# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: crysan # Reference: https://twitter.com/suyog41/status/1130804704152305664 mikus192091.ddns.net # Reference: https://twitter.com/luc4m/status/1106618159522635776 queda212.duckdns.org # Reference: https://twitter.com/CERT_Polska/status/1072793091856392192 # Reference: https://www.cert.pl/news/single/trojan-oraz-ransomware-w-kampanii-podszywajacej-sie-pod-inpost/ 213.152.161.99:47390 213.152.161.100:47390 213.152.161.101:47390 213.152.161.102:47390 213.152.161.103:47390 213.152.161.232:47390 213.152.161.233:47390 213.152.161.234:47390 213.152.161.235:47390 213.152.161.99:47392 213.152.161.100:47392 213.152.161.101:47392 213.152.161.102:47392 213.152.161.103:47392 213.152.161.232:47392 213.152.161.233:47392 213.152.161.234:47392 213.152.161.235:47392 # Reference: https://twitter.com/Threat_hunts/status/1135810121227882499 # Reference: https://app.any.run/tasks/5ad34df1-b5a8-415f-9496-334d9bfdd7b1/ 95.167.151.253:7707 # Reference: https://twitter.com/James_inthe_box/status/1141072205771448320 kizzoyi.duckdns.org # Reference: https://twitter.com/powershellcode/status/1148234398703030273 internetexploter.duckdns.org systenfailued.ddns.com.br # Reference: https://twitter.com/DynamicAnalysis/status/1165901579536539649 79.134.225.90:4782 # Reference: https://twitter.com/James_inthe_box/status/1167217092245872640 # Reference: https://app.any.run/tasks/8eb2d184-08ec-40ab-8742-32f6988c5638/ 23.105.131.169:6606 193.56.28.173:7707 193.56.28.173:8808 rownip.3utilities.com rownip.mooo.com rownip.theworkpc.com rownip.dyndnss.net rowanyne.ooo # Reference: https://twitter.com/JAMESWT_MHT/status/1169142417754337281 # Reference: https://app.any.run/tasks/308651b4-37c0-4c66-87ba-5bf05d1ff411/ 79.134.225.115:4404 eg-east.com # Reference: https://twitter.com/dcTavvy/status/1188352813937463298 # Reference: https://app.any.run/tasks/6aedb064-1078-4304-b1e8-a8205a5ba698/ 193.161.193.99:43158 Lolikot-43158.portmap.host # Reference: https://twitter.com/JayTHL/status/1197240502699073537 5.62.41.111:5320 91.193.75.151:5320 netty.myftp.biz ify.insidedns.com # Reference: https://www.virustotal.com/gui/file/598ba7562062467fbf05d47bfadf27578a8ed4d5d5abdf17a5a4820ad71651bf/detection 3.19.3.150:6606 # Reference: https://twitter.com/w3ndige/status/1214596648644620288 # Reference: https://app.any.run/tasks/509acd2f-9474-44d4-aac2-d186a4716bef/ g.top4top.io # Reference: https://twitter.com/killamjr/status/1217630017116499968 # Reference: https://app.any.run/tasks/2517942c-3364-4d56-93ab-cfa47fd14299/ 101.86.170.36:1199 45.11.19.240:7707 xred.mooo.com # Reference: https://www.virustotal.com/gui/file/cc7a634047451f72a51766d1b6e33ce8a154579d80f6abcf9a109ff64c22f3a6/detection 177.98.43.164:7707 skypeprocesshost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/0c8a1d1eb4a0ee3ca2cf22cb4ede61f85e5170885549769984110edb6b64a236/detection 179.95.221.147:6606 179.95.221.147:7707 179.95.221.147:8808 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/b1a7fda679c569e51e4b1239d044bb6e6e1f3557ccd2060c32a11b0978919b2d/detection 177.206.102.68:7707 177.206.102.68:9830 # Reference: https://www.virustotal.com/gui/file/366c8707d33501338e524e4c70f8b10ac993341134aa28b32a550f06911ba646/detection 191.32.227.90:7707 # Reference: https://www.virustotal.com/gui/file/d60372f5bbed48ea826b894402e4412a478979b590bed2b9b0d1d84017549bd0/detection 177.133.237.246:9830 179.180.17.194:7707 # Reference: https://www.virustotal.com/gui/file/9fbc310b2579816b488dbc44485acd418b20a72ef8dceb558f645a735fe10f05/detection 177.98.43.164:6606 # Reference: https://www.virustotal.com/gui/file/4913ae8055d7c6f225c0bd63ffceb28138483b39d9887de8ebcc8773e9d0d46f/detection 177.98.43.164:9830 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/9a3e8a5bd3bfae58180089d27f1e23ba5f8118272b903a4ce99047969874a989/detection 177.133.246.134:9830 # Reference: https://www.virustotal.com/gui/file/ef332bc4cca2207ceb999f77d3e8a02b9d3b2c475d39310d2f1b09ae8f335de9/detection 177.133.246.134:7707 # Reference: https://www.virustotal.com/gui/file/6ede0a69b6d4d7b9cddc97ed35f58a284427fa92923d7a3e9e1442a5a0ad1b46/detection 177.98.127.109:7707 177.98.127.109:8808 # Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection 177.133.235.48:6606 177.133.235.48:8808 177.133.235.48:9830 # Reference: https://www.virustotal.com/gui/file/d0ca0770e89e27b72703029c7900853a655be67c65fb1bcbd0c652eceb3b384f/detection 177.75.41.182:6606 # Reference: https://app.any.run/tasks/5e7bb6ce-39e9-4243-8802-968c8fb28753/ cloudclout.duckdns.org 79.134.225.38:7707 # Reference: https://app.any.run/tasks/823454cc-ac69-47d8-821a-262f4226ca10/ sbmsbm20.duckdns.org 64.225.20.238:2030 # Reference: https://www.virustotal.com/gui/file/712bc10802ec06baeb0774fa92d2816c477d6a5dceb0ac9960120344fcf7e1f7/detection 141.255.159.75:7707 141.255.159.75:8808 # Reference: https://www.virustotal.com/gui/file/55618c029549b2e2f8919902d09c19658e98390cc3e3faeb05743f091e22818d/detection 79.135.146.203:6606 # Reference: https://app.any.run/tasks/5bbbc0e9-1c84-413d-be8e-371aa483f11b/ 141.255.146.30:6606 al3nzii.myq-see.com # Reference: https://app.any.run/tasks/f44c32ed-727b-437b-9249-743b5ae74ed4/ 185.140.53.12:21000 # Reference: https://twitter.com/wwp96/status/1236015091029590017 # Reference: https://app.any.run/tasks/7a110950-e58a-4f0a-80ab-fc17c39d38cd/ 185.140.53.154:6606 # Reference: https://twitter.com/JayTHL/status/1240390421467074561 216.38.8.179:5505 216.38.8.179:7707 216.38.8.179:8808 peacelist.ignorelist.com # Reference: https://app.any.run/tasks/96716bfb-5070-40e4-bda5-d6573d7e1e55/ # Reference: https://app.any.run/tasks/d292b50e-71d7-46c2-9c75-3c053b7c36cd/ 46.183.223.29:8808 # Reference: https://twitter.com/James_inthe_box/status/1243161779212935168 # Reference: https://app.any.run/tasks/393f52ea-8176-4081-9f69-2e4706e7f27a/ 51.75.154.242:1515 # Reference: https://www.virustotal.com/gui/file/77e5748478eb6c6064e118bd35ef28f90bfd0eb908eee0291b994c9a6d5b11f5/detection # Reference: https://www.virustotal.com/gui/file/b892431179d2ed7f4b5c68eff968491b7716a067b6ab16caa5e204c9766d5bcf/detection 41.104.11.200:7707 41.104.122.164:7707 41.104.221.163:7707 41.105.197.112:7707 41.109.189.104:7707 41.109.193.177:7707 41.109.228.158:7707 41.109.242.126:7707 91.109.176.6:7707 91.109.178.2:7707 91.109.178.6:7707 91.109.182.2:7707 91.109.182.3:7707 91.109.182.5:7707 91.109.186.5:7707 91.109.188.10:7707 91.109.190.2:7707 91.109.190.7:7707 # Reference: https://twitter.com/James_inthe_box/status/1248964446505947136 # Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/ 77.247.127.128:8855 88futur.xyz # Reference: https://twitter.com/James_inthe_box/status/1250441655452237825 # Reference: https://app.any.run/tasks/a8c80640-e0bc-499c-bd8b-de1c9166d4dc/ 45.32.167.239:6606 hdkshnfk.ddns.net # Reference: https://www.virustotal.com/gui/file/51482d0164957eec01b4916354b5a992e6705655bcb44ca4b0b2a520e3b64e6c/detection 192.169.69.25:6606 soucdtevoceumcuzao.duckdns.org # Reference: https://www.virustotal.com/gui/file/626879e64f571e21902bdc2f249ce247e03420e8656990d54f3ab4ceb99b4fb4/detection 105.111.80.222:4000 azure34.mywire.org # Reference: https://twitter.com/ScumBots/status/1250963567366545408 # Reference: https://www.virustotal.com/gui/file/b465ae7940f04cb8b6f6baf9a288eecb5e405290bf48b18fe70ba41e9cc97389/detection 192.169.69.25:4000 amazon34.duckdns.org # Reference: https://www.virustotal.com/gui/file/5abfea336ec1f8f078499dd4713d65b5e75c59243b6137af1f5297706413dc63/detection 105.103.214.89:4000 amazon3407.mooo.com # Reference: https://www.virustotal.com/gui/file/6f5567af58976eb61af59c7edf1e5cdad7e3cd2fc60c16b123dfa53cd44e8f6d/detection 85.229.141.17:1337 92.34.156.156:1337 bob1337.chickenkiller.com getconnected.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/762a570980637077dbf431c691c38de20e50474d0c67003b4483c6f20a16e533/detection 129.56.25.121:6743 asyncrat6743.ddns.net # Reference: https://www.virustotal.com/gui/file/5e6bd1b03148962cff91b0f6a1d4e915bafd1049931d5d4ff2bda151bd761e28/detection unknownamehost.ddns.net # Reference: https://www.virustotal.com/gui/file/f17981f481d0e31ac51cbf66b5c94d3f73d5a2647a158370ab9e6b3357a00f9f/detection unknowhostname.ddns.net # Reference: https://twitter.com/ScumBots/status/1250960155900104705 # Reference: https://www.virustotal.com/gui/file/5a4958af2c13c0a9a6eff86bb5f4fd339a85a66249a22278cc5b50cecd89188a/detection 88.208.245.177:1443 # Reference: https://www.virustotal.com/gui/file/8c344acd0dfc01ac093b4a4407cd2f126f74bae0ca5b66f92912d522160ac639/detection 103.82.249.19:8808 # Reference: https://twitter.com/mahnyan1/status/1251321072865042435 babyboyhammer2.duckdns.org # Reference: https://www.virustotal.com/gui/file/e9c607f263a990db1bf0465c8688ed7ce7e5f294845041fb56af313df34f45df/detection 176.31.26.213:6606 176.31.26.213:7707 # Reference: https://www.virustotal.com/gui/file/7bebcd498c41f74199691dd8c0d9144f562b4c71dc9c96607260689397ba2285/detection 178.209.46.144:20108 73ch91ch13f.100chickens.me # Reference: https://www.virustotal.com/gui/file/a0e26b77db21ef8899c3b18fa562a53f51b37a3cb8677034bbd8c2c5b37cf78b/detection 193.161.193.99:61436 karakan123-50010.portmap.io # Reference: https://www.virustotal.com/gui/file/dd8069de43a40341482301c95b3a05d0201a9386a5c586b17451ca37447dd1ac/detection 152.246.228.24:6606 152.246.63.32:6606 # Reference: https://www.virustotal.com/gui/file/1c7dccd9e95acff427990af9670ad69d54fcc056aa0eb7744ec8f22d35088c45/detection 193.161.193.99:56282 # Reference: https://twitter.com/ScumBots/status/1250963480783527938 # Reference: https://www.virustotal.com/gui/file/31345f8b3aefaaa13a783f4febe071bb8da7ae27f5f5c06024f9f29db0116321/detection 192.169.69.30:6606 192.169.69.30:7707 192.169.69.30:8808 # Reference: https://twitter.com/ScumBots/status/1250963998922739712 # Reference: https://www.virustotal.com/gui/file/91ecc56db47e5fe085075ff0d7fa76d2911e787734b95b81a4570a15a45444b9/detection 192.254.74.210:6606 192.254.74.210:7707 192.254.74.210:8808 # Reference: https://twitter.com/ScumBots/status/1250964170302009344 cmradelucifer.ddns.net # Reference: https://www.virustotal.com/gui/file/9ee035f65117dd6ead3f1da5a952df99efbaa39c7345fc11f8ccbbb6ecf86037/detection 168.197.229.117:6606 168.197.229.117:7707 168.197.229.117:8808 79.134.225.20:6606 79.134.225.20:7707 79.134.225.20:8808 # Reference: https://www.virustotal.com/gui/file/4a5cea334cdd0c4042498850f591717d0677fb606331d11210f7b5d2b3a27ff2/detection 213.213.206.18:3306 # Reference: https://www.virustotal.com/gui/file/d09e5b5fabdfa8578b377d46b44fcddc0772a92750e4ead921e2e56e97cdda35/detection 185.165.153.95:8989 # Reference: https://www.virustotal.com/gui/file/a3f870eeaf9cb8e486363b1ff8e1fb79937ed85bab6237ee6123125ad3a43290/detection 186.53.186.235:4132 yugdab.duckdns.org # Reference: https://www.virustotal.com/gui/file/1b5e3eb733257954a9dd28f6a3e081d941deaa73418d4b22beaa3200a8f96285/detection 41.140.208.184:6606 asco.dynu.net # Reference: https://www.virustotal.com/gui/file/0e0bf4239bf7472066cb37ab517d74b1102c69af9e0feca64d567dff879ae1eb/detection 69.171.248.112:5557 8701.viewdns.net # Reference: https://twitter.com/ScumBots/status/1251156576615849985 # Reference: https://www.virustotal.com/gui/file/419fa3facde23e4b18afe0c7f7198844f3ee9e28da6e39f2e2e9e60c41e83570/detection 193.161.193.99:63374 # Reference: https://www.virustotal.com/gui/file/9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422/detection 192.169.69.25:6606 192.169.69.25:7707 192.169.69.25:8808 number2.duckdns.org # Reference: https://www.virustotal.com/gui/file/aff7d626d09099f6aaf329f1b2e0623a378b45fdf4536ad83e63efc87e7e0865/detection 124.50.195.153:5050 kkk1046.kro.kr # Reference: https://twitter.com/ScumBots/status/1251180572711550983 103.18.14.217:1337 dedsee2c.accesscam.org # Reference: https://www.virustotal.com/gui/file/923092b6cec8aaa0cd11fefa625ed17f98702edac91c3a52beaf7e54f6e5f784/detection 13.235.76.244:1337 # Reference: https://www.virustotal.com/gui/file/582fb62f0d92afaee2dc79108622667cc62d298cafbde3d1e2ec1738c977f4a6/detection nohostname.ddns.net # Reference: https://twitter.com/ScumBots/status/1251180991995088900 103.244.74.228:46839 # Reference: https://www.virustotal.com/gui/file/36b272fbada18f510fa34a479fa391131797f13218f6756c52825d9e7711be6e/detection 41.103.199.216:1337 # Reference: https://www.virustotal.com/gui/file/850bcc510ee39c6d6dde91f041bcb276b74a8101c84279a35c0a3570a4e6440d/detection poiuytrewq3341.ddns.net # Reference: https://twitter.com/ScumBots/status/1251181425933647877 dqrkodz34.ddns.net # Reference: https://twitter.com/ScumBots/status/1251181595635126274 jess19991102.ddns.net # Reference: https://www.virustotal.com/gui/file/d4a629944bf1e03d43a04b530f9606d8315b84e847c83042427224011f3067ba/detection 193.161.193.99:36811 hussaryn-36811.portmap.host # Reference: https://www.virustotal.com/gui/file/c338d425a1293b82ac13c856c43d588ce0053b27349620b7353273a42a04d845/detection jess19991102ddns.com jess19991102.ddns.com # Reference: https://www.virustotal.com/gui/file/0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e/detection 204.14.73.154:8080 bomi.duckdns.org # Reference: https://twitter.com/ScumBots/status/1251182632517410817 salsamania.ddns.net # Reference: https://twitter.com/ScumBots/status/1251183213747277826 googledrive.dynu.net googledrive.linkpc.net # Reference: https://www.virustotal.com/gui/file/f71eaaf23ecba6aafc314f3d42badafb4430b1be62a1ba325c592b258b8f1319/detection 213.152.162.84:9040 # Reference: https://www.virustotal.com/gui/file/ee1e5a4ee19c1b613aaa82b48e313c6e3eeb5874d7593809c2207037254a57cc/detection fertun-29801.portmap.host # Reference: https://www.virustotal.com/gui/file/2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f/detection 176.232.239.198:5060 denemeiso1.duckdns.org # Reference: https://www.virustotal.com/gui/file/a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0/detection 13.235.23.234:1337 # Reference: https://www.virustotal.com/gui/file/e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12/detection noregisterdomain.zapto.org # Reference: https://twitter.com/ScumBots/status/1251185289055350784 87.14.96.105:1303 emmek.crabdance.com # Reference: https://www.virustotal.com/gui/file/b76b157a8d6ccfd5cc7ea8eed54af4d0aab9e97f8d641f886617252d9acc48bc/detection 41.100.199.86:5555 clayroot2016.duckdns.org # Reference: https://twitter.com/ScumBots/status/1251185716111069184 am164.kro.kr # Reference: https://www.virustotal.com/gui/file/f25f43f5cea51647e82413accd831b93fe8c2b7f072fc1468cd1d13bf08224ec/detection 136.243.31.186:1608 # Reference: https://www.virustotal.com/gui/file/1298f1fd280d2768e2a5e3f1089ec3ad18e17cade3fbeb78be864d9c3caff337/detection 173.238.140.238:6606 173.238.140.238:7707 173.238.140.238:8808 bshades.ddns.net dark-comet.ddns.net # Reference: https://www.virustotal.com/gui/file/47979eca9030c7f8de4c86c048e17efa02f66c6aed8a52c24dbd4bd7b0692b88/detection 75.80.221.198:1604 # Reference: https://www.virustotal.com/gui/file/5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47/detection sam144169-56334.portmap.io webforma.chickenkiller.com webdata.ddns.net # Reference: https://www.virustotal.com/gui/file/610a58f5e46ffe61093dad4ef8528df34894d29347a1eec0224a87bba7864b8f/detection 46.237.79.53:8080 rat24695.ddns.net # Reference: https://www.virustotal.com/gui/file/5b18ab7442af71b0ba9293b200fa26961e6de7b98d51456644aa58d307dc0e1f/detection 154.16.248.14:3230 # Reference: https://twitter.com/ScumBots/status/1251187877255528448 112.149.90.49:5050 hyungwoo.kro.kr # Reference: https://www.virustotal.com/gui/file/03a58d54e04d346d4d06637a40834795431147472e07c815a0fee27475bcc970/detection a24369093123.ddns.net # Reference: https://twitter.com/ScumBots/status/1251188552500723712 40.114.49.176:4040 # Reference: https://www.virustotal.com/gui/file/b796ac10d1f3133ca6b77141e50e414f1fc704299884d0b0fb676ab0db7fed89/detection yesweekend12.ddns.net # Reference: https://twitter.com/ScumBots/status/1251189068190318593 213.152.162.84:9040 # Reference: https://twitter.com/ScumBots/status/1251189153976516610 unregisteredhost.dynu.net # Reference: https://www.virustotal.com/gui/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/detection 23.249.168.43:9090 ccmorgan.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0eb9cb0a88f2e88881e06ce961c2da388475c1b595f2669c57e0cf1b5eb7677/detection 41.143.216.51:1738 asco.dynu.net # Reference: https://www.virustotal.com/gui/file/44e550a4dbdc40e1cacca65b7e516618558c0d2114b3641cda6ddd69190ed8b9/detection 141.255.155.90:9023 nonamehost1.zapto.org # Reference: https://twitter.com/ScumBots/status/1251189930300227584 anonauth.ddns.net # Reference: https://twitter.com/ScumBots/status/1251191403851505665 216.246.49.165:6606 216.246.49.165:7707 216.246.49.165:8808 # Reference: https://twitter.com/ScumBots/status/1251191570986082305 82.84.85.59:1608 # Reference: https://twitter.com/ScumBots/status/1251191655589445635 62.108.37.42:6606 62.108.37.42:7707 62.108.37.42:8808 # Reference: https://twitter.com/ScumBots/status/1251192193597014016 84.51.52.166:6606 84.51.52.166:7707 84.51.52.166:8808 kingspy.duia.eu kingspy.noip.pl # Reference: https://twitter.com/ScumBots/status/1251858682108956672 61.69.131.134:1604 yilmazkocakau.ddns.net # Reference: https://twitter.com/ScumBots/status/1251915307536580608 141.255.146.238:6606 141.255.146.238:7707 141.255.146.238:8808 alltricks.hopto.org # Reference: https://www.virustotal.com/gui/file/cd61eefce1bda8e8fd7d6f38bb9e6d70b4f1d90efb039a1346d890eeedbd63ef/detection # Reference: https://www.virustotal.com/gui/file/ae089f74371ab598c6cf00e6debbb9d70c091d90641c406b4aa4c88e3fa81c25/detection 41.42.6.83:6606 41.42.6.83:7707 41.42.6.83:8808 81031.ddns.net # Reference: https://www.virustotal.com/gui/file/5185c0e1245a6ef3f2e38459095098a085e1b3f0fb75c7aa657df068be3334dc/detection 41.35.15.87:6606 41.35.15.87:7707 41.35.15.87:8808 # Reference: https://www.virustotal.com/gui/file/31846d250a4f71ff4d5348ba0417584e560f6a93a949bba415a9efd261a41e17/detection 77.78.103.70:222 qwerty123123123.hopto.org # Reference: https://twitter.com/Racco42/status/1255493982420942856 # Reference: https://app.any.run/tasks/9e6d5087-6d1d-44b5-9ac4-349e14df5eb9/ 62.102.148.158:62727 panda45.duckdns.org # Reference: https://bazaar.abuse.ch/sample/5be39967ba90f3766fa81f354a61102a7ddf6bc19ec282e56727abb6dafb973c/ 185.244.29.175:7071 # Reference: https://www.virustotal.com/gui/file/3e9fc29f4f0edfaebea7d78f2de99dc5dfdcd440fc8afc2fc8be0d9a6e10466e/detection 188.52.75.171:5558 # Reference: https://www.virustotal.com/gui/file/646bd5449aa3c3d5d029daeb30efbb49c68209ec434f4216593952d1310343ab/detection 80.200.143.32:5353 # Reference: https://www.virustotal.com/gui/file/f6270d604a6e859c46733c14315da1dc07d7c50eea5cefd427e915c7c726cd24/detection 191.250.107.152:6606 191.250.107.152:7707 191.250.107.152:8808 pointblankbrasil.duckdns.org # Reference: https://www.virustotal.com/gui/file/ffb897728bb3cdaf183b6346255551615e9de81c4178a74cfdf92c8a03dc11c1/detection 91.109.188.2:1010 # Reference: https://www.virustotal.com/gui/file/9a512140b526841ae759063ba36e46b1812c105d9cc94f8dfe11ff69f3cbb336/detection 51.39.198.26:6606 51.39.198.26:7707 51.39.198.26:8808 # Reference: https://twitter.com/ScumBots/status/1257439484339277831 141.255.158.227:6606 141.255.158.227:7707 141.255.158.227:8808 jnhacker.con-ip.com # Reference: https://www.virustotal.com/gui/file/8e0bde81c9e355be99d2fd2a8cd0a1ff088ccb9e4d846323a07c20948e385497/detection 42.116.41.65:3979 kingspy.ddns.net # Reference: https://twitter.com/ScumBots/status/1257437270765953025 191.250.107.152:6606 191.250.107.152:7707 191.250.107.152:8808 mydnshome.ddns.net # Reference: https://www.virustotal.com/gui/file/78f70e9f02eb5434bb36715f107a092a695b060a3e4dba41e6d6213813d6f6e3/detection 86.7.195.44:7777 nfrurqcjthnjznd.ddns.net # Reference: https://twitter.com/ScumBots/status/1257468146027503618 93.22.123.135:6606 93.22.123.135:7707 93.22.123.135:8808 backdoor.mcrage.me # Reference: https://twitter.com/ScumBots/status/1257751258787700743 # Reference: https://www.virustotal.com/gui/file/046b3e5c4418660a9eed9ffc4e9769df9e133eb96b40e2585eec87cf202d9b0b/detection 41.109.165.237:3000 cappa.myq-see.com # Reference: https://www.virustotal.com/gui/file/509607c23436a0d4ef33b21734a19aa129fbcd63bad4cb2965f06fc3f32c2554/detection 41.105.203.238:3000 # Reference: https://app.any.run/tasks/4c0659cd-b563-45a9-93ca-77b82e795fba/ 193.161.193.99:56769 unity123-56769.portmap.host # Reference: https://app.any.run/tasks/bca9407f-6879-4ca7-9dc9-c5c7d9472e38/ 193.161.193.99:7112 193.161.193.99:45885 reality-45885.portmap.host # Reference: https://twitter.com/ScumBots/status/1257955102553448451 # Reference: https://www.virustotal.com/gui/file/5d5d00143b5f578c0293a7cd806009ecd8da5b30d713ebdfb4fcfb83b85e31c1/detection 108.168.118.205:4782 havingfun.chickenkiller.com # Reference: https://twitter.com/ScumBots/status/1258452953662439429 103.74.18.65:8899 103.74.18.65:9090 webdata.ddns.net poda.duckdns.org poda.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/e2dd6989c2d9bd1038f5c6e741f4cdfa9b4584739fabf98db244f7763607178f/detection asyncrat.ddns.net # Reference: https://bazaar.abuse.ch/sample/43264fd31d2b8ce6104a5daf7cf933d315e21e2a968998591361c13fbc365baf/ 194.5.97.223:6204 # Reference: https://www.virustotal.com/gui/file/b611859ca933afe409d9c00d3c75fb42a4049ccee735afd2123e566bbf066c29/detection 185.140.53.43:4444 lagba10.ddns.net # Reference: https://www.virustotal.com/gui/file/34e20c34bb369fb81054fe19e90916e62251720cca8b961942f9ebbcb669919a/detection 193.161.193.99:25270 hiddensick-25270.portmap.io # Reference: https://app.any.run/tasks/88548d77-fbc2-421d-be4b-2da16bd0b5f3/ 193.161.193.99:34785 Slxthy23rf-34785.portmap.io # Reference: https://twitter.com/ScumBots/status/1261669580067549186 5.9.221.55:6606 5.9.221.55:7707 5.9.221.55:8808 # Reference: https://www.virustotal.com/gui/file/32501c0b743c1a550d9f4a24c73a6e58cb7e7a24919cdea9e85bd7d417273806/detection 220.120.90.123:6060 am164.kro.kr # Reference: https://twitter.com/ScumBots/status/1262284883466096640 115.23.99.222:2256 dokdo2256.p-e.kr # Reference: https://twitter.com/ScumBots/status/1262417002142085121 79.134.225.101:5552 # Reference: https://twitter.com/ScumBots/status/1262647276843028480 59.26.17.108:1212 obidori.kro.kr # Reference: https://www.virustotal.com/gui/file/31f8ef6bce5d3c220c3fb531b699dc5026b343bd0e76f3dd9fc9359dc86936d0/detection 115.23.99.222:2256 dokdo2256.p-e.kr # Reference: https://twitter.com/ScumBots/status/1263461921547747329 128.199.41.159:2001 # Reference: https://twitter.com/ScumBots/status/1263674037227659264 61.81.92.38:1212 test9909.p-e.kr # Reference: https://twitter.com/JayTHL/status/1263709348422967296 123.240.25.197:1604 asdf3341.ddns.net # Reference: https://twitter.com/ScumBots/status/1266652411889926146 # Reference: https://www.virustotal.com/gui/file/298587d8c8a376568ed09d332f329f3a4282e96e905f4569fbf24223ed10e491/detection 77.162.55.86:6606 77.162.55.86:7707 77.162.55.86:8808 monsternetwork01.ddns.net # Reference: https://twitter.com/ScumBots/status/1268143488413118464 193.218.39.43:8686 # Reference: https://twitter.com/ScumBots/status/1268532368790491137 188.250.211.240:3715 diass.duckdns.org # Reference: https://twitter.com/ScumBots/status/1269007937349058560 193.161.193.99:21292 allan4053883-60334.portmap.io # Reference: https://twitter.com/ScumBots/status/1269358998307983361 64.225.66.117:1331 64.225.66.117:1332 kr142.duckdns.org # Reference: https://www.virustotal.com/gui/file/86636201a899e360ad6fae1b71304c625ed6395ddf99e6b09906617da53ee93b/detection 91.193.75.208:3000 # Reference: https://www.virustotal.com/gui/file/8228d1299256a23377e57d575160dbd58f9ac46598c5c90b321743e366f3d09a/detection 173.225.115.144:6606 173.225.115.144:7707 173.225.115.144:8808 # Reference: https://twitter.com/ScumBots/status/1269910131933921281 42.119.15.63:3189 kingspy1301.ddns.net # Reference: https://www.virustotal.com/gui/file/d2d1030a5a122043c7a99b3f2c1b1d456be205033ed1327a0b4780f723a5e362/detection 42.117.191.69:8386 # Reference: https://twitter.com/ScumBots/status/1270064901101432840 100.64.15.50:5431 # Reference: https://app.any.run/tasks/5b5cba25-c74c-4c2c-80c5-c2f2c9156e6c/ 128.74.42.86:6606 128.74.42.86:7707 128.74.42.86:8808 logan1h.ddns.net # Reference: https://www.virustotal.com/gui/file/b8ff21e26e0da11d7146dd250b71206c698275e312bff612b38380e38385a4c7/detection 193.161.193.99:42300 193.161.193.99:6606 193.161.193.99:7707 193.161.193.99:8808 xaz19og-42300.portmap.io # Reference: https://www.virustotal.com/gui/file/e235e749a792841f78e1fcc8ddfea4d9c31471aaaa3df6928a43a96a8235698e/detection 102.42.76.37:2001 al3bkri13456.ddns.net # Reference: https://www.virustotal.com/gui/file/b891b61de4a7c50a50bffa4fb1394c696c25f80717ed57363f4e1a4a216973bb/detection 94.60.172.123:4500 # Reference: https://app.any.run/tasks/01c6c449-cfe1-4e4a-b34c-3536b67599af/ 193.161.193.99:48736 WindowsDefenderNet-48736.portmap.io # Reference: https://app.any.run/tasks/38f351cc-2e3e-4980-9a6d-4ceb645e4cbb/ 195.2.93.77:8808 servesvpn.duckdns.org # Reference: https://twitter.com/ScumBots/status/1270744376042553345 # Reference: https://www.virustotal.com/gui/file/4e8ca2787e65b0edaa21180883b642d7b3b7f85140ab7fc03d09c30da124dc5b/detection 193.161.193.99:1337 193.161.193.99:52390 sdsd33-43977.portmap.host # Reference: https://www.virustotal.com/gui/file/ae84c5af88241d3bb2e75160c53c6cdaee23555e0a83f0b9b5f218fe525c67b0/detection 82.205.2.127:6606 82.205.2.127:7707 82.205.2.127:8808 googlexfx.ddns.net # Reference: https://twitter.com/ScumBots/status/1271484250349547521 109.247.81.119:23818 # Reference: https://twitter.com/ScumBots/status/1271514445739634689 105.108.81.5:333 b34.duckdns.org # Reference: https://www.virustotal.com/gui/file/b1421de897b9903d393051f42730ac0fc7c19a3115f7b2fb019f2f7edd28e2af/detection 185.140.53.247:4723 sukasa.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/3af55f9bb1a968506ea79b9f24d4a61f99d07e652af05bc5c557f13c19343a03/detection 18.197.239.5:10611 18.197.239.5:25565 # Reference: https://www.virustotal.com/gui/file/3f240073edad176ed8dc359ec2420361d67368ed7859bece7b94180c9deba172/detection 18.197.239.5:11328 # Reference: https://twitter.com/ScumBots/status/1272224126346964993 89.182.127.205:9955 fifa2020-ps4.ddns.net # Reference: https://www.virustotal.com/gui/file/6313e287489f083c691693a5582888ea7ab7e3d03c81612012dec332d27c66e2/detection 185.140.53.11:2079 185.140.53.11:6606 185.140.53.11:7707 185.140.53.11:8808 212.225.226.30:6606 212.225.226.30:7707 212.225.226.30:8808 bazilspain.dynu.net # Reference: https://www.virustotal.com/gui/file/67cd0179d490d478ba231ee4719aa7e1427045de0067a24a0adc91f33fdcac3d/detection 212.225.226.30:2079 # Reference: https://www.virustotal.com/gui/file/621b16461f4c6844bb3438e8cc872ae6d81414bd2e60cc097e2af348697fd088/detection 39.108.140.215:60006 39.108.140.215:9999 2ee51a1ab0951a62.natapp.cc # Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/ 84.38.134.21:6606 84.38.134.21:7707 84.38.134.21:8808 # Reference: https://twitter.com/ScumBots/status/1273960570220404739 193.161.193.99:62895 # Reference: https://twitter.com/ScumBots/status/1274107785345712132 45.74.26.57:5326 # Reference: https://twitter.com/ScumBots/status/1274213483081596929 43.251.103.150:8848 # Reference: https://twitter.com/ScumBots/status/1274349378992582657 193.218.118.190:6666 # Reference: https://twitter.com/ScumBots/status/1274432429110034432 45.138.157.147:1111 # Reference: https://www.virustotal.com/gui/file/f83df0f45665f9f5d7d1e888cf778bb4440850503e24821bb0d976e86a5e87e8/detection 77.30.137.105:6606 77.30.137.105:7707 77.30.137.105:8808 # Reference: https://www.virustotal.com/gui/file/7528e56efe65fa4b61c7f7156e8d178473051f88d1dc1174378867bdef381f05/detection 202.79.168.134:3399 # Reference: https://twitter.com/ScumBots/status/1274753289091874818 95.70.134.40:8565 # Reference: https://twitter.com/ScumBots/status/1275421447985430529 14.249.183.252:5555 1593572468.ddns.net # Reference: https://twitter.com/ScumBots/status/1276036748053745669 8.210.144.63:6688 # Reference: https://twitter.com/ScumBots/status/1277490072456171520 117.3.216.38:3589 spy9999.ddns.net # Reference: https://app.any.run/tasks/ca2adff9-796b-45c0-b901-6542eb02857f/ xSkewber-24412.portmap.host # Reference: https://app.any.run/tasks/86f951e0-a325-4f4d-9d00-dcc9f1a58754/ steamguard1337.myddns.me # Reference: https://twitter.com/ScumBots/status/1278645187594551296 67.211.213.207:8080 67.211.213.207:9090 # Reference: https://www.virustotal.com/gui/file/1f6ea95aa6e7d84c2db2f180e6964449d9fe0b8112b9661889b5b200120b5cb9/detection 213.152.161.239:9980 bien.airdns.org # Reference: https://twitter.com/ScumBots/status/1278879232505110529 # Reference: https://www.virustotal.com/gui/file/ab5f8fc012927d2a8f6f9e45891da8111e1de9adddd57969540ce7a39697a5e3/detection 105.154.111.193:1596 105.154.111.193:2695 105.154.111.193:4562 dellpower.theworkpc.com # Reference: https://twitter.com/ScumBots/status/1278301761690894337 45.61.136.48:6606 45.61.136.48:7707 45.61.136.48:8808 # Reference: https://twitter.com/ScumBots/status/1279766327733952512 154.209.74.134:3399 # Reference: https://www.virustotal.com/gui/file/dbb7d9edbc04874b351fe0277d7ec7ccb41023f17e87e18da28dc267b2878ebb/detection 114.129.198.91:6606 114.129.198.91:7707 114.129.198.91:8808 # Reference: https://www.virustotal.com/gui/file/afede1c861d5026ace0d1864ab10214cbbe9e46f2299f401ac2589f924fd4a28/detection vksaodyd.kro.kr # Reference: https://twitter.com/ScumBots/status/1281038456521740289 23.105.171.85:35247 # Reference: https://twitter.com/ScumBots/status/1281283822118723585 # Reference: https://www.virustotal.com/gui/file/6e8ae7b434f014a40003c7b24984bdb3751515c7ab4edd36af33b02881d9d82d/detection 186.233.178.201:6606 186.233.178.201:7707 186.233.178.201:8808 duckjigsaw.duckdns.org # Reference: https://twitter.com/hexfati/status/1281490222618939392 julian.linkpc.net # Reference: https://twitter.com/ScumBots/status/1281570951919013888 193.161.193.99:1437 # Reference: https://twitter.com/ScumBots/status/1281570862492274691 193.161.193.99:28472 Pomm2paingg-28472.portmap.host # Reference: https://twitter.com/abuse_ch/status/1281641153524375553 # Reference: https://bazaar.abuse.ch/sample/3f28fd2c56f0bb9501f62fa64c71f6475d7cca2ee1908e097febdfc5516358ed/ 194.5.98.8:8824 # Reference: https://www.virustotal.com/gui/file/b3a4d10421309deb064c7c31d143b704471d2dc60a6b15a14402d2d069daa3e8/detection 193.161.193.99:24207 portababy-24207.portmap.host # Reference: https://www.virustotal.com/gui/file/cf302c3f21b10392c776e72d3b13e5065b1b6f503a3b63ffb343d13c1d83a6dd/detection 84.210.40.80:5552 krypticon9332.duckdns.org # Reference: https://app.any.run/tasks/eec7d68b-fa8f-4654-9544-2b59b27dc6be/ 206.123.129.103:5456 # Reference: https://twitter.com/ScumBots/status/1283031589962878980 193.161.193.99:38891 193.161.193.99:4443 # Reference: https://www.virustotal.com/gui/file/2de91b424589709529fb7f6dd861ee8fe089e2ac0927971d2242362e09c29502/detection 176.205.153.139:9476 # Reference: https://www.virustotal.com/gui/file/ba42409b340eba51a84a63ef57b8944d952ca927a4889948e069f8fc2352b727/detection 118.68.139.26:3189 # Reference: https://twitter.com/ScumBots/status/1283424178268405760 185.140.53.68:1515 mavennezeliora.ddns.net # Reference: https://twitter.com/ScumBots/status/1284137629882159104 174.0.47.124:8574 lowkeyjust.ddns.net # Reference: https://twitter.com/ScumBots/status/1284303722840035330 193.161.193.99:4040 193.161.193.99:41801 Crowlinqs-41801.portmap.io # Reference: https://www.virustotal.com/gui/file/9fae837fb9b2e3389ac912a88518a953bfd2e78b39daf89191187ae9b520dea8/detection 110.141.6.190:6606 110.141.6.190:7707 110.141.6.190:8808 110.141.6.190:3389 server1738.ddns.net # Reference: https://www.virustotal.com/gui/file/8b003d7f7d72eba439d095c2321003840b05e80099fabdd29fce757db0f57043/detection 185.140.53.76:1604 blanco.linkpc.net # Reference: https://www.virustotal.com/gui/file/0948d7d120fa3bfd8eb53b747e9ea08c6703f231663671441edec451b6d72586/detection 27.70.237.210:6606 27.70.237.210:7707 27.70.237.210:8808 27.70.237.210:8888 nohop1998.ddns.net # Reference: https://www.virustotal.com/gui/file/fdc7c7b4a95ee6a1df9b61e24097e0e0d9b5fb967e0430ddfc092aeeaadc1f3c/detection 193.161.193.99:29353 vuadaubepz15-29353.portmap.host # Reference: 118.217.154.223:6606 118.217.154.223:7707 118.217.154.223:8808 mact194.kro.kr # Reference: https://twitter.com/ScumBots/status/1284798238680387585 161.35.56.21:7001 # Reference: https://twitter.com/ScumBots/status/1284892597912313857 206.189.76.209:5252 # Reference: https://twitter.com/ScumBots/status/1284896544760762368 24.254.43.171:6606 24.254.43.171:7707 24.254.43.171:8808 # Reference: https://twitter.com/ScumBots/status/1285047538941394944 14.5.119.153:6606 14.5.119.153:7707 14.5.119.153:8808 # Reference: https://www.virustotal.com/gui/file/955bd3f4c3f39ae1e20ef7bb1b83adf6dd4ac55110cffc79a5843e7c06641a6b/detection 156.206.124.24:1025 erksene.dynu.net # Reference: https://www.virustotal.com/gui/file/b724abcdfe906318472e2c9dcc1e8bd211b10e881c689a600782d0462916701d/detection 216.170.126.139:4660 # Reference: https://www.virustotal.com/gui/file/2622f9874b537293700a77646a386b3c708e257f00e218cd72baf10aed32456a/detection 193.161.193.99:5556 anonissou.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0634bf7e0d376d34450c4752cdd0945aba11ba2b316e64d3bc9d57c6980f189/detection 220.122.40.142:8080 criticalvip.kro.kr # Reference: https://www.virustotal.com/gui/file/bfdfe76cd0b61105c6bbea1952de0380012c3decbfc51ad263e00564cdea1983/detection 182.221.160.164:8080 zcx.kro.kr # Reference: https://www.virustotal.com/gui/file/e14d03068fdc83cd2a6b16bf40553f78d39e0a6478af3f329e69f6cca0df919b/detection 185.222.57.150:3450 # Reference: https://www.virustotal.com/gui/file/b724d53c26514502a8dc138a9a9b5c48b2f699e43a29060ff68bdfd857ce3caf/detection 121.137.39.53:8080 # Reference: https://www.virustotal.com/gui/file/99e489abde6b13f45c6cfababe1b9e46cf8692b12134b015096a323402c71259/detection 121.137.39.53:6606 121.137.39.53:7707 121.137.39.53:8808 # Reference: https://www.virustotal.com/gui/file/7b5dd184f138daf820509d1240dc7b00938d555ba1e9eebe5000d0e8ff2d3889/detection 121.137.39.53:5050 # Reference: https://www.virustotal.com/gui/file/2e04efdd2de2a1be9a27be389987fed425a3ee6826f69180db9093c5383e4833/detection 209.200.39.2:4040 209.200.39.2:7070 209.200.39.2:8080 # Reference: https://www.virustotal.com/gui/file/34b6843018283be543557947fea752642b68d5e72c412a0ab3bdd28ea1c498f9/detection 193.161.193.99:45680 youcefmadskull-45680.portmap.host # Reference: https://www.virustotal.com/gui/file/3377c9208f9f7427e2d5134f7009a5427637432c49797fbd7d83925a5ea954cd/detection 193.161.193.99:1236 193.161.193.99:61574 hackthisishack-61574.portmap.host # Reference: https://www.virustotal.com/gui/file/0427b7e094b0ced7de6ecc37aa5d5ff6de9b13785b068e8480bf62ed2fdac0e3/detection 95.120.211.220:4665 holocmsv2.zapto.org # Reference: https://www.virustotal.com/gui/file/4abdc1b37c11f32707551f7a3479462a68c043e08a84f93b36ad308bfc8e4624/detection 54.95.64.241:1521 # Reference: https://app.any.run/tasks/5092ca08-de2c-4fea-a24c-98a224b251e7/ 185.140.53.11:9845 # Reference: https://app.any.run/tasks/7e29c9db-d891-425e-a793-badabc8fe75c/ 79.134.225.83:4783 superkicka.org # Reference: https://www.virustotal.com/gui/file/2faf5255c368288325aac011cd2066c6942ea0b755718490363fdb6606dec40f/detection 188.151.38.115:1717 schost.duckdns.org # Reference: https://app.any.run/tasks/01eae1cf-71f1-4732-86d6-321117b8382c/ 64.20.43.83:3123 advisorgoetia-dns.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1288860715143573505 # Reference: https://bazaar.abuse.ch/sample/54d46ffbefae7f6025765c0c274f7f87714e5467da8926967efb01025693bb8e/ 177.255.91.168:49737 177.255.91.168:8057 gfsgvbxcv.duckdns.org # Reference: https://www.virustotal.com/gui/file/30232515c14a00a60978fc801bff8ec6db9c540f88cf6ec8851512e892917719/detection 84.210.40.80:5555 # Reference: https://www.virustotal.com/gui/file/cda5b8bf4e397c606b20ebf098253dc1456f28cc3aeec5ec7a1332afb33bc5b4/detection 185.122.168.250:6606 185.122.168.250:7707 185.122.168.250:8808 # Reference: https://www.virustotal.com/gui/file/97bf01ea73fc39e6dc829aa7a0c45762526c86b7d348ec19f6e3b2897775a6e9/detection holocms.duckdns.org # Reference: https://www.virustotal.com/gui/file/5d6500005736439ccf00e8136c00a351bd7c69fb33fb9485a1be9908187a66da/detection holocmsv2.zapto.org # Reference: https://www.virustotal.com/gui/file/c1877080b35ea82105c4a242cc49c832cc2f7207e672712cc8d364d2b005cf81/detection 193.161.193.99:34540 # Reference: https://www.virustotal.com/gui/file/b174722176293ad63a56287567655d408293addcbd6e248fbd058816667d3cde/detection 176.168.187.199:6606 176.168.187.199:7707 176.168.187.199:8808 lolo0909.ddns.net # Reference: https://www.virustotal.com/gui/file/d7ec327d2a382d2035818a0376fd27bf68dab2d89a7f4e04b04babaef977b16a/detection 120.78.86.213:5917 120.78.86.213:5925 120.78.86.213:5936 120.78.86.213:5944 120.78.86.213:5951 # Reference: https://www.virustotal.com/gui/file/8ca05cad682799f231e0a0fb670a2a04fb6f361f801c884f62a607b26ccc25f4/detection 192.227.158.120:4770 # Reference: https://www.virustotal.com/gui/file/2485169398a574f4b8c68b612c29715f43ecd5a00d61a42def399034ed389517/detection 193.161.193.99:39075 zufair.duckdns.org # Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection 185.244.30.27:3381 # Reference: https://www.virustotal.com/gui/file/d7ec3ec2ac8cb6d1f2898f2d7eb02850e34fc088f71e3ef82e966d10dbfc203b/detection pensive-pond-55232.pktriot.net # Reference: https://www.virustotal.com/gui/file/bb1223e5556adf3f9cb6976fefe3c51af74baacb5c159fe34a03e49ffd43aa39/detection 161.97.82.232:4141 # Reference: https://twitter.com/ScumBots/status/1291947998524706816 # Reference: https://www.virustotal.com/gui/file/3a81c9e1bfe70ae9506eef64194e9b6b8a49a7c2f64fa427ed31d0a9444a785e/detection 121.214.208.2:1111 121.214.208.2:2222 121.214.208.2:30 121.214.208.2:6606 121.214.208.2:7707 121.214.208.2:8808 sirenhead.ddns.net # Reference: https://www.virustotal.com/gui/file/4df01904a9abf7085fc4aafc372c7614cb7077c7350446188ceafc98001fb5b1/detection # Reference: https://www.virustotal.com/gui/file/90e9abb1b28a06edc6ae7a174b6468cfdfc91dcc29cd27be8fcd10d3c746f26e/detection # Reference: https://www.virustotal.com/gui/file/a71149ae63fc78968c81e659eb4dba652ffd3ea8d2a1c58bb631b7fbbaae8e43/detection # Reference: https://www.virustotal.com/gui/file/4e022a47ae07545c1a28418a9beb0f6d360144ec8087bc0bd2ac0f086bea9ddd/detection # Reference: https://www.virustotal.com/gui/file/71922e073726160d1bec9230d8b87eace72792499ddf4c731047a446b6876ee6/detection 185.140.53.54:4923 185.165.153.186:4923 77.74.194.214:4923 79.134.225.96:4923 79.134.225.103:4923 91.193.75.69:4923 bambooo.dynu.net # Reference: https://www.virustotal.com/gui/file/f4cecaa360ee6ab479cbf9b99c15b45ba7e9f548b7e368063a0c9f686fbc2630/detection 212.251.116.161:1604 212.251.116.161:6606 212.251.116.161:7707 212.251.116.161:8808 62.1.59.224:1604 62.1.59.224:6606 62.1.59.224:7707 62.1.59.224:8808 # Reference: https://www.virustotal.com/gui/file/889e35bc6ff36524dd0df82fbcf8a8015fd3c95d94b00c0875e9bb239eb12e28/detection 91.193.75.146:4780 # Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection 185.244.30.27:3381 # Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection 193.161.193.99:54030 Zmining-54030.portmap.host # Reference: https://www.virustotal.com/gui/file/43f97c03faf5199c8ebc7c49c076e45ed95fdf3edc26b4859fdbd705be21dd1e/detection 172.94.42.34:1043 dnsnuev009.duckdns.org # Reference: https://www.virustotal.com/gui/file/8f40ea9560e30c37b6ab4a3d6501b7cbf3898c20d1ecc31e2b7fe360449c0b33/detection 8.210.158.0:6606 8.210.158.0:7707 8.210.158.0:8808 # Reference: https://www.virustotal.com/gui/file/1dfb088dd661a1ab2025603696ced23a04e00c837590ad881a49a24768e09de4/detection 172.94.28.17:2021 tusnalguitas.duckdns.org # Reference: https://www.virustotal.com/gui/file/28dc802c58e106829fa716e2b4b0a1834967709075076bdbf0aec64f5e124f62/detection 172.94.42.34:5623 nikiko.duckdns.org # Reference: https://www.virustotal.com/gui/file/3183e83479da8d8ef421e91538fb85085229673f4bd2f13d3de7c8be2fc96c1e/detection 5.152.206.196:6600 # Reference: https://www.virustotal.com/gui/file/ad8b72167b5dd6b0bcba0a0685ec2addf744bc6da79c70476dd7d138cec764a4/detection 34.73.5.116:4444 # Reference: https://www.virustotal.com/gui/file/565054fa53c89061f7a81e18737a2140457316a526b616349e1ae614db363814/detection 109.247.81.119:20000 # Reference: https://www.virustotal.com/gui/file/d78ddc2b6e359f4d23f06437a5ff498c5afde61d925889129a8da056817bef70/detection 177.98.227.24:6606 177.98.227.24:7707 177.98.227.24:8808 # Reference: https://www.virustotal.com/gui/file/8e3c7cd8bb4826e4919aa56481167a1fcf9cb2d0e2c4a9c74ec155523f5d180c/detection # Reference: https://www.virustotal.com/gui/file/9660ae0cf1fe3b7745287ab05d242247334cbf51ba64b900998fb5073bedf890/detection # Reference: https://www.virustotal.com/gui/file/75feac230513a5d543e2f9559068259554200ed7440c44749e7678feb19b470c/detection # Reference: https://www.virustotal.com/gui/file/6c24f8caa4f1f21a9dd8b714066bdfa5e2d8c84ab068d50672ef12b048c4518c/detection # Reference: https://www.virustotal.com/gui/file/02b62fd53cf9ed3c98a70aa7c4ead2b9c8851079517747d8e106873654098651/detection # Reference: https://www.virustotal.com/gui/file/cf234f8fcdab2a576d303c8b0821b7754ec13e1319be9d24d335b351f774b1f3/detection 179.178.236.31:2080 179.183.119.159:2080 179.183.119.159:6606 179.183.119.159:7707 179.183.119.159:8808 187.114.175.149:2080 187.114.178.10:2080 187.114.178.10:6606 187.114.178.10:7707 187.114.178.10:8808 191.250.65.147:2080 191.250.65.147:6606 191.250.65.147:7707 191.250.65.147:8808 191.33.110.91:6606 191.33.110.91:7707 191.33.110.91:8808 # Reference: https://www.virustotal.com/gui/file/2154f0eae29106cd24148ff7a4486eb7467c0d590f7979c6ffb517f4d99d4c37/detection 211.108.200.7:4872 211.108.200.7:4873 0743.hopto.org # Reference: https://www.virustotal.com/gui/file/557ea13e8175753fff89bdfb1ede7e27779f6a55b5ba69ff2ecd7d6e9255ab8a/detection 177.255.91.168:8057 fsdgfd.duckdns.org # Reference: https://www.virustotal.com/gui/file/bdd504540ae6cbfcef701abb424def21007a55d3df5ce5bd03034c4cc66464d6/detection 78.63.71.91:6606 78.63.71.91:7707 78.63.71.91:8808 youtude.ddns.net # Reference: https://www.virustotal.com/gui/file/c8c3c2b6c66710984751b0ec262a618829be47e3c926c3c0c706365d5d0aacd5/detection 103.207.39.83:1024 # Reference: https://www.virustotal.com/gui/file/a93b12c36e78db3c5e27c9a35a23d7f87a3d788adf60f811485890a33c726c7c/detection 90.46.146.196:5552 shadowstest.ddns.net # Reference: https://www.virustotal.com/gui/file/d0ba64c92f0512db66ff99cc87ffced9bebeb3bf15470865c81858f02e3302a6/detection 193.161.193.99:24255 193.161.193.99:42219 iskyze-24255.portmap.host # Reference: https://www.virustotal.com/gui/file/74d10507f05b48357e55b0349a24144874a509980c1e0aabf43f781fdac10fff/detection asdxcvxdfgdnbvrwe.ru marcristosc.ac.ug 194.5.98.95:6970 # Reference: https://www.virustotal.com/gui/file/d288f6645d0f90ddff285c41b2512a1496a8b5b7c34df8bcecda8070314939b6/detection 51.178.240.250:6606 51.178.240.250:7707 51.178.240.250:8808 # Reference: https://www.virustotal.com/gui/file/459fe6ce78839307fd87c192fca2545ed25e89fe63f602356022fd32c8db8aba/detection 179.124.220.225:6606 179.124.220.225:7707 179.124.220.225:8808 # Reference: https://www.virustotal.com/gui/file/65232e1c7aedfd29788abfdf468587c2858822e65cb2fb15169b4261e4be1ed1/detection 123.110.29.249:1604 andy1688.ddns.net # Reference: https://www.virustotal.com/gui/file/305aacda61fb9f14aa1bb5124841ac25b7f23ff254a886a56a3d40bdf5a1a5e4/detection 107.172.221.181:333 107.172.221.181:6606 107.172.221.181:7707 107.172.221.181:8808 # Reference: https://www.virustotal.com/gui/file/310a6b915908dbc78e3d9dd56d06bf0fb3fd11e1c4db826a18611f5e80f9bed3/detection 82.205.33.194:6606 82.205.33.194:7707 82.205.33.194:8808 # Reference: https://www.virustotal.com/gui/file/304663149c45d54a23e0cf65b9775538009a76db474912fff395bedd3e789a01/detection 193.161.193.99:48637 boneless-48637.portmap.host # Reference: https://www.virustotal.com/gui/file/90aaeb0077277b5e45a7cdcbe365ead4781b5a0a5fd755f99ed8a2ec79e5e58c/detection 193.161.193.99:58562 newcosmo-58562.portmap.host # Reference: https://www.virustotal.com/gui/file/de3db6f0d0d8dd22a21731e739dbbacf86b2bc8bc21ea2a0ade9a16581a1ac14/detection 193.161.193.99:31239 ioplololo-31239.portmap.host # Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection 193.161.193.99:54030 zmining-54030.portmap.host # Reference: https://www.virustotal.com/gui/file/9a95c0829cd7766087de65e50b32a3689a91e3ad05a7cc94365ef94d4f685cde/detection 193.161.193.99:37930 pritom-37930.portmap.host # Reference: https://www.virustotal.com/gui/file/441a169e51070282b35537e90edab11e0064e3a0e6c4eab8759773d79cf00ae1/detection 193.161.193.99:2510 193.161.193.99:25360 vasco-25360.portmap.host # Reference: https://www.virustotal.com/gui/file/5c05897f869e9c72390065f8bbeaab7b7fb3f9089f56a68eb7b358a5d12cf968/detection 193.161.193.99:25987 prem131bn-25987.portmap.host # Reference: https://www.virustotal.com/gui/file/4415b9d3c5fc2ceaa6f935864c1d9a573447802f30ec30efd212a8be4fd2a82d/detection 193.161.193.99:54729 ismailbourji-54729.portmap.host # Reference: https://www.virustotal.com/gui/file/b5a85b868ec6932c4577c11ce91e0bfce9ea5ae81b788133fefc640015c3b0bc/detection 193.161.193.99:20760 f2had-20760.portmap.host # Reference: https://www.virustotal.com/gui/file/c381f88012efb8742927995e6f91525c4a1f9b4f3b3a4f25d431e8269842836b/detection 193.161.193.99:25125 hmz04-25125.portmap.host # Reference: https://www.virustotal.com/gui/file/ab10554a3e0ce5270d2c02e884a097e271dae6cbe2e51a70703da7d4e89919bb/detection 193.161.193.99:36161 prodharani-36161.portmap.host # Reference: https://www.virustotal.com/gui/file/af37a83779f91b64f3b03bf0daa2d79bd531a3968141e0dcc2bcee677f4b701e/detection 193.161.193.99:58345 keyman-58345.portmap.host # Reference: https://www.virustotal.com/gui/file/1ee13968473a9b9733efdca8caf07f22d39730a2b2ebf9c2c8d467e6f385d826/detection 193.161.193.99:37695 anonjayy-37695.portmap.host # Reference: https://www.virustotal.com/gui/file/8b4592b2bb2a904be55ab95ff2cb69808b15d819498cccb6ec05b2f5b7b3d63f/detection 193.161.193.99:37692 madman-37692.portmap.host # Reference: https://www.virustotal.com/gui/file/e9db2ade37b84b00334f829395b6af092dda2ae1f559cfbdb772ec15c7a54d94/detection 42.119.90.242:3189 kubeodz92.ddns.net # Reference: https://www.virustotal.com/gui/file/a5d78beef4d80eb7def57f7fd7647d09ec76a16eeedb2a5a3fc6f445526c8f4a/detection 193.161.193.99:20050 pawianek2-20050.portmap.host # Reference: https://www.virustotal.com/gui/file/e28f8760f889ff458aec8aedd2139e44735cb9468d34d175aec42643b90291b5/detection 46.60.22.192:6606 46.60.22.192:7707 46.60.22.192:8808 82.205.33.194:6606 82.205.33.194:7707 82.205.33.194:8808 googledrive.myftp.org # Reference: https://www.virustotal.com/gui/file/08b15d045255c81dcb3e29b70ffcd1a8d614bf99549f079085bfbc54a994d109/detection 42.119.90.242:3189 kubeodz2019.ddns.net # Reference: https://www.virustotal.com/gui/file/5f8ff6fd7b8bbcb8efd6e69b2300be59a059061ed3bd2a2fd63ab6e98cd7cd2c/detection 192.169.69.25:1044 192.169.69.25:20485 193.161.193.99:20485 franktembo-20485.portmap.io samarakandi.duckdns.org # Reference: https://www.virustotal.com/gui/file/f198e0cfa503100d64d15ed39b2516587582587f42afea74ace075b28f663fb4/detection 193.56.29.251:6606 193.56.29.251:7707 193.56.29.251:8808 bogdanxx90900.servemp3.com # Reference: https://www.virustotal.com/gui/file/33d1d991a9bda6bdec91b6be82e7ddc684a8f7400ac8402917ffefa0a5dfd631/detection 121.214.208.2:3000 # Reference: https://www.virustotal.com/gui/file/fc9ee822f9872fd4ca4531d5a91e29adfdc3a4a9e2e8f6e668305fe3bfa9fada/detection 193.161.193.99:41892 oksosokak-41892.portmap.io # Reference: https://www.virustotal.com/gui/file/e021d822f3a44473cd7d12518402469b38d200a27065c7aa757d13a15ae607ee/detection 197.206.218.240:5555 clayroot2016.linkpc.net # Reference: https://www.virustotal.com/gui/file/54d53186682c7277d99c86cea69d45960d2867041477a0d9edae6f08c8e8b52d/detection 186.52.202.235:3040 cortanahost.ddns.net # Reference: https://www.virustotal.com/gui/file/910c9c2a61c8748fe9bd3417eeb284535db3bbc30c6405f102002ecef3d6304b/detection 81.61.77.92:6606 81.61.77.92:7707 81.61.77.92:8808 campestre.hopto.org # Reference: https://www.virustotal.com/gui/file/4f41374a921e33b06bb11f64e72bc02c2f928704ebea63682ec66b85b1349f44/detection 175.37.36.152:6606 175.37.36.152:7707 175.37.36.152:8808 kakejake.ddns.net # Reference: https://www.virustotal.com/gui/file/15753a223aa59f5e2265569080d31e8351d546e6b7316c6660757a39bda94887/detection 121.137.39.232:5050 # Reference: https://www.virustotal.com/gui/file/fa2cbc10aa98e5cfe362065b2c19556c67dc8b7d48871008404f4778e8537f3a/detection 34.66.124.165:5555 # Reference: https://www.virustotal.com/gui/file/851d536bdf21ad02eab1ed632b7ef36fc5734e628c421c9f7c8dcb05d30f4d32/detection 198.251.64.252:6606 198.251.64.252:7707 198.251.64.252:8808 # Reference: https://www.virustotal.com/gui/file/b69e8a276d2c444b502238383ae3611714822c8605f074ef5a0a9a99c69b49a8/detection 79.173.65.159:19638 79.173.65.159:6606 79.173.65.159:7707 79.173.65.159:8808 rootaccountadmin.ddns.net # Reference: https://www.virustotal.com/gui/file/1c02bb46103de9bf189deaf1b8915afa62186f1b0e1b90742b70b58e44962bf9/detection 178.33.93.88:19678 # Reference: https://www.virustotal.com/gui/file/20ef74b6ca8718706ca786c9cd8c9de916df7daf77c81f436ab23b6c50db0487/detection 49.175.99.35:1234 leepipi.kro.kr # Reference: https://www.virustotal.com/gui/file/c811c161d9d0be1c09173a50af290a718729fd9509b63ff953ad4b07e2501657/detection # Reference: https://www.virustotal.com/gui/file/f48d69fb64fe7ae544769ce22a0500e07ac2f945b12bc717b78ca77a7b5a6924/detection 91.168.196.175:6606 91.168.196.175:7707 91.168.196.175:8808 likatn.zapto.org # Reference: https://www.virustotal.com/gui/file/ca17a69a46caf3e05a1cd8bf2f1d6679b55aa6ecf46ee63bf323ee892f88f80e/detection 105.107.4.125:6606 105.107.4.125:7707 105.107.4.125:8808 # Reference: https://www.virustotal.com/gui/file/c7cb970a67b5c370741e139dda48d47433477ab400e51a62a99b7a379a6c0dbc/detection 138.197.189.80:6606 138.197.189.80:7707 138.197.189.80:8808 blackid-35823.portmap.host # Reference: https://app.any.run/tasks/b31c0049-b5de-40a8-9069-8c14e27b738f/ 193.161.193.99:32260 Kupcia-53901.portmap.io # Reference: https://www.virustotal.com/gui/file/81e96984130042d0ee70ae09a7bc9375974d513938e80877720d251330e4b37e/detection 39.122.189.147:1 fsft.p-e.kr # Reference: https://www.virustotal.com/gui/file/1f48d54ad69726c01a7ae1e7ceff7ae6093005be1e100a75968476d72d75cf06/detection 101.179.85.220:1111 101.179.85.220:6606 101.179.85.220:7707 101.179.85.220:8808 # Reference: https://www.virustotal.com/gui/file/dcaf6810871062a1a5a292c8e46667a8b7de908d292513ef1c443929ce8897c5/detection 18.157.68.73:15558 18.157.68.73:16155 18.157.68.73:4444 18.192.93.86:15558 18.192.93.86:16155 18.192.93.86:4444 # Reference: https://www.virustotal.com/gui/file/bbae735df39c1301901ca97c6993f2b6fd7233a0360761eab8b65f2556df4517/detection 145.239.201.157:8443 # Reference: https://www.virustotal.com/gui/file/ee5dbfca30be494b6ad8ac1c18255b6054339de4aba768180a1f32e9921a30ce/detection 193.239.147.16:6606 193.239.147.16:7707 193.239.147.16:8808 # Reference: https://www.virustotal.com/gui/file/ff081035cd38c28b8093f8f0887450407e27a89ee1ff254dd627849bd6334fb5/detection 193.161.193.99:53485 hack567832-53485.portmap.io # Reference: https://www.virustotal.com/gui/file/126a37d9189d9ef7872b74fb13f562bc8601622b6455e01fefd646b463966fa6/detection 193.161.193.99:39400 kepada9494-39400.portmap.io # Reference: https://www.virustotal.com/gui/file/32e6114d2ce3e3c8f778769261cb06eb874b5f38271436d88053c41930f1ce47/detection 202.182.121.93:5050 kny777.kro.kr # Reference: https://www.virustotal.com/gui/file/49510b87db400c9570b85eba6271642d0a157d0c8cd5457171a6564aa73e7795/detection avantgrajgrup.com.tr /ilksan_sorgu.php?tck= # Reference: https://www.virustotal.com/gui/file/7c3eeba909d90095b3ac593ccc111251212ebe3304d5f9725325d81b2e6acd14/detection 13.82.134.169:48166 13.82.134.169:5555 13.82.134.169:6606 13.82.134.169:7707 13.82.134.169:8808 ROCK19870-48166.portmap.io # Reference: https://www.virustotal.com/gui/file/292a0b69dfc9ff8aa030fdbe13e0bc047606177ea3250c597e06dfeec1c92304/detection 194.5.98.100:1337 blackhair.ddnsfree.com # Reference: https://twitter.com/ScumBots/status/1315367256235311105 # Reference: https://www.virustotal.com/gui/file/b07c2fbb1e0470cdbffd9c1147de5cf1763edcc4c5a918ddc63ad49d1ecbc563/detection 45.95.168.116:1333 45.95.168.116:1334 45.95.168.116:1335 45.95.168.116:1337 45.95.168.116:1338 45.95.168.116:1339 # Reference: https://www.virustotal.com/gui/file/a3074419485db4ee08451afe2693184a89c031b3237e0a51b7627eb33eddc342/detection 222.114.199.209:5050 pyeonno.kro.kr # Reference: https://app.any.run/tasks/5bc8c7e8-e45e-4fff-9fc6-7a380e82e03f/ 193.161.193.99:54987 papachullan-54987.portmap.host # Reference: https://www.virustotal.com/gui/file/7e3e36dfb02909a470035b63d7db577f62431689e631fc7e1f21198745ce339d/detection 185.165.153.140:6606 185.165.153.140:7707 185.165.153.140:8808 # Reference: https://www.virustotal.com/gui/file/39eb27e6d13e6a373bb1da0becb487e808ff2d3849d481eb0bd4aa3b6d398cc1/detection 79.145.12.52:1335 79.145.12.52:6606 79.145.12.52:7707 79.145.12.52:8808 # Reference: https://www.virustotal.com/gui/file/913033893ab065b61e551399c91cdd877c134dc7dadacacbc87c3dfd798653a1/detection 91.109.176.2:6606 91.109.176.2:7707 91.109.176.2:8808 mika201.duckdns.org