e26831198bfdcdcc8e8dfb22cb3c2dac765435fd8e10f83a8a73319efd6e33/detection 94.232.249.111:6606 94.232.249.111:7707 94.232.249.111:8808 # Reference: https://x.com/K_N1kolenko/status/1807648901589074375 216.250.252.142:4449 45.40.96.164:3232 47.242.70.176:8848 5.180.155.164:2020 # Reference: https://www.virustotal.com/gui/file/000bfb90323a9ed3927b5a1d691fab2e920070bf78745f003d5a82e695eaaa97/detection 147.185.221.20:31102 it-postage.gl.at.ply.gg # Reference: https://x.com/banthisguy9349/status/1808888209306251349 http://104.223.22.86 http://212.70.149.205 http://23.26.76.239 http://23.94.126.49 http://38.22.104.227 http://51.89.34.245 http://66.225.254.182 # Reference: https://x.com/ScumBots/status/1808685459188453390 101.99.92.203:4449 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-07-06) http://197.0.49.10 http://41.62.90.108 128.90.113.125:9999 128.90.113.88:9999 128.90.128.115:9999 136.243.111.71:20000 136.243.111.71:20001 142.11.201.122:8713 142.11.201.123:8713 142.11.201.126:8713 147.189.170.37:7777 154.12.229.73:1994 157.20.182.5:9898 163.5.112.100:6606 163.5.112.100:7707 163.5.112.100:8808 172.111.150.131:2000 172.111.150.139:2000 172.111.150.142:2000 172.232.164.13:6606 172.232.164.13:8808 178.73.218.22:2000 185.104.195.215:2005 185.216.70.112:7777 185.241.208.181:9090 191.93.113.10:9003 193.26.115.30:8808 195.174.240.3:25 20.199.8.16:1726 213.195.117.131:5000 34.126.174.34:20000 34.126.174.34:2001 34.126.174.34:3000 34.126.174.34:3002 34.126.174.34:888 45.66.231.254:4444 45.66.231.254:5555 45.66.231.254:6006 45.66.231.254:7777 45.66.231.254:8008 46.246.6.14:2000 46.246.84.10:2000 51.81.24.83:3333 54.255.147.4:6000 81.19.137.226:2024 85.117.242.77:8848 90.112.70.19:8080 93.123.85.133:1337 94.156.64.188:5555 94.156.64.188:6006 94.156.64.188:7777 94.156.64.188:8008 94.156.69.27:6606 94.156.69.27:7707 94.156.69.27:8808 s1mpl3.simple-url.com # Reference: https://x.com/lontze7/status/1810171725373383158 http://207.32.218.10 207.32.218.10:443 # Reference: https://app.validin.com/detail?find=xt.png&type=dom&ref_id=de06224bc55#tab=host_pairs_v2 # Reference: https://www.virustotal.com/gui/ip-address/207.32.219.59/detection # Reference: https://www.virustotal.com/gui/file/610fcb9d69b7f1f3ae6302bcd761b92ec3a7b8334694a05674cbe2c017a2caa5/detection http://207.32.219.59 207.32.219.59:443 207.32.219.59:999 # Reference: https://asec.ahnlab.com/en/67861/ # Reference: https://www.virustotal.com/gui/file/b8f1fe93386003e82a148e0efd52759bc3be7bc7088537f6d031faec54870fb3/detection 157.20.182.5:36365 booosisnhead.ddns.net stevenhead.ddns.net # Reference: https://x.com/ScumBots/status/1811378434624393516 207.32.217.25:6606 207.32.217.25:7707 207.32.217.25:8808 khalidhost.loseyourip.com # Reference: https://x.com/K_N1kolenko/status/1810917401279574290 138.201.226.58:4449 15.235.151.228:8848 # Reference: https://www.virustotal.com/gui/file/9f60cdba09c697e1277f56435afaa9a7922e62a53d87f44d2cf1eeef2eacbaf8/detection 193.26.115.78:7077 newwork.ath.cx newwork.webredirect.org # Reference: https://www.virustotal.com/gui/file/c6c9ebaffa00c12062f244fab1e0919ce8e4904ca7f1501595d7e002b426c5f7/detection # Reference: https://www.virustotal.com/gui/file/8892f78d9929116bfd47ddcf9814dc91ec0640ea8e9eece9e5adc78722e34ef6/detection khalid.dnsdojo.org # Reference: https://www.virustotal.com/gui/file/4bcbe93bd355b824252d1f51f12d4c9c9063b8d316e84d9bb84530228dcfcbf8/detection # Reference: https://www.virustotal.com/gui/file/98c208ad12bf758a390cc7a69004d69a8c172708e26f4c259580fa40168b306e/detection 45.138.16.251:6666 45.138.16.251:81 elsa3eed.ath.cx # Reference: https://www.virustotal.com/gui/file/3ef5ae6a142303afb66b2fb9d376a0304874666bcdb3f9dc3f6224ec6eaf5b40/detection http://91.92.248.36 91.92.248.36:6210 maggiorallic.com # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv http://104.243.32.103 http://172.245.20.196 http://185.18.222.24 http://194.233.73.183 http://197.0.103.174 http://23.94.197.108 http://79.110.49.135 103.195.100.175:6666 104.238.222.104:6606 104.243.34.3:6668 104.243.34.3:6669 108.174.200.80:222 108.174.200.80:7707 109.228.40.86:1433 128.90.106.157:9999 128.90.106.58:9999 128.90.106.59:9999 128.90.113.228:9999 128.90.113.26:9999 128.90.113.3:9999 128.90.128.201:9999 128.90.128.218:9999 128.90.128.88:9999 128.90.129.55:9999 128.90.129.74:9999 128.90.129.79:9999 128.90.129.85:9999 136.243.151.123:200 14.230.105.105:8080 142.11.201.122:8714 142.11.201.124:8713 142.11.201.125:8713 142.11.201.125:8714 144.126.151.185:2004 144.126.151.185:2005 149.56.30.19:6606 149.56.30.19:7707 151.106.34.110:7707 154.12.229.73:1995 154.12.229.73:2000 154.12.229.73:2002 154.12.229.73:2005 156.195.234.60:222 157.20.182.5:4443 157.20.182.8:9898 157.66.25.16:8888 158.220.83.114:8808 161.97.151.222:113 172.111.150.141:2000 172.111.150.143:2000 172.245.20.196:2003 172.245.20.196:2004 172.245.20.196:222 172.245.20.196:8080 172.94.111.21:8888 173.208.162.39:20000 173.208.162.39:3000 173.208.162.39:888 173.208.162.39:999 176.111.174.140:8808 178.156.8.185:4002 178.156.8.185:5001 178.156.8.185:6000 178.16.141.152:443 178.73.192.19:2000 179.243.0.223:9441 179.243.0.223:9442 179.243.0.223:9443 179.243.0.223:9999 185.104.195.215:2003 185.18.222.24:443 185.208.158.113:8010 185.216.70.112:8888 185.240.104.231:25565 185.241.208.181:2020 185.62.86.134:333 187.24.12.84:9999 187.24.4.91:9999 188.126.90.4:2000 188.126.90.7:2000 188.218.202.7:7707 192.227.190.133:7777 192.227.190.133:8888 192.227.190.133:9999 192.250.226.28:4800 192.250.226.28:7077 193.201.9.183:8808 193.23.161.147:7777 193.26.115.132:6606 193.26.115.132:7707 193.26.115.139:8888 193.26.115.222:6606 193.26.115.222:6666 193.26.115.222:7707 193.26.115.222:8808 193.26.115.226:6606 193.26.115.226:7707 193.26.115.22:4444 193.26.115.22:6606 193.26.115.22:7707 193.26.115.22:8088 193.26.115.22:8808 193.26.115.22:9999 193.26.115.34:6606 193.26.115.34:7707 193.26.115.34:8808 193.26.115.78:5555 193.26.115.78:6666 193.26.115.78:7707 193.26.115.78:8080 193.26.115.78:8888 193.26.115.78:9999 193.26.115.85:6606 193.26.115.85:7707 193.26.115.85:8808 194.26.192.132:6666 194.26.192.194:8088 194.26.192.214:8808 194.26.192.34:444 194.26.192.59:4444 194.26.192.59:5555 194.26.192.59:6666 194.26.192.59:7707 194.26.192.59:7777 194.59.30.113:4609 194.62.157.160:8888 196.65.181.213:4444 198.58.123.40:5505 198.58.123.40:6606 2.58.56.39:2000 2.58.56.39:4444 2.58.56.39:7777 2.58.56.39:8888 2.58.56.39:9999 2.89.135.29:888 207.174.26.115:5505 207.174.26.69:5505 207.174.26.70:5505 207.244.238.106:7707 207.32.219.81:8808 209.145.56.0:1113 209.145.56.0:1114 213.195.119.157:4002 213.195.119.157:5000 213.195.119.157:5001 213.195.119.190:4002 213.195.119.190:5000 213.195.119.190:5001 213.195.119.190:6001 213.195.120.40:5000 213.195.120.40:5001 216.225.202.59:2005 23.26.108.141:8888 23.94.126.49:6606 23.94.126.49:7707 23.94.126.49:8808 23.94.197.108:8080 31.124.151.250:9000 34.45.75.65:888 34.83.210.13:6606 37.230.62.29:443 4.246.230.34:2000 45.126.209.221:81 45.126.209.221:82 45.138.16.66:9090 45.32.169.187:2000 45.66.231.69:4444 45.66.231.69:6006 45.66.231.69:7777 45.66.231.69:8008 45.80.158.42:6001 45.83.31.19:6606 45.83.31.19:7707 45.83.31.19:8808 45.83.31.19:8888 45.83.31.241:4444 45.83.31.241:6606 45.83.31.241:7707 45.83.31.241:7777 45.83.31.241:8808 45.83.31.253:7707 45.88.186.147:6606 45.88.186.147:7707 45.88.186.147:8808 45.88.186.151:6606 45.88.186.151:7707 45.88.186.151:8808 45.88.186.168:7707 45.88.186.168:8888 45.88.186.168:9999 45.88.186.203:6606 45.88.186.203:7707 45.88.186.203:8808 45.88.186.213:6606 45.88.186.213:7707 45.88.186.213:8808 45.88.186.228:6606 45.88.186.228:7707 45.88.186.228:8808 45.88.186.43:6606 45.88.186.43:7707 45.88.186.43:8808 45.88.186.63:7707 45.88.186.63:8808 46.183.25.108:443 46.246.12.3:2000 46.246.12.8:2000 46.246.14.14:2000 46.246.4.15:2000 46.246.4.17:2000 46.246.4.4:2000 46.246.6.20:2000 46.246.6.21:2000 46.246.80.20:2000 46.246.80.22:2000 46.246.86.16:2000 47.121.120.18:6606 47.129.39.120:6606 47.238.53.31:8888 5.34.182.173:8808 5.42.105.59:6606 51.161.104.86:777 51.254.67.181:6666 51.68.30.114:6606 52.12.49.46:2000 54.39.216.118:5050 57.128.136.230:9090 64.188.26.202:1604 74.208.107.116:8443 77.105.161.171:8808 82.165.74.190:6606 82.165.74.190:7707 83.147.55.53:8808 91.92.255.114:7707 91.92.255.79:4444 91.92.255.79:6006 91.92.255.79:6606 91.92.255.79:6666 91.92.255.79:7707 91.92.255.79:7777 91.92.255.79:8008 91.92.255.79:8808 93.242.156.76:51125 94.130.162.223:666 94.156.68.100:5555 94.156.68.100:6006 94.156.68.100:6606 94.156.68.100:6666 94.156.68.100:7707 94.156.68.100:7777 94.156.68.100:8008 94.156.68.100:8808 94.156.68.10:6606 94.156.68.10:7707 94.156.68.10:8808 94.156.68.118:6006 94.156.68.118:6606 94.156.68.118:7707 94.156.68.118:8008 94.156.68.118:8808 94.156.68.59:8808 94.156.8.54:2222 94.156.8.54:4444 94.228.166.40:7707 95.98.144.201:2222 # Reference: https://x.com/K_N1kolenko/status/1812729790153060719 149.88.68.93:4449 2.56.245.243:7777 45.83.246.140:3232 54.153.17.157:14445 # Reference: https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software # Reference: https://www.virustotal.com/gui/ip-address/64.94.84.200/relations # Reference: https://www.virustotal.com/gui/file/3abdcdaf35d27527fe642e94cf0b33b72267e1f05fa8d947d3c6f9bd4e79f63c/detection # Reference: https://www.virustotal.com/gui/file/11be386867f47cf17cd8f556efe4a89ba46084cbb13f608bae5591ed75532dcf/detection http://104.238.34.204 http://216.245.184.105 pretoria24.top rosetta.cn rosetta.top rosettahome.cn rosettahome.top rzegzwre.top # Reference: https://x.com/malwrhunterteam/status/1815314302233887188 # Reference: https://www.virustotal.com/gui/file/bb957ba522861a3d00e340f2cceb051d19046bb4fc6a0bcf03a6942c1a60c809/detection # Reference: https://www.virustotal.com/gui/file/ae37daf1ed803957ad1c9775be7796e8a5eeed47ec840c479aaf14b4906aa4f2/detection # Reference: https://www.virustotal.com/gui/file/51553e1373d3c97cf6f4c4aaf49fb3602adae02f7df245c4c98be467c687ed3a/detection # Reference: https://www.virustotal.com/gui/file/3f9dce25ab9db240fe97438eba1882e13f0f7cd3ffbf4c6151035980d3e792f5/detection 128.90.59.154:6161 128.90.59.185:6161 xsesx.duckdns.org # Reference: https://x.com/K_N1kolenko/status/1815649563270688897 141.98.7.91:7771 217.15.160.54:8848 27.124.45.70:8848 # Reference: https://x.com/malwrhunterteam/status/1816093946059120803 # Reference: https://www.virustotal.com/gui/file/961ce7460021cc08a288b9c950f890b0c3f4f975638f29ff8ef712ea5598201c/detection nkprotect.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-07-26) 102.72.3.145:1111 147.185.221.16:2035 147.185.221.19:2035 2.58.80.130:6606 2.58.80.130:7707 2.58.80.130:8808 37.130.98.195:1604 4.233.220.67:6670 45.132.107.72:4449 45.132.107.72:8090 45.138.16.215:3232 45.148.244.13:1604 50.18.145.13:14445 89.213.56.62:4449 scar77747.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1817956577162510622 # Reference: https://www.virustotal.com/gui/file/c0885fb20ec6822ecf51e73751f0192f09f0e747ca20f9b75458222bc4c685e5/detection # Reference: https://www.virustotal.com/gui/file/7ca2ea6fe909eba4e36a7c8bcdc3593160088dffa65a4ddf845f397e6c513ea2/detection # Reference: https://www.virustotal.com/gui/file/15a6914f80e47de6d4aae8a90c124435ff8e05e8b6077a6c0cd4be4ee11b64d9/detection 85.209.133.142:1420 85.209.133.142:1488 riu.one qa.riu.one # Reference: https://www.virustotal.com/gui/file/86d3e077adb81ff6aff73b71363a7bd62d8817e617b6878bbb67849bc05d0ab1/detection 37.120.239.54:2211 # Reference: https://www.virustotal.com/gui/file/de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b/detection 85.192.63.68:8245 # Reference: https://x.com/RacWatchin8872/status/1818232911784550539 # Reference: https://tria.ge/240729-y2bt7asgpf/behavioral2 # Reference: https://tria.ge/240730-mfmtsa1fma/behavioral2 # Reference: https://www.virustotal.com/gui/file/41ae3eb86359c776ac1b40faf1eb43eb7d874cbf233444aa3af554257d64e62a/detection 104.243.37.35:222 199.127.63.32:6666 abdallah07.ddns.net backwork07.ddns.net # Reference: https://www.virustotal.com/gui/file/6edbed1b167849bf9808b2288299949fd931495836ee3c756d3c724e3d8e9ead/detection 8.218.154.78:8443 xianggangip.oss-cn-hongkong.aliyuncs.com # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03) http://34.136.20.17 http://45.141.151.163 103.195.100.105:100 103.195.100.105:113 103.195.100.105:222 103.195.100.105:8808 105.158.34.226:4444 105.72.0.59:64 108.174.200.80:6606 108.61.192.110:8808 110.42.66.74:8808 113.169.210.19:8080 13.60.33.38:60120 144.126.149.221:77 144.91.79.54:32769 147.135.165.29:6666 147.185.221.19:59786 147.185.221.20:36797 147.185.221.20:60349 15.188.86.159:2000 154.12.229.73:1992 157.20.182.8:8067 157.20.182.8:852 160.177.63.69:4444 163.5.64.209:7707 173.44.139.179:8000 173.44.139.179:8080 173.44.139.179:8191 176.111.174.140:6606 176.111.174.140:7707 176.174.54.18:4449 177.255.84.124:4041 177.255.84.124:7040 178.215.236.100:1852 185.104.195.215:7070 185.104.195.215:8808 185.216.214.217:5858 185.241.208.181:3030 187.24.11.141:9999 192.228.105.2:7707 193.23.160.13:7707 193.26.115.132:8808 193.26.115.226:8808 193.26.115.22:2222 193.26.115.22:8888 193.26.115.34:888 193.26.115.34:8888 193.26.115.78:4444 193.26.115.78:6606 193.26.115.78:8808 194.26.192.194:6606 194.26.192.202:1010 194.26.192.214:6606 194.26.192.214:7707 194.55.186.129:5000 194.62.157.160:4444 194.62.157.160:9999 198.23.227.140:1901 198.23.227.140:8000 198.23.227.140:9090 198.23.227.175:1901 198.23.227.175:8000 198.23.227.175:9090 2.58.56.39:5555 2.58.56.39:6666 20.82.141.111:6576 207.174.26.115:7707 23.94.197.108:6606 23.94.197.108:7707 23.94.197.108:8808 41.142.19.167:4444 41.249.239.195:4444 41.43.215.72:2003 45.139.198.242:6606 45.141.151.163:4449 45.80.158.42:8808 45.83.31.19:6666 45.83.31.19:7777 45.83.31.253:6606 45.83.31.253:8808 45.88.186.63:6606 45.90.13.137:7707 5.252.74.251:8808 64.188.9.173:1526 84.44.148.177:4782 85.28.47.123:7707 93.242.156.76:51123 94.156.64.156:8000 94.156.68.100:4444 94.156.68.118:4444 94.156.68.118:5555 94.156.68.118:7777 94.156.68.59:6606 94.156.68.59:7707 94.232.249.204:6606 94.232.249.204:6660 94.232.249.204:7707 94.232.249.204:8808 95.142.46.3:4449 95.142.46.3:7000 # Reference: https://x.com/banthisguy9349/status/1820096535981691337 # Reference: https://app.validin.com/detail?find=o7lab%20Security%20Whitehat%20Blog&type=raw&ref_id=3380ec169f6#tab=host_pairs_v2 # Reference: https://www.virustotal.com/gui/file/e24dd26925db61391a279370f6ee22e4d35ea0a13ca88ae7dae5a8def177832e/detection # Reference: https://www.virustotal.com/gui/file/7ce2d225442252064d744be1c38e9c1572dd355bbbaf7fa411ce79e41288dfca/detection # Reference: https://www.virustotal.com/gui/file/736575d7277732b652edade1e21e8614755935b24ba6b032c2a831748a006ac4/detection http://142.171.23.18 http://45.89.247.62 194.55.186.129:5000 94.156.69.242:1337 94.156.69.242:4449 94.156.69.242:7777 o7lab.me o7labs.top prizes.biz underground-cheat.xyz blue.o7lab.me server.underground-cheat.com server.underground-cheat.xyz thruster.financetop.privo.net # Reference: https://x.com/raghav127001/status/1820237011761926208 # Reference: https://www.virustotal.com/gui/file/abdf746e4c16ddc86d74533bd0e4d724ab4f45e81f0139a03c00bfb152139aab/detection 87.89.82.13:1337 namz.read-books.org # Reference: https://tria.ge/240806-qtmygsvanf/behavioral1 anothonesevenfivesecsned.ddns.net # Reference: https://www.virustotal.com/gui/file/2a396766fa969c0034d88c3b3d7f048c3e2807b6e185bf81b6e1b5e2af0fd165/detection 91.92.241.190:6606 91.92.241.190:7707 91.92.241.190:8808 salan1.webredirect.org # Reference: https://x.com/banthisguy9349/status/1821871423368953936 # Reference: https://www.virustotal.com/gui/file/0b63d48fadc191ad675eb56b7d618aa8eb2e8968b9602c41eff49dcff7fc052e/detection bmexcellentfocus.net nc.bmexcellentfocus.net # Reference: https://www.virustotal.com/gui/file/985239f8b609384593ddf4ccb5310eac3cad3dd7779d6d3355b3f46541d2fd14/detection 213.159.74.80:14143 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-08-10) http://34.30.200.104 103.174.191.71:6606 103.174.191.71:7707 103.174.191.71:8808 103.195.100.105:116 103.195.100.105:119 103.195.100.105:6606 103.195.100.105:7707 103.195.102.21:2222 103.195.102.21:4444 104.238.222.104:7707 104.238.222.104:8808 104.243.37.24:6666 138.128.247.216:1231 14.237.71.174:8080 154.12.229.73:1337 154.216.20.190:4449 154.216.20.242:4449 154.216.20.242:5000 163.5.112.122:6606 163.5.112.122:7707 163.5.112.122:8808 163.5.112.78:6606 163.5.112.78:7707 163.5.112.78:8808 172.96.172.158:8888 173.208.162.39:3001 173.44.139.179:8090 173.44.139.179:8099 173.44.139.179:8880 181.131.217.255:1524 194.156.88.2:222 194.26.192.59:6606 194.26.192.59:8808 196.206.75.48:4444 196.64.255.65:4444 196.65.175.15:4444 2.58.56.193:222 2.58.56.193:5555 20.19.33.124:1125 31.220.85.74:8808 34.154.67.14:6606 34.30.200.104:60 34.30.200.104:81 45.126.209.221:83 45.66.231.149:6606 45.66.231.149:7707 45.66.231.149:8808 45.66.231.202:7777 45.66.231.217:4444 45.66.231.217:6006 45.66.231.217:6606 45.66.231.217:6666 45.66.231.217:7707 45.66.231.217:7777 45.66.231.217:8008 45.66.231.217:8808 45.80.158.42:5001 46.246.14.10:2000 5.252.165.55:1986 62.60.210.205:10000 66.179.254.54:8808 78.161.52.128:20000 78.161.52.128:8808 78.161.52.128:888 91.92.243.191:5401 91.92.246.91:7777 94.156.69.242:5000 vmi1946577.contaboserver.net # Reference: https://www.virustotal.com/gui/file/0fa269be03146fff09c0ed89d794dc3c141f9e60a5c1e83c432a022294e2a19d/detection # Reference: https://www.virustotal.com/gui/file/dc2d68253a4a4ea14e4abf2216d780ed1d54f32547a156496581174e2e1f013e/detection 91.92.243.101:6606 91.92.243.101:7707 91.92.243.101:8808 drasticqq.zapto.org # Reference: https://www.virustotal.com/gui/file/cb92050fe9d71b8a850b65229ea0d2a4c4c2761245f2915cfdf48ccf28acf451/detection # Reference: https://www.virustotal.com/gui/file/cb92050fe9d71b8a850b65229ea0d2a4c4c2761245f2915cfdf48ccf28acf451/detection 107.173.62.136:6644 181.141.8.140:6644 888manotools.duckdns.org # Reference: https://www.virustotal.com/gui/file/09fa650f618080d0d0a934302c896f4d17c5cfd96199c73c197ba5cca0fc1bd9/detection # Reference: https://www.virustotal.com/gui/file/d04bd140e96d286f8769a38420ea1136f9a52ee7ae8da7f1ce19982ae1055b5b/detection # Reference: https://www.virustotal.com/gui/file/f84f4d3f03f23f0437407b23a95553917dd0c38335a3deac098a0bb63a961c84/detection 107.173.62.21:6606 107.173.62.21:7707 107.173.62.21:8808 173.249.196.196:6606 173.249.196.196:7707 173.249.196.196:8808 multitaskerx32.duckdns.org ndpalacabeza.duckdns.org /loader/uploads/Ovxnztupybj.png /Ovxnztupybj.png # Reference: https://x.com/K_N1kolenko/status/1822951281448640667 154.221.20.129:8080 3.120.176.240:8848 45.32.157.174:1337 82.45.178.145:1337 # Reference: https://www.virustotal.com/gui/file/b7b215211636bce8abde21c537e455cb05d0e010148f51dd022bc55acdfcb160/detection 179.14.168.79:1990 16dejulio2020.duckdns.org # Reference: https://www.virustotal.com/gui/file/00784c7c4c9d7d84b2d1b81d05f06663ad4ab69104ce84e43efb6d45687d5475/detection bookreading2024.net # Reference: https://www.virustotal.com/gui/file/56ccf81ed97f04a364b92c272c933aacdc1c3bc92f4f92ef8e8e8c6500bc5546/detection 206.53.55.147:1004 salah4.webredirect.org # Reference: https://x.com/banthisguy9349/status/1824832570011328863 109.199.101.109:443 149.102.147.106:443 154.216.20.112:443 185.150.190.160:443 206.53.55.147:443 23.94.126.49:443 51.81.30.54:666 /DDkFuG3qWJdaZoc4qrzpg.txt /Dddoxxx.jpg /HOtbZNroLdCOlkmC.jpg /MiyLdAnAfs.jpg /Q8ks7fS084FaHjcHtiDMwiDAX.txt /ojzxjopybsmvtkuv.txt # Reference: https://www.virustotal.com/gui/file/54ea368d620e9725254bbbe65acc48fc56b36c7cc468e52a8dcb1c84015bf325/detection 109.199.101.109:1002 word2.webredirect.org # Reference: https://www.virustotal.com/gui/file/0cc59c7a224ace617aeb365684f5272fd07723c2ae0deacb2c8909521559756b/detection 23.94.126.49:6606 23.94.126.49:7707 23.94.126.49:777 23.94.126.49:8808 jackboyrx.duckdns.org # Reference: https://www.virustotal.com/gui/file/0ee1a4bfda6573e96c5e5be149a31fc7cdcf700b973a438f1a9431530e5ad56f/detection 154.216.20.112:555 hema2024.from-ut.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-08-18) http://45.126.209.221 104.238.189.204:2424 104.238.189.204:4444 105.156.60.187:4444 105.156.61.62:4444 142.202.240.141:6606 154.216.18.213:6606 154.216.20.112:7777 154.216.20.112:8808 154.216.20.112:8888 160.179.65.105:4444 160.179.66.190:4444 163.5.32.129:7707 172.96.172.158:2222 172.96.172.158:5555 172.96.172.158:6666 172.96.172.158:7707 173.44.139.179:9090 178.73.192.14:2000 179.241.191.175:9999 181.137.113.195:2021 187.24.1.114:9999 192.159.99.43:7707 2.58.56.92:7777 216.107.136.24:7777 23.95.106.22:35153 41.142.192.11:4444 41.142.192.236:4444 41.249.56.199:4444 45.66.231.130:6606 45.66.231.130:7707 45.66.231.130:8808 45.66.231.241:7777 45.88.186.244:6606 45.88.186.244:7707 45.88.186.244:8808 45.94.31.119:111 45.94.31.119:222 45.94.31.120:111 45.94.31.120:222 46.246.12.21:2000 46.246.6.15:2000 46.246.84.19:2000 62.60.210.205:2086 69.197.145.38:888 82.165.74.190:8808 94.156.69.198:4444 94.156.69.198:6006 94.156.69.198:6606 94.156.69.198:6666 94.156.69.198:7777 94.156.69.198:8008 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18) 156.195.155.193:2004 156.195.159.197:2004 187.24.64.197:9999 192.210.229.8:8880 196.64.246.160:4444 196.65.171.214:4444 # Reference: https://www.virustotal.com/gui/file/0af0b4bffa67145e4e5ecd2321bb7790e9c14ed802a7984798fc7c00b6763207/detection 45.148.244.112:7702 # Reference: https://www.virustotal.com/gui/file/96830a2a4a61ba8263513f4a76c620f1da22a12fb4eb9324f18128404c9170bb/detection 23.94.207.116:1177 nova.sytes.net # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24) 104.243.37.126:4444 104.243.47.235:443 107.178.105.137:6606 128.90.106.105:9999 128.90.106.219:9999 128.90.113.100:9999 142.44.252.8:222 147.189.168.167:4444 147.189.170.37:7707 154.216.20.112:9999 154.216.20.29:8808 163.5.32.72:7707 172.111.150.137:2000 173.44.139.179:1901 176.31.147.216:6745 179.13.4.53:8082 192.210.229.8:8000 194.26.192.121:2000 194.26.192.121:7777 198.23.227.140:8881 2.58.56.157:6606 2.58.56.157:7707 2.58.56.157:8808 2.58.56.157:9909 2.58.56.92:6606 2.58.56.92:7707 2.58.56.92:8808 45.94.31.119:5555 45.94.31.119:6606 45.94.31.119:7707 45.94.31.119:777 45.94.31.119:8808 46.246.6.4:2000 69.197.145.38:20000 69.197.145.38:3000 69.197.145.38:999 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-08-25) http://2.59.134.73 103.195.100.105:202 107.178.105.137:8808 23.95.106.22:7790 45.55.194.173:9090 62.113.117.95:4449 80.240.28.67:3826 80.240.28.67:3827 kenesrakishevinfo.com # Reference: https://www.virustotal.com/gui/file/0b9189931f5ff0ebcbfe32c05ae62b645b5a9dffe3d5fc6af3effbf218d0b4c3/detection 185.29.11.28:9983 floor-contemporary-genius-accommodation.trycloudflare.com # Reference: https://x.com/JAMESWT_MHT/status/1828191158045901013 # Reference: https://app.any.run/tasks/0434cf44-9e95-4808-aa13-4620e4fabaf2 # Reference: https://app.any.run/tasks/1f006b3a-1147-472c-85db-c9ab3016d4d8 # Reference: https://www.virustotal.com/gui/file/39c4d2c738925df996e66aa13c3db2c58e81f2bcd8b7c0c312ace0562b13b322/detection # Reference: https://www.virustotal.com/gui/file/b3ebae9c04c8ab1c5aee3c6733fd02bd67117d7028666c71f385dbb2fce426ff/detection # Reference: https://www.virustotal.com/gui/file/da9d6b0a69c4c406914b1c5b7e1c395c6c2e9bd55d67f07fa54e2c8930d6bc0d/detection 173.249.196.110:2020 181.235.10.116:2020 enviasept.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1828387904361533611 # Reference: https://www.virustotal.com/gui/file/59beb9bd5fd9ef67e6b90313622aee0e41568befa1cfb7f08aa88f4d0fbabc69/detection 148.113.165.11:3090 # Reference: https://x.com/RacWatchin8872/status/1829163583986643429 # Reference: https://x.com/g0njxa/status/1829177645348860120 /vvTBswN.php # Reference: https://www.virustotal.com/gui/file/8dd63124c53ad2539f0a8442d5f7dbe0b582f84f6d40ca725e77b1cf2fd9f140/detection 91.109.190.5:2019 # Reference: https://x.com/K_N1kolenko/status/1830555300589449255 146.103.40.243:4449 154.216.20.204:1602 157.20.182.193:881 167.88.165.20:4444 198.98.58.93:999 # Reference: https://x.com/K_N1kolenko/status/1831980364199596121 157.20.182.18:4449 198.23.219.104:7001 204.12.203.92:4449 213.238.177.243:8848 95.179.246.167:1024 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07) http://5.180.106.132 103.164.226.125:2222 103.195.102.21:2266 104.243.37.177:443 104.243.37.177:6606 104.243.37.177:7707 104.243.37.177:8808 104.243.47.56:4444 107.175.31.172:8808 108.61.177.169:4444 128.90.102.146:5155 128.90.102.146:9441 128.90.103.16:9999 128.90.106.199:9999 128.90.122.41:9999 128.90.123.215:9999 141.98.154.54:8808 147.189.174.48:6666 149.102.147.106:60 154.12.242.122:8808 154.216.17.231:2222 154.216.17.231:4444 154.216.17.231:7777 154.216.20.112:6666 154.216.20.29:5454 163.172.125.253:82 163.172.125.253:83 164.92.232.138:9927 164.92.232.138:9928 173.44.139.179:8881 178.73.218.17:2000 185.104.195.215:7707 185.174.101.88:7707 188.218.110.233:7707 188.218.98.93:7707 192.250.226.28:8401 193.26.115.159:6606 193.26.115.159:6666 193.26.115.159:7707 193.26.115.159:8808 193.26.115.70:6606 193.26.115.70:7707 193.26.115.70:8808 194.26.192.222:222 194.26.192.222:4444 194.26.192.222:555 194.26.192.222:5555 194.26.192.222:6606 194.26.192.222:6666 194.26.192.222:7707 194.26.192.222:8808 194.26.192.74:4444 194.26.192.74:555 194.26.192.74:5555 195.3.223.146:6969 207.231.111.82:301 207.32.218.21:6666 45.202.35.12:6606 45.202.35.12:7707 45.202.35.12:8808 45.83.31.241:100 45.83.31.66:6006 45.88.186.113:7077 45.88.186.169:7077 45.88.186.218:7077 45.88.186.244:7077 46.246.84.6:2000 51.254.67.181:6606 51.254.67.181:7707 51.254.67.181:8808 64.188.9.172:5090 64.188.9.177:5080 66.154.113.81:6606 66.154.113.81:7707 66.154.113.81:8808 88.170.194.154:40000 88.201.9.34:443 89.39.106.35:1331 # Reference: https://www.virustotal.com/gui/file/6bb2386101837fd4e8a32018f2d8ec5bbd646bef9a5513783f782fe2ae1ff3e0/detection # Reference: https://www.virustotal.com/gui/file/2e63b012bb3fa9df55bdcef31185577686fe71756580ac2f2fa23f6e9b82c687/detection 179.13.0.188:3000 179.13.0.188:4000 179.13.0.19:3000 179.13.0.19:4000 179.13.2.131:3000 179.13.2.131:4000 trabajo25.duckdns.org # Reference: https://www.virustotal.com/gui/file/425e3e4f280f19e1de7ced375ab0b31dbd2ffe49ed2684ecb140918d662d58ff/detection 194.147.140.241:5552 y20.ddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-08) 103.195.102.21:2233 198.23.197.108:7707 20.109.46.176:8080 64.23.232.116:7812 21562-36559.bacloud.info asynctechlino.duckdns.org danieltorrenegra5020.con-ip.com deadpoolstart2025.con-ip.com editorials.duckdns.org fernandocuellar909080.con-ip.com fernandoesquiveldominio.con-ip.com fttuvgt.ddnsfree.com mail.er-lach.eu modsmasync.duckdns.org momehvenom.duckdns.org nanarchym.duckdns.org v57018.php-friends.de vulcano10.duckdns.org # Reference: https://x.com/K_N1kolenko/status/1833018771436413396 45.131.109.206:4449 85.17.106.240:707 tenfreehse.dynuddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-09) 104.243.35.72:8888 146.235.38.234:8225 157.20.182.8:8888 188.190.193.62:4449 192.129.178.59:8713 198.71.58.46:8000 198.71.58.46:888 64.188.9.175:3007 88.119.175.153:5555 88.119.175.153:6666 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-14) http://124.156.206.217 http://163.172.125.253 103.195.100.105:57 103.198.26.95:8000 104.243.34.3:2002 128.90.123.33:9999 136.175.8.35:8080 142.202.240.39:8088 142.202.240.72:4444 142.202.240.72:6006 142.202.240.72:8008 144.126.151.185:2006 156.244.14.14:8080 163.172.125.253:81 165.227.81.186:4444 172.111.189.20:2000 178.215.236.114:2222 178.215.236.114:4444 192.129.178.58:8713 192.129.178.60:8713 192.129.178.61:8713 192.129.178.62:8713 198.23.227.175:8090 2.58.85.196:2323 23.95.106.22:6756 31.220.85.74:7707 45.77.112.205:8000 45.88.186.211:4444 45.88.186.211:6006 45.88.186.211:6606 45.88.186.211:7707 45.88.186.211:8008 45.88.186.211:8808 45.88.186.211:8888 45.88.186.61:7077 45.89.247.62:7777 46.246.4.13:2000 46.246.80.10:2000 86.38.225.234:9091 88.119.175.153:7777 88.119.175.153:8888 # Reference: https://x.com/Racco42/status/1835588779509199035 # Reference: https://app.any.run/tasks/87a918fc-f5f0-46f3-92fc-5f1a10dc91eb # Reference: https://www.virustotal.com/gui/file/e90a2422a138f3033f7bbaea5ec42f4e44e67ee1bbf1f8f439bf5a2b43cd1d21/detection # Reference: https://www.virustotal.com/gui/file/169ac835fb39875b99786bfd826c482807fb92a8630897c75db6d562cbdd2d6f/detection # Reference: https://www.virustotal.com/gui/file/5baa818d0b2d658a26691715da4953a584acf69d053b3dbd5bff68379e8d748c/detection 144.202.36.158:2107 149.28.100.37:2107 207.246.71.153:2107 45.77.72.186:2107 juanjuan20231.kozow.com # Reference: https://x.com/malwrhunterteam/status/1835584557334089904 # Reference: https://www.virustotal.com/gui/file/2c295492de80df3a89ee60ae665b4209455aafe8574e044ff4f4ebe205e5ba15/detection 193.26.115.48:7077 45.88.186.223:777 mohfat7y.freeddns.org workingzoon.work.gd # Reference: https://www.virustotal.com/gui/file/2b867ff217653a0ae8a7cdc35b7596e5cc9493a8ad140f04ddd4180a6440b027/detection 147.185.221.22:27881 # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22) 105.154.29.81:8000 105.159.143.49:8000 109.199.101.109:1001 128.90.122.238:9999 128.90.123.30:9999 128.90.123.9:9999 163.172.125.253:84 172.111.189.21:2000 172.212.97.180:6606 178.215.236.114:8888 191.93.114.27:9003 191.96.235.192:5555 193.26.115.102:6606 193.26.115.102:7707 193.26.115.102:8808 216.107.136.76:7777 23.95.106.22:28351 38.165.1.3:39315 41.141.146.213:8000 41.141.147.188:8000 41.250.25.231:8000 45.126.209.19:22 45.126.209.19:2222 45.126.209.19:4444 45.126.209.52:5555 45.126.209.52:6666 45.202.35.100:6606 45.202.35.100:7707 45.202.35.100:8808 45.77.72.102:2727 46.246.82.8:2000 5.83.48.5:6001 51.89.207.240:4343 57.128.132.198:4049 64.188.9.175:9200 77.105.161.6:8000 88.119.175.153:6606 88.119.175.153:7707 88.119.175.153:8808 89.117.23.22:6606 93.123.85.247:7777 93.123.85.247:8888 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-22) 103.252.93.30:4449 154.216.17.155:7707 154.216.17.155:8808 191.96.235.192:7777 198.23.227.140:8090 34.145.18.233:7707 34.31.210.192:8808 5.226.137.132:4449 85.198.108.36:7667 163-172-125-253.rev.poneytelecom.eu ansj.duckdns.org asyn8097.duckdns.org delonuevomision.con-ip.com govpet.mysynology.net timez0.duckdns.org # Reference: https://x.com/K_N1kolenko/status/1839216071150121271 148.113.165.11:3236 # Reference: https://x.com/RacWatchin8872/status/1839253450288198121 # Reference: https://app.any.run/tasks/fd329952-711e-4351-ab6b-a6c6205cdbee kareemovic11.duckdns.org # Reference: https://x.com/threatcat_ch/status/1839177437374022109 # Reference: https://www.virustotal.com/gui/file/5d5b4f259ef3b3d20f6ef1a63def6dee9326efe2b7b7b7e474008aa978f1f19b/detection 185.91.69.119:56001 # Reference: https://www.virustotal.com/gui/file/943671d4114a0fed608e7c43bc2cf5443a121a3100875eb818693c67d011ce61/detection 45.135.232.38:52350 64.44.156.35:52350 asmby.duckdns.org # Reference: https://x.com/K_N1kolenko/status/1842206015732801663 45.84.199.218:1604 8.140.196.172:42606 84.46.250.60:4449 # Reference: https://www.virustotal.com/gui/file/c1cbd79697153da1dd0cad7e8a1267459db4f0710d00a13d2f1638989ba221ef/detection 24.152.38.77:8848 winddows.duckdns.org # Reference: https://x.com/0xmh1/status/1843249014764118457 # Reference: https://www.virustotal.com/gui/file/b032a4909919e85a0a6dbd4a953173cb60c81ae5462f7dd0cfc0370d3d831ade/detection 179.43.180.122:56001 # Reference: https://www.virustotal.com/gui/file/b5d77f3e884b0f4fa1bfeb40a9f976293d2bfbb316dbc91b04d2277ada464d02/detection 45.66.231.87:7211 nasyiahgamping.com # Reference: https://www.virustotal.com/gui/file/841c4c804c8c10b19da50f463caebe94ba1dee6956dbd59ceefee615417ea8b8/detection 185.106.123.198:6606 185.106.123.198:7707 185.106.123.198:8808 420cloud.duckdns.org cloudhost420.duckdns.org cloudhost420.sytes.net # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13) http://1.239.98.205 http://109.199.104.52 101.99.92.100:21 101.99.92.100:4899 103.195.100.105:1919 104.243.47.56:8888 104.255.175.7:8808 105.154.15.219:8000 128.90.102.94:5155 128.90.103.145:9999 128.90.103.9:9999 128.90.122.7:9999 134.19.179.179:19125 136.175.8.59:9999 142.202.242.182:5555 142.202.242.182:6666 142.202.242.182:7707 142.202.242.182:7777 142.202.242.182:8888 142.202.242.182:9999 144.126.141.126:2000 144.126.149.221:7777 144.126.151.240:2002 144.126.151.240:2003 144.76.68.248:8888 154.12.229.73:1999 154.12.242.122:7707 154.216.17.231:8888 154.216.18.171:8808 156.195.154.23:222 157.173.123.3:4443 160.176.88.73:8000 172.111.189.22:2000 172.93.101.18:7707 172.94.108.143:7784 173.212.199.134:13001 176.96.137.133:4242 178.156.8.15:5001 178.156.8.15:6001 178.73.192.16:2000 181.235.10.77:2017 181.235.6.202:2017 191.96.166.66:7777 191.96.166.66:8888 191.96.166.66:9999 191.96.235.192:6606 191.96.235.192:7707 192.210.229.11:445 192.210.229.8:443 192.210.229.8:445 193.26.115.159:50 193.26.115.8:8080 193.26.115.98:6606 193.26.115.98:7707 193.26.115.98:8808 198.58.98.151:6606 20.51.109.14:8888 20.51.109.14:9999 207.32.217.176:6666 207.32.217.180:6606 207.32.217.187:8888 207.32.217.187:9999 207.32.217.252:6606 207.32.217.27:6606 207.32.217.9:6666 207.32.218.100:8888 207.32.218.46:6666 207.32.218.46:8888 209.145.50.29:7777 209.145.50.29:8888 209.222.98.197:443 34.145.18.233:8808 38.240.36.127:7707 38.242.236.116:6606 41.141.181.109:8000 41.43.63.40:2003 45.126.209.19:8808 45.126.209.238:8888 45.32.163.234:8000 45.83.31.47:4444 45.83.31.47:6606 45.83.31.47:8808 45.83.31.53:8080 45.88.186.177:6606 45.88.186.177:7707 45.88.186.177:8808 45.88.186.202:7077 45.88.186.68:7077 45.88.186.85:7077 46.246.86.13:2000 49.232.228.35:8888 51.38.109.144:6606 51.38.109.144:7707 51.38.109.144:8808 51.81.24.83:6606 51.81.24.83:7707 51.81.24.83:8808 64.176.183.172:8808 66.179.188.124:888 66.179.189.167:888 66.179.208.55:888 74.208.164.130:444 74.208.249.138:6606 77.59.137.82:4444 85.206.172.156:333 88.119.175.153:4444 88.119.175.153:9999 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-10-13) http://176.96.138.247 136.175.8.59:8888 154.216.17.207:1188 154.216.17.207:7707 154.216.17.207:8808 154.216.18.236:7777 154.216.20.112:5555 156.195.154.23:2003 172.111.252.205:4444 178.156.8.15:6002 185.106.92.86:4040 185.196.10.235:4449 185.196.10.98:4444 185.196.9.174:7777 191.96.235.192:6666 192.210.229.11:443 192.210.229.11:8000 192.210.229.11:9090 192.210.229.8:8080 192.210.229.8:9090 193.26.115.8:8808 194.26.192.222:111 198.23.197.108:6606 198.23.197.108:8808 198.23.227.175:4655 45.126.209.19:6606 45.126.209.19:7707 45.83.31.47:7707 47.238.55.14:4449 66.179.188.124:8000 72.11.142.133:4449 77.91.102.202:4444 79.137.199.150:4449 89.23.113.10:7777 91.92.250.207:6606 91.92.250.207:7707 91.92.250.207:8808 nf-account.com tzten257.top ansss2608.duckdns.org dczas.duckdns.org windows-cam.casacam.net winsrr14.duckdns.org xspeed.freemyip.com # Reference: https://x.com/malwrhunterteam/status/1846476306327720289 # Reference: https://www.virustotal.com/gui/file/3ca4eae0f394cc0d920fa27fd22cf22c2fa7337fe633fd54db7348eddbd9f691/detection # Reference: https://www.virustotal.com/gui/file/c971e493d53d331ce884aa2380207080aecd9ae84309639b13a759c32a1215e9/detection # Reference: https://www.virustotal.com/gui/file/0f9e8c9c6f7fd9ae5fbfd58019ae359db215692dab871af16e951b3c9ad413b7/detection 193.26.115.161:7077 193.26.115.68:60027 comcast-zone.gleeze.com madostock.loseyourip.com megamart.mywire.org newencrypt.giize.com # Reference: https://x.com/Racco42/status/1847003262152482860 # Reference: https://app.any.run/tasks/3640e7b2-627f-411c-a75c-3c3e952f8b43 190.9.223.135:1415 # Reference: https://x.com/banthisguy9349/status/1847169708140683540 # Reference: https://www.virustotal.com/gui/file/ea6776496baaaa60c2825e976eeec430330246f54ad0d09ba0b05f64c19eb9da/detection # Reference: https://www.virustotal.com/gui/file/d03a4b34d81c0dec8c4cdbc11ad70646bd2e5e62643569c326f4dac9bdf5f4b8/detection # Reference: https://www.virustotal.com/gui/file/4a81d32d170e24d97baa57977ba8a2c3a792bb0c9b61e9d121bbef0baf8bb8f9/detection # Reference: https://www.virustotal.com/gui/file/48d56a035480076931ec3b80a9df7321f1ddd31b6d3f92206656b7b6fbb1cbb8/detection 45.83.31.104:7077 marcoworking.freeddns.org # Reference: https://www.virustotal.com/gui/file/39be0d9e62066bd79cbce3416f41776c8e36146cf8f729af61bbb49c800c13f4/detection ads-remover.duckdns.org shellwriter.com # Reference: https://x.com/K_N1kolenko/status/1846140635700466062 147.185.221.18:525310 157.20.182.17:4449 217.195.195.46:1604 38.156.0.162:1001 43.128.62.113:8848 45.77.40.234:22580 # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-10-20) http://165.227.81.186 103.56.113.221:1723 104.243.40.137:6605 104.243.47.56:5555 105.188.114.89:4444 125.113.0.208:6699 128.90.106.50:9999 128.90.113.192:9999 142.202.242.182:2812 144.126.151.240:2004 146.59.161.5:7829 148.135.76.59:8888 149.56.30.19:7000 154.12.229.73:1997 157.20.182.183:4449 157.20.182.8:4442 178.156.8.15:6000 181.215.205.147:6606 191.93.112.73:9003 191.96.235.192:8808 193.124.205.51:7777 198.154.99.162:6606 198.154.99.162:6607 198.154.99.162:6608 198.154.99.162:6609 198.154.99.162:6610 198.154.99.162:6611 198.154.99.162:6612 198.154.99.162:6613 198.154.99.162:6614 198.154.99.162:6615 198.154.99.162:6616 198.154.99.162:6617 198.154.99.162:6618 198.154.99.162:6619 198.154.99.162:6620 198.154.99.162:6621 198.154.99.162:6622 198.154.99.162:6623 198.154.99.162:6624 198.154.99.162:6625 198.154.99.162:6626 198.154.99.162:6627 198.154.99.162:6628 198.154.99.162:6629 198.154.99.162:6630 198.154.99.162:6631 198.154.99.162:6632 198.154.99.162:6633 198.154.99.162:6634 198.154.99.162:6635 198.154.99.162:6636 198.154.99.162:6637 198.154.99.162:6638 198.154.99.162:6639 198.154.99.162:6640 208.91.189.69:6606 209-222-98-197.cprapid.com 23.26.108.141:7707 34.145.18.233:6606 41.251.208.176:8080 41.43.194.246:4444 46.246.12.10:2000 46.253.4.252:6606 54.38.151.134:7707 64.188.9.172:8888 64.188.9.172:9999 66.179.240.24:888 82.115.223.212:7777 82.115.223.212:8888 82.115.223.212:9999 82.216.163.11:443 87.106.72.122:2005 91.107.210.50:6606 91.107.210.50:7707 91.107.210.50:8808 ip-11.net-82-216-163.suresnes3.rev.numericable.fr musing-hermann.101-99-92-100.plesk.page twofact.ddns.net # Reference: https://www.virustotal.com/gui/file/1714c7d7ddf0d127813104ef4322738e405988ceaa646dcb4103f49f30fcc9dc/detection 80.76.51.32:8588 # Reference: https://www.virustotal.com/gui/file/81d9449bbcbf0ec741da434f54edac3745d611553a3f76e62809a9cc5440b021/detection 80.76.51.32:62336 # Reference: https://x.com/banthisguy9349/status/1849792179939533246 # Reference: https://www.virustotal.com/gui/file/e04bc2c23f7bea169e08ec1a4a38cd840aae9f1217b227a8a0ab05cd5f1a3196/detection 172.236.29.219:8080 172.236.29.219:8808 # Reference: https://x.com/RacWatchin8872/status/1854579674887729395 # Reference: https://tria.ge/241107-vwkncsypcm/behavioral2 111.90.143.143:3232 111.90.143.248:3232 111.90.143.248:4449 skills-genes-flex-darwin.trycloudflare.com # Reference: https://x.com/lontze7/status/1854878302109892814 # Reference: https://x.com/RacWatchin8872/status/1854891809807151344 # Reference: https://app.validin.com/detail?find=asegurar.vbs&type=dom&ref_id=0d0be108061#tab=host_pairs # Reference: https://app.validin.com/detail?find=segura.vbs&type=dom&ref_id=0d0be108061#tab=host_pairs coemprsasltda.pro 21oct.duckdns.org sostregd.duckdns.org sremc.duckdns.org wins14feb.duckdns.org wins.coemprsasltda.pro # Reference: https://x.com/malwrhunterteam/status/1855330328417546422 # Reference: https://www.virustotal.com/gui/file/49b3b5ed8b4bab226241223f2004d96cd7975d62375dfbffbfe2212c1e4d52f8/detection 67.207.188.125:6606 67.207.188.125:7707 67.207.188.125:8808 adrsxpjm0rga0n.de go2.adrsxpjm0rga0n.de # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10) http://107.173.58.12 http://111.90.140.83 http://157.173.195.46 http://34.70.255.193 103.186.117.76:6606 103.186.117.76:7707 103.186.117.76:8808 104.243.38.34:8888 104.255.174.9:8000 104.255.174.9:8088 111.90.140.83:443 128.90.102.115:9999 128.90.103.230:9999 128.90.103.99:9999 128.90.106.215:9999 128.90.106.249:9999 128.90.113.118:9999 128.90.113.157:9999 128.90.128.166:9999 128.90.129.125:9999 128.90.129.238:9999 128.90.141.244:7070 140.82.52.246:1604 144.202.38.111:2000 154.12.253.45:8088 157.173.195.46:8888 172.233.177.224:8000 172.235.128.191:8000 172.93.101.39:4444 172.93.101.39:8888 173.249.202.39:443 176.96.138.110:4608 179.13.10.157:8082 181.235.132.44:8887 185.241.208.217:4001 185.241.208.88:111 185.241.208.88:222 185.241.208.88:2222 185.241.208.88:4444 185.38.142.240:1940 185.38.142.240:1962 185.49.126.52:8808 188.218.255.105:7707 191.93.117.49:9003 191.96.207.223:8888 192.3.95.164:8080 192.3.95.227:8080 194.190.152.111:7854 196.74.238.102:8080 213.176.67.24:8888 213.176.67.24:9999 216.151.164.102:443 23.160.168.167:8080 31.59.131.84:2000 37.114.41.179:6606 4.255.224.214:4444 41.249.160.126:8080 45.137.21.15:6606 45.143.199.184:8088 45.88.186.69:7707 45.88.186.69:8808 45.93.9.248:4500 46.246.6.16:2000 5.196.186.185:5001 5.196.186.185:8008 5.89.219.20:7707 51.222.21.29:222 51.222.21.29:2222 51.222.21.29:555 51.222.21.29:5555 51.222.21.29:777 51.222.21.29:7777 51.89.207.236:4048 51.89.207.240:4048 64.188.9.164:5080 66.179.243.219:443 66.179.243.219:8888 66.179.243.34:888 67.217.240.33:443 67.217.240.34:443 67.217.242.14:888 67.217.244.177:443 67.217.244.178:443 74.48.83.22:8888 74.48.83.22:9999 77.220.213.58:6606 77.69.107.217:8888 78.161.46.79:20000 78.161.46.79:222 78.161.46.79:3002 78.161.46.79:3005 78.161.46.79:5050 78.161.46.79:888 78.161.6.8:222 85.7.223.113:9090 87.120.114.144:222 87.120.114.144:2222 88.209.248.69:6606 89.39.106.35:1414 93.123.109.157:7777 95.179.194.63:8808 # Reference: https://www.virustotal.com/gui/file/c6c72806ec39a174351500bd7f3ca235550a83b9a03538cf2e47f914c6013e24/detection 219.248.40.33:8848 # Reference: https://www.virustotal.com/gui/file/1abdb053479fd561bc7bf95de8b98104cab4762b2b84f7340b67c0dae52fae66/detection 136.243.179.5:650 minlsteres.linkpc.net # Reference: https://x.com/JAMESWT_MHT/status/1857685914459210138 # Reference: https://app.any.run/tasks/9f28524e-9d3e-47db-8911-bfde07e620d8 # Reference: https://www.virustotal.com/gui/ip-address/191.93.117.49/relations # Reference: https://www.virustotal.com/gui/file/904c0fe0f29e8a2d4e26f7087dbbb95c1d926340e80b93399583aa865f5a6860/detection # Reference: https://www.virustotal.com/gui/file/09a0cf7158d3869f792543c5eb64d567f9c01b3cea28547f460fa88197e464f8/detection 0611wins.duckdns.org 12novwins.duckdns.org 3010wins.duckdns.org 7012oj.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1857692980900982994 # Reference: https://www.virustotal.com/gui/file/01ad5238f803563f1635fdadfef47f97c0c2c8e0c90111b625a248d44f9017f9/detection i0004.clarodrive.com powerupsnew.dynuddns.com # Reference: https://x.com/JAMESWT_MHT/status/1857821931514347908 # Reference: https://app.any.run/tasks/e5a76bfb-058f-4511-bb31-8dc3571ef8be 154.216.17.175:7070 ghanarchydn.duckdns.org fit-retired-athletics-marathon.trycloudflare.com previews-belgium-achieved-driving.trycloudflare.com # Reference: https://x.com/JAMESWT_MHT/status/1857798237693862233 # Reference: https://www.virustotal.com/gui/file/b9a69d93f042ba4bd16df5e8768e445fda2ed2ec0084352f43111347c0928729/detection 172.233.187.199:7474 172.235.135.74:5252 172.235.135.74:7474 # Reference: https://x.com/JAMESWT_MHT/status/1858421663894737400 # Reference: https://www.virustotal.com/gui/file/adc29eb24db484b14101ce4ab0e8eeda1586009dd65f980e596c8fa45703678c/detection 139.162.100.28:8000 enviodolares24.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1859187800928616611 # Reference: https://www.virustotal.com/gui/file/1503447c30588583377509f44b075e99019a59899ca8e2a4b36a6602b39d4dc7/detection 167.114.47.186:56001 # Reference: https://x.com/malwrhunterteam/status/1859280130511655235 # Reference: https://www.virustotal.com/gui/file/4b8474a72a587841c45aaa30d00b7f5335cb69d0fc748ceb8adb244932bdf845/detection 191.93.117.49:9003 19nov2024.duckdns.org # Reference: https://www.virustotal.com/gui/file/846375b7cbfa9c6b6ef170e1f42e62fe359d58ea69912b1de53d2999dee226b4/detection 163.172.125.253:800 # Reference: https://www.virustotal.com/gui/file/31f50eda5a542daad800246c8c8824650f1523bde4c3e944acda96c10fe3b0f7/detection 65.21.198.54:850 # Reference: https://tria.ge/241122-b13vys1phs/behavioral2 # Reference: https://www.virustotal.com/gui/file/981db65a918db89fba166dc5b9063d873ca4a2528cf9d56e8bf893fd53b98ba0/detection 65.21.198.54:63107 65.21.198.54:63108 65.21.198.54:63115 65.21.198.54:62488 # Reference: https://x.com/karol_paciorek/status/1859954097908256877 136.243.151.123:7702 136.243.179.5:32 65.21.198.54:600 # Reference: https://x.com/cyberfeeddigest/status/1860079815040348322 # Reference: https://www.virustotal.com/gui/file/3442a9e4f21d14a478076694bf1dd44268e950262270e7637936c05657531462/detection 158.220.83.114:1005 samsalah1.freeddns.org # Reference: https://x.com/RacWatchin8872/status/1860356538503733473 # Reference: https://app.any.run/tasks/0a336523-d6de-4d30-860c-37287a9ced56 # Reference: https://app.any.run/tasks/13911dd7-ec24-4b3f-a2f0-0aa2bd8234c1 192.121.82.93:4099 192.121.82.93:5801 logitraceworld.org jimcovington.duckdns.org s1.hopto.org sansay.servesarcasm.com zaid.hopto.org barry-physics-replace-endangered.trycloudflare.com casinos-closed-paxil-enabled.trycloudflare.com holder-apartments-face-matthew.trycloudflare.com # Reference: https://www.virustotal.com/gui/file/d4f4d3196d92b306f65ba4f1f90ec73403803530a58196b48db38210e3e3047d/detection 128.90.141.116:6161 ducksex.ddnsfree.com # Reference: https://x.com/JAMESWT_MHT/status/1861101857495552378 # Reference: https://app.any.run/tasks/519aedb1-dd44-44c1-923e-6c13ef186bcf # Reference: https://www.virustotal.com/gui/file/499cad8ea8d4afa46c6864e33c229dc54542fe7ed44a0fdaffa0deffe8677dc5/detection 104.37.175.232:7716 192.30.241.106:56001 # Reference: https://www.virustotal.com/gui/file/32ccf9351cb267284738c1828fe20d3c876566fdc4c73f613b8f6df50d71905a/detection 45.66.231.89:6171 xscapezo.capetown # Reference: https://x.com/malwrhunterteam/status/1861038954931220483 # Reference: https://www.virustotal.com/gui/file/a3c5fae44d28838794657b38a0c619516bae0805da4cb9004d5178204a670f6c/detection 31.13.224.69:8120 # Reference: https://x.com/RacWatchin8872/status/1862119006041264199 # Reference: https://app.any.run/tasks/4871f41c-1118-4936-aaa3-9fc777529d4e # Reference: https://www.virustotal.com/gui/file/84b1476e3f582b757c6aea49c621c676ede660b451d25022742dbbddd16fedc1/detection # Reference: https://www.virustotal.com/gui/file/8a984491558f624bf313baf8453d547c0f714822058a2aca540f64dc78e4078f/detection 103.195.103.63:222 # Reference: https://x.com/malwrhunterteam/status/1862465014692536790 # Reference: https://www.virustotal.com/gui/file/87eefc3270fefac96226245ab6d36360e379caea5e93060082ec31dcc8b823ed/detection 139.99.188.124:56001 # Reference: https://www.virustotal.com/gui/file/b19856bcce19bf81749b4293d2cd8cb5e7be78419e730c3f5c50a0564c340022/detection # Reference: https://www.virustotal.com/gui/file/4f4ae94ab54dd5d75fb362ef61db9f94efde100303275bb5fc674e9f450e1215/detection 192.169.69.26:8797 pdhasync.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/12.202.180.114/relations anachymom.duckdns.org asyncmoment.duckdns.org dhanachy.duckdns.org # Reference: https://x.com/banthisguy9349/status/1849721368931086442 # Reference: https://x.com/JAMESWT_MHT/status/1863903647165214859 # Reference: https://www.virustotal.com/gui/file/3ce21ef0e54daaa882322073dfd9b136e8b0a2eba8172fb83c1e934c74ed60ec/detection # Reference: https://www.virustotal.com/gui/file/2bf40a88c866b16124039495791b99cd71ddf5f1c8decea75d18e8400b52b6ea/detection # Reference: https://www.virustotal.com/gui/file/26f21a80a6bc8fac55d3137d541116b500b37bab7e9e01432d7b515396aa6dcd/detection # Reference: https://www.virustotal.com/gui/file/8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695/detection # Reference: https://www.virustotal.com/gui/file/5969d816e92654b77aed224db471e2c0f06d004d12885324cb9bb9b3e06776df/detection # Reference: https://www.virustotal.com/gui/file/5969d816e92654b77aed224db471e2c0f06d004d12885324cb9bb9b3e06776df/detection # Reference: https://www.virustotal.com/gui/file/8cff7f991f38a735a829c6aeb8d1482e76eba84c4ad1c4492a34d1b88a972cba/detection # Reference: https://www.virustotal.com/gui/file/6ef23d5f69695cd8c9381e416928ca10e33a0b927c451399ab439eb64007a5ec/detection # Reference: https://www.virustotal.com/gui/file/3ba67ff051ccbe3e60a5e3299efc94b852b2edcad367e362eec201731b51b2fe/detection # Reference: https://www.virustotal.com/gui/file/25db2614bacd5fab235fae0dcf994833603604ed37173152c47f288733fa8418/detection 154.216.16.111:7957 154.216.17.175:3044 154.216.17.175:7070 154.216.17.175:8331 154.216.17.175:8930 154.216.18.99:9135 51.89.201.2:5878 57.128.129.22:5824 20fit-retired-athletics-marathon.trycloudflare.com absolutely-joy-instantly-violence.trycloudflare.com goninvoicceme.shop icq-hang-toe-specific.trycloudflare.com invoiceposs.shop kendychop.shop kinggamminginvoicfin.cyou kinggamminginvoicfin.icu kinggamminginvoicfin.shop kmaybelsrka.art kmaybelsrka.biz kmaybelsrka.cfd kmaybelsrka.club kmaybelsrka.cyou kmaybelsrka.sbs kmaybelsrka.xyz nvrecipingpayrhnmusic.icu partinvshipppjbb.click partinvshipppjbb.xyz payhostmsa.shop prtmscaup.cfd prtmscaup.click prtmscaup.cyou prtmscaup.my prtmscaup.sbs prtmscaup.xyz sscannnedinnvoicepayycasrting.shop trackmyshiptng.site # Reference: https://x.com/Root0ne/status/1863682768481169457 # Reference: https://tria.ge/241202-yzsd6azrgw 31.220.90.137:8848 # Reference: https://www.virustotal.com/gui/file/db975def99c421044202e851271136fe6d7e16ec8e2af4fcdd419aab92e9ccdc/detection 31.220.90.137:6606 31.220.90.137:7707 31.220.90.137:8808 # Reference: https://x.com/1ZRR4H/status/1864486678129258641 # Reference: https://www.virustotal.com/gui/file/c7a46fb4e1691e3b8712cb595bc25672dfb77570166cc2d2cba02cf2f9e7b728/detection # Reference: https://www.virustotal.com/gui/file/aa2865178dc691edfdfc676c77a638cd165cbe9385a0ae4b8bfa16e9b9af753b/detection # Reference: https://www.virustotal.com/gui/file/4b4e5745d6e7c73c1713ba35982593ae81b514c1f7c707cf56ac244bea057df9/detection http://77.105.161.126 181.131.217.244:3056 181.131.217.244:4365 # Reference: https://x.com/SecurityAura/status/1865203792309825919 # Reference: https://x.com/RussianPanda9xx/status/1865229252947329269 # Reference: https://www.forcepoint.com/blog/x-labs/asyncrat-python-trycloudflare-malware # Reference: https://www.virustotal.com/gui/file/ac1cdf679fee71bc931f1bd4f1b5be00736715503bc83cd9223c4767d0aa9e86/detection # Reference: https://www.virustotal.com/gui/file/0bac72a2d9815739af75107a0dd795fdc9669ee2dad645934bb7480ee91e68c9/detection 12.187.175.72:6757 83.136.208.180:5515 83.136.209.53:2610 cjmsc4dfl1ed7eb485ad6ahelix-pflanzen.de msc4dfl1ed7eb485ad6ahelixpflanzen.de be-broadband-wp-canon.trycloudflare.com travel-scholar-an-equity.trycloudflare.com # Reference: https://x.com/JAMESWT_MHT/status/1866545663112319181 # Reference: https://app.any.run/tasks/56b42abc-37d5-4fba-b2e0-22076cb29097 162.213.210.250:6499 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app # Reference: https://x.com/JAMESWT_MHT/status/1869299429058195749 # Reference: https://www.virustotal.com/gui/ip-address/147.45.49.155/relations # Reference: https://app.any.run/tasks/8f2eab86-bb01-4e05-8f6d-67c6ec63e7c1 http://139.99.188.124 http://89.23.103.232 tiffany-careers.com # Reference: https://x.com/K_N1kolenko/status/1870043853794799709 148.163.102.170:4473 51.161.12.215:4449 # Reference: https://x.com/banthisguy9349/status/1873309771572683097 104.219.215.160:4449 104.219.215.160:8008 104.236.39.42:6606 104.236.39.42:7707 104.236.39.42:8808 147.185.221.18:63974 147.185.221.24:33931 147.185.221.24:6606 147.185.221.24:7707 147.185.221.24:8808 213.136.90.188:4449 213.136.90.188:7000 51.89.44.68:8848 87.120.113.125:2101 87.120.113.125:55644 above-recognize.gl.at.ply.gg bahautopilotusatzfeder.xyz dofucks.com domain13.ddns.net egypt2.camdvr.org eichstaett.duckdns.org fahrzeugtechnik24zusatzfeder.de heheyanel.ddns.net jt8iyre.localto.net loans-merchant.gl.at.ply.gg newstartagain.servequake.com newstartagain50.duckdns.org private115.duckdns.org renver.duckdns.org run-neither.gl.at.ply.gg sat-bowling.gl.at.ply.gg sk.servemp3.com testloggbot23-37268.portmap.host treppen.duckdns.org # Reference: https://x.com/JAMESWT_MHT/status/1874365729832870023 # Reference: https://x.com/JAMESWT_MHT/status/1874886761803063364 # Reference: https://app.validin.com/detail?type=raw&find=Booking.com+-+Partner+Hub#tab=host_pairs (# 2025-01-04) # Reference: https://www.virustotal.com/gui/file/e35d7ef701e2a95c6a9f13e379aeb8aac96dd99573e02d87daee3dd120322bce/detection # Reference: https://www.virustotal.com/gui/file/5d8b55532cda3855a8211e70366648a22ef5193dd36931fa61e3393290c2ada9/detection http://147.45.198.116 http://147.45.44.131 http://185.149.146.164 157.20.182.177:4449 attenderoom43991.world roomsvisitors18492.world roomsvisitor73730.world roomsvisitors82831.world roomsvisitor849391.world roomsvisitor9492.world # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02) http://103.67.196.247 http://185.130.249.74 http://185.133.248.219 http://192.3.95.164 http://192.3.95.227 http://193.26.115.44 http://194.163.138.50 http://195.179.227.207 http://198.23.227.140 http://198.23.227.175 http://216.122.187.138 http://34.132.116.88 http://34.171.178.23 http://34.173.47.212 http://66.179.240.177 http://82.64.156.123 http://88.209.248.128 http://89.117.21.203 103.195.100.236:6606 103.195.100.236:7707 103.195.100.236:8808 103.195.100.237:6606 103.195.100.237:8808 103.195.101.209:6666 104.243.40.137:8807 104.243.47.79:443 104.243.47.84:8808 105.157.200.249:8080 107.173.229.136:2222 108.165.101.156:6606 108.165.101.156:7707 108.165.101.156:8808 108.174.194.58:7707 109.199.101.109:1004 116.203.178.175:5555 128.90.103.201:9999 128.90.103.204:9999 128.90.106.145:9999 128.90.113.113:9999 128.90.113.216:9999 128.90.113.29:9999 128.90.113.94:9999 128.90.122.109:9999 128.90.122.151:6666 128.90.122.151:9999 128.90.122.99:6666 128.90.123.136:9999 128.90.123.29:9999 128.90.123.85:9999 128.90.59.155:7070 130.51.20.126:6699 138.68.225.19:5800 141.94.145.65:6606 141.94.145.65:8808 141.94.145.71:7707 141.98.11.206:8000 142.11.201.34:8097 142.11.201.35:8097 142.11.201.36:8097 142.11.201.37:8097 142.11.201.38:8097 144.126.149.221:6606 144.126.149.221:8808 147.135.231.50:6606 149.102.147.106:6606 149.102.147.106:70 149.102.147.106:7707 149.102.147.106:8808 152.44.36.206:8000 156.195.247.146:222 156.233.225.47:9999 158.220.124.155:6606 158.220.124.155:8808 160.179.195.197:8080 162.216.243.15:7707 163.172.125.253:100 164.132.5.117:6606 167.114.145.155:7707 172.111.245.34:9907 172.111.245.35:9907 172.111.245.99:9907 172.177.170.23:7707 172.233.13.159:8000 172.233.189.137:8000 172.233.190.205:8000 172.93.101.18:6606 172.93.110.112:6666 172.94.104.3:81 172.94.9.136:7070 172.96.172.180:4444 172.96.172.180:8888 176.123.1.88:4444 176.126.114.68:1025 176.218.135.181:4444 178.73.192.9:2000 179.13.5.17:8020 181.41.200.196:10000 181.71.227.87:2022 181.73.105.95:8080 185.130.249.74:443 185.150.191.119:443 185.150.191.119:4444 185.150.191.119:8888 185.16.38.41:6667 185.196.9.200:7707 185.208.156.146:9999 185.241.208.111:6606 185.241.208.111:7707 185.241.208.111:8808 185.241.208.88:5555 185.241.208.88:6606 185.241.208.88:6666 185.241.208.88:8808 185.49.126.134:6606 185.49.126.13:7707 185.49.126.166:77 185.49.126.217:6606 185.49.126.32:6606 185.49.126.50:6606 185.49.126.64:6606 186.169.49.64:11102 186.169.65.176:11102 191.91.176.72:3000 191.91.177.119:8020 191.96.207.136:6606 191.96.207.188:2002 191.96.207.188:2003 191.96.207.188:2004 191.96.207.188:6606 191.96.207.188:7707 191.96.207.188:8808 191.96.207.198:6606 191.96.207.198:7707 191.96.207.198:8808 191.96.207.241:8888 192.241.182.184:8000 192.3.238.130:8888 193.26.115.117:8080 193.26.115.178:6606 193.26.115.178:7707 193.26.115.178:8808 193.26.115.87:6606 193.26.115.87:7707 193.26.115.87:8808 193.34.212.115:444 193.83.7.1:4444 194.11.246.69:6606 194.11.246.69:7707 194.11.246.69:8808 194.164.96.240:444 194.26.192.165:222 194.26.192.165:2222 194.26.192.165:444 194.26.192.165:4444 194.26.192.165:6606 194.26.192.165:7707 194.26.192.165:777 194.26.192.165:8808 195.250.25.144:6000 195.26.241.253:7707 195.26.255.81:1996 195.26.255.81:2106 195.26.255.81:6606 195.26.255.81:77 195.26.255.81:7707 195.26.255.81:7777 195.26.255.81:8808 196.70.89.122:8080 196.70.94.53:8080 196.89.211.151:8080 198.23.227.140:4655 198.23.227.140:7710 198.23.227.175:7710 198.244.206.8:222 198.58.98.151:7707 198.58.98.151:8808 2.56.179.212:4445 2.58.56.211:111 2.58.56.76:6606 20.77.26.137:8080 205.234.181.134:6000 205.234.181.134:8000 205.234.181.134:8088 207.244.238.106:8808 207.32.217.167:888 207.32.217.185:4444 207.32.217.185:8008 209.222.98.197:8888 212.23.222.206:9000 213.170.135.202:888 216.172.103.34:8090 217.195.197.243:1604 23.94.126.198:7707 23.95.106.22:50500 23.95.106.22:9804 3.145.156.44:7707 31.13.224.34:7777 34.142.188.154:81 34.27.129.112:2000 34.70.255.193:67 35.224.99.235:2000 37.114.41.179:7707 37.114.41.179:8808 38.242.146.249:443 38.242.146.249:90 38.242.146.249:9090 38.69.12.163:2020 45.126.209.223:6666 45.135.232.38:52450 45.147.46.188:1604 45.149.241.239:1987 45.152.149.15:6606 45.152.149.15:7707 45.152.149.15:8808 45.152.149.34:6606 45.152.149.70:6606 45.152.149.70:7707 45.152.149.70:8808 45.155.220.109:7707 45.202.35.100:333 45.202.35.12:333 45.202.35.203:7707 45.202.35.203:8808 45.88.186.180:7707 45.88.186.180:8808 45.88.186.55:9090 45.94.31.13:7001 46.109.233.210:7707 46.246.80.26:2000 46.246.82.5:2000 51.77.113.178:888 51.89.240.14:1010 62.133.61.124:443 64.188.9.175:3008 64.225.27.237:8808 66.55.75.118:8000 67.203.7.131:6606 67.217.247.180:443 69.166.230.200:4444 69.166.230.200:6006 69.166.230.200:6606 69.166.230.200:7707 69.166.230.200:7777 69.166.230.200:8008 69.166.230.200:8888 69.166.230.99:7707 69.174.100.131:6606 69.48.201.20:443 69.48.204.228:443 69.48.204.229:443 70.104.186.131:4444 78.135.85.202:6606 78.161.2.252:888 78.161.43.154:2004 78.161.43.154:888 78.161.58.156:888 78.162.164.147:222 78.164.29.133:20000 78.164.29.133:2003 78.171.102.136:20000 78.171.102.136:2003 78.179.63.102:20000 78.179.63.102:2003 78.179.63.102:2004 78.179.63.102:888 80.76.51.101:7707 81.214.76.68:20000 81.214.76.68:2003 81.214.76.68:2004 81.214.76.68:3001 81.214.76.68:3002 81.214.76.68:3003 81.214.76.68:3004 81.214.76.68:888 83.147.53.93:7707 83.147.54.112:9090 83.147.54.173:8808 85.103.207.206:2004 85.108.110.41:2003 85.108.110.41:888 85.31.47.143:7777 87.120.114.144:555 87.120.116.99:6667 87.120.117.113:6606 87.120.117.113:7707 87.120.117.113:8808 87.120.117.69:6606 88.201.69.136:443 88.228.139.187:20000 88.228.139.187:2003 88.228.139.187:2004 88.228.139.187:888 88.232.118.41:2003 88.252.160.206:2003 88.252.172.73:2003 91.191.213.118:8088 91.223.3.156:8808 93.233.127.42:51124 94.156.177.244:8888 95.214.177.250:25566 95.214.55.223:443 95.214.55.223:4444 95.214.55.223:8888 95.216.203.122:6606 # Reference: https://x.com/banthisguy9349/status/1875650527104790783 147.185.221.16:44574 191.93.117.49:9003 192.169.69.26:9003 holadic06.duckdns.org holadic16.duckdns.org impact-leeds.gl.at.ply.gg # Reference: https://www.virustotal.com/gui/file/b80439662138467b0e233dcad6ffafbe5b8d53f0d54a591019f9c8202b0812c3/detection 87.120.125.47:6606 87.120.125.47:7707 87.120.125.47:8808 # Reference: https://www.virustotal.com/gui/file/9adf6aa3a5569f9d094f585ff18b64d5bdf60940a1f8887f4c492f6e2c13edb4/detection 216.9.224.157:6606 216.9.224.157:7707 216.9.224.157:8808 # Reference: https://app.validin.com/detail?type=raw&find=Booking.com+-+Partner+Hub#tab=host_pairs (# 2025-01-05) attenderooms30984.world attenderooms882128.world attendesrooms899334.world attendesroomsrdf-4857429.world rooms19821.world rooms24.world rooms3882.world rooms432435.world rooms44232.world rooms491943.world rooms66642.world rooms77443.world rooms77743.world rooms788371.world rooms81812.world rooms82131.world rooms8812.world rooms88123.world rooms8831.world rooms8838.world rooms94239.world rooms944823.world rooms99813.world rooms998371.world roomsattende882148.world roomsattende900024.world roomsattende99231.world roomsattende99291.world roomsvisiotos0084.world roomsvisitor202409.world roomsvisitor202514.world roomsvisitor202515.world roomsvisitor9934224.world roomsvisitors2002541.world roomsvisitors9991.world roomsvisitors99923.world rooomvisitors88283.world visitors1124.world visitors1291.world visitors14824.world visitors21235.world visitors2448.world visitors2948.world visitors31254.world visitors49913.world visitors5448.world visitors82831.world visitors8381.world visitors88248.world visitors9213.world visitors948.world visitors99192.world visitors99282.world visitors99292.world visitors9991.world visitors99981.world visitors99991.world visitorsrooms012537.world # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-05) 104.243.34.54:8808 128.90.113.89:9999 144.126.149.221:7707 150.241.83.250:443 157.20.182.8:1337 178.215.224.100:443 185.49.126.47:6606 45.138.16.236:5050 69.166.230.200:8808 69.166.230.98:6606 # Reference: https://x.com/James_inthe_box/status/1877367837821673861 # Reference: https://www.virustotal.com/gui/ip-address/154.216.17.175/relations 154.216.17.175:8030 funfagamlkdreceipgroup.top invrecipingpayrhnmusic.icu jsnybsafva.biz jsnybsafva.me kmaybelsrka.homes kmaybelsrka.my unionfisrmas.shop superior-somalia-bs-leisure.trycloudflare.com # Reference: https://x.com/salmanvsf/status/1879434787506757634 # Reference: https://urlscan.io/search/#hash%3A96e34d83ad7bbb7ecf150ea8dac6544f9ab2a6fc7bd40d8300cf6d4cd7679dd2 # Reference: https://github.com/salmanvss/ThreatIntelFeeds/blob/main/MultiRAT 154.216.17.175:5030 aliatoengenharia.com.br alljsnybsafva.living aminoroc.org brainlysolutions.com caringforyousupport.com.au cbholdings.mw collegerp.org.in desbullariamos.sa.com dev.inolab.org fosuasauthentic.com foundersedition.lk gaby20.org garfieldthecat.tech happyfeeds.co.in harfir.org hebrewrootsassembly.org iderif.org jcjeck.jundy.org johnsonholdings.us listafrica.org motoruniverse.com movingcompanymesa.org promptful.biz pub-5708ccd63e154830b51d27cb5c1180e0.r2.dev pub-8471d69f0b5940b88ba145861836244b.r2.dev pub-b49ed37a138d4273bb24e6ebbcb21c84.r2.dev pub-f7808fef1de942f693af4beb1b04ee03.r2.dev rtigasen.us scan-interpreted-roman-glad.trycloudflare.com truthisdivine.edu.lk vbccorretoradeseguros.com.br vmorservices.org # Reference: https://x.com/K_N1kolenko/status/1880187740895211830 157.20.182.24:4449 98.66.170.99:1024 # Reference: https://www.virustotal.com/gui/file/2fbeb35402b8e7d05d2d1265de6b4645878698193024fa2c8e8e5ad86fb637e4/detection 62.122.184.98:56001 # Reference: https://x.com/salmanvsf/status/1881935936315158656 154.216.18.226:5014 45.202.32.77:5014 75.2.115.196:5014 aresmutfakfss.com jsnybsafva.art jsnybsafva.cfd jsnybsafva.click jsnybsafva.cv jsnybsafva.cyou jsnybsafva.info jsnybsafva.my jsnybsafva.one jsnybsafva.sbs jsnybsafva.shop tallebudgeranetball.org # Reference: https://x.com/DaveLikesMalwre/status/1882918253699441056 # Reference: https://www.virustotal.com/gui/ip-address/193.143.1.95/relations 193.143.1.95:8648 athusa.ceo dbasopma.cfd dbasopma.icu dbasopma.it.com dbasopma.lol dbasopma.sbs dbasopma.shop dbasopma.xyz jkbrtyinv.name jpinvrkp.cfd jpinvrkp.click jpinvrkp.cyou jpinvrkp.homes jpinvrkp.my jpinvrkp.sbs jpinvrkp.xyz # Refeference: https://x.com/DaveLikesMalwre/status/1882553733655023782 # Reference: https://app.any.run/tasks/b349092f-49c8-4674-838b-2a917675d673 # Reference: https://www.virustotal.com/gui/file/f99e1bee78eb050abfa014e9d141f8bb0a23455e02306243cc0491aa3474b067/detection 208.76.223.60:8080 blueaxon.net zenocore.net # Reference: https://x.com/K_N1kolenko/status/1882767050764120095 148.113.165.11:4040 162.250.127.123:4449 172.94.14.88:4449 85.31.47.59:8848 # Reference: https://www.virustotal.com/gui/file/8c8cb9468ccfb7f43a5cdfcfdc626d66e953a5f106564f2b2176149582e5752b/detection 66.63.187.234:56001 fbcdns.org # Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-25) http://104.243.47.45 http://172.178.66.209 http://173.44.139.179 http://45.125.66.30 http://54.87.32.39 http://69.197.174.36 http://74.120.121.82 102.32.117.96:8808 103.195.100.105:111 103.195.101.225:6606 103.229.81.203:8808 104.243.35.175:6666 104.243.35.241:8808 104.243.46.129:5555 107.155.93.118:8808 107.178.103.143:8808 108.165.237.230:8808 108.174.194.58:8808 108.181.168.187:8808 109.199.101.109:70 109.248.151.159:1005 116.100.113.150:8808 116.108.99.192:8808 118.70.175.199:8808 128.90.102.218:8808 128.90.103.11:9999 128.90.106.188:9999 128.90.106.224:8808 128.90.113.104:9999 128.90.113.97:9001 128.90.113.97:9999 128.90.122.110:9999 128.90.122.153:8808 128.90.122.163:5555 128.90.122.163:8808 128.90.122.198:5555 128.90.122.198:8808 128.90.122.198:9999 128.90.122.59:5555 128.90.122.59:8808 128.90.122.59:9999 130.195.222.156:4444 141.95.114.228:8808 141.95.114.241:6606 141.95.114.243:7707 141.95.114.243:8808 141.95.114.244:6606 141.95.114.244:7707 141.95.114.244:8808 142.202.189.201:2404 147.124.212.147:443 149.126.95.29:8808 151.80.89.232:7707 154.12.253.45:8808 154.127.53.246:5353 154.194.50.10:7000 154.216.19.186:7707 154.216.19.54:7707 154.216.19.54:8808 157.20.182.16:1414 157.254.165.150:8808 157.254.165.19:8808 157.254.236.207:8808 157.254.237.148:8808 158.220.83.114:1000 162.19.243.94:8080 163.172.60.235:6606 163.172.60.235:7707 163.172.60.235:8808 163.5.112.189:8808 163.5.160.181:8808 163.5.169.248:1000 163.5.32.100:8808 167.114.145.155:8808 167.172.213.164:8808 171.226.86.170:8808 172.232.170.66:7707 172.94.9.68:1994 172.94.91.110:7784 172.96.172.172:5555 176.126.114.68:8808 178.208.169.59:7070 178.215.224.100:8808 178.33.203.34:8808 179.13.3.202:8081 179.13.4.98:8808 181.131.216.206:8050 185.101.104.3:6606 185.101.104.3:7707 185.101.104.3:8808 185.133.248.219:8808 185.150.191.82:6606 185.150.191.82:7707 185.150.191.82:8808 185.16.38.41:2004 185.16.38.41:4017 185.16.38.84:20000 185.16.38.84:2003 185.16.38.84:2004 185.161.209.25:8808 185.206.148.210:888 185.208.159.166:8807 185.49.126.27:6606 186.169.53.160:11102 186.169.53.160:11103 188.127.247.213:6606 188.127.247.213:8808 190.102.40.205:8808 191.96.207.241:7707 191.96.207.55:6606 191.96.207.55:7707 191.96.207.55:8808 191.96.207.63:6606 191.96.76.69:8808 192.241.128.20:8808 192.3.238.130:6606 192.3.238.130:7707 192.3.238.130:8808 193.142.146.42:8808 193.143.1.72:443 193.26.115.159:100 193.26.115.159:7777 193.83.228.180:4444 194.213.3.100:888 194.26.192.99:8808 195.26.245.113:8808 195.3.223.146:1194 198.167.193.90:8808 198.23.158.69:8808 198.244.224.197:8808 199.127.62.165:4444 199.204.161.36:8808 2.37.186.106:8808 204.10.193.56:8808 207.231.104.150:8808 207.244.251.113:7707 207.32.218.157:8808 208.91.189.202:8808 213.142.159.59:1605 213.32.110.136:2222 213.32.110.136:888 23.175.50.116:8808 23.254.226.214:8808 23.26.108.93:1999 23.94.126.198:5555 23.94.126.198:8808 23.94.148.26:8808 23.95.106.22:20205 24.152.36.142:8808 27.64.99.119:8808 31.13.224.194:8808 31.58.169.105:6606 31.58.169.105:7707 31.58.169.105:8808 31.58.169.151:6606 31.58.169.151:7707 31.58.169.151:8808 31.58.169.195:6606 31.58.169.195:7707 31.58.169.195:8808 34.135.109.202:8808 34.162.254.35:8808 34.59.116.243:8808 34.94.65.212:8808 38.240.39.223:8808 45.126.208.175:8808 45.138.16.236:5001 45.138.16.236:5006 45.138.16.236:8808 45.149.241.217:8808 45.149.241.239:3002 45.154.98.121:8808 45.154.98.181:444 45.154.98.181:7777 45.154.98.181:888 45.154.98.181:8888 45.154.98.25:7001 45.154.98.25:8444 45.200.148.89:8808 45.202.35.19:6606 45.202.35.19:7707 45.202.35.19:8808 45.58.126.14:5555 45.59.104.27:8808 45.83.31.62:7000 45.83.31.62:8808 45.88.186.49:6606 45.88.186.49:7707 45.88.186.49:8808 45.88.186.86:7077 45.95.233.86:8808 5.12.213.37:8808 5.253.59.249:8808 50.114.240.164:8808 50.114.240.56:6606 51.79.171.171:7707 51.81.105.250:2600 51.89.190.24:8808 54.39.233.82:8808 54.39.233.87:8808 62.146.226.225:8808 66.165.227.66:8808 66.225.254.143:8808 66.55.74.235:8000 69.166.230.200:5555 69.166.230.99:6606 69.166.230.99:8808 69.197.145.69:443 69.48.204.228:6606 69.48.204.228:8808 69.48.204.229:6606 69.48.204.229:7707 69.48.204.229:8808 71.77.229.216:2222 80.76.51.66:6666 81.214.76.68:1000 81.214.76.68:1003 81.214.76.68:3000 83.136.208.202:6745 83.147.55.90:8808 84.247.162.141:443 84.247.162.141:8808 84.32.231.185:4444 84.38.133.193:8808 85.235.74.79:8808 85.239.237.148:1998 85.239.237.148:7777 85.31.47.104:6606 85.31.47.139:6606 85.31.47.139:7707 85.31.47.139:8808 85.31.47.149:6606 85.31.47.149:7707 85.31.47.149:8808 85.31.47.208:222 85.31.47.208:2222 85.31.47.208:444 85.31.47.208:4444 85.31.47.208:7777 85.31.47.56:7777 85.31.47.75:1967 85.31.47.80:222 87.120.112.98:8808 87.120.113.143:888 87.120.116.169:6606 87.120.116.169:7707 87.120.116.169:8808 87.120.117.89:8808 87.120.125.230:7581 87.120.125.253:222 87.120.125.253:2222 87.120.125.253:4444 87.120.125.253:7777 88.243.168.51:1000 88.243.168.51:1009 88.243.168.51:1010 88.243.168.51:20000 88.243.168.51:2003 88.243.168.51:2004 88.243.168.51:2008 88.243.168.51:3000 88.243.168.51:8808 88.243.168.51:888 88.8.171.104:8808 89.23.103.43:6606 89.23.103.43:7707 89.23.103.43:8808 91.191.213.118:6606 91.191.213.118:7000 91.191.213.118:7707 91.191.213.118:8808 93.115.35.106:9090 94.154.35.80:8880 94.156.167.42:7777 94.72.118.139:8808 95.211.182.120:1967 95.214.54.164:7707 95.216.85.167:8808 # Reference: https://x.com/JAMESWT_MHT/status/1884932953974702298 # Reference: https://www.virustotal.com/gui/file/63b8889c35a96bd8377456d5218809148a111fb1d79d84a18903ac37d0a49047/detection 156.253.250.62:5000 94.154.35.145:6666 69nk69.linkpc.net # Reference: https://www.virustotal.com/gui/file/c73164d91bc07cd812b7897f7660ce5dba9b28dc2452569b8e94389008c7a393/detection 199.247.0.169:4449 # Reference: https://www.forcepoint.com/blog/x-labs/asyncrat-reloaded-python-trycloudflare-malware # Reference: https://www.virustotal.com/gui/file/9342d8595d54a570f21b793ffbbfc95975f7b3b2457c2e6d659e26fa62ce2980/detection # Reference: https://www.virustotal.com/gui/file/e89f1dbcce9ac901b4acc0ff53e46aa8b3c77302ba52471145e467232a6b0cc1/detection # Reference: https://www.virustotal.com/gui/file/b3cb39eab84725f74d648d2b11e9bd7e2b8ed68eab53f531715876042792872b/detection # Reference: https://www.virustotal.com/gui/file/2985c84595079f66bfea12da232c8a39d05154c416644caa0e76c562eeffa3d6/detection 62.60.190.141:3232 62.60.190.141:4056 62.60.190.196:4449 62.60.190.196:8000 inventory-card-thumbzilla-ip.trycloudflare.com mercy-synopsis-notify-motels.trycloudflare.com sufficiently-points-est-minimize.trycloudflare.com # Reference: https://www.virustotal.com/gui/file/038c96a02627b159cf27cf05c2925750ba4c4135c03e4f564fc41ddf7cd5bdd2/detection contract-bouquet-risk-filed.trycloudflare.com # Reference: https://www.virustotal.com/gui/file/051f4b808bcd6e0c1b1ca6e19cafdeb211cd2db6ea952edffd29bbbbafa5bc67/detection welsh-js-reggae-hits.trycloudflare.com # Reference: https://www.virustotal.com/gui/file/0500fad5db9bf8ffc3724f58b977eb9ed4aea466311ab7d3a0c8601f3b7f35e2/detection muscle-european-entering-bigger.trycloudflare.com # Reference: https://x.com/skocherhan/status/1889230125746766042 45.126.209.2:8808 # Reference: https://www.virustotal.com/gui/file/b80ff63a5e595195b867c061340c4ef744bc2a270535f574cdce33b57bf40d12/detection 102.129.155.154:50693 fluff.ddnsgeek.com # Reference: https://www.virustotal.com/gui/file/cb700ed576eca52a6acbc6d17e5c921e56547543c821bfcf233fa0bfb77c64d8/detection 37.120.208.36:50888 # Reference: https://www.virustotal.com/gui/file/cb2ab90a0fd524a46ea8a5e60507e3476f5516fb9706e9698aabc79ae286806d/detection 172.111.218.112:50693 # Reference: https://www.virustotal.com/gui/file/a42e163bb903d7af8b2fefb4c2c8625442a3c29cadfd5770429d9d51d1031e6a/detection 37.120.208.36:50693 8.7.198.46:50693 93.46.8.90:50693 # Reference: https://www.virustotal.com/gui/file/4934adb67e7ed678e78a54a6a20efd4a29e4a57d0179a623bfd6aa7dbd35e9a7/detection 172.111.218.82:50693 # Reference: https://www.virustotal.com/gui/file/61efc2a286aa772d5776da4245dec3008aecf9b74c599cefbaab0eb3bdbb81e4 daninopati0212940.duckdns.org # Reference: https://www.virustotal.com/gui/file/3fccd21f03fce74947b69047d73ea1d050577b989cbf44fec58f8ff83e8b056c z6b7awkv2.localto.net # Reference: https://www.virustotal.com/gui/file/9c0de4497eaa83331042b40726e1884ea9450de842b0d6344f9be4b2a8b6be22 hola2025enero.duckdns.org # Reference: https://www.virustotal.com/gui/file/480d252fe44b734acbd5e5415f0e4f63da750a9da9d23d2b4d576c66a09a57d3 185.65.135.184:4449 # Reference: https://www.virustotal.com/gui/file/475e683e7e89edab8e8fcd5cf54f0412d4baa963326766d3e311a5bdb3c91088 dccccccccctarrrr.duckdns.org # Reference: https://www.virustotal.com/gui/file/79e7f04b18cd690be9da51f2598912f771b65d840202c86e59e2c2c1776ae8bf 109.248.151.166:8848 109.248.151.166:9948 coolingbrin.sytes.net # Reference: https://www.virustotal.com/gui/file/6f04b5d8e804dad7719e6255eacf8836dce2df08346faef67e959554b6ea3099 86.195.3.155:36174 # Reference: https://www.virustotal.com/gui/file/8eb730555a07ebbf3054518d70bbd48394957ee15c9f7adc9cc4921fa1a84ed4 zunteer.zzux.com # Reference: https://www.virustotal.com/gui/file/38a5e80c29409be6c8f1b22a0ba33ccfb6d6ea42af4ad0c92061c0797adcc6e1 pctrabajonuevo2.casacam.net # Reference: https://www.virustotal.com/gui/file/8519b3e6375f496c45aecf664aacb065252c8dded53bd9e20596c8e0a8b7936f 185.120.89.121:6606 185.120.89.121:7707 185.120.89.121:8808 185.120.89.121:1111 185.120.89.121:7700 185.120.89.121:1604 # Reference: https://www.virustotal.com/gui/file/66bd493bed1aa511f01ed89b3682f39831d9f9c3baf045714bca5abe68df3a31 80.64.174.13:8848 # Reference: https://www.virustotal.com/gui/file/01229f20bfea81957d74992f34a576be602d3625cdbbd3633768454d83448a74 corporation.warzonedns.com # Reference: https://www.virustotal.com/gui/file/ff14347f24bae34e4b0981247be21bdce6a798bf8c03be0bed212b44bf4d1367 147.185.221.24:43018 147.185.221.24:421 # Reference: https://www.virustotal.com/gui/file/6e29814679785d06b9b8fb774c6768a606fb3991baa9a76a7f1b784697cb3103 79.198.229.109:6606 # Reference: https://www.virustotal.com/gui/file/7f206b7326ec47ec6303cc17d35f9a3aa8af87736b64a0440e2f7bbb208302e2 efpytldav.localto.net # Reference: https://www.virustotal.com/gui/file/e98711b5928923e5b3497f36b48b14a087667d313c04939205b55ef71011377d driiftandsliide.freemyip.com # Reference: https://www.virustotal.com/gui/file/a4396b54c0e272c4309262d18e14d674bce8c0c2d45bd6036ee48a8e4da7d94b 195.88.218.126:2404 # Reference: https://www.virustotal.com/gui/file/1bea7c8a7315ae7916a1399e05595409b98f26eb11b5b585b1e1904a480a7dbe admin.ddnsguru.com # Reference: https://www.virustotal.com/gui/file/9d78eb7e467278512e6fae271c2f76a22da3f711da5e9b16d367ccda20505bdf 20.123.216.50:6606 20.123.216.50:7707 20.123.216.50:8808 # Reference: https://www.virustotal.com/gui/file/a5d2404e99e62f93715db22c16bf143479ff5889eee4c4731a41e4fd4b1a1955 updatewindowsdrivers.duckdns.org # Reference: https://www.virustotal.com/gui/file/c9c55879b6693e0968d259a180690284564be8ac0b482d21128c64792c62b97c soulis.ddns.net # Reference: https://www.virustotal.com/gui/file/03f3ccd645372422449f93a5e353f4613a200eff7ce5f792e48a62ca4aacd144 14.5.159.234:6606 14.5.159.234:7707 14.5.159.234:8808 # Reference: https://www.virustotal.com/gui/file/59930c83d569e7df4d5ec1b7e6689ba19dcb988c2686ca0589a15f40e30e945d 103.140.251.156:4449 # Reference: https://www.virustotal.com/gui/file/6e8a585b7fe69816dd387defa7ca1a3e058124cb23d9bb3aefa703620d28f47d 201.19.66.3:4449 # Reference: https://www.virustotal.com/gui/file/6ed4b0e18e1f8fd6cf0e8106c397b71cfb3c18298445da2b460f1eca6b41682f 94.103.125.36:1337 # Reference: https://www.virustotal.com/gui/file/0b59015ceb8923ea9a3ca362d8339ad8a1ed368165e446a385f4f3bbba7c53e1 mxrecords145.ddns.net # Reference: https://www.virustotal.com/gui/file/77fc7e85046431ddb8949e26c334dfdbbcdaa13a4ef2cd026176ef2285c168aa quin.ydns.eu 185.38.142.240:1962 185.38.142.240:1940 # Reference: https://www.virustotal.com/gui/file/67b85573bbea828d1bd0883171ee7c151fec3ac961b47d182285b0dfa3fd43d6 bernardodc27.duckdns.org # Reference: https://www.virustotal.com/gui/file/53c0bdc20170dae8a8cfd80cd0ca2050169dffb6a18073e7a53fcead6007db56 82.5.16.100:6606 82.5.16.100:7707 82.5.16.100:1604 # Reference: https://www.virustotal.com/gui/file/9cf2d5680422268191f8f5c6b829576483b85d85c4ee004215c8ca03f59f6a6e vgamopfyl.localto.net # Reference: https://www.virustotal.com/gui/file/68164fac3b5707340d3f506ab6b9c7505b3190b833b4347ee99d14ff6e4119dc 138.68.81.155:9416 # Reference: https://www.virustotal.com/gui/file/5d07ad572a6a37d07d0b7ca990087960ad8850d7cfc56b8c7270c826c70fb56b 159.100.19.137:7707 # Reference: https://www.virustotal.com/gui/file/822d16bec2ebbe30bcb5edafc50e9b880fc17dc79b2c5d4894ed85fa0af6fa3a lora1.varpourtec.com # Reference: https://www.virustotal.com/gui/file/d786bddf47f3b482cf35bd58847599007864c16342d29342e4e5cb56a1852425 hpdndbnb.duckdns.org gpmaw.duckdns.org sbdndbnb.duckdns.org xxxanonymous147.duckdns.org # Reference: https://www.virustotal.com/gui/file/d66d176a9c0a2ab158272b77a9567c26aebb20c6a006c2a50ea69a5ca6d3df61 45.154.98.87:8453 # Reference: https://www.virustotal.com/gui/file/c37e5f819dfc179eec4dcb5b40d599043c12143eef76f5dc30aababef6634637 opal.wtf temp.opal.wtf # Reference: https://www.virustotal.com/gui/file/db953eb1c9f1139a3fc18d8e81bdc1a58e2c460876df008c2abbbb0e44a08c8e 95.130.172.231:1604 # Reference: https://www.virustotal.com/gui/file/8812cd1b61dd388d8650229570c6320e6a02d820d3cbf4f443b075541d2a5b91 185.172.175.125:5000 # Reference: https://www.virustotal.com/gui/file/8208f177189e9d5b09ef88218f434caff3d1e991b9e672bb4ef72b008b474505 Nightmare15.strangled.net lastofdr51.mywire.org # Reference: https://www.virustotal.com/gui/file/521aebf8d36328cd45320ee2fd34c0d0abe0083b91a3a7d95898ca01bcc4d57c 105.100.184.221:38672 # Reference: https://www.virustotal.com/gui/file/07bf133f22af5657296dd843256fc53782b47903b4d4ff0e4c4d6e48b649f7ae 216.131.114.25:4449 94.176.251.230:4449 # Reference: https://www.virustotal.com/gui/file/9fc9b137345c1b9380f27acbb4b730a1b5779199fbcb7a89e45691d6ea0e8322 sefargic.ddns.net # Reference: https://www.virustotal.com/gui/file/23cb7100d2735cbb026bdffb315342b546fb3d30f6ca6b04d753cf30c0af498c wxoct0znb.localto.net # Reference: https://www.virustotal.com/gui/file/627d1ab1c109a29569c2e05322d7c0cdbd1812969c932a66a00d9d9d065f68af sillyrat.duckdns.org # Reference: https://www.virustotal.com/gui/file/79a23e29085113b45b0f15563b1884dd9c62eb89903898c253bdd111c99478b3 discotek.duckdns.org # Reference: https://www.virustotal.com/gui/file/d79416a475f66f1da2aedf24251c0677f24d6103a3346da901c996350bb6c94b closecaption.duckdns.org # Reference: https://www.virustotal.com/gui/file/d979d7193ef9924bc91dda07ba7bb9e6cba5919ffb618997617465fc5cbda053 46.183.223.55:22355 # Reference: https://www.virustotal.com/gui/file/4ea299cdab31dfd53acf2c0fb27bc833d44a2e74125120bde4e32ba321712452 138.68.81.155:3629 # Reference: https://www.virustotal.com/gui/file/b9217caf1a56ebb0555888ad084d2f2abd78c1709cf4ded94e2f0779455e1e93 138.124.58.209:9999 # Reference: https://www.virustotal.com/gui/file/0223191d6e3e3bc1f6e6b21cd8b05a850eacc0d41a60b0e1b373208ad0544629 al3nzi1.ddns.net # Reference: https://www.virustotal.com/gui/file/483c012383756e9cdfd2f9582c5dfe64dc46078b233a3da6d7bf6b6b58178d65 gfsgvbxcv.duckdns.org # Reference: https://www.virustotal.com/gui/file/0a6a6f0e918a8006263ded46b0f59a9329e5a5e90e48bc445c85c4c6ab728484 spydt.ddns.net # Reference: https://www.virustotal.com/gui/file/1c78411bbff6330df4be117113ab83fed1830747070434c362b132c82a367346 lo4t20cbd.localto.net # Reference: https://www.virustotal.com/gui/file/25686e1d9cd98840a2b407f64153114fc79014bf6b60a505c3ff26794ddd02c7 routed.ddns.net # Reference: https://www.virustotal.com/gui/file/2fee4e907cd7c48451d63a92a2002d64ac006445a1f6b8e0314f37bdc40f7823 57.129.65.114:4449 # Reference: https://www.virustotal.com/gui/file/a9209bdbd956d22b0e11261bdf0a5fb7896ad417d9f4698f654eca4396c2cb3b nano.nortonxen.xyz # Reference: https://www.virustotal.com/gui/file/71ca53bb1d956d054fb9e6873d8a1011d48d26f7e71559437cc7fc21558616f1 violenr.duckdns.org # Reference: https://www.virustotal.com/gui/file/c8efffa3ca654683d7e9c0d70acd9e634137fd5ef2d8eab58da69dbd2eeffdca 97.84.236.65:4449 97.84.236.65:1111 # Reference: https://www.virustotal.com/gui/file/1326378d89b103caaa3823f19fbe56bf01604c2530f22a0e3b33c7a417dfdbfa 83.250.165.180:6606 83.250.165.180:7707 83.250.165.180:8808 83.250.165.180:8888 83.250.165.180:4449 83.250.165.180:5552 # Reference: https://www.virustotal.com/gui/file/edd24c30683dada8fff1467c2c6b82af1e4d084286130a06e836d8d2d5c38513 172.178.66.209:1001 172.178.66.209:7707 # Reference: https://www.virustotal.com/gui/file/105717ef3faf7237e0b56e2f9cac8c127a38aedd086ca043c1af1d49f293e311 karalarbaglar.duckdns.org # Reference: https://www.virustotal.com/gui/file/e67a4948fcc309ce41626b3d5fe8457549f78e9f2977353022847dcf3d3d1aa9 nohop1998.ddns.net # Reference: https://www.virustotal.com/gui/file/0031da4d41173e3451287435436aae1249e50d929b671fd1d117743ef4114b18 dapppzmmfdsf.ddns.net # Reference: https://www.virustotal.com/gui/file/5c3794ebbf18a66dce6ab873a77bf8bcc263649f3854e6efcfeb414176628de4 159.100.19.137:8808 # Reference: https://www.virustotal.com/gui/file/458807fae1ffa0818d90d84d0e5b90bfbcba1fe2f8c7e496e1d63c821c2e387a 143.198.150.161:4448 # Reference: https://www.virustotal.com/gui/file/7e028b2c8a839a3a8249b0ba9755cba8bf86b811ad5adeac40d409f41470ed89 lafamille.ddns.net # Reference: https://www.virustotal.com/gui/file/7e6dd25f1287c461a4695d04c68c0aa1f517fa097cac9145181682659046a8d5 sendandendco.dynu.net # Reference: https://www.virustotal.com/gui/file/b7aff47603348cbccc7fda4edb42ab27a5d11d1f5a41431cc4219f83f791aec4 2201.mysynology.net # Reference: https://www.virustotal.com/gui/file/da0f02ff0f11de8f8b429a41bb82e488436c66142b97168b0def9867db23d808 45.76.50.199:6606 45.76.50.199:7707 45.76.50.199:8808 # Reference: https://www.virustotal.com/gui/file/361d7c479186ed1a1d4e81fede342351cd8658205dae89003abd9ca0e9a8f695 tripplescompound.dynuddns.net # Reference: https://www.virustotal.com/gui/file/812ca6e25008598db72f5deacbf0ac9ab573e1dbf442ede02041a293966ea207 dsffdsfd.ddns.net # Reference: https://www.virustotal.com/gui/file/2a0c73578dd2c87e8a68ecc935a682ee93afdb47451e2cd8916ab1fa05034c62 95.167.151.253:7707 # Reference: https://www.virustotal.com/gui/file/4c6da0ef2a8ad35499ccb9bc5b20ae82f76a7714315ff0977bcd9e7661aea93f choomai.ddns.net mabaolong.duckdns.org # Reference: https://www.virustotal.com/gui/file/dda8f21074d9169df8d8857d999b60a5759537e7a575a6c405ebbd8b04c32979 pgdlszu4n.localto.net # Reference: https://www.virustotal.com/gui/file/b72d854a93a284668b73e9c7452be13656bd2dfe708e05216678f3c6b0f09794 222.254.63.166:6606 222.254.63.166:7707 222.254.63.166:8808 222.254.63.166:8818 14.162.56.222:6606 14.162.56.222:7707 14.162.56.222:8808 14.162.56.222:8818 # Reference: https://www.virustotal.com/gui/file/795cdbb86ae190f02eeebce7c7adef57f0b28eb7c1689b88a748c9aa04060c14 45.200.148.105:2422 # Reference: https://www.virustotal.com/gui/file/d0435cd60df09800f1f3a585a87c1309a54646fdb095781f6a6f7290535369df 24.ip.gl.ply.gg # Reference: https://www.virustotal.com/gui/file/875c77cf66729c84b1d91cd23c5d40334a4c822fa4303138e858214f652e3ddb powdlaunm.localto.net # Reference: https://www.virustotal.com/gui/file/c130a66d2d3540b201ecb553732992dd3a8906a4baeff7b694910f22de3e90a5 85.235.74.64:8848 # Reference: https://www.virustotal.com/gui/file/bba0e51b546fc32428243f5a845fdc77f731afbd4fa3796fc208d5eb515885d5 letsago.freemyip.com # Reference: https://www.virustotal.com/gui/file/c21d5260724431efae12aed5c03db01393364cff677cd37f0d2ecae16a840ece 86.246.123.49:4545 # Reference: https://www.virustotal.com/gui/file/c18c44daf036132179aede5564b5bbc5c084098810d59c1faa887bed8808071c 95.216.52.21:7575 # Reference: https://www.virustotal.com/gui/file/2e20fbdc19ba991a2a2598fd40f930db404febc474b1f15f979e7ccfbc789d4c pctrabajonuevo.casacam.net # Reference: https://www.virustotal.com/gui/file/e80b97f2282f8648316418a062c184fafd0ba2f75ca6f018d9774871db564bc8 fi1.localto.net # Reference: https://www.virustotal.com/gui/file/2a746bfe6cc7409d820b7efd69997d280c094c53a26a863c9a2a9b3dadc64ea5 l0cphgzgx.localto.net # Reference: https://www.virustotal.com/gui/file/440fc9039749ecbaa4b8a511c1cc7c140be49173b4618854b198b56f6f5def99 holadic23.duckdns.org # Reference: https://www.virustotal.com/gui/file/3e76598b8086857c38e2016dc729fa4879136e46b6f5962ff0b042ef35666b50 85.235.74.64:8808 # Reference: https://www.virustotal.com/gui/file/3934bf1a26e8e41236cc287f72e7dc934600c16518e5ff72e39d95f9681113bc SoportesDelRadicado.casacam.net # Reference: https://www.virustotal.com/gui/file/e8a82e05192895ad353e55a023a131ce3ef03d363f079a0a86f238b82a7c9d1b testing.cryptodory.online # Reference: https://www.virustotal.com/gui/file/fe45acb74cee8d154ffdcc3e7a5969b44fc556a24b09a2f44b536993b1ab7162 zunteer.bounceme.net # Reference: https://www.virustotal.com/gui/file/7bb046bb513f61bb2f038262e0355f239b0daefc081619cb51039bf0cf796033 31.57.243.64:6606 31.57.243.64:7707 31.57.243.64:8808 # Reference: https://www.virustotal.com/gui/file/8984e5f0d0594360656c2dc828d1ad7be3908120c68c4e6e5c790072b0af6455 148.113.165.11:4040 # Reference: https://www.virustotal.com/gui/file/4ba96b5a4d64c0541576a5c3a79441947c17a11e7e3028a8f662a2169e6e0f39 89.208.113.167:9999 # Reference: https://www.virustotal.com/gui/file/2f39f699434d9b35a17ae4aa9ae24049ea240bc6fe918c207d51ac00b5aaf18a 172.94.14.88:4449 # Reference: https://www.virustotal.com/gui/file/05d798868420c23414fb4cb9874f17372651225c36a06946b8470161933b16ed 6sbh1vn47.localto.net # Reference: https://www.virustotal.com/gui/file/57490eab4c55cabedda2c747d8af7e7fb78546fb12bcaec6b56c33be7db09247 2.56.109.146:4449 # Reference: https://www.virustotal.com/gui/file/1659db1c128cc72c1d5db8ec73a93cc89cc684f00a4c2b83b76fef32af45fe07 letsgetdigging.hopto.org # Reference: https://www.virustotal.com/gui/file/0005734def9d7b56e97311f84dfbaf9e0e0576afb3a6c64aa98c8e456a583913 2.59.162.144:2000 # Reference: https://www.virustotal.com/gui/file/167e132958fcb684d1f20732338c1126bdfa6caa9c29770cc653dd68e68a080a majoranon.ddns.net # Reference: https://www.virustotal.com/gui/file/ff98728bb7bfa7fdd9f1da1f6b45fe64fb46b4bd7fef58634fad01d3b37ec155 193.161.193.99:52920 193.161.193.99:3333 # Reference: https://www.virustotal.com/gui/file/7f1a8d01c90dcd7375094bbe804bb648dffc59d58ea485b43649b473fb8af398 103.45.66.106:56003 103.45.66.106:56004 103.45.66.106:56005 # Reference: https://www.virustotal.com/gui/file/59dea1d9ba7f4f2d28d3193ad81f5053504e120a157f915b5ab3c6ef7f602f05 winupdate.linkpc.net peakypinkers.duckdns.org # Reference: https://www.virustotal.com/gui/file/4a3ef961dcc567c117b5b604648253dbd43880ad9932426a8d81d6abff5ff106 213.142.159.59:1605 # Reference: https://www.virustotal.com/gui/file/cbc0fb3276d3040a8f6ab41ab0ce9b620ad3eb4eae8b59640a82017917c3fb8a 85.31.47.59:8848 # Reference: https://www.virustotal.com/gui/file/fd10eeaff94d27c0bcc1cc1d3d544d523d336d316b7ae5fd09b528d0879560a7 93.123.109.39:4449 # Reference: https://www.virustotal.com/gui/file/39e9de563fb308499965ea8c138875b302565d8747c0efb68b9a357f33d6670b 162.250.127.123:4449 # Reference: https://www.virustotal.com/gui/file/5d084015f7795b44e176d48b5d9f12ddaab0db2fefbe1e60ef926855c67191e8 193.161.193.99:33214 # Reference: https://www.virustotal.com/gui/file/aac8b376454ff9e0596c000a236f1f5bcca1ccadd597ace02e36610e6f49ca88 syria3.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/ce1ad9dfeb60757f263df6d391db41202c7722cd412e4cf9f0e21ba17c5db238 marklandis.ddns.net # Reference: https://www.virustotal.com/gui/file/6267bd1c0e79b10a86b2a07f213fb19b4ed32cd6cd9c723dff8f17025acafb2f 25.ip.gl.ply.gg # Reference: https://www.virustotal.com/gui/file/33900d8aacf1d6d2d93c1851a4f27b2ec2d841b97d6550208ee537dc27ee6e9c 195.26.241.171:4449 195.26.241.171:5353 # Reference: https://www.virustotal.com/gui/file/6a3246d84a7dc156a06120f0d4373661743d748de6109575473adcf5071d6419 193.161.193.99:49446 # Reference: https://www.virustotal.com/gui/file/1bbc8b0a6809596eb4d2540975af348fc9b07fd832e4461671d3f65d8f9f8dbc 147.185.221.251:18020 # Reference: https://www.virustotal.com/gui/file/546760dd7e0f5d6f2e46d42c275e9b00a1bcb59e6146b43cd0b2d3a8b8ee0f73 98.66.170.99:1024 # Reference: https://www.virustotal.com/gui/file/62f8cfee286a706856ebe02b176db9169ae776c6609c23016868887ea6b0ab98 163.172.125.253:333 # Reference: https://www.virustotal.com/gui/file/a562085b69257c57d26a31829317a1064ec1749266699393de5dcfd3a19cf8cb woolingbrin.sytes.net 87.120.121.160:8747 87.120.121.160:7477 # Reference: https://www.virustotal.com/gui/file/cb14f3b98ae1f82e9847a1abb9a18ec11da11c33ee8b64a356ad14e9c0452dc3 134.122.183.155:31214 # Reference: https://www.virustotal.com/gui/file/87927528e6b2f242190828e6951260e068ba16ab6250adbcba190ef8ad459a5a drpras.duckdns.org # Reference: https://www.virustotal.com/gui/file/b875598478872e91797af75764bef4c8489574fdef5f782ca960de7eda843780 dcrat2013.duckdns.org # Reference: https://www.virustotal.com/gui/file/6c4aff551902c406ab8e01ed1b12ed853c62210fc1063d87a9eaf122d891d871 88.167.109.19:35000 # Reference: https://www.virustotal.com/gui/file/38b38fae71245915c932a8c51ed0926b5b1f77800fdf55fa9519ec9b15185326 rwqeto4ga.localto.net # Reference: https://www.virustotal.com/gui/file/88ddf04406650345e5587783e3deee74be768fef366b4cb0a5924c8ee53f5dca carloscaicedo405020.duckdns.org # Reference: https://www.virustotal.com/gui/file/0dde3da849f17f8b2d89bf2ff9d18d4b02585d5951d730fa91df77e123d44a8b 147.185.221.251:8070 # Reference: https://www.virustotal.com/gui/file/e252fea558e7445ba71b5e3b284201f151a7fd85bdbab1c03f25b2758b9d455b envi020251.duckdns.org # Reference: https://www.virustotal.com/gui/file/57376a7ec745a40f662ce995d0180867e7fafec8b7b4dc3f2043a6cc526211bd 86.176.113.167:9112 # Reference: https://www.virustotal.com/gui/file/4a3ea714d09ab2703771f02f94cbeb7e9499c319e0aec7b23645fd143835d35a 89.84.63.139:6606 # Reference: https://www.virustotal.com/gui/file/0d27c3fd2bd9a18177a99dd071cf55908298120370fd0ef4e102c3ddeea9169a 52.12.198.198:19843 # Reference: https://www.virustotal.com/gui/file/2a8277aee2d29352aa27fb6a1f40f0e6127f7064fa7eb53bfa56cd5877cd37e3 154.216.17.202:4449 # Reference: https://www.virustotal.com/gui/file/8a3749068e30b15f941d9fda6ec5b53bf596fbb4c12faf08a768f223308ce097 45.141.151.245:1604 # Reference: https://www.virustotal.com/gui/file/10ba8983674ddac8bec9f45401066b4886ecd6c8ff718becbf1f764256a02982 govpet.mysynology.net # Reference: https://www.virustotal.com/gui/file/bb5dfccb663bc21c35e3daf3b84df947f064ef47760ba6a4611a570193a03517 torrentmovie.store # Reference: https://www.virustotal.com/gui/file/c2a4957c26526d93e5aab735392c00efff50b59985e1ba141e0cb02f1d3071b5 27.124.6.137:13651 # Reference: https://www.virustotal.com/gui/file/d5c633cb5c685f6822e2023fee22de7e36e6fc761fb02f2286891649a2d41919 103.189.202.166:7707 # Reference: https://www.virustotal.com/gui/file/4e62abb1e27644784576d415c4d4ab2d726611d87c91ae432991acc8f7a5ca7a windowsdrivers.duckdns.org # Reference: https://www.virustotal.com/gui/file/e54321374450428e2950c31380e8f60afbaa6d611c6c8b95d3976b63aea37f7e 185.146.88.217:1024 # Reference: https://www.virustotal.com/gui/file/fa32ea24d1a6041be009ad0c59ce61f3d00e0588700c709c0222ecd8c38c3753 driveswindows.duckdns.org # Reference: https://www.virustotal.com/gui/file/4e41fd5005a2f050b89eeb88bd6d8d4462ece6fa9331934303139e77cea7cfa5 212.64.199.77:1605 # Reference: https://www.virustotal.com/gui/file/1b0be562bf434314a8d784f0228b72b07fcb4c090c6f06fb16ba6c5af4147b02 w98snw73idknf486g37d9ijn3u.duckdns.org # Reference: https://www.virustotal.com/gui/file/546d2fb1d84c9efb2519c9c3ecd2120b8ec341868b36196c4cc17ee6bc9046f8 147.185.221.23:19506 # Reference: https://www.virustotal.com/gui/file/7517bcffd7064976be548b3e17bc70609b3b3dd34d3414df8267b71ae09531dd 37.30.52.243:6606 37.30.52.243:7707 37.30.52.243:8808 # Reference: https://www.virustotal.com/gui/file/7c36dc83a1a70ffebd7d4fcff5c713b67e657280e2ad9600625a0202f38404ce 95.216.85.167:7707 95.216.85.167:8808 95.216.85.167:6606 # Reference: https://www.virustotal.com/gui/file/e140c3449292b123889f6a425151f17706ba704dde65c560de99d732840b31ee fr8ltcyjf.localto.net # Reference: https://www.virustotal.com/gui/file/79dc8950dc9dfdb935f3581a39f02faaec845daf4cd3cddb51141f5a6d7356d8 0z2fyyf.localto.net # Reference: https://www.virustotal.com/gui/file/e67e8f5f71cfaec60eddeb02cb472d50f2cb9769629e78d5575fb172b9eee3ea 103.78.0.119:3232 # Reference: https://www.virustotal.com/gui/file/f6adf51b39113fca2d7e6e307ab861ead23174ef6d3d67b6179c0746fde1caed 91.92.249.72:4449 # Reference: https://www.virustotal.com/gui/file/fcfa019e7f832183a09b8badb842562d8138875fd51f833758086b80ec7951ec getocoins.com # Reference: https://www.virustotal.com/gui/file/0bb560a3de9032a34f50ffaf900d69a060ff858295fca93f2e00c99de4f5317f carloscaicedo4050202.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0a261718aad68135f049b482ca23659c1adb15f80b0a62fa3e9fb5b29465a98 86.246.123.49:4449 # Reference: https://www.virustotal.com/gui/file/7cbc6a4f26aeadd1ff1cc0bd9b6f3db9b439e1ba2ac6b26502306b91df43a6cf diciembreee.ydns.eu # Reference: https://www.virustotal.com/gui/file/96b4c913a72de0b22573377f84b282e643d8fdf6978d977b31a65231288d3abc vic11.duckdns.org # Reference: https://www.virustotal.com/gui/file/d2437b57823eca9310c5b925f4510203847efca7ca3ae0b504444934e1ef9639 cococovid202420242024.duckdns.org # Reference: https://www.virustotal.com/gui/file/96ff1915944c8c70841a458e320c2f75a020912488dae6a541843d3dd073cbb5 185.254.28.125:1337 # Reference: https://www.virustotal.com/gui/file/241e0b0c4ddca36d0f87d7502317af56c6a5a09ebd444680079b1d13e7931f3d 213.14.158.35:1604 # Reference: https://www.virustotal.com/gui/file/bc14f7046844c82d227dc8470763804a0b99e3ca5db6fb5c17083722aa103056 ywsfalsysy.duckdns.org # Reference: https://www.virustotal.com/gui/file/b3a132854380095953d70375218bf5af33d44d6c83ff660b09eade79cfbcdf79 95.105.52.228:7777 # Reference: https://www.virustotal.com/gui/file/52a5d336f243bc7df797bf55de1a8344923cfcaa151a0f70d33adb9e78607f6a transfermone.dynuddns.com familyfriend.dynu.net # Reference: https://www.virustotal.com/gui/file/32c810f169a80b2db4673c130f8437f352f381614dea6db7a12c97bf0351643a 73.237.81.57:6606 73.237.81.57:7707 73.237.81.57:8808 73.237.81.57:3389 # Reference: https://www.virustotal.com/gui/file/beffa3ab7abb320dfe41d8fbe86d2cc3ef1b10a03ebd07b8bcb8a1b8457ff6a2 176.96.131.47:4449 # Reference: https://www.virustotal.com/gui/file/0de2df2a273d06be5483fcc5b469eb794a30b591f84361776f44f7b4ced854b8/detection wrestling-parent-gif-interstate.trycloudflare.com # Reference: https://x.com/malwrhunterteam/status/1890304679893926279 # Reference: https://www.virustotal.com/gui/file/f65acbf690892d75bf4cbf841d8b39710d318c25d5cf814d7eafcd299206ac74/detection 157.20.182.8:9992 digitalservice.ddnsguru.com # Reference: https://www.virustotal.com/gui/file/72fbd1ff51ffe29a6f39597ad502a8d2d27d78c89a0aa05d2c53e4e2e8184dc1/detection check-for-status.cc chillyhiss.update-checker-status.cc # Reference: https://www.virustotal.com/gui/file/328b91615be5586165361502eb40a9014d538d5ef00a7a0a17f934d2e7cde869/detection 181.141.10.122:7707 pfwpifjwifksdfwjrfojnefoksorf5.duckdns.org # Reference: https://www.virustotal.com/gui/file/0e41c5537dd336afb767dc020dcebeb61b06c575657f9a88de4fcb2438dafb1f/detection 94.156.166.240:8808 # Reference: https://x.com/DaveLikesMalwre/status/1892271857761427667 # Reference: https://app.any.run/tasks/e72bda57-1f6a-46d4-be4b-def567b23676 # Reference: https://www.virustotal.com/gui/file/cc7e71f79b82007b13ebed7bd1e9d7e4f583a3b1cf0cd2bac92c124cc3809610/detection # Reference: https://www.virustotal.com/gui/file/c48de72e3d33017a1573ea1a470aa3098a8eb3a533f08127be53a44698fb8582/detection 128.90.103.206:9001 128.90.106.102:2018 128.90.122.182:9001 45.40.96.159:8080 cdt2025.ddns.net # Reference: https://x.com/malwrhunterteam/status/1892270312361787695 # Reference: https://www.virustotal.com/gui/file/4287b4ac97bf3626de77a95ad2ed1bb896afee11f49b5ab58597d6fba12daf9d/detection 179.13.0.133:6606 179.13.0.133:7707 179.13.0.133:8808 94.154.35.80:8668 salv123.com bypatrokcer.duckdns.org bypatrokcerbk.duckdns.org # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2025-02-20) http://178.212.32.33 http://38.242.146.249 http://45.138.16.50 http://72.10.160.170 http://74.204.137.48 http://94.113.123.153 100.37.20.232:4872 101.99.76.120:7707 101.99.91.31:3982 103.141.69.160:6606 103.141.69.160:8808 103.145.50.68:8080 103.195.101.225:8808 103.83.164.33:4449 103.83.164.33:8000 104.194.132.138:111 104.194.132.138:7001 104.234.204.211:8808 104.234.205.134:8088 104.234.205.134:8808 104.238.189.71:1992 105.100.250.154:39687 105.101.179.171:38672 105.101.189.52:38394 107.170.60.30:4000 107.170.60.30:5010 107.170.60.30:6000 107.170.60.30:7000 107.170.60.30:8000 107.170.60.30:8088 107.170.60.30:8808 107.173.62.67:8808 107.175.101.134:7707 107.175.202.140:4449 107.175.202.158:25565 107.175.202.158:6606 107.175.48.5:8808 107.178.106.141:2468 107.178.106.141:6606 107.178.106.141:7707 107.178.106.141:8808 107.208.148.72:1492 108.181.174.200:8808 108.61.217.60:8888 109.248.151.171:63393 109.248.151.187:49181 113.219.237.106:8848 118.107.40.222:7415 118.99.98.155:10549 120.156.150.101:8080 122.179.205.60:8848 123.249.104.74:4449 123.99.198.130:13792 123.99.198.130:5418 123.99.198.130:5419 128.90.102.127:5000 128.90.102.97:5000 128.90.102.97:9909 128.90.102.97:9999 128.90.103.206:2000 128.90.103.206:5000 128.90.103.206:9999 128.90.113.141:5000 128.90.122.182:5000 128.90.122.65:5000 128.90.122.65:8808 128.90.122.69:2000 128.90.122.69:8808 128.90.122.69:9999 128.90.123.117:5000 128.90.123.218:2000 128.90.123.218:5000 128.90.123.223:5000 128.90.123.223:9999 128.90.123.94:9999 128.90.123.96:5000 128.90.128.199:8808 128.90.128.54:8808 13.211.229.208:8808 130.195.222.141:4444 134.122.128.89:1234 134.122.128.91:1234 134.122.128.93:1234 134.122.189.27:56003 134.122.189.29:56003 134.122.189.39:56003 135.148.12.122:7077 135.148.89.85:7077 136.0.157.45:8808 136.0.3.250:4449 138.68.81.155:2301 141.144.239.133:22 141.144.239.133:30058 141.144.239.133:6606 141.144.239.133:7707 141.144.239.133:8808 141.95.84.40:6465 143.198.82.194:8808 144.126.149.221:0077 144.172.92.114:3000 146.103.11.125:6606 146.103.11.125:7707 146.103.11.125:8808 146.103.11.139:6606 146.103.11.139:7707 146.103.11.139:8808 146.70.113.148:4444 146.70.158.209:5555 147.124.210.158:4449 147.185.221.16:56793 147.185.221.17:37531 147.185.221.18:5050 147.185.221.19:25944 147.185.221.19:28126 147.185.221.19:29253 147.185.221.19:38630 147.185.221.19:42550 147.185.221.19:43234 147.185.221.19:45994 147.185.221.19:51939 147.185.221.19:52033 147.185.221.19:54226 147.185.221.19:8000 147.185.221.19:9090 147.185.221.205:4449 147.185.221.205:52809 147.185.221.20:1083 147.185.221.20:22308 147.185.221.20:29034 147.185.221.20:46193 147.185.221.20:49151 147.185.221.20:9912 147.185.221.21:33927 147.185.221.21:448 147.185.221.21:46268 147.185.221.21:5552 147.185.221.21:60519 147.185.221.21:8848 147.185.221.225:54312 147.185.221.22:16160 147.185.221.22:40680 147.185.221.22:444 147.185.221.22:63702 147.185.221.23:28959 147.185.221.23:35540 147.185.221.23:54025 147.185.221.23:6606 147.185.221.23:8808 147.185.221.241:14954 147.185.221.245:56924 147.185.221.24:11061 147.185.221.24:1337 147.185.221.24:26550 147.185.221.24:40668 147.185.221.24:6902 147.185.221.25:14000 147.185.221.25:3604 147.185.221.25:36411 147.185.221.25:40021 147.185.221.25:46315 147.185.221.26:1125 148.113.139.241:5500 149.102.147.106:1000 149.102.147.106:5505 149.143.127.81:7707 149.22.238.141:4449 149.22.238.141:53 149.22.238.141:7000 149.248.79.87:4440 149.248.79.87:4446 149.28.115.180:7788 149.28.150.93:3299 149.28.150.93:9203 149.88.73.200:8856 152.70.113.69:24329 154.12.240.75:8808 154.12.253.45:6606 154.216.16.111:8808 154.216.20.182:8000 156.245.19.167:3956 157.20.182.102:4449 157.97.11.134:8080 158.220.83.114:1001 158.220.83.114:1002 161.10.153.176:7575 162.238.154.3:4449 162.244.210.40:8808 163.5.112.227:8808 163.5.169.248:8808 163.5.169.43:222 163.5.169.43:2222 163.5.169.43:888 163.5.169.43:8888 163.5.210.118:6667 163.5.210.32:7001 163.5.210.97:8808 163.5.32.125:8808 163.5.32.127:8808 163.5.32.231:8808 167.172.135.43:8808 168.119.119.140:6606 168.119.119.140:7707 172.111.137.100:3890 172.111.137.101:3890 172.191.149.124:8808 172.81.132.46:8080 172.93.218.10:8808 172.96.172.183:8808 173.212.229.31:6606 174.95.254.210:8808 176.111.221.97:8808 176.65.137.182:4449 176.65.137.89:8808 176.65.138.184:3939 176.65.141.101:7707 176.65.141.101:8808 176.65.141.235:4449 176.65.142.245:8808 176.65.142.65:8808 176.65.144.125:1504 176.65.144.125:8808 176.65.144.125:8888 176.65.144.162:8808 176.65.144.164:5222 176.65.144.19:8808 176.65.144.205:8808 176.65.144.60:2000 176.65.144.60:8808 176.67.81.11:443 177.22.115.185:13153 178.128.29.38:8808 178.208.169.232:8808 178.212.32.33:6606 178.215.224.247:2222 178.215.224.247:4444 178.215.224.248:4444 178.215.224.50:2525 179.13.5.14:8808 179.13.9.42:8808 179.43.139.194:4449 18.231.223.127:4449 181.41.194.91:6004 181.41.200.226:4000 181.73.20.67:8080 185.126.34.129:6004 185.19.85.183:55001 185.196.9.225:6606 185.196.9.225:7707 185.196.9.225:8808 185.205.210.59:4444 185.208.156.153:1856 185.208.159.240:56001 185.214.10.79:8808 185.248.101.170:1366 185.254.96.154:1111 185.254.96.154:4449 185.49.126.166:2004 185.49.126.166:6606 185.49.126.166:7707 185.49.126.166:8808 185.49.126.235:1999 185.49.126.235:2004 185.49.126.235:6606 185.49.126.235:7707 185.49.126.235:8808 185.49.126.245:6606 185.49.126.245:7707 185.49.126.245:8808 185.49.126.27:7707 185.49.126.27:8808 185.49.126.52:6606 185.49.126.52:7707 186.169.52.131:8092 186.169.60.145:11103 186.30.179.127:8080 187.18.72.113:1177 187.18.72.113:21053 187.18.72.113:4449 188.126.90.10:9002 188.127.231.164:8808 188.127.240.186:7771 188.127.254.108:4444 188.127.254.108:5555 188.127.254.108:7777 188.127.254.108:8008 189.14.62.242:21053 189.14.62.242:4449 190.104.116.8:6606 190.104.116.8:7707 191.101.157.122:35870 191.101.209.39:7707 191.96.166.74:8808 191.96.207.168:2004 191.96.207.168:6606 191.96.207.168:7707 191.96.207.168:8808 191.96.207.172:6606 191.96.207.172:7707 191.96.207.172:8808 191.96.207.227:8888 191.96.207.70:6606 191.96.207.70:7707 191.96.207.70:777 191.96.207.70:8808 191.96.207.75:2004 191.96.207.75:6606 191.96.207.75:7707 191.96.207.75:8808 191.96.207.98:6606 192.151.243.230:54612 192.238.134.81:8848 192.238.134.82:8848 192.252.186.220:3534 192.3.189.150:6606 192.3.189.150:7707 192.3.189.150:8808 192.3.238.130:5555 192.30.241.106:49754 192.30.241.106:56002 192.30.241.217:8808 193.142.146.179:8808 193.143.1.72:8808 193.143.1.72:9090 193.161.193.99:32954 193.161.193.99:3334 193.161.193.99:35558 193.161.193.99:36206 193.161.193.99:41111 193.161.193.99:44454 193.161.193.99:4448 193.161.193.99:53068 193.161.193.99:53757 193.161.193.99:56266 193.233.255.79:8080 193.26.115.107:6606 193.26.115.238:8088 193.26.115.48:8000 193.26.115.52:7707 193.26.115.52:8808 193.38.248.56:8808 193.57.137.78:5555 193.83.1.168:4444 194.110.13.70:1111 194.147.140.169:3307 194.163.171.47:9292 194.32.149.186:8848 194.33.191.195:4449 194.33.191.246:6606 194.44.26.124:7707 194.5.97.229:1195 194.59.30.85:8808 194.9.6.96:4449 194.9.6.96:8665 195.177.94.190:6818 195.177.94.190:7000 195.177.94.54:4449 195.177.95.232:443 195.177.95.232:8808 195.177.95.232:9090 195.211.190.122:6606 195.211.190.122:7707 195.211.190.122:8808 195.26.245.113:6606 195.26.245.113:7707 195.3.223.146:20000 195.3.223.146:4442 195.3.223.146:5553 195.3.223.146:6666 195.88.218.76:6606 196.251.116.95:444 196.251.116.95:4444 196.251.116.95:5555 196.251.116.95:7777 196.251.118.49:8808 196.87.121.175:6606 196.87.121.175:8808 197.153.136.106:8808 198.167.193.42:8808 198.167.200.74:8808 198.167.210.62:6606 198.167.210.62:8808 198.167.215.35:8808 198.167.216.74:8808 198.23.158.69:6606 198.244.224.197:6606 198.244.224.197:7707 198.44.128.113:8808 199.204.161.37:8808 199.204.161.38:8808 199.204.161.39:8808 2.58.56.218:6606 2.58.56.218:7707 2.58.56.218:8808 2.58.56.94:111 2.58.56.94:555 2.58.56.94:6606 2.58.56.94:7001 2.58.56.94:8444 20.161.64.148:1604 20.161.64.148:7707 20.161.64.148:8808 20.203.173.201:58110 20.224.66.176:4784 20.36.20.111:1604 205.172.57.134:8808 205.234.181.253:4444 205.234.181.253:8008 205.234.181.3:8808 206.238.220.237:4449 207.148.2.31:3604 207.148.2.31:4449 207.231.111.82:306 207.244.238.106:6606 207.32.217.253:6606 207.32.217.253:7707 207.32.217.253:8808 209.46.127.181:444 209.46.127.25:888 210.53.210.53:1177 212.162.155.84:8808 213.32.110.136:8808 213.32.110.136:8888 216.173.112.219:8808 216.189.134.79:6606 217.105.23.4:4449 217.105.23.4:7000 217.215.65.213:6606 217.215.65.213:7707 23.175.50.116:7707 23.175.50.140:6606 23.175.50.140:7707 23.175.50.140:8808 23.254.226.86:8808 23.88.104.194:4982 23.94.126.207:1999 23.94.126.207:2004 23.94.126.207:6606 23.94.126.207:7707 23.94.126.207:8808 24.167.114.213:7707 26.119.255.204:25868 26.129.198.185:6606 27.124.4.150:51311 3.142.167.54:4449 3.142.167.54:600 3.142.167.54:800 31.13.224.69:49731 31.57.135.113:4199 31.57.166.130:6606 31.57.166.130:7707 31.57.166.130:8808 31.57.166.52:6606 31.57.166.52:7707 31.57.166.52:8808 31.58.169.102:6606 31.58.169.102:7707 31.58.169.102:8808 34.174.254.138:8808 34.58.66.17:4483 34.66.204.146:443 34.70.24.145:8808 34.92.223.98:4449 37.112.34.178:1070 38.128.251.50:47792 38.180.9.93:8848 38.255.37.248:7000 38.255.37.248:8245 38.255.37.248:8808 38.69.12.186:7707 38.69.12.186:8808 38.85.247.159:8808 38.85.247.35:8808 43.154.203.129:8848 45.125.66.195:8808 45.125.66.29:8808 45.125.66.29:9090 45.131.65.216:4449 45.133.180.154:8808 45.137.194.110:5555 45.137.198.159:7777 45.138.16.143:8808 45.138.16.43:8808 45.138.16.50:4000 45.138.16.50:6000 45.14.114.90:443 45.147.7.149:1337 45.147.7.149:6606 45.147.7.149:7707 45.147.7.149:8808 45.149.241.39:222 45.149.241.39:2222 45.149.241.39:4444 45.149.241.39:7777 45.149.241.44:222 45.149.241.44:2222 45.149.241.44:4444 45.149.241.44:7777 45.154.98.160:8808 45.154.98.68:222 45.154.98.68:2222 45.154.98.68:444 45.154.98.68:4444 45.154.98.68:5555 45.154.98.68:6606 45.154.98.68:7001 45.154.98.68:7707 45.154.98.68:8444 45.154.98.68:8808 45.154.98.68:888 45.154.98.68:8888 45.202.32.101:8000 45.40.96.159:8808 45.62.170.251:5353 45.76.177.203:8808 45.81.23.27:4444 45.87.173.96:2404 45.88.186.26:6606 45.88.186.26:7707 45.88.186.26:8808 45.88.91.31:3232 45.94.31.215:6606 45.94.31.215:8808 46.109.223.91:55389 46.183.223.84:920 47.242.232.240:8808 49.205.66.5:4449 5.34.125.39:5552 50.114.115.207:6606 50.114.115.207:7707 50.114.115.207:8808 51.254.53.24:16388 51.38.119.232:6606 51.38.119.232:7707 51.38.119.232:8808 51.38.119.240:6606 51.38.119.240:7707 51.38.119.240:8808 51.38.119.244:6606 51.38.119.244:7707 51.38.119.244:8808 51.89.158.68:222 51.89.158.68:2222 51.89.158.68:6606 51.89.158.68:7707 51.89.158.68:8808 52.28.112.211:12371 54.153.18.222:8808 54.196.199.243:8808 62.146.226.225:6606 62.146.226.225:7707 62.182.85.200:6606 62.182.85.200:7707 62.182.85.200:8808 62.60.190.196:3232 65.108.24.107:14701 65.109.115.25:6000 66.66.146.74:333 66.66.146.74:4449 68.168.223.115:47816 69.166.230.200:2345 69.167.28.183:8808 69.48.202.241:443 69.48.202.241:8808 71.93.221.109:6606 72.10.160.170:20953 74.103.211.105:9999 74.204.137.48:4449 75.70.202.105:8808 77.100.63.251:5631 77.90.44.21:7127 78.108.218.247:222 78.108.218.247:2222 78.108.218.247:888 78.108.218.247:8888 78.161.46.248:1000 78.161.46.248:20000 78.161.46.248:2003 78.161.46.248:2004 78.161.46.248:3000 78.161.46.248:5500 78.161.46.248:75 78.161.46.248:8808 78.161.46.248:888 78.179.128.55:1000 78.179.128.55:20000 78.179.128.55:2003 78.179.128.55:2004 78.179.128.55:3000 78.179.128.55:5500 78.179.128.55:75 78.179.128.55:8808 78.179.128.55:888 78.84.239.187:8808 80.240.26.220:8808 81.10.39.58:7077 81.10.39.58:8888 81.207.35.43:6606 81.207.35.43:7707 81.79.156.77:7707 82.13.154.169:4446 83.168.107.194:22 83.168.69.7:22 83.168.69.7:30058 83.168.69.7:6606 83.168.69.7:7707 83.168.69.7:8808 83.229.86.210:4449 83.38.30.219:1606 83.38.30.219:3333 84.151.6.26:8808 84.247.162.141:90 84.247.162.141:9090 85.209.128.208:4449 85.209.128.225:7777 85.209.133.130:3232 85.215.243.238:7707 85.239.232.11:5555 85.239.232.11:6666 85.239.232.214:6666 85.239.232.226:6666 85.31.47.104:111 85.31.47.104:555 85.31.47.31:1860 87.120.113.125:6606 87.120.114.165:1337 87.120.116.117:6606 87.120.116.117:7707 87.120.125.185:6606 87.120.127.122:222 87.120.127.122:2222 87.120.127.122:444 87.120.127.122:4444 87.120.127.122:7777 87.120.127.195:222 87.120.127.195:2222 87.120.127.195:444 87.120.127.195:4444 87.120.127.195:7777 87.120.127.37:7707 87.120.254.143:8888 87.204.61.28:4449 88.173.32.153:8081 88.175.86.67:16388 89.117.17.182:6606 89.23.96.61:9823 89.248.161.41:6001 89.248.161.41:6003 89.248.161.41:6005 89.44.9.226:4444 90.49.19.120:4782 91.151.89.109:8808 91.151.94.60:7707 91.151.94.60:8808 91.193.75.169:4782 91.211.247.160:8808 91.92.240.191:2025 91.92.240.191:4449 91.92.242.59:4449 91.92.246.67:4782 91.92.246.67:4788 91.92.246.67:4792 91.92.246.67:4793 91.92.247.224:7707 91.92.247.224:8808 91.92.250.7:4449 91.92.255.37:6666 92.219.119.99:6606 92.219.119.99:7707 92.219.119.99:8808 93.123.109.202:4444 93.123.109.202:7777 93.123.109.235:8747 93.144.177.185:8808 94.103.183.9:8808 94.113.123.153:8848 94.154.35.80:6660 94.154.35.80:7770 94.156.105.136:222 94.156.105.136:2222 94.156.105.136:444 94.156.105.136:4444 94.156.105.136:5555 94.156.105.136:7777 94.156.105.138:222 94.156.105.138:2222 94.156.105.138:444 94.156.105.138:4444 94.156.105.138:7777 94.156.166.213:1700 94.156.167.72:8808 94.156.69.160:2020 94.156.79.107:4443 94.156.8.123:6606 94.156.8.123:8808 94.232.249.235:13001 94.232.249.235:4449 94.72.118.139:6606 94.72.118.139:7707 95.49.247.223:6606 95.49.247.223:8808 95.49.40.112:8848 99.83.12.91:2600 99.83.12.91:3232 99.83.12.91:8808 0qwlz4z2lsuqq1e55brko.duckdns.org 10a6-88-230-120-156.ngrok-free.app 11111111111111111111111111111111111111112ewdsacafa-32954.portmap.host 2025blessed.dynuddns.com 3x3.casacam.net a3madssy1.linkpc.net aets.duckdns.org amyer.mywire.org amyer2.accesscam.org ansyfa17feb.duckdns.org asygo.duckdns.org asyncyam.twilightparadox.com ayrt2.duckdns.org bertel5.duckdns.org bisaorcc.moreisxao.click breakingthroughs.freemyip.com bunnymax.bounceme.net bunnymax2.dynathome.net cell-state.gl.at.ply.gg chyanarc.twilightparadox.com click-plymouth.gl.at.ply.gg clinakleee-44561.portmap.host coinbasecrashout.ddns.net cool-brake.gl.at.ply.gg corexcxxx-58114.portmap.host d-mac.gl.at.ply.gg d43b-88-230-120-156.ngrok-free.app dawsdfs-61841.portmap.host dcglos.duckdns.org deadpoolstart2026.duckdns.org deadpoolstart2035.duckdns.org deadpoolstart2036.duckdns.org deadpoolstart2037.duckdns.org dgfsdfsdfsdf-60631.portmap.host dsdgsdfhg-32257.portmap.host dwasfsyfsfsd-31741.portmap.host eg3x6.giize.com eg4x4.casacam.net egypt302.casacam.net enerowins29.duckdns.org fisher1.loseyourip.com franclouis882.duckdns.org francoislouis712.duckdns.org ftp.qurvegraphics.com grahthousand-64131.portmap.host great-wherever.gl.at.ply.gg gshvenomgb.twilightparadox.com gvdfhwrt-24202.portmap.host hiimout.duckdns.org j4bgkks2.giize.com kmdsanarchy.duckdns.org krakensxx.duckdns.org krakensxx007.duckdns.org letter-organisms.gl.at.ply.gg man3x5.ooguy.com masterpoldo02.kozow.com minto1.kozow.com minto1.publicvm.com minto1237.duckdns.org montate.duckdns.org necessary-spirits.gl.at.ply.gg nfasyn.duckdns.org ngoklene.duckdns.org nope-it-30183.portmap.host nowmnew.loseyourip.com onecheat-63877.portmap.host onllne-cltadelle-lv.abyssalempress.com otrodia8912.gleeze.com pasto2025.duckdns.org payment-rivers.gl.at.ply.gg pirulito25.duckdns.org public-anyway.gl.at.ply.gg release-diseases.gl.at.ply.gg rhgdsg-46696.portmap.host rtasyn.duckdns.org saleselma.freemyip.com seratospm.giize.com sfsdtgeds-34641.portmap.host shewaswalking.ddns.net supersender.top t1ckets-35220.portmap.host test20250107salv.duckdns.org the-attractions.gl.at.ply.gg travelingwealth.duckdns.org understanding-described.gl.at.ply.gg vpn741424698.softether.net win-octo-55210.duckdns.org x0jlj7s1ibdosewoq029prs9.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1892503516205195697 # Reference: https://app.validin.com/detail?find=amromohamed1988.hotmail.com&type=dom&ref_id=3fe06b518df#tab=dns (# 2025-02-21) # Reference: https://www.virustotal.com/gui/file/eb6705a4ac3eb29b94932ac00c17940e8321149701e17e1aa416640919a40ad4/detection # Reference: https://www.virustotal.com/gui/file/cfa49317955569600d257fc012b9bcc90d45a84e90b68e297ace5cffe170f260/detection 196.251.84.39:23500 196.251.84.39:23501 e-signaturecloud.tech jntl.shop jntlman.mooo.com lmmira.duckdns.org mrmrdns.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1894147528972468478 # Reference: https://www.virustotal.com/gui/file/fb98c0e8dccab7fda59884315e58c6d5d02973afacd0bcefa0815a0b4120a525/detection 178.156.128.182:25658 # Reference: https://x.com/malwrhunterteam/status/1894517988277080132 # Reference: https://www.virustotal.com/gui/file/569abed215074edb9ba9b451f7834c27eb905c04e15941b2dd3a03bcef70e89d/detection 195.211.190.61:1001 # Reference: https://raw.githubusercontent.com/cert-orangecyberdefense/cti/refs/heads/main/blue_stylthon/iocs bajiahcberu222.com blockchainnportfolio.com covenantofchrist.com diatruiest.com existors.com fcriindia.com gamingtimensks.shop intlpsb.org ledgeronbill.com managecaldsdlivery.online overboardlogist.org payingreceiptingnowsho.shop proudwood.com puduppariyaramscb.com rtuqueis.us shopfiy.org timebasebsan.shop turkmedchem.org vcuadronan.info # Reference: https://x.com/malwrhunterteam/status/1895380254602211378 # Reference: https://www.virustotal.com/gui/file/6182fd8a87b1a05506683c2b3ab5072759ba07e4f35d01a22cfdeac99b50817f/detection 147.185.221.26:5039 # Reference: https://x.com/malwrhunterteam/status/1896470524353781791 # Reference: https://www.virustotal.com/gui/file/a3c5e59fb5c6c97696306757354ea5879bfb0154517b92a089207cbd2bd66367/detection 195.177.94.136:6469 # Reference: https://x.com/skocherhan/status/1897138529257333025 # Reference: https://www.virustotal.com/gui/file/22902e9ae3ea57228591708ab8c5a9aceab8c281293aaefb6ba6351796933e72/detection # Reference: https://www.virustotal.com/gui/file/28c7fc690da8b555b312935a4f2e651627fb6faf6047fc0a6717fe65c0aec1d5/detection # Reference: https://www.virustotal.com/gui/file/c0bc583216e6995826174d6cefa52d7b7eaae2ff29cd0ffeb1699c962c2e00f8/detection # Reference: https://www.virustotal.com/gui/file/d00dbfba44c4909e2c4c3e482900dbc2d14ae7df9d0a4c9a8d80a67b3858241c/detection 172.81.133.157:6606 172.81.133.157:7707 172.81.133.157:8808 # Reference: https://x.com/malwrhunterteam/status/1897259764729720839 # Reference: https://www.virustotal.com/gui/file/efc09d4380483145573ac4f1a2b4fe308e9bd4378bffbc44efd00739d2e055a7/detection # Reference: https://www.virustotal.com/gui/file/dce7213526e308a4decd939c5caa83de1f67b7a9f82fd6cee0e6a8bfc008b430/detection # Reference: https://www.virustotal.com/gui/file/82fc4d9ffed1c41c3ed7794561360c11a5cf19ba252db21cd417e7c504686824/detection http://193.34.77.163 193.34.77.163:3434 # Reference: https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/desert-dexter-attacks-on-middle-eastern-countries dick2024.ddnsfree.com fuck1up.freeddns.org lovlysexy.freeddns.org pdflove.ddnsfree.com sex2024.freeddns.org sexzsex1.ddnsfree.com # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2025-03-15) http://185.143.243.46 http://196.251.70.104 http://196.251.84.194 http://197.48.74.234 http://45.152.113.234 http://45.59.104.62 101.109.253.53:8808 102.41.55.187:5505 103.17.38.43:3232 103.17.38.43:4449 103.17.38.43:7707 103.228.37.177:8080 103.91.78.251:8808 104.161.36.40:6606 104.161.36.40:7707 104.161.36.40:8808 104.161.43.108:7707 104.161.43.108:8808 104.219.236.202:6606 104.219.236.202:7707 104.219.236.202:8808 104.245.240.121:443 104.245.240.121:8808 104.245.240.121:9090 104.245.240.30:443 104.245.240.30:8808 104.245.240.30:9090 107.155.93.118:6606 107.178.103.149:4444 107.178.103.149:6606 107.178.103.149:7707 107.178.103.149:8808 109.199.101.109:1005 109.199.101.109:1006 115.77.122.212:8808 119.42.149.26:4449 128.90.102.227:2000 128.90.102.227:5000 128.90.102.236:2000 128.90.102.236:8808 128.90.103.34:2000 128.90.103.34:5000 128.90.103.34:9999 128.90.106.143:8808 128.90.106.148:2000 128.90.106.254:2000 128.90.108.156:2000 128.90.108.156:9999 128.90.108.196:2000 128.90.113.16:9999 128.90.113.240:2000 128.90.113.43:2000 128.90.113.43:5000 128.90.113.43:8808 128.90.113.56:2000 128.90.113.56:4000 128.90.122.181:2000 128.90.122.181:5000 128.90.122.181:9999 128.90.122.201:2000 128.90.122.201:5000 128.90.122.218:4000 128.90.123.17:5000 128.90.123.17:8808 128.90.123.183:5000 128.90.123.183:8808 128.90.123.191:9999 128.90.123.198:4000 128.90.123.198:8808 136.243.111.71:85 14.226.87.219:8808 142.93.67.8:8000 142.93.67.8:8088 142.93.67.8:8808 144.172.113.109:8808 144.172.98.53:8808 145.239.200.144:222 145.239.200.144:2222 145.239.200.144:8808 147.185.221.26:16035 147.185.221.26:99 151.67.43.151:8080 152.67.63.88:8808 154.12.224.140:8808 154.12.229.73:1996 154.12.229.73:6606 154.12.229.73:7707 156.245.19.195:3956 156.245.19.215:3956 157.173.195.46:1888 157.20.182.12:4443 157.20.182.12:4444 157.254.236.150:8808 158.220.83.114:1007 160.191.245.154:9999 160.30.19.247:8888 161.97.101.53:1000 161.97.101.53:2000 161.97.101.53:2001 161.97.101.53:2003 161.97.101.53:2004 161.97.101.53:8808 163.172.125.253:401 163.5.112.109:8808 163.5.112.25:8808 163.5.32.71:444 164.92.163.239:3898 166.88.90.22:6606 166.88.90.22:7707 166.88.90.22:8808 167.172.135.43:6606 167.71.51.222:3595 172.111.137.98:3890 172.111.162.203:8080 172.111.162.219:443 172.111.162.219:8080 172.111.198.20:8808 172.81.133.115:8808 172.86.117.154:8808 172.94.111.98:8888 173.212.240.188:2003 174.26.204.152:4545 174.26.204.152:6606 174.26.204.152:7707 174.26.204.152:8808 176.65.140.206:8888 176.65.140.64:8808 176.65.141.162:10997 176.65.141.245:7707 176.65.141.245:7777 176.65.141.245:8808 176.65.142.132:8808 176.65.142.245:888 176.65.142.74:4448 176.65.142.74:4449 176.65.144.103:8808 176.65.144.125:6606 176.65.144.125:7707 176.65.144.19:6606 176.65.144.19:7707 176.65.144.28:6606 176.65.144.28:7707 176.65.144.28:8808 176.65.144.32:6606 176.65.144.32:7707 176.65.144.32:8808 176.65.144.60:6606 176.65.144.60:7707 178.73.218.7:8888 179.13.0.63:8808 179.13.2.158:8081 179.13.5.203:8020 181.235.13.95:11102 181.235.15.22:3000 185.133.248.219:6606 185.143.243.46:103 185.156.175.43:10997 185.189.112.27:10997 185.196.10.66:4449 185.208.156.169:6502 185.224.0.191:7707 185.224.0.191:8808 185.241.208.107:100 185.241.208.107:4444 185.241.208.107:7777 185.241.208.107:8808 185.241.208.132:8808 185.241.208.247:8080 185.241.208.51:8808 185.246.113.191:8808 186.169.85.81:11102 186.169.87.220:3030 186.169.89.221:11103 186.169.90.226:3030 186.169.94.13:11103 188.127.254.108:6606 188.127.254.108:7707 188.127.254.108:8808 188.127.254.108:8888 188.216.196.144:8808 190.111.98.121:6606 190.111.98.121:7707 190.111.98.121:7949 190.111.98.121:8808 192.227.246.70:1089 193.142.146.179:6606 193.142.146.179:7707 193.142.146.42:6606 193.142.146.42:7707 193.161.193.99:35044 193.26.115.165:7077 193.26.115.188:7077 193.26.115.52:6606 193.26.115.69:9090 194.238.29.164:25 194.238.29.164:8808 194.59.30.173:8808 195.206.234.29:8808 195.206.234.36:8808 195.211.191.181:4449 195.58.58.58:222 195.58.58.58:2222 195.58.58.58:6606 195.58.58.58:7707 195.58.58.58:8808 195.58.58.58:888 195.58.58.58:8888 196.251.113.41:6606 196.251.113.41:7707 196.251.113.41:8808 196.251.118.95:8888 196.251.70.104:1005 196.251.70.104:8808 196.251.70.156:8808 196.251.70.51:8808 196.251.70.67:8808 196.251.71.168:8888 196.251.71.169:8888 196.251.71.200:8808 196.251.71.233:8888 196.251.71.233:9999 196.251.71.246:6606 196.251.71.246:7707 196.251.71.246:8808 196.251.72.206:8888 196.251.72.5:4444 196.251.72.5:7777 196.251.73.189:7777 196.251.81.165:8808 196.251.81.222:7581 196.251.83.37:3000 196.251.83.37:8888 196.251.83.66:8808 196.251.84.188:8808 196.251.84.194:4444 196.251.84.194:8080 196.251.84.215:8808 196.251.85.154:3000 196.251.85.154:8888 196.251.85.237:7707 196.251.85.237:8808 196.251.85.45:7777 196.251.87.10:6606 196.251.87.10:7707 196.251.87.10:8808 196.251.90.23:8808 196.74.233.171:8808 197.48.105.157:5505 197.48.74.234:5505 197.48.74.234:6606 197.48.74.234:8888 198.23.158.69:7707 198.244.216.42:8808 2.58.85.204:8808 20.206.204.9:4449 20.229.103.183:5000 204.10.161.147:4955 205.234.181.17:7000 207.231.111.146:1996 207.231.111.146:2106 207.231.111.146:6606 207.231.111.146:6666 207.231.111.146:7707 207.231.111.146:7777 207.231.111.146:8808 209.38.69.65:8080 209.38.69.65:8888 212.102.53.88:27133 212.129.34.197:8808 212.23.222.206:8808 217.64.148.159:50037 23.94.207.135:6606 23.94.207.135:8808 3.124.67.191:16165 31.57.166.120:8888 31.57.166.130:9999 34.132.199.158:2000 34.226.192.45:8808 37.1.214.24:2004 37.120.151.102:4444 37.150.21.234:2121 38.18.228.187:5353 38.60.255.218:8808 38.68.49.150:6606 38.68.49.150:7707 38.68.49.150:8808 45.125.66.29:6606 45.138.16.143:6606 45.138.16.143:7707 45.138.16.189:7707 45.154.98.68:777 45.55.35.48:34197 45.59.104.62:443 45.62.170.90:443 45.66.248.181:8808 45.81.23.31:4444 45.88.186.35:4449 45.9.148.226:8808 45.92.1.25:6606 45.92.1.25:7707 45.92.1.25:8808 45.94.31.215:7707 46.246.82.12:1000 46.246.82.12:3000 46.246.82.16:8888 46.246.86.8:8888 46.246.86.8:9999 47.88.33.97:8808 5.181.3.38:8808 5.231.26.84:8808 5.253.247.7:4114 51.161.213.152:8808 51.195.231.115:222 51.195.231.115:2222 51.195.231.115:8808 51.195.231.115:888 51.195.231.120:222 51.195.231.120:2222 51.195.231.120:6606 51.195.231.120:7707 51.195.231.120:8808 51.195.231.120:888 51.38.106.133:8808 51.38.109.145:8808 51.89.190.23:6606 51.89.190.23:7707 51.89.190.23:888 51.89.190.24:222 51.89.190.24:2222 51.89.190.24:6606 51.89.190.24:7707 51.89.190.24:888 57.128.134.229:443 57.128.134.229:6606 57.128.134.229:7707 57.128.134.229:8808 64.52.80.165:443 64.52.80.165:4444 64.52.80.165:8080 65.109.115.25:500 65.109.115.25:5000 66.94.116.48:8808 66.94.116.48:9999 69.48.202.241:6606 69.48.202.241:7707 70.93.72.15:5631 74.120.121.26:2502 74.50.120.106:1998 74.50.120.106:2000 74.50.120.106:5000 74.50.120.106:8080 74.50.120.106:8808 74.50.120.106:8888 74.50.120.69:1998 74.50.120.69:2000 74.50.120.69:2003 74.50.120.69:2004 74.50.120.69:2005 74.50.120.69:8808 78.161.46.248:3001 78.161.46.248:8822 81.19.131.153:50037 84.154.119.178:4449 84.38.129.34:3369 85.239.245.157:8888 86.38.225.152:808 86.38.225.152:8808 89.117.109.238:8808 91.199.42.124:6606 93.71.184.136:8808 94.156.177.244:8808 95.129.234.24:2004 95.129.234.24:8808 95.214.55.246:20000 95.214.55.246:2022 95.214.55.246:6667 98.83.120.7:8808 17bzzla6.kozow.com 17bzzla60.ddnsgeek.com aliweq.ddnsgeek.com anhphux4-26369.portmap.host ashleyasync.duckdns.org bendecido2.ydns.eu bendecido3.ydns.eu bigasyt.giize.com billionairebankz.duckdns.org billionairewealthz.duckdns.org bogota2025pz.duckdns.org budget-major.gl.at.ply.gg bwj9h6dmc.kozow.com cipiripi84.airdns.org danamente.duckdns.org darwin151czsk-60643.portmap.host dinero12.giize.com egypishan.webredirect.org elpoder2025vz.duckdns.org envio-18-2.duckdns.org feb18.freeddns.org ftdx.camdvr.org gz-sakura.xyz hellonew2025.kozow.com hhhhjkjkjkg-50583.portmap.host jaber.work.gd jaberer.giize.com kenanachy.duckdns.org king.vmhost.network lakikishop.duckdns.org llechematerna02.kozow.com lolaalvar0006-21146.portmap.io luchod.duckdns.org maryvenom19.duckdns.org mhmad1.accesscam.org mhmad1.work.gd mhmad4.accesscam.org mlwoe.gleeze.com mocaac.webredirect.org mst555-h63x-l-windows.sbs mustafa4.work.gd myasyncrat.ddns.net n1barby.camdvr.org nbarby.duckdns.org nbarby.linkpc.net nbarby.loseyourip.com newcli.bumbleshrimp.com onlines.ooguy.com polgen.kozow.com polgen.linkpc.net privat24x.com rc7-41750.portmap.host rexcbhg.webredirect.org romariolopez.duckdns.org sahil395.bumbleshrimp.com sebastiancorrea905040.duckdns.org supercellcalls.com t1cket-32617.portmap.host tagol51982-62186.portmap.host tattat.ooguy.com tips-suggestion.gl.at.ply.gg tricodersbankz.freemyip.com tubeydoo-51012.portmap.host underhell-backup.duckdns.org vf5qZiznc.theworkpc.com went-startup.gl.at.ply.gg winupdatern0012174.duckdns.org wpzvlds.gleeze.com # Reference: https://x.com/malwrhunterteam/status/1900818097495269407 # Reference: https://www.virustotal.com/gui/file/a8584564cd857eefd954f208699b4639cc2f67e20c598844f2fd6546e1ab1404/detection # Reference: https://www.virustotal.com/gui/file/81a57d9a354f1ce6ed196439fa5e133fa238efa22f4b7baf75da4359135ed508/detection 83.147.240.230:9999 # Reference: https://x.com/K_N1kolenko/status/1900499347239817377 146.19.191.210:4449 148.113.214.176:8848 156.229.233.3:8848 185.236.228.10:4449 206.237.6.182:8848 216.122.187.45:4449 45.95.18.173:4449 # Reference: https://x.com/malwrhunterteam/status/1901591162437111977 # Reference: https://www.virustotal.com/gui/file/0e1a3522db4a32e7620159b72df2693f40c8aeeaa9cd8c280eab2221067bb042/detection 194.26.192.251:1878 # Reference: https://x.com/skocherhan/status/1901793345648624083 # Reference: https://www.virustotal.com/gui/file/a6e66db91105a3cbc35698e44836795540d548e02247bfdb983a089aee4edde8/detection 116.250.190.209:4567 176.65.144.14:8000 # Reference: https://www.virustotal.com/gui/file/48d666c405eabc45921c2d3371b257b4531e41c0827a51a19f3745a1833238b5/detection 2.58.170.176:56001 # Reference: https://x.com/JAMESWT_MHT/status/1901731017607508069 # Reference: https://app.validin.com/detail?find=Please%20verify%20that%20you%27re%20a%20human&type=raw&ref_id=3a3764204fb#tab=host_pairs (# 2025-03-19) # Reference: https://app.validin.com/detail?find=b5903cdd0f6c15ebaa7891d70f1145b1&type=hash#tab=host_pairs (# 2025-03-19) # Reference: https://app.validin.com/detail?find=193.149.185.126&type=ip4&ref_id=2ed8fc8eb5a#tab=resolutions (# 2025-04-25) # Reference: https://app.validin.com/detail?find=45.93.20.225&type=ip4&ref_id=2ed8fc8eb5a#tab=resolutions (# 2025-04-25) # Reference: https://www.virustotal.com/gui/file/3a0ba8a4e8553286cf73130122e43121e491daa117e5d861951175ba654f84fb/detection 185.7.214.3:56001 book-robotcapture1767.com bookedrefillcapt671.com booking-aprilnotifications499201.com booking-aprilreviewsids9575512.com booking-capmarchreview-09940034.com booking-cappanel-05999305.com booking-caprooms-35400232.com booking-captcha-00094213.com booking-captcha-009503995.com booking-captcpanel-89953445.com booking-capthca-re29587612.com booking-complaint-96890493.com booking-confviewdoc-969650043.com booking-customerfrserv-onlineboock.com booking-human-verif101959003.com booking-human-verif5899035.com booking-identity-re29587612.com booking-march-racapy09705432.com booking-marchcap-05988493.com booking-marchreserv5921558.com booking-marchreview2595123.com booking-marchreviews2851.com booking-recapmarch-94389454.com booking-recaptcha-id95244878.com booking-recapth-march-95832455.com booking-recapturemarch-95038239.com booking-recaptverify-id02985542.com booking-refid743.com booking-rescapture29584.com booking-rescapture958221.com booking-reservationinfosid0251356.com booking-reservationinfosid0251358.com booking-robocapanel-id19843.com booking-robocaptcheck29512.com booking-verify99083505.com bookinghotel-recapctha94883.com booklng-aprilagreementdevep04.com siteminder-0904954.com verification-captcha-2958421.cfd etrendtwist.com # Reference: https://x.com/skocherhan/status/1902412544955858954 # Reference: https://www.virustotal.com/gui/file/00f0c2f3687ab8bf0990084d1e3af62246005c32084fa598aca1d65bdc0740c9/detection 5.75.234.8:5050 # Reference: https://x.com/malwrhunterteam/status/1902809308896825427 # Reference: https://www.virustotal.com/gui/file/c17f9786c4c2f98f653b49fab87b4c4eb042eadd992a7f25a74d17cbf4f35a8e/detection 62.210.222.225:85 # Reference: https://x.com/K_N1kolenko/status/1902698534291333438 103.176.110.184:4449 157.20.182.66:4449 212.64.201.61:4449 # Reference: https://x.com/smica83/status/1903741228325146779 # Reference: https://www.virustotal.com/gui/file/2c64d33211789ed637f93cbb9a5dd4cf6fa998841bcd5146718906f22b9a7651/detection 184.146.88.49:8080 # Reference: https://x.com/AgidCert/status/1904552268927541599 # Reference: https://cert-agid.gov.it/wp-content/uploads/2025/03/asyncrat-pec-25-03-2025.json khaleejlife.com khalismarket.com khalissmart.com khanandkids.com kharagny.com khemtittravel.com khidmapluspro.com khojees.com khoratek.com kidsboon.com kidsfreesip.com kidspiritliving.com kidthingy.com kikikosmetiks.com kikiwear.com killerlingerie.com kimopress.com kindafree.com kinder-nation.com kinder-nutrition.com kingcakeaday.com kingdomentrepreneurincubator.com kingdomglobalsvcscarpetcleaners.com kinglawo.com kingopay.com kinkfits.com kinoflo2.com kirawoods.com kismetinsaat.com kisstutorials.com kisuites.com kjintlafricanmarket.com kknovelty.com klamathfallsclones.com klamertcustomhomes.com klaretaal.com kldtrading.com klimtal.com kmaxleathers.com knowyourdaddy.com koikards.com kolkatathunderbolts.com komikofilms.com komotonekobox.com kondeycoralgarden.com konshow882.com konstantinosioannidis.com kootenaiindustrialsuites.com kooters.com kplowplow.com kpopshopee.com kravebrewhouse.com krisztinascreams.com kroughlaw.com krozerco.com kschoener.com ksdfdev.com ksshirts.com kstarnew.com kubiedoo.com kuduworx.com kumarshailesh.com kungfuhighlandpark.com kunleamoo.com kunokhar.com kutubshop.com kwwholdings.com kyleesmith88.com kymgable.com labdealz.com labordistrict.com labwaterpurificationsystems.com ladygrit.com ladyjblog.com lakelandbuildingservices.com lakeorionplumbing.com lakesidepoolsandspasaz.com lakestcharles.com lalbhatia.com laleurre.com lancedanielsconcrete.com land-experts.com landscaperbeaverton-or.com landscaperbridgewaternj.com landscapesantamariaca.com lankahealthinfo.com lapaauca.com laptopexporter.com lascites.com lasix40mg500.com latamcor.com latermoney.com laurelandhardyimages.com laurelandhardylaughtoons.com laurencebouy-sophrologue.com lavandagardenia.com lavoltus.com lawbirdy.com laziedud.com lazyverse.com lazywbarn.com lbcircus.com ldvbeats.com le-brush.com leadsandsalesfunnelsystem.com learnbetterwithai.com learnersbschool.com learningcurveapp.com learningworkstoday.com leavefree.com lebworthy.com legalaat.com legalcryptocasinos.com legalghid.com legaltechinalgeria.com lenderless.com lentesxmayor.com lethekarma.com letherox.com leveragingyourhomesequity.com leveyphotography.com sweetcalmcbdbloodsugargummies.com sweetworldinc.com tarablara.com tarasaraswati.com task-board.com taughtbyapro.com tdl4llc.com techiesaavy.com teknogentsia.com termiteshelp.com terpenaid.com terramiahampton.com terrypounds.com texasboatandrvstorage.com texiola.com textocar.com thaicucdao.com thailand2023.com thearenaalliance.com thecoffeemat.com thecoolestaccompany.com thedetailingspecialists.com thediscoape.com thefinalwarrior.com thefuturecannotbetrusted.com thegroundingofgroup6.com theinvestingnetwork.com thekaffeinekiller.com thelazydayz.com dhyt77wt6nejou3j3b3fd8nh8hvt6me6x8yburw.terramiahampton.com # Reference: https://www.virustotal.com/gui/file/c081dcb1ca9b9ad0f308606d544a859597ead9653e4cd71f7c5cc0b248f3f81c/detection # Reference: https://www.virustotal.com/gui/file/a595ace755944f092e6d48168b760be8d5bc6b8447bea2accd97b19fe548703b/detection 103.54.153.122:56001 # Reference: https://x.com/malwrhunterteam/status/1908239138240815498 # Reference: https://www.virustotal.com/gui/file/4b9c7b27687d675e916726f1ad790c03c58815974f0c1a525ab15fa018be1f10/detection 101.99.94.33:4449 # Reference: https://www.virustotal.com/gui/file/78b1123a1335c699f3781cc973528e56315086dbaa5a45e5cbef3eb21106806f/detection 91.223.3.141:56001 # Reference: https://x.com/skocherhan/status/1911605400387957244 34.214.252.65:3001 35.82.100.193:3001 44.239.80.32:3001 52.36.92.121:3001 52.90.28.240:3001 54.174.238.10:3001 # Reference: https://www.morphisec.com/blog/new-malware-variant-identified-resolverrat-enters-the-maze/ # Reference: https://www.virustotal.com/gui/file/ec189b7ce68cb308139f6a5cf93fd2dc91ccf4432dc09ccaecb9de403a000c73/detection # Reference: https://www.virustotal.com/gui/file/6c054f9013c71ccb7522c1350995066ef5729371641a639a7e38d09d66320bf4/detection # Reference: https://www.virustotal.com/gui/file/9be93f01785368f96c2a5823c2aefd3c28108fe2dd21442dcf9f416697d55e30/detection 192.30.241.106:56003 38.54.6.120:56001 38.54.6.120:56002 38.54.6.120:56003 # Reference: https://x.com/TLP_R3D/status/1912162318982488519 # Reference: https://www.virustotal.com/gui/file/bd3db35de8078184822ca8742025e6742deed410880360fd1361ec0ddc339067/detection firevpn.xyz ssh.firevpn.xyz # Reference: https://x.com/malwrhunterteam/status/1912054750310281290 # Reference: https://www.virustotal.com/gui/file/efdac24fbd0a8397511c998d4a6a1a5db291e34b4a2f59b208ae334450e75d95/detection 191.96.166.73:60131 # Reference: https://x.com/malwrhunterteam/status/1912423179483488592 # Reference: https://www.virustotal.com/gui/file/2be63cd21ab5712247311c7c399ad7b479c884d53a8f2a39c8ba20b3cb450c42/detection 108.165.64.160:6606 108.165.64.160:7707 108.165.64.160:8808 mohsar.ddns.net # Reference: https://x.com/JAMESWT_WT/status/1909650178803650581 # Reference: https://app.validin.com/detail?find=92.255.85.89&type=ip4&ref_id=f9d975f656c#tab=resolutions (# 2025-04-18) add-recpte.click bobkngsiggn.com book-capt.com bookcpche.com booker-auth.com bookgetlisting.click bookingconfirmatorr.com bookinghhs.com bookmanagereq.com bookpart.click bookreqlisting.com bookviewmain24.com bookviewmanage.click captchviews.click capte-req.click cpt-en.com cpt-exmple.com cptc-book.click cpte-csv.click cpte-expl.com cpte-sch.click cpte-x.click cpteform.click cpth-book.com cpth-next.com cpth-warn.click cpthdoestcomp.com cpthe-srch.click cpthevrf.click next-cpth.com re-capte.cfd re-cpte.click re-cpthe.click recapte.click rekaphcentre.site tintmanrmx.blogspot.com zerrocostygfypj.blogspot.com # Reference: https://www.virustotal.com/gui/file/e806146737ae32960d44a53d1e90713b01536e0c40a1ee1595f3611d3a93556c/detection 46.39.253.217:4040 # Reference: https://x.com/JAMESWT_WT/status/1914630573605245429 # Reference: https://www.virustotal.com/gui/file/8f3f7f67474624a20f502301d9337eccae4189ecd7bc797eadafc3423091070e/detection 128.90.123.76:5155 128.90.123.76:5536 45.165.1.52:2020 45.165.1.52:2021 45.165.1.52:5155 45.165.1.52:6606 45.165.1.52:7707 45.165.1.52:8808 aula01.ddns.net aula012.accesscam.org bart2025.duckdns.org # Reference: https://x.com/malwrhunterteam/status/1914654265940885675 # Reference: https://www.virustotal.com/gui/file/ba870803979d2ecabb6e00bd54d6c88eb7be24e8c50be8fd066d39d1d947c022/detection # Reference: https://www.virustotal.com/gui/file/2b1fe1aca2e4897bfe2fc51b1798831274e2f508f0888ed7dbf2f84e2369e337/detection # Reference: https://www.virustotal.com/gui/file/041aac3842b806ea541f042cb8b56cd416c622fea1fdc41038dccfa46d5731ed/detection 45.81.23.27:6606 45.81.23.27:7707 45.81.23.27:8808 # Reference: https://www.virustotal.com/gui/file/4304be1255765a86184303a05a8d991d42e4189204070863abdbab4b746cecdb/detection 185.149.232.197:56001 # Reference: https://blog.sekoia.io/detecting-multi-stage-infection-chains-madness/ asen9400jun.duckdns.org dec9402xwo.duckdns.org dec9402xwoo.duckdns.org dec9402xwor.duckdns.org hvnjune8500.duckdns.org marc5858asyn.duckdns.org marccc9402xrw.duckdns.org phvnmarch8787.duckdns.org robvbs8500.duckdns.org xrw9402july.duckdns.org xw9402may.duckdns.org xwjun7250.duckdns.org players-time-corresponding-th.trycloudflare.com spaces-corner-notices-battery.trycloudflare.com xi-if-grows-valued.trycloudflare.com # Reference: https://x.com/JAMESWT_WT/status/1915094944571703781 # Reference: https://app.validin.com/detail?find=185.7.214.3&type=ip4&ref_id=badce3686f4#tab=resolutions # Reference: https://app.any.run/tasks/09192e18-d415-44c7-b49e-e5fb9ae801e4 micromissingservice86checksup.com micromissingservicex86checksup.com micromissingservicx86checksup.com aselbisiklet.com atalsweetsbd.com bayraketiketi.com demoihost.com dna-muraifarm.com flexprotech.com grupo-positivo.com kivayatechnologies.com lasecmw.com msessbd.com penawarhippotherapy.com pipoltv.com satoki.com smscameroun.com unclesamholidays.com # Reference: https://x.com/malwrhunterteam/status/1915653547657437381 # Reference: https://www.virustotal.com/gui/file/fbb014f894dd98bce80273a04b023c30077a91332bf09be1b6c6d0d5b2400759/detection 23.227.167.188:9009 khayry1.ftpaccess.cc khayry2.ftpaccess.cc khayry3.ftpaccess.cc # Reference: https://www.virustotal.com/gui/file/a3f589c6d291a5eca372c2b3c4863e996678801913f4cc9d6ba8be2696139686/detection 206.53.55.8:6060 37.49.230.203:1330 37.49.230.203:6060 37.49.230.203:6606 37.49.230.203:7707 37.49.230.203:8808 salahxxx.dynalias.org # Reference: https://www.virustotal.com/gui/file/a4baf364aaec67138ef155516d792655a05d7dadcf740fe9543ab258248aad6c/detection 157.20.182.6:1931 pureworkcom.dynuddns.net # Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2025-05-04) 102.41.58.213:5505 103.125.217.116:4449 103.181.34.178:8080 103.195.102.3:2000 103.20.102.131:8848 103.229.81.203:6606 103.229.81.203:7707 104.161.20.86:8808 104.168.56.76:3371 104.168.7.12:50572 104.219.236.159:7707 104.243.47.80:8808 104.245.106.30:6606 104.245.106.30:7707 104.245.106.30:8808 104.245.240.66:6661 104.245.240.66:6662 104.245.241.254:8808 104.245.241.254:90 104.245.241.254:9090 107.150.0.56:8808 108.181.218.70:8808 109.120.137.57:8808 109.120.137.79:401 115.79.198.51:6000 12.221.146.138:5858 124.198.131.141:8808 124.198.131.216:4444 128.90.103.245:8808 128.90.103.83:8808 128.90.106.101:4000 128.90.106.101:8808 128.90.106.149:2000 128.90.106.149:4000 128.90.106.149:8808 128.90.106.163:2000 128.90.106.163:4000 128.90.106.163:8808 128.90.106.169:2000 128.90.106.169:4000 128.90.106.169:8808 128.90.106.183:2000 128.90.106.183:8808 128.90.106.191:2000 128.90.106.191:4000 128.90.106.191:8808 128.90.106.201:4000 128.90.106.203:2000 128.90.106.203:4000 128.90.106.203:8808 128.90.106.213:2000 128.90.106.213:4000 128.90.106.241:2000 128.90.106.241:4000 128.90.106.84:2000 128.90.106.84:4000 128.90.106.84:8808 128.90.106.94:8808 128.90.113.107:2000 128.90.113.107:4000 128.90.113.107:8808 128.90.113.116:2000 128.90.113.117:8808 128.90.113.158:2000 128.90.113.158:4000 128.90.113.158:8808 128.90.113.170:2000 128.90.113.170:4000 128.90.113.184:4000 128.90.113.185:2000 128.90.113.185:4000 128.90.113.185:8808 128.90.113.194:2000 128.90.113.204:8808 128.90.113.235:8808 128.90.113.250:2000 128.90.113.25:4000 128.90.113.25:8808 128.90.113.26:2000 128.90.113.26:4000 128.90.113.26:8808 128.90.113.30:2000 128.90.113.30:8808 128.90.113.67:2000 128.90.113.71:4000 128.90.113.71:8808 128.90.113.83:2000 128.90.123.28:8808 131.32.43.243:28938 131.32.43.243:4449 132.145.75.68:2665 132.145.75.68:2885 132.145.75.68:3965 132.145.75.68:5450 135.125.27.216:6745 139.224.164.225:8848 139.59.167.14:23500 139.59.240.97:4449 14.237.50.14:8080 140.245.98.236:6007 141.98.11.26:7707 141.98.11.26:8808 141.98.112.241:7070 142.202.242.184:8808 143.244.46.148:55016 144.172.92.114:6606 144.172.92.114:7707 144.172.92.114:8808 144.202.42.37:2000 145.239.209.53:222 146.70.137.90:3000 146.70.143.185:4869 147.185.221.18:62592 147.185.221.21:27180 147.185.221.22:41812 147.185.221.23:31345 147.185.221.25:45714 147.185.221.26:28568 147.185.221.26:4449 147.185.221.26:64072 147.185.221.26:7000 147.185.221.27:12362 147.185.221.27:3368 147.185.221.27:5050 147.185.221.27:51048 148.251.43.15:7707 15.168.20.99:8808 151.242.63.186:8808 151.243.81.87:4400 152.204.236.49:9999 154.211.90.252:443 154.211.90.65:443 154.29.79.7:6606 154.38.185.247:2022 155.138.241.220:8888 155.2.192.59:7707 156.229.233.180:8808 156.245.11.12:3955 157.20.182.31:7777 157.20.182.31:8888 157.20.182.6:1337 157.20.182.6:9992 157.254.223.99:7000 157.254.237.166:7077 157.66.26.144:8888 157.66.26.148:8888 157.66.26.88:8888 158.220.83.114:61551 158.220.83.114:63874 159.100.18.123:5555 160.202.133.163:8808 160.250.134.185:6606 161.97.101.53:1337 161.97.101.53:1996 161.97.113.198:1963 162.212.154.8:4444 162.212.154.8:8808 162.216.240.8:8808 162.243.12.113:23400 163.172.125.253:300 163.172.125.253:400 163.172.125.253:405 163.172.125.253:406 163.172.125.253:408 163.172.125.253:411 163.5.160.106:972 163.5.210.172:8808 163.5.32.183:8808 164.152.167.246:3009 164.92.194.184:2298 164.92.194.184:8213 167.172.135.43:2202 167.172.135.43:7707 167.86.116.179:8808 172.111.139.42:4444 172.111.151.97:69 172.111.151.97:81 172.111.163.162:2983 172.111.244.211:9907 172.111.245.67:9907 172.111.245.69:9907 172.81.135.14:7077 172.86.104.42:6606 172.86.104.42:7707 172.86.104.42:8808 172.86.70.97:4782 172.86.70.97:6606 172.86.70.97:7707 172.86.70.97:8808 173.44.139.179:7272 176.10.107.180:6606 176.10.107.180:7707 176.10.107.180:8808 176.143.53.10:7000 176.199.254.126:4449 176.202.47.224:3236 176.65.134.103:8808 176.65.134.111:8808 176.65.134.178:8848 176.65.134.81:8808 176.65.140.206:8808 176.65.140.52:8808 176.65.140.52:8888 176.65.141.184:6606 176.65.141.184:7707 176.65.141.184:8808 176.65.141.49:6606 176.65.141.49:7707 176.65.141.49:8808 176.65.141.56:6606 176.65.141.56:7707 176.65.141.56:8808 176.65.141.74:7707 176.65.141.74:8808 176.65.141.98:6606 176.65.141.98:7707 176.65.141.98:8808 176.65.142.113:6606 176.65.142.113:7707 176.65.142.113:8808 176.65.142.132:6606 176.65.142.132:7707 176.65.142.187:6606 176.65.142.187:7707 176.65.142.187:8808 176.65.142.245:6606 176.65.142.245:7707 176.65.142.245:963 176.65.142.65:6606 176.65.142.65:7707 176.65.142.73:6606 176.65.142.73:7707 176.65.142.73:8808 176.65.142.74:3371 176.65.142.86:6606 176.65.143.159:6606 176.65.143.159:7707 176.65.143.159:7777 176.65.143.159:8808 176.65.143.240:6745 176.65.144.103:6606 176.65.144.103:7707 176.65.144.125:6666 176.65.144.162:5222 176.65.144.165:6606 176.65.144.165:7707 176.65.144.165:8808 176.65.144.19:8848 176.65.144.32:4444 176.65.144.32:6006 176.65.144.32:6666 176.65.144.32:7777 176.65.144.32:8008 176.65.144.32:8888 176.65.144.34:6606 176.65.144.34:7707 176.65.144.34:8808 176.65.144.52:6606 176.65.144.52:7707 176.65.144.52:8808 176.65.144.60:6666 176.65.144.95:6606 176.65.144.95:7707 176.65.144.95:8808 176.65.148.208:8808 176.98.41.187:443 178.117.80.225:3998 179.13.10.232:8081 18.163.130.237:443 18.166.104.119:443 18.167.254.207:443 18.197.94.4:6606 184.174.20.211:8808 185.177.239.206:6606 185.177.239.206:7707 185.177.239.206:8808 185.196.9.158:8806 185.206.148.210:444 185.208.156.169:6503 185.208.156.169:6505 185.208.158.139:8000 185.208.158.47:6606 185.208.158.47:7707 185.208.158.47:8808 185.234.72.186:6606 185.236.231.140:4242 185.241.208.176:6606 185.241.208.176:7707 185.241.208.176:8808 185.246.113.247:10788 185.246.113.247:8088 185.254.28.197:8808 185.29.9.38:1007 185.39.17.70:8848 185.49.126.81:8808 185.62.87.191:444 185.7.214.181:1414 185.72.9.141:5000 185.93.89.137:8888 185.94.29.209:8080 186.169.81.137:9999 186.169.89.162:9999 187.63.105.68:8808 188.126.90.18:1000 188.126.90.18:3000 188.126.90.65:7031 188.216.158.169:8808 188.218.201.194:8808 188.218.81.203:8808 188.240.81.233:3131 191.93.113.197:8000 191.93.113.197:9000 192.159.99.105:8808 192.159.99.106:8808 192.159.99.119:8000 192.159.99.47:7771 192.227.220.27:8808 192.238.206.6:8847 192.3.238.130:7777 193.106.196.57:3131 193.106.196.57:4449 193.186.4.244:8808 193.233.254.124:8808 193.25.215.45:8808 193.26.115.130:7077 193.26.115.218:6606 193.26.115.218:7707 193.26.115.218:8808 193.29.225.237:8808 193.42.36.133:2000 193.42.36.133:2002 193.42.36.133:2003 193.42.36.133:2004 193.42.36.133:8808 194.105.5.109:8808 194.105.5.199:4449 194.219.181.40:3030 194.26.192.102:6606 194.26.192.102:7707 194.26.192.102:8808 194.26.192.213:7077 194.26.192.232:7077 194.26.192.251:7077 194.59.30.194:6606 194.59.30.194:7707 194.59.30.194:8808 195.186.208.193:5858 195.206.234.29:6606 195.206.234.29:7707 195.206.234.36:6606 195.206.234.36:7707 195.206.234.37:6606 195.206.234.37:7707 195.206.234.37:8808 195.211.191.54:2983 195.26.251.89:7000 195.3.223.146:4445 195.88.218.126:3232 196.251.115.136:8808 196.251.115.136:8888 196.251.115.31:5555 196.251.115.31:7777 196.251.115.31:8808 196.251.115.33:6606 196.251.115.33:7707 196.251.115.33:8808 196.251.115.43:8808 196.251.116.112:222 196.251.116.112:2222 196.251.116.112:4444 196.251.116.112:555 196.251.116.112:5555 196.251.116.112:7777 196.251.116.112:888 196.251.116.112:8888 196.251.116.115:5555 196.251.116.122:6606 196.251.116.122:7707 196.251.116.122:8808 196.251.116.122:8888 196.251.116.129:5555 196.251.116.129:6606 196.251.116.129:7707 196.251.116.129:7777 196.251.116.129:8808 196.251.116.131:6606 196.251.116.131:7707 196.251.116.131:8808 196.251.116.152:222 196.251.116.152:2222 196.251.116.152:444 196.251.116.152:4444 196.251.116.152:5555 196.251.116.152:7777 196.251.116.152:888 196.251.116.152:8888 196.251.116.155:21 196.251.116.155:443 196.251.116.155:53 196.251.116.155:6606 196.251.116.155:7707 196.251.116.155:8080 196.251.116.155:8443 196.251.116.155:8808 196.251.116.155:8883 196.251.116.155:993 196.251.116.155:995 196.251.116.165:6606 196.251.116.165:7707 196.251.116.165:8808 196.251.116.216:6606 196.251.116.216:7707 196.251.116.216:8808 196.251.116.68:1000 196.251.116.68:6606 196.251.116.68:7707 196.251.116.68:8808 196.251.117.108:8444 196.251.117.108:8808 196.251.117.108:8888 196.251.117.67:8808 196.251.118.128:8808 196.251.118.95:6606 196.251.118.95:7707 196.251.118.95:8444 196.251.118.95:8808 196.251.69.103:8888 196.251.69.124:6606 196.251.69.124:7707 196.251.69.124:8808 196.251.69.138:222 196.251.69.138:2222 196.251.69.138:444 196.251.69.138:4444 196.251.69.138:555 196.251.69.138:5555 196.251.69.138:777 196.251.69.138:7777 196.251.69.138:888 196.251.69.138:8888 196.251.69.26:222 196.251.69.26:2222 196.251.69.26:8808 196.251.69.26:888 196.251.70.104:6606 196.251.70.104:7707 196.251.70.104:888 196.251.70.240:5555 196.251.70.240:6606 196.251.70.240:7707 196.251.70.240:7777 196.251.70.240:8808 196.251.72.213:4444 196.251.72.213:5555 196.251.72.213:6606 196.251.72.213:7707 196.251.72.213:7777 196.251.72.213:8808 196.251.72.5:1080 196.251.72.5:143 196.251.72.5:21 196.251.72.5:443 196.251.72.5:5555 196.251.72.5:6606 196.251.72.5:7707 196.251.72.5:8080 196.251.72.5:8808 196.251.73.189:1080 196.251.73.189:143 196.251.73.189:21 196.251.73.189:443 196.251.73.189:4444 196.251.73.189:50 196.251.73.189:6606 196.251.73.189:7707 196.251.73.189:8080 196.251.73.189:8808 196.251.73.58:2443 196.251.81.249:6606 196.251.81.249:7707 196.251.81.249:8808 196.251.81.25:5345 196.251.81.96:8808 196.251.83.223:7777 196.251.83.223:8808 196.251.84.194:1080 196.251.84.194:110 196.251.84.194:137 196.251.84.194:138 196.251.84.194:143 196.251.84.194:1433 196.251.84.194:21 196.251.84.194:22 196.251.84.194:2222 196.251.84.194:23 196.251.84.194:27017 196.251.84.194:31337 196.251.84.194:3306 196.251.84.194:4242 196.251.84.194:443 196.251.84.194:4433 196.251.84.194:7777 196.251.84.194:8443 196.251.84.194:8808 196.251.84.194:8883 196.251.84.194:993 196.251.84.194:995 196.251.84.194:9999 196.251.84.29:8848 196.251.84.4:8808 196.251.86.182:4449 196.251.87.112:8808 196.251.89.167:100 196.251.89.167:6900 196.251.90.23:6900 196.251.92.3:8808 197.48.124.155:5505 198.23.227.140:8801 198.23.227.175:8017 198.23.227.175:8801 198.50.248.232:6606 198.50.248.232:8808 199.231.167.54:7707 199.231.167.54:8808 2.37.187.46:8808 2.56.245.216:4608 2.56.59.227:8081 2.56.59.227:8082 2.56.59.227:8083 2.58.56.164:10143 2.58.56.179:2035 201.14.241.58:1120 202.146.218.85:1145 204.10.161.147:5009 204.12.245.163:85 204.77.9.25:8808 206.123.138.186:1080 206.123.138.205:6606 206.123.138.205:7707 206.123.138.205:8808 206.123.150.254:9907 206.238.196.130:443 206.71.149.182:8808 206.72.206.244:8808 207.180.205.17:999 207.231.111.146:0007 207.231.111.146:0077 207.244.247.213:972 209.126.11.215:8808 209.25.141.16:3837 209.38.69.65:5050 209.38.69.65:8000 209.38.69.65:8008 213.209.143.57:8888 213.209.150.19:22001 216.170.123.10:5557 217.64.149.171:8990 23.160.168.165:7097 23.227.167.188:7707 23.227.167.188:8808 23.254.211.137:8808 23.88.108.193:4449 23.94.126.113:8808 23.95.106.22:5505 23.95.106.22:8808 23.95.106.22:9969 23.95.162.53:8808 23.95.162.53:888 24.152.36.216:4000 24.48.172.200:443 26.68.29.70:6606 26.68.29.70:7707 26.68.29.70:8808 3.25.125.234:4782 3.27.107.48:4782 3.27.199.84:9182 3.8.181.229:8808 3.8.78.144:8808 31.163.204.210:7707 31.223.72.70:1604 31.57.166.49:8808 31.57.77.233:6606 31.57.77.233:7707 31.57.77.233:8808 31.58.169.119:8808 31.7.60.114:8808 34.173.63.153:963 34.58.196.177:2000 35.179.154.120:8808 37.120.155.36:3434 37.156.46.83:25 37.27.249.115:8808 37.48.64.102:4950 38.146.27.84:8808 38.22.17.18:8808 38.242.243.204:8808 38.255.57.7:6606 38.255.57.7:7707 38.255.57.7:8808 38.69.8.179:443 41.233.14.164:5505 43.154.151.220:4438 43.154.151.220:8848 45.10.154.125:8808 45.119.211.12:7077 45.119.211.13:7077 45.133.247.28:6606 45.133.247.28:7707 45.137.70.108:6125 45.138.16.100:8808 45.141.233.154:555 45.141.233.154:6606 45.141.233.154:7000 45.141.233.154:7707 45.141.233.154:8080 45.141.233.154:8808 45.141.233.166:9998 45.143.97.92:1000 45.147.7.149:8080 45.15.156.15:3000 45.152.113.234:77 45.152.149.12:8808 45.152.149.7:8808 45.154.98.68:7777 45.154.98.72:222 45.154.98.72:7001 45.154.98.72:8808 45.200.51.116:16521 45.200.51.123:16521 45.200.51.134:16521 45.200.51.138:16521 45.200.51.96:16521 45.207.39.7:6666 45.207.58.182:8009 45.81.115.40:1951 45.81.23.47:1777 45.81.23.47:1888 45.81.23.48:1777 45.81.23.48:1888 45.81.23.63:443 45.81.23.64:443 45.88.186.113:6606 45.88.186.113:7707 45.88.186.113:8808 45.88.186.144:7077 45.88.186.159:6606 45.88.186.159:7707 45.88.186.159:8808 45.88.186.198:7077 45.88.186.48:6606 45.88.186.48:7707 45.88.186.85:6606 45.88.186.85:7707 45.88.186.85:8808 45.88.91.75:8808 45.92.1.25:5001 46.101.236.176:4727 46.105.147.139:2222 46.105.147.139:888 46.109.0.125:8808 46.109.38.223:8808 46.183.220.52:6200 46.246.12.65:2703 46.246.4.12:1000 46.246.80.8:1000 46.246.82.67:7031 47.121.120.18:7707 47.121.120.18:8808 47.236.115.38:443 47.236.115.38:6606 47.236.115.38:7707 47.236.115.38:8808 47.92.222.219:8808 47.92.223.52:5986 5.175.234.3:6606 5.175.234.3:7707 5.175.234.3:8808 5.180.155.240:8808 5.252.101.251:7707 5.252.101.251:8808 5.252.153.103:7000 5.78.134.229:8808 50.215.42.61:8808 51.175.8.79:4444 51.195.224.157:5858 51.222.185.197:7707 51.222.185.197:8808 51.89.190.23:222 51.89.204.162:4657 51.89.242.58:8808 57.128.70.240:4449 62.85.76.32:8808 64.23.174.180:8080 65.19.178.73:8808 66.175.239.156:2244 66.175.239.156:443 66.179.209.30:444 66.179.94.187:443 66.55.77.28:443 66.55.77.28:8080 66.63.187.252:8808 66.63.187.252:9090 67.211.208.99:56001 68.168.220.76:8808 68.168.223.95:49666 68.168.223.95:56001 68.168.223.95:56003 69.197.174.136:4449 72.167.40.98:7777 72.167.40.98:8808 74.120.121.126:8808 74.201.216.45:6606 74.201.216.45:7707 74.201.216.45:8808 74.248.137.135:6666 78.108.216.225:420 78.164.223.72:1000 78.164.223.72:20000 78.164.223.72:2003 78.164.223.72:2004 78.164.223.72:2026 78.164.223.72:222 78.164.223.72:3000 78.164.223.72:3001 78.164.223.72:444 78.164.223.72:8808 78.164.223.72:888 78.171.42.106:1000 78.171.42.106:1002 78.171.42.106:20000 78.171.42.106:2003 78.171.42.106:2004 78.171.42.106:2009 78.171.42.106:3000 78.171.42.106:3001 78.171.42.106:59 78.171.42.106:8808 78.171.42.106:888 78.84.255.121:8808 80.180.123.169:1016 81.10.39.58:8088 81.10.39.58:9999 81.17.24.234:6606 81.17.24.234:7707 81.17.24.234:8808 81.191.183.151:4782 81.198.113.138:8808 82.223.48.201:1433 82.223.48.201:6606 82.223.48.201:7707 82.223.48.201:8808 82.66.202.142:8808 82.68.20.104:6606 82.68.20.104:7707 82.68.20.104:8808 84.200.205.74:2004 84.32.231.72:8808 85.192.56.180:4449 85.217.170.214:7777 85.235.74.114:8848 86.104.252.23:1080 86.48.19.90:8808 86.93.183.135:4449 87.121.79.75:4449 87.16.31.128:4444 88.240.210.241:8808 89.102.235.213:6606 89.102.235.213:7707 89.102.235.213:8808 89.117.21.203:7777 89.40.31.130:1010 89.47.113.71:8808 89.47.113.83:8808 89.87.219.180:1122 91.235.234.50:8808 92.255.57.221:1414 92.255.85.2:1414 94.154.173.50:8808 94.154.35.80:8808 94.156.177.241:8808 94.26.90.242:8808 94.26.90.81:4441 95.129.234.24:3333 95.129.234.5:8808 95.217.34.113:69 98.217.73.238:8808 1618meritking.com 2004scape.com 5461458.ddns.net 7sipxslhd.localto.net 9xuj2tcnm.localto.net a36e-78-175-182-33.ngrok-free.app according-asks.gl.at.ply.gg agency-failure.gl.at.ply.gg alex3143-23501.portmap.io aliomar.ooguy.com almhm231.ddnsgeek.com anlarilblspureuk.duckdns.org ansy1303.duckdns.org ansy1703.duckdns.org ansy27.duckdns.org ansy5marzo.duckdns.org are-typing.gl.at.ply.gg asdasdasdf-28668.portmap.host assaa.freeddns.org async1177.duckdns.org asynck31.duckdns.org asyncratlog.duckdns.org asynjerry.duckdns.org asynk02.duckdns.org australiamd2000.duckdns.org beautiful-faraday.94-156-177-241.plesk.page blue-r.gl.at.ply.gg born-pupils.gl.at.ply.gg businesses-exposure.gl.at.ply.gg cases-rica.gl.at.ply.gg categories-survivors.gl.at.ply.gg control.wolm.life corporation-handhelds.gl.at.ply.gg cryptoghost.zapto.org daansayajintj.ddns.net dadfsfsdfasdfasddfgssdfaafsd-63495.portmap.host deadpoolstart2051.duckdns.org denemescprittt.com district-cells.gl.at.ply.gg djs-ernst.with.playit.plus ec2-18-166-104-119.ap-east-1.compute.amazonaws.com ec2-18-167-254-207.ap-east-1.compute.amazonaws.com engineering-groups.gl.at.ply.gg envio10-04-25.duckdns.org envio20-03.duckdns.org envio25-03.duckdns.org envio25-3.duckdns.org envio266.duckdns.org extr6.duckdns.org family-advertisements.gl.at.ply.gg father-ever.gl.at.ply.gg felina-26545.portmap.host fowenep407-49551.portmap.io fueteeee.ddnsfree.com gaddammmn-27388.portmap.host gameto.ath.cx get-rick.gl.at.ply.gg go.gets-it.net goru-heruo.site gotoaa.sytes.net gvhiz06dl.localto.net harveyhudson-59734.portmap.io hayc.kozow.com health-eddie.gl.at.ply.gg hghdhsdbxcvb.duckdns.org holefo2785-22820.portmap.host holguin12.duckdns.org housing-never.gl.at.ply.gg http://172.111.151.97 http://176.202.47.224 http://196.251.116.131 http://196.251.116.155 http://196.251.116.68 http://196.251.72.5 http://196.251.73.189 http://38.69.8.179 http://5.175.136.65 http://94.156.177.241 http://95.217.34.113 iafinitd18jw3jdvhy4nhv.duckdns.org ip66-175-239-156.pbiaas.com ip87-106-116-156.pbiaas.com johnanthonylifestyle.com joined-cork.gl.at.ply.gg kasicamondan.mentality.cloud lammersville.ddns.net learning-layer.gl.at.ply.gg levodsf.ddns.net m-blocking.gl.at.ply.gg mark009.kozow.com masteir.mywire.org maxbusinessclub.duckdns.org medoohh22.duckdns.org medooo.ddnsgeek.com microdns2025bk.duckdns.org minimum-registry.gl.at.ply.gg moahmed2002.mywire.org mooonskj.ddns.net mrhelwans.giize.com mscorp.click nams.ddnsfree.com naphax.duckdns.org newservice.duckdns.org oficioselemental.duckdns.org okok0.linkpc.net omar1232.kozow.com omar342.giize.com onion366-38169.portmap.host opakk.hopto.org paisesbajos12.casacam.net pctrbajosas1.casacam.net proposed-madagascar.gl.at.ply.gg puka1.ddnsfree.com puka1.work.gd purestform20.duckdns.org purpleb.kozow.com q32o084df.duckdns.org quizzical-golick.94-156-177-241.plesk.page ramadan-kareem.duckdns.org ramdan.mywire.org rdsfaanachy.duckdns.org real3232afa.duckdns.org rhrexa.duckdns.org rnmlz-95-88-102-149.a.free.pinggy.link rnxck-95-88-102-149.a.free.pinggy.link rootedkrypto-29674.portmap.host roxtroxshop.duckdns.org sami2.myftp.biz sdjdnsajnc-61234.portmap.host securealisveris.com sk1d.org skin-madness.gl.at.ply.gg specialw.is-found.org static.113.34.217.95.clients.your-server.de sulumansorumsuz.duckdns.org taoh081018.zapto.org theochar.ddns.net trgfvc.duckdns.org triada-sport.ru u871378.nvpn.so umarmira055.duckdns.org umran1.loseyourip.com valerianobritoieufsasd.duckdns.org vibesforreal.com welpthatsagg.dns.navy windowsdrivers.accesscam.org xihanyi.e2.luyouxia.net xn--bz-hep-p9af.shop xptmue1si.localto.net xvic8.publicvm.com zeldr1s-44130.portmap.host # Reference: https://www.virustotal.com/gui/file/f3bfd62f6eb91179a14f9361e1c997a39147ce35839f69988fa00154b92de258/detection 64.44.83.138:7788 ansy4abril.duckdns.org # Reference: https://www.fortinet.com/blog/threat-research/multilayered-email-attack-how-a-pdf-invoice-and-geofencing-led-to-rat-malware # Reference: https://www.virustotal.com/gui/file/9184ff2cdd05fcaf111db23123479c845b2ece2fedccc2524b2de592f9980876/detection 130.51.20.126:2101 130.51.20.126:55644 # Reference: https://x.com/malwrhunterteam/status/1921113258565521515 # Reference: https://www.virustotal.com/gui/file/9515dac6a4ff603dec56b68d9644ce438a76273199fa5723b52cb25dda396c59/detection 176.65.139.51:56001 # Reference: https://x.com/ShanHolo/status/1921860087196319854 # Reference: https://www.virustotal.com/gui/file/2e4946037fca9285d9d51af7c2d2e1aa7ad036e9437cf5a43d55f44a968ad613/detection 154.197.69.150:4449 wnxz.site ztbx.wnxz.site