# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ScumBots/status/1047543566594179073 queda2122.ddns.net # Reference: https://twitter.com/ScumBots/status/1047422769712046080 trotokolenigers.onthewifi.com # Reference: https://twitter.com/ScumBots/status/1046815013401501701 mdformo1.ddns.net # Reference: https://twitter.com/ScumBots/status/1041469793625407489 farida.ddns.net # Reference: https://twitter.com/ScumBots/status/1037351538732294145 zxcvbn123456.ddns.net # Reference: https://twitter.com/ScumBots/status/1038158542736445441 mondns.myftp.biz # Reference: https://twitter.com/ScumBots/status/1040311939073826816 morfey.hldns.ru # Reference: https://twitter.com/ScumBots/status/1050046306016747521 office365update.duckdns.org systen32.ddns.net # Reference: https://twitter.com/ScumBots/status/1052526398924095488 quedabesouro.ddns.net # Reference: https://twitter.com/ScumBots/status/1053262497673891841 seekers.hopto.org # Reference: https://twitter.com/ScumBots/status/1054081645400260608 duckdate.duckdns.org # Reference: https://twitter.com/ScumBots/status/1063996828516012033 morfey.myftp.org # Reference: https://twitter.com/ScumBots/status/1064254932528832512 itachituff.duckdns.org # Reference: https://twitter.com/ScumBots/status/1067565492322410497 farida.ddns.net # Reference: https://twitter.com/ScumBots/status/1069517101654777857 updatefacebook.ddns.net # Reference: https://twitter.com/ScumBots/status/1080998862574309377 vivivi.myftp.org # Reference: https://twitter.com/ScumBots/status/1081317358206156800 nerv7.ddns.net # Reference: https://twitter.com/ScumBots/status/1081378115526582273 mondns.myftp.biz # Reference: https://twitter.com/ScumBots/status/1082132730715037696 queda212.duckdns.org # Reference: https://twitter.com/ScumBots/status/1089336859912744960 microsoftsecure.myq-see.com # Reference: https://twitter.com/ScumBots/status/1090260035312275456 498408.ddns.net olhomagicocdt.duckdns.org systenfailued.ddns.com.br # Reference: https://twitter.com/ScumBots/status/1090736985315201025 helloweenhagga.ddns.net helloweenhagga1.ddns.net helloweenhagga2.ddns.net helloweenhagga3.ddns.net # Reference: https://twitter.com/ScumBots/status/1095149123517534208 helloweenhagga4.ddns.net # Reference: https://twitter.com/ScumBots/status/1095760026923352066 updatesystem.linkpc.net # Reference: https://twitter.com/ScumBots/status/1097587061329154055 easykill.servebeer.com easykill1.servepics.com easykill2.servepics.com easykill3.servebeer.com # Reference: https://twitter.com/ScumBots/status/1098145754185633793 haggasinger.ddns.net haggasinger1.ddns.net haggasinger2.ddns.net # Reference: https://twitter.com/ScumBots/status/1101890548661698560 rat24695.ddns.net # Reference: https://twitter.com/ScumBots/status/1102445323417542658 mastermana1.serveirc.com mastermana2.serveirc.com mastermana3.serveirc.com mastermana4.serveirc.com # Reference: https://twitter.com/ScumBots/status/1103351296768331776 seskoal7rbe.ddns.net # Reference: https://twitter.com/ScumBots/status/1103751431318892546 fouirux-59789.portmap.io 81.106.30.119:4444 # Reference: https://twitter.com/ScumBots/status/1104736674087665665 173.46.85.160:5555 # Reference: https://twitter.com/James_inthe_box/status/1107686616624037890 # Reference: https://twitter.com/JAMESWT_MHT/status/1107682800134750211 nobody120.duckdns.org # Reference: https://twitter.com/ScumBots/status/1108802212543848450 5.9.171.235:333 # Reference: https://twitter.com/ScumBots/status/1110489582494203904 91.192.100.5:1604 # Reference: https://twitter.com/Racco42/status/1112628162872119296 82.223.9.232:98 # Reference: https://twitter.com/TweeterCyber/status/1112919582635745281 kronozzz2.duckdns.org # Reference: https://twitter.com/F_kZ_/status/1047054463570186241 37.187.155.228:85 nojjdjamel.hopto.org nojjdjamel2251.hopto.org # Reference: https://twitter.com/malware_traffic/status/935703820889358336 oamentyga.duckdns.org # Reference: https://twitter.com/Racco42/status/884324767809056768 37.187.92.171:621 # Reference: https://twitter.com/Racco42/status/882123509350236160 hagroonayazabiiiiii.com 82.165.147.250:621 # Reference: https://twitter.com/luc4m/status/1113433242689052672 oldmandnsch.duckdns.org # Reference: https://twitter.com/ScumBots/status/1117986483196055552 # Reference: https://twitter.com/ScumBots/status/1123048893170769922 # Reference: https://twitter.com/ScumBots/status/1123675214980833280 95.213.251.165:7070 95.213.251.165:9090 95.213.191.230:9090 # Reference: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign frankmana.duckdns.org workfine11.duckdns.org oldmandnsch.duckdns.org blackhagga.duckdns.org skyrocket1.duckdns.org kronoz.duckdns.org oldmandnsch.duckdns.org kronozzz2.duckdns.org lulla.duckdns.org decent.myvnc.com decent5.myvnc.com jayztools1.ddns.net jayztools2.ddns.net jayztools3.ddns.net totallol.duckdns.org totallol1.duckdns.org totallol2.duckdns.org totallol3.duckdns.org decent2.myvnc.com decent3.myvnc.com decent1.myvnc.com decent4.myvnc.com jordanchen736.sytes.net jordanchen7361.sytes.net jordanchen7362.sytes.net jordanchen7363.sytes.net lalacious1.serveftp.com lalacious2.serveftp.com lalacious3.serveftp.com lalacious4.serveftp.com mastermana1.serveirc.com mastermana2.serveirc.com mastermana3.serveirc.com mastermana4.serveirc.com mastermana5.serveirc.com lullikhao.ddns.net lullikhao1.ddns.net lullikhao2.ddns.net bullol.duckdns.org cocomo.ddns.net haggasinger2.ddns.net haggasinger.ddns.net haggasinger1.ddns.net loramer1.ddnsking.com easykill.servebeer.com easykill3.servebeer.com easykill2.servepics.com easykill1.servepics.com easykill3.servepics.com helloweenhagga.ddns.net helloweenhagga3.ddns.net helloweenhagga4.ddns.net helloweenhagga2.ddns.net revengerx211.sytes.net revengerx212.sytes.net revengerx213.sytes.net revengerx214.sytes.net revengerx215.sytes.net revengerx216.sytes.net revengerx217.sytes.net revengerx218.sytes.net revengerx219.sytes.net revengerx210.sytes.net office365update.duckdns.org systen32.ddns.net bhenchood.ddns.net emmanuelstevo.ddns.net zinderhola1.ddns.net zinderhola.ddns.net myownlogs.duckdns.org cocomo1.ddns.net cocomo10.serveblog.net cocomo2.ddns.net cocomo2.serveblog.net cocomo3.serveblog.net cocomo4.serveblog.net cocomo5.serveblog.net cocomo6.serveblog.net cocomo7.serveblog.net cocomo8.serveblog.net cocomo9.serveblog.net mrcode.hopto.org mrcode1.hopto.org mrcode2.hopto.org pussi2442.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1076166793054556160 presentationx.sytes.net # Reference: https://twitter.com/ScumBots/status/1121497114532618246 5.9.171.229:777 # Reference: https://twitter.com/illegalFawn/status/1122767858126266368 jorenimo55.hopto.org # Reference: https://twitter.com/ScumBots/status/1126966907511480321 151.80.241.114:666 # Reference: https://twitter.com/HONKONE_K/status/1135760982385483777 queda212.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1144358899429986304 185.165.153.250:5478 # Reference: https://twitter.com/ScumBots/status/1145116725970657281 93.90.193.146:213 # Reference: https://twitter.com/ps66uk/status/1145640316856340480 cheryl11.duckdns.org # Reference: https://twitter.com/powershellcode/status/1148234398703030273 bylgay.hopto.org microsoftoutlook.duckdns.org soucdtevoceumcuzao.duckdns.org # Reference: https://twitter.com/coderippers/status/1153267389632602114 # Reference: https://www.virustotal.com/gui/ip-address/105.112.98.242/relations 105.112.98.242:1040 blackhill.ddns.net isaacjekaguleri1234.ddns.net mbvd.hopto.org moneybag123.myftp.biz # Reference: https://twitter.com/coderippers/status/1154003951152484352 mzu.publicvm.com # Reference: https://twitter.com/ScumBots/status/1154429111198203910 204.152.219.67:1003 # Reference: https://twitter.com/RedDrip7/status/1154696058846322688 # Reference: https://ti.qianxin.com/blog/articles/gorgon-group-campaign-aggah-with-pastebin/ kronozzz2.duckdns.org microsoftoutlook.duckdns.org tonypp.duckdns.org yahakhan.duckdns.org zoebin.duckdns.org # Reference: https://twitter.com/Racco42/status/1158745916653920257 194.5.98.242:1212 # Reference: https://twitter.com/James_inthe_box/status/1165603800230481920 # Reference: https://www.virustotal.com/gui/ip-address/82.146.50.128/relations # Reference: https://www.virustotal.com/gui/ip-address/37.203.214.30/relations 37.203.214.30:5000 82.146.50.128:5000 ahhahaasdas.ddns.net dafg124.ddns.net darckcometa.ddns.net denisvpn2.ddns.net devedeev.hopto.org don4ik228.ddns.net ewqewqewq.ddns.net hostvimeworld.ddns.net killler40000.ddns.net lis1033.hopto.org makot123.ddns.net nikolaykolyabb.hopto.org noinmy.ddns.net werder3456.hopto.org anonim001.ddns.net asfadsvasdfsd.ddns.net hedswjhrjkwe.freedynamicdns.net matvey.ddns.net micromax111.ddns.net minecrafter1337.ddns.net nargaroth.ddns.net orcusbam.ddns.net q12345gg.hopto.org q312820ressivr.hopto.org syka228228ppppp.ddns.net talgat.ddns.net uksivthack.mein-vigor.de vhjrtyg.hldns.ru # Reference: https://twitter.com/de_aviation/status/1097547526763433985 helloweenhagga.ddns.net revengerx111.sytes.net # Reference: https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html qstorm.chickenkiller.com skymast231-001-site1.htempurl.com # Reference: https://twitter.com/ScumBots/status/1175338135573684224 3.19.114.185:11400 # Reference: https://blog.prevailion.com/2019/10/mastermana-botnet.html rgalldmn.duckdns.org speeddfox.duckdns.org # Reference: https://twitter.com/ScumBots/status/1180817132763963394 144.76.134.221:333 # Reference: https://twitter.com/P3pperP0tts/status/1181546654169800705 34.95.176.194:443 bkil.ddns.net # Reference: https://twitter.com/ScumBots/status/1184367636941029377 18.216.157.58:333 # Reference: https://twitter.com/ScumBots/status/1185658643720626176 193.161.193.99:56282 # Reference: https://twitter.com/ScumBots/status/1185983283408134145 192.241.133.27:5555 # Reference: https://twitter.com/ScumBots/status/1186745945154838528 148.251.11.102:333 # Reference: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/ bhenchood.ddns.net blackhagga.duckdns.org bullol.duckdns.org cocomo.ddns.net cocomo1.ddns.net cocomo10.serveblog.net cocomo2.ddns.net cocomo2.serveblog.net cocomo3.serveblog.net cocomo4.serveblog.net cocomo5.serveblog.net cocomo6.serveblog.net cocomo7.serveblog.net cocomo8.serveblog.net cocomo9.serveblog.net cycbra.duckdns.org decent.myvnc.com decent1.myvnc.com decent2.myvnc.com decent3.myvnc.com decent4.myvnc.com decent5.myvnc.com easykill.servebeer.com easykill1.servepics.com easykill2.servepics.com easykill3.servebeer.com easykill3.servepics.com emmanuelstevo.ddns.net frankmana.duckdns.org haggasinger.ddns.net haggasinger1.ddns.net haggasinger2.ddns.net helloweenhagga.ddns.net helloweenhagga2.ddns.net helloweenhagga3.ddns.net helloweenhagga4.ddns.net jayztools1.ddns.net jayztools2.ddns.net jayztools3.ddns.net jordanchen736.sytes.net jordanchen7361.sytes.net jordanchen7362.sytes.net jordanchen7363.sytes.net kronoz.duckdns.org kronozzz2.duckdns.org lalacious1.serveftp.com lalacious2.serveftp.com lalacious3.serveftp.com lalacious4.serveftp.com loramer1.ddnsking.com lulla.duckdns.org lullikhao.ddns.net lullikhao1.ddns.net lullikhao2.ddns.net majorsss.duckdns.org mastermana1.serveirc.com mastermana2.serveirc.com mastermana3.serveirc.com mastermana4.serveirc.com mastermana5.serveirc.com mrcode.hopto.org mrcode1.hopto.org mrcode2.hopto.org myownlogs.duckdns.org office365update.duckdns.org oldmandnsch.duckdns.org pussi2442.ddns.net revengerx210.sytes.net revengerx211.sytes.net revengerx212.sytes.net revengerx213.sytes.net revengerx214.sytes.net revengerx215.sytes.net revengerx216.sytes.net revengerx217.sytes.net revengerx218.sytes.net revengerx219.sytes.net skyrocket1.duckdns.org systen32.ddns.net totallol.duckdns.org totallol1.duckdns.org totallol2.duckdns.org totallol3.duckdns.org workfine11.duckdns.org zinderhola.ddns.net zinderhola1.ddns.net # Reference: https://www.virustotal.com/gui/file/96a008b46c9acacccb03a31c01c9c28dac64b621eb819b8c92f242288207973a/detection 45.236.130.17:2022 d0rian2022.ddns.net # Reference: https://twitter.com/P3pperP0tts/status/1190316504304246786 156.215.159.57:333 lapoire1.hopto.org # Reference: https://twitter.com/ScumBots/status/1191396450497974274 193.161.193.99:56282 # Reference: https://twitter.com/JAMESWT_MHT/status/1193905361100644352 # Reference: https://app.any.run/tasks/d364f0d3-ed23-44ec-b230-351f75a5b0b3/ 192.169.69.25:5552 ytka.duckdns.org # Reference: https://twitter.com/JayTHL/status/1189578177368264704 nocbaba1.duckdns.org # Reference: https://www.virustotal.com/gui/file/639f527b10857a2ef47673e699818f3dd85524ec31a3d8f487e133c73ba4a186/detection 105.112.98.242:5198 # Reference: https://www.virustotal.com/gui/file/27621e43a8b7d8137c432702b03561de7590ef55d7df0c3ad1f296a2891dde79/detection 185.244.29.15:5198 mallorca.myftp.org # Reference: https://twitter.com/ScumBots/status/1197640092397064192 190.159.103.11:8080 # Reference: https://www.virustotal.com/gui/file/94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad/detection 40999up.sytes.net acecervolta.duckdns.org # Reference: https://www.virustotal.com/gui/file/ca3045208e641a504d71b95b312e23b5956540c42390d4fd5c73b0a592605ce2/detection 79.134.225.105:1515 # Reference: https://www.virustotal.com/gui/file/5fcf8adcf19a796ba5be6eafec26b0e735132fbdc9443e64a6622ddccbc622f9/detection anonyklax.duckdns.org # Reference: https://www.virustotal.com/gui/file/b8de1bc56ce012c92db35b2fa042cc64949b44561c8b99137b6b9d7352046bd2/detection 212.83.170.126:556 # Reference: https://www.virustotal.com/gui/file/9ad8e7da4c1659aa83b8c26be641cb813ca9b3b3ab66436d39c37355b2060dd8/detection 212.83.170.126:777 # Reference: https://www.virustotal.com/gui/file/57e4b72d810a2060fc33a66712099b1a1c380f6b48fc1b0d2ce551acd5a26280/detection 212.83.170.126:555 # Reference: https://twitter.com/0xCARNAGE/status/1200501488709226498 # Reference: https://app.any.run/tasks/c382b09f-03f7-4680-86c5-28316c5cc5e3/ reviewondoc.hopto.org # Reference: https://www.virustotal.com/gui/file/194318a6aa15e9b89493527e85e366a620375fb8276a99cbbe60e74c64007cdf/detection therazor.duckdns.org # Reference: https://www.virustotal.com/gui/file/53ff9d532c3deb4a523a837c7d0a5e1fc73d9d229505a9b21b9fa5c2e2a75b81/detection tripplegar.duckdns.org # Reference: https://www.virustotal.com/gui/file/978785aa90673c5ddc678f1018e3eda34ac89d74746da046c4264716b7ad90ac/detection raxixe.ddns.net # Reference: https://www.virustotal.com/gui/file/c0e1cefc0fa326e6fe9bc99b75f3efbe416288bdb9c15419f3d311c74a6d5159/detection 117.102.55.39:27015 196.194.129.126:27015 # Reference: https://www.virustotal.com/gui/file/a22e0bd4c7fb42f0eff06c79882c3978d36036b05365afce51a678940b77d2db/detection 117.102.49.165:27015 # Reference: https://www.virustotal.com/gui/file/866159f1b11fe095f44befc8f854d5088ad102ca5ee1596545551474159e3b54/detection 111.88.66.94:27015 196.62.171.212:27015 # Reference: https://www.virustotal.com/gui/file/f1c7e6b4718c11fdc2480758d92457c3cfb4b76f3904164c6a3385a79bb5129c/detection 82.165.189.152:12 rdp.dgsn.fr # Reference: https://www.virustotal.com/gui/file/0474fa430b2615ae160aad788b42af3c9c853a18f881d9f2b68142a7758cd677/detection 51.39.52.149:2303 # Reference: https://www.virustotal.com/gui/file/9ca36a408d5a16f3dc423b8d242f4e88801e8182af6ae3a11c7fc33bdb534f8e/detection 79.134.225.81:2303 # Reference: https://www.virustotal.com/gui/file/579dddb5b420ac1e3e0a7fb69aea0ce133a1abb19649e9077d9fad2587dee80f/detection alien007.my-firewall.org # Reference: https://www.virustotal.com/gui/file/ae8d20d5b490e43334f8338d3907f02030a2b41332ac23bbce2d450017bc8326/detection 192.253.246.145:8152 # Reference: https://www.virustotal.com/gui/file/a09c08b424b81d1ae51d6f97742e9d6e44adf7269a74d4932b9792f4cc22f077/detection 109.22.233.12:1255 ktama.linkpc.net # Reference: https://app.any.run/tasks/44fc2e78-b754-499e-b3af-7a79464eb5e6/ 102.165.36.254:2336 # Reference: https://www.virustotal.com/gui/file/186bbc489899cf51c242bdc0b015b792f041cf7457122c976ea64e7e7b5dba39/detection 184.82.53.131:333 # Reference: https://www.virustotal.com/gui/file/735f73734a4655eabf8c26ec99743df7ec47f46fcd256fbab553a10f2baada03/detection 184.82.56.227:333 184.82.57.216:333 184.82.60.41:333 # Reference: https://www.virustotal.com/gui/file/2c23d2190d208448017f9277eb99e2440c333175904adc21fd2004f06862d0b5/detection 184.82.49.43:333 # Reference: https://www.virustotal.com/gui/file/91a7176ebe6fee77e0167a84e832aef4cdbc56234a9dd72ac955f51ab43b071b/detection 184.82.55.15:333 # Reference: https://www.virustotal.com/gui/file/ad1cbf644977d986d1c92b3c0fe6350a0ef2c87d1f719f083f35cd4a36707132/detection 184.82.55.236:333 # Reference: https://www.virustotal.com/gui/file/41cd5cbe2bd4a2457887d8dc8dce4ce729e48305d60c82e587674e6a39c0b1e2/detection 184.82.62.180:333 # Reference: https://www.virustotal.com/gui/file/1339337c0a0c174773a4c4b7f6f639f995d11164eddd62d660cf3d0eb04fae46/detection 184.82.61.54:333 # Reference: https://www.virustotal.com/gui/file/664a24c87095b082bacc5ee657ec9ba62edce5f5411ca9d74204f76f52bbcbed/detection 184.82.56.227:333 # Reference: https://twitter.com/malware_traffic/status/1210701849977925635 # Reference: https://app.any.run/tasks/a003dde6-2c61-4301-9323-c767484ccaee/ 186.243.111.215:2222 marcialimaadvogados.ddns.net # Reference: https://www.virustotal.com/gui/file/ce59a9172682feb9cc529510d7f4912591e0ff05b1fb8f218feff4f56b986a5d/detection blog.capeturk.com # Reference: https://www.virustotal.com/gui/file/08052cd140d7a3b458bace4be4d795b28136ee259789273e3eec6ce9e93de7f7/detection nj.monk249.date # Reference: https://www.virustotal.com/gui/file/2f8c54525f4e26d777471da3d4a417146b670c64639dde29379f5d889b46b5fe/detection 216.176.190.198:2222 # Reference: https://www.virustotal.com/gui/file/533a3ee4340e08faf9fa56c74d1cacbc8c2fbdffbc2b1348372a929e993a5ff6/detection 93.190.51.88:2222 # Reference: https://www.virustotal.com/gui/file/131c6d984601d02a2be36bf7fb71a712619a6d4f54068c58467a9334e6e94789/detection 192.227.121.243:2222 # Reference: https://www.virustotal.com/gui/file/f32da272fbb8be7d539518a7d191e3b698eec1e6cfb9c6c99b7bc26ebb645c0c/detection 193.161.193.99:25878 # Reference: https://www.virustotal.com/gui/file/48b8bf56f5221de8f6c2d0401e94eec04ce3498473fcb24ed947d7feea546a2e/detection 104.244.75.220:38197 # Reference: https://www.virustotal.com/gui/file/568c954a9e363d0e99ff2b20296d288cdd4326283746c7fc6a57782eb594c3e6/detection 104.244.75.220:38197 104.244.75.220:38198 omaitgb.duckdns.org # Reference: https://www.virustotal.com/gui/file/8596eb18fbed20521e380396707504cb863569f38a4eeb7f67bd206c1966891b/detection 104.244.75.220:3074 # Reference: https://www.virustotal.com/gui/file/8faee7d114e24b7bc762ed857d6087a7975f5c5fc2b11bc48b0c452eab7a055a/detection drivetask.win # Reference: https://www.virustotal.com/gui/file/9f8dbd0b0911fcc986fee73a640a0fceee40f10dde5c65692a962bebbce83a42/detection 41.140.185.154:1177 canad.ddns.net # Reference: https://www.virustotal.com/gui/file/a469892016ef8e6113447bc1499878486d0e57ec8f775a637add59b701eed55e/detection jvckiwai.ddns.net phnzmaster1337.ddns.net # Reference: https://www.virustotal.com/gui/file/3903657504b1808b259ed87f135c99f97724ced294fc79deacb78ce3a6b56aa0/detection 177.126.146.10:1000 177.126.146.29:1000 3030pp.hopto.org # Reference: https://www.virustotal.com/gui/file/663b1ed354638ffad7b4247152a55e94d256b20a422e8420712a285d5196d600/detection 196.235.119.152:5005 # Reference: https://www.virustotal.com/gui/file/94e5e4566c7119fd856c962028b9a7ecca684ff1a6c8e7ac360cdcf33ac8a609/detection 196.234.181.131:5005 # Reference: https://www.virustotal.com/gui/file/69a7dc6e31ae9b2bdd9e9b91d1c78e82f0afb5c0b15b36d6529d3b08c0af02c4/detection 196.229.217.179:5005 # Reference: https://www.virustotal.com/gui/file/edb9d01d1dc453f3992d0cc01bb2e737a9e9cd18f685bc360dbb56919a5d2341/detection 196.234.130.111:5005 196.234.134.73:5005 # Reference: https://www.virustotal.com/gui/file/8acbacd3c0cf2aa0918107dfce43d4dbe2071fbad3561ef588654fb2e28b1e6c/detection 196.234.170.219:5005 # Reference: https://www.virustotal.com/gui/file/7b368a543d6cb7253135711ba044028794111551a796d0201c02e68799349ea2/detection 196.229.142.14:5005 196.234.196.160:5005 # Reference: https://www.virustotal.com/gui/file/435f1581d05022ab3cd2b1affd6da43513f02189a8f1aa103054d793068ff996/detection dragonfire-49462.portmap.host # Reference: https://www.virustotal.com/gui/file/527c7c40a907dea2b874019ac4d81e4965ad8647b60b9bc5af04debf4c6f7ffb/detection 79.134.225.72:2121 sure.spdns.de # Reference: https://www.virustotal.com/gui/file/1b44b336bf31ef38e47a4df90df8f85efb341d8a3631202ac1c1945602e51dd0/detection 176.136.148.107:333 # Reference: https://twitter.com/ScumBots/status/1213638005254168577 KevinDavis-58161.portmap.host # Reference: https://www.virustotal.com/gui/file/58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933/detection r3dc0d3r.duckdns.org # Reference: https://www.virustotal.com/gui/file/858a439028cd32061a2fb29f3a13f4dcb6c09cb6147ff81f660ab19ede26d6e7/detection 103.136.156.186:12301 # Reference: https://twitter.com/ScumBots/status/1213800324630294528 # Reference: https://www.virustotal.com/gui/file/98c053d0a020c3146a1cfee09150fb2fc342f501ce00b0a898935c042ebe7016/detection 174.127.99.217:1016 # Reference: https://twitter.com/ScumBots/status/1215449944041062400 rdp2.dgsn.fr # Reference: https://twitter.com/reecdeep/status/1215666445264224256 danielgomesb.mooo.com # Reference: https://www.virustotal.com/gui/file/d9d6a345875324cbe8612ee7d02e6dd18f3f208d743e6aea40a8a2f3a236f8f5/detection 141.255.150.36:1337 danielgomesb.duckdns.org # Reference: https://www.virustotal.com/gui/file/a4382bc600bfd846a10029bd8ea0e7e94abcdef9819225dc83d581bf7c69df29/detection 179.180.82.144:1337 # Reference: https://www.virustotal.com/gui/file/0e754a806b2813874c47332e98a8c118bd1e33508b44ff0081ac36a48814d769/detection 109.202.107.15:9040 noregisterdomain.zapto.org # Reference: https://twitter.com/ScumBots/status/1215804781865963521 # Reference: https://www.virustotal.com/gui/ip-address/78.82.164.58/relations 78.82.164.58:5552 yukselofficial.duckdns.org # Reference: https://www.virustotal.com/gui/file/2fc5217c461e357cef6f9aa68cb752a6834c01a34c25fc133b5a7aa8a540055d/detection winuptade.homesecuritypc.com # Reference: https://www.virustotal.com/gui/file/ae8d20d5b490e43334f8338d3907f02030a2b41332ac23bbce2d450017bc8326/detection 192.253.246.140:8152 # Reference: https://www.virustotal.com/gui/file/c64ee1bb47b78cc210d6d68f18064d87eb9054e559cff85f49390af75cb304de/detection 51.38.76.65:8090 # Reference: https://twitter.com/ScumBots/status/1217722417516285952 159.65.15.187:5552 # Reference: https://app.any.run/tasks/99d7ecd4-f627-4d3b-a308-b0ae8f574ea5/ ytka.duckdns.org 192.169.69.25:5552 # Reference: https://twitter.com/ScumBots/status/1219280325630623749 103.70.6.20:1117 # Reference: https://www.virustotal.com/gui/file/e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b/detection 137.74.152.239:333 # Reference: https://www.virustotal.com/gui/file/42e23b5a0fde78a0677c91043c9484aa6a9942fadf7e535a07104ff0dd501cb4/detection 177.126.146.50:1000 # Reference: https://www.virustotal.com/gui/file/c25a614eaad85114dbace254af9eda4c1d3d1383e3ca995d5e2fa9b6edfe60a5/detection 45.74.1.13:5050 # Reference: https://www.virustotal.com/gui/file/37021f720fe980d4c9c463f7362bdd5d86e217694fcd19c670e7ad90be7a0f40/detection 186.241.81.206:333 karinaregistrodns.ddns.net # Reference: https://www.virustotal.com/gui/file/46ab018333ef331649a4564d485dc51bb3dd5fd647fb36715b0bf8c3717e78ec/detection 177.208.143.211:333 # Reference: https://www.virustotal.com/gui/file/dc0606ed37f0ca5272bd0227901406be6a0aa7c7269df96ae16f04b28399a935/detection 187.126.242.235:2222 # Reference: https://www.virustotal.com/gui/file/3df641748ce9649ec6625ca56bffdeacc77d0401e56623f9f786714478b6c4cf/detection 187.126.242.235:333 # Reference: https://www.virustotal.com/gui/file/3a52673575352f2e2c92de0f5278a4851b2c41f8a9fa3893d148a8686b5ef5a5/detection 152.246.119.195:6000 152.246.119.195:7000 152.246.121.23:6000 152.246.121.23:7000 # Reference: https://www.virustotal.com/gui/file/e570d0257f4e4ecca00963ffa5037b47a47d7095e583142dffc17c830d6f4404/detection 152.246.242.134:555 # Reference: https://www.virustotal.com/gui/file/a64e59ca45cca1f76dcccd1133b8ed1e7a38bb1ec5b9b0b59c0e29e3fc1abf8f/detection 152.246.159.95:555 152.246.38.158:555 189.201.239.249:555 # Reference: https://www.virustotal.com/gui/file/a69a3f554f10cd4e783d661a64b0602c3a27c4f82dd4a248a3dbd862ab9e4b46/detection 152.246.212.34:333 152.246.38.158:333 189.201.239.249:333 # Reference: https://www.virustotal.com/gui/file/5fc4356a2cb5599ef1438c3a237d952b814561a1f7b461dd7f47aea90c1760b9/detection 152.246.38.158:8080 79.134.225.27:333 79.134.225.27:8080 # Reference: https://www.virustotal.com/gui/file/70425c78192211fa613ff8b5ed3e0526c8c477dd1751e3fd0efcd7a9a8a07ae2/detection 189.201.239.243:8080 168.197.229.79:4000 168.197.229.79:1000 # Reference: https://www.virustotal.com/gui/file/2cdb395ef4181e494a648b1651ba079bbd27a00a31f765adf07b034d47e70890/detection 152.246.133.23:8080 # Reference: https://www.virustotal.com/gui/file/998bae2bbc2d3cd1850fd87567857c577cc1c5ce9faeb73f6112b753d0dce2b7/detection 168.197.229.19:8080 168.197.229.127:8080 168.197.229.127:4000 168.197.229.19:4000 168.197.229.127:7974 # Reference: https://twitter.com/ItsReallyNick/status/1222985472139579392 cugugugu.duckdns.org # Reference: https://www.virustotal.com/gui/file/8c9a0e53d965e7615cf4dad382238013a262449d8fa65bc14ff424eb8c5e2d7f/detection 23.106.160.1:2299 tugatuga.duckdns.org # Reference: https://www.virustotal.com/gui/file/72d02ba4cebd3e963eb9db394e1927eab46d671378b8393b7f55b65f34c444f4/detection 128.90.115.245:443 winuptade.zapto.org # Reference: https://www.virustotal.com/gui/file/16b4664969ce27b9914dc9d41b5baa16a341e00f442527efffd478a73a014fa1/detection 156.205.245.221:5552 # Reference: https://pastebin.com/raw/uGwudw5k # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1224004241062232066 216.170.126.36:592 webmasterbl.duckdns.org # Reference: https://www.virustotal.com/gui/file/9fdde98e1adcc204393795d30dd5731bdded681373161c7edd73ab09d6889fb3/detection 141.255.154.80:888 # Reference: https://www.virustotal.com/gui/file/906db2d677b2fb3fd7fd03ace459cad0547bd1a846cbe56e5e028de35b81e22d/detection 141.255.157.220:888 # Reference: https://www.virustotal.com/gui/file/b3c3d47e002f7915c2e055d05c0137a15bb9269240c211beee642530772fdc03/detection 141.255.154.80:888 # Reference: https://twitter.com/ScumBots/status/1226148003871952896 80.181.38.234:2222 95.233.69.34:2222 helpdeskcamfrog.ddns.net # Reference: https://www.virustotal.com/gui/file/4a14f219ba3aa5ee706fa3f3b40983059568093f2a877c75ef3ebbfdf21fa2f7/detection 79.30.213.227:2222 # Reference: https://www.virustotal.com/gui/file/5c3e5f15b9b8cee942cb36206a2f833bd9984d8a4ca667d8ffcf4dc4b6edef55/detection 45.247.4.138:2222 # Reference: https://www.virustotal.com/gui/file/a17998b84107140124c51e80f092403e7a6fc48a908e1634b2292e07c528bd39/detection 45.247.34.8:2222 # Reference: https://www.virustotal.com/gui/file/01034003a84fd8217b5082c97ae709439a1e3244dbb2d936af0df50d709f535a/detection 45.247.7.250:2222 # Reference: https://www.virustotal.com/gui/file/d5736a8fe118a0896596f9d3b23d26c00d49e3a4d2a0f0c0782d8d92882913fe/detection 45.247.153.34:2222 # Reference: https://www.virustotal.com/gui/file/0cdfd28ede6e7a2ff3c55271b7b32b88f428142aefdd7139b6f6699239dcf88e/detection 45.247.223.85:2222 # Reference: https://www.virustotal.com/gui/file/eeeb2e4f35936641b2f687497a064735436a7b18710455d6afae7faf7a1a7d21/detection 45.245.234.203:2222 # Reference: https://www.virustotal.com/gui/file/e7838ac0484850cb7c44914205e13dfd0c05126b895906a84c3528adb20fb68f/detection 80.181.38.234:1188 # Reference: https://twitter.com/ScumBots/status/1225876212075110400 52.143.135.40:1738 # Reference: https://twitter.com/ScumBots/status/1225796939045838848 89.78.12.203:333 # Reference: https://www.virustotal.com/gui/file/d5f6f85cbfd2c95b1a14d09fcf03447c7416dea7c3414d78122a00bbbcad1f7f/detection 216.137.209.114:1337 pullingaporter.duckdns.org # Reference: https://www.virustotal.com/gui/file/7f4ab1bc842d8339f0958e573182ef37ac8c2bac621ff5547182a5730260b077/detection 216.137.194.74:333 # Reference: https://www.virustotal.com/gui/file/94d8de73814162e6c93c9cf9bacf34f60438ac2ed50ab534d770325aea2617bc/detection 141.255.150.213:1111 hayas.hopto.org # Reference: https://www.virustotal.com/gui/file/7b184c5cca228af546bac79830f2a0270e0fa63ebee80af220c1cab99c48522e/detection 141.255.144.206:1111 # Reference: https://www.virustotal.com/gui/file/df4d41880d68d0a9b1131ce010bb76e077cd7605a94bd670e22e1d7c9b47ffad/detection 141.255.152.224:1111 # Reference: https://www.virustotal.com/gui/file/ab6e879d217ec77074d33c5576aed774faf582cfab6dc892ed606c3e1661056c/detection 141.255.144.197:3333 fackyou.myq-see.com # Reference: https://www.virustotal.com/gui/file/e3edccc1d312c7e843773918b6d3ecabd7462b2e4b17e20c696410d08d69953a/detection 141.255.153.71:333 ffaassl.hopto.org # Reference: https://www.virustotal.com/gui/file/0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15/detection # Reference: https://www.virustotal.com/gui/domain/memo445.ddns.net/relations 91.109.188.6:1337 91.109.190.9:1337 memo445.ddns.net # Reference: https://www.virustotal.com/gui/file/467d5848e6e532453dd0452ceabfe3995a12ec39e9cf1af4e31258dec21fc1f8/detection 45.247.72.194:3030 # Reference: https://www.virustotal.com/gui/file/54c74f8f5a82d5379cddf9f24331bc5d7389c810029be09d402c4954e399024e/detection 45.245.238.238:3030 45.247.126.145:3030 45.247.93.176:3030 # Reference: https://www.virustotal.com/gui/file/45815b72b91e1a1dd3ae9340f543eb5bc8a929df3f55714ab4fd913f07dc23b0/detection 168.235.111.253:8000 # Reference: https://www.virustotal.com/gui/file/8eca996c8223b75142fd73e79374585860b03a4d615bbb58e0999a403e64cd70/detection 168.235.111.253:6942 # Reference: https://twitter.com/ScumBots/status/1233071118145261568 # Reference: https://www.virustotal.com/gui/file/9be010b45a81a22f2d50c1d35f31384152c5b91dd7e3a1fe81b2c4fa95bb468c/detection 82.61.221.212:3000 # Reference: https://twitter.com/ScumBots/status/1236026843083558912 # Reference: https://www.virustotal.com/gui/file/b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b/detection 2.8.241.194:1605 steroidigo.ddns.net # Reference: https://www.virustotal.com/gui/file/2bb44181c7547a69b7ea6a4d7c13baba0e623dd5049c055ad3902b3e04c68f62/detection 141.255.147.5:1177 brwa0772.ddns.net # Reference: https://twitter.com/ScumBots/status/1237419849338494977 83.159.223.112:1604 # Reference: https://www.virustotal.com/gui/file/8acbacd3c0cf2aa0918107dfce43d4dbe2071fbad3561ef588654fb2e28b1e6c/detection 196.235.70.83:5005 # Reference: https://www.virustotal.com/gui/file/295a8276e98222a6589e2270d293964b7d49b99c13ab8f4e7a327e63d70652d1/detection 196.229.137.245:5005 # Reference: https://www.virustotal.com/gui/file/877267278069bab60988587079d7d3faa65e8f83b462de70d9ea881f19111634/detection 196.235.23.56:5005 # Reference: https://www.virustotal.com/gui/file/4224aad55ef5bacd7597fd954fb3ddcd1511b8b19295b81ef77bc929e360a9cb/detection 196.234.207.160:5005 196.234.209.127:5005 # Reference: https://www.virustotal.com/gui/file/f1691ed34f4150b8a265480f92047397a7f1ff908f8517c2057aaf66a6b977c4/detection 196.234.180.21:5005 196.234.135.188:5005 # Reference: https://twitter.com/ScumBots/status/1237963358986539009 # Reference: https://www.virustotal.com/gui/file/2ef9129b11a31d94a73eaeea4279ade2e58d84c121d3e97eeeb014093002da61/detection 141.255.156.41:8888 alougt.sytes.net # Reference: https://twitter.com/ScumBots/status/1239911265922945027 119.59.115.179:5556 # Reference: https://www.virustotal.com/gui/file/1587661de0883e18e7098468fde3a3f8d428ffa05ca2204ef4723661e7ce6c46/detection 178.124.140.145:6522 178.124.140.148:6522 # Reference: https://www.virustotal.com/gui/file/d3c22b07a86e188d39af6cd0003965b6c49cf927d71f00413f369f16dc70ea56/detection 35.247.209.230:1337 # Reference: https://www.virustotal.com/gui/file/dfbe56103ba0f2a6a2c10134d0a7bb480180f4d313f8265ee6ea386f13919a90/detection 35.247.209.230:1818 paulav1.sytes.net # Reference: https://www.virustotal.com/gui/file/232eb849f8e66aa9bd4347c0c9142f04c0f63b37c7941556925db1ebab4482d6/detection 185.165.153.228:9933 # Reference: https://twitter.com/ScumBots/status/1241609885344829440 101.98.203.110:6969 # Reference: https://www.virustotal.com/gui/file/1d95b2c065e5f5c4dee31cb336035caeb32a1c3dbdf0e4b1e2052fc7288d4c53/detection 193.161.193.99:51061 # Reference: https://twitter.com/ScumBots/status/1242206316694777856 193.161.193.99:8888 # Reference: https://www.virustotal.com/gui/file/e6eda9918b257e317e921d294b903f9488929fe7ef2efc0955bd141d19e15855/detection imaneblueyesvpn.ddns.net # Reference: https://www.virustotal.com/gui/file/de35000537e325fd8ed05003a1114b71aa7366f23a6185c9d8133a3793673427/detection 105.103.86.231:2016 # Reference: https://www.virustotal.com/gui/file/de35000537e325fd8ed05003a1114b71aa7366f23a6185c9d8133a3793673427/detection 141.255.152.217:333 # Reference: https://twitter.com/ScumBots/status/1242515854144798721 37.47.205.111:2685 miqas.ddns.net # Reference: https://www.virustotal.com/gui/file/8ec66f95ee3410aff78263f82b0bc0af8a0ce0db445c9ee5e04e7e14398be5b8/detection microsofft.sytes.net # Reference: https://www.virustotal.com/gui/file/22a14015aca71a9ed22019f1777be6b72e85c42139eecb58b3c8c171765ce222/detection 45.161.63.8:333 javaupdate.hopto.org # Reference: https://www.virustotal.com/gui/file/75ad02e0aea62552d29123e7f1ec9ce43808e15ee6c2143dab458bb25f110e1b/detection 45.161.63.8:1000 3030pp.hopto.org # Reference: https://www.virustotal.com/gui/file/ecd73a6d010ccea884e92491eb555dd244b9b3f8753febcabcdd40d006618a3b/detection 177.126.146.68:1000 # Reference: https://twitter.com/ScumBots/status/1243608169592619011 192.169.69.25:5540 # Reference: https://www.virustotal.com/gui/file/5fe64553142d63b68617515cb153bc2dd2ed78847c29d1cb6415004db582d2d8/detection 141.255.144.49:333 ie83.ddns.net # Reference: https://www.virustotal.com/gui/file/f2312c671bcf8024e02434aea312a057d44a4c39b0e4573e4e784a6ed981f888/detection qwer3341.ddns.net # Reference: https://www.virustotal.com/gui/file/97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530/detection patopapao.hopto.org # Reference: https://www.virustotal.com/gui/file/8ed36ddc1de819756d5bd110a6cc91fd0daba62cc4acefe3e27a427233befebe/detection 41.37.209.69:333 # Reference: https://www.virustotal.com/gui/file/5f9ddee77313e7549302a2bdef5b1fbf410badea33632b1830a694788299a0d6/detection 156.223.142.94:333 # Reference: https://www.virustotal.com/gui/file/5029a46dede9fbfc9725d5cb44d6505aa6fb2545ce852153131a71300a46adc1/detection 156.223.150.197:333 # Reference: https://www.virustotal.com/gui/file/f37dd4cf0e5cf5d5a967aa62c54e84610e93d8bdeae5a1cbfb8892bb000a8ab7/detection 156.223.227.74:333 # Reference: https://www.virustotal.com/gui/file/8d58467162a034fdab25c3d1a5b5ea9e879f6baf973300d248777f7d926c3718/detection 41.43.194.123:333 # Reference: https://www.virustotal.com/gui/file/482c3f44b3bb5e3851cf57526bd771a1d446110c155148f14e6de6b3f324a00e/detection 41.238.252.15:333 # Reference: https://www.virustotal.com/gui/file/cf5ac7af995125673232aa83ebe7834492c0e725299d11877889338f9b2244f5/detection 41.238.255.168:333 # Reference: https://www.virustotal.com/gui/file/0265df0f4f86a432ea3d7016c53ed7746278f50abfc3bfee52b03f965b2d5393/detection 81.61.77.92:8000 # Reference: https://www.virustotal.com/gui/file/70df5841dee4dd63adcd6a2ef47b943577bfcf5e02c8bda887c225846e8320bd/detection sihost.duckdns.org # Reference: https://www.virustotal.com/gui/file/25ecfdf7be4b09036ee2bf058ee9667d4f098aab012cca5ae7af6f2690f9dd96/detection 81.61.77.92:1000 # Reference: https://www.virustotal.com/gui/file/c963ed1aed3b00d7d07510746db53bec2cf7581024976607bbaa01e9baced4e7/detection 81.61.77.92:1111 # Reference: https://www.virustotal.com/gui/file/972494fe12432d3c2c5caebd7a206222fa5422543db36b6eafaa469b88bdefcb/detection appdwindows.duckdns.org # Reference: https://www.virustotal.com/gui/file/8c8d1561bf8a39d4e141d0af274fa8f98a331cb2bc2b726b8f643e16af82bb34/detection 141.255.159.124:82 41.109.208.25:82 # Reference: https://www.virustotal.com/gui/file/40bcbd7c430a2397d240c6a50f17e0306244ead03f36c7a557281106aeaeed2e/detection 41.109.184.203:82 # Reference: https://www.virustotal.com/gui/file/a7ec340204a447bbd3ae94ccf5924b4dc78c9195f61893ea62d0f3b7421d718d/detection 41.104.122.164:82 41.105.197.112:82 41.105.223.87:82 41.108.195.11:82 41.109.153.187:82 41.109.242.126:82 91.109.178.2:82 91.109.182.10:82 91.109.182.2:82 91.109.190.7:82 91.109.190.9:82 # Reference: https://www.virustotal.com/gui/file/00169bbfd209b3e2f36f39241beffe2ab1cbf3af157e6b0137e1cb7fee2e5e78/detection 141.255.157.195:3333 # Reference: https://www.virustotal.com/gui/file/ee47c9c73df3882da35d5f522a4f69fde300906504d496dcd39090a3118bf96c/detection 141.255.157.116:2222 141.255.157.116:3333 mohsosta1177.ddns.net mohsosta77.ddns.net # Reference: https://www.virustotal.com/gui/file/927f9e0a1a56671f8ca37a32a43ef9c16da0304954e06ca4f505fbf5106e7407/detection 141.255.159.137:3333 # Reference: https://www.virustotal.com/gui/file/a1922406f9eec1563fbb3f321c97aa7e2415ec3fe375a8d0ffc883812f56bf8c/detection 141.255.158.111:3333 # Reference: https://www.virustotal.com/gui/file/6c2ffc000f20a2d7e513805d594259549209e51343c3e78883367a82e4b5805d/detection 105.235.130.50:3333 141.255.159.45:3333 141.255.145.71:3333 141.255.146.159:3333 # Reference: https://www.virustotal.com/gui/file/26d10dfc83e3cc5ec9f58752e437388ecdf3bdb2f1ea1c58ab84082b950b38b6/detection 141.255.153.185:3333 # Reference: https://www.virustotal.com/gui/file/5bc1e8adc555d96cfa7c6c3581e5325641afaa9aed69b95674a8cb75ed0e52b4/detection 141.255.154.26:3333 141.255.155.129:3333 # Reference: https://www.virustotal.com/gui/file/01f9af6137da80ad3941c230b19df8ff6b9ebb123e0657007c7b362604382511/detection 105.235.130.14:3333 # Reference: https://www.virustotal.com/gui/file/819ad7f67583b21e9aa25c5a4e3157808d0b5a9805409da9e3ba59f49e8b4614/detection 141.255.158.194:3333 # Reference: https://www.virustotal.com/gui/file/7eaeb3390283985406e6335798db83d27938a29cccf7c2f56e9721383ddfd9e7/detection 105.235.130.43:3333 # Reference: https://www.virustotal.com/gui/file/d4c37fb2f809b31c35715b67edc2495f37e8b81ce2f9bb345493b95daeef4292/detection 129.45.80.100:23639 41.102.139.95:23639 41.103.0.224:23639 41.103.20.174:23639 41.103.24.77:23639 41.103.28.254:23639 41.103.3.81:23639 avastui.duckdns.org presentationfont.myq-see.com # Reference: https://www.virustotal.com/gui/file/8f776ef60b6298ca08dbd49d8f82ac5a51bc5c817bd663d6a25404c29730938c/detection 141.255.145.14:4000 h4es.ddns.net # Reference: https://www.virustotal.com/gui/file/f4ddbfe392971c8144ec0427a491cb22a35afd2062431dc7e7d4b9e2e8080eec/detection 177.126.146.27:1000 3030pp.duckdns.org