# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: crysan # Reference: https://twitter.com/suyog41/status/1130804704152305664 mikus192091.ddns.net # Reference: https://twitter.com/luc4m/status/1106618159522635776 queda212.duckdns.org # Reference: https://twitter.com/CERT_Polska/status/1072793091856392192 # Reference: https://www.cert.pl/news/single/trojan-oraz-ransomware-w-kampanii-podszywajacej-sie-pod-inpost/ 213.152.161.99:47390 213.152.161.100:47390 213.152.161.101:47390 213.152.161.102:47390 213.152.161.103:47390 213.152.161.232:47390 213.152.161.233:47390 213.152.161.234:47390 213.152.161.235:47390 213.152.161.99:47392 213.152.161.100:47392 213.152.161.101:47392 213.152.161.102:47392 213.152.161.103:47392 213.152.161.232:47392 213.152.161.233:47392 213.152.161.234:47392 213.152.161.235:47392 # Reference: https://twitter.com/Threat_hunts/status/1135810121227882499 # Reference: https://app.any.run/tasks/5ad34df1-b5a8-415f-9496-334d9bfdd7b1/ 95.167.151.253:7707 # Reference: https://twitter.com/James_inthe_box/status/1141072205771448320 kizzoyi.duckdns.org # Reference: https://twitter.com/powershellcode/status/1148234398703030273 internetexploter.duckdns.org systenfailued.ddns.com.br # Reference: https://twitter.com/DynamicAnalysis/status/1165901579536539649 79.134.225.90:4782 # Reference: https://twitter.com/James_inthe_box/status/1167217092245872640 # Reference: https://app.any.run/tasks/8eb2d184-08ec-40ab-8742-32f6988c5638/ 23.105.131.169:6606 193.56.28.173:7707 193.56.28.173:8808 rownip.3utilities.com rownip.mooo.com rownip.theworkpc.com rownip.dyndnss.net rowanyne.ooo # Reference: https://twitter.com/JAMESWT_MHT/status/1169142417754337281 # Reference: https://app.any.run/tasks/308651b4-37c0-4c66-87ba-5bf05d1ff411/ 79.134.225.115:4404 eg-east.com # Reference: https://twitter.com/dcTavvy/status/1188352813937463298 # Reference: https://app.any.run/tasks/6aedb064-1078-4304-b1e8-a8205a5ba698/ 193.161.193.99:43158 Lolikot-43158.portmap.host # Reference: https://twitter.com/JayTHL/status/1197240502699073537 5.62.41.111:5320 91.193.75.151:5320 netty.myftp.biz ify.insidedns.com # Reference: https://www.virustotal.com/gui/file/598ba7562062467fbf05d47bfadf27578a8ed4d5d5abdf17a5a4820ad71651bf/detection 3.19.3.150:6606 # Reference: https://twitter.com/w3ndige/status/1214596648644620288 # Reference: https://app.any.run/tasks/509acd2f-9474-44d4-aac2-d186a4716bef/ g.top4top.io # Reference: https://twitter.com/killamjr/status/1217630017116499968 # Reference: https://app.any.run/tasks/2517942c-3364-4d56-93ab-cfa47fd14299/ 101.86.170.36:1199 45.11.19.240:7707 xred.mooo.com # Reference: https://www.virustotal.com/gui/file/cc7a634047451f72a51766d1b6e33ce8a154579d80f6abcf9a109ff64c22f3a6/detection 177.98.43.164:7707 skypeprocesshost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/0c8a1d1eb4a0ee3ca2cf22cb4ede61f85e5170885549769984110edb6b64a236/detection 179.95.221.147:6606 179.95.221.147:7707 179.95.221.147:8808 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/b1a7fda679c569e51e4b1239d044bb6e6e1f3557ccd2060c32a11b0978919b2d/detection 177.206.102.68:7707 177.206.102.68:9830 # Reference: https://www.virustotal.com/gui/file/366c8707d33501338e524e4c70f8b10ac993341134aa28b32a550f06911ba646/detection 191.32.227.90:7707 # Reference: https://www.virustotal.com/gui/file/d60372f5bbed48ea826b894402e4412a478979b590bed2b9b0d1d84017549bd0/detection 177.133.237.246:9830 179.180.17.194:7707 # Reference: https://www.virustotal.com/gui/file/9fbc310b2579816b488dbc44485acd418b20a72ef8dceb558f645a735fe10f05/detection 177.98.43.164:6606 # Reference: https://www.virustotal.com/gui/file/4913ae8055d7c6f225c0bd63ffceb28138483b39d9887de8ebcc8773e9d0d46f/detection 177.98.43.164:9830 workwinrarhost.ddns.com.br # Reference: https://www.virustotal.com/gui/file/9a3e8a5bd3bfae58180089d27f1e23ba5f8118272b903a4ce99047969874a989/detection 177.133.246.134:9830 # Reference: https://www.virustotal.com/gui/file/ef332bc4cca2207ceb999f77d3e8a02b9d3b2c475d39310d2f1b09ae8f335de9/detection 177.133.246.134:7707 # Reference: https://www.virustotal.com/gui/file/6ede0a69b6d4d7b9cddc97ed35f58a284427fa92923d7a3e9e1442a5a0ad1b46/detection 177.98.127.109:7707 177.98.127.109:8808 # Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection 177.133.235.48:6606 177.133.235.48:8808 177.133.235.48:9830 # Reference: https://www.virustotal.com/gui/file/d0ca0770e89e27b72703029c7900853a655be67c65fb1bcbd0c652eceb3b384f/detection 177.75.41.182:6606 # Reference: https://app.any.run/tasks/5e7bb6ce-39e9-4243-8802-968c8fb28753/ cloudclout.duckdns.org 79.134.225.38:7707 # Reference: https://app.any.run/tasks/823454cc-ac69-47d8-821a-262f4226ca10/ sbmsbm20.duckdns.org 64.225.20.238:2030 # Reference: https://www.virustotal.com/gui/file/712bc10802ec06baeb0774fa92d2816c477d6a5dceb0ac9960120344fcf7e1f7/detection 141.255.159.75:6606 141.255.159.75:7707 141.255.159.75:8808 # Reference: https://www.virustotal.com/gui/file/55618c029549b2e2f8919902d09c19658e98390cc3e3faeb05743f091e22818d/detection 79.135.146.203:6606 79.135.146.203:7707 79.135.146.203:8808 # Reference: https://app.any.run/tasks/5bbbc0e9-1c84-413d-be8e-371aa483f11b/ 141.255.146.30:6606 141.255.146.30:7707 141.255.146.30:8808 # Reference: https://app.any.run/tasks/f44c32ed-727b-437b-9249-743b5ae74ed4/ 185.140.53.12:21000 # Reference: https://twitter.com/wwp96/status/1236015091029590017 # Reference: https://app.any.run/tasks/7a110950-e58a-4f0a-80ab-fc17c39d38cd/ 185.140.53.154:6606 185.140.53.154:7707 185.140.53.154:8808 # Reference: https://twitter.com/JayTHL/status/1240390421467074561 216.38.8.179:5505 216.38.8.179:6606 216.38.8.179:7707 216.38.8.179:8808 peacelist.ignorelist.com # Reference: https://app.any.run/tasks/96716bfb-5070-40e4-bda5-d6573d7e1e55/ # Reference: https://app.any.run/tasks/d292b50e-71d7-46c2-9c75-3c053b7c36cd/ 46.183.223.29:6606 46.183.223.29:7707 46.183.223.29:8808 # Reference: https://twitter.com/James_inthe_box/status/1243161779212935168 # Reference: https://app.any.run/tasks/393f52ea-8176-4081-9f69-2e4706e7f27a/ 51.75.154.242:1515 # Reference: https://www.virustotal.com/gui/file/77e5748478eb6c6064e118bd35ef28f90bfd0eb908eee0291b994c9a6d5b11f5/detection # Reference: https://www.virustotal.com/gui/file/b892431179d2ed7f4b5c68eff968491b7716a067b6ab16caa5e204c9766d5bcf/detection 41.104.11.200:7707 41.104.122.164:7707 41.104.221.163:7707 41.105.197.112:7707 41.109.189.104:7707 41.109.193.177:7707 41.109.228.158:7707 41.109.242.126:7707 91.109.176.6:7707 91.109.178.2:7707 91.109.178.6:7707 91.109.182.2:7707 91.109.182.3:7707 91.109.182.5:7707 91.109.186.5:7707 91.109.188.10:7707 91.109.190.2:7707 91.109.190.7:7707 # Reference: https://twitter.com/James_inthe_box/status/1248964446505947136 # Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/ 77.247.127.128:8855 88futur.xyz # Reference: https://twitter.com/James_inthe_box/status/1250441655452237825 # Reference: https://app.any.run/tasks/a8c80640-e0bc-499c-bd8b-de1c9166d4dc/ 45.32.167.239:6606 45.32.167.239:7707 45.32.167.239:8808 hdkshnfk.ddns.net # Reference: https://www.virustotal.com/gui/file/51482d0164957eec01b4916354b5a992e6705655bcb44ca4b0b2a520e3b64e6c/detection 192.169.69.25:6606 192.169.69.25:7707 192.169.69.25:8808 soucdtevoceumcuzao.duckdns.org # Reference: https://www.virustotal.com/gui/file/626879e64f571e21902bdc2f249ce247e03420e8656990d54f3ab4ceb99b4fb4/detection 105.111.80.222:4000 azure34.mywire.org # Reference: https://twitter.com/ScumBots/status/1250963567366545408 # Reference: https://www.virustotal.com/gui/file/b465ae7940f04cb8b6f6baf9a288eecb5e405290bf48b18fe70ba41e9cc97389/detection 192.169.69.25:4000 amazon34.duckdns.org # Reference: https://www.virustotal.com/gui/file/5abfea336ec1f8f078499dd4713d65b5e75c59243b6137af1f5297706413dc63/detection 105.103.214.89:4000 amazon3407.mooo.com # Reference: https://www.virustotal.com/gui/file/6f5567af58976eb61af59c7edf1e5cdad7e3cd2fc60c16b123dfa53cd44e8f6d/detection 85.229.141.17:1337 92.34.156.156:1337 bob1337.chickenkiller.com getconnected.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/762a570980637077dbf431c691c38de20e50474d0c67003b4483c6f20a16e533/detection 129.56.25.121:6743 asyncrat6743.ddns.net # Reference: https://www.virustotal.com/gui/file/5e6bd1b03148962cff91b0f6a1d4e915bafd1049931d5d4ff2bda151bd761e28/detection unknownamehost.ddns.net # Reference: https://www.virustotal.com/gui/file/f17981f481d0e31ac51cbf66b5c94d3f73d5a2647a158370ab9e6b3357a00f9f/detection unknowhostname.ddns.net # Reference: https://twitter.com/ScumBots/status/1250960155900104705 # Reference: https://www.virustotal.com/gui/file/5a4958af2c13c0a9a6eff86bb5f4fd339a85a66249a22278cc5b50cecd89188a/detection 88.208.245.177:1443 # Reference: https://www.virustotal.com/gui/file/8c344acd0dfc01ac093b4a4407cd2f126f74bae0ca5b66f92912d522160ac639/detection 103.82.249.19:8808 # Reference: https://twitter.com/mahnyan1/status/1251321072865042435 babyboyhammer2.duckdns.org # Reference: https://www.virustotal.com/gui/file/e9c607f263a990db1bf0465c8688ed7ce7e5f294845041fb56af313df34f45df/detection 176.31.26.213:6606 176.31.26.213:7707 # Reference: https://www.virustotal.com/gui/file/7bebcd498c41f74199691dd8c0d9144f562b4c71dc9c96607260689397ba2285/detection 178.209.46.144:20108 73ch91ch13f.100chickens.me # Reference: https://www.virustotal.com/gui/file/a0e26b77db21ef8899c3b18fa562a53f51b37a3cb8677034bbd8c2c5b37cf78b/detection 193.161.193.99:61436 karakan123-50010.portmap.io # Reference: https://www.virustotal.com/gui/file/dd8069de43a40341482301c95b3a05d0201a9386a5c586b17451ca37447dd1ac/detection 152.246.228.24:6606 152.246.63.32:6606 # Reference: https://www.virustotal.com/gui/file/1c7dccd9e95acff427990af9670ad69d54fcc056aa0eb7744ec8f22d35088c45/detection 193.161.193.99:56282 # Reference: https://twitter.com/ScumBots/status/1250963480783527938 # Reference: https://www.virustotal.com/gui/file/31345f8b3aefaaa13a783f4febe071bb8da7ae27f5f5c06024f9f29db0116321/detection 192.169.69.30:6606 192.169.69.30:7707 192.169.69.30:8808 # Reference: https://twitter.com/ScumBots/status/1250963998922739712 # Reference: https://www.virustotal.com/gui/file/91ecc56db47e5fe085075ff0d7fa76d2911e787734b95b81a4570a15a45444b9/detection 192.254.74.210:6606 192.254.74.210:7707 192.254.74.210:8808 # Reference: https://twitter.com/ScumBots/status/1250964170302009344 cmradelucifer.ddns.net # Reference: https://www.virustotal.com/gui/file/9ee035f65117dd6ead3f1da5a952df99efbaa39c7345fc11f8ccbbb6ecf86037/detection 168.197.229.117:6606 168.197.229.117:7707 168.197.229.117:8808 79.134.225.20:6606 79.134.225.20:7707 79.134.225.20:8808 # Reference: https://www.virustotal.com/gui/file/4a5cea334cdd0c4042498850f591717d0677fb606331d11210f7b5d2b3a27ff2/detection 213.213.206.18:3306 # Reference: https://www.virustotal.com/gui/file/d09e5b5fabdfa8578b377d46b44fcddc0772a92750e4ead921e2e56e97cdda35/detection 185.165.153.95:8989 # Reference: https://www.virustotal.com/gui/file/a3f870eeaf9cb8e486363b1ff8e1fb79937ed85bab6237ee6123125ad3a43290/detection 186.53.186.235:4132 yugdab.duckdns.org # Reference: https://www.virustotal.com/gui/file/1b5e3eb733257954a9dd28f6a3e081d941deaa73418d4b22beaa3200a8f96285/detection 41.140.208.184:6606 asco.dynu.net # Reference: https://www.virustotal.com/gui/file/0e0bf4239bf7472066cb37ab517d74b1102c69af9e0feca64d567dff879ae1eb/detection 69.171.248.112:5557 8701.viewdns.net # Reference: https://twitter.com/ScumBots/status/1251156576615849985 # Reference: https://www.virustotal.com/gui/file/419fa3facde23e4b18afe0c7f7198844f3ee9e28da6e39f2e2e9e60c41e83570/detection 193.161.193.99:63374 # Reference: https://www.virustotal.com/gui/file/9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422/detection 192.169.69.25:6606 192.169.69.25:7707 192.169.69.25:8808 number2.duckdns.org # Reference: https://www.virustotal.com/gui/file/aff7d626d09099f6aaf329f1b2e0623a378b45fdf4536ad83e63efc87e7e0865/detection 124.50.195.153:5050 kkk1046.kro.kr # Reference: https://twitter.com/ScumBots/status/1251180572711550983 103.18.14.217:1337 dedsee2c.accesscam.org # Reference: https://www.virustotal.com/gui/file/923092b6cec8aaa0cd11fefa625ed17f98702edac91c3a52beaf7e54f6e5f784/detection 13.235.76.244:1337 # Reference: https://www.virustotal.com/gui/file/582fb62f0d92afaee2dc79108622667cc62d298cafbde3d1e2ec1738c977f4a6/detection nohostname.ddns.net # Reference: https://twitter.com/ScumBots/status/1251180991995088900 103.244.74.228:46839 # Reference: https://www.virustotal.com/gui/file/36b272fbada18f510fa34a479fa391131797f13218f6756c52825d9e7711be6e/detection 41.103.199.216:1337 # Reference: https://www.virustotal.com/gui/file/850bcc510ee39c6d6dde91f041bcb276b74a8101c84279a35c0a3570a4e6440d/detection poiuytrewq3341.ddns.net # Reference: https://twitter.com/ScumBots/status/1251181425933647877 dqrkodz34.ddns.net # Reference: https://twitter.com/ScumBots/status/1251181595635126274 jess19991102.ddns.net # Reference: https://www.virustotal.com/gui/file/d4a629944bf1e03d43a04b530f9606d8315b84e847c83042427224011f3067ba/detection 193.161.193.99:36811 hussaryn-36811.portmap.host # Reference: https://www.virustotal.com/gui/file/c338d425a1293b82ac13c856c43d588ce0053b27349620b7353273a42a04d845/detection jess19991102ddns.com jess19991102.ddns.com # Reference: https://www.virustotal.com/gui/file/0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e/detection 204.14.73.154:8080 bomi.duckdns.org # Reference: https://twitter.com/ScumBots/status/1251182632517410817 salsamania.ddns.net # Reference: https://twitter.com/ScumBots/status/1251183213747277826 googledrive.dynu.net googledrive.linkpc.net # Reference: https://www.virustotal.com/gui/file/f71eaaf23ecba6aafc314f3d42badafb4430b1be62a1ba325c592b258b8f1319/detection 213.152.162.84:9040 # Reference: https://www.virustotal.com/gui/file/ee1e5a4ee19c1b613aaa82b48e313c6e3eeb5874d7593809c2207037254a57cc/detection fertun-29801.portmap.host # Reference: https://www.virustotal.com/gui/file/2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f/detection 176.232.239.198:5060 denemeiso1.duckdns.org # Reference: https://www.virustotal.com/gui/file/a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0/detection 13.235.23.234:1337 # Reference: https://www.virustotal.com/gui/file/e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12/detection noregisterdomain.zapto.org # Reference: https://twitter.com/ScumBots/status/1251185289055350784 87.14.96.105:1303 emmek.crabdance.com # Reference: https://www.virustotal.com/gui/file/b76b157a8d6ccfd5cc7ea8eed54af4d0aab9e97f8d641f886617252d9acc48bc/detection 41.100.199.86:5555 clayroot2016.duckdns.org # Reference: https://twitter.com/ScumBots/status/1251185716111069184 am164.kro.kr # Reference: https://www.virustotal.com/gui/file/f25f43f5cea51647e82413accd831b93fe8c2b7f072fc1468cd1d13bf08224ec/detection 136.243.31.186:1608 # Reference: https://www.virustotal.com/gui/file/1298f1fd280d2768e2a5e3f1089ec3ad18e17cade3fbeb78be864d9c3caff337/detection 173.238.140.238:6606 173.238.140.238:7707 173.238.140.238:8808 bshades.ddns.net dark-comet.ddns.net # Reference: https://www.virustotal.com/gui/file/47979eca9030c7f8de4c86c048e17efa02f66c6aed8a52c24dbd4bd7b0692b88/detection 75.80.221.198:1604 # Reference: https://www.virustotal.com/gui/file/5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47/detection sam144169-56334.portmap.io webforma.chickenkiller.com webdata.ddns.net # Reference: https://www.virustotal.com/gui/file/610a58f5e46ffe61093dad4ef8528df34894d29347a1eec0224a87bba7864b8f/detection 46.237.79.53:8080 rat24695.ddns.net # Reference: https://www.virustotal.com/gui/file/5b18ab7442af71b0ba9293b200fa26961e6de7b98d51456644aa58d307dc0e1f/detection 154.16.248.14:3230 # Reference: https://twitter.com/ScumBots/status/1251187877255528448 112.149.90.49:5050 hyungwoo.kro.kr # Reference: https://www.virustotal.com/gui/file/03a58d54e04d346d4d06637a40834795431147472e07c815a0fee27475bcc970/detection a24369093123.ddns.net # Reference: https://twitter.com/ScumBots/status/1251188552500723712 40.114.49.176:4040 # Reference: https://www.virustotal.com/gui/file/b796ac10d1f3133ca6b77141e50e414f1fc704299884d0b0fb676ab0db7fed89/detection yesweekend12.ddns.net # Reference: https://twitter.com/ScumBots/status/1251189068190318593 213.152.162.84:9040 # Reference: https://twitter.com/ScumBots/status/1251189153976516610 unregisteredhost.dynu.net # Reference: https://www.virustotal.com/gui/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/detection 23.249.168.43:9090 ccmorgan.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0eb9cb0a88f2e88881e06ce961c2da388475c1b595f2669c57e0cf1b5eb7677/detection 41.143.216.51:1738 asco.dynu.net # Reference: https://www.virustotal.com/gui/file/44e550a4dbdc40e1cacca65b7e516618558c0d2114b3641cda6ddd69190ed8b9/detection 141.255.155.90:9023 nonamehost1.zapto.org # Reference: https://twitter.com/ScumBots/status/1251189930300227584 anonauth.ddns.net # Reference: https://twitter.com/ScumBots/status/1251191403851505665 216.246.49.165:6606 216.246.49.165:7707 216.246.49.165:8808 # Reference: https://twitter.com/ScumBots/status/1251191570986082305 82.84.85.59:1608 # Reference: https://twitter.com/ScumBots/status/1251191655589445635 62.108.37.42:6606 62.108.37.42:7707 62.108.37.42:8808 # Reference: https://twitter.com/ScumBots/status/1251192193597014016 84.51.52.166:6606 84.51.52.166:7707 84.51.52.166:8808 kingspy.duia.eu kingspy.noip.pl # Reference: https://twitter.com/ScumBots/status/1251858682108956672 61.69.131.134:1604 yilmazkocakau.ddns.net # Reference: https://twitter.com/ScumBots/status/1251915307536580608 141.255.146.238:6606 141.255.146.238:7707 141.255.146.238:8808 alltricks.hopto.org # Reference: https://www.virustotal.com/gui/file/cd61eefce1bda8e8fd7d6f38bb9e6d70b4f1d90efb039a1346d890eeedbd63ef/detection # Reference: https://www.virustotal.com/gui/file/ae089f74371ab598c6cf00e6debbb9d70c091d90641c406b4aa4c88e3fa81c25/detection 41.42.6.83:6606 41.42.6.83:7707 41.42.6.83:8808 81031.ddns.net # Reference: https://www.virustotal.com/gui/file/5185c0e1245a6ef3f2e38459095098a085e1b3f0fb75c7aa657df068be3334dc/detection 41.35.15.87:6606 41.35.15.87:7707 41.35.15.87:8808 # Reference: https://www.virustotal.com/gui/file/31846d250a4f71ff4d5348ba0417584e560f6a93a949bba415a9efd261a41e17/detection 77.78.103.70:222 qwerty123123123.hopto.org # Reference: https://twitter.com/Racco42/status/1255493982420942856 # Reference: https://app.any.run/tasks/9e6d5087-6d1d-44b5-9ac4-349e14df5eb9/ 62.102.148.158:62727 panda45.duckdns.org # Reference: https://bazaar.abuse.ch/sample/5be39967ba90f3766fa81f354a61102a7ddf6bc19ec282e56727abb6dafb973c/ 185.244.29.175:7071 # Reference: https://www.virustotal.com/gui/file/3e9fc29f4f0edfaebea7d78f2de99dc5dfdcd440fc8afc2fc8be0d9a6e10466e/detection 188.52.75.171:5558 # Reference: https://www.virustotal.com/gui/file/646bd5449aa3c3d5d029daeb30efbb49c68209ec434f4216593952d1310343ab/detection 80.200.143.32:5353 # Reference: https://www.virustotal.com/gui/file/f6270d604a6e859c46733c14315da1dc07d7c50eea5cefd427e915c7c726cd24/detection 191.250.107.152:6606 191.250.107.152:7707 191.250.107.152:8808 pointblankbrasil.duckdns.org # Reference: https://www.virustotal.com/gui/file/ffb897728bb3cdaf183b6346255551615e9de81c4178a74cfdf92c8a03dc11c1/detection 91.109.188.2:1010 # Reference: https://www.virustotal.com/gui/file/9a512140b526841ae759063ba36e46b1812c105d9cc94f8dfe11ff69f3cbb336/detection 51.39.198.26:6606 51.39.198.26:7707 51.39.198.26:8808 # Reference: https://twitter.com/ScumBots/status/1257439484339277831 141.255.158.227:6606 141.255.158.227:7707 141.255.158.227:8808 jnhacker.con-ip.com # Reference: https://www.virustotal.com/gui/file/8e0bde81c9e355be99d2fd2a8cd0a1ff088ccb9e4d846323a07c20948e385497/detection 42.116.41.65:3979 kingspy.ddns.net # Reference: https://twitter.com/ScumBots/status/1257437270765953025 191.250.107.152:6606 191.250.107.152:7707 191.250.107.152:8808 mydnshome.ddns.net # Reference: https://www.virustotal.com/gui/file/78f70e9f02eb5434bb36715f107a092a695b060a3e4dba41e6d6213813d6f6e3/detection 86.7.195.44:7777 nfrurqcjthnjznd.ddns.net # Reference: https://twitter.com/ScumBots/status/1257468146027503618 93.22.123.135:6606 93.22.123.135:7707 93.22.123.135:8808 backdoor.mcrage.me # Reference: https://twitter.com/ScumBots/status/1257751258787700743 # Reference: https://www.virustotal.com/gui/file/046b3e5c4418660a9eed9ffc4e9769df9e133eb96b40e2585eec87cf202d9b0b/detection 41.109.165.237:3000 cappa.myq-see.com # Reference: https://www.virustotal.com/gui/file/509607c23436a0d4ef33b21734a19aa129fbcd63bad4cb2965f06fc3f32c2554/detection 41.105.203.238:3000 # Reference: https://app.any.run/tasks/4c0659cd-b563-45a9-93ca-77b82e795fba/ 193.161.193.99:56769 unity123-56769.portmap.host # Reference: https://app.any.run/tasks/bca9407f-6879-4ca7-9dc9-c5c7d9472e38/ 193.161.193.99:7112 193.161.193.99:45885 reality-45885.portmap.host # Reference: https://twitter.com/ScumBots/status/1257955102553448451 # Reference: https://www.virustotal.com/gui/file/5d5d00143b5f578c0293a7cd806009ecd8da5b30d713ebdfb4fcfb83b85e31c1/detection 108.168.118.205:4782 havingfun.chickenkiller.com # Reference: https://twitter.com/ScumBots/status/1258452953662439429 103.74.18.65:8899 103.74.18.65:9090 webdata.ddns.net poda.duckdns.org poda.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/e2dd6989c2d9bd1038f5c6e741f4cdfa9b4584739fabf98db244f7763607178f/detection asyncrat.ddns.net # Reference: https://bazaar.abuse.ch/sample/43264fd31d2b8ce6104a5daf7cf933d315e21e2a968998591361c13fbc365baf/ 194.5.97.223:6204 # Reference: https://www.virustotal.com/gui/file/b611859ca933afe409d9c00d3c75fb42a4049ccee735afd2123e566bbf066c29/detection 185.140.53.43:4444 lagba10.ddns.net # Reference: https://www.virustotal.com/gui/file/34e20c34bb369fb81054fe19e90916e62251720cca8b961942f9ebbcb669919a/detection 193.161.193.99:25270 hiddensick-25270.portmap.io # Reference: https://app.any.run/tasks/88548d77-fbc2-421d-be4b-2da16bd0b5f3/ 193.161.193.99:34785 Slxthy23rf-34785.portmap.io # Reference: https://twitter.com/ScumBots/status/1261669580067549186 5.9.221.55:6606 5.9.221.55:7707 5.9.221.55:8808 # Reference: https://www.virustotal.com/gui/file/32501c0b743c1a550d9f4a24c73a6e58cb7e7a24919cdea9e85bd7d417273806/detection 220.120.90.123:6060 am164.kro.kr # Reference: https://twitter.com/ScumBots/status/1262284883466096640 115.23.99.222:2256 dokdo2256.p-e.kr # Reference: https://twitter.com/ScumBots/status/1262417002142085121 79.134.225.101:5552 # Reference: https://twitter.com/ScumBots/status/1262647276843028480 59.26.17.108:1212 obidori.kro.kr # Reference: https://www.virustotal.com/gui/file/31f8ef6bce5d3c220c3fb531b699dc5026b343bd0e76f3dd9fc9359dc86936d0/detection 115.23.99.222:2256 dokdo2256.p-e.kr # Reference: https://twitter.com/ScumBots/status/1263461921547747329 128.199.41.159:2001 # Reference: https://twitter.com/ScumBots/status/1263674037227659264 61.81.92.38:1212 test9909.p-e.kr # Reference: https://twitter.com/JayTHL/status/1263709348422967296 123.240.25.197:1604 asdf3341.ddns.net # Reference: https://twitter.com/ScumBots/status/1266652411889926146 # Reference: https://www.virustotal.com/gui/file/298587d8c8a376568ed09d332f329f3a4282e96e905f4569fbf24223ed10e491/detection 77.162.55.86:6606 77.162.55.86:7707 77.162.55.86:8808 monsternetwork01.ddns.net # Reference: https://twitter.com/ScumBots/status/1268143488413118464 193.218.39.43:8686 # Reference: https://twitter.com/ScumBots/status/1268532368790491137 188.250.211.240:3715 diass.duckdns.org # Reference: https://twitter.com/ScumBots/status/1269007937349058560 193.161.193.99:21292 allan4053883-60334.portmap.io # Reference: https://twitter.com/ScumBots/status/1269358998307983361 64.225.66.117:1331 64.225.66.117:1332 kr142.duckdns.org # Reference: https://www.virustotal.com/gui/file/86636201a899e360ad6fae1b71304c625ed6395ddf99e6b09906617da53ee93b/detection 91.193.75.208:3000 # Reference: https://www.virustotal.com/gui/file/8228d1299256a23377e57d575160dbd58f9ac46598c5c90b321743e366f3d09a/detection 173.225.115.144:6606 173.225.115.144:7707 173.225.115.144:8808 # Reference: https://twitter.com/ScumBots/status/1269910131933921281 42.119.15.63:3189 kingspy1301.ddns.net # Reference: https://www.virustotal.com/gui/file/d2d1030a5a122043c7a99b3f2c1b1d456be205033ed1327a0b4780f723a5e362/detection 42.117.191.69:8386 # Reference: https://twitter.com/ScumBots/status/1270064901101432840 100.64.15.50:5431 # Reference: https://app.any.run/tasks/5b5cba25-c74c-4c2c-80c5-c2f2c9156e6c/ 128.74.42.86:6606 128.74.42.86:7707 128.74.42.86:8808 logan1h.ddns.net # Reference: https://www.virustotal.com/gui/file/b8ff21e26e0da11d7146dd250b71206c698275e312bff612b38380e38385a4c7/detection 193.161.193.99:42300 193.161.193.99:6606 193.161.193.99:7707 193.161.193.99:8808 xaz19og-42300.portmap.io # Reference: https://www.virustotal.com/gui/file/e235e749a792841f78e1fcc8ddfea4d9c31471aaaa3df6928a43a96a8235698e/detection 102.42.76.37:2001 al3bkri13456.ddns.net # Reference: https://www.virustotal.com/gui/file/b891b61de4a7c50a50bffa4fb1394c696c25f80717ed57363f4e1a4a216973bb/detection 94.60.172.123:4500 # Reference: https://app.any.run/tasks/01c6c449-cfe1-4e4a-b34c-3536b67599af/ 193.161.193.99:48736 WindowsDefenderNet-48736.portmap.io # Reference: https://app.any.run/tasks/38f351cc-2e3e-4980-9a6d-4ceb645e4cbb/ 195.2.93.77:8808 servesvpn.duckdns.org # Reference: https://twitter.com/ScumBots/status/1270744376042553345 # Reference: https://www.virustotal.com/gui/file/4e8ca2787e65b0edaa21180883b642d7b3b7f85140ab7fc03d09c30da124dc5b/detection 193.161.193.99:1337 193.161.193.99:52390 sdsd33-43977.portmap.host # Reference: https://www.virustotal.com/gui/file/ae84c5af88241d3bb2e75160c53c6cdaee23555e0a83f0b9b5f218fe525c67b0/detection 82.205.2.127:6606 82.205.2.127:7707 82.205.2.127:8808 googlexfx.ddns.net # Reference: https://twitter.com/ScumBots/status/1271484250349547521 109.247.81.119:23818 # Reference: https://twitter.com/ScumBots/status/1271514445739634689 105.108.81.5:333 b34.duckdns.org # Reference: https://www.virustotal.com/gui/file/b1421de897b9903d393051f42730ac0fc7c19a3115f7b2fb019f2f7edd28e2af/detection 185.140.53.247:4723 sukasa.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/3af55f9bb1a968506ea79b9f24d4a61f99d07e652af05bc5c557f13c19343a03/detection 18.197.239.5:10611 18.197.239.5:25565 # Reference: https://www.virustotal.com/gui/file/3f240073edad176ed8dc359ec2420361d67368ed7859bece7b94180c9deba172/detection 18.197.239.5:11328 # Reference: https://twitter.com/ScumBots/status/1272224126346964993 89.182.127.205:9955 fifa2020-ps4.ddns.net # Reference: https://www.virustotal.com/gui/file/6313e287489f083c691693a5582888ea7ab7e3d03c81612012dec332d27c66e2/detection 185.140.53.11:2079 185.140.53.11:6606 185.140.53.11:7707 185.140.53.11:8808 212.225.226.30:6606 212.225.226.30:7707 212.225.226.30:8808 bazilspain.dynu.net # Reference: https://www.virustotal.com/gui/file/67cd0179d490d478ba231ee4719aa7e1427045de0067a24a0adc91f33fdcac3d/detection 212.225.226.30:2079 # Reference: https://www.virustotal.com/gui/file/621b16461f4c6844bb3438e8cc872ae6d81414bd2e60cc097e2af348697fd088/detection 39.108.140.215:60006 39.108.140.215:9999 2ee51a1ab0951a62.natapp.cc # Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/ 84.38.134.21:6606 84.38.134.21:7707 84.38.134.21:8808 # Reference: https://twitter.com/ScumBots/status/1273960570220404739 193.161.193.99:62895 # Reference: https://twitter.com/ScumBots/status/1274107785345712132 45.74.26.57:5326 # Reference: https://twitter.com/ScumBots/status/1274213483081596929 43.251.103.150:8848 # Reference: https://twitter.com/ScumBots/status/1274349378992582657 193.218.118.190:6666 # Reference: https://twitter.com/ScumBots/status/1274432429110034432 45.138.157.147:1111 # Reference: https://www.virustotal.com/gui/file/f83df0f45665f9f5d7d1e888cf778bb4440850503e24821bb0d976e86a5e87e8/detection 77.30.137.105:6606 77.30.137.105:7707 77.30.137.105:8808 # Reference: https://www.virustotal.com/gui/file/7528e56efe65fa4b61c7f7156e8d178473051f88d1dc1174378867bdef381f05/detection 202.79.168.134:3399 # Reference: https://twitter.com/ScumBots/status/1274753289091874818 95.70.134.40:8565 # Reference: https://twitter.com/ScumBots/status/1275421447985430529 14.249.183.252:5555 1593572468.ddns.net # Reference: https://twitter.com/ScumBots/status/1276036748053745669 8.210.144.63:6688 # Reference: https://twitter.com/ScumBots/status/1277490072456171520 117.3.216.38:3589 spy9999.ddns.net # Reference: https://app.any.run/tasks/ca2adff9-796b-45c0-b901-6542eb02857f/ xSkewber-24412.portmap.host # Reference: https://app.any.run/tasks/86f951e0-a325-4f4d-9d00-dcc9f1a58754/ steamguard1337.myddns.me # Reference: https://twitter.com/ScumBots/status/1278645187594551296 67.211.213.207:8080 67.211.213.207:9090 # Reference: https://www.virustotal.com/gui/file/1f6ea95aa6e7d84c2db2f180e6964449d9fe0b8112b9661889b5b200120b5cb9/detection 213.152.161.239:9980 bien.airdns.org # Reference: https://twitter.com/ScumBots/status/1278879232505110529 # Reference: https://www.virustotal.com/gui/file/ab5f8fc012927d2a8f6f9e45891da8111e1de9adddd57969540ce7a39697a5e3/detection 105.154.111.193:1596 105.154.111.193:2695 105.154.111.193:4562 dellpower.theworkpc.com # Reference: https://twitter.com/ScumBots/status/1278301761690894337 45.61.136.48:6606 45.61.136.48:7707 45.61.136.48:8808 # Reference: https://twitter.com/ScumBots/status/1279766327733952512 154.209.74.134:3399 # Reference: https://www.virustotal.com/gui/file/dbb7d9edbc04874b351fe0277d7ec7ccb41023f17e87e18da28dc267b2878ebb/detection 114.129.198.91:6606 114.129.198.91:7707 114.129.198.91:8808 # Reference: https://www.virustotal.com/gui/file/afede1c861d5026ace0d1864ab10214cbbe9e46f2299f401ac2589f924fd4a28/detection vksaodyd.kro.kr # Reference: https://twitter.com/ScumBots/status/1281038456521740289 23.105.171.85:35247 # Reference: https://twitter.com/ScumBots/status/1281283822118723585 # Reference: https://www.virustotal.com/gui/file/6e8ae7b434f014a40003c7b24984bdb3751515c7ab4edd36af33b02881d9d82d/detection 186.233.178.201:6606 186.233.178.201:7707 186.233.178.201:8808 duckjigsaw.duckdns.org # Reference: https://twitter.com/hexfati/status/1281490222618939392 julian.linkpc.net # Reference: https://twitter.com/ScumBots/status/1281570951919013888 193.161.193.99:1437 # Reference: https://twitter.com/ScumBots/status/1281570862492274691 193.161.193.99:28472 Pomm2paingg-28472.portmap.host # Reference: https://twitter.com/abuse_ch/status/1281641153524375553 # Reference: https://bazaar.abuse.ch/sample/3f28fd2c56f0bb9501f62fa64c71f6475d7cca2ee1908e097febdfc5516358ed/ 194.5.98.8:8824 # Reference: https://www.virustotal.com/gui/file/b3a4d10421309deb064c7c31d143b704471d2dc60a6b15a14402d2d069daa3e8/detection 193.161.193.99:24207 portababy-24207.portmap.host # Reference: https://www.virustotal.com/gui/file/cf302c3f21b10392c776e72d3b13e5065b1b6f503a3b63ffb343d13c1d83a6dd/detection 84.210.40.80:5552 krypticon9332.duckdns.org # Reference: https://app.any.run/tasks/eec7d68b-fa8f-4654-9544-2b59b27dc6be/ 206.123.129.103:5456 # Reference: https://twitter.com/ScumBots/status/1283031589962878980 193.161.193.99:38891 193.161.193.99:4443 # Reference: https://www.virustotal.com/gui/file/2de91b424589709529fb7f6dd861ee8fe089e2ac0927971d2242362e09c29502/detection 176.205.153.139:9476 # Reference: https://www.virustotal.com/gui/file/ba42409b340eba51a84a63ef57b8944d952ca927a4889948e069f8fc2352b727/detection 118.68.139.26:3189 # Reference: https://twitter.com/ScumBots/status/1283424178268405760 185.140.53.68:1515 mavennezeliora.ddns.net # Reference: https://twitter.com/ScumBots/status/1284137629882159104 174.0.47.124:8574 lowkeyjust.ddns.net # Reference: https://twitter.com/ScumBots/status/1284303722840035330 193.161.193.99:4040 193.161.193.99:41801 Crowlinqs-41801.portmap.io # Reference: https://www.virustotal.com/gui/file/9fae837fb9b2e3389ac912a88518a953bfd2e78b39daf89191187ae9b520dea8/detection 110.141.6.190:6606 110.141.6.190:7707 110.141.6.190:8808 110.141.6.190:3389 server1738.ddns.net # Reference: https://www.virustotal.com/gui/file/8b003d7f7d72eba439d095c2321003840b05e80099fabdd29fce757db0f57043/detection 185.140.53.76:1604 blanco.linkpc.net # Reference: https://www.virustotal.com/gui/file/0948d7d120fa3bfd8eb53b747e9ea08c6703f231663671441edec451b6d72586/detection 27.70.237.210:6606 27.70.237.210:7707 27.70.237.210:8808 27.70.237.210:8888 nohop1998.ddns.net # Reference: https://www.virustotal.com/gui/file/fdc7c7b4a95ee6a1df9b61e24097e0e0d9b5fb967e0430ddfc092aeeaadc1f3c/detection 193.161.193.99:29353 vuadaubepz15-29353.portmap.host # Reference: https://www.virustotal.com/gui/file/cb2eaf3e9c009c32591913cd555aa2c51eff9bb7ab0a656bd059d5ddadab82ee/detection 118.217.154.223:6606 118.217.154.223:7707 118.217.154.223:8808 mact194.kro.kr # Reference: https://twitter.com/ScumBots/status/1284798238680387585 161.35.56.21:7001 # Reference: https://twitter.com/ScumBots/status/1284892597912313857 206.189.76.209:5252 # Reference: https://twitter.com/ScumBots/status/1284896544760762368 24.254.43.171:6606 24.254.43.171:7707 24.254.43.171:8808 # Reference: https://twitter.com/ScumBots/status/1285047538941394944 14.5.119.153:6606 14.5.119.153:7707 14.5.119.153:8808 # Reference: https://www.virustotal.com/gui/file/955bd3f4c3f39ae1e20ef7bb1b83adf6dd4ac55110cffc79a5843e7c06641a6b/detection 156.206.124.24:1025 erksene.dynu.net # Reference: https://www.virustotal.com/gui/file/b724abcdfe906318472e2c9dcc1e8bd211b10e881c689a600782d0462916701d/detection 216.170.126.139:4660 # Reference: https://www.virustotal.com/gui/file/2622f9874b537293700a77646a386b3c708e257f00e218cd72baf10aed32456a/detection 193.161.193.99:5556 anonissou.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0634bf7e0d376d34450c4752cdd0945aba11ba2b316e64d3bc9d57c6980f189/detection 220.122.40.142:8080 criticalvip.kro.kr # Reference: https://www.virustotal.com/gui/file/bfdfe76cd0b61105c6bbea1952de0380012c3decbfc51ad263e00564cdea1983/detection 182.221.160.164:8080 zcx.kro.kr # Reference: https://www.virustotal.com/gui/file/e14d03068fdc83cd2a6b16bf40553f78d39e0a6478af3f329e69f6cca0df919b/detection 185.222.57.150:3450 # Reference: https://www.virustotal.com/gui/file/b724d53c26514502a8dc138a9a9b5c48b2f699e43a29060ff68bdfd857ce3caf/detection 121.137.39.53:8080 # Reference: https://www.virustotal.com/gui/file/99e489abde6b13f45c6cfababe1b9e46cf8692b12134b015096a323402c71259/detection 121.137.39.53:6606 121.137.39.53:7707 121.137.39.53:8808 # Reference: https://www.virustotal.com/gui/file/7b5dd184f138daf820509d1240dc7b00938d555ba1e9eebe5000d0e8ff2d3889/detection 121.137.39.53:5050 # Reference: https://www.virustotal.com/gui/file/2e04efdd2de2a1be9a27be389987fed425a3ee6826f69180db9093c5383e4833/detection 209.200.39.2:4040 209.200.39.2:7070 209.200.39.2:8080 # Reference: https://www.virustotal.com/gui/file/34b6843018283be543557947fea752642b68d5e72c412a0ab3bdd28ea1c498f9/detection 193.161.193.99:45680 youcefmadskull-45680.portmap.host # Reference: https://www.virustotal.com/gui/file/3377c9208f9f7427e2d5134f7009a5427637432c49797fbd7d83925a5ea954cd/detection 193.161.193.99:1236 193.161.193.99:61574 hackthisishack-61574.portmap.host # Reference: https://www.virustotal.com/gui/file/0427b7e094b0ced7de6ecc37aa5d5ff6de9b13785b068e8480bf62ed2fdac0e3/detection 95.120.211.220:4665 holocmsv2.zapto.org # Reference: https://www.virustotal.com/gui/file/4abdc1b37c11f32707551f7a3479462a68c043e08a84f93b36ad308bfc8e4624/detection 54.95.64.241:1521 # Reference: https://app.any.run/tasks/5092ca08-de2c-4fea-a24c-98a224b251e7/ 185.140.53.11:9845 # Reference: https://app.any.run/tasks/7e29c9db-d891-425e-a793-badabc8fe75c/ 79.134.225.83:4783 superkicka.org # Reference: https://www.virustotal.com/gui/file/2faf5255c368288325aac011cd2066c6942ea0b755718490363fdb6606dec40f/detection 188.151.38.115:1717 schost.duckdns.org # Reference: https://app.any.run/tasks/01eae1cf-71f1-4732-86d6-321117b8382c/ 64.20.43.83:3123 advisorgoetia-dns.xyz # Reference: https://twitter.com/JAMESWT_MHT/status/1288860715143573505 # Reference: https://bazaar.abuse.ch/sample/54d46ffbefae7f6025765c0c274f7f87714e5467da8926967efb01025693bb8e/ 177.255.91.168:49737 177.255.91.168:8057 gfsgvbxcv.duckdns.org # Reference: https://www.virustotal.com/gui/file/30232515c14a00a60978fc801bff8ec6db9c540f88cf6ec8851512e892917719/detection 84.210.40.80:5555 # Reference: https://www.virustotal.com/gui/file/cda5b8bf4e397c606b20ebf098253dc1456f28cc3aeec5ec7a1332afb33bc5b4/detection 185.122.168.250:6606 185.122.168.250:7707 185.122.168.250:8808 # Reference: https://www.virustotal.com/gui/file/97bf01ea73fc39e6dc829aa7a0c45762526c86b7d348ec19f6e3b2897775a6e9/detection holocms.duckdns.org # Reference: https://www.virustotal.com/gui/file/5d6500005736439ccf00e8136c00a351bd7c69fb33fb9485a1be9908187a66da/detection holocmsv2.zapto.org # Reference: https://www.virustotal.com/gui/file/c1877080b35ea82105c4a242cc49c832cc2f7207e672712cc8d364d2b005cf81/detection 193.161.193.99:34540 # Reference: https://www.virustotal.com/gui/file/b174722176293ad63a56287567655d408293addcbd6e248fbd058816667d3cde/detection 176.168.187.199:6606 176.168.187.199:7707 176.168.187.199:8808 lolo0909.ddns.net # Reference: https://www.virustotal.com/gui/file/d7ec327d2a382d2035818a0376fd27bf68dab2d89a7f4e04b04babaef977b16a/detection 120.78.86.213:5917 120.78.86.213:5925 120.78.86.213:5936 120.78.86.213:5944 120.78.86.213:5951 # Reference: https://www.virustotal.com/gui/file/8ca05cad682799f231e0a0fb670a2a04fb6f361f801c884f62a607b26ccc25f4/detection 192.227.158.120:4770 # Reference: https://www.virustotal.com/gui/file/2485169398a574f4b8c68b612c29715f43ecd5a00d61a42def399034ed389517/detection 193.161.193.99:39075 zufair.duckdns.org # Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection 185.244.30.27:3381 # Reference: https://www.virustotal.com/gui/file/d7ec3ec2ac8cb6d1f2898f2d7eb02850e34fc088f71e3ef82e966d10dbfc203b/detection pensive-pond-55232.pktriot.net # Reference: https://www.virustotal.com/gui/file/bb1223e5556adf3f9cb6976fefe3c51af74baacb5c159fe34a03e49ffd43aa39/detection 161.97.82.232:4141 # Reference: https://twitter.com/ScumBots/status/1291947998524706816 # Reference: https://www.virustotal.com/gui/file/3a81c9e1bfe70ae9506eef64194e9b6b8a49a7c2f64fa427ed31d0a9444a785e/detection 121.214.208.2:1111 121.214.208.2:2222 121.214.208.2:30 121.214.208.2:6606 121.214.208.2:7707 121.214.208.2:8808 sirenhead.ddns.net # Reference: https://www.virustotal.com/gui/file/4df01904a9abf7085fc4aafc372c7614cb7077c7350446188ceafc98001fb5b1/detection # Reference: https://www.virustotal.com/gui/file/90e9abb1b28a06edc6ae7a174b6468cfdfc91dcc29cd27be8fcd10d3c746f26e/detection # Reference: https://www.virustotal.com/gui/file/a71149ae63fc78968c81e659eb4dba652ffd3ea8d2a1c58bb631b7fbbaae8e43/detection # Reference: https://www.virustotal.com/gui/file/4e022a47ae07545c1a28418a9beb0f6d360144ec8087bc0bd2ac0f086bea9ddd/detection # Reference: https://www.virustotal.com/gui/file/71922e073726160d1bec9230d8b87eace72792499ddf4c731047a446b6876ee6/detection 185.140.53.54:4923 185.165.153.186:4923 77.74.194.214:4923 79.134.225.96:4923 79.134.225.103:4923 91.193.75.69:4923 bambooo.dynu.net # Reference: https://www.virustotal.com/gui/file/f4cecaa360ee6ab479cbf9b99c15b45ba7e9f548b7e368063a0c9f686fbc2630/detection 212.251.116.161:1604 212.251.116.161:6606 212.251.116.161:7707 212.251.116.161:8808 62.1.59.224:1604 62.1.59.224:6606 62.1.59.224:7707 62.1.59.224:8808 # Reference: https://www.virustotal.com/gui/file/889e35bc6ff36524dd0df82fbcf8a8015fd3c95d94b00c0875e9bb239eb12e28/detection 91.193.75.146:4780 # Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection 185.244.30.27:3381 # Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection 193.161.193.99:54030 Zmining-54030.portmap.host # Reference: https://www.virustotal.com/gui/file/43f97c03faf5199c8ebc7c49c076e45ed95fdf3edc26b4859fdbd705be21dd1e/detection 172.94.42.34:1043 dnsnuev009.duckdns.org # Reference: https://www.virustotal.com/gui/file/8f40ea9560e30c37b6ab4a3d6501b7cbf3898c20d1ecc31e2b7fe360449c0b33/detection 8.210.158.0:6606 8.210.158.0:7707 8.210.158.0:8808 # Reference: https://www.virustotal.com/gui/file/1dfb088dd661a1ab2025603696ced23a04e00c837590ad881a49a24768e09de4/detection 172.94.28.17:2021 tusnalguitas.duckdns.org # Reference: https://www.virustotal.com/gui/file/28dc802c58e106829fa716e2b4b0a1834967709075076bdbf0aec64f5e124f62/detection 172.94.42.34:5623 nikiko.duckdns.org # Reference: https://www.virustotal.com/gui/file/3183e83479da8d8ef421e91538fb85085229673f4bd2f13d3de7c8be2fc96c1e/detection 5.152.206.196:6600 # Reference: https://www.virustotal.com/gui/file/ad8b72167b5dd6b0bcba0a0685ec2addf744bc6da79c70476dd7d138cec764a4/detection 34.73.5.116:4444 # Reference: https://www.virustotal.com/gui/file/565054fa53c89061f7a81e18737a2140457316a526b616349e1ae614db363814/detection 109.247.81.119:20000 # Reference: https://www.virustotal.com/gui/file/d78ddc2b6e359f4d23f06437a5ff498c5afde61d925889129a8da056817bef70/detection 177.98.227.24:6606 177.98.227.24:7707 177.98.227.24:8808 # Reference: https://www.virustotal.com/gui/file/8e3c7cd8bb4826e4919aa56481167a1fcf9cb2d0e2c4a9c74ec155523f5d180c/detection # Reference: https://www.virustotal.com/gui/file/9660ae0cf1fe3b7745287ab05d242247334cbf51ba64b900998fb5073bedf890/detection # Reference: https://www.virustotal.com/gui/file/75feac230513a5d543e2f9559068259554200ed7440c44749e7678feb19b470c/detection # Reference: https://www.virustotal.com/gui/file/6c24f8caa4f1f21a9dd8b714066bdfa5e2d8c84ab068d50672ef12b048c4518c/detection # Reference: https://www.virustotal.com/gui/file/02b62fd53cf9ed3c98a70aa7c4ead2b9c8851079517747d8e106873654098651/detection # Reference: https://www.virustotal.com/gui/file/cf234f8fcdab2a576d303c8b0821b7754ec13e1319be9d24d335b351f774b1f3/detection 179.178.236.31:2080 179.183.119.159:2080 179.183.119.159:6606 179.183.119.159:7707 179.183.119.159:8808 187.114.175.149:2080 187.114.178.10:2080 187.114.178.10:6606 187.114.178.10:7707 187.114.178.10:8808 191.250.65.147:2080 191.250.65.147:6606 191.250.65.147:7707 191.250.65.147:8808 191.33.110.91:6606 191.33.110.91:7707 191.33.110.91:8808 # Reference: https://www.virustotal.com/gui/file/2154f0eae29106cd24148ff7a4486eb7467c0d590f7979c6ffb517f4d99d4c37/detection 211.108.200.7:4872 211.108.200.7:4873 0743.hopto.org # Reference: https://www.virustotal.com/gui/file/557ea13e8175753fff89bdfb1ede7e27779f6a55b5ba69ff2ecd7d6e9255ab8a/detection 177.255.91.168:8057 fsdgfd.duckdns.org # Reference: https://www.virustotal.com/gui/file/bdd504540ae6cbfcef701abb424def21007a55d3df5ce5bd03034c4cc66464d6/detection 78.63.71.91:6606 78.63.71.91:7707 78.63.71.91:8808 youtude.ddns.net # Reference: https://www.virustotal.com/gui/file/c8c3c2b6c66710984751b0ec262a618829be47e3c926c3c0c706365d5d0aacd5/detection 103.207.39.83:1024 # Reference: https://www.virustotal.com/gui/file/a93b12c36e78db3c5e27c9a35a23d7f87a3d788adf60f811485890a33c726c7c/detection 90.46.146.196:5552 shadowstest.ddns.net # Reference: https://www.virustotal.com/gui/file/d0ba64c92f0512db66ff99cc87ffced9bebeb3bf15470865c81858f02e3302a6/detection 193.161.193.99:24255 193.161.193.99:42219 iskyze-24255.portmap.host # Reference: https://www.virustotal.com/gui/file/74d10507f05b48357e55b0349a24144874a509980c1e0aabf43f781fdac10fff/detection asdxcvxdfgdnbvrwe.ru marcristosc.ac.ug 194.5.98.95:6970 # Reference: https://www.virustotal.com/gui/file/d288f6645d0f90ddff285c41b2512a1496a8b5b7c34df8bcecda8070314939b6/detection 51.178.240.250:6606 51.178.240.250:7707 51.178.240.250:8808 # Reference: https://www.virustotal.com/gui/file/459fe6ce78839307fd87c192fca2545ed25e89fe63f602356022fd32c8db8aba/detection 179.124.220.225:6606 179.124.220.225:7707 179.124.220.225:8808 # Reference: https://www.virustotal.com/gui/file/65232e1c7aedfd29788abfdf468587c2858822e65cb2fb15169b4261e4be1ed1/detection 123.110.29.249:1604 andy1688.ddns.net # Reference: https://www.virustotal.com/gui/file/305aacda61fb9f14aa1bb5124841ac25b7f23ff254a886a56a3d40bdf5a1a5e4/detection 107.172.221.181:333 107.172.221.181:6606 107.172.221.181:7707 107.172.221.181:8808 # Reference: https://www.virustotal.com/gui/file/310a6b915908dbc78e3d9dd56d06bf0fb3fd11e1c4db826a18611f5e80f9bed3/detection 82.205.33.194:6606 82.205.33.194:7707 82.205.33.194:8808 # Reference: https://www.virustotal.com/gui/file/304663149c45d54a23e0cf65b9775538009a76db474912fff395bedd3e789a01/detection 193.161.193.99:48637 boneless-48637.portmap.host # Reference: https://www.virustotal.com/gui/file/90aaeb0077277b5e45a7cdcbe365ead4781b5a0a5fd755f99ed8a2ec79e5e58c/detection 193.161.193.99:58562 newcosmo-58562.portmap.host # Reference: https://www.virustotal.com/gui/file/de3db6f0d0d8dd22a21731e739dbbacf86b2bc8bc21ea2a0ade9a16581a1ac14/detection 193.161.193.99:31239 ioplololo-31239.portmap.host # Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection 193.161.193.99:54030 zmining-54030.portmap.host # Reference: https://www.virustotal.com/gui/file/9a95c0829cd7766087de65e50b32a3689a91e3ad05a7cc94365ef94d4f685cde/detection 193.161.193.99:37930 pritom-37930.portmap.host # Reference: https://www.virustotal.com/gui/file/441a169e51070282b35537e90edab11e0064e3a0e6c4eab8759773d79cf00ae1/detection 193.161.193.99:2510 193.161.193.99:25360 vasco-25360.portmap.host # Reference: https://www.virustotal.com/gui/file/5c05897f869e9c72390065f8bbeaab7b7fb3f9089f56a68eb7b358a5d12cf968/detection 193.161.193.99:25987 prem131bn-25987.portmap.host # Reference: https://www.virustotal.com/gui/file/4415b9d3c5fc2ceaa6f935864c1d9a573447802f30ec30efd212a8be4fd2a82d/detection 193.161.193.99:54729 ismailbourji-54729.portmap.host # Reference: https://www.virustotal.com/gui/file/b5a85b868ec6932c4577c11ce91e0bfce9ea5ae81b788133fefc640015c3b0bc/detection 193.161.193.99:20760 f2had-20760.portmap.host # Reference: https://www.virustotal.com/gui/file/c381f88012efb8742927995e6f91525c4a1f9b4f3b3a4f25d431e8269842836b/detection 193.161.193.99:25125 hmz04-25125.portmap.host # Reference: https://www.virustotal.com/gui/file/ab10554a3e0ce5270d2c02e884a097e271dae6cbe2e51a70703da7d4e89919bb/detection 193.161.193.99:36161 prodharani-36161.portmap.host # Reference: https://www.virustotal.com/gui/file/af37a83779f91b64f3b03bf0daa2d79bd531a3968141e0dcc2bcee677f4b701e/detection 193.161.193.99:58345 keyman-58345.portmap.host # Reference: https://www.virustotal.com/gui/file/1ee13968473a9b9733efdca8caf07f22d39730a2b2ebf9c2c8d467e6f385d826/detection 193.161.193.99:37695 anonjayy-37695.portmap.host # Reference: https://www.virustotal.com/gui/file/8b4592b2bb2a904be55ab95ff2cb69808b15d819498cccb6ec05b2f5b7b3d63f/detection 193.161.193.99:37692 madman-37692.portmap.host # Reference: https://www.virustotal.com/gui/file/e9db2ade37b84b00334f829395b6af092dda2ae1f559cfbdb772ec15c7a54d94/detection 42.119.90.242:3189 kubeodz92.ddns.net # Reference: https://www.virustotal.com/gui/file/a5d78beef4d80eb7def57f7fd7647d09ec76a16eeedb2a5a3fc6f445526c8f4a/detection 193.161.193.99:20050 pawianek2-20050.portmap.host # Reference: https://www.virustotal.com/gui/file/e28f8760f889ff458aec8aedd2139e44735cb9468d34d175aec42643b90291b5/detection 46.60.22.192:6606 46.60.22.192:7707 46.60.22.192:8808 82.205.33.194:6606 82.205.33.194:7707 82.205.33.194:8808 googledrive.myftp.org # Reference: https://www.virustotal.com/gui/file/08b15d045255c81dcb3e29b70ffcd1a8d614bf99549f079085bfbc54a994d109/detection 42.119.90.242:3189 kubeodz2019.ddns.net # Reference: https://www.virustotal.com/gui/file/5f8ff6fd7b8bbcb8efd6e69b2300be59a059061ed3bd2a2fd63ab6e98cd7cd2c/detection 192.169.69.25:1044 192.169.69.25:20485 193.161.193.99:20485 franktembo-20485.portmap.io samarakandi.duckdns.org # Reference: https://www.virustotal.com/gui/file/f198e0cfa503100d64d15ed39b2516587582587f42afea74ace075b28f663fb4/detection 193.56.29.251:6606 193.56.29.251:7707 193.56.29.251:8808 bogdanxx90900.servemp3.com # Reference: https://www.virustotal.com/gui/file/33d1d991a9bda6bdec91b6be82e7ddc684a8f7400ac8402917ffefa0a5dfd631/detection 121.214.208.2:3000 # Reference: https://www.virustotal.com/gui/file/fc9ee822f9872fd4ca4531d5a91e29adfdc3a4a9e2e8f6e668305fe3bfa9fada/detection 193.161.193.99:41892 oksosokak-41892.portmap.io # Reference: https://www.virustotal.com/gui/file/e021d822f3a44473cd7d12518402469b38d200a27065c7aa757d13a15ae607ee/detection 197.206.218.240:5555 clayroot2016.linkpc.net # Reference: https://www.virustotal.com/gui/file/54d53186682c7277d99c86cea69d45960d2867041477a0d9edae6f08c8e8b52d/detection 186.52.202.235:3040 cortanahost.ddns.net # Reference: https://www.virustotal.com/gui/file/910c9c2a61c8748fe9bd3417eeb284535db3bbc30c6405f102002ecef3d6304b/detection 81.61.77.92:6606 81.61.77.92:7707 81.61.77.92:8808 campestre.hopto.org # Reference: https://www.virustotal.com/gui/file/4f41374a921e33b06bb11f64e72bc02c2f928704ebea63682ec66b85b1349f44/detection 175.37.36.152:6606 175.37.36.152:7707 175.37.36.152:8808 kakejake.ddns.net # Reference: https://www.virustotal.com/gui/file/15753a223aa59f5e2265569080d31e8351d546e6b7316c6660757a39bda94887/detection 121.137.39.232:5050 # Reference: https://www.virustotal.com/gui/file/fa2cbc10aa98e5cfe362065b2c19556c67dc8b7d48871008404f4778e8537f3a/detection 34.66.124.165:5555 # Reference: https://www.virustotal.com/gui/file/851d536bdf21ad02eab1ed632b7ef36fc5734e628c421c9f7c8dcb05d30f4d32/detection 198.251.64.252:6606 198.251.64.252:7707 198.251.64.252:8808 # Reference: https://www.virustotal.com/gui/file/b69e8a276d2c444b502238383ae3611714822c8605f074ef5a0a9a99c69b49a8/detection 79.173.65.159:19638 79.173.65.159:6606 79.173.65.159:7707 79.173.65.159:8808 rootaccountadmin.ddns.net # Reference: https://www.virustotal.com/gui/file/1c02bb46103de9bf189deaf1b8915afa62186f1b0e1b90742b70b58e44962bf9/detection 178.33.93.88:19678 # Reference: https://www.virustotal.com/gui/file/20ef74b6ca8718706ca786c9cd8c9de916df7daf77c81f436ab23b6c50db0487/detection 49.175.99.35:1234 leepipi.kro.kr # Reference: https://www.virustotal.com/gui/file/c811c161d9d0be1c09173a50af290a718729fd9509b63ff953ad4b07e2501657/detection # Reference: https://www.virustotal.com/gui/file/f48d69fb64fe7ae544769ce22a0500e07ac2f945b12bc717b78ca77a7b5a6924/detection 91.168.196.175:6606 91.168.196.175:7707 91.168.196.175:8808 likatn.zapto.org # Reference: https://www.virustotal.com/gui/file/ca17a69a46caf3e05a1cd8bf2f1d6679b55aa6ecf46ee63bf323ee892f88f80e/detection 105.107.4.125:6606 105.107.4.125:7707 105.107.4.125:8808 # Reference: https://www.virustotal.com/gui/file/c7cb970a67b5c370741e139dda48d47433477ab400e51a62a99b7a379a6c0dbc/detection 138.197.189.80:6606 138.197.189.80:7707 138.197.189.80:8808 blackid-35823.portmap.host # Reference: https://app.any.run/tasks/b31c0049-b5de-40a8-9069-8c14e27b738f/ 193.161.193.99:32260 Kupcia-53901.portmap.io # Reference: https://www.virustotal.com/gui/file/81e96984130042d0ee70ae09a7bc9375974d513938e80877720d251330e4b37e/detection 39.122.189.147:1 fsft.p-e.kr # Reference: https://www.virustotal.com/gui/file/1f48d54ad69726c01a7ae1e7ceff7ae6093005be1e100a75968476d72d75cf06/detection 101.179.85.220:1111 101.179.85.220:6606 101.179.85.220:7707 101.179.85.220:8808 # Reference: https://www.virustotal.com/gui/file/dcaf6810871062a1a5a292c8e46667a8b7de908d292513ef1c443929ce8897c5/detection 18.157.68.73:15558 18.157.68.73:16155 18.157.68.73:4444 18.192.93.86:15558 18.192.93.86:16155 18.192.93.86:4444 # Reference: https://www.virustotal.com/gui/file/bbae735df39c1301901ca97c6993f2b6fd7233a0360761eab8b65f2556df4517/detection 145.239.201.157:8443 # Reference: https://www.virustotal.com/gui/file/ee5dbfca30be494b6ad8ac1c18255b6054339de4aba768180a1f32e9921a30ce/detection 193.239.147.16:6606 193.239.147.16:7707 193.239.147.16:8808 # Reference: https://www.virustotal.com/gui/file/ff081035cd38c28b8093f8f0887450407e27a89ee1ff254dd627849bd6334fb5/detection 193.161.193.99:53485 hack567832-53485.portmap.io # Reference: https://www.virustotal.com/gui/file/126a37d9189d9ef7872b74fb13f562bc8601622b6455e01fefd646b463966fa6/detection 193.161.193.99:39400 kepada9494-39400.portmap.io # Reference: https://www.virustotal.com/gui/file/32e6114d2ce3e3c8f778769261cb06eb874b5f38271436d88053c41930f1ce47/detection 202.182.121.93:5050 kny777.kro.kr # Reference: https://www.virustotal.com/gui/file/49510b87db400c9570b85eba6271642d0a157d0c8cd5457171a6564aa73e7795/detection avantgrajgrup.com.tr /ilksan_sorgu.php?tck= # Reference: https://www.virustotal.com/gui/file/7c3eeba909d90095b3ac593ccc111251212ebe3304d5f9725325d81b2e6acd14/detection 13.82.134.169:48166 13.82.134.169:5555 13.82.134.169:6606 13.82.134.169:7707 13.82.134.169:8808 ROCK19870-48166.portmap.io # Reference: https://www.virustotal.com/gui/file/292a0b69dfc9ff8aa030fdbe13e0bc047606177ea3250c597e06dfeec1c92304/detection 194.5.98.100:1337 blackhair.ddnsfree.com # Reference: https://twitter.com/ScumBots/status/1315367256235311105 # Reference: https://www.virustotal.com/gui/file/b07c2fbb1e0470cdbffd9c1147de5cf1763edcc4c5a918ddc63ad49d1ecbc563/detection 45.95.168.116:1333 45.95.168.116:1334 45.95.168.116:1335 45.95.168.116:1337 45.95.168.116:1338 45.95.168.116:1339 # Reference: https://www.virustotal.com/gui/file/a3074419485db4ee08451afe2693184a89c031b3237e0a51b7627eb33eddc342/detection 222.114.199.209:5050 pyeonno.kro.kr # Reference: https://app.any.run/tasks/5bc8c7e8-e45e-4fff-9fc6-7a380e82e03f/ 193.161.193.99:54987 papachullan-54987.portmap.host # Reference: https://www.virustotal.com/gui/file/7e3e36dfb02909a470035b63d7db577f62431689e631fc7e1f21198745ce339d/detection 185.165.153.140:6606 185.165.153.140:7707 185.165.153.140:8808 # Reference: https://www.virustotal.com/gui/file/39eb27e6d13e6a373bb1da0becb487e808ff2d3849d481eb0bd4aa3b6d398cc1/detection 79.145.12.52:1335 79.145.12.52:6606 79.145.12.52:7707 79.145.12.52:8808 # Reference: https://www.virustotal.com/gui/file/913033893ab065b61e551399c91cdd877c134dc7dadacacbc87c3dfd798653a1/detection 91.109.176.2:6606 91.109.176.2:7707 91.109.176.2:8808 mika201.duckdns.org # Reference: https://app.any.run/tasks/407ac320-c34a-4b59-966e-1f8403fe92e5/ 193.161.193.99:28793 saudis-28793.portmap.host # Reference: https://www.virustotal.com/gui/file/708ba499db884070420f378523658870927c31654d03d24cdac303b5d60b0ac4/detection 2.56.62.44:4444 2.56.62.44:6821 2.56.62.44:6606 2.56.62.44:7707 2.56.62.44:8808 fuckmyass.duckdns.org # Reference: https://www.virustotal.com/gui/file/0cd8a5e9deb573fb2fda25cca06453abcd0a42ee7b0de44420973aeff3e0fcbc/detection 185.161.209.16:6606 185.161.209.16:7707 185.161.209.16:8808 bitcoins.giize.com # Reference: https://app.any.run/tasks/ddf3cca3-adcc-4110-976a-b724a6aab722/ ectoraid.ddns.net # Reference: https://www.virustotal.com/gui/file/fcdc5a453e07582d39d35234b39a67bbf958832ac88f0a82d413961482bdbcc0/detection 175.203.53.37:5050 nsr0209.kro.kr # Reference: https://app.any.run/tasks/107f53fe-e988-40c3-9659-bb47c7283615/ 193.161.193.99:60167 elechine-60167.portmap.host # Reference: https://www.virustotal.com/gui/file/5979eee66faff5910c181a7b1af0111d68a0feda3dd974306f8e5c5624af7cdf/detection 51.75.169.41:6606 51.75.169.41:7707 51.75.169.41:8808 # Reference: https://app.any.run/tasks/7468050a-b7fe-4748-b667-6933722a010a/ 193.161.193.99:33504 Scambaiter123ASAS-33504.portmap.host # Reference: https://www.virustotal.com/gui/file/a95000dca55523f7c8a1293563a03693f973fc12f91618deb86ec5aeee353728/detection 151.240.194.206:7777 nethalpop.sytes.net # Reference: https://www.virustotal.com/gui/file/9b9f13a8e3663e2b05e3af0b00abec4bc662b823a7fde9447164b9031bc59fe7/detection 52.156.134.11:4892 jah0seh.duckdns.org # Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662 # Reference: https://www.virustotal.com/gui/file/49f9c9e79441d891f84d5a457fed44897f95f8f691b387fcab2e63ec9a505667/detection 194.5.97.76:2121 # Reference: https://www.virustotal.com/gui/file/0c323c02db0a52d9a1764a74e3cb5a7bcc8e7b9839160179a772de3a6bc8cf26/detection pounds1990.duckdns.org # Reference: https://www.virustotal.com/gui/file/ff734df4d09afad52e931fce898a5497b78081fbca44f091e55a3da4b47c1350/detection 185.140.53.141:2256 freshg.ddns.net # Reference: https://www.virustotal.com/gui/file/0840d78515e4bdaa61b7d285b710361e19d10c31e34a0cfc58e5fae89e118bbb/detection 193.161.193.99:4332 193.161.193.99:57654 # Reference: https://www.virustotal.com/gui/file/4124fa166c07644eb29d7b813889a90795f9f1448f7cae2040a1375006748617/detection 91.109.180.6:6606 91.109.180.6:7707 91.109.180.6:8808 # Reference: https://www.virustotal.com/gui/file/3ba05ff4ea1e849ad3ce6780aadb44af45e48442f058510fcc096e115c853d80/detection 91.109.188.7:6606 91.109.188.7:7707 91.109.188.7:8808 mika202.duckdns.org # Reference: https://www.virustotal.com/gui/file/9cca37bc8df3f2d7d439db0ffb0ed8d4a1c2f88c5c43754bc78b674009b35b05/detection 109.202.107.147:7113 # Reference: https://www.virustotal.com/gui/file/e1a9c9a66a236487973368591a6735b9e14dd6a8c7be77106f63ec5835cebd2c/detection 203.115.24.234:8282 # Reference: https://app.any.run/tasks/0a2ba392-8c95-48d9-b4e6-b192643675c9/ 193.161.193.99:26660 carminebongo-26660.portmap.host # Reference: https://www.virustotal.com/gui/file/6e5fdf8624b69aa1cbda80d760e5a77143aafcf2b54617485023d2c520e7c431/detection 103.207.39.131:6606 103.207.39.131:7707 103.207.39.131:8808 # Reference: https://www.virustotal.com/gui/file/4467e78c9356062cd52d9d9da5dee3329558749d764ef8c72c14977ae65d139e/detection 82.65.39.148:6606 82.65.39.148:7707 82.65.39.148:8808 # Reference: https://app.any.run/tasks/c5ef1463-1168-4ef0-8536-d42d953c919e/ 85.224.37.213:6606 85.224.37.213:7707 85.224.37.213:8808 # Reference: https://www.virustotal.com/gui/file/971226ecd2869473e61804629f46507232584393f74bf7f8cc11c6592e916ffc/detection 128.134.139.235:5050 # Reference: https://www.virustotal.com/gui/file/5052cc68d40a843a8500983cc7e8c84601e5221149f88f1aa135f328e9e1a9b7/detection 93.190.51.64:1234 # Reference: https://twitter.com/wwp96/status/1328325861456699394 # Reference: https://app.any.run/tasks/85c6b9fa-195f-43c2-b480-8dea0a699fb7/ # Reference: https://app.any.run/tasks/d6fa28e7-0425-49c1-a12f-0185af0ed4ab/ 185.239.242.76:6606 185.239.242.76:7707 185.239.242.76:8808 5.230.22.165:6606 5.230.22.165:7707 5.230.22.165:8808 # Reference: https://www.virustotal.com/gui/file/815e7085a1cf084e05f86a972b0d91b4e5555577f8d47528d79d85dcbb45bc4a/detection 79.134.225.99:6606 79.134.225.99:7707 79.134.225.99:8808 # Reference: https://www.virustotal.com/gui/file/17433a45b35d1eab013795ac90856a2349ed97974c05653030279c52a367774d/detection 137.135.73.55:18 137.135.73.55:6606 137.135.73.55:7707 137.135.73.55:8808 cemnasq.duckdns.org # Reference: https://app.any.run/tasks/e7870287-b274-4f3b-9246-e7104d7f9cc3/ 45.144.30.41:6606 45.144.30.41:7707 45.144.30.41:8808 # Reference: https://www.virustotal.com/gui/file/f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9/detection 212.239.144.144:1177 212.239.144.144:6606 212.239.144.144:7707 212.239.144.144:8808 liligharba5.ddns.net # Reference: https://www.virustotal.com/gui/file/1153ff7152d6470ab2893655f2cd50df6a5dc7d0169ea56e5e7f54704b136831/detection 78.161.81.149:1604 78.161.81.149:222 78.161.81.149:6606 78.161.81.149:7707 78.161.81.149:8808 ipmdegismismalcry.duckdns.org # Reference: https://www.virustotal.com/gui/file/d0f7a30d75237013c95ab544faf873ba165f252321c49e2ccc5e5b43126a4c3d/detection 84.117.241.36:1604 84.117.241.36:6606 84.117.241.36:7707 84.117.241.36:8808 sexpulapistol.ddns.net # Reference: https://www.virustotal.com/gui/file/c6565e82f8873c8064caf5e73f1fe276b103c131e6df769dfd5bce2da760dca0/detection 91.105.195.23:5679 # Reference: https://www.virustotal.com/gui/file/7017de5d73a4f3bb86c343d87148c3af0087191fd401632b2643368ad38d0929/detection 90.37.128.28:1111 90.37.128.28:6606 90.37.128.28:7707 90.37.128.28:8808 osinte555555.gotdns.ch # Reference: https://www.virustotal.com/gui/file/cf69b63b9cb0ecae224f272bbf7d02fefa14e31ea1e2dab90d2f7fad8b742edb/detection 45.153.243.96:8888 # Reference: https://app.any.run/tasks/57ef4913-3bdd-47c9-bbca-1d16df9b9c1f/ 193.161.193.99:24383 nullbytes.duckdns.org # Reference: https://www.virustotal.com/gui/file/32ac22ae67128eee2d9771d0d579ca2fd222dc5937480391df2b1f50af84bd1e/detection 23.95.13.157:5356 # Reference: https://www.virustotal.com/gui/file/99c1bb646297307dad07a81cc77cd283f6eb854ab9b33a322725add022528bec/detection 185.20.185.96:9091 giness.giize.com # Reference: https://www.virustotal.com/gui/file/a8e0a5a7a055e7d431c3e28f77d81c9d7a4a6f3449382c7a88ae52a52091cdd7/detection 185.20.185.96:6606 185.20.185.96:7707 185.20.185.96:8808 genlast.giize.com # Reference: https://www.virustotal.com/gui/file/67d0d003a313f542a40efad51c91a6b81f13a9d7da5059edc39c9d7ad5b1c166/detection 105.108.31.15:2020 frefiredll.servehttp.com # Reference: https://app.any.run/tasks/8be5fee5-16e7-46d2-8b79-186227574f25/ 201.219.204.73:1881 dfdfcdc1.duckdns.org # Reference: https://www.virustotal.com/gui/file/ee3e0599c68bd9454f2e9175faa65c9a474160bc41acb07532158b6309ba991c/detection # Reference: https://www.virustotal.com/gui/file/edab64dac1dee32fef52a0871d0323e1b5bf246d70aa0617d83dcc7975bef283/detection 14.231.186.175:5555 # Reference: https://app.any.run/tasks/6a264419-9242-4e6f-9974-abc8cc7c194d/ 14.231.186.175:8888 getcookies.ddns.net # Reference: https://www.virustotal.com/gui/file/fa26846e38ca581bcfeb41da686153970b4d29ed706e76352dd2771c12267cde/detection anunankis10.duckdns.org # Reference: https://www.virustotal.com/gui/file/c92433dcc69cb79b43a176f68820d85c4c8d7ef0a6b31881de5e9cfb70464d14/detection 85.214.37.238:9192 # Reference: https://www.virustotal.com/gui/file/4082d61ef1a193655d3d50eb923fb95e4d0026de3104f2d5f4e162597e6d37b6/detection 88.232.12.125:150 nonick55400.duckdns.org # Reference: https://www.virustotal.com/gui/file/d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b/detection # Reference: https://www.virustotal.com/gui/file/cf4ddce71aba43a35beb19ec82d3e90b0008c09b3e6018d286ba321616ced13b/detection 46.114.109.193:59999 83.135.171.146:59999 drei.ddns.net # Reference: https://www.virustotal.com/gui/file/c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820/detection 193.161.193.99:28070 lufeteme08-28070.portmap.host # Reference: https://www.virustotal.com/gui/file/9160bff6b2976faebb45e316ae521f76fc25893a85818c02317b3435163545c8/detection # Reference: https://www.virustotal.com/gui/file/7940abde1678d42fc39c4cc0c69a17d2903c462747d9f8115b2b68f4a0f3d768/detection 206.166.251.78:6606 206.166.251.78:7707 206.166.251.78:8808 # Reference: https://twitter.com/jorgemieres/status/1336699712796299264 # Reference: https://www.virustotal.com/gui/file/558af040bcfa1aaf774e953cca682eaaf38ec8c4f3ca4f3e24e0ea8a783ca1df/detection # Reference: https://www.virustotal.com/gui/file/1f89b0e486eb986a03b0a5cbbacc8f4e7552f5b9ed74c408ae9febd2e424dbdb/detection 23.105.131.244:1881 maraddiego763.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1342046396048932865 # Reference: https://bazaar.abuse.ch/sample/c397eb85439a20b9185e001ec8cd286281d27d6be336d32e93558e451e6aeeeb/ # Reference: https://app.any.run/tasks/74f1a309-b81d-447c-80c9-fc94ed5a0d41/ 3.22.15.135:14345 # Reference: https://www.virustotal.com/gui/file/ab62e63b551e5f354ec3fe9fd7142d9a07311af48a898ab02faa8a9067fa9894/detection 47.93.12.104:6000 # Reference: https://www.virustotal.com/gui/file/258d5d44809036c29e621367b7aec4338278950edf3766277e3a891bcb8200d6/detection 78.163.1.80:1608 78.163.1.80:6606 78.163.1.80:7707 78.163.1.80:8808 kurbanlar12.freedynamicdns.org # Reference: https://app.any.run/tasks/816acf79-0c72-436c-b229-3cae510f1308/ 118.91.123.84:6606 118.91.123.84:7707 118.91.123.84:8808 # Reference: https://www.virustotal.com/gui/file/82e765d576749be75f8eec64ab5cb4c934b494e30a74fc9a4f70b1c8d3cb25ef/detection 212.125.28.114:4096 # Reference: https://app.any.run/tasks/b1409386-ce03-4eea-8a2e-32434ba38ee5/ 37.120.208.40:49746 chongmei33.publicvm.com # Reference: https://app.any.run/tasks/c1f8c77d-4c72-4419-a381-8d166413e5e9/ 193.161.193.99:23074 # Reference: https://app.any.run/tasks/cf031967-ce6c-4a6e-8b9f-a718560ee709/ 68.235.43.126:56927 # Reference: https://app.any.run/tasks/005ff4be-a1df-4e61-9390-b61d968ed4c0/ 125.209.137.105:6606 # Reference: https://www.virustotal.com/gui/file/a6264de41b4d2ad578a3ec5e082b621dcbf3b716e9bbe86f66682d785c7fc476/detection 45.140.146.29:7979 45.84.1.78:7779 # Reference: https://app.any.run/tasks/4585a843-0924-4dfa-9714-322eb3a61d12/ 193.161.193.99:48622 crazynigga123-48622.portmap.host # Reference: https://app.any.run/tasks/fea4d4d7-cc76-4655-8e00-400d40f683ab/ 79.42.176.16:8080 backdoor.sopix.it # Reference: https://app.any.run/tasks/afd0acb5-ce1d-4a29-b525-cd198d6d69fd/ 3.13.191.225:12246 # Reference: https://app.any.run/tasks/85ac5faf-d2bd-4e6c-84f4-276c16c8c260/ 20.50.121.62:1604 arda3369.duckdns.org # Reference: https://app.any.run/tasks/fbf0f2b7-868b-4aad-b0b1-8028f3303b73/ 193.161.193.99:25740 skeetware-25740.portmap.host # Reference: https://twitter.com/Glacius_/status/1354914904004820992 # Reference: https://www.virustotal.com/gui/file/baec9d73487e85c2bdd78b6ae43abaa6a7fec4b969d92b14427e8aca0510a24b/detection 172.241.27.124:6666 fat7e0recovery.ddns.net # Reference: https://www.virustotal.com/gui/file/ca15972126b044ee0306f30aea6ee94ac41c3696c6c4789649a8554c8011acd2/detection 193.109.78.123:5454 193.109.78.123:6606 193.109.78.123:7707 193.109.78.123:8808 # Reference: https://www.virustotal.com/gui/file/1ee5494e35b15b468334a05ab0b8b233cf09d3fdaf6b2fbfa997f30bb7e95534/detection 179.124.220.225:6606 179.124.220.225:7707 179.124.220.225:8808 supertop2.duckdns.org # Reference: https://twitter.com/ScumBots/status/1355991497095700491 # Reference: https://www.virustotal.com/gui/file/a9c4777eaa8ebd606b60f1a40c3789fe3cc0fa874610fed377cf1aea7093d638/detection 118.91.99.226:6606 118.91.99.226:7707 118.91.99.226:8808 # Reference: https://www.virustotal.com/gui/file/6d46e1bb744cc57d651c3812520e5efa06f760631df2740987ade7b1340262dd/detection 3.138.45.170:14232 52.14.18.129:14232 # Reference: https://www.virustotal.com/gui/file/fc96f417ac8229c6b5bb9303f3256d0ed54e416ae2328360b31c72b8b77bd027/detection 3.14.182.203:15821 3.14.182.203:25565 3.138.45.170:6606 3.138.45.170:7707 3.138.45.170:8808 3.138.45.170:28856 # Reference: https://www.virustotal.com/gui/file/3f82201b874febc1f265408f7574966eedd494c87ab21e20099c0463341c4ec5/detection 51.83.21.214:1177 # Reference: https://app.any.run/tasks/0713ac99-9dc7-4ea8-b408-dfc72f582df0/ 62.228.99.44:25565 swiftyboiiiii.ddns.net # Reference: https://www.virustotal.com/gui/file/cf0ac94c2958739cad12578e671278f78e9a36ca8dfa060e7cb99beacf5443f1/detection 77.149.2.122:5552 hookshome.ddns.net # Reference: https://www.virustotal.com/gui/file/4864f1d1db04b797fd2e43e2a842afe736f7a8a69d985d20c0a506b2cd1e6710/detection 201.219.204.73:1881 ortegadani4521.duckdns.org # Reference: https://www.virustotal.com/gui/file/3794538f0e3b4c499c8f5edf04fa2ee3bbf61cf51c9185ee60184d1473db6c58/detection 91.109.190.8:6606 91.109.190.8:7707 91.109.190.8:8808 mrtx.duckdns.org # Reference: https://app.any.run/tasks/99dabdb4-e15c-4a04-a587-01ebe4a1ecb0/ 193.161.193.99:47970 Lollypopman34-47970.portmap.host # Reference: https://www.virustotal.com/gui/file/4fb8606551676da10e81801a00d3fc7899c064b4ceec54939b41e8cdd7f81159/detection 209.99.40.220:1000 updatersvc.duckdns.org windowsupdater.system-ns.net # Reference: https://www.virustotal.com/gui/file/292f5a19fadef7188670b8bc2e69bcd9d1f54c7e23928427392dc135dcdc8a0d/detection # Reference: https://tria.ge/210214-whb5qfxctj 23.102.129.234:6606 23.102.129.234:7707 23.102.129.234:8808 # Reference: https://www.virustotal.com/gui/file/c4c4c3ddd9cf42d0352a5135a9250a0cc64a40a8ed49ca860cf31061cfca5304/detection 40.75.8.74:6606 40.75.8.74:7707 40.75.8.74:8808 # Reference: https://app.any.run/tasks/9528fcbf-be7a-42a4-b363-808a22a624fd/ 52.14.18.129:11677 # Reference: https://twitter.com/reecdeep/status/1361585509387149315 # Reference: https://app.any.run/tasks/4c21b945-025a-4fe9-9296-eadb5f04cf50/ 103.151.123.132:6204 severdops.ddns.net # Reference: https://app.any.run/tasks/d343dc45-6f76-4c18-aeee-4f1cf7e1764e/ 193.161.193.99:55575 gzzzjc-55575.portmap.io # Reference: https://twitter.com/someinfosecguy/status/1362440625619144708 # Reference: https://tria.ge/210218-jmjxwxbpqx/behavioral2 193.161.193.99:26187 193.161.193.99:64861 malkalanok357-26187.portmap.io # Reference: https://app.any.run/tasks/654e69f2-b60d-4dd5-8cf4-895123bbbe08/ 95.252.85.20:8080 unbelratcomesideve.ddns.net # Reference: https://www.virustotal.com/gui/file/c75f28cdb21bec49700a7579d3b630074e3fb6de4cda70c5937dcd8424bbebbf/detection 121.137.39.135:5050 # Reference: https://www.virustotal.com/gui/file/fad55e42bde0dce163f94a0ac272418b17100a67e439574fdc49ab7e2b12bc3e/detection 220.78.222.190:5050 yohan002.kro.kr # Reference: https://app.any.run/tasks/5f595a39-7203-4809-8d78-e3431e057227/ 193.164.7.176:6606 193.164.7.176:7707 193.164.7.176:8808 # Reference: https://app.any.run/tasks/7cc3c6d0-fe7e-4491-8d55-9f1644649546/ 193.161.193.99:36606 sizetmp-36606.portmap.host # Reference: https://app.any.run/tasks/a542e55d-6ff8-4aaa-9f49-13ea77bdbfd5/ 69.136.25.93:54115 azxsdc.duckdns.org # Reference: https://www.virustotal.com/gui/file/2399e5acd8e6fec2e83de445cf83b598676f57fdfedd1f67a7872a5009866591/detection 154.16.67.107:1177 newss.myq-see.com # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1365774874870972416 # Reference: https://app.any.run/tasks/119bfa2f-93ed-46e1-8ade-2eb69c0165d2/ 194.5.97.132:35714 # Reference: https://twitter.com/wwp96/status/1366429485080457221 # Reference: https://app.any.run/tasks/d93648e9-999f-4a82-b7ee-3d318546c9c6/ 152.89.247.27:1210 3324546.duckdns.org owncablestdywirecord.dns.army # Reference: https://www.virustotal.com/gui/file/1b3d41d44659ff038cf8aafdc5ff021646771106d957783aecdff725158c216c/detection # Reference: https://tria.ge/210305-v3pe2f2w5s/behavioral2 177.124.77.43:4000 micomico.ddns.net # Reference: https://www.virustotal.com/gui/file/7b5ac1f2b4852a2c27afd5c5529660f71f0e7ad0f890208ed3f5e248d6e7b84a/detection # Reference: https://www.virustotal.com/gui/file/3decf98948eb4ae09dec3ff5955f33bd9c4ce38cdccae4107f3fa9bfffb7b050/detection 85.170.227.97:4000 85.170.227.97:5000 rat94522.ddnsking.com # Reference: https://www.virustotal.com/gui/file/b04d9a311d595e1d0a44992ecd4ea00528270378d0e52da5dc75b8ccc1ce5599/detection 31.220.4.216:1738 # Reference: https://www.virustotal.com/gui/file/b77906648505d304d711b3021f19104a70f7725f6021e4cee0d492fa96597028/detection potrq.ddns.net # Reference: https://www.virustotal.com/gui/file/fdbb642769e8cc0eec1e09d29c9635d76d5885abb07deca4d2ef5c84bbba5c67/detection 136.175.8.57:1177 100k1.ddns.net 100k2.ddns.net # Reference: https://www.virustotal.com/gui/file/bc796e4f7602321306d3762eca6dc809ee2c043caf03386deb17b1422209a1ec/detection 45.32.200.152:1177 fat7e07.ddns.net # Reference: https://www.virustotal.com/gui/file/67d8ec4d7cde7188fc49f8268a10855abe89cffffc13c6f6111ba904caebe6f7/detection 93.93.193.189:9341 corporation.warzonedns.com # Reference: https://www.virustotal.com/gui/file/78430db636f5d5be5dd3959a3f74b14792897b8fdea1de1c441eba120164cfb6/detection liverpoolsupporters9.com # Reference: https://www.virustotal.com/gui/file/3c7d9801bed9dc95108527bc38cbc100260c5bd76331adffb9b21620c91b5049/detection # Reference: https://www.virustotal.com/gui/file/c4b9e67adddddb84ad88135affcf47881c6ff4a560557e760da2990aaca02510/detection 186.4.232.55:6606 186.4.232.55:7707 186.4.232.55:8808 rcvasconez.ddns.net # Reference: https://www.virustotal.com/gui/file/2f9e71f1807b0e909226f4fced8c62fb38c787b2ae56ec8646ade0a6a54ec725/detection 193.161.193.99:43299 gammadoppler123-43299.portmap.host # Reference: https://www.virustotal.com/gui/file/0100972f01df9b75c0958a7198170d2d37a51f1d500501bcdbf122bb43253bcc/detection 102.36.149.155:30300 79.134.225.11:30300 rbltd.ddns.net # Reference: https://www.group-ib.com/blog/rats_nigeria # Reference: https://www.virustotal.com/gui/file/8613c29feb93ea1eb6a48e037da61e0643ca06234d51462814e0b314e2aa9b50/detection http://68.235.38.157 east-ge.com kingtexs-tvv.com mariotkitchens.com sommernph.com # Reference: https://www.virustotal.com/gui/file/fee6cda76d8c5b289b76deba1176049e529f51ac06f817a8a22ec77b17d74f35/detection 188.161.190.135:6606 82.205.21.99:6606 82.205.22.86:6606 188.161.190.135:7707 82.205.21.99:7707 82.205.22.86:7707 188.161.190.135:8808 82.205.21.99:8808 82.205.22.86:8808 squadx.hopto.org # Reference: https://www.virustotal.com/gui/file/95fbecb2d0b0aa0fa80e02732237fc9eb43fc9f8af1efff062435b44b57f1a03/detection 97.90.7.88:4782 97.90.7.88:6606 97.90.7.88:7707 97.90.7.88:8808 cademc.zapto.org # Reference: https://www.virustotal.com/gui/file/e706bf49908519c14eb135357c5cd822be3f139be7365a94081b54342db0eb91/detection 20.79.41.10:5967 tayfagreatie.duckdns.org # Reference: https://www.virustotal.com/gui/file/23d4837df84a76f96c674581c96e6a1729bac2981787d3b36ac5149d861f13e5/detection 160.152.102.175:8988 160.152.102.175:8992 loading8992.bounceme.net # Reference: https://www.virustotal.com/gui/file/668d4a42b6e049ee80146d86f93c706a6598c90156b670b966a4a413a83e58d1/detection 144.202.70.248:6821 # Reference: https://www.virustotal.com/gui/file/af8558a48c8cd10691fc61aba79b6522807ff92a85fe833556445dba63f149d6/detection 45.77.142.82:9797 # Reference: https://www.virustotal.com/gui/file/2f054e75bbe251c38dfa8a3a31d51123d71f80054720c909ed3901e14859c656/detection 49.12.11.240:6606 49.12.11.240:7707 49.12.11.240:8808 49.12.11.240:6821 # Reference: https://www.virustotal.com/gui/file/89c38091fdb1977853e9533b62a68082b65dfa61007bd7d7f9dfaa228646252b/detection 20.52.142.130:9797 # Reference: https://www.virustotal.com/gui/file/fe57fc52dcd3215bca8bc6cebb224eb2c2d2b5238f3b671e84147ae555af936d/detection 144.202.70.248:6606 144.202.70.248:7707 144.202.70.248:8808 144.202.70.248:6821 # Reference: https://www.virustotal.com/gui/file/ab09142c8ecb158bb84696cb92e922fea9959a57bc6e1bacc6d8e87ffc1c63f8/detection 45.32.211.35:6821 # Reference: https://www.virustotal.com/gui/file/96f0812b2f8c0589a04b40ea1a9438d41e901ef660ed493c3d5221c535c18b4a/detection 216.230.75.194:8621 # Reference: https://www.virustotal.com/gui/file/c64c2b5fd4c90ac4dd5c41b733d43669fd3dfa75342d98f29b7bd3178e6374de/detection 139.99.73.120:6606 139.99.73.120:7707 139.99.73.120:8808 139.99.73.120:5555 # Reference: https://www.virustotal.com/gui/file/30368f7cf5ab4464ed45c1cf1c7a21110663a56b56ee5fe94a4e9bb376e2d5e4/detection 91.109.180.5:6606 91.109.180.5:7707 91.109.180.5:8808 # Reference: https://www.virustotal.com/gui/file/c06fdc9f0dbfd0b42d74c9226ed28f3f52b5bfc04af70f58b8b5b16439196184/detection 185.19.85.167:3413 # Reference: https://www.virustotal.com/gui/file/f7b01c9dd7e2184231f40d009c54374d0cdcf563e987fe2a3586e6b767852dea/detection 175.144.21.17:2703 185.244.30.92:2703 192.169.69.25:49703 37.120.208.36:49746 79.134.225.92:49703 87.98.245.48:49746 chongmei33.publicvm.com rahim321.duckdns.org # Reference: https://www.virustotal.com/gui/file/62a8add7d225619b038ee5e87b9546fbdb796c98b1c65fc4ecdc4b079069500d/detection 95.211.239.205:777 tahoo.linkpc.net # Reference: https://www.virustotal.com/gui/file/dfc5f5a467242e30666b413878511d034ab02651a8b791732b70317a72c6a543/detection 105.103.141.231:777 domaineweb.publicvm.com # Reference: https://www.virustotal.com/gui/file/7081ef94c2d39376308f54702b74cc685f2489f90d95f1db288ff96c7e434202/detection 184.170.245.2:6606 184.170.245.2:7707 184.170.245.2:8808 hacker1313131dd.ddns.net # Reference: https://www.virustotal.com/gui/file/7cf0450f46dbf13e125b76f7358c0505a9b5e6655d908281ed00b8ce5c94a3dc/detection # Reference: https://app.any.run/tasks/409d87b3-2e1a-4699-9fb2-42bc6c107dda/ 105.112.46.168:2021 105.112.78.3:2021 kimjoy.ddns.net # Reference: https://www.virustotal.com/gui/file/c3566a97c163540e23dd172c1c872bb8e4dab98c1a049bacef3f3fbf68744835/detection 74.199.72.115:3702 nazinaturistic.ddns.net # Reference: https://www.virustotal.com/gui/file/bd30df969f3a11aabd58ff65c72fd14a507ee43efe4d77331338facbeaed77c4/detection 195.62.33.67:9911 bad96.ddns.net # Reference: https://www.virustotal.com/gui/file/9d9ea4fd548efa07e3051dcef175d5b0446958cdf0d7f623a0f98945acc1dbb8/detection 94.61.14.42:6606 94.61.14.42:7707 94.61.14.42:8808 robloxfanscripts.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1389666118294327297 # Reference: https://www.virustotal.com/gui/file/146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e/detection 79.134.225.18:2455 franco.ddns.net # Reference: https://www.virustotal.com/gui/file/9ee67445d4ffeedd7c11e1e14949bf0f6060f34352e3f2c8d2184ffe0b4d235f/detection 79.134.225.18:6606 79.134.225.18:7707 79.134.225.18:8808 bigman2021.duckdns.org # Reference: https://www.virustotal.com/gui/file/8d2b3f58baa5dc605a8618d66b3070c97b8f3f01c214c3e39b0d3df1c820f12f/detection 78.189.145.29:1064 cancan01.duckdns.org # Reference: https://www.virustotal.com/gui/file/192b8b333a2d956f13512165a108e109e79f73680e28af2e98f4aafbaea378f4/detection 89.160.26.37:1907 89.160.26.37:6606 89.160.26.37:7707 89.160.26.37:8808 leoz07.ddns.net # Reference: https://www.virustotal.com/gui/file/af844d4f524a764af31c6d600148248dae088a54356bbd63604f93602ae8a655/detection 41.105.36.185:1231 170293.ddns.net # Reference: https://www.virustotal.com/gui/file/aefeb07afc0d9f4d09ab09317db14edef1b58df175f70cf6ea88d7f6cdce8cfc/detection 159.242.234.220:8991 160.152.102.175:8991 160.152.128.216:8991 160.152.155.95:8991 160.152.184.22:8991 160.152.34.228:8991 160.152.57.245:8991 197.210.70.144:8991 197.210.71.96:8991 79.134.225.119:8991 adobe.myactivedirectory.com # Reference: https://www.virustotal.com/gui/file/d452cee94e3a2d58b05e9f62a4aa4004c0632d9b56fa8b57664d295bc88c4df0/detection 160.152.128.216:8988 160.152.155.95:8988 160.152.179.159:8988 160.152.71.32:8988 5.62.58.238:8988 79.134.225.119:8988 160.152.128.216:8989 160.152.155.95:8989 160.152.179.159:8989 160.152.71.32:8989 5.62.58.238:8989 79.134.225.119:8989 asin8988.ddns.net asin8989.ddns.net # Reference: https://www.virustotal.com/gui/file/e8aca8f27af178b2c191206c7bc04bfddc604a78b95699a72ca20c22f618c9b0/detection 160.152.187.169:8988 79.134.225.119:8988 160.152.187.169:8989 79.134.225.119:8989 160.152.187.169:8990 79.134.225.119:8990 asin8990.ddns.net # Reference: https://www.virustotal.com/gui/file/d88f2958d0acb7f06c1cfbf71f496477b5bae94fda49b9084def65709b211546/detection 41.102.72.91:2019 mrdiazdz.myq-see.com # Reference: https://www.virustotal.com/gui/file/7e2c927caec040c6a134fbcd520023dd48379be367b6af0a353dfc1e4d0bcc3d/detection 79.134.225.7:9476 sipex2021.ddns.net # Reference: https://www.virustotal.com/gui/file/af664ecd43c0dd5152022855d80d3faa80bf938477b7959fdfe3d67c50ab93d6/detection 14.191.50.101:8080 # Reference: https://www.virustotal.com/gui/file/2fd8dd35009746246e06cafdd744c0bea6862576483a55a93b3c00de75989876/detection 77.247.127.24:6666 # Reference: https://twitter.com/pmmkowalczyk/status/1392794233724100608 # Reference: https://www.virustotal.com/gui/file/d17a7a0afd4342b88db7bfdba2ed30b44e03d95104d27d5e869bf7641895ad5d/detection 46.101.140.16:47533 fnk3.playit.gg far-street.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/ea3e00b1c26220883d6e27179ec9391efa9a2062414eb1c5576db0e204291104/detection # Reference: https://www.virustotal.com/gui/file/8ab4f231ebf6150eb8bcfa302353732cce3f6c72ea7892f27a22e2720509dc37/detection 134.122.66.170:1604 134.122.66.170:1700 134.122.66.170:55772 134.122.66.170:8929 139.59.82.105:1604 139.59.82.105:1700 139.59.82.105:55772 139.59.82.105:8929 bng1.playit.gg fnk1.playit.gg roasted-egg.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/4cb3d0afec4c271f4d2351022cecd072a7ef96b7c2f63223144278de67067d42/detection 157.245.170.36:1604 157.245.170.36:55078 157.245.170.36:6606 157.245.170.36:7707 157.245.170.36:8808 crooked-wash.auto.playit.gg sf1.playit.gg # Reference: https://www.virustotal.com/gui/file/b3a697477ca999a3cedb88a7dfef0735ac12032f26106008a31c6db4bdf1b7c8/detection 134.209.194.210:56635 ams1.playit.gg gullible-substance.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/05030526532dbe4d0a3e49140489439468957d6dea9f482ff983e778b21c61d0/detection 147.189.168.238:1996 nova22.ddns.net # Reference: https://www.virustotal.com/gui/file/d3b9abaed3de3549b0fc83ec846a02612d91dfaca5a82aad2d7fa58b6e6c8f59/detection 134.122.66.170:59266 enchanted-sugar.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/5acd937d84b28e21755ea9707e88cb73eaa6f183f03568e69077eee97ff5c6ca/detection 134.209.194.210:56874 134.209.194.210:6606 134.209.194.210:7707 134.209.194.210:8808 bored-baby.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/4a69b932f7d7abe2e40d828020271ad2c82895fe0e45639a5e63898097383229/detection waiting-distribution.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/25b60ae10029b3dc5b7c9e0c4fda13f676fd138f9407fb3d515b16f307964987/detection 134.122.66.170:2626 134.122.66.170:52083 staking-afterthought.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/c984664d6300015a18c84ddf60d978b2cedcf5323dcf32365b72456766770dec/detection 134.122.66.170:56797 134.122.66.170:6606 134.122.66.170:7707 134.122.66.170:8808 parsimonious-elbow.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/f7aede4740b641f6ca71b683741b35e4cd8fcb9cd9aac929605e2f41de19db76/detection smelly-plantation.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/ae068da2d2b92d3884eebcb3b088d3764c64899341deab9e431bb0cf5af2f011/detection 134.122.66.170:52859 parallel-spade.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/4816d6f30051bd5fd3b3c585ab45068cc68b1698bedebdf829b6df2c1345787d/detection 151.115.36.90:51696 151.115.36.90:6157 scintillating-jeans.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/3c19eba85ce343b5cb5a2afd7036a2528c520c19dae153c9c50552ec2f33d548/detection 46.101.140.16:59842 # Reference: https://www.virustotal.com/gui/file/7787b0ad1912dfe4feac545132d8c27f2cd89f1f9a8cf1ed7d787a487e523e9b/detection # Reference: https://www.virustotal.com/gui/file/5c3d28aefe454f0503484f737fd56fb0303c93556c579c4568a72d684ee14ed3/detection 46.101.140.16:49723 little-toothbrush.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/0d937a6efda9883e93d429cf6c4d60dc145ed5f3fd69ddb744cb44a4a0b7396d/detection 46.101.140.16:47458 slippery-cactus.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/8e1ae1790f2ee8b22b8956cd8b1cedf9b0bf82246d5d5a998bc503ac780b3496/detection # Reference: https://www.virustotal.com/gui/file/f8e56bed47bf278dd23e4e8bbac71c8bc0464bfb91c07c242a2d26a37aa83d16/detection 46.101.140.16:47537 tremendous-icicle.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/822edf21c4b1bdd1a85dc45219158b462323339f5510c9780c900e12a8a125cf/detection 151.115.36.90:49057 151.115.36.90:6157 cloistered-dogs.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/b47b6d3289ae1968dbf8c2ade9b51b8648e422b1676e5ca320f588768b90a28c/detection 134.209.194.210:59208 46.101.140.16:59208 # Reference: https://www.virustotal.com/gui/file/29e7e0de201646f11e3ac7b7f861cc489e5f8343834871de5143e4842d1718ef/detection 46.101.140.16:46467 unkempt-silver.auto.playit.gg # Reference: https://www.virustotal.com/gui/file/32b3b1966fae4e513fa11870958bf2fd585144a9b9a37b4ed0da8f9871f40176/detection 176.136.47.220:1605 176.136.47.220:6606 176.136.47.220:7707 176.136.47.220:8808 xuehue.freedynamicdns.net # Reference: https://www.virustotal.com/gui/file/90fab6977cc5f967959d3dd307d4dd99dfa8da7f7fe2c159c1e7911bc6f5105f/detection 20.52.37.83:6606 20.52.37.83:7707 20.52.37.83:8808 orospureaxx.duckdns.org # Reference: https://www.virustotal.com/gui/file/cdbbddacd34d002729ac3889252f36c544b936002005a2f357e831cb2f669d7b/detection 194.76.226.201:6606 194.76.226.201:7707 194.76.226.201:8808 # Reference: https://www.virustotal.com/gui/file/dc3e48d0b12659129b857a0293e2978a29809664572b4f6f556491ca4f677dbf/detection 150.107.31.190:9060 # Reference: https://www.virustotal.com/gui/file/69642f95f35b3d14f1123de60819e66e59c8f125defb58d23b8766f498597de3/detection 79.134.225.53:9872 # Reference: https://www.virustotal.com/gui/file/494924af556726976ac133cfe12a92b3d5b193f19df0d3ea785c645cea18e6fb/detection 24.101.234.141:4782 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1400166564268331009 # Reference: https://www.virustotal.com/gui/file/c810a1bde5027f6fcf656067381133c6c8e61349cd05b4f4c7a9695b9a44f31f/detection 195.174.209.145:1781 195.174.209.145:6606 195.174.209.145:7707 195.174.209.145:8808 # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1399327839896342529 # Reference: https://www.virustotal.com/gui/file/e89d388de70b933316724146def5eeab047a08514b7bf70bcea3916e09162669/detection peebeekay-22139.portmap.io # Reference: https://www.virustotal.com/gui/file/6610572cbe4075996e903d9e13a29cf812537be7b7ed2d9f6bc341a3998f4459/detection # Reference: https://www.virustotal.com/gui/file/48b3e497f5e533a663b3686b731bcf2b486ba3aedb006091fd95d1f573944c90/detection 87.132.215.23:4250 89.182.98.3:3601 dontreachme5.ddns.net dontreachme.duckdns.org dontreachme1.duckdns.org # Reference: https://www.virustotal.com/gui/file/ec503a0e10888dfadfaa3716eb128b6dd7479fd708e45a181cba7c14e8ad59f9/detection # Reference: https://www.virustotal.com/gui/file/ee45e7b7efce62cdf53205e25010044bd2612498113e665e76f9731d4e2843e0/detection 162.255.119.29:54984 173.189.160.249:54984 snow-leopards.xyz # Reference: https://www.virustotal.com/gui/file/1c1aad21ca7a30cdb51deac733927ed1b603c242b7640c9e42605ea8202782f2/detection 106.214.237.83:8088 # Reference: https://www.virustotal.com/gui/file/f6f4e3772ac0e480939d5af16464ba425c44040e1f1ce6edb82591694d5e3f01/detection ooyeah-24044.portmap.io # Reference: https://www.virustotal.com/gui/file/44b58d71e60589298b48dbbdcd296ebd7b0330dceb8988369267a167a85d631c/detection # Reference: https://www.virustotal.com/gui/file/b564ee571c17fcf612bf67207a44d92e463f1c12c2558f205c4cbb45d8950839/detection 141.255.155.84:4444 141.255.157.163:4444 cryptserver.hopto.org # Reference: https://gist.github.com/myrtus0x0/deb815eadd362f660aabb41a7806e187 172.93.222.156:6606 172.93.222.156:7707 172.93.222.156:8808 173.63.124.155:1604 178.33.222.241:2703 178.33.222.241:49703 178.33.222.241:49714 178.33.222.241:49746 185.165.153.116:2703 185.165.153.116:49703 185.165.153.116:49714 185.165.153.116:49746 185.19.85.155:5080 185.244.30.92:2703 185.244.30.92:49703 185.244.30.92:49714 185.244.30.92:49746 194.5.97.249:9951 194.5.98.196:4529 194.5.98.107:6970 203.115.24.234:8282 37.120.208.36:2703 37.120.208.36:49703 37.120.208.36:49714 37.120.208.36:49746 45.153.243.96:8888 45.35.158.173:6606 45.35.158.173:7707 45.35.158.173:8808 54.246.188.45:6606 54.37.36.116:2703 54.37.36.116:49703 54.37.36.116:49714 54.37.36.116:49746 79.134.225.92:2703 79.134.225.92:49703 79.134.225.92:49714 79.134.225.92:49746 79.134.225.99:4726 79.134.225.99:6606 79.134.225.99:7707 79.134.225.99:8808 91.105.195.23:5679 agentpurple.ac.ug agentttt.ac.ug bruhmoment123123123.ddns.net dongreg202020.duckdns.org gateway.swat.host genjustu.hopto.org johnboo.hopto.org # Reference: https://www.virustotal.com/gui/file/6c9d744a929a0e67b79dbb669cf8be1ac357b0e8eb75074ace81fa90857e5552/detection 197.1.99.237:6606 197.1.99.237:7707 197.1.99.237:8808 197.1.99.237:9995 197.238.81.24:6606 197.238.81.24:7707 197.238.81.24:8808 197.238.81.24:9995 chromsec19.zapto.org # Reference: https://tria.ge/210528-3n4n93ztka 185.19.85.168:5946 shugardaddy.ddns.net # Reference: https://twitter.com/petrovic082/status/1397093409521905664 # Reference: https://app.any.run/tasks/a1d1ad79-e892-450e-99ff-19aea71774ce/ # Reference: https://www.virustotal.com/gui/file/51863340741893ed0860f30704e00ee4e4c4f0ac4b2c6eefd5e765008f20eb29/detection scarsofthesoul.com/wp-content/themes/45gHdoYZRK3EEBAC.jpg scarsofthesoul.com/wp-content/themes/SNavmh60gxje6Rii.jpg # Reference: https://www.virustotal.com/gui/file/2b8678fa955d08b909a9068aad612ed566a9a98c0476585770f6d1c8dc0c3f9e/detection 141.255.144.58:1604 # Reference: https://twitter.com/James_inthe_box/status/1406995650307256320 # Reference: https://tria.ge/210621-g8zj1sp5j6/behavioral1 88.234.171.239:555 asc1.linkpc.net # Reference: https://www.virustotal.com/gui/file/227f44cda2b2f73785a5ae5b258fe818dd3302ce533aa50837ab21d99cb8219a/detection 185.244.26.217:5892 exchangexe2021.ddns.net # Reference: https://www.virustotal.com/gui/file/068a691ba494e231b27af202af806ff1daac8b660993678a4c0b73ffc8a2d242/detection 185.140.53.169:8970 8970.ddns.net # Reference: https://twitter.com/ps66uk/status/1407090099699994626 # Reference: https://www.virustotal.com/gui/file/ca8929421ca89c108483865008ee79bd23e3386b899ffebdd897e1d072ad9e92/detection 172.111.244.39:46422 172.111.244.39:6578 leechong444.ddnsgeek.com # Reference: https://www.virustotal.com/gui/file/14a78e85a9719b24dd71fa5cded55f59c14d45211a18bf89f5196cd2e0cd45e5/detection 83.252.99.10:8080 keyloggerhacker.ddns.net # Reference: https://www.virustotal.com/gui/file/a72d1d21eaf2f89f06ea807db188ee0e4c6ada5e966568d8543e4c3dbd5c7c73/detection 135.148.134.17:8080 # Reference: https://twitter.com/BushidoToken/status/1416498021127409674 185.195.232.251:57667 # Reference: https://www.virustotal.com/gui/file/5f106bf6a105b2febc08dbc9885420f6341eae88eb5570d5b5454a3bee0c2a08/detection 3.22.15.135:6606 3.22.15.135:7707 3.22.15.135:8808 3.22.15.135:16029 3.129.187.220:6606 3.129.187.220:7707 3.129.187.220:8808 # Reference: https://www.virustotal.com/gui/file/878487e25eb96ab2c4ebd889e4bfc1739d730722c2af4736bc46ac3d11eca453/detection 206.123.141.239:7777 # Reference: https://www.virustotal.com/gui/file/d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827/detection 95.169.210.148:6666 # Reference: https://www.virustotal.com/gui/file/8b388efb71328e18ee3dd5b4c932387ddad5ee79b595751a79fe535533e2c4ed/detection 191.88.250.118:5020 marcelajarakmisdhuakfsg.duckdns.org # Reference: https://www.virustotal.com/gui/file/c4b86c9533e71721f549923868ca2f940e6bee5b9ef49b661343a5028a16b363/detection cabovela.duckdns.org # Reference: https://www.virustotal.com/gui/file/a0329b99847941ede2712082eca9b6fecf89a9150fa36160328b3e596f3c23fc/detection 45.134.225.35:7821 45.134.225.35:6606 45.134.225.35:7707 45.134.225.35:8808 # Reference: https://www.virustotal.com/gui/file/1677e0afc52a9166c9a433e5db3864f71fe5816a98784f6ee3e86540827da084/detection 86.107.197.52:6606 86.107.197.52:7707 86.107.197.52:8808 # Reference: https://www.virustotal.com/gui/file/fa34352f3aec8d28f7e9ebc21a01c3a32e98620790ca91e29ad385919c0e213d/detection 136.144.41.4:4771 # Reference: https://twitter.com/pmelson/status/1419399465207836674 # Reference: https://www.virustotal.com/gui/file/07ac588af0a2789108da9687b452144e346c0a05583ae21660b5b49ef9740046/detection 137.74.176.167:1177 host.aliveafterguard.store # Reference: https://www.virustotal.com/gui/file/fd78341536c5abe19c4beec49876f8f854819aa075092e3d9aec8c193339fcca/detection 171.235.78.216:4444 # Reference: https://www.virustotal.com/gui/file/b6444d49ebd6cf176222cd2ec2816c07727d334a8c6aed056e6e953796f7433a/detection 197.210.71.57:8971 makesuretobackup.loginto.me # Reference: https://www.virustotal.com/gui/file/0705b69d12b5171f99bb4e89191939fe874ef994ffacb2508abcc2057463b605/detection 104.227.146.200:8835 104.227.146.200:8970 104.227.146.200:8971 104.227.146.200:8973 8970.ddns.net # Reference: https://www.virustotal.com/gui/file/4e8bacc82d5684af7b56acbd3150ec033db6d6cc89e60bcf1d16ff13766d41e4/detection 185.140.53.169:8835 185.140.53.169:8970 185.140.53.169:8971 185.140.53.169:8973 # Reference: https://www.virustotal.com/gui/file/eeea15c1411e2f21445e11f510f4c3a3a9c8390085757daf352d48dcfa50d182/detection 104.227.146.200:8070 185.140.53.169:8070 35asyn88.ddns.net 7298hwor.ddns.net newagain.servep3.co # Reference: https://www.virustotal.com/gui/file/da8a2b68f14fab211ffe09dc43922790417dbb6e5fa437b461ad1d5ac7d4f788/detection 141.255.151.240:2880 xinpin.ddns.net # Reference: https://www.virustotal.com/gui/file/0da6b4eb3e0cd74821c92e1cf094e148f62749a6bc8a2d5e457ca320be2947da/detection 46.249.32.186:3000 46.249.32.186:4000 camfro9ksa.no-ip.biz jamal16a.no-ip.biz # Reference: https://www.virustotal.com/gui/file/c31f8b69245d8207cf420a1e7ca523553eccd96d649168314db28644203cea9e/detection 194.5.98.8:3030 adikremix.ydns.eu # Reference: https://www.virustotal.com/gui/file/19470ceb697cfe1039f344962da8fe0b1fe484bd0488db00afef27816ee62ae6/detection 185.244.26.165:9582 e29rava.ddns.net # Reference: https://www.virustotal.com/gui/file/623534bf150f2538edb27e51ed56b92f464adb5da8e2db378ec3a666fcb64772/detection 185.244.26.213:9872 # Reference: https://www.virustotal.com/gui/file/6693e9ce0848fe351b1df785a7540ec3bc1950fd698977cdd8cde1b3d4f19681/detection 177.126.146.148:6606 177.126.146.148:7707 177.126.146.148:8808 word.is-a-rockstar.com # Reference: https://www.virustotal.com/gui/file/df5909d3af4ca4654c190c579631cd6d9aae3e0270daa83e92c7ee4397322364/detection 79.134.225.109:9070 asyn101.duckdns.org # Reference: https://app.any.run/tasks/7e4869df-9ab6-4ee4-9772-f5af5721ca83/ 91.151.88.245:2070 # Reference: https://app.any.run/tasks/eb9ed5cc-ca36-4fcd-955b-81a360cda877/ 20.199.121.197:7707 # Reference: https://app.any.run/tasks/78c5b68f-1c96-46a6-8519-d7f8e475a714/ 151.237.185.211:20090 harnav1.ddns.net # Reference: https://www.virustotal.com/gui/file/c8b7234f8cbfaa32f5c52c02b259511861bfa602a447aea1b1e82f024f102e50/detection 37.49.230.185:5874 # Reference: https://twitter.com/James_inthe_box/status/1438506362107928582 # Reference: https://www.virustotal.com/gui/file/0d9937ff3380d575397c7dae4b22267d42a029956d45a16f956cddf479c3cf59/detection 194.5.98.132:1849 rick63.publicvm.com # Reference: https://www.virustotal.com/gui/file/4a0d7d71ba4692f70972ca28028f943a5cb56086f4fed16829f276a6d70fbc38/behavior/C2AE 195.133.40.157:9909 195.133.40.157:8808 rocking.ddns.net # Reference: https://www.virustotal.com/gui/file/a352ce2dcf084f7017ee2f287678a5852470b9f64f00988a51104d9370a442fd/behavior/C2AE microsoftstore.ddns.net # Reference: https://www.virustotal.com/gui/file/7bbc45943986a1f5886ca429f3fadde428a7936c2e3a421b5f8f24e06ace0308/behavior/VirusTotal%20Jujubox 196.170.63.108:6606 196.170.63.108:8808 zeroxzerox19.ddns.net # Reference: https://www.virustotal.com/gui/file/6c5a78bc2995bd9098af7b5b2cc18b3763a5c16b8960847d8d1518ea03fa5262/behavior/C2AE kalilinux123.ddns.net # Reference: https://www.virustotal.com/gui/file/3a466603350e269cc3c6d47e9467525319d96b93abf4a4f94aa81ef616409792/behavior/C2AE 192.169.69.26:1884 dgrthdg.duckdns.org # Reference: https://www.virustotal.com/gui/file/19261c2bcb77b1f207415ca68e845ee2d7bea24d870b0543233bb277c1c3416a/behavior/C2AE 142.126.121.109:9897 eeeeeeeeeee1111333.ddns.net # Reference: https://www.virustotal.com/gui/file/511be2e5f0ecf8da123bd5eaf462869233c658c88f4ab6c5472792f62a67a898/behavior/C2AE 91.109.186.6:8808 91.109.186.6:6606 91.109.186.6:7707 milla.publicvm.com # Reference: https://www.virustotal.com/gui/file/0cf2d9d9b8cf8181784372da15e5c19918577d9462eb38de60f2cd48ef793685/behavior/C2AE 185.157.160.198:1973 # Reference: https://www.virustotal.com/gui/file/4556c1debf74fe9cdc70eeae3ad1737867f12aafe5f129f2e4c32c3bca5d2373/behavior/C2AE 119.91.81.102:10050 vaoz.hopto.org # Reference: https://www.virustotal.com/gui/file/cef377096aa29c2d56751c604f9c12149596aed21307ae70889367b3717820c3/behavior/C2AE 41.225.94.19:6606 41.225.94.19:4444 41.225.94.19:8808 41.225.94.19:7707 nosnos89.ddns.net # Reference: https://www.virustotal.com/gui/file/49af85ae6afd7dd5c5df440d8c6043c2c14f206a8aaeda0dc2d8d2fa4942faa9/behavior/C2AE 128.127.209.204:1188 ethanily7lm.ddns.net # Reference: https://www.virustotal.com/gui/file/aa8b3ea0e61c4e7951f01a7934c1b500a57afabbac14f794036723048bdd2959/behavior/C2AE 193.161.193.99:6606 193.161.193.99:7020 193.161.193.99:45415 193.161.193.99:8808 193.161.193.99:7707 sherlmes2-45415.portmap.host # Reference: https://www.virustotal.com/gui/file/f77b792b18ed388d1223539319cac1d6c2ec1af3193325aca3d0094160049ad0/detection 91.109.176.3:1010 poplll.ddns.net # Reference: https://www.virustotal.com/gui/file/e55a4da819c806619edb25aba1ae1e1a4b95f46861b636f9958f910166e34cf9/detection # Reference: https://www.virustotal.com/gui/file/dd1fb521c590a121ce61b6a422c1ec3212248c4973f47be6ddcaa2189d410966/detection 91.109.176.3:1100 91.109.176.3:1122 shero21.ddns.net shero21.hopto.org # Reference: https://www.virustotal.com/gui/file/918aca7c4e894fac419afbf9d3b933604bd354f84c819a4241a8a9a7bd81c9ca/detection 91.109.176.3:3242 brikol32.hopto.org # Reference: https://www.virustotal.com/gui/file/c8ca46366ec70b0463b3ee7e747c1c22e1d42f7e7e77e0e896edf99aebdbeb10/detection 79.134.225.77:9532 79.134.225.77:9690 # Reference: https://twitter.com/pr0xylife/status/1450398699121750019 # Reference: https://www.virustotal.com/gui/file/3959233284f7f4a7bec2a314820e3b8e073591a31dfe8c43a03f7a24833b7fd3/detection 139.28.37.182:5200 # Reference: https://www.virustotal.com/gui/file/47ba489de1983d8cba9e284e4ff259ec8fee5fd95464953483c16af9ded7f499/detection 37.0.10.5:1553 # Reference: https://www.virustotal.com/gui/file/0a8ca65757f6c874a8d6124b06c9661f7066a6508d887ed93119539b17de39f3/detection 51.222.98.71:23411 # Reference: https://www.virustotal.com/gui/file/62b91b016641d20e062da305675e6b9ebdc8166c0406c6c151deb00a3b0eea35/detection # Reference: https://www.virustotal.com/gui/file/caaa9c3c18c70d0fa3ce8eeb331098923c5d66c85852d61ff35e44ef3717d552/detection 194.85.248.50:1616 45.144.225.178:1616 bbccdd.duckdns.org # Reference: https://www.virustotal.com/gui/file/44c2e5015639f92b300d495be689bb6f5973c650dc0ac861d77ae97cb21b7807/detection 144.126.141.41:6606 144.126.141.41:7707 144.126.141.41:8808 # Reference: https://www.virustotal.com/gui/file/ac89daad73dd89dc4a2f4fe58a4a5ab29b14bdecf1710a172bc58ea513e6c3e4/detection http://149.56.200.165 149.56.200.165:6606 149.56.200.165:7707 149.56.200.165:8808 # Reference: https://www.virustotal.com/gui/file/665dc88a9cccd536d40ac75c3eb23de8d1d5e95aee504f0ce31f4b31db81d468/detection # Reference: https://www.virustotal.com/gui/file/ea068c51c9036a7fabe4d259e1447154b9bce2ab58d8a5feec10012c72595955/detection # Reference: https://www.virustotal.com/gui/file/7768e84058b04954d258242e0e36804d74aa93cd96ea0c32aad85af86e2040c9/detection # Reference: https://www.virustotal.com/gui/file/2b7dbd887c6917e12d524ce2b2de699908df59566500acef015660d379cb8205/detection 186.169.35.22:9194 186.169.42.167:9194 186.169.52.151:9194 186.169.76.22:9194 anysdk.duckdns.org # Reference: https://www.virustotal.com/gui/file/6f194457591e38ef91c704ee2e78d676158721b7123c5d6f1f7ab893525c1d0f/detection 5.36.102.135:6606 5.36.102.135:7707 5.36.102.135:8808 # Reference: https://www.virustotal.com/gui/file/853274bbcb0c9406640b129d9b5ec887e31da0483b1c5b1204b13369361fa7cc/detection # Reference: https://www.virustotal.com/gui/file/3b378370df4ccdf42f83ac4ca27c77c7a84e76f370e6a1fd0f0cd997c7862eb5/detection 89.10.111.40:3074 getfucked69420.ddns.net # Reference: https://www.virustotal.com/gui/file/12547cac918d152b630f82bc88399322ea3537082f0eb167e5e3915fef512037/detection hhahkek.ddns.net # Reference: https://www.virustotal.com/gui/file/9a0bcd595c00fac69969827f5c83d08bbe6bb5f5d29b2a9bd294e9618ecf1cc4/detection 193.183.217.94:42431 # Reference: https://www.virustotal.com/gui/file/b0106b10a4ec8d9be9349ea21ce7d8810884a54e65a025a1c57d282eb5b49b73/detection 20.113.56.70:1939 yarakkurek31.duckdns.org # Reference: https://www.virustotal.com/gui/file/6ef6850e025b28edccc2d716a969257368082a7e64a6c73253315881fa3da18c/detection # Reference: https://www.virustotal.com/gui/file/d7275e118bd4932e36789d4c03147c3efe3a31ea9c719b8e93d8697baabfbe4f/detection 103.1.184.108:4000 216.250.97.121:1568 216.250.97.121:4000 216.250.97.121:6220 216.250.97.121:712 mycollege.duckdns.org ournewos.duckdns.org # Reference: https://www.virustotal.com/gui/file/8e57ba59e782cb55787620258867e2c64d2e30ee02924f02a6e9e61a9b6775a4/detection # Reference: https://www.virustotal.com/gui/file/7a2c578192832bb2e9282ff4c79c8d0b0c51e4c2b90680e4752f738e6ae37926/detection # Reference: https://www.virustotal.com/gui/file/0e3cda3174da3842c349bfcaa42f79b634314859cd2dbb60fb254ba2ea265524/detection 194.29.101.219:81 216.250.97.121:81 42.106.199.93:81 medicalservices.publicvm.com # Reference: https://twitter.com/ScarletSharkSec/status/1476615969191731215 # Reference: https://app.any.run/tasks/0560b542-81d1-4214-9f3a-d89ca1cf3adf/ 144.126.136.214:3101 imghost.myftp.org uspsform.info # Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b # Reference: https://www.virustotal.com/gui/file/769c5c1d9681b468b84a14af0c33ec4ee786f8c7a0eecf7819bd9286cab2d474/detection 185.140.53.178:1515 # Reference: https://www.virustotal.com/gui/file/f2e9cc84d53231470b1fa5491464a00cb7562000a56e0ce8264a61783e44ed75/detection 185.244.30.58:62750 # Reference: https://www.virustotal.com/gui/file/0df8f6927d1c11bddd28ac7ce0699bb205c36c7d690c5ca9db3109bcc319904f/detection # Reference: https://www.virustotal.com/gui/file/9bd27defdb0f664430d2775c7cdfe585bd87052e856ff07f124a416eacc01b32/detection # Reference: https://www.virustotal.com/gui/file/262fe30f28e10a70ff92f0936f1934664e6c55d6a0b7e9541370d75bb62165bb/detection 2.97.222.100:4272 2.97.222.100:5000 2.97.222.100:5321 2.97.220.50:5321 3.141.142.211:16656 3.141.142.211:4444 3.141.142.211:5321 3.141.142.211:6942 # Reference: https://www.virustotal.com/gui/file/c0f7710298626ad629721a8683adbea6d73db902d3bcdc782c7fd1b524646392/detection 92.15.9.84:5000 # Reference: https://www.virustotal.com/gui/file/4094cb0eaf6d140e67eb7f3a09043ae48a1ff92ed749ba81ff471bc24f2e3747/detection kingg32.ddns.net # Reference: https://www.virustotal.com/gui/file/96bf189c954cf26d2aa54d3e9da9e06d2fbefe5922b48b12b5302fbe0b64e2cb/detection 105.112.70.6:6606 105.112.70.6:7707 105.112.70.6:8808 rainbowsmile.freeddns.org # Reference: https://www.virustotal.com/gui/file/9945c3e1fd6ceb2e42f17983cbc5e71e28220bb9b9785fc5c7747f299312b2e2/detection 45.142.212.31:6606 45.142.212.31:7707 45.142.212.31:8808 # Reference: https://www.virustotal.com/gui/file/62e268ffe865dbd7d75337c7e9a3c0607942e4c57e67ff2d68f00bc68a4ece5e/detection http://119.17.214.76 # Reference: https://www.virustotal.com/gui/file/577060714ee5177e501acbc7cbffdb5589dc21bab72307062aa7883ed14f4442/detection 109.228.37.222:20000 213.171.211.204:21000 dlldns.xyz # Reference: https://www.virustotal.com/gui/file/48d25c5b9b73012e8b2df3579c75ffdaa1f9d1686d6155bea7c1d5a5065f229f/detection 79.134.225.79:6606 79.134.225.79:7707 79.134.225.79:8808 planst09991.duckdns.org pureloader1.ddns.net # Reference: https://www.virustotal.com/gui/file/c144524875b9b3d451ed3d075e879677cd84fa50093063a395648551717e3fa3/detection 207.246.86.113:8888 207.246.86.113:9999 # Reference: https://www.virustotal.com/gui/file/765a57140b17fcf2388544f17837ef208ad578e92602bc972e42fab41ef33834/detection 207.246.86.113:1986 # Reference: https://www.virustotal.com/gui/file/10a87fd245cbee46c1565d369a0276d9e25a4540977af9f132dae6257040b155/detection 207.246.86.113:1988 # Reference: https://www.virustotal.com/gui/file/fa07402a7655d9e2fc0558ab22b75c004602e35ec5e3310b7e264e6ec2a79fb5/detection 149.28.35.14:8668 # Reference: https://www.virustotal.com/gui/file/45995c61073b4228eef6414c0ffd9357429c6945f731e4d8150f779994143425/detection 173.225.99.230:9966 # Reference: https://www.virustotal.com/gui/file/6f3b7811c3e549e0d8b77fa1bd511ebf55ebc8f276446ce77184c6df665f8a28/detection 185.144.28.238:8848 # Reference: https://www.virustotal.com/gui/file/98c1afc5a3d52830e518a8ba4fb2950aa28147efd5cc8bf08386cde9b579c142/detection 104.207.152.120:1868 # Reference: https://www.virustotal.com/gui/file/d887313a40393517370c184c6afa227305a91c05d96d8eda6bf74f133654e572/detection 194.33.45.165:6666 ahmed2611.linkpc.net # Reference: https://www.virustotal.com/gui/file/2079ee598c065e370547a1522995502ccdff9ca9878963b86b285489c165b176/detection 2.56.57.210:1444 2.56.57.210:89 # Reference: https://www.virustotal.com/gui/file/23bb1ec79732017c4f1ce1a41a07bf9df4c9dcdbb8c79ebfa1b3e83f4538c573/detection # Reference: https://www.virustotal.com/gui/file/6cec9b24677f0912fe91b0b40836752be09888e6c2b1783f51c9a7aa6827b864/detection 154.118.104.174:61857 154.118.104.174:61974 2.56.57.210:61857 2.56.57.210:61974 artedriendfrim.hopto.org famesurvelizerditis.sytes.net haldriendfrifaimano.ddns.net reoildriend.sytes.net riemaldriendfri.sytes.net tancesucesm.chickenkiller.com universalchampionis.zapto.org # Reference: https://www.virustotal.com/gui/file/63ef801de07c0cad9af70847fff881fc454ed5430f289b95581399b4aee809a0/detection 103.151.123.194:7829 103.151.123.194:7840 103.151.123.194:7841 103.151.123.194:7842 asyncmoney.duckdns.org asyncpcc.duckdns.org # Reference: https://www.virustotal.com/gui/file/47f83bc0ad5cec2e365409f45ba67220e8ecf9a7313a38caef08fd9559e8a2ba/detection # Reference: https://www.virustotal.com/gui/file/edf90d101a43361dc1245ebc74132e08f54db942af670377c431003e85534b22/detection 13.82.65.56:4021 64.188.16.134:4021 yuri101.duckdns.org # Reference: https://www.virustotal.com/gui/file/68106918876232b746129b1161c3ac81914672776522f722062945f55166ba68/detection 23.102.1.5:6230 23.102.1.5:6231 23.102.1.5:6232 dccrypa.duckdns.org # Reference: https://www.virustotal.com/gui/file/b7f3d1dd2aa804eb498480b7a3b03ea003efb665005e844e51be5b8ab9dc8e79/detection 23.102.1.5:6121 asyncspread.duckdns.org # Reference: https://www.virustotal.com/gui/file/456ae44a137a75594a129beed2a917afa00e94b79825fd9500c6b07da69310b9/detection 103.151.123.194:1990 meunknown.duckdns.org # Reference: https://www.virustotal.com/gui/file/a3013ca2f3bee249886bfa72085ae98f31ff49ab7b0e0bb4de883e94d88cd9ed/detection # Reference: https://www.virustotal.com/gui/file/597e67048274e435928e11acf5e712b932695b1eb343398559fa83993c91296c/detection 88.111.229.212:6606 88.111.229.212:7707 88.111.229.212:8808 88.111.229.212:20000 88.111.229.212:21000 # Reference: https://www.virustotal.com/gui/file/7bc5ed12f076a174ab2b7e39ace5f88cfe695c75f3bc67701f42736be6de04a7/detection 88.111.236.191:6606 88.111.236.191:7707 88.111.236.191:8808 88.111.236.191:20000 88.111.236.191:21000 # Reference: https://www.virustotal.com/gui/file/c743735f89a5586315aeba456f9f4167a3365ea070d9d631e35aeaad4772d09e/detection 92.3.192.170:6606 92.3.192.170:7707 92.3.192.170:8808 92.3.192.170:20000 92.3.192.170:21000 # Reference: https://www.virustotal.com/gui/file/4d13e663aebabe2376c4f231356688108b5a124e0aafbc1717efa9f82e23f2b2/detection # Reference: https://www.virustotal.com/gui/file/eb918b8f920a7f710cbd2460ba6132a177996912cc0ef6144ac824e3e37e4fdb/detection 104.21.13.168:5380 172.67.200.214:5380 37.238.146.36:5380 91.109.190.3:5380 fact.azad.live # Reference: https://www.virustotal.com/gui/file/a672aa201c4172fb50bbf332a57a25c399e1c0a881f09ace05dbcc77d859627e/detection 46.246.6.11:9000 david123456.duckdns.org # Reference: https://twitter.com/1ZRR4H/status/1485771167948546048 # Reference: https://tria.ge/220125-adlgqacfg6/behavioral1 104.249.62.71:4212 strekhost2030.duckdns.org # Reference: https://www.virustotal.com/gui/file/fd607e03512a15e3bf9dd3c80dbca2b9235012004cb9b69fa05df2f5344037ef/detection # Reference: https://www.virustotal.com/gui/file/8b022a46d08a7cf80f1141e534f647d1113fe87426e01dc35465f62bfd5052da/detection 189.146.59.185:81 201.121.135.170:4449 3.14.182.203:26008 3.17.7.232:26008 3.22.30.40:26008 venom5002sitask.6te.net venomsi.mypsx.net /venom5002SiTask/ # Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign # Reference: https://otx.alienvault.com/pulse/61f2ace89496fafe74bbb9c7 11l19secondpop.ddns.net 2pop.ddns.net elliotgateway.ddns.net newopt.servehttp.com newsa.ddns.net nomako.ddns.net pop11.ddns.net python.myvnc.com wthcv.sytes.net # Reference: https://www.virustotal.com/gui/file/d775bef532e71e692eb0e66292da60db38864a4f3dba5d2382ace1992ddd55f3/detection 212.192.246.239:1001 # Reference: https://www.virustotal.com/gui/file/9d17ef60c2fe51c9ddd8c03a519059d3eddfd2ac8803ac5d7d91a71075810887/detection 212.192.246.239:228 212.192.246.239:901 # Reference: https://www.virustotal.com/gui/file/4743f18e28808ce90f8c9197c112fe5ceeb91c20f41b92a00034e2884cab1907/detection 212.192.246.239:8000 # Reference: https://www.virustotal.com/gui/file/d0b02f3290dc695e0d9e63060a3dcad7d351c7db7570d656da965ba95f1368b7/detection # Reference: https://www.virustotal.com/gui/file/ee64468498a36ca484a8ea1079b6e125590749dd2535c7cbfb0b24050b10dd3c/detection 209.127.27.27:6606 209.127.27.27:7707 209.127.27.27:8808 crypto-support.network myvps2022.ddns.net # Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign 178.238.8.233:6606 178.238.8.233:7707 178.238.8.233:8808 python.blogsyte.com # Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection 194.127.179.238:8855 # Reference: https://www.virustotal.com/gui/file/f95c8ace1331a172303a2f2cea8edc805203156e499012df465a158246495cce/detection 216.250.249.156:1148 216.250.249.156:1560 216.250.249.156:1985 23.95.115.74:1465 23.95.115.74:1560 # Reference: https://www.virustotal.com/gui/file/f6092f6961226ced6b4858af475736af69ac36f35dea6f539eb552dad3b00fbc/detection 104.37.174.26:1985 104.37.174.26:4040 104.37.174.26:5050 216.250.249.156:1985 216.250.249.156:4040 216.250.249.156:5050 # Reference: https://www.virustotal.com/gui/file/f54d3ce36fea6ef51b10501d96f8e82deab82440005200ef16f88e4154d923ba/detection 216.250.249.156:6606 216.250.249.156:7707 216.250.249.156:8808 # Reference: https://www.virustotal.com/gui/file/f25eb7952a3cea441effa29b4b95ac46269fb8ab56e39166a0e56ade8f7bdf5a/detection 216.250.249.156:1148 216.250.249.156:1414 216.250.249.156:1465 216.250.249.156:1759 5.230.72.3:1148 5.230.72.3:1414 5.230.72.3:1465 5.230.72.3:1560 5.230.72.3:1759 5.230.72.3:1985 # Reference: https://www.virustotal.com/gui/file/ca2f1fd98c74804cf417f07a86db13a71baed4647e919a110a82df0bfba02e85/detection http://5.230.68.154 # Reference: https://www.virustotal.com/gui/file/c507346693107714c35dae061f39b4af97f7ee55a12e7fbb689ca62405af7414/detection 51.210.48.148:6606 51.210.48.148:7707 51.210.48.148:8808 # Reference: https://www.virustotal.com/gui/file/ba1c40946756613c5321bea71118ec169096783344d0aca7e9ee5e0ac62b07ef/detection 216.250.249.156:1980 216.250.249.156:1981 216.250.249.156:1982 216.250.254.208:1465 216.250.254.208:1560 216.250.254.208:1980 216.250.254.208:1981 216.250.254.208:1982 216.250.254.208:1985 # Reference: https://www.virustotal.com/gui/file/b135b4f9bbc86735c19170c9728466e972f5985ccef6f44fc39b50e24987b0fb/detection 104.37.174.26:1759 5.230.84.50:1465 # Reference: https://www.virustotal.com/gui/file/a576dd4d6b216109bf7044bc90ebd70a2205bffb43272b28f8f112b480eecea5/detection 193.29.104.186:1465 193.29.104.186:1560 193.29.104.186:6606 193.29.104.186:7707 193.29.104.186:8808 216.250.254.208:1465 216.250.254.208:1560 216.250.254.208:6606 216.250.254.208:7707 216.250.254.208:8808 # Reference: https://www.virustotal.com/gui/file/832ed387078d95665e268d6fc1da6b62f9c785049c1a479bdb9eb45e8945eadf/detection 14.18.141.27:33355 # Reference: https://www.virustotal.com/gui/file/5c7887914b2ebb56fc762b555093719b30978e7d603ee1ba198f288090bec15b/detection 104.37.174.26:4848 216.250.249.156:4848 # Reference: https://www.virustotal.com/gui/file/19247536d1bb8035395a3a2bca3ecb17c36ddf48fee86a00d9d6e3e4bf622f35/detection 104.37.174.26:2018 216.250.249.156:2015 # Reference: https://www.virustotal.com/gui/file/ceaeb1dd68355d7a47455dffd00f3ab735e295c2aad6d7c0d754f371af3e0093/detection # Reference: https://www.virustotal.com/gui/file/c0d614d65f3710bac72f12f0dbd86b77971f64a7fd3dad978ccde2d0e4d7d39f/detection # Reference: https://www.virustotal.com/gui/file/6c2ee1611af326cf2c791ef63f6816ee8364fcccfc7a2facb5dbbb82bf310fe3/detection 185.110.106.210:1337 185.163.218.120:1337 81.94.199.203:1337 kho8arje.ddns.net # Reference: https://www.virustotal.com/gui/file/fd8419faf4dbccd31e6305cb19cb9043dacaea147b38d1c0e78105802a9d99df/detection 45.144.154.150:1095 45.144.154.150:1097 45.144.154.150:1098 45.144.154.150:1604 45.144.154.150:18 45.144.154.150:4782 45.144.154.150:4784 45.144.154.150:59 45.144.154.150:5900 45.144.154.150:9495 alemdar571.duckdns.org # Reference: https://www.virustotal.com/gui/file/ef3108a8fa42fa5ed82f82a3c9d7d9f5cd2b35dd653127585977578321ce21d0/detection 189.38.106.99:8080 # Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_03.02.2022.txt documents.pro.br # Reference: https://www.virustotal.com/gui/file/00ecb52e6754df0b9b25f896e8d923d6fc11c80fa333df430d1c3e3c94a7a404/detection 201.212.135.172:3042 # Reference: https://www.virustotal.com/gui/file/a829a8001f09c89ec992913ea3a6d2bde958779e8a7788d9d2a0e1e319e316bc/detection 173.44.55.179:13294 173.44.55.155:48241 kumar.airdns.org minchia.airdns.org # Reference: https://www.virustotal.com/gui/file/5511ab25c4f241c5683ad0b26452c2c474841dce3666010d723243f987b06872/detection 3.131.123.134:24138 zealous-fire-94898.pktriot.net # Reference: https://www.virustotal.com/gui/file/2b4fcba2cacdd48089b43c746a24cda262ee87db830bd9aaf9ee82f5cb900de5/detection 79.134.225.90:83 confucanism.hopto.org # Reference: https://www.virustotal.com/gui/file/443858dce1aeb48c098475dcf1f04c286a6d69593a41613436f05fd12fb35bc9/detection 51.89.253.23:6606 51.89.253.23:7707 51.89.253.23:8808 3laallah.myvnc.com # Reference: https://twitter.com/peterkruse/status/1492796546525638656 # Reference: https://www.virustotal.com/gui/file/76854bcfb1fe0e8baf04c994cf4db49f5445e77201535ca49616a23c0ca69004/detection # Reference: https://www.virustotal.com/gui/file/4a7484b8027c04f1b339c56ab4bc40ba6b8bb876507d421a59807684aab1e83c/detection 159.65.243.143:8080 20.113.159.145:3162 # Reference: https://www.virustotal.com/gui/file/9cd3f611b2d854917d5d0229d7440b30f2610984d51a5cf591591fd156558973/detection # Reference: https://www.virustotal.com/gui/file/3cf3c75627a9a6813f7d5f708c88d2d41c6d18e92fe9dea86bb370c6b816bf40/detection 199.195.253.181:6606 199.195.253.181:7707 199.195.253.181:8089 199.195.253.181:8808 prhostings.duckdns.org # Reference: https://www.virustotal.com/gui/file/d9f2bab44100729ed79b2acaf2b8f1cf3b665d55988847e06b19ec0625f25fed/detection 37.221.122.76:6606 37.221.122.76:7707 37.221.122.76:8808 jeazerlog.duckdns.org # Reference: https://www.virustotal.com/gui/file/d8a413d1ff3f0d7cc9e07393e720b54403c0d180157065b7d0c81c090124a73c/detection 179.13.2.243:4204 strekhost2031.duckdns.org # Reference: https://www.virustotal.com/gui/file/bee9c217ba2e0a439775033e5abba4a999bebe29474dda7011d67e77173598aa/detection 107.128.170.0:1604 monkeygame.duckdns.org # Reference: https://www.virustotal.com/gui/file/b74da435a84b6a240fdefcb357abb948e5451fa11dd48e4381b9897abf1cd267/detection 46.183.220.49:46422 46.183.220.49:6578 chonglee575.duckdns.org # Reference: https://www.virustotal.com/gui/file/10037dcdfbe006f14125b3b5fec8ab336ce996c1fe8af03114597b51d446b843/detection 141.255.144.69:6665 141.255.156.217:2020 141.255.156.217:6663 45.164.102.81:2019 45.164.102.81:2020 45.164.102.81:5000 45.164.102.81:6662 45.164.102.81:6665 hotelposeidonia.ddns.net putha.duckdns.org # Reference: https://www.virustotal.com/gui/file/9917e1b3643ebd9b87d96eaa225e293b4ab0a92f78f0df1f99efd85cf220f469/detection 86.156.139.211:32244 86.156.139.211:6606 86.156.139.211:7707 86.156.139.211:8808 venos1245.ddns.net venos12678.ddns.net # Reference: https://www.virustotal.com/gui/file/61309fd4c88c63e431b06b603aa83b1e3b1326ade092502675597b1469150e39/detection 191.248.178.226:7777 kklele.ddns.net # Reference: https://www.virustotal.com/gui/file/f561b5e40ebff43e78dd61cb03ac5300aa6dce51cfe67bb288d3bec154effd69/detection 102.186.16.48:5556 asg1.ddns.net # Reference: https://www.virustotal.com/gui/file/d4d90420777353fb8faece913558695e0ffd478cc0fccdd6ef316ce68b118a83/detection 163.123.142.141:6606 163.123.142.141:7707 163.123.142.141:8808 163.123.142.251:6606 163.123.142.251:7707 163.123.142.251:8808 mywatermoney.ddns.net # Reference: https://www.virustotal.com/gui/file/c3d26b6aed4ef3cf1d0cf3d53e5280a11367cb792db7b13c50ffc695d77d0e80/detection 136.243.111.71:6606 136.243.111.71:7707 136.243.111.71:8808 # Reference: https://www.virustotal.com/gui/file/5bc250fe115f0af94d9d57840c5aa4ddc91b5c3f4100edba4e154cd438e8d682/detection 20.123.180.103:1337 20.123.180.103:6606 20.123.180.103:7707 20.123.180.103:8808 # Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_28.02.2022.txt 52.15.81.204:6606 52.15.81.204:7707 52.15.81.204:8808 nsysc.duckdns.org # Reference: https://www.virustotal.com/gui/file/3a2bcee2582e82d8caf5a85d4b3a8b5d779313aead59394e43cb0577e2ac5caa/detection 91.193.75.222:1337 # Reference: https://www.virustotal.com/gui/file/23d9cd92f8a143d8c11189ea65e238954e8dac8da8a8867cf243eb199af2a45f/behavior/Zenbox 216.250.97.121:4242 darkflood.ru # Reference: https://www.virustotal.com/gui/file/02c4db3938f02e93ac275981ac2121254191a76732235e574d20f70f89a415d0/behavior/Microsoft%20Sysinternals 20.113.168.5:5552 # Reference: https://www.virustotal.com/gui/file/a03a750c266a3440bad4bdbf1a6539a5f3108d4b1701049167dce3c21b8892c9/behavior/Zenbox 144.126.209.63:7707 144.126.209.63:1443 144.126.209.63:8808 # Reference: https://www.virustotal.com/gui/file/a42aaf89dfaf1dc938def40171798b2a5e641da48851a30cc83e46243d677341/behavior/VMRay 181.141.6.14:1543 async19.duckdns.org # Reference: https://www.virustotal.com/gui/file/b75253da4ffdfd8ffb110066ed246127053b71f331210dcab40581fe9529dd1b/behavior/Microsoft%20Sysinternals 105.155.171.124:1177 virustheonluone.ddns.net # Reference: https://www.virustotal.com/gui/file/f1d52de14a1e669c219644cb3cbd8f5e7155799334b9f43576cdaaf985feab29/behavior/Microsoft%20Sysinternals 156.204.146.6:1177 mokea.ddns.net # Reference: https://www.virustotal.com/gui/file/356d357fd1d8ebbce5b44f0e2fc758f08b0ddd8fbba0e5d705c7f3b823c61194/detection 41.140.166.138:8080 amineaskary234.ddns.net # Reference: https://www.virustotal.com/gui/file/c87370e8e2e08a93f6becca89df295a17a6c8136edadec5522360cee30b6a2d4/detection 2.89.88.55:8620 nydarcl0b.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1501663331458818057 # Reference: https://app.any.run/tasks/8cc8d2fc-f24a-42ea-9db8-ca2bceb791e6/ 217.64.31.3:6606 217.64.31.3:7707 217.64.31.3:8808 217.64.31.3:8437 # Reference: https://www.virustotal.com/gui/file/14217d54e50cb1750df957ee13ceddfb0775e9df7b286dbbe8bccfde89e8462c/detection 123.27.146.13:6606 123.27.146.13:7707 123.27.146.13:8808 spikevntm1.ddns.net # Reference: https://www.virustotal.com/gui/file/2d2351681ab5a3fc5d448474986d26cfe06fe6f889435523fd2a1f1c9e7b684c/detection 41.238.79.40:1177 41.238.79.40:4444 eeent2am1.ddns.net ennt2am11.ddns.net matrixhack9.ddns.net # Reference: https://www.virustotal.com/gui/file/fcd5fc495b4f81bf91491b52e1759cf93794bf135fed6469a5d1e0663dfb6c3e/detection 94.204.143.223:6606 94.204.143.223:7707 94.204.143.223:8808 exelelo.zapto.org # Reference: https://www.virustotal.com/gui/file/a9e0e20979d2a5ee73322a2dd94bed304e2586d91d01808130ffe1ae6c043a69/detection 142.114.120.140:8080 rezan.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1508822431422582785 # Reference: https://app.any.run/tasks/bbe72cb9-d347-4b41-8517-99be1dac9a07/ 79.134.225.89:5900 crazydns.linkpc.net # Reference: https://otx.alienvault.com/pulse/6244476ff6012996f9a9cba1 hahakek.ddns.net # Reference: https://www.virustotal.com/gui/file/abfbde0fea7eba7c409710cafb5a7fe2b2315b4a95898420117ad5088ad4c6b3/detection # Reference: https://www.virustotal.com/gui/file/a81a4b5eaea54fad12b6fc2e4b1eae62f30a2a9ba1d1abb94ca85e58dbfa8623/detection # Reference: https://www.virustotal.com/gui/file/a81a4b5eaea54fad12b6fc2e4b1eae62f30a2a9ba1d1abb94ca85e58dbfa8623/detection # Reference: https://www.virustotal.com/gui/file/a5488fe77d6f68e3512c20b5ffd2105265ae55f50f872fe9b3429b39ed16b7de/detection 43.133.1.136:48214 45.133.1.136:5579 sivnquldmiqa.ratkings.net # Reference: https://www.virustotal.com/gui/file/fa0a7de603a1fa1dc694862999423e093b8f5285498607d27c1a6074a00455f5/detection # Reference: https://www.virustotal.com/gui/file/9dee44e6c8075f0f369cde080e56edca0e2fb93b59520dd99a2884ea7b55c7f9/detection # Reference: https://www.virustotal.com/gui/file/75a1202f0bc5aafe9d205c52416c1bc5b1f2976edb490dffc812f4197bb02277/detection # Reference: https://www.virustotal.com/gui/file/4f1dcb5778a57d02f7cb485e2d76234ce1913bcc872535221966d596c78056d0/detection 2.56.59.227:4455 212.192.241.41:4455 pnake.000webhostapp.com vuqozgiamcvoe.ratkings.net # Reference: https://www.virustotal.com/gui/file/98e74bdca833fffdeadd8aaa3887c60eda29d658e35c7e02a6e364c6a0566039/detection 178.238.8.233:6606 178.238.8.233:7707 178.238.8.233:8808 pythonn.linkpc.net # Reference: https://www.virustotal.com/gui/file/00abaec0096cdb5a62684479e06fae3c39632e15adb436d2e7e975e9f2cf8c96/detection 89.134.228.127:45000 empirehosting.ddns.net # Reference: https://www.virustotal.com/gui/file/bd2260b469f9c0504fa2156fe99ce3eb54a093a185c09cb5e0729114ff13a100/detection 194.85.248.87:6606 194.85.248.87:7707 194.85.248.87:8808 194.85.248.87:9807 asylimited.duckdns.org # Reference: https://www.virustotal.com/gui/file/6e5bc57767ea314f50262e10884e592ac5e833165d85db41e2033baaa7c5682d/detection 185.19.85.133:6606 185.19.85.133:7707 185.19.85.133:8808 185.19.85.133:9807 # Reference: https://www.virustotal.com/gui/file/2a0eb4a2eace0686d5ef6c83dfbd9065f46055b8446e1bb67dc58df5be480d43/detection 91.193.75.132:6606 91.193.75.132:7707 91.193.75.132:8808 91.193.75.132:9807 # Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_05.04.2022.txt 195.62.47.132:5311 37.120.141.190:5311 hrjekd.duckdns.org mcgarryrob9.duckdns.org msmonday21.duckdns.org vernomqmonday.duckdns.org wsfgv.duckdns.org # Reference: https://www.virustotal.com/gui/file/642af4b4d12bb24a30e617317bc1785aafc4176e8c3ca8abadff04bd61368d18/detection 178.238.8.201:6666 helpher.linkpc.net # Reference: https://www.virustotal.com/gui/file/5383c008207a242411c692a017d677e0a7f4b790b2962ded2fe3f2b1a9e0accc/detection 208.51.61.44:128 help-microsoft.dnslive.net # Reference: https://www.virustotal.com/gui/file/d3502dc6519cc2395fd39b603c925d7ff61fef6d78cb89a23254905b9eeaff97/detection update.myiphost.com # Reference: http://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html anderione.com mekhocairos.linkpc.net n.myvnc.com # Reference: https://www.virustotal.com/gui/file/1ff86b4d3d1a04b48064bc64940010c469a106db236e261ac106053411641b7d/detection 136.243.111.71:1166 # Reference: https://tria.ge/220404-dwb8jshec2 212.193.30.54:9524 # Reference: https://tria.ge/220327-27nygsadap 71.81.138.151:6606 71.81.138.151:7707 71.81.138.151:8808 uhhfuckmedaddy.hopto.org # Reference: https://tria.ge/220330-ckkvwaeed9 118.184.78.78:6606 118.184.78.78:7707 118.184.78.78:8808 mytestserver.myftp.org # Reference: https://www.virustotal.com/gui/file/29ece6628445e46733703f70aa521fc207b5475fb1e620a97c2e8fe55f547fab/detection http://78.46.133.215 78.46.133.215:6606 78.46.133.215:7707 78.46.133.215:8808 # Reference: https://www.virustotal.com/gui/file/d45978f809cb4ce3ad9ef5ba7719b137b9d0ef02315d77f6fb30e10aa1c465f3/detection 177.36.170.206:6606 177.36.170.206:7707 177.36.170.206:8808 myhost47.accesscam.org # Reference: https://www.virustotal.com/gui/file/04adf54cb3faa4aa1fc78aa4a567a69e9e4b4d48661b2619c3d82dc9569f538c/detection 188.82.222.181:6622 davidgayne.ddns.net # Reference: https://www.virustotal.com/gui/file/a89725461034445d1b80d5fc5207595d1842cfcf1dc13d6dbb853617c0bdefa9/detection 64.188.13.46:8080 64.188.13.46:9788 # Reference: https://www.virustotal.com/gui/file/a157e62c8fcf8c20202cb64d6b295379fba158677d9776c6001db1352b4d9feb/detection 64.188.13.46:1786 # Reference: https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader # Reference: https://otx.alienvault.com/pulse/6144852424a73a80ade66aa3 # Reference: https://www.virustotal.com/gui/file/4591eda045e3587a714bb11062eb258f82ee6f0637e6aa4d90f2d0b447a48ef7/detection # Reference: https://www.virustotal.com/gui/file/cf09a3807622d7c2e0c9422bcee04ed53a08a230204de7f5818405e7f8dca16d/detection 185.163.45.104:456 gjghvga7ffgb.xyz huugbbvuay4.cn windowsupdatecdn.cn # Reference: https://www.virustotal.com/gui/file/794929f8ae932ae3bfd16c3f013b7b32a025a07a0583f2d9b2d272b736284ef0/detection 45.242.44.194:2323 updatefacebook.duckdns.org # Reference: https://www.virustotal.com/gui/file/b9eba1c7c318b24ba7a01b71e004b6e8b17d91d3e28721977e974696d8e88be6/detection 23.105.131.166:6606 23.105.131.166:7707 23.105.131.166:8808 # Reference: https://www.virustotal.com/gui/file/abe5225238fb82b6ad7d2942d931bb109538395e734d296bc9ac55ae1d6ddf71/detection 2.56.57.222:6606 2.56.57.222:7707 2.56.57.222:8808 # Reference: https://twitter.com/phage_nz/status/1516977615378079745 # Reference: https://tria.ge/220421-dfad1shgep 91.193.75.203:9217 sky01.publicvm.com # Reference: https://twitter.com/James_inthe_box/status/1517192899682701312 # Reference: https://app.any.run/tasks/1395aadc-27f1-415d-a1f8-6247c4a0aa8e/ 91.193.75.194:5900 # Reference: https://twitter.com/pmelson/status/1518724244103995392 # Reference: https://twitter.com/pmelson/status/1521221361829617666 # Reference: https://www.virustotal.com/gui/file/47598ae5503ecc9b4acfc063deb3cf77998ff762104e484a288eede075f0f7d5/detection 194.5.98.35:21000 dlldns.co.uk dlldns.xyz dlldns.duckdns.org # Reference: https://www.virustotal.com/gui/file/1c6ec68a3017dd39da5043ff4cecd25ae5dadcc4f2577ba7103c84547c228882/detection 128.90.115.36:3468 # Reference: https://www.virustotal.com/gui/file/6fa04b5325e52bb0db3b3b307d5e6e802bc468da09fb062f78f978c4efbadd82/detection # Reference: https://www.virustotal.com/gui/file/5b42476fbd6d402e3a77156da5b563e4450f0e142223f707157b223fce237f8b/detection # Reference: https://www.virustotal.com/gui/file/27712ba8e0925e351934d3ae04f5ee648a7ec733c2d4be2a3dd54712548d30b7/detection 77.78.103.129:2022 77.78.103.129:5000 salma6.ddns.net # Reference: https://www.virustotal.com/gui/file/72a638827d037d077f1f1672f2d280f657496fab48b8e79d99742b48bf8f39ee/detection 83.180.241.5:5000 333kuk333.ddns.net # Reference: https://www.virustotal.com/gui/file/b374241715d190e7731b63e2f4cee1038e3307d52836969fab3854a2090d0b89/detection 198.54.128.70:56781 slav934.ddns.net # Reference: https://www.virustotal.com/gui/file/9d72cb7c95bcec88f7bf4bfffdb2b0ebe5902f3da943d03794e8a6f586f0c1a3/detection # Reference: https://www.virustotal.com/gui/file/89fb709ed5ac5cc3342b9894af039dcbb1988848c87063ba15b4ab69399ae77d/detection # Reference: https://www.virustotal.com/gui/file/b0d62e927975627c720fcf734ea7bb49ebe0790defa6d1085ff93e4b39c74f57/detection # Reference: https://www.virustotal.com/gui/file/f8720cc2747a3518d13193a2fe9cb791be7e37396fbc448f63a8227d5f552e52/detection 149.28.31.166:29527 149.28.31.166:443 160.108.30.0:29527 168.108.118.0:29527 168.108.122.0:29527 168.108.24.0:29527 168.108.25.0:29527 168.108.32.0:29527 168.108.35.0:29527 168.108.37.0:29527 168.108.42.0:29527 168.108.43.0:29527 168.108.44.0:29527 168.108.45.0:29527 168.108.47.0:29527 34.150.70.89:29527 40.108.48.0:29527 80.176.90.0:29527 # Reference: https://www.virustotal.com/gui/file/ae1df83bad300c4f1cbe9f899c9f394e9b2a2c9bc69a55137bb07adefaed27f0/detection invison.xyz # Reference: https://www.virustotal.com/gui/file/0a33db379fb16265aa27569abcaafade7ba257d7adf518eee804b1e5c9514d24/detection 105.106.74.27:6606 105.106.74.27:7707 105.106.74.27:8808 doda.ddns.net # Reference: https://www.virustotal.com/gui/file/b1daa3bc8bae29f14939e7beea3593ced703a3b159f3fabaa3679df8186e2546/detection # Reference: https://www.virustotal.com/gui/file/67825f8d43671a1b2a021f371183007baa0dd8034daea8ae0f3c02dd5645e787/detection 77.250.44.30:4444 mariush91.ddns.net # Reference: https://www.virustotal.com/gui/file/68811404cce73244b2326ca2397d7e95b103a86f5f1dc0220096206438dd3b76/behavior/Zenbox dominostark2028.duckdns.org # Reference: https://www.virustotal.com/gui/file/79b8d9f481f0b24b5cb7115a90fbb74c9b6e0448ec908761824e22fa36f255f0/behavior/Microsoft%20Sysinternals 51.116.130.83:4496 # Reference: https://www.virustotal.com/gui/file/fccc5b2fe1d1b1c730e2854e5d68219fe84e0d9277049f69712a28fb6b0e700a/behavior/Zenbox 91.93.162.73:6666 167.71.56.116:6666 awesome-dew-72404.pktriot.net eu-central-7075.packetriot.net # Reference: https://www.virustotal.com/gui/file/bc51107a5224a0935006255b4121048f5184619f88020946f3c590f5a09361b3/behavior/Zenbox 177.255.88.25:5001 strekhost2037.duckdns.org # Reference: https://www.virustotal.com/gui/file/ccd98e1fd5051669cde7d0aa853f103d62407f044dbbce89226fadeef766981a/behavior/VirusTotal%20Jujubox 193.161.193.99:39592 trabajopanel1-39592.portmap.io # Reference: https://www.virustotal.com/gui/file/cce1f99874e7a0436fc4930a9c63e030064d42b39fc8012d76e0433f146838b8/behavior/Zenbox 31.142.90.220:22 wayto.duckdns.org # Reference: https://www.virustotal.com/gui/file/d720f60685f9f08d3ca9f47376c66b28ff8fdd4cab4a2ed88ca33c294d2bc16b/behavior/C2AE 132.232.169.101:6656 # Reference: https://www.virustotal.com/gui/file/f18391acc8f08909407a1319569d2f01b55ee51b9e317228abdff5aebe87968f/detection 173.225.115.253:8848 194.31.98.113:6606 194.31.98.113:7707 194.31.98.113:8808 194.31.98.113:9909 172.83.152.87:8848 172.83.152.65:8848 2.58.149.126:6606 2.58.149.126:7707 2.58.149.126:8808 2.58.149.126:9909 polarjwns.xyz # Reference: https://www.virustotal.com/gui/file/d14d9a7e754c71b0b15e03dce5dc0d8a58cc7be737c2e350bbb4fc99c5d64366/detection 23.105.131.227:4404 # Reference: https://www.virustotal.com/gui/file/3189f5b4f50c04b25cea385aee92275fd3007f9332c329d9975c0b1270c6d26b/detection 31.210.20.172:6606 31.210.20.172:7707 31.210.20.172:8808 # Reference: https://www.virustotal.com/gui/file/99fe56a2f1d965843780325665c2ac286cc9bc52f80509e606028bc063c49210/detection 85.215.229.157:6227 6227hallo6227.ddns.net # Reference: https://www.virustotal.com/gui/file/13d27cdf24f15d418b2197f6d017725bbd26ea1b8db7a61bdd648e90f1d269c5/detection 46.246.80.3:7090 bendito2714.duckdns.org # Reference: https://www.virustotal.com/gui/file/43427de4b45f2aa2e6289d1a6d5e6859f4184e5cf638a4b6c185fafca6a85838/detection 185.140.53.150:1515 glengaidos2881.ddns.net # Reference: https://www.virustotal.com/gui/file/2f0dfcbd68df9ed438855a7b65bb08931df67234e6c55f78b6a16f2368f4d44e/detection 92.42.46.216:1996 xhoys.linkpc.net # Reference: https://www.virustotal.com/gui/file/fb67354e820721b6eb4684b167c1eb382936635843983ec24d06a72fdec8ad32/detection 24.15.119.31:1604 korruptinq.duckdns.org lulzsec.zapto.org # Reference: https://www.virustotal.com/gui/file/e91c4edb7c7cc1517cb8827127699e2e360596d240176f91e14556ac7ded8283/detection slicer.ddns.net # Reference: https://twitter.com/phage_nz/status/1529614527486013440 # Reference: https://tria.ge/220525-3tjmaaehd7 # Reference: https://tria.ge/220525-3v5wxaagfn 91.193.75.139:1345 91.193.75.165:3851 1biggie.publicvm.com ecx1hang.publicvm.com # Reference: https://www.virustotal.com/gui/file/56645ddbb6d65ff46e2db21ff0cd583d4b0ad988b6b6bcd140626a8b5eb81fa6/detection 188.232.176.99:7771 # Reference: https://twitter.com/Joseliyo_Jstnk/status/1531970265059573766 # Reference: https://www.virustotal.com/gui/file/fe8970a7f08ca9e71f485ba987cb78d1bb82d8973251962210e3fced77c15f99/detection # Reference: https://www.virustotal.com/gui/file/79068b82bcf0786b6af1b7cc96de1bf4e1a66b0d95e7e72ed1b1054443f6c5e3/detection 217.195.197.70:6606 217.195.197.70:7707 217.195.197.70:8808 # Reference: https://www.virustotal.com/gui/file/92a3c41d78e3fdb64c6313818bdba8d6c1652e507ee7ea08c4dd28cd8076e56e/detection 91.240.118.79:2727 91.240.118.79:2780 92.255.85.40:2707 92.255.85.40:2780 # Reference: https://www.fortinet.com/blog/threat-research/threat-actors-prey-on-eager-travelers 33b4-163-123-142-137.ngrok.io dc5b-163-123-142-137.ngrok.io dnets.ddns.net znets.ddns.net # Reference: https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/ # Reference: https://otx.alienvault.com/pulse/629dc0568c4a8863c10e59be palau.voipstelecom.com.au # Reference: https://twitter.com/James_inthe_box/status/1536418013691277312 # Reference: https://app.any.run/tasks/2d79a22c-84e3-4609-9436-3ceed9e36f36/ 185.70.104.87:3851 # Reference: https://tria.ge/220613-2s2wssfdf4/behavioral1 91.193.75.200:9217 # Reference: https://www.virustotal.com/gui/file/e2548ff0d1c69d0cad6504335aa2ef3fa21eaa9a429ead3acbddd9326129d819/detection 203.78.129.202:6666 # Reference: https://twitter.com/abuse_ch/status/1540590647022915584 74.201.28.166:6606 74.201.28.166:7707 74.201.28.166:8808 # Reference: https://twitter.com/c_APT_ure/status/1540053981648588804 193.233.185.132:6606 193.233.185.132:7707 193.233.185.132:8808 biz808080.duckdns.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2028062022 # Reference: https://tria.ge/220629-em9ccsgce5/behavioral2 103.156.90.165:4055 serviceserver.site venohvn.duckdns.org # Reference: https://www.virustotal.com/gui/file/676c79531be211041712ad8f9cf037a8cb4ed8c5362caf6cedde66d521314310/detection # Reference: https://www.virustotal.com/gui/file/a6f9557ec4704f2d7f00491e9dad466ca8483f61300f87708a93bf951138a4d6/detection 103.156.90.165:5050 venomcra25.duckdns.org venomcra3.duckdns.org # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-28%20AsyncRAT%20IOCs 147.189.168.74:6666 2dod.ddns.net rowadtqnee.online # Reference: https://asec.ahnlab.com/en/36315/ # Reference: https://otx.alienvault.com/pulse/62c69b05fe6a61daffeb9593 # Reference: https://www.virustotal.com/gui/file/0b357167f1d1e759b1b54d75bdb102da84578ecb5cb1a1d71733402deec91a83/detection http://154.19.203.208 154.19.203.208:6606 154.19.203.208:7707 154.19.203.208:8808 # Reference: https://tria.ge/220713-nxaffsggd9/behavioral1 185.200.116.219:9016 chinaco3.airdns.org # Reference: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/targeted-attack-on-government-agencies.html 107.173.143.111:6606 107.173.143.111:7707 107.173.143.111:8808 107.173.143.111:8989 # Reference: https://www.virustotal.com/gui/file/6659c7a1e89ce896ac616abf1cf6068381954c8c35b18a9d1fd24690ca9c4d3c/detection 198.23.212.148:6606 198.23.212.148:7707 198.23.212.148:8808 4Mekey.myftp.biz # Reference: https://www.virustotal.com/gui/file/10037dcdfbe006f14125b3b5fec8ab336ce996c1fe8af03114597b51d446b843/detection 141.255.144.69:8848 45.164.102.81:6663 93.46.8.90:6664 # Reference: https://www.virustotal.com/gui/file/c63dd27a4c9a42fd4c68bda6d2628e6791dae0ed3036b69f0b1e6433b5d7c473/detection 67.205.142.16:6606 67.205.142.16:7707 67.205.142.16:8808 # Reference: https://twitter.com/malwrhunterteam/status/1547857576359997440 # Reference: https://twitter.com/Iamdeadlyz/status/1547902451147108352 plutoniumwallet.ml /FaggotNiggerKysHaveFunTrying/ # Reference: https://www.virustotal.com/gui/file/40b6c05272cb9e3f7431f8afc74cef3ffbb21c86c3b57f94d9ac685b009c9ede/detection cdnofficecloud.com # Reference: https://www.virustotal.com/gui/file/02675ed3f879a7fbefabfcfa064bb53a2b925fb6751b7925d5dd2b25a51f4150/detection 194.187.251.115:8973 storage.nsupdate.info # Reference: https://www.joesandbox.com/analysis/596663/0/executive 141.255.146.167:2019 # Reference: https://www.virustotal.com/gui/file/2a9edc18b10a532f7632d6b44f2610ca3a823c2b2be7a3fd3126b55af2c68ede/detection 172.245.210.138:6606 172.245.210.138:7707 172.245.210.138:8808 189.201.235.59:6606 189.201.235.59:7707 189.201.235.59:8808 111234.ddns.net cdt2021.hopto.org # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2025072022 # Reference: https://tria.ge/220725-r8z22abab3 194.5.97.97:5069 194.5.97.97:6638 polimaplasko.duckdns.org # Reference: https://gist.github.com/stoerchl/ae32c9ec9d7003c608bb4c19e9fe7bd7 # Reference: https://twitter.com/James_inthe_box/status/1567597599984852992 # Reference: https://www.virustotal.com/gui/file/6f105d359fe32edd24c3e5a441f3f8d3f4be7fad856ce7b0e606e9e18b742024/detection # Reference: https://www.virustotal.com/gui/file/0671d1cf46c957d8ca3084d500f4ccb2e71f5f687868cb5f113127e560422e76/detection 45.14.224.94:444 51.81.105.238:1981 51.81.94.115:888 superfaster1.is-found.org superfaster22.selfip.info superha3y.is-a-geek.com superhay.is-a-geek.com superslo4w.is-a-nascarfan.com superslow.is-a-nascarfan.com superziad.is-a-liberal.com # Reference: https://twitter.com/1ZRR4H/status/1551713964660326402 # Reference: https://www.virustotal.com/gui/file/00bcbf44a3a8dfdd43324ad3dc7a868049bc1856237d97307cc1bbec2ce68ffe/detection # Reference: https://www.virustotal.com/gui/file/92c085aab941207d5aba2eb3b7c1f6542c075698310b213ba17aff352fee7810/detection # Reference: https://www.virustotal.com/gui/file/dd0528c7214c1ff510d922eff856d56d616341f689edfa40f4b2bbbca82b8aa8/detection 191.88.251.106:1990 albertogiraldolora09.duckdns.org freddysolanolora09.duckdns.org jhonatanmartinezmartinez09.duckdns.org julianmaldonalora09.duckdns.org luispereiralora09.con-ip.com mauroplatalora09.duckdns.org # Reference: https://www.virustotal.com/gui/file/8638697480078473d60b20cbeb522b7745dde8ae749159064356b0a31a825e88/detection 185.140.53.76:7738 # Reference: https://www.joesandbox.com/analysis/677285/0/html 194.213.3.182:6606 194.213.3.182:7707 194.213.3.182:8808 vvat22.con-ip.com # Reference: https://www.virustotal.com/gui/file/d2d84301495b692c57680cd232d752253011aeeea1cfe3de144c42c5189b8168/detection 37.0.14.198:6161 # Reference: https://tria.ge/220805-n2cflsaafj 185.225.73.221:5493 # Reference: https://www.virustotal.com/gui/file/00cb0795efc4104c5f4f121172a9728af0d5387cee5d8c7abf8e416f443acc05/detection 23.133.216.180:7582 did-diff.at.playit.gg # Reference: https://twitter.com/pmelson/status/1556425256046411776 # Reference: https://twitter.com/pmelson/status/1556425274853564416 # Reference: https://www.virustotal.com/gui/file/5d3fc59a805561bfbb27bd0d845c303d4523eefb796c5b815a22bec8973ec331/detection 134.35.6.44:6606 134.35.6.44:7707 134.35.6.44:8808 sabaye-d.space sabanjm2.ddns.net # Reference: https://www.virustotal.com/gui/file/d5a2e7315be0afecb9d4a0a5d4b8ee40552675c22405fe17f839023b74a232ad/detection 20.90.119.110:6606 20.90.119.110:7707 20.90.119.110:8808 # Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection # Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/ 147.185.221.180:14456 3.125.102.39:13643 3.126.224.214:11664 believe-stars.at.playit.gg positive-be.at.playit.gg # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2010082022 # Reference: https://tria.ge/220810-yl2exaecen/behavioral1 # Reference: https://tria.ge/220810-yqa4hsgdb9/behavioral2 2.58.56.32:6666 modymos.linkpc.net mosacor.co.za # Reference: https://www.virustotal.com/gui/file/8bc112ddd27f0fc2fdc5f50901f8bd15a999042383cc7fe93d3f2b2d8dd085ac/detection technologie.duckdns.org # Reference: https://www.virustotal.com/gui/file/40da5be82081d0f0a205474abc614379ce4a655ae84c048353a53b49780fa39f/detection blazevault.ddns.net # Reference: https://www.virustotal.com/gui/file/dc645f9fb41904317cc725625eb703c260b4bfea01abe8e31988a83c06930226/detection negritos.site # Reference: https://www.virustotal.com/gui/file/39fe79e59e8fc4e86513ec09959c895e5667a39e9d32bb90d8cf29ac892496d0/detection 107.173.255.227:2000 107.173.255.227:3000 107.173.255.227:4000 cdt2021.zapto.org # Reference: https://twitter.com/embee_research/status/1563149262707257344 173.209.51.37:5137 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2026082022 # Reference: https://tria.ge/220826-pb2s9adcd2/ 91.192.100.9:8976 # Reference: https://twitter.com/Iamdeadlyz/status/1562823487932100608 193.124.22.17:4449 # Reference: https://twitter.com/r3dbU7z/status/1564893492924538880 # Reference: https://twitter.com/r3dbU7z/status/1564940756950843392 # Reference: https://www.virustotal.com/gui/ip-address/54.236.21.218/relations # Reference: https://www.joesandbox.com/analysis/693848/0/html 54.236.21.218:6606 54.236.21.218:7707 54.236.21.218:8808 myacesverif.duckdns.org myverifyaccess.my03.com # Reference: https://twitter.com/0xToxin/status/1565599718000009216 # Reference: https://tria.ge/220902-f7pn5aghbj/behavioral1 139.28.219.37:2000 172.94.80.37:2000 dangerous1.ddns.net donzola.duckdns.org # Reference: https://ti-research-io.github.io/ti/ioc_extender/?name=TF_AsyncRAT ahmedhasan-43601.portmap.host darkvader94-36189.portmap.host dasdad2-27665.portmap.host freeedp.duckdns.org fresh02.ddns.net gaminghost873737-38124.portmap.io java.servebeer.com jul-perl.myvnc.com lordfish12312-53903.portmap.host minecrafthosting6969-35389.portmap.io realfive5-49318.portmap.host zeldorispiety-50433.portmap.host # Reference: https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/ # Reference: https://www.virustotal.com/gui/ip-address/20.78.19.235/relations # Reference: https://www.virustotal.com/gui/file/818d184a57f7cce89dda848cb17a503e0c5957803eb8d088491f809ad750cc21/detection # Reference: https://www.virustotal.com/gui/file/75ae08629e69a57887d2c8e6ba798e16ff9bd8e7af85a1ea029c0594c076ef59/detection # Reference: https://www.virustotal.com/gui/file/be88db263dee3dcd1a9a236c7dd4b7885ea664e6df404f910a5e0173d1be19c4/detection aeternam.me graviom.fr tf-bank.com nedbankplc.4nmn.com press.giize.com secure.graviom.fr # Reference: https://tria.ge/220907-s2q18acdf7/behavioral2 45.14.224.94:2001 45.14.224.94:444 # Reference: https://twitter.com/malwrhunterteam/status/1568182218127712256 # Reference: https://www.virustotal.com/gui/file/e5a27354665310d4b974f19bb79a01dd8eeb21dabde06eb6941c8d27b57bc689/detection 172.94.11.178:7878 g8787.ddns.net # Reference: https://www.virustotal.com/gui/file/85a13e4751a7a3dbccd46a23a441ec7838f5df8ce13f6a76e0347838200e47b9/detection rippeymp811.ml rippeymp811.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1568194124330713089 # Reference: https://www.virustotal.com/gui/file/c2eac887aeca169e624ea5922167854e32faa4c47d52d5cf01949f965d26f00c/detection 198.98.53.231:5677 # Reference: https://www.virustotal.com/gui/file/d01e1d3d771a443f0fb994b3b3583422124677d4fba4eec14ce6f387e97055c3/detection adobedata.webredirect.org cdt.3utilities.com # Reference: https://www.virustotal.com/gui/file/5f6579f4f7371307b56a578c760042466708f88f04ccf09b8291ed495ad97f5f/detection 45.74.38.17:6606 45.74.38.17:7707 45.74.38.17:8808 niiarmah.kozow.com