# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: crysan, 3losh, 3loshrat

# Reference: https://twitter.com/suyog41/status/1130804704152305664

mikus192091.ddns.net

# Reference: https://twitter.com/luc4m/status/1106618159522635776

queda212.duckdns.org

# Reference: https://twitter.com/CERT_Polska/status/1072793091856392192
# Reference: https://www.cert.pl/news/single/trojan-oraz-ransomware-w-kampanii-podszywajacej-sie-pod-inpost/

213.152.161.99:47390
213.152.161.100:47390
213.152.161.101:47390
213.152.161.102:47390
213.152.161.103:47390
213.152.161.232:47390
213.152.161.233:47390
213.152.161.234:47390
213.152.161.235:47390
213.152.161.99:47392
213.152.161.100:47392
213.152.161.101:47392
213.152.161.102:47392
213.152.161.103:47392
213.152.161.232:47392
213.152.161.233:47392
213.152.161.234:47392
213.152.161.235:47392

# Reference: https://twitter.com/Threat_hunts/status/1135810121227882499
# Reference: https://app.any.run/tasks/5ad34df1-b5a8-415f-9496-334d9bfdd7b1/

95.167.151.253:7707

# Reference: https://twitter.com/James_inthe_box/status/1141072205771448320

kizzoyi.duckdns.org

# Reference: https://twitter.com/powershellcode/status/1148234398703030273

internetexploter.duckdns.org
systenfailued.ddns.com.br

# Reference: https://twitter.com/DynamicAnalysis/status/1165901579536539649

79.134.225.90:4782

# Reference: https://twitter.com/James_inthe_box/status/1167217092245872640
# Reference: https://app.any.run/tasks/8eb2d184-08ec-40ab-8742-32f6988c5638/

23.105.131.169:6606
193.56.28.173:7707
193.56.28.173:8808
rownip.3utilities.com
rownip.mooo.com
rownip.theworkpc.com
rownip.dyndnss.net
rowanyne.ooo

# Reference: https://twitter.com/JAMESWT_MHT/status/1169142417754337281
# Reference: https://app.any.run/tasks/308651b4-37c0-4c66-87ba-5bf05d1ff411/

79.134.225.115:4404
eg-east.com

# Reference: https://twitter.com/dcTavvy/status/1188352813937463298
# Reference: https://app.any.run/tasks/6aedb064-1078-4304-b1e8-a8205a5ba698/

193.161.193.99:43158
Lolikot-43158.portmap.host

# Reference: https://twitter.com/JayTHL/status/1197240502699073537

5.62.41.111:5320
91.193.75.151:5320
netty.myftp.biz
ify.insidedns.com

# Reference: https://www.virustotal.com/gui/file/598ba7562062467fbf05d47bfadf27578a8ed4d5d5abdf17a5a4820ad71651bf/detection

3.19.3.150:6606

# Reference: https://twitter.com/w3ndige/status/1214596648644620288
# Reference: https://app.any.run/tasks/509acd2f-9474-44d4-aac2-d186a4716bef/

g.top4top.io

# Reference: https://twitter.com/killamjr/status/1217630017116499968
# Reference: https://app.any.run/tasks/2517942c-3364-4d56-93ab-cfa47fd14299/

101.86.170.36:1199
45.11.19.240:7707
xred.mooo.com

# Reference: https://www.virustotal.com/gui/file/cc7a634047451f72a51766d1b6e33ce8a154579d80f6abcf9a109ff64c22f3a6/detection

177.98.43.164:7707
skypeprocesshost.ddns.com.br

# Reference: https://www.virustotal.com/gui/file/0c8a1d1eb4a0ee3ca2cf22cb4ede61f85e5170885549769984110edb6b64a236/detection

179.95.221.147:6606
179.95.221.147:7707
179.95.221.147:8808
workwinrarhost.ddns.com.br

# Reference: https://www.virustotal.com/gui/file/b1a7fda679c569e51e4b1239d044bb6e6e1f3557ccd2060c32a11b0978919b2d/detection

177.206.102.68:7707
177.206.102.68:9830

# Reference: https://www.virustotal.com/gui/file/366c8707d33501338e524e4c70f8b10ac993341134aa28b32a550f06911ba646/detection

191.32.227.90:7707

# Reference: https://www.virustotal.com/gui/file/d60372f5bbed48ea826b894402e4412a478979b590bed2b9b0d1d84017549bd0/detection

177.133.237.246:9830
179.180.17.194:7707

# Reference: https://www.virustotal.com/gui/file/9fbc310b2579816b488dbc44485acd418b20a72ef8dceb558f645a735fe10f05/detection

177.98.43.164:6606

# Reference: https://www.virustotal.com/gui/file/4913ae8055d7c6f225c0bd63ffceb28138483b39d9887de8ebcc8773e9d0d46f/detection

177.98.43.164:9830
workwinrarhost.ddns.com.br

# Reference: https://www.virustotal.com/gui/file/9a3e8a5bd3bfae58180089d27f1e23ba5f8118272b903a4ce99047969874a989/detection

177.133.246.134:9830

# Reference: https://www.virustotal.com/gui/file/ef332bc4cca2207ceb999f77d3e8a02b9d3b2c475d39310d2f1b09ae8f335de9/detection

177.133.246.134:7707

# Reference: https://www.virustotal.com/gui/file/6ede0a69b6d4d7b9cddc97ed35f58a284427fa92923d7a3e9e1442a5a0ad1b46/detection

177.98.127.109:7707
177.98.127.109:8808

# Reference: https://www.virustotal.com/gui/file/87571c558c0c211cd407d87217a3a64240736fb6645919e970dadef3680975ef/detection

177.133.235.48:6606
177.133.235.48:8808
177.133.235.48:9830

# Reference: https://www.virustotal.com/gui/file/d0ca0770e89e27b72703029c7900853a655be67c65fb1bcbd0c652eceb3b384f/detection

177.75.41.182:6606

# Reference: https://app.any.run/tasks/5e7bb6ce-39e9-4243-8802-968c8fb28753/

cloudclout.duckdns.org
79.134.225.38:7707

# Reference: https://app.any.run/tasks/823454cc-ac69-47d8-821a-262f4226ca10/

sbmsbm20.duckdns.org
64.225.20.238:2030

# Reference: https://www.virustotal.com/gui/file/712bc10802ec06baeb0774fa92d2816c477d6a5dceb0ac9960120344fcf7e1f7/detection

141.255.159.75:6606
141.255.159.75:7707
141.255.159.75:8808

# Reference: https://www.virustotal.com/gui/file/55618c029549b2e2f8919902d09c19658e98390cc3e3faeb05743f091e22818d/detection

79.135.146.203:6606
79.135.146.203:7707
79.135.146.203:8808

# Reference: https://app.any.run/tasks/5bbbc0e9-1c84-413d-be8e-371aa483f11b/

141.255.146.30:6606
141.255.146.30:7707
141.255.146.30:8808

# Reference: https://app.any.run/tasks/f44c32ed-727b-437b-9249-743b5ae74ed4/

185.140.53.12:21000

# Reference: https://twitter.com/wwp96/status/1236015091029590017
# Reference: https://app.any.run/tasks/7a110950-e58a-4f0a-80ab-fc17c39d38cd/

185.140.53.154:6606
185.140.53.154:7707
185.140.53.154:8808

# Reference: https://twitter.com/JayTHL/status/1240390421467074561

216.38.8.179:5505
216.38.8.179:6606
216.38.8.179:7707
216.38.8.179:8808
peacelist.ignorelist.com

# Reference: https://app.any.run/tasks/96716bfb-5070-40e4-bda5-d6573d7e1e55/
# Reference: https://app.any.run/tasks/d292b50e-71d7-46c2-9c75-3c053b7c36cd/

46.183.223.29:6606
46.183.223.29:7707
46.183.223.29:8808

# Reference: https://twitter.com/James_inthe_box/status/1243161779212935168
# Reference: https://app.any.run/tasks/393f52ea-8176-4081-9f69-2e4706e7f27a/

51.75.154.242:1515

# Reference: https://www.virustotal.com/gui/file/77e5748478eb6c6064e118bd35ef28f90bfd0eb908eee0291b994c9a6d5b11f5/detection
# Reference: https://www.virustotal.com/gui/file/b892431179d2ed7f4b5c68eff968491b7716a067b6ab16caa5e204c9766d5bcf/detection

41.104.11.200:7707
41.104.122.164:7707
41.104.221.163:7707
41.105.197.112:7707
41.109.189.104:7707
41.109.193.177:7707
41.109.228.158:7707
41.109.242.126:7707
91.109.176.6:7707
91.109.178.2:7707
91.109.178.6:7707
91.109.182.2:7707
91.109.182.3:7707
91.109.182.5:7707
91.109.186.5:7707
91.109.188.10:7707
91.109.190.2:7707
91.109.190.7:7707

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

77.247.127.128:8855
88futur.xyz

# Reference: https://twitter.com/James_inthe_box/status/1250441655452237825
# Reference: https://app.any.run/tasks/a8c80640-e0bc-499c-bd8b-de1c9166d4dc/

45.32.167.239:6606
45.32.167.239:7707
45.32.167.239:8808
hdkshnfk.ddns.net

# Reference: https://www.virustotal.com/gui/file/51482d0164957eec01b4916354b5a992e6705655bcb44ca4b0b2a520e3b64e6c/detection

192.169.69.25:6606
192.169.69.25:7707
192.169.69.25:8808
soucdtevoceumcuzao.duckdns.org

# Reference: https://www.virustotal.com/gui/file/626879e64f571e21902bdc2f249ce247e03420e8656990d54f3ab4ceb99b4fb4/detection

105.111.80.222:4000
azure34.mywire.org

# Reference: https://twitter.com/ScumBots/status/1250963567366545408
# Reference: https://www.virustotal.com/gui/file/b465ae7940f04cb8b6f6baf9a288eecb5e405290bf48b18fe70ba41e9cc97389/detection

192.169.69.25:4000
amazon34.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5abfea336ec1f8f078499dd4713d65b5e75c59243b6137af1f5297706413dc63/detection

105.103.214.89:4000
amazon3407.mooo.com

# Reference: https://www.virustotal.com/gui/file/6f5567af58976eb61af59c7edf1e5cdad7e3cd2fc60c16b123dfa53cd44e8f6d/detection

85.229.141.17:1337
92.34.156.156:1337
bob1337.chickenkiller.com
getconnected.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/762a570980637077dbf431c691c38de20e50474d0c67003b4483c6f20a16e533/detection

129.56.25.121:6743
asyncrat6743.ddns.net

# Reference: https://www.virustotal.com/gui/file/5e6bd1b03148962cff91b0f6a1d4e915bafd1049931d5d4ff2bda151bd761e28/detection

unknownamehost.ddns.net

# Reference: https://www.virustotal.com/gui/file/f17981f481d0e31ac51cbf66b5c94d3f73d5a2647a158370ab9e6b3357a00f9f/detection

unknowhostname.ddns.net

# Reference: https://twitter.com/ScumBots/status/1250960155900104705
# Reference: https://www.virustotal.com/gui/file/5a4958af2c13c0a9a6eff86bb5f4fd339a85a66249a22278cc5b50cecd89188a/detection

88.208.245.177:1443

# Reference: https://www.virustotal.com/gui/file/8c344acd0dfc01ac093b4a4407cd2f126f74bae0ca5b66f92912d522160ac639/detection

103.82.249.19:8808

# Reference: https://twitter.com/mahnyan1/status/1251321072865042435

babyboyhammer2.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e9c607f263a990db1bf0465c8688ed7ce7e5f294845041fb56af313df34f45df/detection

176.31.26.213:6606
176.31.26.213:7707

# Reference: https://www.virustotal.com/gui/file/7bebcd498c41f74199691dd8c0d9144f562b4c71dc9c96607260689397ba2285/detection

178.209.46.144:20108
73ch91ch13f.100chickens.me

# Reference: https://www.virustotal.com/gui/file/a0e26b77db21ef8899c3b18fa562a53f51b37a3cb8677034bbd8c2c5b37cf78b/detection

193.161.193.99:61436
karakan123-50010.portmap.io

# Reference: https://www.virustotal.com/gui/file/dd8069de43a40341482301c95b3a05d0201a9386a5c586b17451ca37447dd1ac/detection

152.246.228.24:6606
152.246.63.32:6606

# Reference: https://www.virustotal.com/gui/file/1c7dccd9e95acff427990af9670ad69d54fcc056aa0eb7744ec8f22d35088c45/detection

193.161.193.99:56282

# Reference: https://twitter.com/ScumBots/status/1250963480783527938
# Reference: https://www.virustotal.com/gui/file/31345f8b3aefaaa13a783f4febe071bb8da7ae27f5f5c06024f9f29db0116321/detection

192.169.69.30:6606
192.169.69.30:7707
192.169.69.30:8808

# Reference: https://twitter.com/ScumBots/status/1250963998922739712
# Reference: https://www.virustotal.com/gui/file/91ecc56db47e5fe085075ff0d7fa76d2911e787734b95b81a4570a15a45444b9/detection

192.254.74.210:6606
192.254.74.210:7707
192.254.74.210:8808

# Reference: https://twitter.com/ScumBots/status/1250964170302009344

cmradelucifer.ddns.net

# Reference: https://www.virustotal.com/gui/file/9ee035f65117dd6ead3f1da5a952df99efbaa39c7345fc11f8ccbbb6ecf86037/detection

168.197.229.117:6606
168.197.229.117:7707
168.197.229.117:8808
79.134.225.20:6606
79.134.225.20:7707
79.134.225.20:8808

# Reference: https://www.virustotal.com/gui/file/4a5cea334cdd0c4042498850f591717d0677fb606331d11210f7b5d2b3a27ff2/detection

213.213.206.18:3306

# Reference: https://www.virustotal.com/gui/file/d09e5b5fabdfa8578b377d46b44fcddc0772a92750e4ead921e2e56e97cdda35/detection

185.165.153.95:8989

# Reference: https://www.virustotal.com/gui/file/a3f870eeaf9cb8e486363b1ff8e1fb79937ed85bab6237ee6123125ad3a43290/detection

186.53.186.235:4132
yugdab.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1b5e3eb733257954a9dd28f6a3e081d941deaa73418d4b22beaa3200a8f96285/detection

41.140.208.184:6606
asco.dynu.net

# Reference: https://www.virustotal.com/gui/file/0e0bf4239bf7472066cb37ab517d74b1102c69af9e0feca64d567dff879ae1eb/detection

69.171.248.112:5557
8701.viewdns.net

# Reference: https://twitter.com/ScumBots/status/1251156576615849985
# Reference: https://www.virustotal.com/gui/file/419fa3facde23e4b18afe0c7f7198844f3ee9e28da6e39f2e2e9e60c41e83570/detection

193.161.193.99:63374

# Reference: https://www.virustotal.com/gui/file/9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422/detection

192.169.69.25:6606
192.169.69.25:7707
192.169.69.25:8808
number2.duckdns.org

# Reference: https://www.virustotal.com/gui/file/aff7d626d09099f6aaf329f1b2e0623a378b45fdf4536ad83e63efc87e7e0865/detection

124.50.195.153:5050
kkk1046.kro.kr

# Reference: https://twitter.com/ScumBots/status/1251180572711550983

103.18.14.217:1337
dedsee2c.accesscam.org

# Reference: https://www.virustotal.com/gui/file/923092b6cec8aaa0cd11fefa625ed17f98702edac91c3a52beaf7e54f6e5f784/detection

13.235.76.244:1337

# Reference: https://www.virustotal.com/gui/file/582fb62f0d92afaee2dc79108622667cc62d298cafbde3d1e2ec1738c977f4a6/detection

nohostname.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251180991995088900

103.244.74.228:46839

# Reference: https://www.virustotal.com/gui/file/36b272fbada18f510fa34a479fa391131797f13218f6756c52825d9e7711be6e/detection

41.103.199.216:1337

# Reference: https://www.virustotal.com/gui/file/850bcc510ee39c6d6dde91f041bcb276b74a8101c84279a35c0a3570a4e6440d/detection

poiuytrewq3341.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251181425933647877

dqrkodz34.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251181595635126274

jess19991102.ddns.net

# Reference: https://www.virustotal.com/gui/file/d4a629944bf1e03d43a04b530f9606d8315b84e847c83042427224011f3067ba/detection

193.161.193.99:36811
hussaryn-36811.portmap.host

# Reference: https://www.virustotal.com/gui/file/c338d425a1293b82ac13c856c43d588ce0053b27349620b7353273a42a04d845/detection

jess19991102ddns.com
jess19991102.ddns.com

# Reference: https://www.virustotal.com/gui/file/0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e/detection

204.14.73.154:8080
bomi.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1251182632517410817

salsamania.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251183213747277826

googledrive.dynu.net
googledrive.linkpc.net

# Reference: https://www.virustotal.com/gui/file/f71eaaf23ecba6aafc314f3d42badafb4430b1be62a1ba325c592b258b8f1319/detection

213.152.162.84:9040

# Reference: https://www.virustotal.com/gui/file/ee1e5a4ee19c1b613aaa82b48e313c6e3eeb5874d7593809c2207037254a57cc/detection

fertun-29801.portmap.host

# Reference: https://www.virustotal.com/gui/file/2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f/detection

176.232.239.198:5060
denemeiso1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0/detection

13.235.23.234:1337

# Reference: https://www.virustotal.com/gui/file/e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12/detection

noregisterdomain.zapto.org

# Reference: https://twitter.com/ScumBots/status/1251185289055350784

87.14.96.105:1303
emmek.crabdance.com

# Reference: https://www.virustotal.com/gui/file/b76b157a8d6ccfd5cc7ea8eed54af4d0aab9e97f8d641f886617252d9acc48bc/detection

41.100.199.86:5555
clayroot2016.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1251185716111069184

am164.kro.kr

# Reference: https://www.virustotal.com/gui/file/f25f43f5cea51647e82413accd831b93fe8c2b7f072fc1468cd1d13bf08224ec/detection

136.243.31.186:1608

# Reference: https://www.virustotal.com/gui/file/1298f1fd280d2768e2a5e3f1089ec3ad18e17cade3fbeb78be864d9c3caff337/detection

173.238.140.238:6606
173.238.140.238:7707
173.238.140.238:8808
bshades.ddns.net
dark-comet.ddns.net

# Reference: https://www.virustotal.com/gui/file/47979eca9030c7f8de4c86c048e17efa02f66c6aed8a52c24dbd4bd7b0692b88/detection

75.80.221.198:1604

# Reference: https://www.virustotal.com/gui/file/5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47/detection

sam144169-56334.portmap.io
webforma.chickenkiller.com
webdata.ddns.net

# Reference: https://www.virustotal.com/gui/file/610a58f5e46ffe61093dad4ef8528df34894d29347a1eec0224a87bba7864b8f/detection

46.237.79.53:8080
rat24695.ddns.net

# Reference: https://www.virustotal.com/gui/file/5b18ab7442af71b0ba9293b200fa26961e6de7b98d51456644aa58d307dc0e1f/detection

154.16.248.14:3230

# Reference: https://twitter.com/ScumBots/status/1251187877255528448

112.149.90.49:5050
hyungwoo.kro.kr

# Reference: https://www.virustotal.com/gui/file/03a58d54e04d346d4d06637a40834795431147472e07c815a0fee27475bcc970/detection

a24369093123.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251188552500723712

40.114.49.176:4040

# Reference: https://www.virustotal.com/gui/file/b796ac10d1f3133ca6b77141e50e414f1fc704299884d0b0fb676ab0db7fed89/detection

yesweekend12.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251189068190318593

213.152.162.84:9040

# Reference: https://twitter.com/ScumBots/status/1251189153976516610

unregisteredhost.dynu.net

# Reference: https://www.virustotal.com/gui/file/516c73d324fa23f5aaf50bf9306c2d5aa3d55b0b8c9be60e273ac3c1895f15f3/detection

23.249.168.43:9090
ccmorgan.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f0eb9cb0a88f2e88881e06ce961c2da388475c1b595f2669c57e0cf1b5eb7677/detection

41.143.216.51:1738
asco.dynu.net

# Reference: https://www.virustotal.com/gui/file/44e550a4dbdc40e1cacca65b7e516618558c0d2114b3641cda6ddd69190ed8b9/detection

141.255.155.90:9023
nonamehost1.zapto.org

# Reference: https://twitter.com/ScumBots/status/1251189930300227584

anonauth.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251191403851505665

216.246.49.165:6606
216.246.49.165:7707
216.246.49.165:8808

# Reference: https://twitter.com/ScumBots/status/1251191570986082305

82.84.85.59:1608

# Reference: https://twitter.com/ScumBots/status/1251191655589445635

62.108.37.42:6606
62.108.37.42:7707
62.108.37.42:8808

# Reference: https://twitter.com/ScumBots/status/1251192193597014016

84.51.52.166:6606
84.51.52.166:7707
84.51.52.166:8808
kingspy.duia.eu
kingspy.noip.pl

# Reference: https://twitter.com/ScumBots/status/1251858682108956672

61.69.131.134:1604
yilmazkocakau.ddns.net

# Reference: https://twitter.com/ScumBots/status/1251915307536580608

141.255.146.238:6606
141.255.146.238:7707
141.255.146.238:8808
alltricks.hopto.org

# Reference: https://www.virustotal.com/gui/file/cd61eefce1bda8e8fd7d6f38bb9e6d70b4f1d90efb039a1346d890eeedbd63ef/detection
# Reference: https://www.virustotal.com/gui/file/ae089f74371ab598c6cf00e6debbb9d70c091d90641c406b4aa4c88e3fa81c25/detection

41.42.6.83:6606
41.42.6.83:7707
41.42.6.83:8808
81031.ddns.net

# Reference: https://www.virustotal.com/gui/file/5185c0e1245a6ef3f2e38459095098a085e1b3f0fb75c7aa657df068be3334dc/detection

41.35.15.87:6606
41.35.15.87:7707
41.35.15.87:8808

# Reference: https://www.virustotal.com/gui/file/31846d250a4f71ff4d5348ba0417584e560f6a93a949bba415a9efd261a41e17/detection

77.78.103.70:222
qwerty123123123.hopto.org

# Reference: https://twitter.com/Racco42/status/1255493982420942856
# Reference: https://app.any.run/tasks/9e6d5087-6d1d-44b5-9ac4-349e14df5eb9/

62.102.148.158:62727
panda45.duckdns.org

# Reference: https://bazaar.abuse.ch/sample/5be39967ba90f3766fa81f354a61102a7ddf6bc19ec282e56727abb6dafb973c/

185.244.29.175:7071

# Reference: https://www.virustotal.com/gui/file/3e9fc29f4f0edfaebea7d78f2de99dc5dfdcd440fc8afc2fc8be0d9a6e10466e/detection

188.52.75.171:5558

# Reference: https://www.virustotal.com/gui/file/646bd5449aa3c3d5d029daeb30efbb49c68209ec434f4216593952d1310343ab/detection

80.200.143.32:5353

# Reference: https://www.virustotal.com/gui/file/f6270d604a6e859c46733c14315da1dc07d7c50eea5cefd427e915c7c726cd24/detection

191.250.107.152:6606
191.250.107.152:7707
191.250.107.152:8808
pointblankbrasil.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ffb897728bb3cdaf183b6346255551615e9de81c4178a74cfdf92c8a03dc11c1/detection

91.109.188.2:1010

# Reference: https://www.virustotal.com/gui/file/9a512140b526841ae759063ba36e46b1812c105d9cc94f8dfe11ff69f3cbb336/detection

51.39.198.26:6606
51.39.198.26:7707
51.39.198.26:8808

# Reference: https://twitter.com/ScumBots/status/1257439484339277831

141.255.158.227:6606
141.255.158.227:7707
141.255.158.227:8808
jnhacker.con-ip.com

# Reference: https://www.virustotal.com/gui/file/8e0bde81c9e355be99d2fd2a8cd0a1ff088ccb9e4d846323a07c20948e385497/detection

42.116.41.65:3979
kingspy.ddns.net

# Reference: https://twitter.com/ScumBots/status/1257437270765953025

191.250.107.152:6606
191.250.107.152:7707
191.250.107.152:8808
mydnshome.ddns.net

# Reference: https://www.virustotal.com/gui/file/78f70e9f02eb5434bb36715f107a092a695b060a3e4dba41e6d6213813d6f6e3/detection

86.7.195.44:7777
nfrurqcjthnjznd.ddns.net

# Reference: https://twitter.com/ScumBots/status/1257468146027503618

93.22.123.135:6606
93.22.123.135:7707
93.22.123.135:8808
backdoor.mcrage.me

# Reference: https://twitter.com/ScumBots/status/1257751258787700743
# Reference: https://www.virustotal.com/gui/file/046b3e5c4418660a9eed9ffc4e9769df9e133eb96b40e2585eec87cf202d9b0b/detection

41.109.165.237:3000
cappa.myq-see.com

# Reference: https://www.virustotal.com/gui/file/509607c23436a0d4ef33b21734a19aa129fbcd63bad4cb2965f06fc3f32c2554/detection

41.105.203.238:3000

# Reference: https://app.any.run/tasks/4c0659cd-b563-45a9-93ca-77b82e795fba/

193.161.193.99:56769
unity123-56769.portmap.host

# Reference: https://app.any.run/tasks/bca9407f-6879-4ca7-9dc9-c5c7d9472e38/

193.161.193.99:7112
193.161.193.99:45885
reality-45885.portmap.host

# Reference: https://twitter.com/ScumBots/status/1257955102553448451
# Reference: https://www.virustotal.com/gui/file/5d5d00143b5f578c0293a7cd806009ecd8da5b30d713ebdfb4fcfb83b85e31c1/detection

108.168.118.205:4782
havingfun.chickenkiller.com

# Reference: https://twitter.com/ScumBots/status/1258452953662439429

103.74.18.65:8899
103.74.18.65:9090
webdata.ddns.net
poda.duckdns.org
poda.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/e2dd6989c2d9bd1038f5c6e741f4cdfa9b4584739fabf98db244f7763607178f/detection

asyncrat.ddns.net

# Reference: https://bazaar.abuse.ch/sample/43264fd31d2b8ce6104a5daf7cf933d315e21e2a968998591361c13fbc365baf/

194.5.97.223:6204

# Reference: https://www.virustotal.com/gui/file/b611859ca933afe409d9c00d3c75fb42a4049ccee735afd2123e566bbf066c29/detection

185.140.53.43:4444
lagba10.ddns.net

# Reference: https://www.virustotal.com/gui/file/34e20c34bb369fb81054fe19e90916e62251720cca8b961942f9ebbcb669919a/detection

193.161.193.99:25270
hiddensick-25270.portmap.io

# Reference: https://app.any.run/tasks/88548d77-fbc2-421d-be4b-2da16bd0b5f3/

193.161.193.99:34785
Slxthy23rf-34785.portmap.io

# Reference: https://twitter.com/ScumBots/status/1261669580067549186

5.9.221.55:6606
5.9.221.55:7707
5.9.221.55:8808

# Reference: https://www.virustotal.com/gui/file/32501c0b743c1a550d9f4a24c73a6e58cb7e7a24919cdea9e85bd7d417273806/detection

220.120.90.123:6060
am164.kro.kr

# Reference: https://twitter.com/ScumBots/status/1262284883466096640

115.23.99.222:2256
dokdo2256.p-e.kr

# Reference: https://twitter.com/ScumBots/status/1262417002142085121

79.134.225.101:5552

# Reference: https://twitter.com/ScumBots/status/1262647276843028480

59.26.17.108:1212
obidori.kro.kr

# Reference: https://www.virustotal.com/gui/file/31f8ef6bce5d3c220c3fb531b699dc5026b343bd0e76f3dd9fc9359dc86936d0/detection

115.23.99.222:2256
dokdo2256.p-e.kr

# Reference: https://twitter.com/ScumBots/status/1263461921547747329

128.199.41.159:2001

# Reference: https://twitter.com/ScumBots/status/1263674037227659264

61.81.92.38:1212
test9909.p-e.kr

# Reference: https://twitter.com/JayTHL/status/1263709348422967296

123.240.25.197:1604
asdf3341.ddns.net

# Reference: https://twitter.com/ScumBots/status/1266652411889926146
# Reference: https://www.virustotal.com/gui/file/298587d8c8a376568ed09d332f329f3a4282e96e905f4569fbf24223ed10e491/detection

77.162.55.86:6606
77.162.55.86:7707
77.162.55.86:8808
monsternetwork01.ddns.net

# Reference: https://twitter.com/ScumBots/status/1268143488413118464

193.218.39.43:8686

# Reference: https://twitter.com/ScumBots/status/1268532368790491137

188.250.211.240:3715
diass.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1269007937349058560

193.161.193.99:21292
allan4053883-60334.portmap.io

# Reference: https://twitter.com/ScumBots/status/1269358998307983361

64.225.66.117:1331
64.225.66.117:1332
kr142.duckdns.org

# Reference: https://www.virustotal.com/gui/file/86636201a899e360ad6fae1b71304c625ed6395ddf99e6b09906617da53ee93b/detection

91.193.75.208:3000

# Reference: https://www.virustotal.com/gui/file/8228d1299256a23377e57d575160dbd58f9ac46598c5c90b321743e366f3d09a/detection

173.225.115.144:6606
173.225.115.144:7707
173.225.115.144:8808

# Reference: https://twitter.com/ScumBots/status/1269910131933921281

42.119.15.63:3189
kingspy1301.ddns.net

# Reference: https://www.virustotal.com/gui/file/d2d1030a5a122043c7a99b3f2c1b1d456be205033ed1327a0b4780f723a5e362/detection

42.117.191.69:8386

# Reference: https://app.any.run/tasks/5b5cba25-c74c-4c2c-80c5-c2f2c9156e6c/

128.74.42.86:6606
128.74.42.86:7707
128.74.42.86:8808
logan1h.ddns.net

# Reference: https://www.virustotal.com/gui/file/b8ff21e26e0da11d7146dd250b71206c698275e312bff612b38380e38385a4c7/detection

193.161.193.99:42300
193.161.193.99:6606
193.161.193.99:7707
193.161.193.99:8808
xaz19og-42300.portmap.io

# Reference: https://www.virustotal.com/gui/file/e235e749a792841f78e1fcc8ddfea4d9c31471aaaa3df6928a43a96a8235698e/detection

102.42.76.37:2001
al3bkri13456.ddns.net

# Reference: https://www.virustotal.com/gui/file/b891b61de4a7c50a50bffa4fb1394c696c25f80717ed57363f4e1a4a216973bb/detection

94.60.172.123:4500

# Reference: https://app.any.run/tasks/01c6c449-cfe1-4e4a-b34c-3536b67599af/

193.161.193.99:48736
WindowsDefenderNet-48736.portmap.io

# Reference: https://app.any.run/tasks/38f351cc-2e3e-4980-9a6d-4ceb645e4cbb/

195.2.93.77:8808
servesvpn.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1270744376042553345
# Reference: https://www.virustotal.com/gui/file/4e8ca2787e65b0edaa21180883b642d7b3b7f85140ab7fc03d09c30da124dc5b/detection

193.161.193.99:1337
193.161.193.99:52390
sdsd33-43977.portmap.host

# Reference: https://www.virustotal.com/gui/file/ae84c5af88241d3bb2e75160c53c6cdaee23555e0a83f0b9b5f218fe525c67b0/detection

82.205.2.127:6606
82.205.2.127:7707
82.205.2.127:8808
googlexfx.ddns.net

# Reference: https://twitter.com/ScumBots/status/1271484250349547521

109.247.81.119:23818

# Reference: https://twitter.com/ScumBots/status/1271514445739634689

105.108.81.5:333
b34.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b1421de897b9903d393051f42730ac0fc7c19a3115f7b2fb019f2f7edd28e2af/detection

185.140.53.247:4723
sukasa.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/3af55f9bb1a968506ea79b9f24d4a61f99d07e652af05bc5c557f13c19343a03/detection

18.197.239.5:10611
18.197.239.5:25565

# Reference: https://www.virustotal.com/gui/file/3f240073edad176ed8dc359ec2420361d67368ed7859bece7b94180c9deba172/detection

18.197.239.5:11328

# Reference: https://twitter.com/ScumBots/status/1272224126346964993

89.182.127.205:9955
fifa2020-ps4.ddns.net

# Reference: https://www.virustotal.com/gui/file/6313e287489f083c691693a5582888ea7ab7e3d03c81612012dec332d27c66e2/detection

185.140.53.11:2079
185.140.53.11:6606
185.140.53.11:7707
185.140.53.11:8808
212.225.226.30:6606
212.225.226.30:7707
212.225.226.30:8808
bazilspain.dynu.net

# Reference: https://www.virustotal.com/gui/file/67cd0179d490d478ba231ee4719aa7e1427045de0067a24a0adc91f33fdcac3d/detection

212.225.226.30:2079

# Reference: https://www.virustotal.com/gui/file/621b16461f4c6844bb3438e8cc872ae6d81414bd2e60cc097e2af348697fd088/detection

39.108.140.215:60006
39.108.140.215:9999
2ee51a1ab0951a62.natapp.cc

# Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/

84.38.134.21:6606
84.38.134.21:7707
84.38.134.21:8808

# Reference: https://twitter.com/ScumBots/status/1273960570220404739

193.161.193.99:62895

# Reference: https://twitter.com/ScumBots/status/1274107785345712132

45.74.26.57:5326

# Reference: https://twitter.com/ScumBots/status/1274213483081596929

43.251.103.150:8848

# Reference: https://twitter.com/ScumBots/status/1274349378992582657

193.218.118.190:6666

# Reference: https://twitter.com/ScumBots/status/1274432429110034432

45.138.157.147:1111

# Reference: https://www.virustotal.com/gui/file/f83df0f45665f9f5d7d1e888cf778bb4440850503e24821bb0d976e86a5e87e8/detection

77.30.137.105:6606
77.30.137.105:7707
77.30.137.105:8808

# Reference: https://www.virustotal.com/gui/file/7528e56efe65fa4b61c7f7156e8d178473051f88d1dc1174378867bdef381f05/detection

202.79.168.134:3399

# Reference: https://twitter.com/ScumBots/status/1274753289091874818

95.70.134.40:8565

# Reference: https://twitter.com/ScumBots/status/1275421447985430529

14.249.183.252:5555
1593572468.ddns.net

# Reference: https://twitter.com/ScumBots/status/1276036748053745669

8.210.144.63:6688

# Reference: https://twitter.com/ScumBots/status/1277490072456171520

117.3.216.38:3589
spy9999.ddns.net


# Reference: https://app.any.run/tasks/ca2adff9-796b-45c0-b901-6542eb02857f/

xSkewber-24412.portmap.host

# Reference: https://app.any.run/tasks/86f951e0-a325-4f4d-9d00-dcc9f1a58754/

steamguard1337.myddns.me

# Reference: https://twitter.com/ScumBots/status/1278645187594551296

67.211.213.207:8080
67.211.213.207:9090

# Reference: https://www.virustotal.com/gui/file/1f6ea95aa6e7d84c2db2f180e6964449d9fe0b8112b9661889b5b200120b5cb9/detection

213.152.161.239:9980
bien.airdns.org

# Reference: https://twitter.com/ScumBots/status/1278879232505110529
# Reference: https://www.virustotal.com/gui/file/ab5f8fc012927d2a8f6f9e45891da8111e1de9adddd57969540ce7a39697a5e3/detection

105.154.111.193:1596
105.154.111.193:2695
105.154.111.193:4562
dellpower.theworkpc.com

# Reference: https://twitter.com/ScumBots/status/1278301761690894337

45.61.136.48:6606
45.61.136.48:7707
45.61.136.48:8808

# Reference: https://twitter.com/ScumBots/status/1279766327733952512

154.209.74.134:3399

# Reference: https://www.virustotal.com/gui/file/dbb7d9edbc04874b351fe0277d7ec7ccb41023f17e87e18da28dc267b2878ebb/detection

114.129.198.91:6606
114.129.198.91:7707
114.129.198.91:8808

# Reference: https://www.virustotal.com/gui/file/afede1c861d5026ace0d1864ab10214cbbe9e46f2299f401ac2589f924fd4a28/detection

vksaodyd.kro.kr

# Reference: https://twitter.com/ScumBots/status/1281038456521740289

23.105.171.85:35247

# Reference: https://twitter.com/ScumBots/status/1281283822118723585
# Reference: https://www.virustotal.com/gui/file/6e8ae7b434f014a40003c7b24984bdb3751515c7ab4edd36af33b02881d9d82d/detection

186.233.178.201:6606
186.233.178.201:7707
186.233.178.201:8808
duckjigsaw.duckdns.org

# Reference: https://twitter.com/hexfati/status/1281490222618939392

julian.linkpc.net

# Reference: https://twitter.com/ScumBots/status/1281570951919013888

193.161.193.99:1437

# Reference: https://twitter.com/ScumBots/status/1281570862492274691

193.161.193.99:28472
Pomm2paingg-28472.portmap.host

# Reference: https://twitter.com/abuse_ch/status/1281641153524375553
# Reference: https://bazaar.abuse.ch/sample/3f28fd2c56f0bb9501f62fa64c71f6475d7cca2ee1908e097febdfc5516358ed/

194.5.98.8:8824

# Reference: https://www.virustotal.com/gui/file/b3a4d10421309deb064c7c31d143b704471d2dc60a6b15a14402d2d069daa3e8/detection

193.161.193.99:24207
portababy-24207.portmap.host

# Reference: https://www.virustotal.com/gui/file/cf302c3f21b10392c776e72d3b13e5065b1b6f503a3b63ffb343d13c1d83a6dd/detection

84.210.40.80:5552
krypticon9332.duckdns.org

# Reference: https://app.any.run/tasks/eec7d68b-fa8f-4654-9544-2b59b27dc6be/

206.123.129.103:5456

# Reference: https://twitter.com/ScumBots/status/1283031589962878980

193.161.193.99:38891
193.161.193.99:4443

# Reference: https://www.virustotal.com/gui/file/2de91b424589709529fb7f6dd861ee8fe089e2ac0927971d2242362e09c29502/detection

176.205.153.139:9476

# Reference: https://www.virustotal.com/gui/file/ba42409b340eba51a84a63ef57b8944d952ca927a4889948e069f8fc2352b727/detection

118.68.139.26:3189

# Reference: https://twitter.com/ScumBots/status/1283424178268405760

185.140.53.68:1515
mavennezeliora.ddns.net

# Reference: https://twitter.com/ScumBots/status/1284137629882159104

174.0.47.124:8574
lowkeyjust.ddns.net

# Reference: https://twitter.com/ScumBots/status/1284303722840035330

193.161.193.99:4040
193.161.193.99:41801
Crowlinqs-41801.portmap.io

# Reference: https://www.virustotal.com/gui/file/9fae837fb9b2e3389ac912a88518a953bfd2e78b39daf89191187ae9b520dea8/detection

110.141.6.190:6606
110.141.6.190:7707
110.141.6.190:8808
110.141.6.190:3389
server1738.ddns.net

# Reference: https://www.virustotal.com/gui/file/8b003d7f7d72eba439d095c2321003840b05e80099fabdd29fce757db0f57043/detection

185.140.53.76:1604
blanco.linkpc.net

# Reference: https://www.virustotal.com/gui/file/0948d7d120fa3bfd8eb53b747e9ea08c6703f231663671441edec451b6d72586/detection

27.70.237.210:6606
27.70.237.210:7707
27.70.237.210:8808
27.70.237.210:8888
nohop1998.ddns.net

# Reference: https://www.virustotal.com/gui/file/fdc7c7b4a95ee6a1df9b61e24097e0e0d9b5fb967e0430ddfc092aeeaadc1f3c/detection

193.161.193.99:29353
vuadaubepz15-29353.portmap.host

# Reference: https://www.virustotal.com/gui/file/cb2eaf3e9c009c32591913cd555aa2c51eff9bb7ab0a656bd059d5ddadab82ee/detection

118.217.154.223:6606
118.217.154.223:7707
118.217.154.223:8808
mact194.kro.kr

# Reference: https://twitter.com/ScumBots/status/1284798238680387585

161.35.56.21:7001

# Reference: https://twitter.com/ScumBots/status/1284892597912313857

206.189.76.209:5252

# Reference: https://twitter.com/ScumBots/status/1284896544760762368

24.254.43.171:6606
24.254.43.171:7707
24.254.43.171:8808

# Reference: https://twitter.com/ScumBots/status/1285047538941394944

14.5.119.153:6606
14.5.119.153:7707
14.5.119.153:8808

# Reference: https://www.virustotal.com/gui/file/955bd3f4c3f39ae1e20ef7bb1b83adf6dd4ac55110cffc79a5843e7c06641a6b/detection

156.206.124.24:1025
erksene.dynu.net

# Reference: https://www.virustotal.com/gui/file/b724abcdfe906318472e2c9dcc1e8bd211b10e881c689a600782d0462916701d/detection

216.170.126.139:4660

# Reference: https://www.virustotal.com/gui/file/2622f9874b537293700a77646a386b3c708e257f00e218cd72baf10aed32456a/detection

193.161.193.99:5556
anonissou.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f0634bf7e0d376d34450c4752cdd0945aba11ba2b316e64d3bc9d57c6980f189/detection

220.122.40.142:8080
criticalvip.kro.kr

# Reference: https://www.virustotal.com/gui/file/bfdfe76cd0b61105c6bbea1952de0380012c3decbfc51ad263e00564cdea1983/detection

182.221.160.164:8080
zcx.kro.kr

# Reference: https://www.virustotal.com/gui/file/e14d03068fdc83cd2a6b16bf40553f78d39e0a6478af3f329e69f6cca0df919b/detection

185.222.57.150:3450

# Reference: https://www.virustotal.com/gui/file/b724d53c26514502a8dc138a9a9b5c48b2f699e43a29060ff68bdfd857ce3caf/detection

121.137.39.53:8080

# Reference: https://www.virustotal.com/gui/file/99e489abde6b13f45c6cfababe1b9e46cf8692b12134b015096a323402c71259/detection

121.137.39.53:6606
121.137.39.53:7707
121.137.39.53:8808

# Reference: https://www.virustotal.com/gui/file/7b5dd184f138daf820509d1240dc7b00938d555ba1e9eebe5000d0e8ff2d3889/detection

121.137.39.53:5050

# Reference: https://www.virustotal.com/gui/file/2e04efdd2de2a1be9a27be389987fed425a3ee6826f69180db9093c5383e4833/detection

209.200.39.2:4040
209.200.39.2:7070
209.200.39.2:8080

# Reference: https://www.virustotal.com/gui/file/34b6843018283be543557947fea752642b68d5e72c412a0ab3bdd28ea1c498f9/detection

193.161.193.99:45680
youcefmadskull-45680.portmap.host

# Reference: https://www.virustotal.com/gui/file/3377c9208f9f7427e2d5134f7009a5427637432c49797fbd7d83925a5ea954cd/detection

193.161.193.99:1236
193.161.193.99:61574
hackthisishack-61574.portmap.host

# Reference: https://www.virustotal.com/gui/file/0427b7e094b0ced7de6ecc37aa5d5ff6de9b13785b068e8480bf62ed2fdac0e3/detection

95.120.211.220:4665
holocmsv2.zapto.org

# Reference: https://www.virustotal.com/gui/file/4abdc1b37c11f32707551f7a3479462a68c043e08a84f93b36ad308bfc8e4624/detection

54.95.64.241:1521

# Reference: https://app.any.run/tasks/5092ca08-de2c-4fea-a24c-98a224b251e7/

185.140.53.11:9845

# Reference: https://app.any.run/tasks/7e29c9db-d891-425e-a793-badabc8fe75c/

79.134.225.83:4783
superkicka.org

# Reference: https://www.virustotal.com/gui/file/2faf5255c368288325aac011cd2066c6942ea0b755718490363fdb6606dec40f/detection

188.151.38.115:1717
schost.duckdns.org

# Reference: https://app.any.run/tasks/01eae1cf-71f1-4732-86d6-321117b8382c/

64.20.43.83:3123
advisorgoetia-dns.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1288860715143573505
# Reference: https://bazaar.abuse.ch/sample/54d46ffbefae7f6025765c0c274f7f87714e5467da8926967efb01025693bb8e/

177.255.91.168:49737
177.255.91.168:8057
gfsgvbxcv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/30232515c14a00a60978fc801bff8ec6db9c540f88cf6ec8851512e892917719/detection

84.210.40.80:5555

# Reference: https://www.virustotal.com/gui/file/cda5b8bf4e397c606b20ebf098253dc1456f28cc3aeec5ec7a1332afb33bc5b4/detection

185.122.168.250:6606
185.122.168.250:7707
185.122.168.250:8808

# Reference: https://www.virustotal.com/gui/file/97bf01ea73fc39e6dc829aa7a0c45762526c86b7d348ec19f6e3b2897775a6e9/detection

holocms.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5d6500005736439ccf00e8136c00a351bd7c69fb33fb9485a1be9908187a66da/detection

holocmsv2.zapto.org

# Reference: https://www.virustotal.com/gui/file/c1877080b35ea82105c4a242cc49c832cc2f7207e672712cc8d364d2b005cf81/detection

193.161.193.99:34540

# Reference: https://www.virustotal.com/gui/file/b174722176293ad63a56287567655d408293addcbd6e248fbd058816667d3cde/detection

176.168.187.199:6606
176.168.187.199:7707
176.168.187.199:8808
lolo0909.ddns.net

# Reference: https://www.virustotal.com/gui/file/d7ec327d2a382d2035818a0376fd27bf68dab2d89a7f4e04b04babaef977b16a/detection

120.78.86.213:5917
120.78.86.213:5925
120.78.86.213:5936
120.78.86.213:5944
120.78.86.213:5951

# Reference: https://www.virustotal.com/gui/file/8ca05cad682799f231e0a0fb670a2a04fb6f361f801c884f62a607b26ccc25f4/detection

192.227.158.120:4770

# Reference: https://www.virustotal.com/gui/file/2485169398a574f4b8c68b612c29715f43ecd5a00d61a42def399034ed389517/detection

193.161.193.99:39075
zufair.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection

185.244.30.27:3381

# Reference: https://www.virustotal.com/gui/file/d7ec3ec2ac8cb6d1f2898f2d7eb02850e34fc088f71e3ef82e966d10dbfc203b/detection

pensive-pond-55232.pktriot.net

# Reference: https://www.virustotal.com/gui/file/bb1223e5556adf3f9cb6976fefe3c51af74baacb5c159fe34a03e49ffd43aa39/detection

161.97.82.232:4141

# Reference: https://twitter.com/ScumBots/status/1291947998524706816
# Reference: https://www.virustotal.com/gui/file/3a81c9e1bfe70ae9506eef64194e9b6b8a49a7c2f64fa427ed31d0a9444a785e/detection

121.214.208.2:1111
121.214.208.2:2222
121.214.208.2:30
121.214.208.2:6606
121.214.208.2:7707
121.214.208.2:8808
sirenhead.ddns.net

# Reference: https://www.virustotal.com/gui/file/4df01904a9abf7085fc4aafc372c7614cb7077c7350446188ceafc98001fb5b1/detection
# Reference: https://www.virustotal.com/gui/file/90e9abb1b28a06edc6ae7a174b6468cfdfc91dcc29cd27be8fcd10d3c746f26e/detection
# Reference: https://www.virustotal.com/gui/file/a71149ae63fc78968c81e659eb4dba652ffd3ea8d2a1c58bb631b7fbbaae8e43/detection
# Reference: https://www.virustotal.com/gui/file/4e022a47ae07545c1a28418a9beb0f6d360144ec8087bc0bd2ac0f086bea9ddd/detection
# Reference: https://www.virustotal.com/gui/file/71922e073726160d1bec9230d8b87eace72792499ddf4c731047a446b6876ee6/detection

185.140.53.54:4923
185.165.153.186:4923
77.74.194.214:4923
79.134.225.96:4923
79.134.225.103:4923
91.193.75.69:4923
bambooo.dynu.net

# Reference: https://www.virustotal.com/gui/file/f4cecaa360ee6ab479cbf9b99c15b45ba7e9f548b7e368063a0c9f686fbc2630/detection

212.251.116.161:1604
212.251.116.161:6606
212.251.116.161:7707
212.251.116.161:8808
62.1.59.224:1604
62.1.59.224:6606
62.1.59.224:7707
62.1.59.224:8808

# Reference: https://www.virustotal.com/gui/file/889e35bc6ff36524dd0df82fbcf8a8015fd3c95d94b00c0875e9bb239eb12e28/detection

91.193.75.146:4780

# Reference: https://www.virustotal.com/gui/file/cf7363ad9935b3ba3dd93451d9be8eb43f5445179740e0c2bfecd7bddd860fec/detection

185.244.30.27:3381

# Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection

193.161.193.99:54030
Zmining-54030.portmap.host

# Reference: https://www.virustotal.com/gui/file/43f97c03faf5199c8ebc7c49c076e45ed95fdf3edc26b4859fdbd705be21dd1e/detection

172.94.42.34:1043
dnsnuev009.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8f40ea9560e30c37b6ab4a3d6501b7cbf3898c20d1ecc31e2b7fe360449c0b33/detection

8.210.158.0:6606
8.210.158.0:7707
8.210.158.0:8808

# Reference: https://www.virustotal.com/gui/file/1dfb088dd661a1ab2025603696ced23a04e00c837590ad881a49a24768e09de4/detection

172.94.28.17:2021
tusnalguitas.duckdns.org

# Reference: https://www.virustotal.com/gui/file/28dc802c58e106829fa716e2b4b0a1834967709075076bdbf0aec64f5e124f62/detection

172.94.42.34:5623
nikiko.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3183e83479da8d8ef421e91538fb85085229673f4bd2f13d3de7c8be2fc96c1e/detection

5.152.206.196:6600

# Reference: https://www.virustotal.com/gui/file/ad8b72167b5dd6b0bcba0a0685ec2addf744bc6da79c70476dd7d138cec764a4/detection

34.73.5.116:4444

# Reference: https://www.virustotal.com/gui/file/565054fa53c89061f7a81e18737a2140457316a526b616349e1ae614db363814/detection

109.247.81.119:20000

# Reference: https://www.virustotal.com/gui/file/d78ddc2b6e359f4d23f06437a5ff498c5afde61d925889129a8da056817bef70/detection

177.98.227.24:6606
177.98.227.24:7707
177.98.227.24:8808

# Reference: https://www.virustotal.com/gui/file/8e3c7cd8bb4826e4919aa56481167a1fcf9cb2d0e2c4a9c74ec155523f5d180c/detection
# Reference: https://www.virustotal.com/gui/file/9660ae0cf1fe3b7745287ab05d242247334cbf51ba64b900998fb5073bedf890/detection
# Reference: https://www.virustotal.com/gui/file/75feac230513a5d543e2f9559068259554200ed7440c44749e7678feb19b470c/detection
# Reference: https://www.virustotal.com/gui/file/6c24f8caa4f1f21a9dd8b714066bdfa5e2d8c84ab068d50672ef12b048c4518c/detection
# Reference: https://www.virustotal.com/gui/file/02b62fd53cf9ed3c98a70aa7c4ead2b9c8851079517747d8e106873654098651/detection
# Reference: https://www.virustotal.com/gui/file/cf234f8fcdab2a576d303c8b0821b7754ec13e1319be9d24d335b351f774b1f3/detection

179.178.236.31:2080
179.183.119.159:2080
179.183.119.159:6606
179.183.119.159:7707
179.183.119.159:8808
187.114.175.149:2080
187.114.178.10:2080
187.114.178.10:6606
187.114.178.10:7707
187.114.178.10:8808
191.250.65.147:2080
191.250.65.147:6606
191.250.65.147:7707
191.250.65.147:8808
191.33.110.91:6606
191.33.110.91:7707
191.33.110.91:8808

# Reference: https://www.virustotal.com/gui/file/2154f0eae29106cd24148ff7a4486eb7467c0d590f7979c6ffb517f4d99d4c37/detection

211.108.200.7:4872
211.108.200.7:4873
0743.hopto.org

# Reference: https://www.virustotal.com/gui/file/557ea13e8175753fff89bdfb1ede7e27779f6a55b5ba69ff2ecd7d6e9255ab8a/detection

177.255.91.168:8057
fsdgfd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bdd504540ae6cbfcef701abb424def21007a55d3df5ce5bd03034c4cc66464d6/detection

78.63.71.91:6606
78.63.71.91:7707
78.63.71.91:8808
youtude.ddns.net

# Reference: https://www.virustotal.com/gui/file/c8c3c2b6c66710984751b0ec262a618829be47e3c926c3c0c706365d5d0aacd5/detection

103.207.39.83:1024

# Reference: https://www.virustotal.com/gui/file/a93b12c36e78db3c5e27c9a35a23d7f87a3d788adf60f811485890a33c726c7c/detection

90.46.146.196:5552
shadowstest.ddns.net

# Reference: https://www.virustotal.com/gui/file/d0ba64c92f0512db66ff99cc87ffced9bebeb3bf15470865c81858f02e3302a6/detection

193.161.193.99:24255
193.161.193.99:42219
iskyze-24255.portmap.host

# Reference: https://www.virustotal.com/gui/file/74d10507f05b48357e55b0349a24144874a509980c1e0aabf43f781fdac10fff/detection

asdxcvxdfgdnbvrwe.ru
marcristosc.ac.ug
194.5.98.95:6970

# Reference: https://www.virustotal.com/gui/file/d288f6645d0f90ddff285c41b2512a1496a8b5b7c34df8bcecda8070314939b6/detection

51.178.240.250:6606
51.178.240.250:7707
51.178.240.250:8808

# Reference: https://www.virustotal.com/gui/file/459fe6ce78839307fd87c192fca2545ed25e89fe63f602356022fd32c8db8aba/detection

179.124.220.225:6606
179.124.220.225:7707
179.124.220.225:8808

# Reference: https://www.virustotal.com/gui/file/65232e1c7aedfd29788abfdf468587c2858822e65cb2fb15169b4261e4be1ed1/detection

123.110.29.249:1604
andy1688.ddns.net

# Reference: https://www.virustotal.com/gui/file/305aacda61fb9f14aa1bb5124841ac25b7f23ff254a886a56a3d40bdf5a1a5e4/detection

107.172.221.181:333
107.172.221.181:6606
107.172.221.181:7707
107.172.221.181:8808

# Reference: https://www.virustotal.com/gui/file/310a6b915908dbc78e3d9dd56d06bf0fb3fd11e1c4db826a18611f5e80f9bed3/detection

82.205.33.194:6606
82.205.33.194:7707
82.205.33.194:8808

# Reference: https://www.virustotal.com/gui/file/304663149c45d54a23e0cf65b9775538009a76db474912fff395bedd3e789a01/detection

193.161.193.99:48637
boneless-48637.portmap.host

# Reference: https://www.virustotal.com/gui/file/90aaeb0077277b5e45a7cdcbe365ead4781b5a0a5fd755f99ed8a2ec79e5e58c/detection

193.161.193.99:58562
newcosmo-58562.portmap.host

# Reference: https://www.virustotal.com/gui/file/de3db6f0d0d8dd22a21731e739dbbacf86b2bc8bc21ea2a0ade9a16581a1ac14/detection

193.161.193.99:31239
ioplololo-31239.portmap.host

# Reference: https://www.virustotal.com/gui/file/caa8c15569dd97b52c88cd2a500cb6304db09a6e3761511657be45645f19e815/detection

193.161.193.99:54030
zmining-54030.portmap.host

# Reference: https://www.virustotal.com/gui/file/9a95c0829cd7766087de65e50b32a3689a91e3ad05a7cc94365ef94d4f685cde/detection

193.161.193.99:37930
pritom-37930.portmap.host

# Reference: https://www.virustotal.com/gui/file/441a169e51070282b35537e90edab11e0064e3a0e6c4eab8759773d79cf00ae1/detection

193.161.193.99:2510
193.161.193.99:25360
vasco-25360.portmap.host

# Reference: https://www.virustotal.com/gui/file/5c05897f869e9c72390065f8bbeaab7b7fb3f9089f56a68eb7b358a5d12cf968/detection

193.161.193.99:25987
prem131bn-25987.portmap.host

# Reference: https://www.virustotal.com/gui/file/4415b9d3c5fc2ceaa6f935864c1d9a573447802f30ec30efd212a8be4fd2a82d/detection

193.161.193.99:54729
ismailbourji-54729.portmap.host

# Reference: https://www.virustotal.com/gui/file/b5a85b868ec6932c4577c11ce91e0bfce9ea5ae81b788133fefc640015c3b0bc/detection

193.161.193.99:20760
f2had-20760.portmap.host

# Reference: https://www.virustotal.com/gui/file/c381f88012efb8742927995e6f91525c4a1f9b4f3b3a4f25d431e8269842836b/detection

193.161.193.99:25125
hmz04-25125.portmap.host

# Reference: https://www.virustotal.com/gui/file/ab10554a3e0ce5270d2c02e884a097e271dae6cbe2e51a70703da7d4e89919bb/detection

193.161.193.99:36161
prodharani-36161.portmap.host

# Reference: https://www.virustotal.com/gui/file/af37a83779f91b64f3b03bf0daa2d79bd531a3968141e0dcc2bcee677f4b701e/detection

193.161.193.99:58345
keyman-58345.portmap.host

# Reference: https://www.virustotal.com/gui/file/1ee13968473a9b9733efdca8caf07f22d39730a2b2ebf9c2c8d467e6f385d826/detection

193.161.193.99:37695
anonjayy-37695.portmap.host

# Reference: https://www.virustotal.com/gui/file/8b4592b2bb2a904be55ab95ff2cb69808b15d819498cccb6ec05b2f5b7b3d63f/detection

193.161.193.99:37692
madman-37692.portmap.host

# Reference: https://www.virustotal.com/gui/file/e9db2ade37b84b00334f829395b6af092dda2ae1f559cfbdb772ec15c7a54d94/detection

42.119.90.242:3189
kubeodz92.ddns.net

# Reference: https://www.virustotal.com/gui/file/a5d78beef4d80eb7def57f7fd7647d09ec76a16eeedb2a5a3fc6f445526c8f4a/detection

193.161.193.99:20050
pawianek2-20050.portmap.host

# Reference: https://www.virustotal.com/gui/file/e28f8760f889ff458aec8aedd2139e44735cb9468d34d175aec42643b90291b5/detection

46.60.22.192:6606
46.60.22.192:7707
46.60.22.192:8808
82.205.33.194:6606
82.205.33.194:7707
82.205.33.194:8808
googledrive.myftp.org

# Reference: https://www.virustotal.com/gui/file/08b15d045255c81dcb3e29b70ffcd1a8d614bf99549f079085bfbc54a994d109/detection

42.119.90.242:3189
kubeodz2019.ddns.net

# Reference: https://www.virustotal.com/gui/file/5f8ff6fd7b8bbcb8efd6e69b2300be59a059061ed3bd2a2fd63ab6e98cd7cd2c/detection

192.169.69.25:1044
192.169.69.25:20485
193.161.193.99:20485
franktembo-20485.portmap.io
samarakandi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f198e0cfa503100d64d15ed39b2516587582587f42afea74ace075b28f663fb4/detection

193.56.29.251:6606
193.56.29.251:7707
193.56.29.251:8808
bogdanxx90900.servemp3.com

# Reference: https://www.virustotal.com/gui/file/33d1d991a9bda6bdec91b6be82e7ddc684a8f7400ac8402917ffefa0a5dfd631/detection

121.214.208.2:3000

# Reference: https://www.virustotal.com/gui/file/fc9ee822f9872fd4ca4531d5a91e29adfdc3a4a9e2e8f6e668305fe3bfa9fada/detection

193.161.193.99:41892
oksosokak-41892.portmap.io

# Reference: https://www.virustotal.com/gui/file/e021d822f3a44473cd7d12518402469b38d200a27065c7aa757d13a15ae607ee/detection

197.206.218.240:5555
clayroot2016.linkpc.net

# Reference: https://www.virustotal.com/gui/file/54d53186682c7277d99c86cea69d45960d2867041477a0d9edae6f08c8e8b52d/detection

186.52.202.235:3040
cortanahost.ddns.net

# Reference: https://www.virustotal.com/gui/file/910c9c2a61c8748fe9bd3417eeb284535db3bbc30c6405f102002ecef3d6304b/detection

81.61.77.92:6606
81.61.77.92:7707
81.61.77.92:8808
campestre.hopto.org

# Reference: https://www.virustotal.com/gui/file/4f41374a921e33b06bb11f64e72bc02c2f928704ebea63682ec66b85b1349f44/detection

175.37.36.152:6606
175.37.36.152:7707
175.37.36.152:8808
kakejake.ddns.net

# Reference: https://www.virustotal.com/gui/file/15753a223aa59f5e2265569080d31e8351d546e6b7316c6660757a39bda94887/detection

121.137.39.232:5050

# Reference: https://www.virustotal.com/gui/file/fa2cbc10aa98e5cfe362065b2c19556c67dc8b7d48871008404f4778e8537f3a/detection

34.66.124.165:5555

# Reference: https://www.virustotal.com/gui/file/851d536bdf21ad02eab1ed632b7ef36fc5734e628c421c9f7c8dcb05d30f4d32/detection

198.251.64.252:6606
198.251.64.252:7707
198.251.64.252:8808

# Reference: https://www.virustotal.com/gui/file/b69e8a276d2c444b502238383ae3611714822c8605f074ef5a0a9a99c69b49a8/detection

79.173.65.159:19638
79.173.65.159:6606
79.173.65.159:7707
79.173.65.159:8808
rootaccountadmin.ddns.net

# Reference: https://www.virustotal.com/gui/file/1c02bb46103de9bf189deaf1b8915afa62186f1b0e1b90742b70b58e44962bf9/detection

178.33.93.88:19678

# Reference: https://www.virustotal.com/gui/file/20ef74b6ca8718706ca786c9cd8c9de916df7daf77c81f436ab23b6c50db0487/detection

49.175.99.35:1234
leepipi.kro.kr

# Reference: https://www.virustotal.com/gui/file/c811c161d9d0be1c09173a50af290a718729fd9509b63ff953ad4b07e2501657/detection
# Reference: https://www.virustotal.com/gui/file/f48d69fb64fe7ae544769ce22a0500e07ac2f945b12bc717b78ca77a7b5a6924/detection

91.168.196.175:6606
91.168.196.175:7707
91.168.196.175:8808
likatn.zapto.org

# Reference: https://www.virustotal.com/gui/file/ca17a69a46caf3e05a1cd8bf2f1d6679b55aa6ecf46ee63bf323ee892f88f80e/detection

105.107.4.125:6606
105.107.4.125:7707
105.107.4.125:8808

# Reference: https://www.virustotal.com/gui/file/c7cb970a67b5c370741e139dda48d47433477ab400e51a62a99b7a379a6c0dbc/detection

138.197.189.80:6606
138.197.189.80:7707
138.197.189.80:8808
blackid-35823.portmap.host

# Reference: https://app.any.run/tasks/b31c0049-b5de-40a8-9069-8c14e27b738f/

193.161.193.99:32260
Kupcia-53901.portmap.io

# Reference: https://www.virustotal.com/gui/file/81e96984130042d0ee70ae09a7bc9375974d513938e80877720d251330e4b37e/detection

39.122.189.147:1
fsft.p-e.kr

# Reference: https://www.virustotal.com/gui/file/1f48d54ad69726c01a7ae1e7ceff7ae6093005be1e100a75968476d72d75cf06/detection

101.179.85.220:1111
101.179.85.220:6606
101.179.85.220:7707
101.179.85.220:8808

# Reference: https://www.virustotal.com/gui/file/dcaf6810871062a1a5a292c8e46667a8b7de908d292513ef1c443929ce8897c5/detection

18.157.68.73:15558
18.157.68.73:16155
18.157.68.73:4444
18.192.93.86:15558
18.192.93.86:16155
18.192.93.86:4444

# Reference: https://www.virustotal.com/gui/file/bbae735df39c1301901ca97c6993f2b6fd7233a0360761eab8b65f2556df4517/detection

145.239.201.157:8443

# Reference: https://www.virustotal.com/gui/file/ee5dbfca30be494b6ad8ac1c18255b6054339de4aba768180a1f32e9921a30ce/detection

193.239.147.16:6606
193.239.147.16:7707
193.239.147.16:8808

# Reference: https://www.virustotal.com/gui/file/ff081035cd38c28b8093f8f0887450407e27a89ee1ff254dd627849bd6334fb5/detection

193.161.193.99:53485
hack567832-53485.portmap.io

# Reference: https://www.virustotal.com/gui/file/126a37d9189d9ef7872b74fb13f562bc8601622b6455e01fefd646b463966fa6/detection

193.161.193.99:39400
kepada9494-39400.portmap.io

# Reference: https://www.virustotal.com/gui/file/32e6114d2ce3e3c8f778769261cb06eb874b5f38271436d88053c41930f1ce47/detection

202.182.121.93:5050
kny777.kro.kr

# Reference: https://www.virustotal.com/gui/file/49510b87db400c9570b85eba6271642d0a157d0c8cd5457171a6564aa73e7795/detection

avantgrajgrup.com.tr
/ilksan_sorgu.php?tck=

# Reference: https://www.virustotal.com/gui/file/7c3eeba909d90095b3ac593ccc111251212ebe3304d5f9725325d81b2e6acd14/detection

13.82.134.169:48166
13.82.134.169:5555
13.82.134.169:6606
13.82.134.169:7707
13.82.134.169:8808
ROCK19870-48166.portmap.io

# Reference: https://www.virustotal.com/gui/file/292a0b69dfc9ff8aa030fdbe13e0bc047606177ea3250c597e06dfeec1c92304/detection

194.5.98.100:1337
blackhair.ddnsfree.com

# Reference: https://twitter.com/ScumBots/status/1315367256235311105
# Reference: https://www.virustotal.com/gui/file/b07c2fbb1e0470cdbffd9c1147de5cf1763edcc4c5a918ddc63ad49d1ecbc563/detection

45.95.168.116:1333
45.95.168.116:1334
45.95.168.116:1335
45.95.168.116:1337
45.95.168.116:1338
45.95.168.116:1339

# Reference: https://www.virustotal.com/gui/file/a3074419485db4ee08451afe2693184a89c031b3237e0a51b7627eb33eddc342/detection

222.114.199.209:5050
pyeonno.kro.kr

# Reference: https://app.any.run/tasks/5bc8c7e8-e45e-4fff-9fc6-7a380e82e03f/

193.161.193.99:54987
papachullan-54987.portmap.host

# Reference: https://www.virustotal.com/gui/file/7e3e36dfb02909a470035b63d7db577f62431689e631fc7e1f21198745ce339d/detection

185.165.153.140:6606
185.165.153.140:7707
185.165.153.140:8808

# Reference: https://www.virustotal.com/gui/file/39eb27e6d13e6a373bb1da0becb487e808ff2d3849d481eb0bd4aa3b6d398cc1/detection

79.145.12.52:1335
79.145.12.52:6606
79.145.12.52:7707
79.145.12.52:8808

# Reference: https://www.virustotal.com/gui/file/913033893ab065b61e551399c91cdd877c134dc7dadacacbc87c3dfd798653a1/detection

91.109.176.2:6606
91.109.176.2:7707
91.109.176.2:8808
mika201.duckdns.org

# Reference: https://app.any.run/tasks/407ac320-c34a-4b59-966e-1f8403fe92e5/

193.161.193.99:28793
saudis-28793.portmap.host

# Reference: https://www.virustotal.com/gui/file/708ba499db884070420f378523658870927c31654d03d24cdac303b5d60b0ac4/detection

2.56.62.44:4444
2.56.62.44:6821
2.56.62.44:6606
2.56.62.44:7707
2.56.62.44:8808
fuckmyass.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0cd8a5e9deb573fb2fda25cca06453abcd0a42ee7b0de44420973aeff3e0fcbc/detection

185.161.209.16:6606
185.161.209.16:7707
185.161.209.16:8808
bitcoins.giize.com

# Reference: https://app.any.run/tasks/ddf3cca3-adcc-4110-976a-b724a6aab722/

ectoraid.ddns.net

# Reference: https://www.virustotal.com/gui/file/fcdc5a453e07582d39d35234b39a67bbf958832ac88f0a82d413961482bdbcc0/detection

175.203.53.37:5050
nsr0209.kro.kr

# Reference: https://app.any.run/tasks/107f53fe-e988-40c3-9659-bb47c7283615/

193.161.193.99:60167
elechine-60167.portmap.host

# Reference: https://www.virustotal.com/gui/file/5979eee66faff5910c181a7b1af0111d68a0feda3dd974306f8e5c5624af7cdf/detection

51.75.169.41:6606
51.75.169.41:7707
51.75.169.41:8808

# Reference: https://app.any.run/tasks/7468050a-b7fe-4748-b667-6933722a010a/

193.161.193.99:33504
Scambaiter123ASAS-33504.portmap.host

# Reference: https://www.virustotal.com/gui/file/a95000dca55523f7c8a1293563a03693f973fc12f91618deb86ec5aeee353728/detection

151.240.194.206:7777
nethalpop.sytes.net

# Reference: https://www.virustotal.com/gui/file/9b9f13a8e3663e2b05e3af0b00abec4bc662b823a7fde9447164b9031bc59fe7/detection

52.156.134.11:4892
jah0seh.duckdns.org

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/49f9c9e79441d891f84d5a457fed44897f95f8f691b387fcab2e63ec9a505667/detection

194.5.97.76:2121

# Reference: https://www.virustotal.com/gui/file/0c323c02db0a52d9a1764a74e3cb5a7bcc8e7b9839160179a772de3a6bc8cf26/detection

pounds1990.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ff734df4d09afad52e931fce898a5497b78081fbca44f091e55a3da4b47c1350/detection

185.140.53.141:2256
freshg.ddns.net

# Reference: https://www.virustotal.com/gui/file/0840d78515e4bdaa61b7d285b710361e19d10c31e34a0cfc58e5fae89e118bbb/detection

193.161.193.99:4332
193.161.193.99:57654

# Reference: https://www.virustotal.com/gui/file/4124fa166c07644eb29d7b813889a90795f9f1448f7cae2040a1375006748617/detection

91.109.180.6:6606
91.109.180.6:7707
91.109.180.6:8808

# Reference: https://www.virustotal.com/gui/file/3ba05ff4ea1e849ad3ce6780aadb44af45e48442f058510fcc096e115c853d80/detection

91.109.188.7:6606
91.109.188.7:7707
91.109.188.7:8808
mika202.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9cca37bc8df3f2d7d439db0ffb0ed8d4a1c2f88c5c43754bc78b674009b35b05/detection

109.202.107.147:7113

# Reference: https://www.virustotal.com/gui/file/e1a9c9a66a236487973368591a6735b9e14dd6a8c7be77106f63ec5835cebd2c/detection

203.115.24.234:8282

# Reference: https://app.any.run/tasks/0a2ba392-8c95-48d9-b4e6-b192643675c9/

193.161.193.99:26660
carminebongo-26660.portmap.host

# Reference: https://www.virustotal.com/gui/file/6e5fdf8624b69aa1cbda80d760e5a77143aafcf2b54617485023d2c520e7c431/detection

103.207.39.131:6606
103.207.39.131:7707
103.207.39.131:8808

# Reference: https://www.virustotal.com/gui/file/4467e78c9356062cd52d9d9da5dee3329558749d764ef8c72c14977ae65d139e/detection

82.65.39.148:6606
82.65.39.148:7707
82.65.39.148:8808

# Reference: https://app.any.run/tasks/c5ef1463-1168-4ef0-8536-d42d953c919e/

85.224.37.213:6606
85.224.37.213:7707
85.224.37.213:8808

# Reference: https://www.virustotal.com/gui/file/971226ecd2869473e61804629f46507232584393f74bf7f8cc11c6592e916ffc/detection

128.134.139.235:5050

# Reference: https://www.virustotal.com/gui/file/5052cc68d40a843a8500983cc7e8c84601e5221149f88f1aa135f328e9e1a9b7/detection

93.190.51.64:1234

# Reference: https://twitter.com/wwp96/status/1328325861456699394
# Reference: https://app.any.run/tasks/85c6b9fa-195f-43c2-b480-8dea0a699fb7/
# Reference: https://app.any.run/tasks/d6fa28e7-0425-49c1-a12f-0185af0ed4ab/

185.239.242.76:6606
185.239.242.76:7707
185.239.242.76:8808
5.230.22.165:6606
5.230.22.165:7707
5.230.22.165:8808

# Reference: https://www.virustotal.com/gui/file/815e7085a1cf084e05f86a972b0d91b4e5555577f8d47528d79d85dcbb45bc4a/detection

79.134.225.99:6606
79.134.225.99:7707
79.134.225.99:8808

# Reference: https://www.virustotal.com/gui/file/17433a45b35d1eab013795ac90856a2349ed97974c05653030279c52a367774d/detection

137.135.73.55:18
137.135.73.55:6606
137.135.73.55:7707
137.135.73.55:8808
cemnasq.duckdns.org

# Reference: https://app.any.run/tasks/e7870287-b274-4f3b-9246-e7104d7f9cc3/

45.144.30.41:6606
45.144.30.41:7707
45.144.30.41:8808

# Reference: https://www.virustotal.com/gui/file/f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9/detection

212.239.144.144:1177
212.239.144.144:6606
212.239.144.144:7707
212.239.144.144:8808
liligharba5.ddns.net

# Reference: https://www.virustotal.com/gui/file/1153ff7152d6470ab2893655f2cd50df6a5dc7d0169ea56e5e7f54704b136831/detection

78.161.81.149:1604
78.161.81.149:222
78.161.81.149:6606
78.161.81.149:7707
78.161.81.149:8808
ipmdegismismalcry.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d0f7a30d75237013c95ab544faf873ba165f252321c49e2ccc5e5b43126a4c3d/detection

84.117.241.36:1604
84.117.241.36:6606
84.117.241.36:7707
84.117.241.36:8808
sexpulapistol.ddns.net

# Reference: https://www.virustotal.com/gui/file/c6565e82f8873c8064caf5e73f1fe276b103c131e6df769dfd5bce2da760dca0/detection

91.105.195.23:5679

# Reference: https://www.virustotal.com/gui/file/7017de5d73a4f3bb86c343d87148c3af0087191fd401632b2643368ad38d0929/detection

90.37.128.28:1111
90.37.128.28:6606
90.37.128.28:7707
90.37.128.28:8808
osinte555555.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/cf69b63b9cb0ecae224f272bbf7d02fefa14e31ea1e2dab90d2f7fad8b742edb/detection

45.153.243.96:8888

# Reference: https://app.any.run/tasks/57ef4913-3bdd-47c9-bbca-1d16df9b9c1f/

193.161.193.99:24383
nullbytes.duckdns.org

# Reference: https://www.virustotal.com/gui/file/32ac22ae67128eee2d9771d0d579ca2fd222dc5937480391df2b1f50af84bd1e/detection

23.95.13.157:5356

# Reference: https://www.virustotal.com/gui/file/99c1bb646297307dad07a81cc77cd283f6eb854ab9b33a322725add022528bec/detection

185.20.185.96:9091
giness.giize.com

# Reference: https://www.virustotal.com/gui/file/a8e0a5a7a055e7d431c3e28f77d81c9d7a4a6f3449382c7a88ae52a52091cdd7/detection

185.20.185.96:6606
185.20.185.96:7707
185.20.185.96:8808
genlast.giize.com

# Reference: https://www.virustotal.com/gui/file/67d0d003a313f542a40efad51c91a6b81f13a9d7da5059edc39c9d7ad5b1c166/detection

105.108.31.15:2020
frefiredll.servehttp.com

# Reference: https://app.any.run/tasks/8be5fee5-16e7-46d2-8b79-186227574f25/

201.219.204.73:1881
dfdfcdc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ee3e0599c68bd9454f2e9175faa65c9a474160bc41acb07532158b6309ba991c/detection
# Reference: https://www.virustotal.com/gui/file/edab64dac1dee32fef52a0871d0323e1b5bf246d70aa0617d83dcc7975bef283/detection

14.231.186.175:5555

# Reference: https://app.any.run/tasks/6a264419-9242-4e6f-9974-abc8cc7c194d/

14.231.186.175:8888
getcookies.ddns.net

# Reference: https://www.virustotal.com/gui/file/fa26846e38ca581bcfeb41da686153970b4d29ed706e76352dd2771c12267cde/detection

anunankis10.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c92433dcc69cb79b43a176f68820d85c4c8d7ef0a6b31881de5e9cfb70464d14/detection

85.214.37.238:9192

# Reference: https://www.virustotal.com/gui/file/4082d61ef1a193655d3d50eb923fb95e4d0026de3104f2d5f4e162597e6d37b6/detection

88.232.12.125:150
nonick55400.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d2000f86d47cc1a1ab87f3080c90b4b61aaa317aac5c2d4cd8609286ebacee8b/detection
# Reference: https://www.virustotal.com/gui/file/cf4ddce71aba43a35beb19ec82d3e90b0008c09b3e6018d286ba321616ced13b/detection

46.114.109.193:59999
83.135.171.146:59999
drei.ddns.net

# Reference: https://www.virustotal.com/gui/file/c3c634e5d4ee8aa6eeb7896e14bc39c6ab8b4ceb39dc26bc09418e4bfa9b0820/detection

193.161.193.99:28070
lufeteme08-28070.portmap.host

# Reference: https://www.virustotal.com/gui/file/9160bff6b2976faebb45e316ae521f76fc25893a85818c02317b3435163545c8/detection
# Reference: https://www.virustotal.com/gui/file/7940abde1678d42fc39c4cc0c69a17d2903c462747d9f8115b2b68f4a0f3d768/detection

206.166.251.78:6606
206.166.251.78:7707
206.166.251.78:8808

# Reference: https://twitter.com/jorgemieres/status/1336699712796299264
# Reference: https://www.virustotal.com/gui/file/558af040bcfa1aaf774e953cca682eaaf38ec8c4f3ca4f3e24e0ea8a783ca1df/detection
# Reference: https://www.virustotal.com/gui/file/1f89b0e486eb986a03b0a5cbbacc8f4e7552f5b9ed74c408ae9febd2e424dbdb/detection

23.105.131.244:1881
maraddiego763.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1342046396048932865
# Reference: https://bazaar.abuse.ch/sample/c397eb85439a20b9185e001ec8cd286281d27d6be336d32e93558e451e6aeeeb/
# Reference: https://app.any.run/tasks/74f1a309-b81d-447c-80c9-fc94ed5a0d41/

3.22.15.135:14345

# Reference: https://www.virustotal.com/gui/file/ab62e63b551e5f354ec3fe9fd7142d9a07311af48a898ab02faa8a9067fa9894/detection

47.93.12.104:6000

# Reference: https://www.virustotal.com/gui/file/258d5d44809036c29e621367b7aec4338278950edf3766277e3a891bcb8200d6/detection

78.163.1.80:1608
78.163.1.80:6606
78.163.1.80:7707
78.163.1.80:8808
kurbanlar12.freedynamicdns.org

# Reference: https://app.any.run/tasks/816acf79-0c72-436c-b229-3cae510f1308/

118.91.123.84:6606
118.91.123.84:7707
118.91.123.84:8808

# Reference: https://www.virustotal.com/gui/file/82e765d576749be75f8eec64ab5cb4c934b494e30a74fc9a4f70b1c8d3cb25ef/detection

212.125.28.114:4096

# Reference: https://app.any.run/tasks/b1409386-ce03-4eea-8a2e-32434ba38ee5/

37.120.208.40:49746
chongmei33.publicvm.com

# Reference: https://app.any.run/tasks/c1f8c77d-4c72-4419-a381-8d166413e5e9/

193.161.193.99:23074

# Reference: https://app.any.run/tasks/cf031967-ce6c-4a6e-8b9f-a718560ee709/

68.235.43.126:56927

# Reference: https://app.any.run/tasks/005ff4be-a1df-4e61-9390-b61d968ed4c0/

125.209.137.105:6606

# Reference: https://www.virustotal.com/gui/file/a6264de41b4d2ad578a3ec5e082b621dcbf3b716e9bbe86f66682d785c7fc476/detection

45.140.146.29:7979
45.84.1.78:7779

# Reference: https://app.any.run/tasks/4585a843-0924-4dfa-9714-322eb3a61d12/

193.161.193.99:48622
crazynigga123-48622.portmap.host

# Reference: https://app.any.run/tasks/fea4d4d7-cc76-4655-8e00-400d40f683ab/

79.42.176.16:8080
backdoor.sopix.it

# Reference: https://app.any.run/tasks/afd0acb5-ce1d-4a29-b525-cd198d6d69fd/

3.13.191.225:12246

# Reference: https://app.any.run/tasks/85ac5faf-d2bd-4e6c-84f4-276c16c8c260/

20.50.121.62:1604
arda3369.duckdns.org

# Reference: https://app.any.run/tasks/fbf0f2b7-868b-4aad-b0b1-8028f3303b73/

193.161.193.99:25740
skeetware-25740.portmap.host

# Reference: https://twitter.com/Glacius_/status/1354914904004820992
# Reference: https://www.virustotal.com/gui/file/baec9d73487e85c2bdd78b6ae43abaa6a7fec4b969d92b14427e8aca0510a24b/detection

172.241.27.124:6666
fat7e0recovery.ddns.net

# Reference: https://www.virustotal.com/gui/file/ca15972126b044ee0306f30aea6ee94ac41c3696c6c4789649a8554c8011acd2/detection

193.109.78.123:5454
193.109.78.123:6606
193.109.78.123:7707
193.109.78.123:8808

# Reference: https://www.virustotal.com/gui/file/1ee5494e35b15b468334a05ab0b8b233cf09d3fdaf6b2fbfa997f30bb7e95534/detection

179.124.220.225:6606
179.124.220.225:7707
179.124.220.225:8808
supertop2.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1355991497095700491
# Reference: https://www.virustotal.com/gui/file/a9c4777eaa8ebd606b60f1a40c3789fe3cc0fa874610fed377cf1aea7093d638/detection

118.91.99.226:6606
118.91.99.226:7707
118.91.99.226:8808

# Reference: https://www.virustotal.com/gui/file/6d46e1bb744cc57d651c3812520e5efa06f760631df2740987ade7b1340262dd/detection

3.138.45.170:14232
52.14.18.129:14232

# Reference: https://www.virustotal.com/gui/file/fc96f417ac8229c6b5bb9303f3256d0ed54e416ae2328360b31c72b8b77bd027/detection

3.14.182.203:15821
3.14.182.203:25565
3.138.45.170:6606
3.138.45.170:7707
3.138.45.170:8808
3.138.45.170:28856

# Reference: https://www.virustotal.com/gui/file/3f82201b874febc1f265408f7574966eedd494c87ab21e20099c0463341c4ec5/detection

51.83.21.214:1177

# Reference: https://app.any.run/tasks/0713ac99-9dc7-4ea8-b408-dfc72f582df0/

62.228.99.44:25565
swiftyboiiiii.ddns.net

# Reference: https://www.virustotal.com/gui/file/cf0ac94c2958739cad12578e671278f78e9a36ca8dfa060e7cb99beacf5443f1/detection

77.149.2.122:5552
hookshome.ddns.net

# Reference: https://www.virustotal.com/gui/file/4864f1d1db04b797fd2e43e2a842afe736f7a8a69d985d20c0a506b2cd1e6710/detection

201.219.204.73:1881
ortegadani4521.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3794538f0e3b4c499c8f5edf04fa2ee3bbf61cf51c9185ee60184d1473db6c58/detection

91.109.190.8:6606
91.109.190.8:7707
91.109.190.8:8808
mrtx.duckdns.org

# Reference: https://app.any.run/tasks/99dabdb4-e15c-4a04-a587-01ebe4a1ecb0/

193.161.193.99:47970
Lollypopman34-47970.portmap.host

# Reference: https://www.virustotal.com/gui/file/4fb8606551676da10e81801a00d3fc7899c064b4ceec54939b41e8cdd7f81159/detection

209.99.40.220:1000
updatersvc.duckdns.org
windowsupdater.system-ns.net

# Reference: https://www.virustotal.com/gui/file/292f5a19fadef7188670b8bc2e69bcd9d1f54c7e23928427392dc135dcdc8a0d/detection
# Reference: https://tria.ge/210214-whb5qfxctj

23.102.129.234:6606
23.102.129.234:7707
23.102.129.234:8808

# Reference: https://www.virustotal.com/gui/file/c4c4c3ddd9cf42d0352a5135a9250a0cc64a40a8ed49ca860cf31061cfca5304/detection

40.75.8.74:6606
40.75.8.74:7707
40.75.8.74:8808

# Reference: https://app.any.run/tasks/9528fcbf-be7a-42a4-b363-808a22a624fd/

52.14.18.129:11677

# Reference: https://twitter.com/reecdeep/status/1361585509387149315
# Reference: https://app.any.run/tasks/4c21b945-025a-4fe9-9296-eadb5f04cf50/

103.151.123.132:6204
severdops.ddns.net

# Reference: https://app.any.run/tasks/d343dc45-6f76-4c18-aeee-4f1cf7e1764e/

193.161.193.99:55575
gzzzjc-55575.portmap.io

# Reference: https://twitter.com/someinfosecguy/status/1362440625619144708
# Reference: https://tria.ge/210218-jmjxwxbpqx/behavioral2

193.161.193.99:26187
193.161.193.99:64861
malkalanok357-26187.portmap.io

# Reference: https://app.any.run/tasks/654e69f2-b60d-4dd5-8cf4-895123bbbe08/

95.252.85.20:8080
unbelratcomesideve.ddns.net

# Reference: https://www.virustotal.com/gui/file/c75f28cdb21bec49700a7579d3b630074e3fb6de4cda70c5937dcd8424bbebbf/detection

121.137.39.135:5050

# Reference: https://www.virustotal.com/gui/file/fad55e42bde0dce163f94a0ac272418b17100a67e439574fdc49ab7e2b12bc3e/detection

220.78.222.190:5050
yohan002.kro.kr

# Reference: https://app.any.run/tasks/5f595a39-7203-4809-8d78-e3431e057227/

193.164.7.176:6606
193.164.7.176:7707
193.164.7.176:8808

# Reference: https://app.any.run/tasks/7cc3c6d0-fe7e-4491-8d55-9f1644649546/

193.161.193.99:36606
sizetmp-36606.portmap.host

# Reference: https://app.any.run/tasks/a542e55d-6ff8-4aaa-9f49-13ea77bdbfd5/

69.136.25.93:54115
azxsdc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2399e5acd8e6fec2e83de445cf83b598676f57fdfedd1f67a7872a5009866591/detection

154.16.67.107:1177
newss.myq-see.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1365774874870972416
# Reference: https://app.any.run/tasks/119bfa2f-93ed-46e1-8ade-2eb69c0165d2/

194.5.97.132:35714

# Reference: https://twitter.com/wwp96/status/1366429485080457221
# Reference: https://app.any.run/tasks/d93648e9-999f-4a82-b7ee-3d318546c9c6/

152.89.247.27:1210
3324546.duckdns.org
owncablestdywirecord.dns.army

# Reference: https://www.virustotal.com/gui/file/1b3d41d44659ff038cf8aafdc5ff021646771106d957783aecdff725158c216c/detection
# Reference: https://tria.ge/210305-v3pe2f2w5s/behavioral2

177.124.77.43:4000
micomico.ddns.net

# Reference: https://www.virustotal.com/gui/file/7b5ac1f2b4852a2c27afd5c5529660f71f0e7ad0f890208ed3f5e248d6e7b84a/detection
# Reference: https://www.virustotal.com/gui/file/3decf98948eb4ae09dec3ff5955f33bd9c4ce38cdccae4107f3fa9bfffb7b050/detection

85.170.227.97:4000
85.170.227.97:5000
rat94522.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/b04d9a311d595e1d0a44992ecd4ea00528270378d0e52da5dc75b8ccc1ce5599/detection

31.220.4.216:1738

# Reference: https://www.virustotal.com/gui/file/b77906648505d304d711b3021f19104a70f7725f6021e4cee0d492fa96597028/detection

potrq.ddns.net

# Reference: https://www.virustotal.com/gui/file/fdbb642769e8cc0eec1e09d29c9635d76d5885abb07deca4d2ef5c84bbba5c67/detection

136.175.8.57:1177
100k1.ddns.net
100k2.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc796e4f7602321306d3762eca6dc809ee2c043caf03386deb17b1422209a1ec/detection

45.32.200.152:1177
fat7e07.ddns.net

# Reference: https://www.virustotal.com/gui/file/67d8ec4d7cde7188fc49f8268a10855abe89cffffc13c6f6111ba904caebe6f7/detection

93.93.193.189:9341
corporation.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/78430db636f5d5be5dd3959a3f74b14792897b8fdea1de1c441eba120164cfb6/detection

liverpoolsupporters9.com

# Reference: https://www.virustotal.com/gui/file/3c7d9801bed9dc95108527bc38cbc100260c5bd76331adffb9b21620c91b5049/detection
# Reference: https://www.virustotal.com/gui/file/c4b9e67adddddb84ad88135affcf47881c6ff4a560557e760da2990aaca02510/detection

186.4.232.55:6606
186.4.232.55:7707
186.4.232.55:8808
rcvasconez.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f9e71f1807b0e909226f4fced8c62fb38c787b2ae56ec8646ade0a6a54ec725/detection

193.161.193.99:43299
gammadoppler123-43299.portmap.host

# Reference: https://www.virustotal.com/gui/file/0100972f01df9b75c0958a7198170d2d37a51f1d500501bcdbf122bb43253bcc/detection

102.36.149.155:30300
79.134.225.11:30300
rbltd.ddns.net

# Reference: https://www.group-ib.com/blog/rats_nigeria
# Reference: https://www.virustotal.com/gui/file/8613c29feb93ea1eb6a48e037da61e0643ca06234d51462814e0b314e2aa9b50/detection

http://68.235.38.157
east-ge.com
kingtexs-tvv.com
mariotkitchens.com
sommernph.com

# Reference: https://www.virustotal.com/gui/file/fee6cda76d8c5b289b76deba1176049e529f51ac06f817a8a22ec77b17d74f35/detection

188.161.190.135:6606
82.205.21.99:6606
82.205.22.86:6606
188.161.190.135:7707
82.205.21.99:7707
82.205.22.86:7707
188.161.190.135:8808
82.205.21.99:8808
82.205.22.86:8808
squadx.hopto.org

# Reference: https://www.virustotal.com/gui/file/95fbecb2d0b0aa0fa80e02732237fc9eb43fc9f8af1efff062435b44b57f1a03/detection

97.90.7.88:4782
97.90.7.88:6606
97.90.7.88:7707
97.90.7.88:8808
cademc.zapto.org

# Reference: https://www.virustotal.com/gui/file/e706bf49908519c14eb135357c5cd822be3f139be7365a94081b54342db0eb91/detection

20.79.41.10:5967
tayfagreatie.duckdns.org

# Reference: https://www.virustotal.com/gui/file/23d4837df84a76f96c674581c96e6a1729bac2981787d3b36ac5149d861f13e5/detection

160.152.102.175:8988
160.152.102.175:8992
loading8992.bounceme.net

# Reference: https://www.virustotal.com/gui/file/668d4a42b6e049ee80146d86f93c706a6598c90156b670b966a4a413a83e58d1/detection

144.202.70.248:6821

# Reference: https://www.virustotal.com/gui/file/af8558a48c8cd10691fc61aba79b6522807ff92a85fe833556445dba63f149d6/detection

45.77.142.82:9797

# Reference: https://www.virustotal.com/gui/file/2f054e75bbe251c38dfa8a3a31d51123d71f80054720c909ed3901e14859c656/detection

49.12.11.240:6606
49.12.11.240:7707
49.12.11.240:8808
49.12.11.240:6821

# Reference: https://www.virustotal.com/gui/file/89c38091fdb1977853e9533b62a68082b65dfa61007bd7d7f9dfaa228646252b/detection

20.52.142.130:9797

# Reference: https://www.virustotal.com/gui/file/fe57fc52dcd3215bca8bc6cebb224eb2c2d2b5238f3b671e84147ae555af936d/detection

144.202.70.248:6606
144.202.70.248:7707
144.202.70.248:8808
144.202.70.248:6821

# Reference: https://www.virustotal.com/gui/file/ab09142c8ecb158bb84696cb92e922fea9959a57bc6e1bacc6d8e87ffc1c63f8/detection

45.32.211.35:6821

# Reference: https://www.virustotal.com/gui/file/96f0812b2f8c0589a04b40ea1a9438d41e901ef660ed493c3d5221c535c18b4a/detection

216.230.75.194:8621

# Reference: https://www.virustotal.com/gui/file/c64c2b5fd4c90ac4dd5c41b733d43669fd3dfa75342d98f29b7bd3178e6374de/detection

139.99.73.120:6606
139.99.73.120:7707
139.99.73.120:8808
139.99.73.120:5555

# Reference: https://www.virustotal.com/gui/file/30368f7cf5ab4464ed45c1cf1c7a21110663a56b56ee5fe94a4e9bb376e2d5e4/detection

91.109.180.5:6606
91.109.180.5:7707
91.109.180.5:8808

# Reference: https://www.virustotal.com/gui/file/c06fdc9f0dbfd0b42d74c9226ed28f3f52b5bfc04af70f58b8b5b16439196184/detection

185.19.85.167:3413

# Reference: https://www.virustotal.com/gui/file/f7b01c9dd7e2184231f40d009c54374d0cdcf563e987fe2a3586e6b767852dea/detection

175.144.21.17:2703
185.244.30.92:2703
192.169.69.25:49703
37.120.208.36:49746
79.134.225.92:49703
87.98.245.48:49746
chongmei33.publicvm.com
rahim321.duckdns.org

# Reference: https://www.virustotal.com/gui/file/62a8add7d225619b038ee5e87b9546fbdb796c98b1c65fc4ecdc4b079069500d/detection

95.211.239.205:777
tahoo.linkpc.net

# Reference: https://www.virustotal.com/gui/file/dfc5f5a467242e30666b413878511d034ab02651a8b791732b70317a72c6a543/detection

105.103.141.231:777
domaineweb.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7081ef94c2d39376308f54702b74cc685f2489f90d95f1db288ff96c7e434202/detection

184.170.245.2:6606
184.170.245.2:7707
184.170.245.2:8808
hacker1313131dd.ddns.net

# Reference: https://www.virustotal.com/gui/file/7cf0450f46dbf13e125b76f7358c0505a9b5e6655d908281ed00b8ce5c94a3dc/detection
# Reference: https://app.any.run/tasks/409d87b3-2e1a-4699-9fb2-42bc6c107dda/

105.112.46.168:2021
105.112.78.3:2021
kimjoy.ddns.net

# Reference: https://www.virustotal.com/gui/file/c3566a97c163540e23dd172c1c872bb8e4dab98c1a049bacef3f3fbf68744835/detection

74.199.72.115:3702
nazinaturistic.ddns.net

# Reference: https://www.virustotal.com/gui/file/bd30df969f3a11aabd58ff65c72fd14a507ee43efe4d77331338facbeaed77c4/detection

195.62.33.67:9911
bad96.ddns.net

# Reference: https://www.virustotal.com/gui/file/9d9ea4fd548efa07e3051dcef175d5b0446958cdf0d7f623a0f98945acc1dbb8/detection

94.61.14.42:6606
94.61.14.42:7707
94.61.14.42:8808
robloxfanscripts.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1389666118294327297
# Reference: https://www.virustotal.com/gui/file/146f7a39df033afe4bb001da5b4a6eceb89f9efab5538c470b7f7f3cb4bbd15e/detection

79.134.225.18:2455
franco.ddns.net

# Reference: https://www.virustotal.com/gui/file/9ee67445d4ffeedd7c11e1e14949bf0f6060f34352e3f2c8d2184ffe0b4d235f/detection

79.134.225.18:6606
79.134.225.18:7707
79.134.225.18:8808
bigman2021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8d2b3f58baa5dc605a8618d66b3070c97b8f3f01c214c3e39b0d3df1c820f12f/detection

78.189.145.29:1064
cancan01.duckdns.org

# Reference: https://www.virustotal.com/gui/file/192b8b333a2d956f13512165a108e109e79f73680e28af2e98f4aafbaea378f4/detection

89.160.26.37:1907
89.160.26.37:6606
89.160.26.37:7707
89.160.26.37:8808
leoz07.ddns.net

# Reference: https://www.virustotal.com/gui/file/af844d4f524a764af31c6d600148248dae088a54356bbd63604f93602ae8a655/detection

41.105.36.185:1231
170293.ddns.net

# Reference: https://www.virustotal.com/gui/file/aefeb07afc0d9f4d09ab09317db14edef1b58df175f70cf6ea88d7f6cdce8cfc/detection

159.242.234.220:8991
160.152.102.175:8991
160.152.128.216:8991
160.152.155.95:8991
160.152.184.22:8991
160.152.34.228:8991
160.152.57.245:8991
197.210.70.144:8991
197.210.71.96:8991
79.134.225.119:8991
adobe.myactivedirectory.com

# Reference: https://www.virustotal.com/gui/file/d452cee94e3a2d58b05e9f62a4aa4004c0632d9b56fa8b57664d295bc88c4df0/detection

160.152.128.216:8988
160.152.155.95:8988
160.152.179.159:8988
160.152.71.32:8988
5.62.58.238:8988
79.134.225.119:8988
160.152.128.216:8989
160.152.155.95:8989
160.152.179.159:8989
160.152.71.32:8989
5.62.58.238:8989
79.134.225.119:8989
asin8988.ddns.net
asin8989.ddns.net

# Reference: https://www.virustotal.com/gui/file/e8aca8f27af178b2c191206c7bc04bfddc604a78b95699a72ca20c22f618c9b0/detection

160.152.187.169:8988
79.134.225.119:8988
160.152.187.169:8989
79.134.225.119:8989
160.152.187.169:8990
79.134.225.119:8990
asin8990.ddns.net

# Reference: https://www.virustotal.com/gui/file/d88f2958d0acb7f06c1cfbf71f496477b5bae94fda49b9084def65709b211546/detection

41.102.72.91:2019
mrdiazdz.myq-see.com

# Reference: https://www.virustotal.com/gui/file/7e2c927caec040c6a134fbcd520023dd48379be367b6af0a353dfc1e4d0bcc3d/detection

79.134.225.7:9476
sipex2021.ddns.net

# Reference: https://www.virustotal.com/gui/file/af664ecd43c0dd5152022855d80d3faa80bf938477b7959fdfe3d67c50ab93d6/detection

14.191.50.101:8080

# Reference: https://www.virustotal.com/gui/file/2fd8dd35009746246e06cafdd744c0bea6862576483a55a93b3c00de75989876/detection

77.247.127.24:6666

# Reference: https://twitter.com/pmmkowalczyk/status/1392794233724100608
# Reference: https://www.virustotal.com/gui/file/d17a7a0afd4342b88db7bfdba2ed30b44e03d95104d27d5e869bf7641895ad5d/detection

46.101.140.16:47533
fnk3.playit.gg
far-street.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/ea3e00b1c26220883d6e27179ec9391efa9a2062414eb1c5576db0e204291104/detection
# Reference: https://www.virustotal.com/gui/file/8ab4f231ebf6150eb8bcfa302353732cce3f6c72ea7892f27a22e2720509dc37/detection

134.122.66.170:1604
134.122.66.170:1700
134.122.66.170:55772
134.122.66.170:8929
139.59.82.105:1604
139.59.82.105:1700
139.59.82.105:55772
139.59.82.105:8929
bng1.playit.gg
fnk1.playit.gg
roasted-egg.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/4cb3d0afec4c271f4d2351022cecd072a7ef96b7c2f63223144278de67067d42/detection

157.245.170.36:1604
157.245.170.36:55078
157.245.170.36:6606
157.245.170.36:7707
157.245.170.36:8808
crooked-wash.auto.playit.gg
sf1.playit.gg

# Reference: https://www.virustotal.com/gui/file/b3a697477ca999a3cedb88a7dfef0735ac12032f26106008a31c6db4bdf1b7c8/detection

134.209.194.210:56635
ams1.playit.gg
gullible-substance.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/05030526532dbe4d0a3e49140489439468957d6dea9f482ff983e778b21c61d0/detection

147.189.168.238:1996
nova22.ddns.net

# Reference: https://www.virustotal.com/gui/file/d3b9abaed3de3549b0fc83ec846a02612d91dfaca5a82aad2d7fa58b6e6c8f59/detection

134.122.66.170:59266
enchanted-sugar.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/5acd937d84b28e21755ea9707e88cb73eaa6f183f03568e69077eee97ff5c6ca/detection

134.209.194.210:56874
134.209.194.210:6606
134.209.194.210:7707
134.209.194.210:8808
bored-baby.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/4a69b932f7d7abe2e40d828020271ad2c82895fe0e45639a5e63898097383229/detection

waiting-distribution.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/25b60ae10029b3dc5b7c9e0c4fda13f676fd138f9407fb3d515b16f307964987/detection

134.122.66.170:2626
134.122.66.170:52083
staking-afterthought.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/c984664d6300015a18c84ddf60d978b2cedcf5323dcf32365b72456766770dec/detection

134.122.66.170:56797
134.122.66.170:6606
134.122.66.170:7707
134.122.66.170:8808
parsimonious-elbow.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/f7aede4740b641f6ca71b683741b35e4cd8fcb9cd9aac929605e2f41de19db76/detection

smelly-plantation.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/ae068da2d2b92d3884eebcb3b088d3764c64899341deab9e431bb0cf5af2f011/detection

134.122.66.170:52859
parallel-spade.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/4816d6f30051bd5fd3b3c585ab45068cc68b1698bedebdf829b6df2c1345787d/detection

151.115.36.90:51696
151.115.36.90:6157
scintillating-jeans.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/3c19eba85ce343b5cb5a2afd7036a2528c520c19dae153c9c50552ec2f33d548/detection

46.101.140.16:59842

# Reference: https://www.virustotal.com/gui/file/7787b0ad1912dfe4feac545132d8c27f2cd89f1f9a8cf1ed7d787a487e523e9b/detection
# Reference: https://www.virustotal.com/gui/file/5c3d28aefe454f0503484f737fd56fb0303c93556c579c4568a72d684ee14ed3/detection

46.101.140.16:49723
little-toothbrush.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/0d937a6efda9883e93d429cf6c4d60dc145ed5f3fd69ddb744cb44a4a0b7396d/detection

46.101.140.16:47458
slippery-cactus.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/8e1ae1790f2ee8b22b8956cd8b1cedf9b0bf82246d5d5a998bc503ac780b3496/detection
# Reference: https://www.virustotal.com/gui/file/f8e56bed47bf278dd23e4e8bbac71c8bc0464bfb91c07c242a2d26a37aa83d16/detection

46.101.140.16:47537
tremendous-icicle.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/822edf21c4b1bdd1a85dc45219158b462323339f5510c9780c900e12a8a125cf/detection

151.115.36.90:49057
151.115.36.90:6157
cloistered-dogs.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/b47b6d3289ae1968dbf8c2ade9b51b8648e422b1676e5ca320f588768b90a28c/detection

134.209.194.210:59208
46.101.140.16:59208

# Reference: https://www.virustotal.com/gui/file/29e7e0de201646f11e3ac7b7f861cc489e5f8343834871de5143e4842d1718ef/detection

46.101.140.16:46467
unkempt-silver.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/32b3b1966fae4e513fa11870958bf2fd585144a9b9a37b4ed0da8f9871f40176/detection

176.136.47.220:1605
176.136.47.220:6606
176.136.47.220:7707
176.136.47.220:8808
xuehue.freedynamicdns.net

# Reference: https://www.virustotal.com/gui/file/90fab6977cc5f967959d3dd307d4dd99dfa8da7f7fe2c159c1e7911bc6f5105f/detection

20.52.37.83:6606
20.52.37.83:7707
20.52.37.83:8808
orospureaxx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cdbbddacd34d002729ac3889252f36c544b936002005a2f357e831cb2f669d7b/detection

194.76.226.201:6606
194.76.226.201:7707
194.76.226.201:8808

# Reference: https://www.virustotal.com/gui/file/dc3e48d0b12659129b857a0293e2978a29809664572b4f6f556491ca4f677dbf/detection

150.107.31.190:9060

# Reference: https://www.virustotal.com/gui/file/69642f95f35b3d14f1123de60819e66e59c8f125defb58d23b8766f498597de3/detection

79.134.225.53:9872

# Reference: https://www.virustotal.com/gui/file/494924af556726976ac133cfe12a92b3d5b193f19df0d3ea785c645cea18e6fb/detection

24.101.234.141:4782

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1400166564268331009
# Reference: https://www.virustotal.com/gui/file/c810a1bde5027f6fcf656067381133c6c8e61349cd05b4f4c7a9695b9a44f31f/detection

195.174.209.145:1781
195.174.209.145:6606
195.174.209.145:7707
195.174.209.145:8808

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1399327839896342529
# Reference: https://www.virustotal.com/gui/file/e89d388de70b933316724146def5eeab047a08514b7bf70bcea3916e09162669/detection

peebeekay-22139.portmap.io

# Reference: https://www.virustotal.com/gui/file/6610572cbe4075996e903d9e13a29cf812537be7b7ed2d9f6bc341a3998f4459/detection
# Reference: https://www.virustotal.com/gui/file/48b3e497f5e533a663b3686b731bcf2b486ba3aedb006091fd95d1f573944c90/detection

87.132.215.23:4250
89.182.98.3:3601
dontreachme5.ddns.net
dontreachme.duckdns.org
dontreachme1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ec503a0e10888dfadfaa3716eb128b6dd7479fd708e45a181cba7c14e8ad59f9/detection
# Reference: https://www.virustotal.com/gui/file/ee45e7b7efce62cdf53205e25010044bd2612498113e665e76f9731d4e2843e0/detection

162.255.119.29:54984
173.189.160.249:54984
snow-leopards.xyz

# Reference: https://www.virustotal.com/gui/file/1c1aad21ca7a30cdb51deac733927ed1b603c242b7640c9e42605ea8202782f2/detection

106.214.237.83:8088

# Reference: https://www.virustotal.com/gui/file/f6f4e3772ac0e480939d5af16464ba425c44040e1f1ce6edb82591694d5e3f01/detection

ooyeah-24044.portmap.io

# Reference: https://www.virustotal.com/gui/file/44b58d71e60589298b48dbbdcd296ebd7b0330dceb8988369267a167a85d631c/detection
# Reference: https://www.virustotal.com/gui/file/b564ee571c17fcf612bf67207a44d92e463f1c12c2558f205c4cbb45d8950839/detection

141.255.155.84:4444
141.255.157.163:4444
cryptserver.hopto.org

# Reference: https://gist.github.com/myrtus0x0/deb815eadd362f660aabb41a7806e187

172.93.222.156:6606
172.93.222.156:7707
172.93.222.156:8808
173.63.124.155:1604
178.33.222.241:2703
178.33.222.241:49703
178.33.222.241:49714
178.33.222.241:49746
185.165.153.116:2703
185.165.153.116:49703
185.165.153.116:49714
185.165.153.116:49746
185.19.85.155:5080
185.244.30.92:2703
185.244.30.92:49703
185.244.30.92:49714
185.244.30.92:49746
194.5.97.249:9951
194.5.98.196:4529
194.5.98.107:6970
203.115.24.234:8282
37.120.208.36:2703
37.120.208.36:49703
37.120.208.36:49714
37.120.208.36:49746
45.153.243.96:8888
45.35.158.173:6606
45.35.158.173:7707
45.35.158.173:8808
54.246.188.45:6606
54.37.36.116:2703
54.37.36.116:49703
54.37.36.116:49714
54.37.36.116:49746
79.134.225.92:2703
79.134.225.92:49703
79.134.225.92:49714
79.134.225.92:49746
79.134.225.99:4726
79.134.225.99:6606
79.134.225.99:7707
79.134.225.99:8808
91.105.195.23:5679
agentpurple.ac.ug
agentttt.ac.ug
bruhmoment123123123.ddns.net
dongreg202020.duckdns.org
gateway.swat.host
genjustu.hopto.org
johnboo.hopto.org

# Reference: https://www.virustotal.com/gui/file/6c9d744a929a0e67b79dbb669cf8be1ac357b0e8eb75074ace81fa90857e5552/detection

197.1.99.237:6606
197.1.99.237:7707
197.1.99.237:8808
197.1.99.237:9995
197.238.81.24:6606
197.238.81.24:7707
197.238.81.24:8808
197.238.81.24:9995
chromsec19.zapto.org

# Reference: https://tria.ge/210528-3n4n93ztka

185.19.85.168:5946
shugardaddy.ddns.net

# Reference: https://twitter.com/petrovic082/status/1397093409521905664
# Reference: https://app.any.run/tasks/a1d1ad79-e892-450e-99ff-19aea71774ce/
# Reference: https://www.virustotal.com/gui/file/51863340741893ed0860f30704e00ee4e4c4f0ac4b2c6eefd5e765008f20eb29/detection

scarsofthesoul.com/wp-content/themes/45gHdoYZRK3EEBAC.jpg
scarsofthesoul.com/wp-content/themes/SNavmh60gxje6Rii.jpg

# Reference: https://www.virustotal.com/gui/file/2b8678fa955d08b909a9068aad612ed566a9a98c0476585770f6d1c8dc0c3f9e/detection

141.255.144.58:1604

# Reference: https://twitter.com/James_inthe_box/status/1406995650307256320
# Reference: https://tria.ge/210621-g8zj1sp5j6/behavioral1

88.234.171.239:555
asc1.linkpc.net

# Reference: https://www.virustotal.com/gui/file/227f44cda2b2f73785a5ae5b258fe818dd3302ce533aa50837ab21d99cb8219a/detection

185.244.26.217:5892
exchangexe2021.ddns.net

# Reference: https://www.virustotal.com/gui/file/068a691ba494e231b27af202af806ff1daac8b660993678a4c0b73ffc8a2d242/detection

185.140.53.169:8970
8970.ddns.net

# Reference: https://twitter.com/ps66uk/status/1407090099699994626
# Reference: https://www.virustotal.com/gui/file/ca8929421ca89c108483865008ee79bd23e3386b899ffebdd897e1d072ad9e92/detection

172.111.244.39:46422
172.111.244.39:6578
leechong444.ddnsgeek.com

# Reference: https://www.virustotal.com/gui/file/14a78e85a9719b24dd71fa5cded55f59c14d45211a18bf89f5196cd2e0cd45e5/detection

83.252.99.10:8080
keyloggerhacker.ddns.net

# Reference: https://www.virustotal.com/gui/file/a72d1d21eaf2f89f06ea807db188ee0e4c6ada5e966568d8543e4c3dbd5c7c73/detection

135.148.134.17:8080

# Reference: https://twitter.com/BushidoToken/status/1416498021127409674

185.195.232.251:57667

# Reference: https://www.virustotal.com/gui/file/5f106bf6a105b2febc08dbc9885420f6341eae88eb5570d5b5454a3bee0c2a08/detection

3.22.15.135:6606
3.22.15.135:7707
3.22.15.135:8808
3.22.15.135:16029
3.129.187.220:6606
3.129.187.220:7707
3.129.187.220:8808

# Reference: https://www.virustotal.com/gui/file/878487e25eb96ab2c4ebd889e4bfc1739d730722c2af4736bc46ac3d11eca453/detection

206.123.141.239:7777

# Reference: https://www.virustotal.com/gui/file/d68b4d6cec032458824abdf3ac6f379f33db2167cb0c399845f4d7735a426827/detection

95.169.210.148:6666

# Reference: https://www.virustotal.com/gui/file/8b388efb71328e18ee3dd5b4c932387ddad5ee79b595751a79fe535533e2c4ed/detection

191.88.250.118:5020
marcelajarakmisdhuakfsg.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c4b86c9533e71721f549923868ca2f940e6bee5b9ef49b661343a5028a16b363/detection

cabovela.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a0329b99847941ede2712082eca9b6fecf89a9150fa36160328b3e596f3c23fc/detection

45.134.225.35:7821
45.134.225.35:6606
45.134.225.35:7707
45.134.225.35:8808

# Reference: https://www.virustotal.com/gui/file/1677e0afc52a9166c9a433e5db3864f71fe5816a98784f6ee3e86540827da084/detection

86.107.197.52:6606
86.107.197.52:7707
86.107.197.52:8808

# Reference: https://www.virustotal.com/gui/file/fa34352f3aec8d28f7e9ebc21a01c3a32e98620790ca91e29ad385919c0e213d/detection

136.144.41.4:4771

# Reference: https://twitter.com/pmelson/status/1419399465207836674
# Reference: https://www.virustotal.com/gui/file/07ac588af0a2789108da9687b452144e346c0a05583ae21660b5b49ef9740046/detection

137.74.176.167:1177
host.aliveafterguard.store

# Reference: https://www.virustotal.com/gui/file/fd78341536c5abe19c4beec49876f8f854819aa075092e3d9aec8c193339fcca/detection

171.235.78.216:4444

# Reference: https://www.virustotal.com/gui/file/b6444d49ebd6cf176222cd2ec2816c07727d334a8c6aed056e6e953796f7433a/detection

197.210.71.57:8971
makesuretobackup.loginto.me

# Reference: https://www.virustotal.com/gui/file/0705b69d12b5171f99bb4e89191939fe874ef994ffacb2508abcc2057463b605/detection

104.227.146.200:8835
104.227.146.200:8970
104.227.146.200:8971
104.227.146.200:8973
8970.ddns.net

# Reference: https://www.virustotal.com/gui/file/4e8bacc82d5684af7b56acbd3150ec033db6d6cc89e60bcf1d16ff13766d41e4/detection

185.140.53.169:8835
185.140.53.169:8970
185.140.53.169:8971
185.140.53.169:8973

# Reference: https://www.virustotal.com/gui/file/eeea15c1411e2f21445e11f510f4c3a3a9c8390085757daf352d48dcfa50d182/detection

104.227.146.200:8070
185.140.53.169:8070
35asyn88.ddns.net
7298hwor.ddns.net
newagain.servep3.co

# Reference: https://www.virustotal.com/gui/file/da8a2b68f14fab211ffe09dc43922790417dbb6e5fa437b461ad1d5ac7d4f788/detection

141.255.151.240:2880
xinpin.ddns.net

# Reference: https://www.virustotal.com/gui/file/0da6b4eb3e0cd74821c92e1cf094e148f62749a6bc8a2d5e457ca320be2947da/detection

46.249.32.186:3000
46.249.32.186:4000
camfro9ksa.no-ip.biz
jamal16a.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/c31f8b69245d8207cf420a1e7ca523553eccd96d649168314db28644203cea9e/detection

194.5.98.8:3030
adikremix.ydns.eu

# Reference: https://www.virustotal.com/gui/file/19470ceb697cfe1039f344962da8fe0b1fe484bd0488db00afef27816ee62ae6/detection

185.244.26.165:9582
e29rava.ddns.net

# Reference: https://www.virustotal.com/gui/file/623534bf150f2538edb27e51ed56b92f464adb5da8e2db378ec3a666fcb64772/detection

185.244.26.213:9872

# Reference: https://www.virustotal.com/gui/file/6693e9ce0848fe351b1df785a7540ec3bc1950fd698977cdd8cde1b3d4f19681/detection

177.126.146.148:6606
177.126.146.148:7707
177.126.146.148:8808
word.is-a-rockstar.com

# Reference: https://www.virustotal.com/gui/file/df5909d3af4ca4654c190c579631cd6d9aae3e0270daa83e92c7ee4397322364/detection

79.134.225.109:9070
asyn101.duckdns.org

# Reference: https://app.any.run/tasks/7e4869df-9ab6-4ee4-9772-f5af5721ca83/

91.151.88.245:2070

# Reference: https://app.any.run/tasks/eb9ed5cc-ca36-4fcd-955b-81a360cda877/

20.199.121.197:7707

# Reference: https://app.any.run/tasks/78c5b68f-1c96-46a6-8519-d7f8e475a714/

151.237.185.211:20090
harnav1.ddns.net

# Reference: https://www.virustotal.com/gui/file/c8b7234f8cbfaa32f5c52c02b259511861bfa602a447aea1b1e82f024f102e50/detection

37.49.230.185:5874

# Reference: https://twitter.com/James_inthe_box/status/1438506362107928582
# Reference: https://www.virustotal.com/gui/file/0d9937ff3380d575397c7dae4b22267d42a029956d45a16f956cddf479c3cf59/detection

194.5.98.132:1849
rick63.publicvm.com

# Reference: https://www.virustotal.com/gui/file/4a0d7d71ba4692f70972ca28028f943a5cb56086f4fed16829f276a6d70fbc38/behavior/C2AE

195.133.40.157:9909
195.133.40.157:8808
rocking.ddns.net

# Reference: https://www.virustotal.com/gui/file/a352ce2dcf084f7017ee2f287678a5852470b9f64f00988a51104d9370a442fd/behavior/C2AE

microsoftstore.ddns.net

# Reference: https://www.virustotal.com/gui/file/7bbc45943986a1f5886ca429f3fadde428a7936c2e3a421b5f8f24e06ace0308/behavior/VirusTotal%20Jujubox

196.170.63.108:6606
196.170.63.108:8808
zeroxzerox19.ddns.net

# Reference: https://www.virustotal.com/gui/file/6c5a78bc2995bd9098af7b5b2cc18b3763a5c16b8960847d8d1518ea03fa5262/behavior/C2AE

kalilinux123.ddns.net

# Reference: https://www.virustotal.com/gui/file/3a466603350e269cc3c6d47e9467525319d96b93abf4a4f94aa81ef616409792/behavior/C2AE

192.169.69.26:1884
dgrthdg.duckdns.org

# Reference: https://www.virustotal.com/gui/file/19261c2bcb77b1f207415ca68e845ee2d7bea24d870b0543233bb277c1c3416a/behavior/C2AE

142.126.121.109:9897
eeeeeeeeeee1111333.ddns.net

# Reference: https://www.virustotal.com/gui/file/511be2e5f0ecf8da123bd5eaf462869233c658c88f4ab6c5472792f62a67a898/behavior/C2AE

91.109.186.6:8808
91.109.186.6:6606
91.109.186.6:7707
milla.publicvm.com

# Reference: https://www.virustotal.com/gui/file/0cf2d9d9b8cf8181784372da15e5c19918577d9462eb38de60f2cd48ef793685/behavior/C2AE

185.157.160.198:1973

# Reference: https://www.virustotal.com/gui/file/4556c1debf74fe9cdc70eeae3ad1737867f12aafe5f129f2e4c32c3bca5d2373/behavior/C2AE

119.91.81.102:10050
vaoz.hopto.org

# Reference: https://www.virustotal.com/gui/file/cef377096aa29c2d56751c604f9c12149596aed21307ae70889367b3717820c3/behavior/C2AE

41.225.94.19:6606
41.225.94.19:4444
41.225.94.19:8808
41.225.94.19:7707
nosnos89.ddns.net

# Reference: https://www.virustotal.com/gui/file/49af85ae6afd7dd5c5df440d8c6043c2c14f206a8aaeda0dc2d8d2fa4942faa9/behavior/C2AE

128.127.209.204:1188
ethanily7lm.ddns.net

# Reference: https://www.virustotal.com/gui/file/aa8b3ea0e61c4e7951f01a7934c1b500a57afabbac14f794036723048bdd2959/behavior/C2AE

193.161.193.99:6606
193.161.193.99:7020
193.161.193.99:45415
193.161.193.99:8808
193.161.193.99:7707
sherlmes2-45415.portmap.host

# Reference: https://www.virustotal.com/gui/file/f77b792b18ed388d1223539319cac1d6c2ec1af3193325aca3d0094160049ad0/detection

91.109.176.3:1010
poplll.ddns.net

# Reference: https://www.virustotal.com/gui/file/e55a4da819c806619edb25aba1ae1e1a4b95f46861b636f9958f910166e34cf9/detection
# Reference: https://www.virustotal.com/gui/file/dd1fb521c590a121ce61b6a422c1ec3212248c4973f47be6ddcaa2189d410966/detection

91.109.176.3:1100
91.109.176.3:1122
shero21.ddns.net
shero21.hopto.org

# Reference: https://www.virustotal.com/gui/file/918aca7c4e894fac419afbf9d3b933604bd354f84c819a4241a8a9a7bd81c9ca/detection

91.109.176.3:3242
brikol32.hopto.org

# Reference: https://www.virustotal.com/gui/file/c8ca46366ec70b0463b3ee7e747c1c22e1d42f7e7e77e0e896edf99aebdbeb10/detection

79.134.225.77:9532
79.134.225.77:9690

# Reference: https://twitter.com/pr0xylife/status/1450398699121750019
# Reference: https://www.virustotal.com/gui/file/3959233284f7f4a7bec2a314820e3b8e073591a31dfe8c43a03f7a24833b7fd3/detection

139.28.37.182:5200

# Reference: https://www.virustotal.com/gui/file/47ba489de1983d8cba9e284e4ff259ec8fee5fd95464953483c16af9ded7f499/detection

37.0.10.5:1553

# Reference: https://www.virustotal.com/gui/file/0a8ca65757f6c874a8d6124b06c9661f7066a6508d887ed93119539b17de39f3/detection

51.222.98.71:23411

# Reference: https://www.virustotal.com/gui/file/62b91b016641d20e062da305675e6b9ebdc8166c0406c6c151deb00a3b0eea35/detection
# Reference: https://www.virustotal.com/gui/file/caaa9c3c18c70d0fa3ce8eeb331098923c5d66c85852d61ff35e44ef3717d552/detection

194.85.248.50:1616
45.144.225.178:1616
bbccdd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/44c2e5015639f92b300d495be689bb6f5973c650dc0ac861d77ae97cb21b7807/detection

144.126.141.41:6606
144.126.141.41:7707
144.126.141.41:8808

# Reference: https://www.virustotal.com/gui/file/ac89daad73dd89dc4a2f4fe58a4a5ab29b14bdecf1710a172bc58ea513e6c3e4/detection

http://149.56.200.165
149.56.200.165:6606
149.56.200.165:7707
149.56.200.165:8808

# Reference: https://www.virustotal.com/gui/file/665dc88a9cccd536d40ac75c3eb23de8d1d5e95aee504f0ce31f4b31db81d468/detection
# Reference: https://www.virustotal.com/gui/file/ea068c51c9036a7fabe4d259e1447154b9bce2ab58d8a5feec10012c72595955/detection
# Reference: https://www.virustotal.com/gui/file/7768e84058b04954d258242e0e36804d74aa93cd96ea0c32aad85af86e2040c9/detection
# Reference: https://www.virustotal.com/gui/file/2b7dbd887c6917e12d524ce2b2de699908df59566500acef015660d379cb8205/detection

186.169.35.22:9194
186.169.42.167:9194
186.169.52.151:9194
186.169.76.22:9194
anysdk.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6f194457591e38ef91c704ee2e78d676158721b7123c5d6f1f7ab893525c1d0f/detection

5.36.102.135:6606
5.36.102.135:7707
5.36.102.135:8808

# Reference: https://www.virustotal.com/gui/file/853274bbcb0c9406640b129d9b5ec887e31da0483b1c5b1204b13369361fa7cc/detection
# Reference: https://www.virustotal.com/gui/file/3b378370df4ccdf42f83ac4ca27c77c7a84e76f370e6a1fd0f0cd997c7862eb5/detection

89.10.111.40:3074
getfucked69420.ddns.net

# Reference: https://www.virustotal.com/gui/file/12547cac918d152b630f82bc88399322ea3537082f0eb167e5e3915fef512037/detection

hhahkek.ddns.net

# Reference: https://www.virustotal.com/gui/file/9a0bcd595c00fac69969827f5c83d08bbe6bb5f5d29b2a9bd294e9618ecf1cc4/detection

193.183.217.94:42431

# Reference: https://www.virustotal.com/gui/file/b0106b10a4ec8d9be9349ea21ce7d8810884a54e65a025a1c57d282eb5b49b73/detection

20.113.56.70:1939
yarakkurek31.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ef6850e025b28edccc2d716a969257368082a7e64a6c73253315881fa3da18c/detection
# Reference: https://www.virustotal.com/gui/file/d7275e118bd4932e36789d4c03147c3efe3a31ea9c719b8e93d8697baabfbe4f/detection

103.1.184.108:4000
216.250.97.121:1568
216.250.97.121:4000
216.250.97.121:6220
216.250.97.121:712
mycollege.duckdns.org
ournewos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8e57ba59e782cb55787620258867e2c64d2e30ee02924f02a6e9e61a9b6775a4/detection
# Reference: https://www.virustotal.com/gui/file/7a2c578192832bb2e9282ff4c79c8d0b0c51e4c2b90680e4752f738e6ae37926/detection
# Reference: https://www.virustotal.com/gui/file/0e3cda3174da3842c349bfcaa42f79b634314859cd2dbb60fb254ba2ea265524/detection

194.29.101.219:81
216.250.97.121:81
42.106.199.93:81
medicalservices.publicvm.com

# Reference: https://twitter.com/ScarletSharkSec/status/1476615969191731215
# Reference: https://app.any.run/tasks/0560b542-81d1-4214-9f3a-d89ca1cf3adf/

144.126.136.214:3101
imghost.myftp.org
uspsform.info

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/769c5c1d9681b468b84a14af0c33ec4ee786f8c7a0eecf7819bd9286cab2d474/detection

185.140.53.178:1515

# Reference: https://www.virustotal.com/gui/file/f2e9cc84d53231470b1fa5491464a00cb7562000a56e0ce8264a61783e44ed75/detection

185.244.30.58:62750

# Reference: https://www.virustotal.com/gui/file/0df8f6927d1c11bddd28ac7ce0699bb205c36c7d690c5ca9db3109bcc319904f/detection
# Reference: https://www.virustotal.com/gui/file/9bd27defdb0f664430d2775c7cdfe585bd87052e856ff07f124a416eacc01b32/detection
# Reference: https://www.virustotal.com/gui/file/262fe30f28e10a70ff92f0936f1934664e6c55d6a0b7e9541370d75bb62165bb/detection

2.97.222.100:4272
2.97.222.100:5000
2.97.222.100:5321
2.97.220.50:5321
3.141.142.211:16656
3.141.142.211:4444
3.141.142.211:5321
3.141.142.211:6942

# Reference: https://www.virustotal.com/gui/file/c0f7710298626ad629721a8683adbea6d73db902d3bcdc782c7fd1b524646392/detection

92.15.9.84:5000

# Reference: https://www.virustotal.com/gui/file/4094cb0eaf6d140e67eb7f3a09043ae48a1ff92ed749ba81ff471bc24f2e3747/detection

kingg32.ddns.net

# Reference: https://www.virustotal.com/gui/file/96bf189c954cf26d2aa54d3e9da9e06d2fbefe5922b48b12b5302fbe0b64e2cb/detection

105.112.70.6:6606
105.112.70.6:7707
105.112.70.6:8808
rainbowsmile.freeddns.org

# Reference: https://www.virustotal.com/gui/file/9945c3e1fd6ceb2e42f17983cbc5e71e28220bb9b9785fc5c7747f299312b2e2/detection

45.142.212.31:6606
45.142.212.31:7707
45.142.212.31:8808

# Reference: https://www.virustotal.com/gui/file/62e268ffe865dbd7d75337c7e9a3c0607942e4c57e67ff2d68f00bc68a4ece5e/detection

http://119.17.214.76

# Reference: https://www.virustotal.com/gui/file/577060714ee5177e501acbc7cbffdb5589dc21bab72307062aa7883ed14f4442/detection

109.228.37.222:20000
213.171.211.204:21000
dlldns.xyz

# Reference: https://www.virustotal.com/gui/file/48d25c5b9b73012e8b2df3579c75ffdaa1f9d1686d6155bea7c1d5a5065f229f/detection

79.134.225.79:6606
79.134.225.79:7707
79.134.225.79:8808
planst09991.duckdns.org
pureloader1.ddns.net

# Reference: https://www.virustotal.com/gui/file/c144524875b9b3d451ed3d075e879677cd84fa50093063a395648551717e3fa3/detection

207.246.86.113:8888
207.246.86.113:9999

# Reference: https://www.virustotal.com/gui/file/765a57140b17fcf2388544f17837ef208ad578e92602bc972e42fab41ef33834/detection

207.246.86.113:1986

# Reference: https://www.virustotal.com/gui/file/10a87fd245cbee46c1565d369a0276d9e25a4540977af9f132dae6257040b155/detection

207.246.86.113:1988

# Reference: https://www.virustotal.com/gui/file/fa07402a7655d9e2fc0558ab22b75c004602e35ec5e3310b7e264e6ec2a79fb5/detection

149.28.35.14:8668

# Reference: https://www.virustotal.com/gui/file/45995c61073b4228eef6414c0ffd9357429c6945f731e4d8150f779994143425/detection

173.225.99.230:9966

# Reference: https://www.virustotal.com/gui/file/6f3b7811c3e549e0d8b77fa1bd511ebf55ebc8f276446ce77184c6df665f8a28/detection

185.144.28.238:8848

# Reference: https://www.virustotal.com/gui/file/98c1afc5a3d52830e518a8ba4fb2950aa28147efd5cc8bf08386cde9b579c142/detection

104.207.152.120:1868

# Reference: https://www.virustotal.com/gui/file/d887313a40393517370c184c6afa227305a91c05d96d8eda6bf74f133654e572/detection

194.33.45.165:6666
ahmed2611.linkpc.net

# Reference: https://www.virustotal.com/gui/file/2079ee598c065e370547a1522995502ccdff9ca9878963b86b285489c165b176/detection

2.56.57.210:1444
2.56.57.210:89

# Reference: https://www.virustotal.com/gui/file/23bb1ec79732017c4f1ce1a41a07bf9df4c9dcdbb8c79ebfa1b3e83f4538c573/detection
# Reference: https://www.virustotal.com/gui/file/6cec9b24677f0912fe91b0b40836752be09888e6c2b1783f51c9a7aa6827b864/detection

154.118.104.174:61857
154.118.104.174:61974
2.56.57.210:61857
2.56.57.210:61974
artedriendfrim.hopto.org
famesurvelizerditis.sytes.net
haldriendfrifaimano.ddns.net
reoildriend.sytes.net
riemaldriendfri.sytes.net
tancesucesm.chickenkiller.com
universalchampionis.zapto.org

# Reference: https://www.virustotal.com/gui/file/63ef801de07c0cad9af70847fff881fc454ed5430f289b95581399b4aee809a0/detection

103.151.123.194:7829
103.151.123.194:7840
103.151.123.194:7841
103.151.123.194:7842
asyncmoney.duckdns.org
asyncpcc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/47f83bc0ad5cec2e365409f45ba67220e8ecf9a7313a38caef08fd9559e8a2ba/detection
# Reference: https://www.virustotal.com/gui/file/edf90d101a43361dc1245ebc74132e08f54db942af670377c431003e85534b22/detection

13.82.65.56:4021
64.188.16.134:4021
yuri101.duckdns.org

# Reference: https://www.virustotal.com/gui/file/68106918876232b746129b1161c3ac81914672776522f722062945f55166ba68/detection

23.102.1.5:6230
23.102.1.5:6231
23.102.1.5:6232
dccrypa.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b7f3d1dd2aa804eb498480b7a3b03ea003efb665005e844e51be5b8ab9dc8e79/detection

23.102.1.5:6121
asyncspread.duckdns.org

# Reference: https://www.virustotal.com/gui/file/456ae44a137a75594a129beed2a917afa00e94b79825fd9500c6b07da69310b9/detection

103.151.123.194:1990
meunknown.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a3013ca2f3bee249886bfa72085ae98f31ff49ab7b0e0bb4de883e94d88cd9ed/detection
# Reference: https://www.virustotal.com/gui/file/597e67048274e435928e11acf5e712b932695b1eb343398559fa83993c91296c/detection

88.111.229.212:6606
88.111.229.212:7707
88.111.229.212:8808
88.111.229.212:20000
88.111.229.212:21000

# Reference: https://www.virustotal.com/gui/file/7bc5ed12f076a174ab2b7e39ace5f88cfe695c75f3bc67701f42736be6de04a7/detection

88.111.236.191:6606
88.111.236.191:7707
88.111.236.191:8808
88.111.236.191:20000
88.111.236.191:21000

# Reference: https://www.virustotal.com/gui/file/c743735f89a5586315aeba456f9f4167a3365ea070d9d631e35aeaad4772d09e/detection

92.3.192.170:6606
92.3.192.170:7707
92.3.192.170:8808
92.3.192.170:20000
92.3.192.170:21000

# Reference: https://www.virustotal.com/gui/file/4d13e663aebabe2376c4f231356688108b5a124e0aafbc1717efa9f82e23f2b2/detection
# Reference: https://www.virustotal.com/gui/file/eb918b8f920a7f710cbd2460ba6132a177996912cc0ef6144ac824e3e37e4fdb/detection

104.21.13.168:5380
172.67.200.214:5380
37.238.146.36:5380
91.109.190.3:5380
fact.azad.live

# Reference: https://www.virustotal.com/gui/file/a672aa201c4172fb50bbf332a57a25c399e1c0a881f09ace05dbcc77d859627e/detection

46.246.6.11:9000
david123456.duckdns.org

# Reference: https://twitter.com/1ZRR4H/status/1485771167948546048
# Reference: https://tria.ge/220125-adlgqacfg6/behavioral1

104.249.62.71:4212
strekhost202201.duckdns.org
strekhost2024.duckdns.org
strekhost2025.duckdns.org
strekhost2028.duckdns.org
strekhost2029.duckdns.org
strekhost2030.duckdns.org
strekhost2034.duckdns.org
strekhost2035.duckdns.org
strekhost2036.duckdns.org
strekhost2045.duckdns.org
strekhost2054.duckdns.org
strekhost2057.ddns.net
strekhost2061.ddns.net
strekhost2063.ddns.net
strekhost2067.ddns.net
strekhost2074.duckdns.org
strekhost2076.duckdns.org
strekhost2084.con-ip.com
strekhost2087.con-ip.com
strekhost2091.con-ip.com

# Reference: https://www.virustotal.com/gui/file/fd607e03512a15e3bf9dd3c80dbca2b9235012004cb9b69fa05df2f5344037ef/detection
# Reference: https://www.virustotal.com/gui/file/8b022a46d08a7cf80f1141e534f647d1113fe87426e01dc35465f62bfd5052da/detection

189.146.59.185:81
201.121.135.170:4449
3.14.182.203:26008
3.17.7.232:26008
3.22.30.40:26008
venom5002sitask.6te.net
venomsi.mypsx.net
/venom5002SiTask/

# Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign
# Reference: https://otx.alienvault.com/pulse/61f2ace89496fafe74bbb9c7

11l19secondpop.ddns.net
2pop.ddns.net
elliotgateway.ddns.net
newopt.servehttp.com
newsa.ddns.net
nomako.ddns.net
pop11.ddns.net
python.myvnc.com
wthcv.sytes.net

# Reference: https://www.virustotal.com/gui/file/d775bef532e71e692eb0e66292da60db38864a4f3dba5d2382ace1992ddd55f3/detection

212.192.246.239:1001

# Reference: https://www.virustotal.com/gui/file/9d17ef60c2fe51c9ddd8c03a519059d3eddfd2ac8803ac5d7d91a71075810887/detection

212.192.246.239:228
212.192.246.239:901

# Reference: https://www.virustotal.com/gui/file/4743f18e28808ce90f8c9197c112fe5ceeb91c20f41b92a00034e2884cab1907/detection

212.192.246.239:8000

# Reference: https://www.virustotal.com/gui/file/d0b02f3290dc695e0d9e63060a3dcad7d351c7db7570d656da965ba95f1368b7/detection
# Reference: https://www.virustotal.com/gui/file/ee64468498a36ca484a8ea1079b6e125590749dd2535c7cbfb0b24050b10dd3c/detection

209.127.27.27:6606
209.127.27.27:7707
209.127.27.27:8808
crypto-support.network
myvps2022.ddns.net

# Reference: https://blog.morphisec.com/asyncrat-new-delivery-technique-new-threat-campaign

178.238.8.233:6606
178.238.8.233:7707
178.238.8.233:8808
python.blogsyte.com

# Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection

194.127.179.238:8855

# Reference: https://www.virustotal.com/gui/file/f95c8ace1331a172303a2f2cea8edc805203156e499012df465a158246495cce/detection

216.250.249.156:1148
216.250.249.156:1560
216.250.249.156:1985
23.95.115.74:1465
23.95.115.74:1560

# Reference: https://www.virustotal.com/gui/file/f6092f6961226ced6b4858af475736af69ac36f35dea6f539eb552dad3b00fbc/detection

104.37.174.26:1985
104.37.174.26:4040
104.37.174.26:5050
216.250.249.156:1985
216.250.249.156:4040
216.250.249.156:5050

# Reference: https://www.virustotal.com/gui/file/f54d3ce36fea6ef51b10501d96f8e82deab82440005200ef16f88e4154d923ba/detection

216.250.249.156:6606
216.250.249.156:7707
216.250.249.156:8808

# Reference: https://www.virustotal.com/gui/file/f25eb7952a3cea441effa29b4b95ac46269fb8ab56e39166a0e56ade8f7bdf5a/detection

216.250.249.156:1148
216.250.249.156:1414
216.250.249.156:1465
216.250.249.156:1759
5.230.72.3:1148
5.230.72.3:1414
5.230.72.3:1465
5.230.72.3:1560
5.230.72.3:1759
5.230.72.3:1985

# Reference: https://www.virustotal.com/gui/file/ca2f1fd98c74804cf417f07a86db13a71baed4647e919a110a82df0bfba02e85/detection

http://5.230.68.154

# Reference: https://www.virustotal.com/gui/file/c507346693107714c35dae061f39b4af97f7ee55a12e7fbb689ca62405af7414/detection

51.210.48.148:6606
51.210.48.148:7707
51.210.48.148:8808

# Reference: https://www.virustotal.com/gui/file/ba1c40946756613c5321bea71118ec169096783344d0aca7e9ee5e0ac62b07ef/detection

216.250.249.156:1980
216.250.249.156:1981
216.250.249.156:1982
216.250.254.208:1465
216.250.254.208:1560
216.250.254.208:1980
216.250.254.208:1981
216.250.254.208:1982
216.250.254.208:1985

# Reference: https://www.virustotal.com/gui/file/b135b4f9bbc86735c19170c9728466e972f5985ccef6f44fc39b50e24987b0fb/detection

104.37.174.26:1759
5.230.84.50:1465

# Reference: https://www.virustotal.com/gui/file/a576dd4d6b216109bf7044bc90ebd70a2205bffb43272b28f8f112b480eecea5/detection

193.29.104.186:1465
193.29.104.186:1560
193.29.104.186:6606
193.29.104.186:7707
193.29.104.186:8808
216.250.254.208:1465
216.250.254.208:1560
216.250.254.208:6606
216.250.254.208:7707
216.250.254.208:8808

# Reference: https://www.virustotal.com/gui/file/832ed387078d95665e268d6fc1da6b62f9c785049c1a479bdb9eb45e8945eadf/detection

14.18.141.27:33355

# Reference: https://www.virustotal.com/gui/file/5c7887914b2ebb56fc762b555093719b30978e7d603ee1ba198f288090bec15b/detection

104.37.174.26:4848
216.250.249.156:4848

# Reference: https://www.virustotal.com/gui/file/19247536d1bb8035395a3a2bca3ecb17c36ddf48fee86a00d9d6e3e4bf622f35/detection

104.37.174.26:2018
216.250.249.156:2015

# Reference: https://www.virustotal.com/gui/file/ceaeb1dd68355d7a47455dffd00f3ab735e295c2aad6d7c0d754f371af3e0093/detection
# Reference: https://www.virustotal.com/gui/file/c0d614d65f3710bac72f12f0dbd86b77971f64a7fd3dad978ccde2d0e4d7d39f/detection
# Reference: https://www.virustotal.com/gui/file/6c2ee1611af326cf2c791ef63f6816ee8364fcccfc7a2facb5dbbb82bf310fe3/detection

185.110.106.210:1337
185.163.218.120:1337
81.94.199.203:1337
kho8arje.ddns.net

# Reference: https://www.virustotal.com/gui/file/fd8419faf4dbccd31e6305cb19cb9043dacaea147b38d1c0e78105802a9d99df/detection

45.144.154.150:1095
45.144.154.150:1097
45.144.154.150:1098
45.144.154.150:1604
45.144.154.150:18
45.144.154.150:4782
45.144.154.150:4784
45.144.154.150:59
45.144.154.150:5900
45.144.154.150:9495
alemdar571.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ef3108a8fa42fa5ed82f82a3c9d7d9f5cd2b35dd653127585977578321ce21d0/detection

189.38.106.99:8080

# Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_03.02.2022.txt

documents.pro.br

# Reference: https://www.virustotal.com/gui/file/00ecb52e6754df0b9b25f896e8d923d6fc11c80fa333df430d1c3e3c94a7a404/detection

201.212.135.172:3042

# Reference: https://www.virustotal.com/gui/file/a829a8001f09c89ec992913ea3a6d2bde958779e8a7788d9d2a0e1e319e316bc/detection

173.44.55.179:13294
173.44.55.155:48241
kumar.airdns.org
minchia.airdns.org

# Reference: https://www.virustotal.com/gui/file/5511ab25c4f241c5683ad0b26452c2c474841dce3666010d723243f987b06872/detection

3.131.123.134:24138
zealous-fire-94898.pktriot.net

# Reference: https://www.virustotal.com/gui/file/2b4fcba2cacdd48089b43c746a24cda262ee87db830bd9aaf9ee82f5cb900de5/detection

79.134.225.90:83
confucanism.hopto.org

# Reference: https://www.virustotal.com/gui/file/443858dce1aeb48c098475dcf1f04c286a6d69593a41613436f05fd12fb35bc9/detection

51.89.253.23:6606
51.89.253.23:7707
51.89.253.23:8808
3laallah.myvnc.com

# Reference: https://twitter.com/peterkruse/status/1492796546525638656
# Reference: https://www.virustotal.com/gui/file/76854bcfb1fe0e8baf04c994cf4db49f5445e77201535ca49616a23c0ca69004/detection
# Reference: https://www.virustotal.com/gui/file/4a7484b8027c04f1b339c56ab4bc40ba6b8bb876507d421a59807684aab1e83c/detection

159.65.243.143:8080
20.113.159.145:3162

# Reference: https://www.virustotal.com/gui/file/9cd3f611b2d854917d5d0229d7440b30f2610984d51a5cf591591fd156558973/detection
# Reference: https://www.virustotal.com/gui/file/3cf3c75627a9a6813f7d5f708c88d2d41c6d18e92fe9dea86bb370c6b816bf40/detection

199.195.253.181:6606
199.195.253.181:7707
199.195.253.181:8089
199.195.253.181:8808
prhostings.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d9f2bab44100729ed79b2acaf2b8f1cf3b665d55988847e06b19ec0625f25fed/detection

37.221.122.76:6606
37.221.122.76:7707
37.221.122.76:8808
jeazerlog.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d8a413d1ff3f0d7cc9e07393e720b54403c0d180157065b7d0c81c090124a73c/detection

179.13.2.243:4204
strekhost2031.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bee9c217ba2e0a439775033e5abba4a999bebe29474dda7011d67e77173598aa/detection

107.128.170.0:1604
monkeygame.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b74da435a84b6a240fdefcb357abb948e5451fa11dd48e4381b9897abf1cd267/detection

46.183.220.49:46422
46.183.220.49:6578
chonglee575.duckdns.org

# Reference: https://www.virustotal.com/gui/file/10037dcdfbe006f14125b3b5fec8ab336ce996c1fe8af03114597b51d446b843/detection

141.255.144.69:6665
141.255.156.217:2020
141.255.156.217:6663
45.164.102.81:2019
45.164.102.81:2020
45.164.102.81:5000
45.164.102.81:6662
45.164.102.81:6665
hotelposeidonia.ddns.net
putha.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9917e1b3643ebd9b87d96eaa225e293b4ab0a92f78f0df1f99efd85cf220f469/detection

86.156.139.211:32244
86.156.139.211:6606
86.156.139.211:7707
86.156.139.211:8808
venos1245.ddns.net
venos12678.ddns.net

# Reference: https://www.virustotal.com/gui/file/61309fd4c88c63e431b06b603aa83b1e3b1326ade092502675597b1469150e39/detection

191.248.178.226:7777
kklele.ddns.net

# Reference: https://www.virustotal.com/gui/file/f561b5e40ebff43e78dd61cb03ac5300aa6dce51cfe67bb288d3bec154effd69/detection

102.186.16.48:5556
asg1.ddns.net

# Reference: https://www.virustotal.com/gui/file/d4d90420777353fb8faece913558695e0ffd478cc0fccdd6ef316ce68b118a83/detection

163.123.142.141:6606
163.123.142.141:7707
163.123.142.141:8808
163.123.142.251:6606
163.123.142.251:7707
163.123.142.251:8808
mywatermoney.ddns.net

# Reference: https://www.virustotal.com/gui/file/c3d26b6aed4ef3cf1d0cf3d53e5280a11367cb792db7b13c50ffc695d77d0e80/detection

136.243.111.71:6606
136.243.111.71:7707
136.243.111.71:8808

# Reference: https://www.virustotal.com/gui/file/5bc250fe115f0af94d9d57840c5aa4ddc91b5c3f4100edba4e154cd438e8d682/detection

20.123.180.103:1337
20.123.180.103:6606
20.123.180.103:7707
20.123.180.103:8808

# Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_28.02.2022.txt

52.15.81.204:6606
52.15.81.204:7707
52.15.81.204:8808
nsysc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3a2bcee2582e82d8caf5a85d4b3a8b5d779313aead59394e43cb0577e2ac5caa/detection

91.193.75.222:1337

# Reference: https://www.virustotal.com/gui/file/23d9cd92f8a143d8c11189ea65e238954e8dac8da8a8867cf243eb199af2a45f/behavior/Zenbox

216.250.97.121:4242
darkflood.ru

# Reference: https://www.virustotal.com/gui/file/02c4db3938f02e93ac275981ac2121254191a76732235e574d20f70f89a415d0/behavior/Microsoft%20Sysinternals

20.113.168.5:5552

# Reference: https://www.virustotal.com/gui/file/a03a750c266a3440bad4bdbf1a6539a5f3108d4b1701049167dce3c21b8892c9/behavior/Zenbox

144.126.209.63:7707
144.126.209.63:1443
144.126.209.63:8808

# Reference: https://www.virustotal.com/gui/file/a42aaf89dfaf1dc938def40171798b2a5e641da48851a30cc83e46243d677341/behavior/VMRay

181.141.6.14:1543
async19.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b75253da4ffdfd8ffb110066ed246127053b71f331210dcab40581fe9529dd1b/behavior/Microsoft%20Sysinternals

105.155.171.124:1177
virustheonluone.ddns.net

# Reference: https://www.virustotal.com/gui/file/f1d52de14a1e669c219644cb3cbd8f5e7155799334b9f43576cdaaf985feab29/behavior/Microsoft%20Sysinternals

156.204.146.6:1177
mokea.ddns.net

# Reference: https://www.virustotal.com/gui/file/356d357fd1d8ebbce5b44f0e2fc758f08b0ddd8fbba0e5d705c7f3b823c61194/detection

41.140.166.138:8080
amineaskary234.ddns.net

# Reference: https://www.virustotal.com/gui/file/c87370e8e2e08a93f6becca89df295a17a6c8136edadec5522360cee30b6a2d4/detection

2.89.88.55:8620
nydarcl0b.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1501663331458818057
# Reference: https://app.any.run/tasks/8cc8d2fc-f24a-42ea-9db8-ca2bceb791e6/

217.64.31.3:6606
217.64.31.3:7707
217.64.31.3:8808
217.64.31.3:8437

# Reference: https://www.virustotal.com/gui/file/14217d54e50cb1750df957ee13ceddfb0775e9df7b286dbbe8bccfde89e8462c/detection

123.27.146.13:6606
123.27.146.13:7707
123.27.146.13:8808
spikevntm1.ddns.net

# Reference: https://www.virustotal.com/gui/file/2d2351681ab5a3fc5d448474986d26cfe06fe6f889435523fd2a1f1c9e7b684c/detection

41.238.79.40:1177
41.238.79.40:4444
eeent2am1.ddns.net
ennt2am11.ddns.net
matrixhack9.ddns.net

# Reference: https://www.virustotal.com/gui/file/fcd5fc495b4f81bf91491b52e1759cf93794bf135fed6469a5d1e0663dfb6c3e/detection

94.204.143.223:6606
94.204.143.223:7707
94.204.143.223:8808
exelelo.zapto.org

# Reference: https://www.virustotal.com/gui/file/a9e0e20979d2a5ee73322a2dd94bed304e2586d91d01808130ffe1ae6c043a69/detection

142.114.120.140:8080
rezan.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1508822431422582785
# Reference: https://app.any.run/tasks/bbe72cb9-d347-4b41-8517-99be1dac9a07/

79.134.225.89:5900
crazydns.linkpc.net

# Reference: https://otx.alienvault.com/pulse/6244476ff6012996f9a9cba1

hahakek.ddns.net

# Reference: https://www.virustotal.com/gui/file/abfbde0fea7eba7c409710cafb5a7fe2b2315b4a95898420117ad5088ad4c6b3/detection
# Reference: https://www.virustotal.com/gui/file/a81a4b5eaea54fad12b6fc2e4b1eae62f30a2a9ba1d1abb94ca85e58dbfa8623/detection
# Reference: https://www.virustotal.com/gui/file/a81a4b5eaea54fad12b6fc2e4b1eae62f30a2a9ba1d1abb94ca85e58dbfa8623/detection
# Reference: https://www.virustotal.com/gui/file/a5488fe77d6f68e3512c20b5ffd2105265ae55f50f872fe9b3429b39ed16b7de/detection

43.133.1.136:48214
45.133.1.136:5579
sivnquldmiqa.ratkings.net

# Reference: https://www.virustotal.com/gui/file/fa0a7de603a1fa1dc694862999423e093b8f5285498607d27c1a6074a00455f5/detection
# Reference: https://www.virustotal.com/gui/file/9dee44e6c8075f0f369cde080e56edca0e2fb93b59520dd99a2884ea7b55c7f9/detection
# Reference: https://www.virustotal.com/gui/file/75a1202f0bc5aafe9d205c52416c1bc5b1f2976edb490dffc812f4197bb02277/detection
# Reference: https://www.virustotal.com/gui/file/4f1dcb5778a57d02f7cb485e2d76234ce1913bcc872535221966d596c78056d0/detection

2.56.59.227:4455
212.192.241.41:4455
pnake.000webhostapp.com
vuqozgiamcvoe.ratkings.net

# Reference: https://www.virustotal.com/gui/file/98e74bdca833fffdeadd8aaa3887c60eda29d658e35c7e02a6e364c6a0566039/detection

178.238.8.233:6606
178.238.8.233:7707
178.238.8.233:8808
pythonn.linkpc.net

# Reference: https://www.virustotal.com/gui/file/00abaec0096cdb5a62684479e06fae3c39632e15adb436d2e7e975e9f2cf8c96/detection

89.134.228.127:45000
empirehosting.ddns.net

# Reference: https://www.virustotal.com/gui/file/bd2260b469f9c0504fa2156fe99ce3eb54a093a185c09cb5e0729114ff13a100/detection

194.85.248.87:6606
194.85.248.87:7707
194.85.248.87:8808
194.85.248.87:9807
asylimited.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6e5bc57767ea314f50262e10884e592ac5e833165d85db41e2033baaa7c5682d/detection

185.19.85.133:6606
185.19.85.133:7707
185.19.85.133:8808
185.19.85.133:9807

# Reference: https://www.virustotal.com/gui/file/2a0eb4a2eace0686d5ef6c83dfbd9065f46055b8446e1bb67dc58df5be480d43/detection

91.193.75.132:6606
91.193.75.132:7707
91.193.75.132:8808
91.193.75.132:9807

# Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_05.04.2022.txt

195.62.47.132:5311
37.120.141.190:5311
hrjekd.duckdns.org
mcgarryrob9.duckdns.org
msmonday21.duckdns.org
vernomqmonday.duckdns.org
wsfgv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/642af4b4d12bb24a30e617317bc1785aafc4176e8c3ca8abadff04bd61368d18/detection

178.238.8.201:6666
helpher.linkpc.net

# Reference: https://www.virustotal.com/gui/file/5383c008207a242411c692a017d677e0a7f4b790b2962ded2fe3f2b1a9e0accc/detection

208.51.61.44:128
help-microsoft.dnslive.net

# Reference: https://www.virustotal.com/gui/file/d3502dc6519cc2395fd39b603c925d7ff61fef6d78cb89a23254905b9eeaff97/detection

update.myiphost.com

# Reference: http://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html

anderione.com
mekhocairos.linkpc.net
n.myvnc.com

# Reference: https://www.virustotal.com/gui/file/1ff86b4d3d1a04b48064bc64940010c469a106db236e261ac106053411641b7d/detection

136.243.111.71:1166

# Reference: https://tria.ge/220404-dwb8jshec2

212.193.30.54:9524

# Reference: https://tria.ge/220327-27nygsadap

71.81.138.151:6606
71.81.138.151:7707
71.81.138.151:8808
uhhfuckmedaddy.hopto.org

# Reference: https://tria.ge/220330-ckkvwaeed9

118.184.78.78:6606
118.184.78.78:7707
118.184.78.78:8808
mytestserver.myftp.org

# Reference: https://www.virustotal.com/gui/file/29ece6628445e46733703f70aa521fc207b5475fb1e620a97c2e8fe55f547fab/detection

http://78.46.133.215
78.46.133.215:6606
78.46.133.215:7707
78.46.133.215:8808

# Reference: https://www.virustotal.com/gui/file/d45978f809cb4ce3ad9ef5ba7719b137b9d0ef02315d77f6fb30e10aa1c465f3/detection

177.36.170.206:6606
177.36.170.206:7707
177.36.170.206:8808
myhost47.accesscam.org

# Reference: https://www.virustotal.com/gui/file/04adf54cb3faa4aa1fc78aa4a567a69e9e4b4d48661b2619c3d82dc9569f538c/detection

188.82.222.181:6622
davidgayne.ddns.net

# Reference: https://www.virustotal.com/gui/file/a89725461034445d1b80d5fc5207595d1842cfcf1dc13d6dbb853617c0bdefa9/detection

64.188.13.46:8080
64.188.13.46:9788

# Reference: https://www.virustotal.com/gui/file/a157e62c8fcf8c20202cb64d6b295379fba158677d9776c6001db1352b4d9feb/detection

64.188.13.46:1786

# Reference: https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader
# Reference: https://otx.alienvault.com/pulse/6144852424a73a80ade66aa3
# Reference: https://www.virustotal.com/gui/file/4591eda045e3587a714bb11062eb258f82ee6f0637e6aa4d90f2d0b447a48ef7/detection
# Reference: https://www.virustotal.com/gui/file/cf09a3807622d7c2e0c9422bcee04ed53a08a230204de7f5818405e7f8dca16d/detection

185.163.45.104:456
gjghvga7ffgb.xyz
huugbbvuay4.cn
windowsupdatecdn.cn

# Reference: https://www.virustotal.com/gui/file/794929f8ae932ae3bfd16c3f013b7b32a025a07a0583f2d9b2d272b736284ef0/detection

45.242.44.194:2323
updatefacebook.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9eba1c7c318b24ba7a01b71e004b6e8b17d91d3e28721977e974696d8e88be6/detection

23.105.131.166:6606
23.105.131.166:7707
23.105.131.166:8808

# Reference: https://www.virustotal.com/gui/file/abe5225238fb82b6ad7d2942d931bb109538395e734d296bc9ac55ae1d6ddf71/detection

2.56.57.222:6606
2.56.57.222:7707
2.56.57.222:8808

# Reference: https://twitter.com/phage_nz/status/1516977615378079745
# Reference: https://tria.ge/220421-dfad1shgep

91.193.75.203:9217
sky01.publicvm.com

# Reference: https://twitter.com/James_inthe_box/status/1517192899682701312
# Reference: https://app.any.run/tasks/1395aadc-27f1-415d-a1f8-6247c4a0aa8e/

91.193.75.194:5900

# Reference: https://twitter.com/pmelson/status/1518724244103995392
# Reference: https://twitter.com/pmelson/status/1521221361829617666
# Reference: https://www.virustotal.com/gui/file/47598ae5503ecc9b4acfc063deb3cf77998ff762104e484a288eede075f0f7d5/detection

194.5.98.35:21000
dlldns.co.uk
dlldns.xyz
dlldns.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1c6ec68a3017dd39da5043ff4cecd25ae5dadcc4f2577ba7103c84547c228882/detection

128.90.115.36:3468

# Reference: https://www.virustotal.com/gui/file/6fa04b5325e52bb0db3b3b307d5e6e802bc468da09fb062f78f978c4efbadd82/detection
# Reference: https://www.virustotal.com/gui/file/5b42476fbd6d402e3a77156da5b563e4450f0e142223f707157b223fce237f8b/detection
# Reference: https://www.virustotal.com/gui/file/27712ba8e0925e351934d3ae04f5ee648a7ec733c2d4be2a3dd54712548d30b7/detection

77.78.103.129:2022
77.78.103.129:5000
salma6.ddns.net

# Reference: https://www.virustotal.com/gui/file/72a638827d037d077f1f1672f2d280f657496fab48b8e79d99742b48bf8f39ee/detection

83.180.241.5:5000
333kuk333.ddns.net

# Reference: https://www.virustotal.com/gui/file/b374241715d190e7731b63e2f4cee1038e3307d52836969fab3854a2090d0b89/detection

198.54.128.70:56781
slav934.ddns.net

# Reference: https://www.virustotal.com/gui/file/9d72cb7c95bcec88f7bf4bfffdb2b0ebe5902f3da943d03794e8a6f586f0c1a3/detection
# Reference: https://www.virustotal.com/gui/file/89fb709ed5ac5cc3342b9894af039dcbb1988848c87063ba15b4ab69399ae77d/detection
# Reference: https://www.virustotal.com/gui/file/b0d62e927975627c720fcf734ea7bb49ebe0790defa6d1085ff93e4b39c74f57/detection
# Reference: https://www.virustotal.com/gui/file/f8720cc2747a3518d13193a2fe9cb791be7e37396fbc448f63a8227d5f552e52/detection

149.28.31.166:29527
149.28.31.166:443
160.108.30.0:29527
168.108.118.0:29527
168.108.122.0:29527
168.108.24.0:29527
168.108.25.0:29527
168.108.32.0:29527
168.108.35.0:29527
168.108.37.0:29527
168.108.42.0:29527
168.108.43.0:29527
168.108.44.0:29527
168.108.45.0:29527
168.108.47.0:29527
34.150.70.89:29527
40.108.48.0:29527
80.176.90.0:29527

# Reference: https://www.virustotal.com/gui/file/ae1df83bad300c4f1cbe9f899c9f394e9b2a2c9bc69a55137bb07adefaed27f0/detection

invison.xyz

# Reference: https://www.virustotal.com/gui/file/0a33db379fb16265aa27569abcaafade7ba257d7adf518eee804b1e5c9514d24/detection

105.106.74.27:6606
105.106.74.27:7707
105.106.74.27:8808
doda.ddns.net

# Reference: https://www.virustotal.com/gui/file/b1daa3bc8bae29f14939e7beea3593ced703a3b159f3fabaa3679df8186e2546/detection
# Reference: https://www.virustotal.com/gui/file/67825f8d43671a1b2a021f371183007baa0dd8034daea8ae0f3c02dd5645e787/detection

77.250.44.30:4444
mariush91.ddns.net

# Reference: https://www.virustotal.com/gui/file/68811404cce73244b2326ca2397d7e95b103a86f5f1dc0220096206438dd3b76/behavior/Zenbox

dominostark2028.duckdns.org

# Reference: https://www.virustotal.com/gui/file/79b8d9f481f0b24b5cb7115a90fbb74c9b6e0448ec908761824e22fa36f255f0/behavior/Microsoft%20Sysinternals

51.116.130.83:4496

# Reference: https://www.virustotal.com/gui/file/fccc5b2fe1d1b1c730e2854e5d68219fe84e0d9277049f69712a28fb6b0e700a/behavior/Zenbox

91.93.162.73:6666
167.71.56.116:6666
awesome-dew-72404.pktriot.net
eu-central-7075.packetriot.net

# Reference: https://www.virustotal.com/gui/file/bc51107a5224a0935006255b4121048f5184619f88020946f3c590f5a09361b3/behavior/Zenbox

177.255.88.25:5001
strekhost2037.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ccd98e1fd5051669cde7d0aa853f103d62407f044dbbce89226fadeef766981a/behavior/VirusTotal%20Jujubox

193.161.193.99:39592
trabajopanel1-39592.portmap.io

# Reference: https://www.virustotal.com/gui/file/cce1f99874e7a0436fc4930a9c63e030064d42b39fc8012d76e0433f146838b8/behavior/Zenbox

31.142.90.220:22
wayto.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d720f60685f9f08d3ca9f47376c66b28ff8fdd4cab4a2ed88ca33c294d2bc16b/behavior/C2AE

132.232.169.101:6656

# Reference: https://www.virustotal.com/gui/file/f18391acc8f08909407a1319569d2f01b55ee51b9e317228abdff5aebe87968f/detection

173.225.115.253:8848
194.31.98.113:6606
194.31.98.113:7707
194.31.98.113:8808
194.31.98.113:9909
172.83.152.87:8848
172.83.152.65:8848
2.58.149.126:6606
2.58.149.126:7707
2.58.149.126:8808
2.58.149.126:9909
polarjwns.xyz

# Reference: https://www.virustotal.com/gui/file/d14d9a7e754c71b0b15e03dce5dc0d8a58cc7be737c2e350bbb4fc99c5d64366/detection

23.105.131.227:4404

# Reference: https://www.virustotal.com/gui/file/3189f5b4f50c04b25cea385aee92275fd3007f9332c329d9975c0b1270c6d26b/detection

31.210.20.172:6606
31.210.20.172:7707
31.210.20.172:8808

# Reference: https://www.virustotal.com/gui/file/99fe56a2f1d965843780325665c2ac286cc9bc52f80509e606028bc063c49210/detection

85.215.229.157:6227
6227hallo6227.ddns.net

# Reference: https://www.virustotal.com/gui/file/13d27cdf24f15d418b2197f6d017725bbd26ea1b8db7a61bdd648e90f1d269c5/detection

46.246.6.16:7090
46.246.80.3:7090
bendito2714.duckdns.org

# Reference: https://www.virustotal.com/gui/file/43427de4b45f2aa2e6289d1a6d5e6859f4184e5cf638a4b6c185fafca6a85838/detection

185.140.53.150:1515
glengaidos2881.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f0dfcbd68df9ed438855a7b65bb08931df67234e6c55f78b6a16f2368f4d44e/detection

92.42.46.216:1996
xhoys.linkpc.net

# Reference: https://www.virustotal.com/gui/file/fb67354e820721b6eb4684b167c1eb382936635843983ec24d06a72fdec8ad32/detection

24.15.119.31:1604
korruptinq.duckdns.org
lulzsec.zapto.org

# Reference: https://www.virustotal.com/gui/file/e91c4edb7c7cc1517cb8827127699e2e360596d240176f91e14556ac7ded8283/detection

slicer.ddns.net

# Reference: https://twitter.com/phage_nz/status/1529614527486013440
# Reference: https://tria.ge/220525-3tjmaaehd7
# Reference: https://tria.ge/220525-3v5wxaagfn

91.193.75.139:1345
91.193.75.165:3851
1biggie.publicvm.com
ecx1hang.publicvm.com

# Reference: https://www.virustotal.com/gui/file/56645ddbb6d65ff46e2db21ff0cd583d4b0ad988b6b6bcd140626a8b5eb81fa6/detection

188.232.176.99:7771

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1531970265059573766
# Reference: https://www.virustotal.com/gui/file/fe8970a7f08ca9e71f485ba987cb78d1bb82d8973251962210e3fced77c15f99/detection
# Reference: https://www.virustotal.com/gui/file/79068b82bcf0786b6af1b7cc96de1bf4e1a66b0d95e7e72ed1b1054443f6c5e3/detection

217.195.197.70:6606
217.195.197.70:7707
217.195.197.70:8808

# Reference: https://www.virustotal.com/gui/file/92a3c41d78e3fdb64c6313818bdba8d6c1652e507ee7ea08c4dd28cd8076e56e/detection

91.240.118.79:2727
91.240.118.79:2780
92.255.85.40:2707
92.255.85.40:2780

# Reference: https://www.fortinet.com/blog/threat-research/threat-actors-prey-on-eager-travelers

33b4-163-123-142-137.ngrok.io
dc5b-163-123-142-137.ngrok.io
dnets.ddns.net
znets.ddns.net

# Reference: https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
# Reference: https://otx.alienvault.com/pulse/629dc0568c4a8863c10e59be

palau.voipstelecom.com.au

# Reference: https://twitter.com/James_inthe_box/status/1536418013691277312
# Reference: https://app.any.run/tasks/2d79a22c-84e3-4609-9436-3ceed9e36f36/

185.70.104.87:3851

# Reference: https://tria.ge/220613-2s2wssfdf4/behavioral1

91.193.75.200:9217

# Reference: https://www.virustotal.com/gui/file/e2548ff0d1c69d0cad6504335aa2ef3fa21eaa9a429ead3acbddd9326129d819/detection

203.78.129.202:6666

# Reference: https://twitter.com/abuse_ch/status/1540590647022915584

74.201.28.166:6606
74.201.28.166:7707
74.201.28.166:8808

# Reference: https://twitter.com/c_APT_ure/status/1540053981648588804

193.233.185.132:6606
193.233.185.132:7707
193.233.185.132:8808
biz808080.duckdns.org

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2028062022
# Reference: https://tria.ge/220629-em9ccsgce5/behavioral2

103.156.90.165:4055
serviceserver.site
venohvn.duckdns.org

# Reference: https://www.virustotal.com/gui/file/676c79531be211041712ad8f9cf037a8cb4ed8c5362caf6cedde66d521314310/detection
# Reference: https://www.virustotal.com/gui/file/a6f9557ec4704f2d7f00491e9dad466ca8483f61300f87708a93bf951138a4d6/detection

103.156.90.165:5050
venomcra25.duckdns.org
venomcra3.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-28%20AsyncRAT%20IOCs

147.189.168.74:6666
2dod.ddns.net
rowadtqnee.online

# Reference: https://asec.ahnlab.com/en/36315/
# Reference: https://otx.alienvault.com/pulse/62c69b05fe6a61daffeb9593
# Reference: https://www.virustotal.com/gui/file/0b357167f1d1e759b1b54d75bdb102da84578ecb5cb1a1d71733402deec91a83/detection

http://154.19.203.208
154.19.203.208:6606
154.19.203.208:7707
154.19.203.208:8808

# Reference: https://tria.ge/220713-nxaffsggd9/behavioral1

185.200.116.219:9016
chinaco3.airdns.org

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/targeted-attack-on-government-agencies.html

107.173.143.111:6606
107.173.143.111:7707
107.173.143.111:8808
107.173.143.111:8989

# Reference: https://www.virustotal.com/gui/file/6659c7a1e89ce896ac616abf1cf6068381954c8c35b18a9d1fd24690ca9c4d3c/detection

198.23.212.148:6606
198.23.212.148:7707
198.23.212.148:8808
4Mekey.myftp.biz

# Reference: https://www.virustotal.com/gui/file/10037dcdfbe006f14125b3b5fec8ab336ce996c1fe8af03114597b51d446b843/detection

141.255.144.69:8848
45.164.102.81:6663
93.46.8.90:6664

# Reference: https://www.virustotal.com/gui/file/c63dd27a4c9a42fd4c68bda6d2628e6791dae0ed3036b69f0b1e6433b5d7c473/detection

67.205.142.16:6606
67.205.142.16:7707
67.205.142.16:8808

# Reference: https://twitter.com/malwrhunterteam/status/1547857576359997440
# Reference: https://twitter.com/Iamdeadlyz/status/1547902451147108352

plutoniumwallet.ml
/FaggotNiggerKysHaveFunTrying/

# Reference: https://www.virustotal.com/gui/file/40b6c05272cb9e3f7431f8afc74cef3ffbb21c86c3b57f94d9ac685b009c9ede/detection

cdnofficecloud.com

# Reference: https://www.virustotal.com/gui/file/02675ed3f879a7fbefabfcfa064bb53a2b925fb6751b7925d5dd2b25a51f4150/detection

194.187.251.115:8973
storage.nsupdate.info

# Reference: https://www.joesandbox.com/analysis/596663/0/executive

141.255.146.167:2019

# Reference: https://www.virustotal.com/gui/file/2a9edc18b10a532f7632d6b44f2610ca3a823c2b2be7a3fd3126b55af2c68ede/detection

172.245.210.138:6606
172.245.210.138:7707
172.245.210.138:8808
189.201.235.59:6606
189.201.235.59:7707
189.201.235.59:8808
111234.ddns.net
cdt2021.hopto.org

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2025072022
# Reference: https://tria.ge/220725-r8z22abab3

194.5.97.97:5069
194.5.97.97:6638
polimaplasko.duckdns.org

# Reference: https://gist.github.com/stoerchl/ae32c9ec9d7003c608bb4c19e9fe7bd7
# Reference: https://twitter.com/James_inthe_box/status/1567597599984852992
# Reference: https://www.virustotal.com/gui/file/6f105d359fe32edd24c3e5a441f3f8d3f4be7fad856ce7b0e606e9e18b742024/detection
# Reference: https://www.virustotal.com/gui/file/0671d1cf46c957d8ca3084d500f4ccb2e71f5f687868cb5f113127e560422e76/detection

45.14.224.94:444
51.81.105.238:1981
51.81.94.115:888
superfaster1.is-found.org
superfaster22.selfip.info
superha3y.is-a-geek.com
superhay.is-a-geek.com
superslo4w.is-a-nascarfan.com
superslow.is-a-nascarfan.com
superziad.is-a-liberal.com

# Reference: https://twitter.com/1ZRR4H/status/1551713964660326402
# Reference: https://www.virustotal.com/gui/file/00bcbf44a3a8dfdd43324ad3dc7a868049bc1856237d97307cc1bbec2ce68ffe/detection
# Reference: https://www.virustotal.com/gui/file/92c085aab941207d5aba2eb3b7c1f6542c075698310b213ba17aff352fee7810/detection
# Reference: https://www.virustotal.com/gui/file/dd0528c7214c1ff510d922eff856d56d616341f689edfa40f4b2bbbca82b8aa8/detection

191.88.251.106:1990
albertogiraldolora09.duckdns.org
freddysolanolora09.duckdns.org
jhonatanmartinezmartinez09.duckdns.org
julianmaldonalora09.duckdns.org
luispereiralora09.con-ip.com
mauroplatalora09.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8638697480078473d60b20cbeb522b7745dde8ae749159064356b0a31a825e88/detection

185.140.53.76:7738

# Reference: https://www.joesandbox.com/analysis/677285/0/html

194.213.3.182:6606
194.213.3.182:7707
194.213.3.182:8808
vvat22.con-ip.com

# Reference: https://www.virustotal.com/gui/file/d2d84301495b692c57680cd232d752253011aeeea1cfe3de144c42c5189b8168/detection

37.0.14.198:6161

# Reference: https://tria.ge/220805-n2cflsaafj

185.225.73.221:5493

# Reference: https://www.virustotal.com/gui/file/00cb0795efc4104c5f4f121172a9728af0d5387cee5d8c7abf8e416f443acc05/detection

23.133.216.180:7582
did-diff.at.playit.gg

# Reference: https://twitter.com/pmelson/status/1556425256046411776
# Reference: https://twitter.com/pmelson/status/1556425274853564416
# Reference: https://www.virustotal.com/gui/file/5d3fc59a805561bfbb27bd0d845c303d4523eefb796c5b815a22bec8973ec331/detection

134.35.6.44:6606
134.35.6.44:7707
134.35.6.44:8808
sabaye-d.space
sabanjm2.ddns.net

# Reference: https://www.virustotal.com/gui/file/d5a2e7315be0afecb9d4a0a5d4b8ee40552675c22405fe17f839023b74a232ad/detection

20.90.119.110:6606
20.90.119.110:7707
20.90.119.110:8808

# Reference: https://www.virustotal.com/gui/file/0fd56384d2b39661d2a81b16bd5aa72ae4deb023dda532796acc94516fc1b9de/detection
# Reference: https://app.any.run/tasks/ccecbcd8-f578-40c7-be8a-8bf59e751e0e/

147.185.221.180:14456
3.125.102.39:13643
3.126.224.214:11664
believe-stars.at.playit.gg
positive-be.at.playit.gg

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2010082022
# Reference: https://tria.ge/220810-yl2exaecen/behavioral1
# Reference: https://tria.ge/220810-yqa4hsgdb9/behavioral2

2.58.56.32:6666
modymos.linkpc.net
mosacor.co.za

# Reference: https://www.virustotal.com/gui/file/8bc112ddd27f0fc2fdc5f50901f8bd15a999042383cc7fe93d3f2b2d8dd085ac/detection

technologie.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40da5be82081d0f0a205474abc614379ce4a655ae84c048353a53b49780fa39f/detection

blazevault.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc645f9fb41904317cc725625eb703c260b4bfea01abe8e31988a83c06930226/detection

negritos.site

# Reference: https://www.virustotal.com/gui/file/39fe79e59e8fc4e86513ec09959c895e5667a39e9d32bb90d8cf29ac892496d0/detection

107.173.255.227:2000
107.173.255.227:3000
107.173.255.227:4000
cdt2021.zapto.org

# Reference: https://twitter.com/embee_research/status/1563149262707257344

173.209.51.37:5137

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/AsyncRAT/AsyncRAT%2026082022
# Reference: https://tria.ge/220826-pb2s9adcd2/

91.192.100.9:8976

# Reference: https://twitter.com/Iamdeadlyz/status/1562823487932100608

193.124.22.17:4449

# Reference: https://twitter.com/r3dbU7z/status/1564893492924538880
# Reference: https://twitter.com/r3dbU7z/status/1564940756950843392
# Reference: https://www.virustotal.com/gui/ip-address/54.236.21.218/relations
# Reference: https://www.joesandbox.com/analysis/693848/0/html

54.236.21.218:6606
54.236.21.218:7707
54.236.21.218:8808
myacesverif.duckdns.org
myverifyaccess.my03.com

# Reference: https://twitter.com/0xToxin/status/1565599718000009216
# Reference: https://tria.ge/220902-f7pn5aghbj/behavioral1

139.28.219.37:2000
172.94.80.37:2000
dangerous1.ddns.net
donzola.duckdns.org

# Reference: https://ti-research-io.github.io/ti/ioc_extender/?name=TF_AsyncRAT

ahmedhasan-43601.portmap.host
darkvader94-36189.portmap.host
dasdad2-27665.portmap.host
freeedp.duckdns.org
fresh02.ddns.net
gaminghost873737-38124.portmap.io
java.servebeer.com
jul-perl.myvnc.com
lordfish12312-53903.portmap.host
minecrafthosting6969-35389.portmap.io
realfive5-49318.portmap.host
zeldorispiety-50433.portmap.host

# Reference: https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/
# Reference: https://www.virustotal.com/gui/ip-address/20.78.19.235/relations
# Reference: https://www.virustotal.com/gui/file/818d184a57f7cce89dda848cb17a503e0c5957803eb8d088491f809ad750cc21/detection
# Reference: https://www.virustotal.com/gui/file/75ae08629e69a57887d2c8e6ba798e16ff9bd8e7af85a1ea029c0594c076ef59/detection
# Reference: https://www.virustotal.com/gui/file/be88db263dee3dcd1a9a236c7dd4b7885ea664e6df404f910a5e0173d1be19c4/detection

aeternam.me
graviom.fr
tf-bank.com
nedbankplc.4nmn.com
press.giize.com
secure.graviom.fr

# Reference: https://tria.ge/220907-s2q18acdf7/behavioral2

45.14.224.94:2001
45.14.224.94:444

# Reference: https://twitter.com/malwrhunterteam/status/1568182218127712256
# Reference: https://www.virustotal.com/gui/file/e5a27354665310d4b974f19bb79a01dd8eeb21dabde06eb6941c8d27b57bc689/detection

172.94.11.178:7878
g8787.ddns.net

# Reference: https://www.virustotal.com/gui/file/85a13e4751a7a3dbccd46a23a441ec7838f5df8ce13f6a76e0347838200e47b9/detection

rippeymp811.ml
rippeymp811.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1568194124330713089
# Reference: https://www.virustotal.com/gui/file/c2eac887aeca169e624ea5922167854e32faa4c47d52d5cf01949f965d26f00c/detection

198.98.53.231:5677

# Reference: https://www.virustotal.com/gui/file/d01e1d3d771a443f0fb994b3b3583422124677d4fba4eec14ce6f387e97055c3/detection

adobedata.webredirect.org
cdt.3utilities.com

# Reference: https://www.virustotal.com/gui/file/5f6579f4f7371307b56a578c760042466708f88f04ccf09b8291ed495ad97f5f/detection

45.74.38.17:6606
45.74.38.17:7707
45.74.38.17:8808
niiarmah.kozow.com

# Reference: https://www.virustotal.com/gui/file/112bc23dbf145fb1c5c78e842b605a4da6202c9993114c7118fbdf902d6c7673/detection

3.22.30.40:13857

# Reference: https://tria.ge/221010-ggv9naafh4/behavioral1

193.161.193.99:40774
tienMonkey-40774.portmap.io

# Reference: https://tria.ge/221010-t26bkscgck/behavioral1

64.44.167.136:46452

# Reference: https://twitter.com/pollo290987/status/1578046865987276806
# Reference: https://www.virustotal.com/gui/file/0e57f8d6bd3306206086c712cf06004c893f72f92374d0724579810b4ae20160/detection

pushkin.ydns.eu

# Reference: https://tria.ge/220719-e9y5xabean/behavioral2

212.193.30.230:79

# Reference: https://twitter.com/0xToxin/status/1581235287182966784
# Reference: https://tria.ge/221015-e6n6jafbe8/behavioral1

103.209.76.44:2000

# Reference: https://twitter.com/0xToxin/status/1581304132866301952

45.141.215.212:222
45.141.215.212:6606
45.141.215.212:7707
45.141.215.212:8808
red2056.freeddns.org

# Reference: https://twitter.com/SquiblydooBlog/status/1581627679300030465
# Reference: https://tria.ge/221016-pnbgtshef9/behavioral1

45.138.16.240:6666
basejumper.io
nasori.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/bf7e15bd062dd3a60eb36c7ee466d06439efcbf08afea2d166c7bd0707ee63f4/detection

83.51.53.98:1604
testing35123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/68fa24f693d9b5955eb2a34a6fbbd3ac7b9e4e8efa53b17b6a94ddd01baab2fe/detection

185.216.71.4:4449
45.155.165.234:4449
venom12345.duckdns.org
venomunverified.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0a151bff139d2541495279ae8db6f3fede5f867337ee69b466023de228a9bacf/detection

141.255.144.193:4444

# Reference: https://www.virustotal.com/gui/file/84d2ec2e12cda6b36e0269b75fb40afeca89d0612e8b4091006348cf9a37530d/detection

51.255.152.131:6606
51.255.152.131:7707
51.255.152.131:8808
andojan.ddns.net

# Reference: https://www.virustotal.com/gui/file/b26760b051260ea435c5c32f8e65cd200034495db040e58da7b453b3d57132a5/detection

85.209.134.94:6606
85.209.134.94:7707
85.209.134.94:8808

# Reference: https://www.virustotal.com/gui/file/5e3588e8ddebd61c2bd6dab4b87f601bd6a4857b33eb281cb5059c29cfe62b80/detection

109.206.241.84:6606
109.206.241.84:7707
109.206.241.84:8808

# Reference: https://www.virustotal.com/gui/file/c7dcb35fe7258ccbebe3b42065a24813c0a012a26fdd3990627114687ca3d3b3/detection

194.5.98.21:4000
dan4000.duckdns.org

# Reference: https://twitter.com/r3dbU7z/status/1584710460737474560
# Reference: https://www.virustotal.com/gui/file/3fef9fb9da2241e00c15b8f0ebd58b5b7c1c7a4c0bf03f8d703a43f99b212bdb/detection

18.189.106.45:13405
18.189.106.45:15258
3.134.125.175:15258
3.134.125.175:8848
3.141.177.1:13405
3.141.210.37:13405
3.141.210.37:15258

# Reference: https://twitter.com/abuse_ch/status/1585666644101283843
# Reference: https://tria.ge/221027-r75wwscdg9/behavioral1

20.240.61.211:8080
kachininanayiyicem.swedencentral.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/23704a63aeba9bdc475ee744cb79d6b2e0dbb6980fe7a0121f81a8eb4c97d143/detection

20.224.160.59:7000

# Reference: https://www.virustotal.com/gui/file/ef91ae5e27e371faf3f08f8bc68acde7ede075b799fe96d186fcec75ddf6ca10/detection

203.159.80.120:16518
203.159.80.120:4815
update.supportmozilla.org

# Reference: https://otx.alienvault.com/pulse/63722ef12028314bb58019d8
# Reference: https://www.virustotal.com/gui/file/c7dc5f8604385b4b61489ec6910ebdc627bcef90cd6eb6c1a699c0d34c59d350/detection
# Reference: https://www.virustotal.com/gui/file/2ffc476fcd66111e82bd4a24a475f9a59b47691268e3acf812769d73b62d9cd0/detection
# Reference: https://www.virustotal.com/gui/file/2e160f9cd9333884fac63e6d730a746eb64e5ff47318e27934335caa330fdd2e/detection

159.89.35.152:6606
159.89.35.152:7707
159.89.35.152:8808

# Reference: https://tria.ge/221117-kq1ghsaa7x/behavioral1

207.244.231.35:9194
asyrz.duckdns.org

# Reference: https://tria.ge/221117-kq1ghsaa7w/behavioral1

arrw.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1594105082077143042
# Reference: https://www.virustotal.com/gui/file/0b1482290fad57d42705337dcb0c45acdc60f4925c1e8fd673638ebf41c78c23/detection

146.190.69.247:6606
146.190.69.247:7707
146.190.69.247:8808

# Reference: https://www.virustotal.com/gui/file/1525076c87558a452430e1a867c8e889f0f15fc658162debd2cd29c617b372c7/detection

158.247.232.56:6606
158.247.232.56:7707
158.247.232.56:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/

http://45.153.240.69
http://66.94.109.58
http://51.68.180.4
100.42.65.218:6606
100.42.65.218:8080
101.99.94.33:6606
101.99.94.33:7707
101.99.94.33:8808
103.117.72.103:8848
103.133.111.110:5200
103.147.185.182:1170
103.147.185.182:1814
103.147.185.182:9080
103.149.201.214:6606
103.149.201.214:7707
103.149.201.214:8808
103.151.123.194:7849
103.151.239.166:6606
103.151.239.166:7707
103.151.239.166:8808
103.153.73.37:6606
103.153.73.37:7707
103.153.73.37:8808
103.167.84.119:2257
103.195.238.235:16058
103.195.238.95:8808
103.213.111.207:6606
103.47.144.100:49746
103.47.144.126:2703
103.47.144.67:2703
103.47.144.71:2703
103.47.144.71:49746
103.74.101.124:2245
103.89.88.236:1998
104.128.189.120:6606
104.128.189.120:7707
104.128.189.120:8808
104.168.141.171:8713
104.168.152.36:7707
104.168.33.32:6606
104.168.33.32:7707
104.168.33.32:8808
104.168.33.53:6606
104.168.33.53:7707
104.168.33.53:8808
104.238.147.18:6606
104.238.147.18:7707
104.238.147.18:8808
104.243.37.4:6606
104.243.37.4:7707
104.243.37.4:8808
104.249.62.71:4211
104.250.180.32:2119
104.37.172.204:56777
105.112.154.175:7505
105.154.200.41:64
105.156.105.249:64
107.172.44.141:6606
107.172.44.141:7707
107.172.44.141:8808
107.173.62.21:6606
107.173.63.199:5656
107.182.128.19:6606
107.182.128.19:7707
107.182.128.19:8808
107.182.129.16:8010
107.182.237.14:58453
108.143.240.80:112
109.206.240.5:5992
109.206.241.215:1999
109.206.243.58:3306
111.90.143.12:4489
111.90.143.12:4899
111.90.143.12:8080
111.90.147.102:4449
111.90.147.102:56721
114.116.34.118:7777
114.116.34.118:8888
115.231.235.56:8848
115.64.43.254:25567
115.75.66.68:6606
115.75.66.68:6821
115.75.66.68:7707
115.75.66.68:8808
116.108.48.70:374
116.203.252.195:4449
119.45.104.153:8848
119.91.100.114:7890
121.40.151.214:8808
124.217.247.242:8808
124.223.14.242:443
129.151.91.127:7177
13.59.15.185:19091
13.66.153.98:1604
134.255.234.198:7777
135.125.27.236:22
135.148.113.4:6789
135.181.204.51:8848
136.144.41.223:8394
136.36.83.93:8888
137.74.157.86:4449
138.201.2.2:2022
138.201.81.121:38022
138.201.81.121:55686
138.99.209.222:2000
138.99.211.39:2119
139.180.143.50:11334
139.180.143.50:6606
139.180.143.50:7707
139.180.143.50:8808
14.173.70.169:8080
14.186.155.171:6788
141.101.173.15:2000
141.101.173.39:2000
141.255.144.117:2000
141.255.147.50:7707
141.94.112.3:9925
141.95.84.40:222
141.95.84.40:4040
141.95.89.79:2005
141.98.101.133:5503
141.98.102.235:16296
141.98.6.228:8808
142.202.240.108:5505
142.202.240.108:6606
142.202.240.108:7707
142.202.240.116:5555
142.202.240.82:5253
142.202.240.88:8808
142.202.242.181:6666
142.202.242.198:222
142.202.242.198:2222
142.202.242.198:5555
142.202.242.210:9090
144.126.209.63:1442
144.126.209.63:6606
144.76.65.183:57117
146.19.57.77:6606
146.70.128.174:55178
146.70.165.100:57508
146.70.165.10:61288
147.124.211.69:5050
147.135.106.246:6606
147.135.106.246:7707
147.135.106.246:8808
147.135.95.107:6606
147.185.221.180:1491
147.185.221.180:64654
147.185.221.180:6606
147.185.221.212:15420
147.189.169.46:4444
147.189.169.46:6606
147.189.169.46:7707
147.189.169.46:8808
147.189.172.218:6666
147.189.172.222:2222
147.189.174.182:6666
147.50.253.67:3926
147.50.253.67:6606
147.50.253.67:7707
147.50.253.67:8808
147.50.253.97:8454
148.163.80.206:7778
149.56.43.121:4199
15.204.170.1:8808
15.235.10.108:6606
154.204.180.237:8848
154.211.6.212:8848
154.212.139.228:1337
154.38.112.92:8848
154.39.252.24:8848
154.53.40.254:3110
154.91.228.23:8848
156.96.154.30:6668
156.96.154.30:7778
156.96.156.177:6666
157.90.202.235:5252
157.90.206.49:6606
157.90.206.49:7707
157.90.206.49:8808
158.101.188.195:1575
159.203.126.35:22174
159.203.126.35:5555
159.69.234.3:1010
159.69.234.3:6606
159.69.234.3:7707
159.69.234.3:8808
160.152.137.3:1604
160.177.92.182:64
160.178.160.73:66
160.178.206.45:65
161.129.44.189:8808
162.14.83.129:8848
162.55.179.46:6606
162.55.179.46:7707
162.55.179.46:8808
163.123.142.155:5764
163.172.225.185:412
163.172.225.185:441
163.172.225.185:551
163.172.225.185:6606
163.172.225.185:661
163.172.225.185:677
163.172.225.185:7707
163.172.225.185:8808
164.92.113.92:9007
165.227.31.192:22545
165.232.151.233:2022
167.71.56.116:22993
167.71.7.168:6606
167.71.7.168:7707
167.71.7.168:7770
167.71.7.168:8808
168.119.140.238:8848
171.22.30.33:8808
171.235.66.23:233
172.104.148.228:6606
172.111.147.42:2119
172.111.147.89:2119
172.111.149.2:1994
172.111.204.106:6606
172.111.204.106:8808
172.111.216.100:49746
172.245.251.219:2015
172.245.94.220:10090
172.81.184.73:8808
172.81.62.54:5085
172.86.120.88:4449
172.93.220.135:6606
172.93.220.135:7707
172.93.220.135:8808
172.94.111.4:2008
172.94.122.20:2000
172.94.15.163:5200
172.94.64.70:6606
172.94.80.56:2000
172.94.9.77:2119
173.234.105.145:5201
173.249.17.53:2252
176.232.184.98:1604
176.9.31.109:3674
176.9.31.109:7707
177.255.88.205:8042
177.255.88.25:4217
177.255.89.112:4203
177.255.89.43:4203
178.175.131.101:56064
178.20.44.131:6666
179.13.1.226:8042
179.13.3.107:4203
179.13.5.152:4203
179.13.5.152:4204
179.43.142.197:5789
179.43.162.20:1337
179.43.166.50:6606
179.43.187.19:2525
179.43.187.19:33
179.43.187.19:4523
179.43.187.19:5555
18.139.9.214:11409
18.141.129.246:11409
18.192.31.165:10108
18.192.31.165:13820
18.207.218.15:1337
181.131.216.129:8050
181.141.0.235:8050
181.141.3.105:7707
181.141.5.226:8091
181.214.48.40:6670
181.215.5.168:8809
181.71.216.22:7707
185.106.94.165:2323
185.132.176.192:4449
185.140.53.10:2121
185.140.53.12:6161
185.140.53.131:7171
185.140.53.136:2014
185.140.53.137:1604
185.140.53.15:3023
185.140.53.176:2376
185.140.53.242:2256
185.140.53.63:8721
185.162.74.65:5455
185.171.91.4:1604
185.176.220.145:6606
185.176.220.145:7707
185.176.220.145:8808
185.189.151.24:8808
185.19.85.172:5050
185.199.226.19:6606
185.199.226.19:7707
185.199.226.19:8808
185.205.209.206:2020
185.213.155.163:57808
185.222.57.137:3333
185.222.57.203:6606
185.222.57.238:4449
185.222.57.72:6606
185.222.57.72:7707
185.222.57.72:8780
185.222.57.72:8808
185.222.57.80:6275
185.222.58.50:4545
185.225.28.148:57652
185.225.28.150:57718
185.225.28.156:54873
185.225.73.150:8808
185.225.73.183:4782
185.225.74.38:6606
185.225.74.38:8808
185.227.70.219:8088
185.227.70.220:8808
185.227.70.254:8808
185.236.78.58:7707
185.236.78.58:8808
185.237.96.105:7707
185.241.208.144:5555
185.241.208.144:6666
185.241.208.148:6666
185.241.208.193:5001
185.241.208.233:5430
185.243.181.86:7707
185.244.30.237:1195
185.244.31.182:4000
185.244.31.182:8848
185.246.220.208:6606
185.246.220.208:7707
185.246.220.208:8808
185.246.220.26:12336
185.246.220.26:18867
185.246.220.26:19624
185.246.220.26:26993
185.246.220.26:51115
185.246.220.26:5200
185.246.220.26:6606
185.246.220.26:7707
185.246.220.26:8808
185.25.48.203:1703
185.250.149.180:25566
185.250.241.219:6066
185.250.241.219:6606
185.250.241.219:7707
185.250.241.219:8808
185.252.178.121:222
185.252.178.121:5126
185.252.178.121:6126
185.254.37.238:1432
185.254.37.238:1452
185.254.37.238:3306
185.255.95.191:99
185.29.8.22:4444
185.64.104.84:12312
185.64.105.42:470
185.66.91.81:6121
185.7.214.8:4449
185.81.157.117:1858
185.81.157.169:2022
185.81.157.202:2535
185.81.157.202:5555
185.81.157.244:6601
185.81.157.71:4343
185.81.157.71:4444
185.81.157.71:5555
185.81.157.7:2001
185.81.157.7:5522
186.152.129.124:2113
188.119.112.140:4449
188.132.156.147:1604
188.161.17.116:555
188.212.124.129:4444
188.227.57.46:22
190.123.44.184:3321
190.123.44.184:8012
190.123.44.184:8201
190.2.147.39:4449
190.2.147.39:8848
190.213.78.26:5000
191.101.130.243:7707
191.101.130.28:8808
191.101.30.41:4413
192.158.232.67:1431
192.158.232.67:8848
192.188.88.248:6606
192.210.201.53:8809
192.253.245.243:7771
192.3.101.108:4404
192.3.101.108:6606
192.3.101.108:7707
192.3.101.108:8808
192.3.101.190:2015
192.3.193.136:2023
192.3.205.21:2014
192.30.89.27:29843
192.30.89.51:29843
192.30.89.51:6253
192.30.89.51:6397
192.30.89.67:29843
192.99.180.181:6606
192.99.180.181:7707
192.99.180.181:8808
193.142.146.212:6606
193.142.146.212:8808
193.149.176.156:1337
193.149.176.156:4449
193.149.3.239:1938
193.164.7.108:1604
193.200.134.9:9969
193.203.238.103:6666
193.203.238.54:6666
193.23.160.250:8848
193.233.185.161:8808
193.233.191.150:6606
193.233.191.150:7707
193.233.191.150:8808
193.233.191.4:6606
193.233.191.4:8808
193.233.203.224:4444
193.233.48.17:8848
193.29.104.92:3579
193.37.255.162:9441
194.147.140.15:3030
194.156.91.122:6666
194.233.169.93:7707
194.26.192.121:7077
194.26.192.174:2005
194.26.192.174:6606
194.26.192.190:7707
194.26.192.221:2020
194.26.192.77:7707
194.26.192.77:8808
194.26.192.82:1010
194.26.192.82:2020
194.31.98.58:2405
194.31.98.80:6606
194.31.98.80:7707
194.31.98.80:8808
194.33.45.175:6666
194.37.96.118:54861
194.49.94.212:444
194.49.94.212:555
194.5.97.203:7070
194.5.97.228:5069
194.5.97.232:3738
194.5.97.41:5200
194.5.97.41:6606
194.5.97.41:7707
194.5.97.41:8808
194.5.97.88:5050
194.5.98.11:6606
194.5.98.120:4449
194.5.98.120:8647
194.5.98.178:3330
194.5.98.198:4545
194.5.98.227:8647
194.5.98.251:4598
194.5.98.6:20
194.55.224.44:6606
194.55.224.44:7707
194.55.224.44:8808
194.55.224.72:8808
194.59.218.147:8808
194.61.119.50:8884
194.87.151.125:7399
194.87.151.134:7878
194.87.218.241:8808
194.9.172.60:6606
194.9.172.60:7707
195.178.120.137:5097
195.178.120.137:6071
195.178.120.187:8848
195.178.120.6:1337
195.178.120.6:8808
195.206.235.234:1907
195.3.222.57:6001
196.65.134.20:64
196.77.237.119:55555
196.77.31.30:65
198.13.52.249:8080
198.23.145.147:1070
198.23.145.147:1137
198.23.145.147:2525
198.23.191.98:45674
198.23.191.98:6075
198.23.200.102:1759
198.23.200.102:7707
198.23.207.34:2023
198.23.207.34:6606
198.23.207.34:7707
198.23.207.34:8808
198.244.206.24:6606
198.244.206.24:6666
198.244.206.24:7707
198.244.206.24:8808
198.244.251.250:6666
199.195.253.181:1256
199.249.233.130:6253
199.249.233.130:6397
199.34.31.224:45005
2.224.144.191:2222
2.56.56.122:2022
2.56.56.180:4444
2.56.56.88:2406
2.56.57.210:7787
2.56.57.226:6606
2.56.57.55:7707
2.56.57.68:8754
2.56.59.167:420
2.56.59.167:6606
2.56.59.167:7707
2.56.59.167:8808
2.56.59.189:8898
2.58.56.106:6666
2.58.56.120:4433
2.58.56.148:5555
2.58.56.148:6666
2.58.56.148:8888
2.58.56.183:222
2.58.56.183:2222
2.58.56.22:5211
2.58.56.243:6121
2.58.56.41:1996
2.58.56.44:6666
2.59.119.56:3131
2.59.119.66:8080
2.59.119.84:7943
20.100.196.69:9281
20.107.115.162:50239
20.108.44.45:3152
20.111.19.215:3152
20.111.34.199:1604
20.111.63.231:7072
20.114.139.208:4498
20.117.208.193:8080
20.12.204.46:8080
20.125.118.35:2244
20.125.122.98:4449
20.127.4.172:8080
20.127.4.172:8848
20.151.221.59:1604
20.16.8.148:6606
20.16.8.148:7707
20.16.8.148:8808
20.16.8.148:8848
20.166.62.124:49264
20.169.104.228:6666
20.169.37.196:6666
20.171.107.243:6606
20.171.107.243:7707
20.171.107.243:8808
20.197.226.40:4448
20.199.101.68:3161
20.211.5.151:4449
20.212.19.59:51585
20.212.19.59:6606
20.212.19.59:7707
20.212.19.59:8808
20.224.162.224:6606
20.224.162.224:7707
20.224.162.224:8080
20.224.162.224:8808
20.226.0.95:6606
20.226.101.17:40
20.226.101.17:6606
20.226.101.17:7707
20.226.101.17:8808
20.226.120.127:22
20.238.78.172:6606
20.4.6.16:43521
20.42.114.46:8080
20.54.113.5:3131
20.54.113.5:6606
20.54.113.5:7707
20.54.113.5:8808
20.62.3.66:8000
20.62.3.66:8808
20.69.124.187:6606
20.69.124.187:7707
20.69.124.187:8808
20.77.254.176:2200
20.8.122.174:31682
20.83.245.27:1604
20.98.96.97:1605
203.78.128.202:7707
205.185.118.52:20000
206.123.132.35:2119
206.123.132.41:2119
206.123.132.68:2020
206.217.133.4:49815
206.53.55.8:1337
207.244.233.24:6666
207.244.235.47:6606
207.32.216.119:5555
207.32.216.119:6666
207.32.216.198:2233
207.32.216.198:6666
207.32.216.198:8808
207.32.216.212:5001
207.32.217.109:222
207.32.217.246:7707
207.32.217.247:6666
207.32.218.108:6666
207.32.218.11:1996
207.32.218.123:6666
207.32.218.12:6606
207.32.219.50:6666
207.32.219.80:6666
208.109.33.30:7777
208.109.33.30:8888
209.126.2.34:6606
209.126.2.34:7707
209.126.2.34:8808
209.126.83.213:8808
209.127.186.218:6305
209.141.44.112:8808
209.209.40.132:2
209.25.141.211:33901
209.90.234.22:6606
209.90.234.22:7707
209.90.234.22:8808
210.87.207.134:8808
211.149.180.60:8848
212.114.52.113:8888
212.114.52.212:1893
212.174.54.164:8808
212.192.219.56:5612
212.192.241.130:6606
212.192.241.130:7707
212.192.241.130:8808
212.192.241.194:7271
212.192.241.87:8754
212.192.246.87:5803
212.193.30.144:7331
212.193.30.230:7011
212.193.30.54:8754
212.193.30.54:8755
212.193.30.96:5022
212.227.169.228:4449
212.68.34.230:6606
213.152.161.117:56390
213.152.161.170:6751
213.152.161.211:50552
213.152.161.5:6253
213.152.161.5:6397
213.152.187.230:6751
216.126.224.171:6606
216.126.224.171:7707
216.126.224.171:8808
216.250.97.121:20000
217.195.197.85:6606
217.195.197.85:7707
217.195.197.85:8808
217.64.149.93:1973
217.64.31.3:9742
23.101.213.237:4546
23.102.122.72:8080
23.105.131.196:6606
23.105.131.196:7707
23.105.131.196:8808
23.105.131.196:9121
23.105.131.196:9128
23.105.131.209:1070
23.105.131.209:1137
23.105.131.209:19328
23.129.232.160:2222
23.129.232.160:6666
23.146.242.100:4449
23.226.77.22:4449
23.237.25.246:6606
23.237.25.246:7707
23.237.25.246:8808
23.94.159.212:6606
23.94.159.212:7707
23.94.159.212:8808
23.94.236.147:6606
23.94.236.147:7707
23.94.236.147:8808
23.94.82.24:10240
3.125.115.192:18
3.125.115.192:25
3.138.180.119:18729
3.141.210.37:12300
3.142.167.54:14923
3.144.124.4:7771
3.219.26.62:6606
3.219.26.62:7707
3.219.26.62:8808
3.237.100.172:8808
3.66.38.117:12104
3.68.171.119:12104
3.69.115.178:12104
3.69.157.220:12104
31.170.22.28:55775
31.192.236.139:3434
31.41.244.135:8808
34.125.144.45:5000
34.125.144.45:5001
34.125.144.45:5002
34.140.211.85:7707
37.0.10.214:6171
37.0.11.246:6606
37.0.11.246:7707
37.0.11.246:8808
37.0.14.196:2050
37.0.14.196:6161
37.0.14.196:6606
37.0.14.196:7707
37.0.14.196:8808
37.0.14.197:6060
37.0.14.197:7171
37.0.14.198:17086
37.0.14.203:1905
37.0.14.204:2019
37.0.14.204:2022
37.0.14.204:5631
37.120.210.219:48408
37.120.212.235:6606
37.120.217.243:6253
37.120.217.243:6397
37.249.78.26:5554
37.249.78.26:5555
38.105.209.167:8848
38.130.221.190:6606
38.130.221.190:7707
38.130.221.190:808
38.17.51.104:1989
38.47.205.151:8848
4.227.187.147:8080
4.229.235.23:8000
4.231.233.180:25310
41.141.211.80:64
41.216.183.175:4404
41.216.183.61:6751
41.251.4.158:64
41.72.146.10:6606
43.138.160.55:6606
43.139.124.22:6666
43.154.97.109:1981
43.154.97.109:8848
43.249.30.55:8848
44.192.67.149:4784
45.12.253.31:6606
45.12.253.58:1515
45.12.253.58:2323
45.133.1.152:6606
45.133.1.152:7707
45.133.1.152:8808
45.133.174.122:7707
45.134.140.152:60060
45.134.142.193:61341
45.134.142.193:6606
45.134.142.193:7707
45.134.142.193:8808
45.134.142.211:1337
45.134.142.211:56597
45.136.4.101:888
45.136.4.99:8808
45.137.22.111:8787
45.137.22.182:6606
45.137.22.182:7707
45.137.22.182:8808
45.137.22.41:4449
45.138.16.104:7707
45.138.16.109:6666
45.138.16.133:5555
45.138.16.162:6969
45.138.16.186:2004
45.138.16.218:2020
45.138.16.240:2222
45.138.16.39:6606
45.138.16.39:6666
45.138.16.71:8808
45.139.105.207:4782
45.139.105.252:6666
45.14.224.94:5020
45.140.146.4:25569
45.141.237.30:55055
45.143.8.181:13389
45.143.8.181:4449
45.143.8.181:8149
45.144.154.192:1604
45.144.30.31:25565
45.144.31.124:4444
45.154.98.151:7777
45.154.98.194:555
45.154.98.214:6606
45.154.98.87:8453
45.155.158.187:1337
45.158.77.78:10135
45.158.77.78:6606
45.158.77.78:7707
45.158.77.78:8808
45.176.91.143:9001
45.242.220.23:50
45.242.84.173:50
45.66.248.114:8899
45.74.4.244:7707
45.74.4.244:8808
45.80.158.108:555
45.80.158.108:6606
45.80.158.108:6666
45.80.158.108:7707
45.80.158.108:8808
45.80.158.114:6606
45.80.158.127:7707
45.80.158.160:6666
45.80.158.237:5558
45.80.158.65:7777
45.81.243.217:6606
45.81.243.217:7707
45.81.243.217:8808
45.88.67.12:6666
45.88.67.9:3306
45.88.67.9:3309
45.88.67.9:3358
45.88.79.224:54
45.88.79.224:55686
45.92.1.24:5001
45.92.1.59:6606
45.92.1.59:7707
45.92.1.71:8808
46.183.220.21:6606
46.183.223.109:8088
46.246.6.11:7090
46.3.199.101:4449
49.12.0.239:3760
5.161.115.90:6666
5.161.139.136:6666
5.161.139.136:7777
5.161.76.198:2003
5.181.234.149:51822
5.188.51.32:4449
5.188.86.237:6606
5.188.86.237:7707
5.188.86.237:8808
5.230.68.234:6606
5.230.68.234:7707
5.230.68.234:8808
5.230.70.13:6606
5.230.70.13:7707
5.230.70.13:8808
5.230.72.132:6606
5.230.72.132:7707
5.230.72.132:8808
5.39.15.167:88
5.68.138.73:3939
5.78.65.18:8848
51.116.125.149:3536
51.12.89.205:8361
51.222.69.7:6666
51.222.98.70:6606
51.222.98.70:8808
51.254.246.45:1974
51.255.130.2:6606
51.38.247.74:5555
51.68.180.4:4040
51.68.180.4:5058
51.68.180.4:6606
51.68.180.4:7707
51.68.180.4:8808
51.77.78.35:6606
51.77.78.35:6666
51.77.78.35:7707
51.77.78.35:8808
51.79.116.37:8848
51.81.126.39:1972
51.81.24.93:8000
51.83.137.127:6606
51.83.137.127:7707
51.83.137.127:8808
51.83.21.211:7707
51.83.231.254:6606
51.83.231.254:7707
51.83.231.254:8808
51.89.204.67:8808
51.89.205.213:8808
52.143.164.37:5555
52.178.132.52:6606
52.178.132.52:7707
52.178.132.52:8808
52.28.247.255:15066
52.90.30.10:7707
54.196.16.250:1337
54.37.42.165:4782
58.221.72.142:8848
61.14.233.88:6606
61.14.233.88:7707
61.14.233.88:8808
62.108.37.84:8848
62.108.37.84:8881
62.197.136.146:5672
62.197.136.146:6606
62.197.136.146:7707
62.197.136.146:8808
62.197.136.165:7777
62.197.136.165:8080
62.197.136.167:1111
62.197.136.167:6606
62.197.136.167:7707
62.197.136.167:8808
62.197.136.175:6606
62.197.136.175:7707
62.197.136.175:8808
62.197.136.195:3333
62.210.57.2:1284
64.56.68.152:8888
64.56.68.17:8888
64.56.68.209:8888
65.21.177.234:555
66.94.105.170:4449
66.94.109.58:6606
66.94.109.58:7707
66.94.109.58:8808
66.94.118.174:4001
67.214.175.69:7535
67.43.236.220:4151
68.235.43.172:59004
68.235.44.58:59335
70.36.108.28:4444
70.36.108.69:8888
70.36.110.176:8888
73.143.210.113:1337
73.143.210.113:56597
76.8.53.133:62520
77.192.68.90:1900
78.138.107.121:8808
78.138.107.121:8877
78.153.130.88:3232
78.170.251.123:7707
78.171.150.184:6606
78.171.173.96:1044
78.173.187.50:6606
78.186.210.130:8808
78.191.189.97:81
79.110.62.147:2025
79.134.225.11:7935
79.134.225.22:7936
79.134.225.23:6606
79.134.225.23:7707
79.134.225.23:8808
79.134.225.6:2782
79.134.225.72:2233
79.134.225.73:3030
79.134.225.74:6161
79.134.225.8:6161
79.134.225.97:4449
79.134.225.9:6060
8.210.121.56:10165
8.39.147.42:6606
8.39.147.42:7707
80.240.18.7:3131
80.253.246.144:6606
80.66.64.134:6161
80.66.64.151:7070
80.66.88.146:8848
82.115.223.14:4449
83.245.137.185:3306
84.38.130.171:9216
84.39.179.220:7707
84.52.187.222:8080
84.54.13.124:6606
84.54.13.124:8808
84.54.50.51:8848
85.104.99.83:4014
85.105.88.221:2531
85.202.169.14:855
85.202.169.230:8080
85.206.160.189:6606
85.215.214.84:7349
85.215.216.205:8088
85.31.45.38:8808
85.31.46.207:6606
85.31.46.207:7707
85.31.46.207:8808
86.48.18.223:7707
86.48.18.223:8808
86.57.195.165:8808
87.121.52.241:2000
87.237.165.133:6161
87.249.134.10:61341
87.249.134.10:6606
87.249.134.10:7707
87.249.134.10:8808
87.249.134.18:59004
87.249.134.1:61341
87.249.134.1:6606
87.249.134.1:7707
87.249.134.1:8808
87.251.79.126:18066
88.248.18.120:1604
88.248.18.120:33918
88.248.18.120:6606
88.248.18.120:7707
88.248.18.120:8808
89.117.21.144:6606
89.117.77.193:6606
89.223.71.59:5856
89.249.74.218:6253
89.249.74.218:6397
90.49.136.9:8080
91.109.176.14:6606
91.109.176.15:8808
91.109.176.6:6606
91.109.178.12:8808
91.109.178.13:6606
91.109.178.13:7707
91.109.178.14:6606
91.109.178.14:7707
91.109.178.14:8808
91.109.178.2:7707
91.109.178.3:7707
91.109.178.5:8808
91.109.178.5:9909
91.109.178.6:6606
91.109.178.8:8808
91.109.178.9:6606
91.109.180.11:6606
91.109.180.12:6606
91.109.180.13:8808
91.109.180.16:8808
91.109.180.9:7707
91.109.182.11:6606
91.109.182.9:6606
91.109.184.18:7707
91.109.184.3:6606
91.109.184.3:8808
91.109.184.4:7707
91.109.184.7:7707
91.109.184.9:7707
91.109.186.13:6606
91.109.186.2:7707
91.109.186.3:8808
91.109.186.5:8808
91.109.186.7:6606
91.109.186.7:8808
91.109.188.10:6606
91.109.188.10:8808
91.109.188.12:6606
91.109.188.14:8808
91.109.188.23:6606
91.109.188.5:7707
91.109.188.8:6606
91.109.188.8:7707
91.109.190.10:7707
91.109.190.7:8808
91.109.190.9:8808
91.134.187.20:4449
91.151.88.159:3131
91.151.94.59:1212
91.192.100.7:8282
91.192.100.8:8153
91.193.75.132:9191
91.193.75.135:3030
91.193.75.154:1515
91.193.75.204:5900
91.193.75.205:5900
91.193.75.249:5900
91.227.113.154:6666
91.245.253.84:4449
91.245.255.120:4040
92.118.36.201:3001
92.118.36.201:6606
92.118.36.201:7707
92.118.36.201:8808
92.138.188.75:7006
92.204.146.31:6666
92.204.146.31:8000
92.222.212.65:6606
92.222.212.65:7707
92.222.212.65:8808
94.130.208.107:2021
94.26.49.118:6606
95.13.149.131:7707
95.173.247.110:8806
95.179.130.232:1703
95.214.24.32:7790
95.214.27.226:6606
95.214.27.226:7707
95.214.27.226:8808
95.214.27.237:1515
95.214.27.237:1717
95.216.102.32:8808
95.216.192.137:8808
95.217.121.186:4449
95.70.151.185:8805
96.227.248.173:8751
admincairo.linkpc.net
asmodeus666.ddns.net
bbiy00362.duckdns.org
bbrainx01.publicvm.com
bigdipsOn.publicvm.com
boxtest.publicvm.com
clsuplementos.ddns.net
corpoleve.3utilities.com
corpoleve.duckdns.org
craig.kozow.com
danbochie2.dns.army
darknode88.duckdns.org
daveblack.publicvm.com
dimascu.duckdns.org
dpunktesting.ddns.net
egrh.linkpc.net
elgzar207070.kozow.com
escanor2022.linkpc.net
flingmodder-53370.portmap.io
franc01.publicvm.com
gfhhjgh.duckdns.org
ijogaa.duckdns.org
jok7oda.publicvm.com
kkshdh.duckdns.org
krnewfine.work.gd
lyoni-55552.portmap.host
mikeludomax.ddns.net
mikeludoyyxx.ddns.net
mikludoykxx.ddns.net
mineawrtes.ddns.net
mmten.publicvm.com
mo1010.duckdns.org
moaaaza.com
monogon.cc
n0fuzga.publicvm.com
nasser.endofinternet.net
new2023.ddnsfree.com
new6000fix.duckdns.org
nexsa111.sells-it.net
nexss111.sells-it.net
nexst111.sells-it.net
nulled2nd.camdvr.org
paris-comrademay17.duckdns.org
pofsecure.worse-than.tv
polymoly.info
pop11.linkpc.net
pop5.ddns.net
portdin.publicvm.com
quizzical-meadow-22997.pktriot.net
reinfocomplete.us
ridaq1.is-a-caterer.com
ridaq2.is-a-caterer.com
rider.giize.com
services.work.gd
snaxosveilbmoswar.ooguy.com
tarjapreta.news
vrln.linkpc.net
waelrakha.com
winhost.ddns.net
wizzy.hopto.org
wpmediatech.com
xavierat.ddnsfree.com
xxxpasoxxx.ddnsfree.com
xxxsthebagsxxx.mywire.org

# Reference: https://www.virustotal.com/gui/file/881168bc9d9b2dd0ab96a2ebf781069c7f0adb347d2aed6afffc40fc876440b2/detection

gratedmonth.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00175798dec9209ec22acf95a8484f3fcc58524973ff82111268dc117f3647ad/detection

103.151.123.121:8891
handofhor.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fdaa11387459b12583b27ace60c86e5fee4d882eff1a3c84d934fe84a31a914f/detection

23.133.216.180:21340

# Reference: https://www.virustotal.com/gui/file/0031ede66d7106d7d02eeddba63722046419ee6acf14b1d0441fc6e57bb63bf4/detection

147.185.221.180:25384
147.185.221.180:4852
23.133.216.180:25384
23.133.216.180:4852

# Reference: https://tria.ge/221128-sds6nsga4v/behavioral2
# Reference: https://www.virustotal.com/gui/file/53f99ccc4b2f86fbd235ebb718b1425017f23c01bc1a2b5ba39da3d4d21ab2b8/detection

147.185.221.180:9969

# Reference: https://www.virustotal.com/gui/file/68ea91f5203fb365e373f3325f2388db0d3f83237381548418f92af5659b8d64/detection

90.166.185.205:6606
90.166.185.205:7707
90.166.185.205:8808
torpesito.ddns.net

# Reference: https://www.virustotal.com/gui/file/3e3ef95e4d20e1cf759021d91f834b6f2c82a1a9dbab3cab1605a55bc85d5be5/detection

167.71.56.116:22823

# Reference: https://www.virustotal.com/gui/file/f1b069632065fa9b56ec7fe634303955294d883a43b66449467fd0e84ac41981/detection

103.156.90.165:6688
inthepinvbxss.duckdns.org

# Reference: https://twitter.com/r3dbU7z/status/1600095143272402946

dybc.publicvm.com
elgzar.kozow.com
nasori.ddnsfree.com

# Reference: https://mp.weixin.qq.com/s/J_A12SOX0k5TOYFAegBv_w (Chinese)
# Reference: https://www.virustotal.com/gui/file/68573d7720dd2af77d97303843b1b8e80bff6650738c80df21fff51dac1075cc/detection

182.183.241.98:6666
tindertx.ddns.net

# Reference: https://www.virustotal.com/gui/file/9f87770bad3dd34c91f94032c8d219f327fea68d9452355804a59359dc8fde5c/detection

63.250.60.207:3060

# Reference: https://twitter.com/suyog41/status/1603656406854520832
# Reference: https://www.virustotal.com/gui/file/3cb88219d3e69e3831a24c06a1bcab6e6689358af1ce39e72876a27e73f236fd/detection

chasmic-slings.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b090e91734b2b0159a3c73193665c461c57f46d8d10e9a01f662149b98c228db/detection

198.23.212.148:8848

# Reference: https://www.virustotal.com/gui/file/96c34bd9fb09b04617ca76e8e4e1ece03c9307335a25c882ae1b4a8e9fdbcca4/detection

4.201.51.87:5786
guardionofthelimiar.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1607911624815542273
# Reference: https://www.virustotal.com/gui/file/f470c59c6294eb44a1710a494df0901093e8efef423e243bc41044a3f7349616/detection
# Reference: https://www.virustotal.com/gui/file/d43adab8c5f838640ed5b27cd6117f7482fbd1548cdab806ac675ab021e3b4e4/detection
# Reference: https://www.virustotal.com/gui/file/f6362f72ab7bf169e6f17cdfbf06871528526a210126f75dbd2f8ca8a2cb73cd/detection
# Reference: https://www.virustotal.com/gui/file/f1a0466f8d953d09ec77419609e8050f76c76aa93e9626ce3fc50fe9c296ad7f/detection
# Reference: https://www.virustotal.com/gui/file/9ea0227fe34a921ea91ee6780651f62011d3a17a67df57e22afeb4efb7ba75f4/detection
# Reference: https://www.virustotal.com/gui/file/2a0485239bcd3617d9b6139a2ecd01e2c094eeec2fbe8ac0aeed9e1fa2f4d781/detection

105.154.204.219:64
160.176.131.9:64
160.176.70.134:64
160.179.101.16:65
196.64.173.7:65
peakypinkers.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f8f2577b633797d4f522bc7365c943b83e3a92062ff2bd22f807d3d2f9fe354b/detection
# Reference: https://www.virustotal.com/gui/file/ead9e87d8a4aede84c362453156b467d3d0c31f26a670c4aea5a57ced4c6b4eb/detection

82.131.101.66:5552
1604.hopto.org

# Reference: https://mobile.twitter.com/x3ph1/status/1610430091041046529
# Reference: https://www.virustotal.com/gui/file/a71286ed9bc67a7bc404b462229db4cb869d36b84f41bfbc36a9227759ed434c/detection

147.189.168.100:6606
147.189.168.100:7707
147.189.168.100:8808
synergymediplus.com
1bxb.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1612459856639971328
# Reference: https://app.any.run/tasks/8bd63423-0ecb-4836-8e46-6ef6028d5f3c/

185.176.220.29:6606
185.176.220.29:7707
185.176.220.29:8808
mulla2022.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1612581159699107843
# Reference: https://www.virustotal.com/gui/file/afbc4002c8369634933a12c9d2963644e648e30dc1ab25e506696f593fda4a33/detection

20.25.94.83:6606
20.25.94.83:7707
20.25.94.83:8808
c1crt.axfree.com
draxinc.linkpc.net

# Reference: https://twitter.com/Racco42/status/1612697711475572738
# Reference: https://app.any.run/tasks/46f2915c-5ebc-447d-976c-f4cfc4339f67/
# Reference: https://www.virustotal.com/gui/file/b90713c5c5f654a3dec2c6cd9c6b38d34a371403aa307a84f3d8cce512e41c0c/detection
# Reference: https://www.virustotal.com/gui/file/37d871a4da364d19f9a32d10a9845f808daa5b60479f9134d1d2d6501e21fa25/detection

109.206.243.198:6606
109.206.243.198:7707
109.206.243.198:8808

# Reference: https://www.virustotal.com/gui/file/da7c929bf15c5b5f503449155f5000987a35916cb8cd97ce46b3509a16cfd6ac/detection

141.95.84.40:3060

# Reference: https://www.virustotal.com/gui/file/d8ebb55bf18869dc3f5b0a3f3c1a5287b6499dd2749feb9aa42f9bd8f30fece1/detection

141.95.84.40:3030

# Reference: https://www.virustotal.com/gui/file/a70000522eeafcb0dabe06ae1f49b25257795d90269b6d47737b64cecbabb91c/detection

def.sytes.net

# Reference: https://www.virustotal.com/gui/file/137b0598d14eaba417a9e7a9aea72027aa2e98fc30c814df45b91a992824e6dc/detection

46.43.90.99:7788

# Reference: https://twitter.com/embee_research/status/1614805554261815297

1c76ec89.anchor.northphxchiro.com

# Reference: https://twitter.com/phage_nz/status/1615132638288957440
# Reference: https://tria.ge/230116-3mxwbsfc89/behavioral1

154.12.250.38:6606
154.12.250.38:7707
154.12.250.38:8808

# Reference: https://twitter.com/petrovic082/status/1615628082353676288

179.96.121.149:8080

# Reference: https://www.virustotal.com/gui/file/5cad69a96f097577cf7c73adeb0b43857c1acca3cf901c23f1f14768a16ac350/detection

45.138.16.150:6666
d1x3x.linkpc.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-19%20AsyncRAT%20IOCs

154.12.234.207:6606
154.12.234.207:7707
154.12.234.207:8808
newtryex.ddns.net

# Reference: https://www.virustotal.com/gui/file/4fe815a0f25f582df5512d777afceaa3dfe65da5ded46465fad849ff3487d170/detection

91.109.176.7:9441
bemviver-repouso.com.br
cdt2023.ddns.net

# Reference: https://twitter.com/1ZRR4H/status/1617696464230285313

2023foco.com.br

# Reference: https://app.any.run/tasks/d332f444-028c-48d1-9e84-9311b233e9e9/

95.216.102.32:6606
95.216.102.32:7707

# Reference: https://twitter.com/petrovic082/status/1618549394911170565
# Reference: https://www.virustotal.com/gui/file/fa3a9b975c2a6c0aafaba29157cb94daba8e5fe20da8c3c70c5552e2aaccf378/detection
# Reference: https://www.virustotal.com/gui/file/1649b879a199aea927d7879701a8017d286c291cd294b31e46486d2137c7789e/detection

134.209.126.30:6666
159.65.235.56:6666
181.214.94.75:6666
morph.sytes.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-27%20AsyncRAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/e180cd1b7fcf1674287a2aa516901ab1491aaaf7d9beb067b8109e742d89a50b/detection
# Reference: https://www.virustotal.com/gui/file/041201ea61adce22ef2f36f64f9ccac66d638bffcb043e48f53d33cc7d8692a6/detection

http://109.107.174.128
109.107.174.128:6606
109.107.174.128:7707
109.107.174.128:8000
109.107.174.128:8808

# Reference: https://twitter.com/ScumBots/status/1621102979033010179
# Reference: https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia
# Reference: https://www.virustotal.com/gui/file/55e25bce90136a80ea0e24c17e4fa2b6582d9d387b3defeb06d40e38313ea6fe/detection

46.246.80.9:1543
46.246.86.3:1543
asy1543.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1622654044899614737
# Reference: https://www.virustotal.com/gui/file/360e29b66b74183494f32501a184eb3f39b425459b57cf84a6e3f8061dc519a2/detection
# Reference: https://www.virustotal.com/gui/file/cfd9d28726de527ffe41e35c827f4dbf94671b9f74d70fd0ac118ddd8bcd8485/detection

85.217.170.33:8008
fintran.site
filetrinsf.xyz

# Reference: https://www.virustotal.com/gui/file/6a5e14ed26730c4e7fcbcbbc98db1cb7bdc45b27af457fd7f349b78cc35da9f8/detection
# Reference: https://www.virustotal.com/gui/file/8a1b62fe165e75fe0004fcfa274a2b1316cb4012fb57454a45c15514b693fdc8/detection

85.217.170.33:8090
filetrisnf.store

# Reference: https://twitter.com/atomiczsec/status/1623112165212184583
# Reference: https://tria.ge/230207-2ydfdsga92/behavioral2

osostata.com

# Reference: https://www.virustotal.com/gui/file/16b4a6fec76b452f77a6832871ff2e906d673e557a0e6c2673fc952181d1319b/detection

185.249.198.46:6666

# Reference: https://twitter.com/dr4k0nia/status/1624214043639660544

18.206.35.13:6666
40.113.131.31:6666
xe3x1.ath.cx
xonxen.dnsalias.com

# Reference: https://www.virustotal.com/gui/file/727b7a1920d25e48af6ff6c8ee65be66ca062ba068d156a8211510c6e906e126/detection

20.206.103.69:4448
operador.ddns.me

# Reference: https://www.virustotal.com/gui/file/1b713a56ede95505160c5f6942799badd8c749a0cf767f34dbc276f31d5087e2/detection

20.195.202.119:4449

# Reference: https://www.virustotal.com/gui/file/1cf7ad31eb11c1ab20417351de431a3dd795ff9753e0f5e70c7ac3b7619283cd/detection

20.206.103.69:4449

# Reference: https://www.virustotal.com/gui/file/d4e1be1a339a03490a108e86604bd02f58aac556e4be18a52217bcc52816a936/detection

20.13.152.56:4449

# Reference: https://www.virustotal.com/gui/file/a1e5cd57d6884986e59bc05f2fc0b6bfb1199cba589ff293fbe538dfec78d835/detection

http://20.166.20.230
20.195.163.160:4449

# Reference: https://www.virustotal.com/gui/file/9b9477b4a407bb0cd74e70a1ceae6249a65bcefcf8cc9b98a79b03bca1fbb826/detection

20.206.103.69:7788
bitflysecurity.s3.amazonaws.com
operador.ddns.me

# Reference: https://www.virustotal.com/gui/file/817fd089f6f29233a21a67a8adc3f01e5816017cc653504d25ce0e3e41bad02f/detection

nofinebucket.s3.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/4644d5d8f56afb7b2095ca5c209e840ad3a7dddaa294fa6a074283f0f6b1d956/detection

exodusdownload.s3.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/0160a5ab3ac93ff1cbc18c74777e65600ef2982a2b147697944ad3033c6fd115/detection

esplogem.ga

# Reference: https://twitter.com/0xToxin/status/1624368467511021569

207.244.236.205:6606
207.244.236.205:7707
207.244.236.205:8808

# Reference: https://twitter.com/malwrhunterteam/status/1625586060276162589
# Reference: https://www.virustotal.com/gui/file/8572c19e4037b11c860ad014609a29a906ca1cdbd06ae6f13a3bf2e32c3acfb7/detection

20.229.137.82:1337
nonly.live

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-14%20AsyncRAT%20IOCs

195.133.40.128:333
195.133.40.128:6606
195.133.40.128:7707
195.133.40.128:8808

# Reference: https://twitter.com/dr4k0nia/status/1625965366793961472
# Reference: https://www.virustotal.com/gui/file/75ace7d4e6c6cd5abb6e28deb7a902f361afa443b0b71af834ff9d38972a441a/detection
# Reference: https://www.virustotal.com/gui/file/9e66a5a4ce6774b137b47c5feaa407b75b96349bbff3c2dfe24b522cfa06f46b/detection

185.241.208.233:1337
barbaraalle.camdvr.org
barbaraallen.camdvr.org
raymonddapson.camdvr.org

# Reference: https://www.virustotal.com/gui/file/017f7fb81dad9de4238b0dc6e59989eda959d8626df7451e8afe1ece3892621d/detection

http://185.11.61.245
185.11.61.245:6606
185.11.61.245:7707
185.11.61.245:8808

# Reference: https://www.virustotal.com/gui/file/5dd033f850835b3e0b4ae423aad9922a9759d6b3f7ea5ff2b171815bf3a18825/detection

194.5.97.59:6606
194.5.97.59:7707
194.5.97.59:8808

# Reference: https://www.virustotal.com/gui/file/ceb12c810554c6988f7a88335613971616ef832dfd7e9027ae3bdf76f0974ee4/detection

18.228.115.60:19289
18.229.146.63:19289
18.229.248.167:19289
18.231.93.153:19289

# Reference: https://www.virustotal.com/gui/file/1e5407baf23480666ea2e978ccf1ad1276118b002c82160d5780f093a7517297/detection

178.175.142.195:26741

# Reference: https://www.virustotal.com/gui/file/f2399be73420c3074326fc31451d2c126c862dad095be5bcfbc0a0c0b022e4c7/detection

185.65.135.177:56604

# Reference: https://www.virustotal.com/gui/file/9a0bcf924ffecb891bae26ba6d17c2deb44f59f51a9d4f529b480393077585a5/detection

185.65.135.177:8925
maltosen.ddns.net

# Reference: https://www.virustotal.com/gui/file/26e95fe011f8d21bde28c916cc60ec5f7d817bba6f8df6302449a8fc0aaf729f/detection

185.65.134.181:56981

# Reference: https://www.virustotal.com/gui/file/cbe84d22f09c9a8eb3d15710e72eac9e21941400e66f3e890ce6fcca294b8ce1/detection
# Reference: https://www.virustotal.com/gui/file/8170cd47490cd0a0e8769cc662fe9d7a4e975c34e5fe494b209e0d73bc0d6433/detection

185.225.28.158:54944
3.64.4.198:18640
3.67.112.102:18640

# Reference: https://www.virustotal.com/gui/file/14c5a30526484ef4edf641a38e56a9c150d4f94ae125af2bbc9d821056d20023/detection

193.138.218.162:55373
193.138.218.162:57296

# Reference: https://www.virustotal.com/gui/file/9cc2a804dd840e979b6481c0cbc8045c991422d193b3e6358bacd082dd657c35/detection

209.25.140.180:55682
whole-playback.at.ply.gg

# Reference: https://twitter.com/malwrhunterteam/status/1630275606666440704
# Reference: https://www.virustotal.com/gui/file/b3051daf1bb20dfa1cbc49a1da48ad341ed3a3ccb86fa8ba5a264c4e98cdc0e0/detection

http://176.113.115.123
176.113.115.123:6606
176.113.115.123:7707
176.113.115.123:8808

# Reference: https://www.virustotal.com/gui/file/38d27eca5b197c4352ac713713e13e52ffe90c9eb61675315b0027ffa7c2aaf4/detection

51.142.111.3:3779
yourfather101.duckdns.org

# Reference: https://twitter.com/StopMalvertisin/status/1631318221465997314
# Reference: https://twitter.com/ThreatBookLabs/status/1632647230007173122
# Reference: https://www.virustotal.com/gui/file/90cb95264d0b555fe9a760de404196ac183a958c9cc1aad0689598e35fbb0c3b/detection

0ffice365update.blogspot.com
urlcallinghta1.blogspot.com

# Reference: https://twitter.com/StopMalvertisin/status/1631318233650446336
# Reference: https://twitter.com/c_APT_ure/status/1632327563921051648
# Reference: https://www.virustotal.com/gui/ip-address/212.87.204.83/relations
# Reference: https://www.virustotal.com/gui/file/c64e61aaa97d1744f8ec61dbd9ca72f3f5443bf534ee98eab39832338be39204/detection
# Reference: https://www.virustotal.com/gui/file/94c3945bc834baae76d1e1e9fe6f647fc3438cc8b2dd1cbcf71e1fa57ff777b8/detection

212.87.204.83:3000
212.87.204.83:5000
port3000newspm.duckdns.org
port6000old.duckdns.org
port7000old.duckdns.org

# Reference: https://www.virustotal.com/gui/file/43905bff6b7bdac9698c9109764e7ac3ffddddf59b9d278c648dfd8e6b1403ac/detection

3.64.4.198:16972
3.67.161.133:16972
3.67.62.142:16972
3.67.62.142:19425

# Reference: https://www.virustotal.com/gui/file/13de2024361712c76d9e5aed5aa9efb5af58dbc42e0ef58fa9084f422e268195/detection

165.227.31.192:22832
us-west-11608.packetriot.net

# Reference: https://twitter.com/TrackerC2Bot/status/1634253108975894528
# Reference: https://www.virustotal.com/gui/file/25beb3bb95290ffbb5b12ad678ca9c7eb1bc2a135ecd0ec35621d30a9bab31d3/detection

172.93.231.202:4442
172.93.231.202:5552

# Reference: https://www.virustotal.com/gui/file/52688b2d7ff1b147902bb6eade2be7d52e27efb10f318ede17e05eb398386cac/detection

181.141.1.250:2424
46.246.12.16:2424
telo2158.duckdns.org

# Reference: https://any.run/malware-trends/asyncrat

kmspico.one
majul.com
eltem.iptime.org
fund-linda.at.playit.gg
lesgoo.kozow.com
mind-cpu.at.playit.gg
nethttp.sytes.net
trip-it.at.playit.gg
trojeiros.duckdns.org

# Reference: https://twitter.com/0xrb/status/1635946014031978497
# Reference: https://www.virustotal.com/gui/file/5379820f930466a3fd452e5161da9da7771db18a2c88050a9f7a908960e1d7c8/detection

185.136.161.11:1337

# Reference: https://github.com/RussianPanda95/Malware/blob/main/AsyncRAT/hindi_config-3-17-2023.txt

chromedata.webredirect.org

# Reference: https://www.virustotal.com/gui/file/486d9c1f259ee472964bf817ed2b8e218440f7b1145230ff8cbba6a3da3c8f55/detection

181.141.1.67:4243
dcleomessi.duckdns.org

# Reference: https://twitter.com/pmelson/status/1640822646089678848

p24xy.xyz

# Reference: https://www.virustotal.com/gui/file/0c6b9d6c37b17c04112ce5b33b8b7770c483cb70b1e28f66d06d1bbf8384c777/detection

91.192.100.36:4444
dlusercontent.net

# Reference: https://www.virustotal.com/gui/file/c0414a72120a5810090003e67dfd5deb57d40b7114a427b3cb8b255d92e7e1cb/detection

37.166.213.98:6606
37.166.213.98:7707
37.166.213.98:8808
cloudflarenet.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1c5a1893e2d9ebec47e904cb5848c73160e44bbdc132ef4629ed01248c126bd0/detection

91.109.186.14:6606
91.109.186.14:7707
91.109.186.14:8808
seznam.zapto.org

# Reference: https://app.any.run/tasks/d76a4082-1636-4122-9ac8-55a52a8c79d8/

103.47.144.42:7045

# Reference: https://www.virustotal.com/gui/file/5faef14a931cb73235865309f5b8d151decefe3163036e6d15442325eeda14fa/detection

82.213.21.251:6606
82.213.21.251:7707
82.213.21.251:8808
ccleaner.hopto.org

# Reference: https://app.any.run/tasks/842a3193-57c3-4a67-919d-f63d091ef85d/
# Reference: https://www.virustotal.com/gui/file/6dedc7da4dacf1e6bec9ca8b120343dfea5a46df41ca454f37284b163211ff78/detection

http://185.81.157.135
185.81.157.209:2301

# Reference: https://twitter.com/malwrhunterteam/status/1643576221354033154
# Reference: https://www.virustotal.com/gui/file/cb977702b8e144294287783f421fa0c9648e91b2ae7a22c9564ef2986bd76675/detection

209.25.141.223:50753
overview-bm.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/b605abc87533cdc19417cb5d77523786566abea6d3c50f9726cb50e572a72a6d/detection

194.26.192.121:6606
194.26.192.121:7707
194.26.192.121:8808
mssssusa.accesscam.org
mssssss47477474.casacam.net
wmssssss47477474.casacam.net
6606.mssssusa.accesscam.org
7707.mssssusa.accesscam.org

# Reference: https://www.virustotal.com/gui/file/f38e60203e63c6698a2ece1184f19377d9f42caf2c3d474b9f8a210d41313d00/detection

win10.webredirect.org
win11.giize.com

# Reference: https://www.virustotal.com/gui/file/6d7250146b15601a91d4a0b1f7b61c92663ba3c292a7a599b729c0f63702534e/detection

185.65.134.182:15888

# Reference: https://www.virustotal.com/gui/file/a41eb1afcafeaa654907fcb9bf5933bf5fd628f921e846ac9337b9841300194d/detection

185.65.134.182:57274

# Reference: https://twitter.com/x3ph1/status/1646691991982333954
# Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT
# Reference: https://www.virustotal.com/gui/file/e22683de5510cbc523e79448c8695ae6c07e03b6548acbd8960ce243282594c0/detection

147.189.170.192:6666
wbem.ddns.net

# Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT
# Reference: https://www.virustotal.com/gui/file/f12589613148fd8c49340d2a052055a904eebcb6be0139e88c195199e017ee7c/detection
# Reference: https://www.virustotal.com/gui/file/d914868ffae77ca23a37923e9af6e4f4b006a1647de5312881abb32e86e1004b/detection
# Reference: https://www.virustotal.com/gui/file/6c53e66888f9ea39e6742852b010583ba15026c20e175cfbf889681f72407b31/detection

2.56.56.223:1996
207.32.218.11:1996
zipcode96.ddns.net

# Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT
# Reference: https://www.virustotal.com/gui/file/b4a9322a15a084fe9b8347b2c7bceac6f82d838a808dadcdd82b48bd1763ae2c/detection

207.32.216.100:1999
bigflossy.ddns.net

# Reference: https://github.com/xephora/Threat-Remediation-Scripts/tree/main/Threat-Track/ASyncRAT
# Reference: https://www.virustotal.com/gui/file/0be38f7ea9f1a73de2b0d3a5780837eb07a46cdb784b1f89e355d4c4dab76eb2/detection

2.58.56.41:1996
cynax22.hopto.org

# Reference: https://www.virustotal.com/gui/file/f5b225cee24542e5f59f4aeb62bc8dcfe407014e644987586c5effa2e443df91/detection

176.97.70.164:1177

# Reference: https://www.virustotal.com/gui/file/5f69e57505862bfe9efc097de17ffa99c93eedb60e86b073cbe494b00a2d9a37/detection

18.228.115.60:12097
18.229.146.63:12097
18.229.248.167:12097
18.231.93.153:12097
54.94.248.37:12097

# Reference: https://twitter.com/r3dbU7z/status/1649082685338402816
# Reference: https://www.virustotal.com/gui/file/d5a2a03d87b4f1471dabcc76c057b74ebf4557058bdc225194a444413964b13a/detection
# Reference: https://www.virustotal.com/gui/file/b65be0351a717f4440b29a61d206acf4457c4755693f5d68e8cb39948ec5c1cf/detection

http://51.89.207.173
51.161.107.21:666
usb.directory

# Reference: https://www.virustotal.com/gui/file/33a24cdd53b8d0a52bd93e9b59482c4c7c933d119dba87f01f7c02a8c97bed0a/detection

147.185.221.223:24460
myfilesx.s3.us-west-004.backblazeb2.com
/ddgqprb4fbn/fgtryh45c.txt
/ddgqprb4fbn/
/fgtryh45c.txt

# Reference: https://twitter.com/sicehice/status/1650703773839286272
# Reference: https://www.virustotal.com/gui/file/9bc6f7078b4a80e7363336194ffccb04d646da487bb093775b3caefd224f7d87/detection

31.192.235.146:8000
31.192.236.139:3434

# Reference: https://twitter.com/g0njxa/status/1652022542259896335

20.123.197.130:8080

# Reference: https://www.virustotal.com/gui/file/140e8710e1a8c2dfbeea2587180ffc0656523fca8824880e7e3de91a3a56d7a4/detection

81.161.229.121:4545

# Reference: https://www.virustotal.com/gui/file/0571c7fd18f633e731f93e93f82260c89157e2e014152b1d909cfbc1c7d68570/detection

179.43.154.184:8008
minijusfil.com

# Reference: https://www.virustotal.com/gui/file/cd279fe4806f1925c2985f4a3f4a0052b140e85ffad9a2e46b27f8ff2cd99baa/detection

bahrdevo.endoftheinternet.org

# Reference: https://twitter.com/malwrhunterteam/status/1654111835136708608
# Reference: https://www.virustotal.com/gui/file/09cc73e85312daa39cbf1e5a523ed368a0611c0691cecbafd5f6b0c2d64eaaba/detection

46.21.153.135:9897
apatee40rm.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/817c463f2b2d6ad916bd11bdc8e81e232b443d333cb02a3943d28f11d206ccc3/detection

45.80.158.114:6606
45.80.158.114:7707
45.80.158.114:8808
1dog.ddns.net

# Reference: https://www.virustotal.com/gui/file/3ebfbbd09064aae6f6238d019637a666740b3b35141e46cf76524c8dde88fb26/detection

103.30.126.242:8848

# Reference: https://twitter.com/Artilllerie/status/1655915223604244482
# Reference: https://www.virustotal.com/gui/file/4d275403b2993bb1dcf4d3262a5a70b32c0caa04e3cdb8c236420a3b1b1855b6/detection

190.2.142.239:5566
downlodanydesk.com

# Reference: https://www.virustotal.com/gui/file/91971af253069cff21a8c104773ba2f80ac611a6e72db84d20432141136578f4/detection

104.234.119.55:50511
mortgage-service.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1141b995cd24c8f2eb4d83d08a3a9dba4f2c4cd5d6e1528f64aa8d51ddbd62bb/detection
# Reference: https://www.virustotal.com/gui/file/afda04b91b8bff33be9e8f9c7a3cf441c4b2c92f9fcef42a00bcf35e495a9e67/detection

79.134.225.40:2211
vmware.trickip.org

# Reference: https://www.virustotal.com/gui/file/0c32c4300e32863030d1ed5633f530a4f411df1c391d4388140c8ff2974638b0/detection

194.5.97.49:6970
83.151.238.37:8080
dvcfxgcvbbasfsd.ru
xafsavxcfdgbdsfg.ru
giuseppe.ug
tamera.ug

# Reference: https://twitter.com/0xToxin/status/1661101374166257664

strekhost2058.duckdns.org
strekhost2065.duckdns.org
strekhost2068.duckdns.org

# Reference: https://gist.github.com/embee-research/f6af45017a3bb3c64a1654b7c4810525

109.230.238.142:6666
116.62.115.255:8808
120.146.185.63:443
142.202.240.126:5555
146.59.161.194:8808
149.102.132.253:3110
15.165.236.45:8808
172.81.60.205:8808
185.81.157.105:5130
185.81.157.135:7777
185.81.157.14:4444
185.81.157.168:7701
185.81.157.5:4152
190.28.148.168:2000
192.119.108.77:8713
192.119.108.78:8713
193.23.161.246:6666
194.156.91.127:8743
194.9.172.60:8808
198.244.251.230:2222
20.67.243.141:113
207.244.232.102:8808
207.32.217.71:5001
23.254.130.126:6667
23.254.227.121:6666
23.254.231.83:1002
38.242.242.149:7777
45.138.16.161:2020
45.138.16.202:6666
45.138.16.48:1234
45.141.215.81:888
45.141.215.84:222
45.143.99.54:1337
45.154.98.110:1989
45.154.98.192:222
45.58.190.125:8808
45.80.158.57:8888
5.224.222.214:4001
5.249.165.85:6666
51.120.120.162:8808
51.161.104.149:8808
51.161.105.119:7707
51.161.59.75:7707
51.81.126.13:222
51.81.24.93:7000
51.89.204.67:7707
51.89.207.166:8808
54.38.124.50:8096
54.38.234.73:8808
66.94.118.174:1188
66.94.122.207:8808
70.36.110.159:8888
74.222.22.72:8888
82.159.198.174:4002
85.206.172.156:444
85.215.190.69:8808
98.26.85.5:6969

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (04 Jun 2023)

111.90.149.195:5111
111.90.149.195:7766
151.80.52.38:4449
185.252.178.121:8808
192.71.244.54:8080
37.196.152.120:4449
43.226.49.147:8080
45.80.29.139:1337
64.235.61.43:8848
84.54.50.9:6606
84.54.50.9:7707
84.54.50.9:8808
88.198.206.217:4449
91.192.100.7:8808
95.214.27.44:6606
95.214.27.44:7707
95.214.27.44:8808

# Reference: https://www.virustotal.com/gui/file/74c1d1141cf501cd8b9d86f97acb67cc7dc7e9213f8722600ae991f5d254b68b/behavior

websites.vpndns.net

# Reference: https://www.virustotal.com/gui/file/28e1470bf46b1680e230c7bb57e4836d3b6bef4d35d2cc927984950416a4c1d7/detection
# Reference: https://www.virustotal.com/gui/file/367831dcb90d2df723eeccb94c21fe58691a6946b4ea40cb9de2bac316319d9b/detection
# Reference: https://www.virustotal.com/gui/file/ba5ed5f0f25b952f16a30d9dc97c1be2a9c1f7676345311b421584ca4c4c1405/detection

18.198.77.177:17851
3.121.139.82:17851
3.127.253.86:17851
3.127.59.75:17851
35.158.159.254:17851
52.28.112.211:17851
solarx.site

# Reference: https://www.virustotal.com/gui/file/da642fc983f09b106c32181f7e66d0cad426924650594ca613e5ce5b25b71493/detection
# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

141.95.84.40:456
141.95.84.40:916

# Reference: https://www.virustotal.com/gui/file/9b3c1321f7bee06e6790ee733d7ff90400f628040fee4e65d240340f957d00a1/detection

104.243.47.45:5230
104.243.47.45:6606
104.243.47.45:7707
104.243.47.45:8808
celsperial.hopto.org

# Reference: https://www.virustotal.com/gui/file/f9171de76ea630a461f1764aa9c27fadf7e8fcbddfa7a2c3b44067867c029f05/detection

91.208.92.49:7001
miopsbn.con-ip.com

# Reference: https://www.virustotal.com/gui/file/0747abd54dd664fed5dd0028ac579905845c91d5a0da537133ba4bfcb5fea15c/detection

181.142.211.88:7577

# Reference: https://www.virustotal.com/gui/file/71a2fe2a79055b9aca04daaa8288730f1027c0b186e2f10718b21e2d1e89355d/detection

64.235.61.43:42069

# Reference: https://www.virustotal.com/gui/file/cd704cdaf7397e725eaa339fb7ad3a0ab26f503428eb8eaaf4abb656ae949382/detection

188.126.90.211:3636
188.126.90.212:3636
46.246.12.211:3636
46.246.4.211:3636
planpnl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/132358ecc4d7b80efba0d2d57fe104b563673ecc9935efcd4e8440c886e0138c/detection

18.228.115.60:17832
18.229.146.63:17832
18.229.248.167:17832
18.231.93.153:17832
54.94.248.37:17832

# Reference: https://www.virustotal.com/gui/file/3ec57ea55466112ec38310d0066fc024e3600887785e768a8219230d236a7eb8/detection

18.228.115.60:16864
18.229.146.63:16864
18.229.248.167:16864
18.231.93.153:16864
54.94.248.37:16864

# Reference: https://www.virustotal.com/gui/file/c44075c86a18be51547cba1e2d357aaef5008a0bfb25daa4dba2c6c5e25f2ca1/detection

209.25.140.194:51862
209.25.141.194:51862
209.25.142.194:51862
194.ip.ply.gg

# Reference: https://www.virustotal.com/gui/file/994385b5a04f107c65d45c3cb54483e847d63b6b75988ad8ecfd6c9df1cba295/detection

18.230.117.219:6000

# Reference: https://www.virustotal.com/gui/file/c7b9a1bf733e98f545d5cb946165c32923c564b4cc3603924eae9a44df203a3d/detection

18.231.156.119:7000

# Reference: https://www.virustotal.com/gui/file/fbc3ad3bdb040103596ab07b85d80331dcaa9868e55220481faba563c85f890a/detection

18.228.115.60:13552
18.229.146.63:13552
18.229.248.167:13552
18.231.93.153:13552
54.94.248.37:13552

# Reference: https://www.virustotal.com/gui/file/f8fc2647fffca9883e5eb6cc375c4efafdb56d2f4a11fce3b4444dadfb51d0cb/detection

192.119.108.74:8710
192.119.108.74:8712
microsoftdell5.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fd5b9cbb176cfea7cb3ba0b8f10e323eb1a9c1a914a0ab9182aa033c8ea18429/detection

181.141.4.153:8000
walder08.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d173f0a86e693ad02d756c7f8f1bee445c663aecf2b4f886f733ca01c0911345/detection

181.141.4.153:6969
an6969.duckdns.org

# Reference: https://www.virustotal.com/gui/file/296a2cb7bf3fa274918f985358debd7983e2af29068fc37dd9cb99e070b9f0fd/detection

151.106.30.145:7410
741qu.bounceme.net

# Reference: https://www.virustotal.com/gui/file/577047181197a34939a106666deec71d3e91e386deda32d412ef1e8b3de2b000/detection

198.12.123.17:5004
198.12.123.17:6606
198.12.123.17:6700
198.12.123.17:7707
198.12.123.17:8808
celesperial.ddns.net

# Reference: https://www.virustotal.com/gui/file/67905601c2fc9f78274058e39de8c2714f46b40cfd29e5d5a06117fc7d07ab46/detection

172.111.136.105:2022
admina.duckdns.org

# Reference: https://www.virustotal.com/gui/file/60ae5794afacdc55c75268040eedce59d20776dced641d2cba250bd768359d8a/detection

alertgeeks.ddnsfree.com

# Reference: https://www.virustotal.com/gui/ip-address/185.150.117.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/84.32.190.45/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.217.144.194/relations
# Reference: https://www.virustotal.com/gui/file/9ae87c35d2a6209b208dcefea9785a31d69a1a9396a825883edddd3e030188e4/detection

fox-news-checker.cc
microsoft-auth-network.cc
microsoft-service-checker.xyz
security-service-api-link.cc
update-checker-status.cc
utorrent-backup-server.top
utorrent-backup-server2.top
utorrent-backup-server3.top
utorrent-backup-server4.top
utorrent-backup-server5.top
utorrent-server-api.cc
utorrent-servers.xyz
win-network-checker.cc
windows-services-update.com
youtube-checker.cc

# Reference: https://www.virustotal.com/gui/file/9a6aa7bc60f817e2c0761373100d5bb22207847da7d8452db757b17c03c18c9c/detection

185.174.101.94:5464
electroniccomerceanddatabasesforstudypurposesonly.online

# Reference: https://www.virustotal.com/gui/file/b0fafe361aa7083b1d3482ec723158599dd01c5d26fa5ea3c30d78a325c9fb8a/detection

209.25.140.229:18084
209.25.141.229:18084
209.25.142.229:18084
decision-at.at.ply.gg

# Reference: https://twitter.com/k3yp0d/status/1681973711774130176

nansen.accesscam.org

# Reference: https://www.virustotal.com/gui/file/0c72727630c83e823fd60d776bad262f01c7e0a9e52ea92fdd9a3adf04910d6e/detection

209.25.140.181:26235

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-07-23)

http://51.79.49.73
103.169.34.151:2245
103.170.118.35:6606
103.212.81.152:3845
103.212.81.152:3850
103.212.81.152:6606
103.212.81.152:7707
103.212.81.152:8808
104.255.175.12:8008
107.175.113.198:8011
108.58.155.197:6606
108.58.155.197:7000
108.58.155.197:7707
108.58.155.197:808
108.58.155.197:8808
108.58.155.197:8881
108.58.155.197:9909
109.195.94.247:8096
111.90.150.186:8977
116.62.11.90:8848
136.243.151.123:8808
136.243.151.123:9999
136.243.151.21:65
136.243.151.21:66
138.201.95.65:8808
141.98.6.105:5010
144.126.149.221:8888
146.59.161.10:8808
147.189.174.239:6666
149.202.0.249:8808
149.56.79.3:4007
154.12.252.41:4449
154.213.18.103:6000
154.213.18.70:6000
154.213.18.70:8808
154.213.18.84:8808
158.69.131.146:222
158.69.131.146:2222
166.88.209.145:1337
172.245.23.178:7777
179.13.0.238:4203
185.104.195.215:1981
185.104.195.215:2000
185.106.92.84:4449
185.17.3.72:7707
185.222.58.44:4040
185.225.74.254:6606
185.225.74.254:8808
185.24.55.37:8808
185.241.208.104:5555
185.241.208.142:6666
185.241.208.99:2222
185.241.208.99:6666
191.101.130.205:6606
191.101.130.205:7707
191.101.130.205:8808
191.89.243.236:5757
192.119.108.75:8713
192.119.108.76:8713
192.159.99.5:1010
192.159.99.5:2020
193.149.185.150:7707
193.23.3.123:6666
193.233.133.58:5631
193.26.115.74:888
194.213.3.18:6666
194.31.87.133:8808
194.32.149.80:8808
194.59.31.39:2025
194.87.151.87:8808
194.9.6.69:8808
2.58.56.143:222
2.58.56.143:2222
2.58.56.143:5555
20.150.193.28:4449
20.200.63.2:2727
207.32.218.20:8008
209.145.56.0:4017
209.25.140.212:34507
209.25.140.212:8848
209.25.141.180:6498
23.101.143.72:6666
23.101.143.72:7777
23.101.143.72:8888
23.229.67.133:5808
3.88.20.74:1111
45.12.253.107:6606
45.12.253.107:7707
45.12.253.107:8808
45.125.48.112:6606
45.125.48.112:7707
45.125.48.112:8808
45.136.6.79:6606
45.136.6.79:7707
45.136.6.79:8808
45.138.16.108:6606
45.138.16.108:7707
45.138.16.108:8808
45.138.16.145:2222
45.138.16.145:4444
45.138.16.145:6666
45.138.16.213:1194
45.138.16.235:6666
45.138.16.235:7777
45.141.215.109:6606
45.141.215.109:7707
45.141.215.109:8808
45.141.215.121:4444
45.141.215.121:6666
45.147.45.253:30303
45.154.98.201:6666
45.80.158.116:6666
5.161.192.28:6606
5.161.192.28:7707
5.161.192.28:8808
5.196.35.57:6606
5.196.35.57:7707
5.196.35.57:8808
5.224.222.63:4002
5.224.222.63:5001
5.224.222.63:5003
5.252.165.130:8808
51.142.112.141:113
51.75.52.3:2020
51.81.24.93:8088
52.28.112.211:19945
66.94.105.222:8808
68.219.184.180:3131
69.172.233.16:6666
69.172.233.44:6666
70.36.111.185:8888
77.73.131.83:8080
78.161.80.191:8808
78.47.172.152:5555
81.171.25.97:113
82.159.146.144:5000
84.54.50.31:8877
85.217.144.78:8808
87.121.221.53:6606
87.121.221.53:7707
87.121.221.53:8808
89.23.96.181:7777
91.109.176.4:8808
91.109.178.10:8808
91.109.182.6:6606
91.109.182.6:8808
94.142.138.19:443
windows10-11.ddns.net
windows10-11.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/167ed73a98ed7c3ff1ff221117f497c8fb6fa98ee0c1160a567415ad6d39195a/detection

18.197.239.109:12694
18.197.239.109:66086
18.197.239.109:7707
18.197.239.109:8808
3.69.157.220:12694
3.69.157.220:6606
3.69.157.220:7707
3.69.157.220:8808

# Reference: https://www.virustotal.com/gui/file/1a4f3da692806a57a243e8d165a183019c0a0126e8c6f0aade81979679ab3d94/detection

181.52.111.53:3028
sept24stri.con-ip.com

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

111.90.150.186:6606
111.90.150.186:7707
111.90.150.186:8753
111.90.150.186:8808
111.90.150.186:9907
79.110.49.162:6606
79.110.49.162:7707
79.110.49.162:8753
79.110.49.162:8808
79.110.49.162:8977
79.110.49.162:9907

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-07-29)

142.202.240.126:6666
147.50.253.108:5505
147.50.253.108:6606
147.50.253.108:7707
147.50.253.108:8808
172.94.105.98:2000
185.246.222.170:1616
192.121.247.21:2000
20.124.90.72:5002
20.200.63.2:3232
92.178.8.159:8848
onadeatcamside.sytes.net
ronadeatcamside.sytes.net

# Reference: https://www.virustotal.com/gui/file/6c16c890ebece47d2e9c9160c366e632fc7577ac766ae32ef640070481ab8c3e/detection

157.90.51.195:58001

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-07-31)

147.185.221.16:10735
206.53.55.8:6606
206.53.55.8:7707
206.53.55.8:8808
213.238.177.40:8848
61.136.166.128:8848
91.109.176.13:6606
91.109.176.13:7707
91.109.176.13:8808

# Reference: https://app.any.run/tasks/6dc0de33-d560-47a1-9e99-8b678a549174/

185.81.114.175:6606
185.81.114.175:7707
185.81.114.175:8808

# Reference: https://www.virustotal.com/gui/file/c3329f80f820ce5f4740cff9a03ebfb1a417f49cd81a6fac7f1174f8b9e65dc1/detection

208.67.107.168:9090

# Reference: https://www.virustotal.com/gui/file/a01b92a477bdf998362cd7ec70b0aa1a8fdc1cdbb2350ef47c5f17abcd422066/detection

208.67.107.168:9055

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-08-02)

185.180.230.132:1488
plazzasecretballeronline.onedumb.com

# Reference: https://www.virustotal.com/gui/file/8627f2595a4e2b9b3e78fd956771b037772ce92c49ebc06fd0b53c247f9513bf/detection

201.185.208.130:7580

# Reference: https://www.virustotal.com/gui/file/cf85e1acf51f48393b1ebeb6cc99d5987a84c0d6536f39c264e1bd3d60c21db4/detection

162.194.106.79:8848
noxbot.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1148970/
# Reference: https://www.virustotal.com/gui/file/763d970f36c8f7d30a356690884f8db111379153bafa55607b6f41bdb12fc01d/detection
# Reference: https://www.virustotal.com/gui/file/fe145c31edc5e0541a4e5857b1c8a54bfae66d78a76937469e0d1a37a0739073/detection

51.75.41.118:6606
51.75.41.118:7707
51.75.41.118:8808
3llah23.run.place
3llah.vpndns.net

# Reference: https://threatfox.abuse.ch/ioc/1149069/

45.74.0.212:2000

# Reference: https://www.virustotal.com/gui/file/398bf921701c72139dfa6d11b2eb41810170eaf847cc73f16ff00c8f86d6d30a/detection

46.246.12.26:2106
46.246.84.5:2106

# Reference: https://www.virustotal.com/gui/file/e6d3b5e5e32627fd5ebfe02729366a88a0af661ac60cf50e5acba8a575908732/detection

46.246.14.15:5050

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-08-10)

77.232.132.25:5001
91.109.178.2:1018

# Reference: https://www.virustotal.com/gui/file/dc86ebc16af410e160c279988a5aebe2dd492d932100e83aeef785fee2ef201a/detection

104.220.158.189:7788

# Reference: https://www.virustotal.com/gui/file/978acff20319adccc0f9f6b576a421387b4085496a535c6676f4f1258d718a71/detection

104.220.158.189:7771

# Reference: https://www.virustotal.com/gui/ip-address/81.171.25.97/relations
# Reference: https://www.virustotal.com/gui/file/73b3658f98fbf321844980d67ca63ca1c7d1b16ae50f112da68858b4924ac3d2/detection
# Reference: https://www.virustotal.com/gui/file/0cc0e3fe599b7bd362dd160efafaefd26c692934682cc13e12575c05aa028a99/detection
# Reference: https://www.virustotal.com/gui/file/f041884345406408839d2289106f09cd0f002fffd5a66bb2e34a141457bc7e82/detection

81.171.25.97:114
81.171.25.97:6606
81.171.25.97:7707
81.171.25.97:8808
new22.vpndns.net
windowsignn.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/61be8cdec38d60d5a8a64fd0f891656f0410825d7c1181d7f40eb6aaf56d3521/detection

177.255.88.161:7575
2riandcra.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fd87155ae16286e44eb0068f8ea18a735bc8b8a1fbefc60f70b7a5a14538677b/detection

185.106.94.122:4449

# Reference: https://www.virustotal.com/gui/file/3e5129342dbb24524cf03acc4830c429e57ed7d54c0bfe996675c35680378326/detection

51.254.49.49:5005
augustsimillarity5045norep.ooguy.com

# Reference: https://www.virustotal.com/gui/file/c69860ee4b8d0f24138de42421cd4123ef15e3618b08faa5becf9b52c69fc8e4/detection

41.98.125.239:1000

# Reference: https://threatfox.abuse.ch/ioc/1149939/

185.225.75.5:3450

# Reference: https://threatfox.abuse.ch/ioc/1150150/

20.200.63.2:3636

# Reference: https://www.virustotal.com/gui/file/04f21858d3b9bf77deda4fb7f68682cc3958b4ce07ff15be06272978dda62cd0/detection

94.156.102.141:1188
94.156.102.141:7575
freighteighttwocam.ddns.net
freighteightonecam.sytes.net

# Reference: https://twitter.com/r3dbU7z/status/1692693944713326673
# Reference: https://www.virustotal.com/gui/file/63a7fd8b6ff6ffbcd258d9809d672a7c14eb111da7b99995ad43441c7164ca03/detection
# Reference: https://www.virustotal.com/gui/file/3d9240c729af948921184ce965f54cf1d3841d81465ed06f537e4ef838a01643/detection

206.53.55.190:1717
206.53.55.190:1990
206.53.55.190:1991
206.53.55.190:1992
206.53.55.190:1993
206.53.55.190:1996
206.53.55.190:1997
206.53.55.190:1998
206.53.55.190:6161
206.53.55.190:6606
206.53.55.190:7171
206.53.55.190:7707
206.53.55.190:8808
psmohmedhatx21.teaches-yoga.com
xp3host.dynalias.com
xp4flash.selfip.biz

# Reference: https://www.virustotal.com/gui/file/7fb648fac5909411544f76c0444f0e2f285c1a965030661f573264818b2f8e8f/detection

103.145.13.69:9889

# Reference: https://irfan-eternal.github.io/analysing-.net-asyncrat-using-dnspy/
# Reference: https://www.virustotal.com/gui/file/8da2ee52332138905d6c21a8c2fd16c1ccb16aa057b64df7e66f2bd38664e86f/detection

185.252.178.121:6606
185.252.178.121:7707
josemonila.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/3cc1baf7b47138253df8ee572d99ab99a8d597cd8f72a9e2a5de264ba480933d/detection

181.52.102.110:6606
181.52.102.110:7707
181.52.102.110:8808
asynrat2023.duckdns.org

# Reference: https://twitter.com/pmelson/status/1693342246563627400
# Reference: https://pastebin.com/BThmj07d

45.14.165.113:6606
45.14.165.113:7707
45.14.165.113:8808

# Reference: https://www.virustotal.com/gui/file/002f60e1c62d85643e17295edef3ba55f4f5c9487d76d9df279cf69ab3e9cd86/detection

37.3.242.75:4449
myhosas.ddns.net

# Reference: https://twitter.com/suyog41/status/1693917329372102953

enesoftware.top

# Reference: https://decoded.avast.io/martinchlumecky/hotrat-the-risks-of-illegal-software-downloads-and-hidden-autohotkey-script-within/
# Reference: https://otx.alienvault.com/pulse/64be7858d74c880dfcfe7615
# Reference: https://www.virustotal.com/gui/file/0b32aa65d2e322aa176f313791444b5dc313bddab13ec31dd7bcd278ee07e7bc/detection
# Reference: https://www.virustotal.com/gui/file/9a294dbc6efbe24b7da955c62a7f12b6f142a41b10b9e168788e4b4e23ea3a4a/detection
# Reference: https://www.virustotal.com/gui/file/73bd4c7a86d191c46a14cc37e901529de17df2705b6d7cbfd832d051cd72053c/detection
# Reference: https://www.virustotal.com/gui/file/46f81e5fcd1cdd8b4dc3079f615bddbd1d75f1540e29b79201c7b284965b367f/detection
# Reference: https://www.virustotal.com/gui/file/43e8b2afe0a807842cb12ec6b5b67f0d25c1031c0398c3e394df128958896e9e/detection
# Reference: https://www.virustotal.com/gui/file/d6722a29d0c7f579f7c2190928090194fd9d02d6dbc605a29da6a52e43428efc/detection
# Reference: https://www.virustotal.com/gui/file/288af01303abb4d064c4217d425c25d0b21388a3262dae56742891dbfaadfc45/detection
# Reference: https://www.virustotal.com/gui/file/1f6d0c9cf3c2f6a006bb9bc518f700748c1ac9b56615e12c60009175359830a8/detection
# Reference: https://www.virustotal.com/gui/file/b9965723a0480239544ec3990132ff2db7dfe18787122a3d0e91a282becb99eb/detection
# Reference: https://www.virustotal.com/gui/file/8c1ca084dc5a5ff7d8488267ea077911718d43e369449afe346e8b631ba2a542/detection
# Reference: https://www.virustotal.com/gui/file/198e2c9faec77fb6efcee8dbd2e910ab96e0aa8e080d7a43cd3b399c0fba6418/detection

108.143.240.80:771
13.80.133.110:70
185.205.209.206:1114
185.205.209.206:2012
20.218.135.231:306
209.145.56.0:2012
45.138.16.87:1113
78.181.128.17:4014
85.102.222.140:4015
88.229.26.95:4015
88.232.117.185:4015
88.249.141.131:55
88.252.196.9:91
51-83-136-132.xyz
s1-filecr.xyz
dynsys.is-a-guru.com
fon1.sells-it.net
foxn1.sells-it.net
rec.casacam.net
samaerx.ddnsfree.com
srxy123.is-a-geek.com
websites.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/ed7156a259cecc750c121faed21545185d9436de677556ef9e271e519073fb34/detection

78.170.251.123:6606
78.170.251.123:8808
81.214.76.150:6606
81.214.76.150:7707
81.214.76.150:8808

# Reference: https://www.virustotal.com/gui/file/817f9928ccca9886ff23d9c68894c6d510da21bf238f9955a909d7b9e4054a61/detection

78.161.80.94:4017
live.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7d5b09c3ff843a1196ce62f5d8b5c9d52b6c83b3bfff3e6d18534586ddb5010f/detection

78.169.11.161:6606
78.169.11.161:7707
78.169.11.161:8808

# Reference: https://www.virustotal.com/gui/file/390fa96690573ffd2037a1d21bc066f5c6ca16b67448cf677b92f09c0dd862d5/detection

45.138.16.48:66
assdwdssa.sells-it.net
dsdwdwnsd.sells-it.net
sotso.homedns.org

# Reference: https://www.virustotal.com/gui/file/fb9c17a01cf868d55c0368d7d099f4509bed812409eeb5abf7200f1ab5817c32/detection

78.161.80.94:4018
88.237.201.81:4018
live.sells-it.net

# Reference: https://twitter.com/ScumBots/status/1694109037594366260
# Reference: https://www.virustotal.com/gui/file/0467d797db1facd534f6d1e0093dbfc95de214e09bb180eb3d18ed24c474163d/detection

141.98.6.105:5010
141.98.6.105:6606
141.98.6.105:7707
141.98.6.105:8808
r0nj.ooguy.com

# Reference: https://threatfox.abuse.ch/ioc/1151706/

194.169.175.43:1339

# Reference: https://www.virustotal.com/gui/file/c60bcda1d38ac7b02ee20d89378b2c6bac63e1866aa4bc5fd218edbbad8c8066/detection

93.115.35.130:4418

# Reference: https://www.virustotal.com/gui/file/4b6ffa81db06ef905a14b9483472f506e642d9be730c7926b32b1aab98a8aedd/detection

91.92.120.18:4441

# Reference: https://threatfox.abuse.ch/ioc/1152320/

85.239.241.136:1338

# Reference: https://threatfox.abuse.ch/ioc/1152406/

138.197.66.62:22256

# Reference: https://threatfox.abuse.ch/ioc/1152460/

213.3.43.23:58640

# Reference: https://www.virustotal.com/gui/file/0829db1ff9d39045943c0774e8d059593c4aada1527d34fa21889504fea3e153/detection

172.94.104.195:2000
78.101.189.42:2000
donzola.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1152519/

95.173.247.110:8810

# Reference: https://www.virustotal.com/gui/file/0106b0d302d02505f7681a44f5390357e98d9d040a833b899cb74eee07303fe5/detection

95.173.247.110:8806

# Reference: https://www.virustotal.com/gui/file/352c232d90178707026177ddb1d09a36149f4167ae50323ac8d29ddd5dafdb03/detection

95.173.247.110:8807

# Reference: https://www.virustotal.com/gui/file/146a834437e2f564d98221dbf31b65fb7c8202439efffe188b92299983197391/detection
# Reference: https://www.virustotal.com/gui/file/c868403af8ea5fcad690924167f28c1dc2aa8e1dd342d2ff14d3289f8870fb0b/detection

193.43.104.22:3232

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-08-31)

138.197.66.62:22596
147.185.221.16:30170
181.131.219.51:2727
38.6.189.150:8848
4.212.242.253:8848
80.66.79.27:4404

# Reference: https://www.virustotal.com/gui/file/28ffb4d5d61e7b2e35372c8b2a434c2d66825b1431ca1c2caf523584426dfc97/detection

43.159.134.109:6606
43.159.134.109:7707
43.159.134.109:8808

# Reference: https://www.virustotal.com/gui/file/dfc4a0222fb2f69e65438196a7935f86c6e42e3005c136930506a37542f6a0f9/detection

43.133.48.66:6606
43.133.48.66:7707
43.133.48.66:8808

# Reference: https://www.virustotal.com/gui/file/2293710fbf66e120d90e03f95a38b966da05d33ee0a1df2f14500e4811085494/detection

45.13.199.216:6606
45.13.199.216:7707
45.13.199.216:8808

# Reference: https://www.virustotal.com/gui/file/2a852589c52954a54a1e658a114fb19e936443aaa85b4fed48b3c64ff1162b81/detection

45.128.221.39:6606
45.128.221.39:7707
45.128.221.39:8808

# Reference: https://www.virustotal.com/gui/file/1ad2936e4d510633259697d0e7d692131c88de79716228963b39eb128a0dd301/detection

193.42.24.214:6606
193.42.24.214:7707
193.42.24.214:8808
193.42.24.214:8809

# Reference: https://www.virustotal.com/gui/file/641926faa61b285dc56392e849301861e5f786a3e45a7373dd334f34aa65d40d/detection

65.108.24.87:6606
65.108.24.87:7707
65.108.24.87:8808

# Reference: https://www.virustotal.com/gui/file/787f1dcd58cff8afb05bea4917395c330f5c4b5b129bee31009c824d9eac4cdf/detection
# Reference: https://www.virustotal.com/gui/file/07442f6c22ad2b6a0d4f4c342c3e2a9095941147462b2722e2cb95c3ad77221f/detection

45.92.1.24:5001
febrawryman80noistry10.kozow.com

# Reference: https://www.virustotal.com/gui/file/c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487/detection

172.94.40.145:8004
16agostok.duckdns.org

# Reference: https://www.virustotal.com/gui/file/964555913ef321b88a1e52594f8438820230e704dd06f14768fafa9285038af9/detection

51.254.49.49:222
51.254.49.49:9191

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-04)

146.59.161.10:6606
146.59.161.10:7707
146.59.161.10:8808
147.124.209.80:222
15.204.170.1:6606
15.204.170.1:7707
15.204.170.1:8808
158.69.131.146:6606
158.69.131.146:7707
158.69.131.146:8808
185.252.179.66:6906
198.244.251.250:222
23.254.227.121:222
45.138.16.217:222
45.138.16.89:222
5.196.35.57:6606
5.196.35.57:7707
5.196.35.57:8808
51.161.105.119:6606
51.161.105.119:7707
51.161.105.119:8808
51.195.145.78:6606
51.195.145.78:7707
51.195.145.78:8808
51.195.251.7:6606
51.195.251.7:7707
51.195.251.7:8808
51.195.251.9:222
51.222.69.3:222
51.81.7.207:222
51.89.204.67:6606
51.89.204.67:7707
51.89.204.67:8808
51.89.207.166:6606
51.89.207.166:7707
51.89.207.166:8808
74.208.105.80:222
89.23.101.212:3232
95.214.25.236:4404

# Reference: https://www.virustotal.com/gui/file/1da13a6219c242b5216483316f8d98e64ef55cc44deb3b7023ed9ea3a1aa00ee/detection

218.89.171.135:23647
218.89.171.135:4139
218.89.171.135:6606
218.89.171.135:7707
218.89.171.135:8808

# Reference: https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4

192.155.91.72:5000

# Reference: https://www.virustotal.com/gui/file/ee666f67a09821bcfb7c7a19bf9fe04be8c0359884aa9b32bc887c9c26a4e579/detection

179.13.2.154:7000
nuevamenteeste.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d391692283a5dee65d00f4e3163e736da942ad2562136094da8613ac106fd5f0/detection

193.203.238.54:7777
mr1robot11.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/177.255.88.161/relations
# Reference: https://www.virustotal.com/gui/file/e04cc364b53b6af7b8fe20a186f330dc67173f5d5e9b3ec9929f82092c72302f/detection

177.255.88.161:8525
informesespeciales123.duckdns.org
mistersjsas1.duckdns.org
newemprender.freeddns.org
newpouelsen1.duckdns.org
newzamrecarga.duckdns.org
polusennew1.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-09)

194.180.48.53:6606
194.180.48.53:7707
194.180.48.53:8808

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/AsyncRAT/asyncrat_found_c2s_2020_to_2023.txt

http://124.182.146.41
http://181.162.213.36
http://20.86.129.162
http://212.125.28.114
http://88.138.252.119
1.117.82.177:6689
1.117.82.177:8848
1.14.103.49:8848
101.33.208.151:6606
101.33.208.151:7707
101.33.208.151:8808
101.42.20.213:4449
101.43.254.90:8848
103.108.66.222:2023
103.108.66.222:2818
103.108.66.222:4449
103.108.66.225:2023
103.127.236.137:8848
103.138.108.71:1070
103.138.108.71:1137
103.138.108.71:2018
103.142.218.222:63979
103.147.184.53:1991
103.147.184.73:7920
103.147.185.192:7829
103.147.185.192:7840
103.147.185.192:7841
103.148.186.105:8848
103.149.13.196:8621
103.149.201.155:8925
103.149.201.162:2023
103.149.201.212:2023
103.149.201.212:20811
103.149.201.212:4449
103.149.201.212:8910
103.151.123.2:8621
103.153.79.210:8621
103.156.91.96:8621
103.167.90.172:06275
103.20.221.33:3232
103.231.254.62:8848
103.233.253.101:8921
103.233.253.118:8920
103.235.175.244:4448
103.235.175.244:4449
103.239.244.27:8848
103.254.108.50:1688
103.39.109.48:4449
103.39.109.63:4449
103.42.30.227:2023
103.42.30.227:8908
103.42.31.140:2023
103.42.31.140:2082
103.88.35.24:14449
104.129.26.162:7707
104.129.26.162:8809
104.152.188.104:1986
104.152.188.104:6606
104.152.188.104:7707
104.152.188.104:8808
104.194.156.4:3232
104.206.98.246:11903
104.223.106.133:3480
104.223.106.133:7700
104.223.106.133:7780
104.223.106.133:9800
104.233.228.116:8848
104.3.77.123:25566
104.37.174.26:1465
105.103.106.56:4449
107.148.13.135:1981
107.148.8.176:8848
107.150.4.162:4449
107.175.178.6:7277
107.182.237.15:55736
107.213.221.23:4449
109.120.188.95:8848
109.195.94.247:4782
109.248.200.191:6627
110.238.105.105:8848
111.67.201.24:8848
111.92.241.239:2023
112.150.137.53:6606
112.150.137.53:666
112.150.137.53:7707
112.150.137.53:8808
112.213.110.66:8848
114.132.125.213:8848
114.134.188.218:2023
118.195.199.246:8848
120.78.151.171:6658
121.45.37.175:6606
123.215.61.198:2020
123.215.61.198:6060
123.215.61.198:8080
124.248.229.210:8848
129.151.83.165:7177
13.233.168.154:8686
13.233.168.154:8687
13.36.178.139:4784
13.68.249.188:1881
13.72.107.36:7707
13.72.68.255:7707
13.77.164.68:7707
13.77.222.211:6650
13.77.222.211:6890
13.77.222.211:7829
13.77.222.211:9034
13.81.84.141:7788
134.122.167.65:8848
134.195.91.47:5555
135.181.53.40:4444
136.144.41.186:8848
136.144.41.24:3091
136.144.41.252:6606
136.144.41.252:7707
136.144.41.252:8808
136.144.41.83:4102
136.175.8.117:6606
136.175.8.117:7707
136.175.8.117:8808
136.243.191.199:18
136.243.191.199:4784
136.243.191.199:59
136.243.191.199:5900
136.244.94.164:3132
137.117.100.173:443
138.201.2.2:2002
139.28.235.223:6606
139.28.235.223:7707
139.28.235.223:8808
139.28.5.19:6606
139.28.5.19:7707
139.28.5.19:8808
139.99.73.120:34567
14.17.115.109:12356
14.17.115.109:22222
14.17.115.109:55555
14.17.115.109:8848
141.95.84.40:3020
141.95.84.40:3040
141.95.84.40:5055
141.95.84.40:555
141.95.84.40:911
141.95.84.40:912
141.98.11.72:4449
141.98.252.169:58750
142.11.209.177:6606
142.11.209.177:6821
142.11.209.177:7707
142.11.209.177:8808
142.4.200.50:6606
142.4.200.50:7707
142.4.200.50:8808
144.202.75.107:6606
144.202.75.107:7707
144.202.75.107:8808
144.217.68.78:3010
144.48.222.103:8848
147.124.208.212:6606
147.124.208.212:7707
147.124.208.212:8808
147.124.214.14:6606
147.124.214.14:7707
147.124.214.14:8808
147.185.221.161:15753
147.185.221.161:4449
147.185.221.16:11623
147.185.221.16:15753
147.185.221.16:41950
147.185.221.16:4429
147.185.221.16:4449
147.185.221.16:5050
147.185.221.180:8840
147.185.221.181:1024
147.185.221.181:16409
147.185.221.181:2044
147.185.221.181:53898
147.185.221.181:8848
147.185.221.212:46856
147.185.221.212:52456
147.185.221.223:5050
147.185.221.223:64895
147.189.171.186:1337
148.163.80.217:8542
149.104.148.244:8848
149.28.173.200:4784
15.235.10.108:8848
15.235.130.74:6606
15.235.130.74:7707
15.235.130.74:8808
151.248.122.243:6666
154.12.86.189:2023
154.12.87.239:2023
154.12.90.13:8922
154.12.90.2:2023
154.12.90.31:2023
154.12.90.49:8903
154.127.53.193:40404
154.127.53.26:1040
154.221.24.181:8848
154.23.176.93:4449
154.40.36.190:6606
154.47.25.194:1987
154.61.75.84:4444
154.61.75.84:5060
154.61.75.84:6659
154.61.75.84:8848
154.91.227.35:8848
155.94.129.4:4449
156.254.127.78:1443
157.230.255.179:5555
157.230.255.179:6606
157.230.255.179:7707
157.230.255.179:8808
162.14.197.20:8848
162.246.187.245:6128
162.246.187.245:6606
162.246.187.245:7707
162.246.187.245:8808
163.123.143.164:4747
164.155.129.86:4449
165.227.168.205:6606
167.71.56.116:22011
168.62.160.75:1604
168.62.160.75:222
170.39.185.242:6606
170.39.185.242:6821
170.39.185.242:7707
170.39.185.242:8808
172.0.0.1:8908
172.111.200.225:2768
172.111.252.131:9090
172.241.29.21:1608
172.241.29.21:3389
172.241.29.21:6606
172.241.29.21:8808
172.245.244.102:1809
172.93.163.101:6606
172.93.163.101:7707
172.93.163.101:8808
172.93.181.21:8848
172.93.222.169:6606
172.93.222.169:7707
172.93.222.169:8808
172.94.109.17:2703
172.94.109.17:46422
172.94.109.17:49746
172.94.109.17:6578
172.94.14.239:6606
172.94.47.80:4411
173.234.155.108:6666
173.243.112.143:6606
173.243.112.143:7707
173.243.112.143:8808
173.31.169.124:82
176.98.41.115:1938
176.98.41.49:6606
176.98.41.49:7707
176.98.41.49:8808
178.20.230.68:1604
178.208.94.113:4404
178.209.51.192:6663
178.211.139.47:4449
178.33.222.241:46943
178.33.222.243:2703
178.33.222.243:46943
178.33.222.243:49703
178.33.222.243:49746
179.43.139.10:4449
179.43.140.175:1678
179.43.140.208:6606
179.43.140.208:7707
179.43.140.208:8808
18.133.124.202:4784
18.156.13.209:10944
18.156.13.209:16608
18.156.13.209:4824
18.156.13.209:5403
18.157.68.73:16608
18.157.68.73:5403
18.158.249.75:12395
18.158.249.75:4824
18.192.93.86:15165
18.192.93.86:16608
18.192.93.86:4824
18.192.93.86:5403
18.197.239.109:16321
18.197.239.109:4824
18.197.239.5:16608
18.197.239.5:5403
18.212.29.200:4449
18.222.208.120:1938
18.222.33.57:7017
18.223.28.97:4784
180.214.239.36:6090
181.129.12.44:7777
181.162.213.36:4449
184.75.221.59:56390
184.90.251.249:7707
185.106.94.165:4449
185.112.146.237:8080
185.112.83.111:1338
185.128.25.29:6606
185.128.25.29:7707
185.128.25.29:8808
185.136.169.109:3480
185.136.169.109:6606
185.136.169.109:7707
185.136.169.109:8808
185.136.169.163:3480
185.136.169.163:6606
185.136.169.163:7707
185.136.169.163:8808
185.136.169.24:6606
185.136.169.24:7707
185.136.169.24:8808
185.140.53.133:2435
185.140.53.143:7707
185.140.53.162:8877
185.140.53.167:1515
185.140.53.192:1515
185.140.53.194:1002
185.140.53.213:6606
185.140.53.213:7707
185.140.53.227:6606
185.140.53.227:7707
185.140.53.227:8808
185.140.53.253:10001
185.140.53.41:5288
185.140.53.47:2424
185.140.53.67:10001
185.140.53.71:5622
185.140.53.7:6606
185.140.53.7:7707
185.140.53.7:8808
185.140.53.7:9090
185.140.53.8:6060
185.150.24.5:9171
185.157.160.136:1973
185.157.160.147:1973
185.157.161.205:1973
185.16.39.143:8848
185.165.153.116:46943
185.165.153.209:1990
185.165.153.215:6606
185.165.153.249:4371
185.165.153.249:4571
185.165.153.251:5050
185.165.153.251:6606
185.165.153.251:7707
185.165.153.251:8808
185.165.153.43:5007
185.172.111.229:27015
185.183.33.129:4449
185.183.35.122:4444
185.189.151.142:1122
185.189.151.142:5200
185.19.85.136:6060
185.19.85.143:9688
185.19.85.149:4898
185.19.85.149:6606
185.19.85.149:7707
185.19.85.149:8808
185.19.85.171:6606
185.19.85.177:54925
185.19.85.177:9961
185.19.85.179:6606
185.191.231.252:54984
185.195.79.212:5656
185.213.26.169:3389
185.214.10.196:6606
185.214.10.196:7707
185.214.10.196:8808
185.219.221.55:6606
185.219.221.55:7707
185.219.221.55:8808
185.22.154.160:33080
185.222.57.171:3678
185.222.57.203:7707
185.222.57.203:8808
185.222.57.233:2059
185.222.58.151:59668
185.222.58.151:59790
185.222.58.154:45216
185.222.58.154:51390
185.223.28.241:444
185.223.28.241:6606
185.223.28.241:7707
185.223.28.241:8808
185.239.242.166:5536
185.239.242.74:23500
185.241.208.97:5505
185.244.26.198:2021
185.244.26.234:4675
185.244.30.112:222
185.244.30.112:6606
185.244.30.121:7882
185.244.30.253:5050
185.244.30.253:6606
185.244.30.253:7707
185.244.30.253:8808
185.244.30.92:46943
185.246.222.249:4444
185.250.204.245:6606
185.250.204.245:7707
185.250.204.245:8808
185.33.234.204:4784
185.33.234.71:1337
185.33.234.96:2306
185.65.134.165:55160
185.65.134.165:55498
185.70.187.145:5555
185.81.157.117:9905
185.81.157.154:2424
185.81.157.169:2023
185.81.157.19:3312
185.81.157.19:6666
185.81.157.209:2312
185.81.157.46:1020
185.81.157.7:5523
185.92.74.18:3391
188.215.229.22:8900
188.215.229.44:7900
188.32.117.137:4200
188.72.112.72:1443
190.247.124.60:6821
191.101.193.202:6606
191.101.193.202:7707
191.101.193.202:8808
191.234.193.127:4449
191.96.236.162:22745
191.96.236.162:8000
192.210.214.230:6606
192.253.237.23:8848
192.253.255.182:6606
192.253.255.182:7707
192.253.255.182:8808
193.142.146.204:6606
193.142.146.204:7707
193.142.146.204:8808
193.149.185.169:6606
193.149.185.169:7707
193.149.185.169:8808
193.161.193.99:1500
193.161.193.99:25627
193.161.193.99:29069
193.161.193.99:38787
193.161.193.99:43453
193.161.193.99:43741
193.161.193.99:56777
193.164.7.105:4784
193.233.233.154:7781
193.239.147.156:6606
193.239.147.156:7707
193.239.147.156:8808
193.239.147.169:6606
193.239.147.169:7707
193.239.147.169:8808
193.239.147.169:8888
193.239.147.231:6606
193.239.147.40:8808
193.27.13.52:58107
193.27.13.57:58107
193.32.232.64:7777
193.56.28.20:5200
193.56.28.20:6606
193.56.28.20:7707
193.56.28.20:8808
194.127.178.3:3578
194.127.178.3:6606
194.127.178.3:7707
194.127.178.3:8808
194.127.179.127:6666
194.127.179.131:6666
194.147.140.145:9346
194.147.140.145:9955
194.156.90.31:5004
194.156.98.161:6606
194.156.98.161:7707
194.156.98.161:8808
194.180.48.177:4449
194.233.169.93:1604
194.233.169.93:6606
194.233.169.93:8808
194.233.92.247:4449
194.26.192.154:4449
194.33.45.109:7777
194.33.45.109:8888
194.49.94.163:6606
194.49.94.227:4449
194.5.97.165:5454
194.5.97.165:6606
194.5.97.165:7707
194.5.97.177:10011
194.5.97.208:4563
194.5.97.212:1199
194.5.97.21:2675
194.5.97.54:4449
194.5.97.6:7006
194.5.97.84:6606
194.5.97.84:7707
194.5.97.85:6606
194.5.97.85:7707
194.5.97.85:8808
194.5.97.85:9909
194.5.98.120:1515
194.5.98.129:5554
194.5.98.16:1337
194.5.98.174:1515
194.5.98.17:4545
194.5.98.231:6606
194.5.98.231:7707
194.5.98.231:8808
194.5.98.32:8808
194.5.98.32:9909
194.5.98.46:7707
194.5.98.52:18187
194.5.98.52:6606
194.5.98.52:7707
194.5.98.52:8808
194.5.98.64:1515
194.5.98.81:2510
194.5.98.81:3434
194.5.98.81:6128
194.5.99.181:4533
194.62.157.177:6969
195.133.18.181:8878
195.140.213.93:5220
195.174.142.168:4784
195.174.209.145:481
195.174.29.189:81
195.174.29.189:86
195.178.120.137:4001
195.206.105.12:2050
195.78.54.247:15491
195.78.54.247:23092
195.78.54.247:8080
195.85.201.65:6106
195.85.205.219:4449
197.210.55.94:3650
197.210.55.94:6606
197.210.55.94:7707
197.210.55.94:8808
198.44.167.128:4449
198.44.168.227:2023
198.44.168.246:4449
198.44.186.222:4449
198.46.141.251:6606
198.46.141.251:7707
198.46.141.251:8808
198.46.177.119:3480
198.46.177.119:6606
198.46.177.119:7707
198.46.177.119:8808
2.56.59.219:5643
2.56.62.12:2013
2.58.149.98:5634
2.59.119.56:3132
20.106.79.151:8808
20.112.14.182:1337
20.115.143.128:3152
20.172.182.62:8080
20.188.60.159:1881
20.197.177.229:6821
20.199.112.16:3535
20.203.178.116:2070
20.224.56.152:6606
20.224.56.152:7707
20.224.56.152:8808
20.36.21.13:2070
20.52.138.14:1881
20.52.138.14:1911
20.52.139.127:6821
20.52.151.53:1604
20.52.178.148:444
20.52.178.148:6606
20.52.178.148:7707
20.52.178.148:8808
20.52.33.123:2222
20.68.110.75:7272
20.69.152.28:7707
20.84.181.62:11647
20.84.181.62:25565
20.84.181.62:4355
20.84.181.62:7293
20.86.129.162:5205
20.86.129.162:6606
20.86.129.162:7707
20.86.129.162:81
20.86.129.162:8808
20.86.129.162:9999
20.86.25.230:1605
20.98.113.24:1604
20.98.113.24:6606
20.98.113.24:7707
20.98.113.24:8808
20.98.203.218:8080
201.111.223.252:6700
201.111.223.252:6702
201.97.129.143:6700
202.55.133.118:5200
202.95.14.199:8848
203.159.80.216:6606
203.159.80.216:7707
203.159.80.216:8080
203.159.80.216:8808
203.159.80.52:5800
203.186.44.219:6606
203.186.44.219:7707
203.186.44.219:8080
203.186.44.219:8808
206.189.139.209:2022
207.32.216.106:6606
207.32.216.106:7707
207.32.216.106:8808
207.32.217.131:6666
207.32.218.231:1111
207.32.218.231:7777
207.32.218.231:8888
207.32.218.43:5555
207.32.218.43:6666
207.32.218.84:6666
207.32.219.26:6666
207.32.219.92:1111
209.127.186.228:6606
209.145.56.157:6606
209.145.56.157:7707
209.145.56.157:8808
209.205.141.181:39858
209.25.141.180:13917
209.25.141.180:28818
209.25.141.180:4449
209.25.141.180:7878
209.25.141.181:23778
209.25.141.181:28050
209.25.141.181:39858
209.25.141.181:8080
209.25.141.212:11647
209.25.141.212:25565
209.25.141.212:4355
209.25.141.212:7293
209.54.104.73:8558
211.47.109.200:6606
211.47.109.200:7707
211.47.109.200:8808
212.129.4.112:6606
212.129.4.112:7707
212.129.4.112:8808
212.192.246.207:3162
213.142.159.41:6606
213.142.159.41:7707
213.142.159.41:8808
213.152.186.24:16941
213.226.119.176:6606
213.226.119.226:1881
213.226.119.28:6606
213.226.119.28:7707
213.226.119.28:8808
213.238.166.43:8080
213.238.172.124:1604
213.238.172.95:6606
213.238.172.95:7707
213.238.172.95:8808
216.230.75.194:6606
216.230.75.194:7707
216.230.75.194:8808
216.230.75.62:1107
216.250.252.148:6606
216.250.252.148:7707
216.250.252.148:8808
217.146.88.139:5220
217.182.78.12:56623
217.182.78.12:7119
217.64.149.101:1973
217.64.149.183:1975
222.211.72.47:8848
23.105.131.169:7707
23.105.131.169:8808
23.105.131.201:7776
23.105.131.207:10001
23.105.131.212:4409
23.105.131.236:4409
23.106.223.244:6668
23.238.217.173:6606
23.238.217.173:7707
23.238.217.173:8808
23.254.161.249:4444
23.254.225.164:4449
23.92.209.138:6606
23.92.209.138:7707
23.92.209.138:8808
23.95.115.74:1148
23.95.115.74:1759
23.95.115.74:1985
23.95.44.214:3306
27.124.12.12:8848
27.124.4.139:8848
27.254.163.62:1337
27.254.163.62:3306
27.254.163.62:6606
27.254.163.62:7707
27.254.163.62:8808
3.124.67.191:13184
3.124.67.191:4824
3.126.37.18:16608
3.126.37.18:5403
3.127.138.57:16608
3.127.138.57:4503
3.127.138.57:5403
3.127.59.75:11670
3.127.59.75:4824
3.128.29.88:4892
3.131.190.22:21200
3.135.234.129:4784
3.67.161.133:16225
3.67.161.133:5403
3.69.157.220:10147
3.69.157.220:4824
31.150.163.112:6606
31.150.163.112:7707
31.150.163.112:8808
31.17.132.37:8808
31.210.20.167:6606
31.210.20.167:7707
31.210.20.167:8808
31.210.20.192:8808
31.210.20.79:3311
31.223.35.146:4449
31.41.244.235:8848
34.223.60.188:6606
34.91.242.34:5472
34.91.242.34:6606
34.91.242.34:7707
34.91.242.34:8808
35.177.119.94:1508
36.255.96.200:4190
37.0.11.45:1604
37.0.11.45:3162
37.0.11.45:448
37.0.11.45:9495
37.0.8.17:46422
37.0.8.17:6578
37.0.8.93:7050
37.120.208.36:46943
37.19.210.29:60371
37.75.98.113:6666
37.8.111.210:5552
38.132.124.138:7777
38.132.99.156:6606
38.132.99.156:7707
38.132.99.156:8808
38.46.13.242:5555
38.46.13.242:8848
38.55.205.246:8848
40.113.56.160:6606
40.113.56.160:7707
40.113.56.160:8808
40.122.131.23:24175
40.74.229.0:6606
40.74.229.0:7707
40.74.229.0:8808
40.90.168.244:7707
40.90.168.244:8808
40.90.168.244:9909
40.90.210.21:3054
42.192.139.42:8880
43.137.15.104:8848
43.138.142.86:8848
43.140.202.229:8848
43.142.15.215:25566
43.143.12.71:8848
43.143.249.228:8848
43.143.249.228:9723
43.152.225.81:8848
43.249.8.248:2023
43.249.8.250:2023
45.119.84.166:3303
45.119.84.166:4404
45.119.84.166:5505
45.12.253.146:6606
45.12.253.146:7707
45.12.253.146:8808
45.131.1.70:1604
45.132.1.226:4342
45.133.174.122:6606
45.133.174.122:8808
45.137.20.108:8848
45.137.22.115:14496
45.137.22.115:29746
45.137.22.70:24626
45.137.22.70:32204
45.137.22.70:36374
45.137.65.94:4449
45.139.202.202:6606
45.139.202.55:4784
45.14.185.127:4449
45.143.223.34:3218
45.144.225.194:2424
45.145.185.245:1234
45.145.22.128:9495
45.145.22.142:6606
45.15.143.183:1336
45.15.143.183:1337
45.15.143.183:1338
45.15.143.183:1339
45.15.143.183:1400
45.15.143.191:6606
45.15.143.191:7707
45.15.143.191:8808
45.15.143.199:6606
45.15.143.199:7707
45.15.143.199:8808
45.154.98.42:4449
45.204.126.250:8848
45.227.255.194:6606
45.227.255.194:6969
45.227.255.194:7707
45.227.255.194:8808
45.32.48.250:6606
45.32.48.250:7707
45.32.48.250:8808
45.32.99.249:6606
45.32.99.249:7707
45.32.99.249:8621
45.32.99.249:8808
45.63.42.221:6821
45.66.230.191:8083
45.74.4.244:6606
45.76.219.163:6606
45.76.219.163:7707
45.76.219.163:8808
45.76.50.199:6606
45.76.50.199:7707
45.76.50.199:8808
45.76.56.26:6606
45.76.56.26:7707
45.76.56.26:8808
45.77.101.153:6606
45.77.101.153:7707
45.77.101.153:8808
45.80.158.113:8080
45.80.158.113:8848
45.91.92.112:8345
45.95.168.110:6606
45.95.168.110:7707
45.95.168.110:8808
45.95.168.110:9909
45.95.168.116:1336
45.95.168.116:1400
45.95.168.166:6666
45.95.169.112:6606
45.95.169.112:7707
45.95.169.112:7760
45.95.169.112:8808
46.1.54.174:85
46.1.54.174:87
46.153.20.70:11451
46.153.20.70:4449
47.111.31.251:1999
47.242.89.34:8848
47.54.37.55:6606
47.54.37.55:6821
47.54.37.55:7707
47.54.37.55:8808
5.152.206.196:6050
5.180.104.172:8579
5.180.107.130:1234
5.180.107.130:4782
5.180.107.130:6606
5.180.107.130:7707
5.180.107.130:8808
5.196.102.93:6606
5.196.102.93:7707
5.196.102.93:8808
5.196.174.49:433
5.230.69.11:1148
5.230.69.11:1465
5.230.69.11:1560
5.230.69.11:1759
5.230.70.106:1148
5.230.70.106:1465
5.230.70.106:1560
5.230.70.106:1759
5.230.84.50:1560
5.230.84.50:1759
5.230.84.50:1985
50.27.35.75:6606
50.27.35.75:7707
50.27.35.75:8808
51.138.76.245:6821
51.140.15.13:1604
51.141.172.115:1604
51.141.178.162:7707
51.178.148.147:54877
51.178.8.228:1337
51.178.8.228:6606
51.178.8.228:7707
51.178.8.228:8808
51.195.37.2:8808
51.254.27.116:4449
51.75.191.89:6606
51.75.191.89:7707
51.75.191.89:8808
51.79.197.196:6606
51.79.197.196:7707
51.79.197.196:8808
51.81.191.248:1281
51.81.241.89:6606
51.81.241.89:7707
51.81.241.89:8808
51.89.204.5:6666
52.144.47.89:4782
52.144.47.89:6606
52.144.47.89:7707
52.144.47.89:8808
52.148.154.111:2070
52.170.189.162:6606
52.170.189.162:7707
52.170.189.162:8808
52.170.189.162:8888
52.177.173.249:1604
52.191.174.30:2222
52.233.66.100:7707
52.250.64.247:6606
52.42.85.68:6606
54.236.46.72:1604
54.237.250.208:5552
54.36.220.171:5050
54.36.220.171:7707
54.36.220.171:8808
54.37.160.138:6601
54.37.191.165:8808
54.37.36.116:46943
54.89.93.238:6669
58.221.46.155:8848
58.221.58.124:8848
6.6.54.46:6606
6.6.54.46:7707
6.6.54.46:8808
6.6.54.46:9482
61.139.65.135:61638
61.160.213.14:8848
62.122.170.171:11647
62.122.170.171:25565
62.122.170.171:4355
62.122.170.171:7293
62.234.35.139:30441
62.37.96.229:30120
65.109.196.96:8080
66.154.113.12:6606
66.154.113.12:7707
66.154.113.12:8808
66.168.88.41:4444
66.42.72.69:1337
66.63.162.20:6606
68.235.44.53:56571
68.58.248.242:6606
69.30.227.43:4449
70.125.175.238:6606
70.125.175.238:7707
70.125.175.238:8808
72.176.161.178:10
72.176.161.178:20
72.176.161.178:9
73.140.59.149:333
73.168.2.231:4449
74.119.194.180:0
74.119.194.180:4449
74.119.194.180:44490
74.119.195.9:4821
74.141.196.43:32370
74.141.196.43:4449
74.201.28.178:6606
74.201.28.178:7707
74.201.28.178:8808
74.208.157.153:8191
76.223.249.60:6606
76.223.249.60:7707
76.223.249.60:8808
77.204.204.154:6606
77.247.127.9:6666
77.68.4.186:1604
78.140.241.23:6666
79.134.225.115:43765
79.134.225.117:1515
79.134.225.124:1515
79.134.225.125:1515
79.134.225.17:2022
79.134.225.18:1515
79.134.225.19:7941
79.134.225.21:8657
79.134.225.22:6606
79.134.225.22:7707
79.134.225.22:7734
79.134.225.22:7890
79.134.225.22:8808
79.134.225.23:30493
79.134.225.23:6667
79.134.225.26:6606
79.134.225.26:7707
79.134.225.26:8808
79.134.225.32:6606
79.134.225.32:7707
79.134.225.32:8808
79.134.225.34:6606
79.134.225.34:7707
79.134.225.34:8808
79.134.225.35:1004
79.134.225.36:4044
79.134.225.36:7570
79.134.225.36:8409
79.134.225.44:7450
79.134.225.45:2233
79.134.225.47:8420
79.134.225.50:6460
79.134.225.52:4022
79.134.225.53:8765
79.134.225.59:1515
79.134.225.69:1313
79.134.225.75:2050
79.134.225.78:5007
79.134.225.82:54280
79.134.225.83:7707
79.134.225.85:1515
79.134.225.91:1973
79.134.225.92:46943
79.134.225.92:6606
79.134.225.92:7707
79.134.225.95:7779
79.134.225.99:4449
79.134.225.99:4576
79.134.225.9:3030
79.86.49.168:30120
79.86.49.168:6606
79.86.49.168:7707
79.86.49.168:8808
80.178.10.107:1604
80.232.93.176:1604
80.232.93.176:18467
80.232.93.176:4040
80.232.93.177:1604
80.232.93.177:18467
80.232.93.177:4040
80.253.247.232:1638
80.89.230.176:4449
81.163.246.9:5020
82.102.28.107:62727
82.147.85.168:3232
82.197.208.225:55498
82.2.147.149:54984
82.2.147.149:6606
82.2.147.149:7707
82.2.147.149:8808
82.202.167.226:2600
82.202.167.226:6606
83.193.10.199:7006
84.21.172.33:6606
84.21.172.33:7707
84.21.172.33:8808
84.27.151.14:7707
84.51.52.166:1000
84.51.52.166:1001
84.51.52.166:1002
85.187.94.142:1337
85.187.94.142:6606
85.187.94.142:7707
85.187.94.142:8808
85.192.40.255:4449
85.31.45.6:4444
86.38.230.179:5552
87.249.134.33:1337
87.4.136.146:2306
87.98.245.48:2703
87.98.245.48:46943
87.98.245.48:49703
88.119.174.117:444
88.121.6.16:1604
88.121.6.16:6606
88.121.6.16:7707
88.121.6.16:8808
88.138.252.119:1807
88.138.252.119:2525
88.198.101.59:6606
88.198.101.59:7707
88.198.101.59:8080
88.198.101.59:8808
88.198.101.62:6606
88.198.101.62:7707
88.198.101.62:8080
88.198.101.62:8808
88.248.18.120:7894
88.80.224.150:420
88.80.224.150:6606
88.80.224.150:7707
88.80.224.150:8808
89.117.21.143:6606
89.117.21.143:7707
89.117.21.143:8808
89.208.103.42:4545
89.212.152.239:6606
89.223.125.80:7655
89.23.101.38:5306
89.238.150.43:57095
89.252.176.182:6606
89.252.176.182:7707
89.252.176.182:8808
89.40.13.195:4908
90.100.176.56:5501
90.100.176.56:5502
90.100.176.56:5503
90.100.176.56:5504
90.100.176.56:5505
90.100.176.56:5506
90.100.176.56:5507
90.100.176.56:5508
90.100.176.56:5509
90.100.176.56:5510
90.100.176.56:5555
90.79.207.194:56623
90.79.207.194:7119
91.116.253.83:6606
91.116.253.83:7707
91.116.253.83:8808
91.134.150.150:4449
91.134.150.151:6606
91.134.187.25:4449
91.134.214.15:4449
91.151.88.146:4530
91.151.88.146:6606
91.151.88.146:7707
91.151.88.146:8808
91.192.100.61:2323
91.192.100.61:4449
91.193.75.122:6606
91.193.75.122:7707
91.193.75.122:8808
91.193.75.132:5529
91.193.75.132:7779
91.193.75.132:8848
91.193.75.132:9109
91.193.75.132:9909
91.193.75.182:8808
91.193.75.189:1604
91.193.75.189:6606
91.193.75.189:7707
91.193.75.189:8808
91.193.75.199:11011
91.193.75.202:11011
91.211.250.207:6606
91.211.250.207:7707
91.211.250.207:8808
91.92.109.70:5353
91.92.136.123:4449
92.205.184.19:1337
93.190.8.71:3131
93.82.44.26:4040
93.95.27.97:6606
93.95.27.97:7707
93.95.27.97:8808
94.156.6.224:6606
94.156.6.224:7707
94.156.6.224:8808
94.156.6.65:1337
94.177.245.135:9656
94.46.187.194:7707
95.179.128.208:8088
95.179.142.67:6606
95.179.142.67:6656
95.179.142.67:7707
95.179.142.67:8808
95.214.24.134:1911
95.214.24.134:1912
95.216.52.21:7575
95.216.52.21:8848
95.68.162.99:7777
95.93.127.180:2511
96.9.210.115:4449
96.9.226.19:7707
99.75.73.147:8808
001011000101100010110.duckdns.org
08099311.duckdns.org
100k0.ddns.net
100k5.ddns.net
123defsq.duckdns.org
147lanaway.duckdns.org
14deoctubre.duckdns.org
1pop.ddns.net
2021bestasync.mypets.ws
211.ip.ply.gg
223.ip.ply.gg
239jj.duckdns.org
23wsfd.duckdns.org
26deagosto.duckdns.org
3enbah0st.ddns.net
3gfdsfgsfgsdfg-37612.portmap.io
4-hitler.publicvm.com
4343night.ddns.net
4dod.ddns.net
4heba.camdvr.org
4pyramid.duckdns.org
72093721.duckdns.org
7593352b2g.imdo.co
7dediciembre.duckdns.org
8079048a.e2.luyouxia.net
83961200.duckdns.org
9221new.ddns.net
9dediciembreconlabendicion.duckdns.org
a.famsydev.top
aa9064aa.e1.luyouxia.net
aasdfqwe1234.duckdns.org
abdul666.duckdns.org
abhorrent-thrill.auto.playit.gg
acronispandora.ddns.net
actionsstartnow.duckdns.org
activo1235.duckdns.org
actualizaciondedatosgrupoaval.net
adan993e8.duckdns.org
adawdas-33789.portmap.io
addimq.duckdns.org
adgjmptw2.kro.kr
advanced-hat.at.playit.gg
adwa.ddns.net
afdsagareg.duckdns.org
ahmed21018.linkpc.net
ahmed210183.linkpc.net
aisviua77s.xyz
ak.3.amazing2021.net
aka2.ddns.net
aka3.ddns.net
akuasync.from-ca.com
alan7-50232.portmap.io
alddie7mg.ddns.net
alfalf.con-ip.com
alfmedallo.con-ip.com
aliali785.ddns.net
aliensoldier.duckdns.org
allah3131.duckdns.org
amarilopato12.duckdns.org
amazonservers.bit
amazonshipping.duckdns.org
amazonsoftware.onthewifi.com
ambiboss.ydns.eu
ancesucess.chickenkiller.com
andrearodrigues0913.duckdns.org
anhphux4-60615.portmap.host
anon345.ddns.net
anonymouse3805-58890.portmap.io
ansynmoney.duckdns.org
antivirus-ssl.myiphost.com
antoniosanchez19703.duckdns.org
apahak.zapto.org
apartmentdue.camdvr.org
api.google-analytics.cloud
april-spec.at.ply.gg
aqq.linkpc.net
arilariseverim.mentality.cloud
asd1112.f3322.net
asd2xxx.duckdns.org
asdasud.xyz
asdc4c5x.duckdns.org
asdfdsg.duckdns.org
asdghn.duckdns.org
asdsasf.duckdns.org
asidivuvuas8rnvns73.xyz
aslavazgecme.duckdns.org
asy33.duckdns.org
async2020.duckdns.org
async2021.duckdns.org
async95.duckdns.org
asyncat.duckdns.org
asyncgeneration1.duckdns.org
asyncman.duckdns.org
asynco.ydns.eu
asyncpc.duckdns.org
asyncr.dyndns.org
asynctypebeat.duckdns.org
asynno.ddns.net
asyynet.duckdns.org
ate.westus2.cloudapp.azure.com
autobasecars404.ddns.net
autobasecars4040.ddns.net
awfwafwaf.ddns.net
awshosting.bit
azazelxd.duckdns.org
back114.ddns.net
backvernomm.duckdns.org
bad2.ddns.net
balasid-48598.portmap.host
beaned.ddns.net
bevdona.theworkpc.com
bichota.duckdns.org
bigc6514.duckdns.org
bigchungusatemyass.duckdns.org
bigdaddy-service.biz
bigdaddy.ddns.net
biggismall.ddns.net
bin.treatwellshome.xyz
bisbossdma9sem.ooguy.com
bition1.hopto.org
bk2bk.duckdns.org
blackbyte.ddns.net
blackid-42037.portmap.host
block.safeservice.cx
bluetooth.duckdns.org
bmxfghsh.duckdns.org
bobbawb1000.duckdns.org
bolilau456.duckdns.org
booking-detail.ddns.net
bozuksaatiniz.duckdns.org
brat.dyndns.org
brazzzyl-42474.portmap.host
brig-38796.portmap.io
browser-geology.at.ply.gg
brytonwilliams8.ddns.net
btsarmy.monogon.cc
bujubanton.ddns.net
burbenbrg.duckdns.org
burk2n.dynu.net
buy-dynamics.at.playit.gg
buyandsell.ddns.net
cafechef2.zapto.org
cafechef22.zapto.org
cailongithenhi.ddns.net
caipirinhademorango.ddns.net
callsip.serveblog.net
capeview.duckdns.org
capone.kozow.com
carlosmenguallora09.duckdns.org
carmnesarmienthasbfa.duckdns.org
cassa.hopto.org
cch2dw3sdsmcs.hopto.org
cch2dw8oisnxss.hopto.org
ceco.ddnsgeek.com
ceda7x.vip
cepas2023.duckdns.org
certserver.zapto.org
chefcafe.ddns.net
chexfotii.ddns.net
chimiechonga.ddns.net
chimpail.com
chinasea.duckdns.org
chrisbli-25890.portmap.host
chromeclusterspectr.ddns.net
churchmon.ddns.net
churchmon21.ddns.net
churchmon22.ddns.net
cigdem5.duckdns.org
cisaui5.publicvm.com
classic-parental.at.ply.gg
cn-gx-plc-1.openfrp.top
cobeckconstructioncompany.camdvr.org
code2023.kozow.com
cody-elzingery.com
colombiamaleta.duckdns.org
com86.endofinternet.net
comav14.publicvm.com
comebakk.myq-see.com
comr4de.dynalias.org
con22.duckdns.org
connect.l0lz.co
connect.servehttp.com
considered-stars.at.ply.gg
coolbixb0y.ddns.net
coolmaneurokoolcom-26401.portmap.host
copyright-convinced.at.ply.gg
cpa2022.ddns.net
cracke08.ddns.net
crushco.ddns.net
crvenazvezda.ddns.net
d1x3x.dyndns.org
d1x3x.gotdns.com
d1x3x.selfip.biz
d1x3x.selfip.com
d1x3x.selfip.info
d1x3x.selfip.net
dada2020.linkpc.net
damp1337-62649.portmap.host
danielmaestrelora09.duckdns.org
darknessdz.ddns.net
darksqlrat.duckdns.org
darkvezirv2.duckdns.org
darudesandstorm1111-25323.portmap.host
datacikerim.duckdns.org
daue.kro.kr
davidmalik07.ddns.net
davidnoriegalora09.duckdns.org
dazadiego.duckdns.org
dbdgnry.duckdns.org
dbegarv.duckdns.org
dbgroup.publicvm.com
dc1337.ddns.net
dclimited.duckdns.org
ddfgfdshg.duckdns.org
decyzja-36420.portmap.host
decyzja-42138.portmap.host
default2.duckdns.org
degree-imported.at.ply.gg
devnodes.duckdns.org
dfareterg.duckdns.org
dfdagreyt.duckdns.org
dfegvcxzvzxc.duckdns.org
dfghsfgsjsk.duckdns.org
dfsdgrg.duckdns.org
dgjidsjgvcx2341.ddns.net
dhayan.ip-dynamic.com
dhciaicjzis.xyz
dia6969.duckdns.org
diciembrearbolitodebelen20222022.duckdns.org
diciembrefeliz.duckdns.org
diegoparra.duckdns.org
diegovillareallora09.duckdns.org
dilescemo.servegame.com
dios.westus2.cloudapp.azure.com
discordmod.duckdns.org
disownnet.duckdns.org
ditmemay.ddns.net
djdlghk34.kro.kr
dnsontopnegros.ddns.net
docdns467.duckdns.org
doddyfire.dyndns.info
dodusiekkk-60757.portmap.host
dola2611.linkpc.net
doloresguerra.duckdns.org
doloreshuerta.duckdns.org
dom1337.duckdns.org
dom45x.duckdns.org
dominiodeprueba202220222022.duckdns.org
dominostark07.duckdns.org
doublezuckshhst.ddns.net
dox2022.homeip.net
drive.winupgrade.org
dropout-35209.portmap.host
dropout-37757.portmap.host
dropy.ddns.net
drxppedlpbbbb.ddns.net
dry-dream-17049.pktriot.net
dsijfiudsfiashvu7ds43.xyz
dsrgdsfgdf.duckdns.org
dtbvira.zapto.org
duartesantiagoji22.con-ip.com
duck3131.duckdns.org
dv7ddw4sds8ds8.hopto.org
dv7lv4sds8ds5.hopto.org
dwdtte4wfjs0ds5.hopto.org
eaglescof.centralus.cloudapp.azure.com
ebuka.duckdns.org
eds.edspeck.org
eduardlarauhasdhau32ndanh.duckdns.org
edwardthornton163.duckdns.org
efweegfdg.duckdns.org
egfcj56rgs.duckdns.org
egoyibouda.linkpc.net
ehadghsfyjsgah.duckdns.org
ehjay2022.duckdns.org
elchester789.duckdns.org
elkinbarajasujsdfsa334.duckdns.org
elpatocuacua.duckdns.org
elpatodonal.duckdns.org
elperood.duckdns.org
eltigangiad02.duckdns.org
emisparkled.duckdns.org
emolovebosy.ddns.net
enero2022async.publicvm.com
eneroeneroenero2023202311.duckdns.org
eniuu.duckdns.org
enviocode.duckdns.org
ericanabou.duckdns.org
ericfresh.ddns.net
ericmoney11.ddns.net
ertyftgfg.duckdns.org
escobaurch30.duckdns.org
escolavolutaria.fun
esxo.ddnsfree.com
etonel.chickenkiller.com
ewtwet.duckdns.org
exos.mywire.org
expresschiatto.freeddns.org
ezinchcho.ddns.net
f3k3jimashe.theworkpc.com
f88vbv8b8erht8baos.com
fabiancarrillolora09.duckdns.org
fabianhenaosierra003.duckdns.org
famous147.ddns.net
famsydev.top
fat7e114.ddns.net
fat7eorami.ddns.net
fdgfdgfdhgfj.duckdns.org
fdhfghf.duckdns.org
feb23-pandor.duckdns.org
febreroynoesvisiesto20222022.duckdns.org
fedeloperome09.duckdns.org
fejong.duckdns.org
felixojedamartinez09.duckdns.org
fell.ddns.net
fernandoguerralora09.duckdns.org
fesfsefseg5.duckdns.org
fessjacksrat.duckdns.org
fforward20.duckdns.org
ffuze.duckdns.org
ffxzdgfshfd.duckdns.org
fghnmvhdf.duckdns.org
fhdtvbcxnvn.duckdns.org
fhfgmjhmsdsdzx.duckdns.org
fjrtjrjyjj.duckdns.org
fjuj84hgoa84gn.xyz
flingmodder-44266.portmap.io
flubabapro.duckdns.org
flurrybeatmecamtest.ddns.net
flurrybeatmecamtest.sytes.net
formbook.hopto.org
formenn.linkpc.net
fpt1.duckdns.org
frajerte-37406.portmap.io
frank12.ddnsgeek.com
frankent2021.ddns.net
frankrab.giize.com
fransislopesierra09.duckdns.org
frdan.mywire.org
fredylopezlora09.duckdns.org
free66.hopto.org
fries1.ddns.net
fromrusso.org
frozeislegend.duckdns.org
frp1.freefrp.net
fsdgsgads.duckdns.org
fsgetesvzxc.duckdns.org
fsggasd.duckdns.org
fuckyou98.ddns.net
fusion71050500-40756.portmap.io
fusion71050500.ddns.net
fusioncore32023.hopto.org
g896696.duckdns.org
garsonpessutti.duckdns.org
gazetrto.myddns.me
gcgfjghjg.duckdns.org
gdfhtrtyrtt.duckdns.org
geeftniksbro.duckdns.org
getcdnlist.com
getupdated2021win2k.cn
gfhdjksjd.duckdns.org
gfhghgfcf.duckdns.org
ggdhzyrd.duckdns.org
ghankall40.duckdns.org
ghdfvdfdf.duckdns.org
ghgfkhdfgvvvvswqawer.duckdns.org
ghjfhdtxcfbv.duckdns.org
ghjghghfhj.duckdns.org
ghoss.freeddns.org
gingles.dynu.net
godlymoney806.duckdns.org
godtest.myddns.net
gomaa.theworkpc.com
gonzalesdelpilarmaria09.duckdns.org
goodpc.theworkpc.com
goods-generic.at.playit.gg
googe.f3322.net
googleipm1.ddns.net
goosent323.duckdns.org
gpmaw.duckdns.org
grant123four5.ddns.net
greatestyear2021.ddns.net
grega0835.ddns.net
griffins.hopto.org
grotomnipobell.sytes.net
grotomnipobell.zapto.org
gru-s13.duckdns.org
gsfdsfhghsff.duckdns.org
gto7tuiyuighfgfdj.duckdns.org
guasonliiiine.con-ip.com
gv7lv454sds8ds5.hopto.org
gw.allstaffs.net
haberci.ddns.net
hackas.ddns.net
hackdns1.duckdns.org
hacker-unknown-46140.portmap.io
hackisking.ddns.net
hajrkn.duckdns.org
haldriemaldriendfrif.sytes.net
hallmoney927.duckdns.org
handmoety.duckdns.org
hardrickkonsultg.ddns.net
harry9171-41182.portmap.io
harrypotta.ddns.net
haxxservers.ddns.net
hazardmain-37159.portmap.io
hck453-58158.portmap.host
hduisahidasr.ddns.net
healthup.con-ip.com
heatblast-33349.portmap.host
heisne.casacam.net
hellobozo.duckdns.org
helpmetakeyoursoul.awsmppl.com
helpserver.ddns.net
hema55.publicvm.com
hgjvhnfgg.duckdns.org
hgukhs-39227.portmap.host
highlifesearch.net
hitl44.001www.com
hitler0077.linkpc.net
hitler5573.linkpc.net
hiv.dyndns.org
hiveys.duckdns.org
hoang19008198.ddns.net
hoaviet-54998.portmap.host
hoc2021.ddns.net
hognyusket.com
holiday-wrote.at.ply.gg
holl3-43069.portmap.host
hope2023.sytes.net
hortiag1npox901.ooguy.com
houserent.camdvr.org
hpdndbnb.duckdns.org
hpwongrgbgames.ddns.net
hsjdup.duckdns.org
hsolic.duckdns.org
hsthdfghgj.duckdns.org
htr.ddd.amafo.cc
httosd.duckdns.org
hugh69021.duckdns.org
hurensohnliste-31639.portmap.io
icacxndo.ac.ug
icando.ug
icesmile.ddns.net
ifemelumma.linkpc.net
ifuyghiu.duckdns.org
ii-usd.at.ply.gg
iloveware.ddns.net
imageline.dyndns.org
info.ctxcel.com
info07.ddns.net
infodate.ddns.net
ip2.p36.xyz
iphy1.duckdns.org
isabelaflores.fun
itsource7.ddns.net
iyanyaegodi.ddns.net
jacktrade.ddns.net
jaga.theworkpc.com
jaimearaujonhiasiiwe32sa.duckdns.org
jaimegarjhahsswda.duckdns.org
jajo0.ddns.net
jamesalex13-32442.portmap.host
jamiekarvans.duckdns.org
janwiggins-29366.portmap.io
javierandresparramojica09.duckdns.org
javierimssmarecolie.hopto.org
jazminyshujtasvytassacadscd.duckdns.org
jeanmichmich.ddns.net
jeazerx.duckdns.org
jen202.casacam.net
jen203.camdvr.org
jeremymass01-46300.portmap.host
jesuisdonaldjtrump666.anondns.net
jesusamado.duckdns.org
jesuslopez19011.duckdns.org
jetafunit.servebbs.org
jhonvelasqueslora09.duckdns.org
jilldoggyy.duckdns.org
jinxzone.duckdns.org
jj.byd66.cn
jjajajajajadsdwasd-27002.portmap.host
jkuifyghm.duckdns.org
jntlmanaway.con-ip.com
jntrojan.ddns.net
jorgemoscotehgbayhjeq8u73cs.duckdns.org
jorigt95.ddns.net
joselamartineslora09.duckdns.org
joseluissaldarriagalora09.duckdns.org
jovial-haze-85764.pktriot.net
jrg9hjsigfjs.duckdns.org
juanconrradolora09.duckdns.org
juanlunalora09.duckdns.org
juerneshfguisdfo.duckdns.org
julianmaldonadolora09.duckdns.org
juliomotoalora09.duckdns.org
juniormanco.duckdns.org
jyzjkjj.com
kadumello.ddns.net
kaka.publicvm.com
kandingon123.ddns.net
kann5787.duckdns.org
karalarbaglar.duckdns.org
kaught-36793.portmap.host
kaycee-64139.portmap.host
kaygeorge456.duckdns.org
kcfresh.ddns.net
keke0001.duckdns.org
kenmolle.ddns.net
keyauth.ddns.net
kgb.linkpc.net
khejzetabneol-33665.portmap.host
kiestdesignsyrev.sytes.net
kiki1022.duckdns.org
killam.ddns.net
kindy.gotdns.ch
kinholima.duckdns.org
kissam.ddns.net
kjbvjrvb.duckdns.org
klept0wiz-33913.portmap.host
kokomarko.theworkpc.com
kolove.accesscam.org
kometa.hopto.org
kontakt-online.selfip.net
kontakt-service.selfip.net
kontakt-update.selfip.net
kurtbloomberg.ddns.net
kurtyusuf.duckdns.org
kyarelixo-59275.portmap.host
kza021.duckdns.org
laboratoriogenfarp.linkpc.net
lak0v1337.ddns.net
lambertofield1.ddns.net
lamerz.hopto.org
largo777.kozow.com
latte.dynv6.net
laurabedoya624.duckdns.org
lauracarrillo0sosa09.duckdns.org
laurasofiherre10.duckdns.org
lazuraa.ddns.net
leetman.dyndns.info
leetman.dynuddns.com
legacyud.duckdns.org
leonardodavinchi.duckdns.org
leonelsaldarriaga01.duckdns.org
lila152511.duckdns.org
limakan-56623.portmap.io
limakan.hopto.org
limer.ignorelist.com
lisazhang.duckdns.org
litlehf.ddns.net
lizalizalizasky.ddns.net
lizalizasky.ddns.net
lizasweetsky.ddns.net
lleguen8383.duckdns.org
loader2b.duckdns.org
localhostu.dynuddns.com
lollypopman4-29266.portmap.host
lolojako.con-ip.com
lookatmebitch.ddns.net
lordban.ddns.net
lorenbermu09.duckdns.org
lozadiego998.duckdns.org
lucky-unlock.tpddns.cn
luiscetrelora09.duckdns.org
lumar-59428.portmap.host
lynnnn.duckdns.org
machine-cheap.at.ply.gg
machine3.duckdns.org
mad311.duckdns.org
maestroqueda.ddns.net
maestroqueda.duckdns.org
mafiaconnects.duckdns.org
maidright.chickenkiller.com
majid059.zapto.org
makabuike.duckdns.org
makesureeasteats.duckdns.org
maksuda2230-52612.portmap.host
malamutealaska.duckdns.org
malware.ddns.net
manifest.duckdns.org
marbeyli.duckdns.org
marcelodosanto09.duckdns.org
marcozapatalora09.duckdns.org
margotmejiabyusfnscdvds.duckdns.org
marianalaverde03.duckdns.org
marianavilla3008o.duckdns.org
mariangonzjabyeuwrg.duckdns.org
marifaculdolora09.duckdns.org
marioddns.hopto.org
markskith-28099.portmap.io
marli27.duckdns.org
marli27.kozow.com
marmar1.linkpc.net
martineliasdiazlora09.duckdns.org
mashirong.top
mass.ososfix99.ru
mass2023.duckdns.org
mauriciocarrascallora09.duckdns.org
mauriciojavierhoyos09.duckdns.org
maxdev-31558.portmap.host
maximumthousands.ddns.net
maxtodor-27383.portmap.host
mayomayomayo202202222022.duckdns.org
mazi.ddns.net
mbit921.duckdns.org
meanser.duckdns.org
medotelegram.work.gd
meganfoxx.duckdns.org
megaplaneta01.ddns.net
mehdoganmin70.duckdns.org
mekhonet.dynip.org
meltdili.duckdns.org
mence.duckdns.org
mendey.duckdns.org
merat3131.duckdns.org
mercadao.tech
meskullzmint.com
microsoft12.ddns.net
microsoftserver.ddns.net
microsoftupdate001.duckdns.org
mifantuanzi1.e1.luyouxia.net
miguellondono0315.duckdns.org
mikedonohue.kozow.com
milanooffice.hopto.org
milenial.duckdns.org
milinerds.duckdns.org
milla.publicvm.org
mimihard.ddns.net
minecraftmods.myftp.biz
minerboy123-61906.portmap.host
minharola.hopto.org
minjihuws.kro.kr
mnbvclhg.duckdns.org
mnvbvnvgc.duckdns.org
modyhr.ddnsfree.com
momo5050.ddns.net
monastery2626.duckdns.org
monedfghsja.duckdns.org
moneios.linkpc.net
moneyveno.duckdns.org
monkeys11-39982.portmap.host
monodofus.hopto.org
mooroopecamroy.sytes.net
morelogs22.sytes.net
moveforme.ug
mozzza.ddns.net
mr7bashbab.ddns.net
mrjeffy.duckdns.org
mrkarik14-50898.portmap.io
mrv001.linkpc.net
mrv00100.publicvm.com
ms47.zapto.org
ms4747.loseyourip.com
mtest.loseyourip.com
muchodinero.duckdns.org
muchodinero14deoctubre.duckdns.org
mulla1.mywire.org
mulla2.mywire.org
multibit.hopto.org
murderer.ddns.net
mushrum.duckdns.org
mvcx.serveftp.com
mxmarve-24835.portmap.io
mxtopsz.duckdns.org
myconect.ddns.net
myluckyhost.ddns.net
mysubdomain873.duckdns.org
nano-c.ddns.net
nareshsemalty-30366.portmap.io
nasihej725.hopto.org
navaikargranites.line.pm
ncbdgwe.duckdns.org
ndospjn.ddns.net
nessator.bounceme.net
nessator.myddns.me
netfamily.windowshost.ru
new.investimer.name
new.payeermine.com
new11.ddns.net
newbiesx-25518.portmap.host
newbignninggood.duckdns.org
newddnss.ddns.net
newfrost.ddns.net
newtechublil.ddns.net
newtimnoip.freeddns.org
newvpnasync.myq-see.com
newworld.mypsx.net
newx.ddns.net
nexsa2111.sells-it.net
nextboss.ddns.net
niceone20.cn
nicosircu1.ddns.net
nigatex.ml
nikopaskamaa-21457.portmap.host
nisdfsuie.duckdns.org
nixa21.zapto.org
nmaxom.duckdns.org
nngplic.ddns.net
nnoport.ddns.net
nobles35-22823.portmap.host
noluyoruzawk.duckdns.org
northem.ddns.net
nov16665.ddns.net
nova.servegame.com
nova1.linkpc.net
nova2.casacam.net
novachrono.dyndns-ip.com
ns1.l96.org
ns1usaupload.myphotos.cc
ns2.l96.org
ntlplaast11.duckdns.org
nuevoremremrem20232023.duckdns.org
nunzioisbitch.serveftp.com
nwoork.kozow.com
nx22.myq-see.com
oebonur600.duckdns.org
oeiti-47629.portmap.host
office-bcr-host.duckdns.org
officiallysoldtoprof.ddnsfree.com
ohgowhsnv.duckdns.org
okaa0-51499.portmap.host
olodofries888.ddns.net
omahaclothingline.webredirect.org
omkarusdajvc.ac.ug
omnicrie.ddns.net
omomom.ac.ug
once-york.gl.at.ply.gg
onlineisofilelandersbaseballer1.mrbonus.com
ooof.hopto.org
open.imgov.cn
opium-network.ddns.net
orc.dyndns.org
orcus.dyndns.org
orcusrat.dvrdns.org
ouaff.ddns.net
oxy01.duckdns.org
p.webshare.io
pacman.dynalias.com
pacman.dyndns.org
paisaloro.kozow.com
palmgorohive.myddns.me
parkerpublic.com
parrarobertogali10.duckdns.org
paython.myq-see.com
pazmental.duckdns.org
pedobusters.online
pedroalcantaralora09.duckdns.org
peniscocksucker4.hopto.org
petersonsherian7.duckdns.org
petrol-chem108.duckdns.org
petropresidente.duckdns.org
pettbull.ddns.net
pfesp.duckdns.org
phantom111-31422.portmap.host
pibot.ug
pics-starts.at.ply.gg
piddix.duckdns.org
pingo3000.hopto.org
pksru.ddns.net
pm-dome.at.ply.gg
poder.kozow.com
pompake.duckdns.org
pop12.linkpc.net
pop6.ddns.net
portmaprat-26778.portmap.io
potenzax999.linkpc.net
powershell-test.duckdns.org
primopumps.duckdns.org
privat-sparkasse.de
product62.duckdns.org
productos.linkpc.net
prontovibes.ddns.net
protectgoogle.ddns.net
prowantedo.ddns.net
pruevapoiu-20286.portmap.io
psmax.dnsalias.net
psmax0.dnsdojo.net
psshatx.accesscam.org
pssmohammed.gets-it.net
qovar.cf
qz.dyndns.org
r00tz-36170.portmap.io
r0z.duckdns.org
r4tt3r.duckdns.org
rafaledrat.ddns.net
ragebit.ddns.net
ramlifaris684.duckdns.org
ramps.duckdns.org
rapraprat.duckdns.org
ratcik0.duckdns.org
ratsss.publicvm.com
ratyedinbb.duckdns.org
realtekhoster.ddns.net
registry.ddns.net
rej.rejgroups.com
remiakbaba.duckdns.org
remove.is-uberleet.com
replyitselfmako.sytes.net
reportbox0.duckdns.org
reportss.duckdns.org
resulttoday2.duckdns.org
retregdsgzbz.duckdns.org
reversethis.store
revshell.3utilities.com
rexm.xyz
rggsrfbcx.duckdns.org
rio.casacam.net
rippeanut.duckdns.org
rl.zuiwen.top
rmlkin.duckdns.org
robertobolanolora09.duckdns.org
robertsaldarriagasoto09.duckdns.org
roberurrutialora09.duckdns.org
rock19870-48166.portmap.io
rock87.ddnsfree.com
rocky07.ddnsfree.com
romarivanegamoauhsyhafjbaju233nsa.duckdns.org
rony.ooguy.com
roollingstonecam.sytes.net
roollingstonecam.zapto.org
root.kahharsoftware.com
rositxado.tk
rotte.ddns.net
rownip.dyndnss.netrownip.dyndnss.net
roy2023.kozow.com
rtergsdfs.duckdns.org
rvng.dyndns.org
ry8325585.duckdns.org
ryyeyq.duckdns.org
s1995.ddns.net
sadcgvc.duckdns.org
saddlepoint.duckdns.org
sadgfbvcnvccmb.duckdns.org
saedmad.linkpc.net
saico015.linkpc.net
saikuzen-49289.portmap.io
sakivivjasiv8cozo3.cn
salutsalut.ddns.net
sammiyoyo.linkpc.net
sanael-62946.portmap.host
sandobalvaleria214.duckdns.org
sandyclark255.hopto.org
sandyy.hopto.org
saralynnp8.duckdns.org
satrakyarab.ddns.net
sau88b8yb7e7gf7g.cn
sbdndbnb.duckdns.org
sdfgfgdsdfgfd.duckdns.org
sdfsbvfbfda.duckdns.org
sdfsdfasdf.duckdns.org
sdfsdgfgj.duckdns.org
seamoney.duckdns.org
sebasguerranjdd3ewdadf.duckdns.org
secdb.duckdns.org
security70.duckdns.org
semetiooctubre2022202220222022.duckdns.org
seniorpicchi-43516.portmap.host
server.b92dt.com
server.vukhitoithuong.co
server2.raxana.net
service32.sytes.net
servicess.dynip.org
servidor2050.ddns.net
servr.jordangaming3.xyz
seznam.publicvm.com
sgfdhtw.duckdns.org
sgrmbroker.duckdns.org
shadowofsun.e5.luyouxia.net
shambanzy202202.con-ip.com
shortcut2021.duckdns.org
silent-rain-87337.pktriot.net
simple-drain.at.ply.gg
sinki-43136.portmap.host
siuw83.duckdns.org
sivwbviw.duckdns.org
skalleper.ddns.net
skidnation.ddns.net
skiler.duckdns.org
skullzyboat-37846.portmap.host
skylucky.duckdns.org
slawdor.westus2.cloudapp.azure.com
slpete1533.duckdns.org
smartvodafone.duckdns.org
smoothy.ddns.net
soft.tjsosda.com
some-cheapest.at.ply.gg
southside.bounceme.net
sparkinject.ddns.net
speedplayers-23540.portmap.io
spk.accesscam.org
spongpoppp.myq-see.com
spookyfroot-52933.portmap.host
spring-consultation.at.ply.gg
squeruu-39056.portmap.host
sr5gsedfgwsers.freemyip.com
sson.dnsup.net
ssonn.v6.rocks
starsat123.ddns.net
steam008.ddns.net
stellacy.tk
stoo02093.duckdns.org
strekhost2038.duckdns.org
strekhost2039.duckdns.org
strekhost2041.duckdns.org
strekhost2043.duckdns.org
strekhost2047.duckdns.org
su2d.nerdpol.ovh
subwoope.ooguy.com
sukura.duckdns.org
susiahat24199a.ddns.net
swchiowbcjd.con-ip.com
sym.publicvm.com
takerman.ddns.net
teambit.giize.com
tearnservi11.duckdns.org
techandro.giize.com
techgames.duckdns.org
technovez.duckdns.org
tehliike.duckdns.org
testetstest.ddns.net
testfor.duckdns.org
tfwed.duckdns.org
tgjhgf.duckdns.org
thebest39393.ddns.net
thegamingclub.xyz
thewatersmoney.hopto.org
theyk6836.duckdns.org
thoe409.duckdns.org
thwit.ddns.net
tienmonkey-40774.portmap.io
timairvpn.ddns.net
timmo-27933.portmap.host
tjcoker123456.duckdns.org
tksoficialbrasil.sytes.net
torment.ddns.net
torment1628.duckdns.org
tox11.ddns.net
tplinklocal.linkpc.net
tr2.localto.net
trabajo2021.duckdns.org
travazap.duckdns.org
tripdeep.duckdns.org
tripleswagsir-42873.portmap.io
trust.meldrez5x.xyz
tuna91.duckdns.org
type1520.duckdns.org
ubiquitouslv-34772.portmap.host
udmansoud-59712.portmap.host
ufyu78r8r7.duckdns.org
updateservicer.ignorelist.com
uribeparaco.duckdns.org
usa-man.accesscam.org
utilityservice.ignorelist.com
uvd88.duckdns.org
v13cracker.ddns.net
valentinmihai-48225.portmap.io
vcnnxfdf.duckdns.org
venelix.duckdns.org
venmo8500.duckdns.org
vernortoday.duckdns.org
verynice.ddns.net
veztechno.duckdns.org
vfdhgfjdhgkjsf.duckdns.org
vic1.duckdns.org
vicentcastillnhdagg.duckdns.org
victori55.duckdns.org
view43748.viewdns.net
violinud.duckdns.org
vjwm.dyndns.org
vl.io.vn
vladmir001.myddns.me
vlhoangkimpk.net
vr-bank.com.de
vtgfcgfcvvvvvvvavavvvaavavava.duckdns.org
wabbus02.duckdns.org
wai.dogelab.net
wai.dogetaxi.io
wai.squidgame.to
walter12ryan.duckdns.org
wanted12-62000.portmap.host
warzon957.duckdns.org
warzoneupdater.redirectme.net
wasted9sss1-51443.portmap.host
wasted9sss1-57562.portmap.host
waterspourmoney.ddns.net
wegrferhgbrtegerfewfwedwedewdew.hopto.org
wertpkgc.duckdns.org
wesdrfggkhgfd.ddns.net
westernogetobarsbrmng.ooguy.com
wggr6uncx.duckdns.org
white-camcorders.at.ply.gg
willtrojan.ddns.net
windows-services-udpate.linkpc.net
winhostconio.duckdns.org
winlogon.ddns.net
wispy-hill-25808.pktriot.net
work114.ddns.net
worldpassed.publicvm.com
worldwreck.ddns.net
wr.espielweinstein.pw
xaft.camdvr.org
xafvbndsfg.ru
xiomarajerezasidhasfjafas.duckdns.org
xlordbodyl-60544.portmap.io
xsme.loseyourip.com
xxxprofxxx.dnsdojo.com
xxxsexyxxx.dnsdojo.com
y1k0z3.hopto.org
yatruopidf.giize.com
yedbopds.duckdns.org
yeetdskrt.ddns.net
yenhack.ddns.net
yhsfgs.duckdns.org
yoperreosola.duckdns.org
yubahack.duckdns.org
yubarat.ddns.net
yudith.duckdns.org
yyutrer.duckdns.org
zaza99.duckdns.org
zazazazaz.duckdns.org
zcvxcdsfew.duckdns.org
zen3x.duckdns.org
zero0.ddns.net
zhudaji.f3322.net
zkgwnqekr7qrgadf.duckdns.org
zobbi.zobbi.com
zockrellemile.sytes.net
zopzw.ddns.net
zuiwen.top
zulakim.duckdns.org
zxc123598.e2.luyouxia.net
zzzpmax.ddns.net

# Reference: https://twitter.com/IntezerLabs/status/1701230783837454369
# Reference: https://twitter.com/t3ft3lb/status/1701506318383956224

193.161.193.99:31507

# Reference: https://twitter.com/Jane_0sint/status/1701604129221890240
# Reference: https://www.virustotal.com/gui/file/11409951fd87917609f76566a567f768e8f2af92997618dbbf2536dce684b4d1/detection

123.99.200.175:4449
123.99.200.175:8950

# Reference: https://threatfox.abuse.ch/ioc/1163379/

62.106.84.215:4444

# Reference: https://threatfox.abuse.ch/ioc/1163442/

4.151.131.10:1010

# Reference: https://www.virustotal.com/gui/file/740705bda250b4aa10bc9ac53c45ea625baa4a7b982d76fcdd013644d7f0f5ae/detection

147.185.221.16:22080
193.161.193.99:22080
feature-fbi.gl.at.ply.gg

# Reference: https://threatfox.abuse.ch/ioc/1163510/

185.81.157.153:55

# Reference: https://threatfox.abuse.ch/ioc/1163511/

185.81.157.153:100

# Reference: https://www.virustotal.com/gui/file/eb1b3103fc42ae087eedbdc261bddff18d9aaaa5bf3c4646153b0fe67b9ad2b2/detection

esteesparahoy.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-22)

147.189.169.11:8848
185.117.91.202:999
185.81.157.154:2301
194.58.71.17:7771
206.53.55.186:8181
51.89.12.10:6606
51.89.12.10:7707
51.89.12.10:8808
78.171.102.209:3001
81.161.229.73:6606
81.161.229.73:7707
81.161.229.73:8808
95.214.27.6:2442

# Reference: https://www.virustotal.com/gui/file/7d8d345ba5e90f5eb674b3a0afeee3af3d7cdb8da249f92a5ff86f214d4ebc99/detection

84.54.50.42:1338

# Reference: https://www.virustotal.com/gui/file/1eb09eab835bb8295c10bc42f04a9f5379da88131996e603ec0643e3700e2bcc/detection

4.151.131.10:1011

# Reference: https://www.virustotal.com/gui/file/535884651e8ced605074dff4220651f4ceb02ea86025ff2721c816de2a94fd6a/detection

80.76.51.237:2023

# Reference: https://www.virustotal.com/gui/file/5fe0500266860557912ff1d77ed5e386f4c849bf21891e46dedabad62d78d328/detection

31.192.107.178:2525

# Reference: https://twitter.com/r3dbU7z/status/1705645264206184806
# Reference: https://www.virustotal.com/gui/file/d1dd950783c34f9d1a34a39b9068fb01023b537805ea97791b17dda03a95ebd9/detection
# Reference: https://www.virustotal.com/gui/file/968f94101c97e3d7d7ba5a994409595c41f33645956454f4dce9d93c9abc9c79/detection
# Reference: https://www.virustotal.com/gui/file/cad6a66eac36a2f482176d9636619dade6ece13f02613540184bbd341ee0983d/detection

93.123.118.253:39001
93.123.118.253:39002
93.123.118.253:39003
93.123.118.253:58001
93.123.118.253:7709
dingdang.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-25)

http://74.133.86.50
101.34.3.12:8848
101.42.137.105:3593
103.108.66.216:9905
103.38.236.46:4449
103.42.31.134:9901
103.42.31.180:9904
123.99.200.153:4449
124.248.66.139:4449
124.248.66.140:4449
124.248.66.144:4449
134.255.254.224:7707
135.181.226.133:49287
140.143.167.227:3214
154.53.45.95:4449
185.17.0.246:4449
185.221.67.3:4449
198.44.165.77:6605
198.44.184.40:4449
2.59.254.111:5500
222.211.73.251:4848
42.51.40.184:6606
42.51.40.184:7707
42.51.40.184:8808
49.232.230.111:6630
5.104.84.227:4449
62.234.33.152:3502
62.234.35.139:5631
65.21.177.234:6606
65.21.177.234:7707
74.133.86.50:4449
90.62.249.133:2550
90.62.249.133:2551
90.62.249.133:2552
90.62.249.133:2553
90.62.249.133:2554
90.62.249.133:2555
90.62.249.133:2556
90.62.249.133:2557
90.62.249.133:2558
90.62.249.133:2559
90.62.249.133:2560
90.62.249.133:2561
90.62.249.133:2562
90.62.249.133:2563
90.62.249.133:2564
90.62.249.133:2565
90.62.249.133:2566
90.62.249.133:2567
90.62.249.133:2568
90.62.249.133:2569
90.62.249.133:2570
90.62.249.133:2571
90.62.249.133:2572
90.62.249.133:2573
90.62.249.133:2574
90.62.249.133:2575
90.62.249.133:2576
90.62.249.133:2577
90.62.249.133:2578
90.62.249.133:2579
90.62.249.133:2580
90.62.249.133:2581
90.62.249.133:2582
90.62.249.133:2583
90.62.249.133:2584
90.62.249.133:2585
90.62.249.133:2586
90.62.249.133:2587
90.62.249.133:2588
90.62.249.133:2589
90.62.249.133:2590
90.62.249.133:2591
90.62.249.133:2592
90.62.249.133:2593
90.62.249.133:2594
90.62.249.133:2595
90.62.249.133:2596
90.62.249.133:2597
90.62.249.133:2598
90.62.249.133:2599
90.62.249.133:2600
capitalizerutc.com
de2.localto.net
erorr2.webhop.net
ewoiutz9dt9bzo89tz.com
extra-hack.ddns.net
iroexjds.work.gd
nbnf43456httpshost.online
non.accesscam.org
popo01.mywire.org
riewoti.work.gd
saefigozower.fun
sdfubuzoeoeiv.top
seuriouhvhusr.cn
slim1.thruhere.net
telachapesu.com
trx05.duckdns.org
viper34.servebbs.net
webwhatsapp.cc
wpe.mysynology.net

# Reference: https://www.virustotal.com/gui/file/c3f02339dcd6fbf6425fcc439a044416922c3f229d67e8f4e737dd29e7184e3b/behavior

23.105.131.172:2323
23.105.131.172:6606
23.105.131.172:7707
23.105.131.172:8808
dqdqededqedqe.tk
bin.treatwellshome.xyz

# Reference: https://threatfox.abuse.ch/ioc/1167640/

95.214.27.6:5500

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-09-26)

185.25.51.99:444
185.225.73.105:7896
185.225.73.105:8675
185.81.157.150:2023
185.81.157.150:2035
194.180.49.190:9254
5.231.208.228:1337
51.103.217.70:6677
51.103.217.70:8585
74.208.105.80:2005
74.208.105.80:7777
80.85.153.152:28323
91.103.252.215:4449

# Reference: https://www.virustotal.com/gui/file/6841b9d41f26f9bbd98430b17aa75910e24e5a72aa4df3b40f251afba21d5297/behavior

18.228.115.60:14488
18.229.146.63:14488
18.231.93.153:14488

# Reference: https://twitter.com/beacon1ng/status/1708620162000396480
# Reference: https://app.any.run/tasks/c35e037b-a03f-4179-9764-1dcbb679dbc7/

85.217.144.78:222
85.217.144.78:6606
85.217.144.78:7707
85.217.144.78:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-03)

185.225.73.105:6606
185.225.73.105:7707
185.225.73.105:8808
5.249.163.45:5555

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-06)

138.201.18.225:4449
185.241.208.184:6606
185.241.208.184:7707
185.241.208.184:8808
5.230.67.224:6606
5.230.67.224:7707
5.230.67.224:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-07)

185.16.38.41:2023
185.16.38.41:2035
185.241.208.114:5555
185.241.208.203:6606
185.241.208.203:7707
185.241.208.203:8808
185.241.208.42:2266
185.241.208.42:4444
185.81.157.21:2404
193.26.115.167:6606
193.26.115.167:7707
193.26.115.167:8808
209.145.56.0:57
4.151.131.10:2404
79.110.62.189:30305

# Reference: https://www.virustotal.com/gui/file/470556fb4a6a391d85e137d35fd76f1b8f9f984b4e4c8dadf3da3a072e901112/detection

193.26.115.188:8788
474ba67bdb289c6263b36dfd8.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-09)

http://103.212.81.80
http://88.99.251.36
103.141.68.86:8080
107.175.113.198:6011
107.175.113.198:9901
107.175.243.138:6606
107.175.243.138:7707
107.175.243.138:8808
135.125.21.39:222
135.125.21.39:2222
136.243.151.123:4444
136.243.151.21:57
136.243.151.21:58
136.243.151.21:60
136.243.151.21:62
136.243.151.21:64
136.243.151.21:70
136.243.151.21:71
136.243.151.21:79
139.99.148.35:7707
142.11.241.177:2002
142.11.241.177:2003
142.11.241.177:2004
142.11.241.177:2005
142.11.241.177:4014
142.11.241.177:4016
142.202.240.116:6969
142.202.240.46:7707
142.202.242.171:2028
142.202.242.171:2205
144.126.149.221:1996
144.126.149.221:2106
147.50.253.12:9909
15.204.170.1:6666
158.69.131.146:555
158.69.131.146:5555
158.69.131.146:7777
162.244.210.198:7070
172.245.244.118:7070
172.245.244.118:9090
172.96.172.69:2002
172.96.172.69:2003
172.96.172.69:2004
172.96.172.69:2005
172.96.172.69:4014
172.96.172.69:4016
173.212.250.19:2000
173.212.250.19:5000
173.212.250.19:6000
173.212.250.19:7000
181.131.218.210:8000
185.104.195.215:1234
185.104.195.215:1975
185.104.195.215:1980
185.104.195.215:1985
185.104.195.215:1989
185.104.195.215:1990
185.104.195.215:1991
185.104.195.215:2001
185.104.195.215:2002
185.104.195.215:2004
185.104.195.215:2009
185.104.195.215:5555
185.104.195.215:7777
185.104.195.215:8888
185.117.91.202:7707
185.117.91.202:8808
185.117.91.202:9909
185.16.38.41:20000
185.16.38.41:2022
185.16.38.41:2033
185.161.210.60:4020
185.169.180.143:1604
185.169.180.209:1604
185.239.237.59:6666
185.239.237.59:7777
185.241.208.114:7777
185.241.208.29:6666
185.241.208.42:2244
185.241.208.42:6606
185.241.208.42:7707
185.241.208.42:8808
185.241.208.51:555
185.241.208.51:5555
185.241.208.51:6666
185.25.51.99:555
185.81.157.135:2323
185.81.157.149:2303
185.81.157.14:2301
185.81.157.14:2501
185.81.157.14:2502
185.81.157.14:2701
185.81.157.154:2303
185.81.157.154:2304
185.81.157.154:2525
185.81.157.174:8088
185.81.157.178:6606
185.81.157.178:7707
185.81.157.178:8808
185.81.157.218:9090
185.81.157.24:6006
185.81.157.24:8008
187.24.73.87:8888
187.24.73.87:9999
188.77.229.84:5001
191.101.206.33:6666
192.119.108.74:8713
192.119.108.75:8714
192.119.108.76:8714
192.119.108.77:8710
192.159.99.6:50
194.156.89.185:8080
194.156.90.168:2222
194.156.90.168:4444
194.156.90.168:5505
194.156.90.168:5555
194.156.90.168:6606
194.156.90.168:7707
194.156.90.168:7777
194.156.90.168:8808
194.180.49.17:6606
194.180.49.17:7707
194.180.49.17:8808
194.26.192.68:6606
194.26.192.68:6666
194.26.192.68:7707
194.26.192.68:8808
198.12.125.30:8808
198.12.125.30:8880
2.58.56.243:6606
2.58.56.243:6666
2.58.56.243:7707
2.58.56.243:8808
206.53.55.186:1000
206.53.55.186:7171
209.145.56.0:1234
209.145.56.0:2011
209.145.56.0:2022
209.145.56.0:4014
3.84.52.3:6606
3.84.52.3:7707
3.84.52.3:8808
34.29.228.84:1996
34.29.228.84:1997
35.197.164.151:443
38.180.69.154:6606
38.180.69.154:7707
38.180.69.154:8808
42.117.76.36:7569
42.117.76.36:7815
42.117.76.36:8010
42.117.76.36:8159
42.117.76.36:8579
45.138.16.41:6666
45.138.16.41:8888
45.141.215.91:6666
45.141.215.91:7777
45.141.215.91:8888
45.156.84.213:6666
45.81.39.78:115
45.92.1.142:333
45.92.1.142:6066
45.92.1.142:888
45.92.1.162:1996
46.246.82.9:2000
5.230.74.240:6666
5.230.74.240:7777
5.230.74.240:8888
51.161.107.68:555
51.161.107.68:5555
51.161.107.68:6666
51.195.145.78:4343
51.195.251.9:6606
51.195.251.9:7707
51.195.251.9:8808
51.254.49.49:5001
51.38.57.226:6606
51.81.126.13:2222
51.81.126.13:555
51.81.126.13:5555
51.81.126.13:777
51.81.126.13:7777
51.81.24.93:4242
51.81.7.207:6606
51.81.7.207:7707
51.81.7.207:8808
51.89.190.17:6000
51.89.190.17:7000
51.89.190.17:8000
51.89.190.17:8088
62.106.84.211:4444
62.106.84.211:6606
62.106.84.211:8808
62.106.84.212:6606
62.106.84.212:8808
62.106.84.213:4444
62.106.84.213:6606
62.106.84.213:8808
62.106.84.214:6606
62.106.84.214:8808
62.106.84.215:8808
64.56.68.203:8888
66.94.118.174:2000
66.94.120.244:6606
66.94.120.244:7707
66.94.120.244:8808
78.161.33.61:20000
84.54.50.9:8888
85.206.172.156:222
85.206.172.156:555
86.48.18.223:6606
88.119.175.231:444
88.119.175.231:555
88.119.175.231:5555
88.119.175.231:6666
88.119.175.231:8888
89.23.100.93:4449
91.109.116.34:8808
91.109.182.4:7707
91.109.188.3:8808
93.123.118.250:2222
93.123.118.250:4444
93.123.118.250:6666
94.130.130.51:112
94.130.130.51:113
94.130.130.51:114
94.130.130.51:6606
94.130.130.51:7707
94.130.130.51:8808
94.156.253.72:6606
94.156.253.72:7707
94.156.253.72:8808
94.228.168.80:10000
95.214.27.64:5505
95.214.27.64:6606
95.214.27.64:7707
95.214.27.64:8808

# Reference: https://www.virustotal.com/gui/file/dad4aa37fb7f808d7cdc3e81585c2a0b31fd07d5aeadf9bd6562e73250d7d81a/detection

208.64.33.62:4449

# Reference: https://www.virustotal.com/gui/file/1a06018f6c3e8b85ba401a081e96a71d3c6c795ea2b35cb586b33897bca4abe2/detection

194.180.48.105:6606
194.180.48.105:7707
194.180.48.105:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-10)

135.125.21.39:5555
135.125.21.39:7777
136.243.151.21:73
194.156.90.168:9999
209.145.56.0:1232

# Reference: https://twitter.com/r3dbU7z/status/1711882323367457217

185.81.157.213:222
185.81.157.213:6606
185.81.157.213:7707
185.81.157.213:8808
rxrr.duckdns.org

# Reference: https://tria.ge/231010-11axlsgc97/behavioral1

46.1.103.69:2341

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-11)

108.165.237.62:8080
139.99.17.29:6606
139.99.17.29:7707
139.99.17.29:8808
144.126.159.54:8888
166.0.156.25:4444
169.150.249.71:8888
185.81.157.21:8888
192.119.108.74:8714
192.119.108.75:8710
192.119.108.76:8712
192.119.108.77:8712
192.119.108.78:8710
192.119.108.78:8712
198.12.125.30:6606
198.12.125.30:7707
198.12.125.30:8808
207.244.238.106:4444
46.196.24.46:6606
46.196.24.46:7707
46.196.24.46:8808
51.195.145.78:4242
51.89.190.17:6606
51.89.190.17:7707
51.89.190.17:8808
88.237.19.232:20000
91.109.184.2:6606
91.109.184.2:7707
91.109.184.2:8808

# Reference: https://www.virustotal.com/gui/file/724b95160127a1fac9bea14139ad0c773a9fd7f4bf0811c950e9a56003e3a49b/detection

http://194.5.237.240

# Reference: https://twitter.com/karol_paciorek/status/1712422451534045305
# Reference: https://twitter.com/g0njxa/status/1712424483766550940
# Reference: https://tria.ge/231012-mwgbyaga58/behavioral1

181.235.14.39:9330
aaarr43.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-13)

101.35.255.93:8888
108.165.237.62:7070
116.98.23.227:257
173.212.250.19:6606
173.212.250.19:7707
173.212.250.19:8808
177.255.84.119:8000
185.117.91.202:6606
185.241.208.45:6606
185.241.208.45:6666
185.241.208.45:7707
185.241.208.45:8808
185.81.157.149:2301
185.81.157.174:8089
185.81.157.238:6603
187.24.0.226:8888
187.24.6.130:9999
188.77.229.84:4002
191.89.242.212:5757
192.119.108.75:8712
192.119.108.76:8710
192.119.108.77:8714
192.119.108.78:8714
193.23.3.37:4001
209.145.56.0:1955
213.195.120.176:4002
213.195.120.176:5001
42.194.128.203:6606
42.194.128.203:7707
42.194.128.203:8808
45.136.4.172:1453
45.81.39.77:111
49.12.7.88:1604
65.21.177.234:8808
78.161.41.50:20000
78.161.41.50:888
82.147.85.206:38002
91.109.182.2:6606
91.109.182.2:8808
91.208.92.183:6606
91.208.92.183:7707
91.208.92.183:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-16)

14.173.175.182:8080
147.189.169.231:6606
154.91.82.186:8888
173.212.250.19:1337
173.254.253.214:6606
173.254.253.214:7707
173.254.253.214:8808
185.81.157.201:8181
185.81.157.244:6606
185.81.157.244:7707
185.81.157.244:8808
193.26.115.55:9999
194.26.192.61:8888
195.85.205.141:6006
198.23.227.140:8880
213.195.120.176:4003
46.246.82.6:2000
82.65.203.216:443
91.109.176.4:7707
91.109.188.3:7707
91.109.190.4:7707
91.109.190.4:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-19)

103.212.81.159:1997
171.22.28.214:4404
185.241.208.21:888
185.81.157.105:6606
185.81.157.105:7707
185.81.157.105:8808
185.81.157.242:6606
185.81.157.242:7707
185.81.157.242:8808
185.81.157.252:6606
185.81.157.252:7707
185.81.157.252:8808
187.24.12.53:8888
20.211.121.138:4449
212.102.59.77:8888
46.246.12.9:2000
46.246.6.3:2000
46.246.86.17:8888
62.106.84.212:4444
62.106.84.214:4444
95.214.27.6:4545

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-20)

147.189.170.39:6666
185.81.157.24:6606
185.81.157.24:7707
185.81.157.24:8808
187.24.64.107:8888
187.24.64.107:9999
193.26.115.207:2001
198.12.125.30:8806
45.138.16.131:6606
45.138.16.131:7707
45.138.16.131:8808
51.77.230.223:2404
88.232.113.230:20000
88.232.113.230:888
91.109.176.9:6606
91.109.176.9:7707
91.109.176.9:8808

# Reference: https://twitter.com/smica83/status/1715700508818571717
# Reference: https://tria.ge/231021-nxvrdsfh66/behavioral2

82.131.152.206:4449
venomkarhel.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-23)

105.158.157.80:55555
147.189.169.231:6666
167.235.78.69:8888
172.111.233.177:3389
181.131.216.141:4040
185.81.157.103:6606
185.81.157.103:7707
185.81.157.103:8808
185.81.157.160:6606
185.81.157.160:888
187.24.2.121:8888
187.24.73.4:8888
187.24.73.4:9999
190.28.153.166:2000
190.28.161.89:2000
192.210.229.11:8880
192.210.229.8:8801
193.26.115.207:2002
193.26.115.207:2003
193.26.115.207:2004
193.26.115.207:2005
197.246.186.65:9999
197.246.197.142:9999
197.246.199.117:6666
197.246.235.14:9999
198.12.125.30:9901
209.145.56.0:2004
209.145.56.0:2005
209.145.56.0:2006
37.19.216.81:8888
45.141.215.141:7771
45.145.230.68:4449
78.161.14.145:20000
78.161.14.145:888
82.147.85.118:38002
85.109.221.202:20000
88.232.119.41:20000
88.232.119.41:888
91.109.176.7:7707
91.109.176.7:8808
91.109.184.3:7707
91.109.184.7:8808
91.134.150.159:4449
93.242.233.250:51125
93.43.214.206:7707

# Reference: https://www.virustotal.com/gui/ip-address/186.169.60.158/relations
# Reference: https://www.virustotal.com/gui/file/b99b8c52dd67d2a9d4b8a58664056b7ce64f271e25efe3a3b8adf33c70d3db46/detection

186.169.60.158:1993
cotizacionesnuevas1.duckdns.org
ibat21.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9906536e261362180e3b4c087a6e5941afd3766d077dfcfc3efbeb0ca91c9201/detection

186.169.60.158:1998

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-26)

116.203.24.34:2222
141.164.37.178:6606
141.164.37.178:7707
141.164.37.178:8808
172.111.233.109:3389
172.96.172.69:4019
178.73.192.20:8888
185.216.71.238:7708
185.216.71.238:8008
185.216.71.238:9909
185.81.157.112:6606
185.81.157.12:5555
185.81.157.12:6666
185.81.157.12:8888
187.24.69.150:8888
190.28.134.15:2000
194.156.89.178:2222
194.156.89.178:4444
197.246.196.91:9999
197.246.211.208:9999
198.12.125.30:8019
198.23.227.140:8080
198.23.227.140:8085
198.23.227.175:8080
209.145.56.0:6666
46.246.4.18:8888
91.109.184.4:8808
91.109.190.5:660666
91.109.190.5:7707
91.109.190.5:8808
91.208.92.210:1411
connect.servrweb.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-10-30)

http://92.87.6.121
103.141.68.91:6606
107.172.76.170:1982
107.172.76.170:8909
135.125.21.39:444
136.243.151.123:1234
136.243.151.21:69
136.243.151.21:75
144.126.149.221:6666
144.126.159.54:6666
145.239.200.145:6606
145.239.200.145:6666
145.239.200.145:7707
145.239.200.145:8808
147.189.173.111:9999
161.97.151.222:2004
162.55.36.154:2222
177.143.216.81:3389
178.33.203.39:5010
181.214.240.179:7707
181.90.42.189:7707
182.253.153.225:10549
185.150.25.181:6666
185.196.8.53:6000
185.241.208.136:1177
185.249.197.248:2222
185.249.197.248:4444
185.81.157.12:6606
185.81.157.12:7707
185.81.157.12:8808
185.81.157.12:9999
185.81.157.238:366
186.102.163.66:2404
186.102.163.66:7777
186.102.163.66:8888
186.102.174.131:2404
186.102.174.131:8888
187.24.13.129:8888
187.24.70.241:8888
187.24.70.241:9999
187.24.71.243:5155
187.24.71.243:9999
190.28.166.77:2000
191.246.186.145:9999
191.88.249.96:2018
192.210.229.8:8891
197.246.187.103:9999
197.246.196.187:9999
197.246.199.162:7777
197.246.199.238:9999
198.12.125.30:8015
207.246.74.117:8000
209.127.186.195:2222
209.145.56.0:4444
213.195.120.176:6606
213.195.120.176:7707
213.195.120.176:8808
216.244.84.180:6606
216.244.84.180:7707
37.1.211.248:6606
37.156.26.161:10000
45.12.253.222:115
45.141.215.3:3306
45.141.215.40:7707
45.88.186.47:9999
5.75.182.255:2222
51.89.242.53:100
81.214.77.85:20000
81.214.77.85:888
85.206.172.156:6606
87.248.157.179:1604
88.248.212.24:20000
88.248.212.24:888
88.251.135.18:20000
88.251.135.18:888
89.137.121.142:4782
91.109.176.5:7707
91.109.176.5:8808
91.109.180.4:8808
91.109.182.7:7707
91.109.182.7:8808
91.109.186.2:8808
91.109.188.2:7707
91.109.188.2:8808
91.109.188.8:8808
91.92.240.157:6606
91.92.243.216:81
94.130.130.51:119
94.156.69.57:81
intclientpage.co
foxgazafreego.mypsx.net

# Reference: https://www.virustotal.com/gui/file/ed243022114ee48f4c5f9cfbc83cf3fed190052d413eeb50abff861582299bce/detection

141.255.156.206:21555
141.255.156.206:21666
141.255.156.206:21777
141.255.156.206:21888
141.255.156.206:21999
enterprise999.ddns.net
mjtask.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ca92d9d3ed2415dd25079356940f9feec35b3e1b5e7d46c1de4e474ac5656d47/detection

taaymhostv2.ddns.net

# Reference: https://www.virustotal.com/gui/file/607b2909a0cd25015eb49d92b087870d750329254c641146059519008fd9874f/detection
# Reference: https://www.virustotal.com/gui/file/120ff3fc38cc42844c647564284ccb431dd3e77f22da6284f7219229dec503e2/detection

45.88.180.17:7700
45.88.180.17:9700
couchelavable.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-12)

104.243.47.96:2222
142.202.188.173:9953
142.44.252.22:833
172.94.8.75:2020
185.25.51.99:222
185.62.86.134:666
185.81.157.150:6606
185.81.157.150:7707
185.81.157.150:8808
186.102.161.73:2404
186.102.161.73:7777
186.102.161.73:8888
186.168.71.240:8888
198.12.125.30:8191
37.1.211.248:7707
37.1.211.248:8808
45.141.215.5:7707
45.88.186.47:8888
46.1.103.69:2341
66.94.118.174:4002
72.11.142.131:8808
85.206.172.156:8808
85.239.241.136:1337
91.109.188.6:7707

# Reference: https://www.virustotal.com/gui/file/4c2d509873e08dc7e46df73f082502d116d13da9dc9cb52d9e69b921a0cdecc1/detection

91.92.241.80:4449

# Reference: https://www.virustotal.com/gui/file/4b317b533a355aa2a7410563ab6e3e4f9563dce4adea4926baaaa027037a29c4/detection

91.92.241.80:39001

# Reference: https://www.virustotal.com/gui/file/b9e5dd660dda0daa188d1dee546d4c97f5432e46a54bc812cac7e66e538dc43a/detection
# Reference: https://www.virustotal.com/gui/file/01c52fb377d59ee5c9ac7db9cbf58186f6470f3a5c78d378bc2a0cb79627c2fe/detection

194.87.151.53:39001
194.87.151.53:4449
researchchemicals.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-15)

http://136.243.151.21
103.47.147.204:2000
14.161.135.108:8080
181.235.82.111:2404
181.235.82.111:8888
181.235.87.205:2404
181.235.87.205:8888
185.81.157.103:2222
185.81.157.133:6666
185.81.157.135:2525
185.81.157.149:2024
185.81.157.236:4444
185.81.157.254:6606
185.81.157.254:7707
185.81.157.254:8808
186.112.202.44:2404
186.112.202.44:8888
186.168.71.240:2404
187.24.3.145:8888
190.28.181.222:2000
191.246.186.145:2021
193.23.3.37:4003
193.23.3.37:4545
198.23.227.175:8880
201.185.178.29:8888
31.11.194.49:1337
37.19.216.81:7777
45.154.98.86:4444
46.1.103.69:4263
46.1.103.69:7355
81.214.77.85:57
91.192.100.22:8000
91.208.92.74:4444
91.92.243.43:7719
panel.freeddns.org

# Reference: https://www.virustotal.com/gui/file/2473f5514d45b2d56863331a9c24fdccf74b787e476b2b48963e40b0421462e0/detection

98.34.154.249:1605
ratlol.ddns.net

# Reference: https://www.virustotal.com/gui/file/f9836e2f445c098ec9e41577906b5c25d419d780bbd0f12af29a1f1019981fd1/detection
# Reference: https://www.virustotal.com/gui/file/f598e0fd21c125852521c64159f7400c7005d83ab8f071de9e95b23ad98c4980/detection
# Reference: https://www.virustotal.com/gui/file/cd2cd968c9bdb300458c0cac8d95aecc487d7d0b9ac57126425d67756693eb01/detection
# Reference: https://www.virustotal.com/gui/file/74a7a0f3461b71369a22c9b7e6cc89d02f41d4c4484966f545eb3fef56642206/detection

185.81.157.19:3306
185.81.157.19:3307
185.81.157.19:3309
45.141.215.3:3309
ns2usaupload.is-a-techie.com

# Reference: https://www.virustotal.com/gui/file/e91838e3f9c6aa4e1e043fa30ac176081877347166e52aa9b9cb1e7f25acecbf/detection

forlatinamerica.bumbleshrimp.com

# Reference: https://www.virustotal.com/gui/file/7494ac575753c074738a4ea8aa3eb2dc0d7fe699b3e3f6dbbfb066b367aacc58/detection

envio2023asy.bumbleshrimp.com

# Reference: https://www.virustotal.com/gui/file/6bd3a9be98f3e06d4cefbc574149bd6f80e1bd96b6ac7131349313c2c9c19fae/detection

185.81.157.21:7777
bendicionesoctubre.ddnsguru.com

# Reference: https://www.virustotal.com/gui/file/b53a2201e29a52a0ff66ce50fc05a3e0ab920b4b5c86773fc8766e9462aff871/detection

51.161.59.75:6606
51.161.59.75:8808
exrobotos2023.mywire.org

# Reference: https://www.virustotal.com/gui/file/ebf8f470ffc1fa2c68fb9674c6e9842f9b5e5a15e2d37b11ffdb1de90d017b92/detection

141.255.147.253:8080
64.235.35.197:3333
parapowshell.blogdns.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-20)

1.120.227.126:4449
103.149.201.161:6106
103.233.253.8:8801
103.82.38.49:4449
104.129.27.19:6606
104.129.27.19:7707
104.129.27.19:8808
104.168.24.201:2345
121.62.23.38:5555
124.248.66.136:4449
124.248.66.143:4449
124.248.66.148:4449
124.248.66.154:4449
138.199.21.208:4449
147.185.221.16:47793
147.185.221.16:57444
154.221.25.208:8848
167.71.56.116:22863
172.111.138.100:4447
172.234.16.71:6606
172.234.16.71:7707
172.234.16.71:8808
185.221.67.19:18883
185.221.67.19:4449
198.37.108.208:5555
198.44.165.35:6602
198.44.165.35:8802
198.44.165.77:6105
199.36.223.62:52364
199.36.223.62:8848
20.201.123.99:30120
24.254.118.248:4449
4.229.227.81:8080
4.229.227.81:8081
45.138.16.87:998
45.88.186.47:4444
46.1.103.69:9371
65.21.8.16:4449
79.134.225.113:9346
91.107.228.216:4449
12tainss1s.xyz
asdvua78v8ed4t6fhvha.cn
asfyvisoeogtca3.fun
bloxstrap.theworkpc.com
bollon8.kozow.com
dcemprendimiento.duckdns.org
dkteamfix.webhop.net
dool.ddns.net
drippmedsot.mywire.org
erouhisugvizi4.cn
exrobotos.duckdns.org
foodie.ooguy.com
hmza.con-ip.com
itskmc.run.place
jauan2023.kozow.com
jobsearchtest.com
l11ol12s.sells-it.net
lesson.webredirect.org
lila152512.duckdns.org
lol1112s.sells-it.net
loveisthegreatest.ddnsfree.com
microwsfp5555.ddns.net
mloptuytonroyem.sytes.net
modyforeditor.loseyourip.com
newjakodns.con-ip.com
nsairoet.kozow.com
pacman.dontexist.org
saofidubixo4r.top
sdhvvy7vbysuxnvjdr6gtd64.com
sen3tors.linkpc.net
shady-mo.duckdns.org
taaymhost.ddns.net
w3llstore.work.gd
webazssc.sytes.net
webazsswebc.sytes.net
webwdircetcc.sytes.net
webwsetcc.sytes.net
yaper.dynuddns.net

# Reference: https://twitter.com/x3ph1/status/1726780232630198723
# Reference: https://www.virustotal.com/gui/file/6f9f2414e5ef9896fcef55deb74992200a418221aa6a169a76c688c82e9d7a5b/detection
# Reference: https://www.virustotal.com/gui/file/b4b449797d6cf8c8ff86601d9b259c9a4a5d79fc48093f90fc4eb967ef527780/detection
# Reference: https://www.virustotal.com/gui/file/f6a865b00b28e810029384d9941cbfe80deb2d24b992047f2a1634b6192ca4aa/detection

185.81.157.25:222
coffee.ddns.me

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-11-22)

104.243.32.185:6000
136.243.151.123:111
141.255.151.147:8888
144.126.159.54:7777
149.0.234.87:4444
162.244.210.198:6606
162.244.210.198:7707
162.244.210.198:8808
172.111.148.101:2020
173.212.250.19:1997
179.13.2.132:8020
181.214.240.179:6606
181.214.240.179:6666
181.214.240.179:8808
181.235.82.111:7777
181.90.42.189:8808
185.25.51.99:3333
185.81.157.246:6606
185.81.157.246:7707
185.81.157.246:8808
185.81.157.24:7007
186.170.115.82:8888
187.24.1.26:6606
187.24.1.26:9443
187.24.1.26:9999
187.24.70.150:9999
188.165.251.43:4242
190.28.170.122:2000
193.23.3.37:4002
194.213.3.100:7707
194.33.127.198:10000
195.178.121.53:6604
206.123.132.235:2000
213.195.120.176:5003
23.172.112.130:7707
23.172.112.130:8808
45.137.22.110:6606
45.138.16.48:8888
45.138.16.48:9999
45.88.186.47:5555
45.88.186.47:7777
45.92.1.15:9999
51.20.70.15:4443
51.38.57.226:7707
51.38.57.226:8808
78.161.26.61:20000
78.161.26.61:888
81.214.139.34:1604
91.92.242.246:4444
95.214.26.58:8808

# Reference: https://www.virustotal.com/gui/file/1761a57ada75a812d72141a1443aa22032bd9a2b2e167463d1cb06b2a1707c80/detection

51.222.31.217:3333

# Reference: https://www.virustotal.com/gui/file/729c57b7bfb87adeade5b33ad6af0b17c6ffa452d42caa42c6a1b4318601007f/detection

213.152.161.118:12184
timdynu23.freeddns.org

# Reference: https://www.virustotal.com/gui/file/18cb72e1caa929417b210801b615149c10b7d7962e738526bdade965b7e2bec2/detection

128.242.245.125:777
95.211.140.160:777
webchek.redirectme.net

# Reference: https://www.virustotal.com/gui/file/81bbf492816fdf74123d81ae5f01d85764f9be418fe4930e7c569fcdff1b3787/detection

186.169.35.157:8523
varo12l.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e08cde99d5c7427bd85cc6b26f9d6165561d80a52eac668f6883ffb66955ab63/detection

191.91.176.64:3035
asdfghtr.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2b8c89ff1e46b7f9955583390fe471e299e1af0156e25a10b1c48780000a6524/detection

fdghjkhgf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/669e35994017a740f8d56ac2e06aa7c45c9747ac27000d0413b5e5d2bdcda9e6/detection

200.116.159.187:4041
monocell08.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-03)

http://193.124.205.3
113.169.210.179:8080
113.207.105.241:17803
136.243.151.21:61
136.243.151.21:81
141.255.147.113:8888
141.255.151.249:8888
147.189.173.65:6666
154.16.67.94:8080
158.220.96.15:3318
181.90.42.189:6606
185.196.8.10:4449
185.62.85.197:444
185.81.157.147:6606
185.81.157.147:7707
185.81.157.147:8808
185.81.157.201:5008
187.24.66.236:9999
187.24.69.254:9999
188.215.229.107:1993
193.109.85.53:4449
193.149.176.5:7707
194.213.3.100:6606
194.213.3.100:8808
198.12.125.30:8818
2.58.56.160:7707
2.58.56.188:7707
2.58.56.37:7777
213.195.117.254:4002
213.195.117.254:4003
213.195.117.254:5001
213.195.117.254:5003
213.195.117.254:6606
213.195.117.254:7707
213.195.117.254:8808
213.195.125.89:4002
213.195.125.89:4003
213.195.125.89:5001
213.195.125.89:5003
213.195.125.89:6606
213.195.125.89:7707
213.195.125.89:8808
23.172.112.130:6606
45.92.1.59:8888
45.92.1.59:9999
5.249.161.42:9999
51.81.126.50:7777
66.94.118.174:9999
78.163.243.12:20000
78.163.243.12:888
82.165.74.190:1111
88.119.175.231:3333
88.229.10.198:3001
91.109.184.5:7707
91.109.186.8:7707
91.109.186.8:8808
91.109.188.9:9999
91.109.190.6:8808
91.92.244.203:4449
91.92.244.84:3232
91.92.248.239:6606
91.92.248.239:7707
91.92.248.239:8808
91.92.248.33:6606
91.92.248.66:6606

# Reference: https://twitter.com/banthisguy9349/status/1731374045218611702

http://138.68.144.100
143.110.162.255:81
159.65.215.80:81
162.244.210.198:222

# Reference: https://twitter.com/noexceptcpp/status/1731632258849673715
# Reference: https://gist.github.com/teixeira0xfffff/be875d101aa12bd4115d4d2133edd4ac#file-asyncrat_server-csv

http://107.173.143.111
http://165.154.186.149
http://192.210.236.242
http://198.23.144.126
http://198.23.145.12
http://20.187.64.131
http://67.243.58.12
http://76.83.131.163
http://77.73.131.83
1.53.214.230:8443
102.176.1.40:3306
102.176.1.40:6068
102.176.9.223:9300
102.41.50.232:6606
103.212.180.182:8888
103.212.81.157:6606
103.212.81.77:111
103.47.57.94:8080
103.99.0.229:443
104.161.23.232:6666
104.194.128.64:6606
104.211.203.236:2000
104.250.169.22:2000
104.250.170.27:6606
104.250.170.27:7707
104.250.170.27:8808
104.255.175.11:5001
104.255.175.12:5001
105.158.129.43:55555
105.158.132.27:55555
106.75.36.196:6606
106.75.36.196:7707
106.75.36.196:8808
107.172.76.170:1978
107.173.143.111:8080
107.175.113.198:8891
108.165.237.60:7707
109.107.179.248:7707
109.230.238.142:7777
116.148.86.63:6666
116.148.86.6:7777
116.148.86.70:6666
117.147.92.57:6666
129.146.108.93:8808
13.69.153.63:8080
13.80.133.110:67
13.80.133.110:68
130.211.201.48:5001
134.255.232.141:5555
134.255.234.198:5555
134.255.234.198:6666
134.255.234.198:8888
134.255.252.149:7777
135.148.171.75:8081
136.243.111.71:2200
136.243.151.21:63
136.243.151.21:67
136.243.151.21:72
136.243.151.21:74
136.244.116.149:1515
139.99.3.41:8808
14.164.98.70:8080
14.173.68.236:8080
14.234.24.74:8080
14.234.25.79:8080
140.82.55.70:2222
140.82.55.70:7777
141.255.146.104:8880
141.255.147.254:8880
141.255.158.165:8880
141.98.6.105:9191
142.11.241.177:2001
142.202.240.126:505
142.202.240.126:8888
142.202.240.91:6666
144.172.122.159:6606
145.239.200.145:7777
146.158.73.209:7777
147.124.209.80:6060
147.124.209.80:6666
147.124.209.80:8808
147.189.172.222:5555
147.189.172.222:6666
147.189.172.222:7777
147.189.172.222:9999
147.189.172.2:7707
147.189.174.47:7777
147.50.253.12:6606
147.50.253.12:7707
147.50.253.12:8808
149.102.243.138:8743
149.202.0.249:6666
149.56.79.3:4343
154.38.172.60:6666
155.254.244.188:6606
156.225.129.86:1433
159.69.11.30:6606
159.69.11.30:7707
159.69.11.30:8808
159.75.177.150:8443
160.178.236.210:55555
160.179.188.127:55555
161.97.151.222:7788
170.39.187.29:8080
172.245.23.178:9090
172.86.70.30:7777
172.86.76.198:6600
172.94.104.179:2000
172.94.6.198:2000
172.94.9.83:2020
172.96.172.69:1003
173.212.199.134:5552
173.212.250.19:1993
173.212.250.19:6066
173.212.250.19:6666
173.238.144.207:7707
173.249.196.201:4466
177.255.88.17:8020
178.33.203.39:9191
178.73.192.4:2000
179.14.8.129:8000
18.163.74.152:2333
18.197.239.109:10041
181.131.217.94:8808
181.215.5.168:4444
181.215.5.168:6666
181.90.42.189:2112
183.80.59.98:7946
183.80.59.98:8416
183.80.59.98:8420
183.80.59.98:8481
183.80.59.98:8533
183.80.59.98:8568
183.80.59.98:8598
185.104.195.215:5001
185.114.157.168:8080
185.117.91.202:8088
185.154.13.125:6606
185.158.251.88:2023
185.16.38.41:2024
185.162.235.142:6606
185.162.235.142:7707
185.162.235.142:8808
185.216.71.90:6606
185.216.71.90:7707
185.216.71.90:8808
185.223.77.181:8080
185.225.73.13:5001
185.225.73.192:4444
185.225.74.63:6606
185.225.74.63:7707
185.225.74.63:8808
185.225.75.54:12499
185.241.208.104:6666
185.241.208.140:1111
185.241.208.142:7777
185.241.208.159:880
185.241.208.161:8808
185.241.208.173:5555
185.241.208.177:6666
185.241.208.177:7777
185.241.208.187:7777
185.241.208.239:1177
185.241.208.72:6666
185.249.197.248:6606
185.249.197.248:7707
185.249.197.248:7777
185.25.51.99:5555
185.25.51.99:6666
185.62.84.65:7777
185.62.84.66:7777
185.62.84.67:7777
185.62.84.68:7777
185.62.84.69:7777
185.62.85.197:666
185.62.86.134:444
185.62.86.134:777
185.81.157.105:5135
185.81.157.105:5140
185.81.157.105:5150
185.81.157.105:9014
185.81.157.105:9015
185.81.157.105:9016
185.81.157.105:9017
185.81.157.105:9018
185.81.157.105:9019
185.81.157.105:9020
185.81.157.105:9021
185.81.157.105:9022
185.81.157.105:9023
185.81.157.105:9024
185.81.157.105:9027
185.81.157.105:9028
185.81.157.12:7777
185.81.157.135:2024
185.81.157.135:4343
185.81.157.135:4444
185.81.157.135:5555
185.81.157.135:6666
185.81.157.148:5555
185.81.157.149:2025
185.81.157.14:1010
185.81.157.14:2024
185.81.157.14:4343
185.81.157.14:7777
185.81.157.150:20000
185.81.157.150:2024
185.81.157.150:6666
185.81.157.152:7777
185.81.157.157:9009
185.81.157.168:7702
185.81.157.174:8090
185.81.157.209:2306
185.81.157.209:2310
185.81.157.209:4343
185.81.157.209:7777
185.81.157.218:1010
185.81.157.218:2020
185.81.157.238:5503
185.81.157.238:5601
185.81.157.5:9019
185.81.157.5:9020
185.81.157.71:2024
185.81.157.71:7777
186.102.174.131:7777
186.170.115.82:7777
187.24.1.147:7707
187.24.1.26:6666
187.24.12.23:6666
187.24.6.130:8888
187.24.64.107:2021
187.24.68.152:9090
187.24.70.150:9441
187.24.73.4:6606
187.24.73.4:7707
187.24.73.87:2020
187.24.9.5:9999
188.77.229.84:5002
188.77.229.84:6606
188.77.229.84:7707
188.77.229.84:8808
190.213.184.38:6606
190.213.184.38:7707
190.28.134.141:2000
190.28.145.222:2000
190.28.155.162:2000
190.28.161.114:2000
190.28.176.211:2000
190.28.177.104:2000
190.28.223.143:2000
190.28.246.177:2000
190.28.249.178:2000
190.28.250.147:2000
190.28.251.148:2000
190.97.165.170:8808
191.88.249.14:6969
192.121.82.67:2000
192.129.253.82:4444
192.129.253.82:9999
192.129.253.83:4444
192.129.253.83:9999
192.129.253.84:2001
192.129.253.84:4444
192.129.253.84:9999
192.129.253.85:4444
192.129.253.85:9999
192.129.253.86:2001
192.129.253.86:4444
192.129.253.86:9999
192.210.201.49:8891
192.210.236.158:7070
192.210.236.242:8080
192.3.27.141:8000
192.3.27.141:8118
193.142.146.212:7707
193.23.161.246:7777
193.23.3.123:6606
193.23.3.123:7707
193.23.3.123:8808
193.23.3.37:4343
193.26.115.217:6666
193.26.115.217:7777
193.26.115.78:7777
193.34.69.105:6666
193.42.32.17:7777
193.42.33.216:3306
193.42.33.58:8808
193.53.126.35:443
193.56.29.146:7777
194.180.48.14:5600
194.213.3.111:444
194.213.3.18:7777
194.213.3.36:7777
194.26.192.144:7777
194.26.192.144:8888
194.26.192.174:1991
194.26.192.174:2000
194.26.192.174:2002
194.26.192.174:5001
194.26.192.174:5555
194.26.192.174:6666
194.26.192.174:7777
194.26.192.174:8008
194.26.192.22:2222
194.26.192.22:7777
194.31.87.133:8080
194.49.94.212:9999
195.178.120.6:8088
195.3.222.57:5001
195.3.222.57:5554
195.3.222.57:5555
195.3.222.57:6000
196.217.83.3:55555
196.217.85.101:55555
196.217.87.251:55555
197.14.239.140:1177
197.246.187.170:7777
197.48.87.159:6606
198.12.125.30:8815
198.12.125.30:8891
198.23.144.126:8080
198.23.144.126:8088
198.23.145.12:8088
198.23.227.140:8191
198.23.227.140:8905
198.244.251.230:4444
198.244.251.230:5555
198.244.251.230:6666
198.244.251.230:7777
198.244.251.230:8888
198.245.77.54:7777
198.27.97.88:7707
198.37.108.192:7777
198.50.243.177:6000
198.50.243.177:7000
198.50.243.177:8000
198.50.243.177:8088
2.155.153.144:5000
2.155.153.144:5001
2.155.153.144:7070
2.155.41.147:5001
2.155.41.147:5003
2.58.56.148:7777
2.58.56.183:5555
2.58.56.188:5555
2.58.56.243:3000
2.58.56.44:2222
2.58.56.72:1337
2.58.56.73:6666
2.59.254.111:5552
20.117.92.125:9999
20.124.90.72:443
20.125.135.51:6666
20.150.149.137:70
20.163.10.14:2222
20.169.37.196:8808
20.21.57.76:8080
20.214.161.67:6606
20.218.135.231:6666
20.231.104.157:6665
20.231.104.157:7777
205.234.231.52:8808
206.123.132.65:2020
206.53.55.190:5000
206.53.55.8:1717
206.53.55.8:6060
206.53.55.8:6066
206.72.202.44:8080
207.244.238.106:5555
207.244.238.106:6666
207.32.216.212:8008
207.32.217.109:2222
207.32.217.109:5555
207.32.217.122:6666
207.32.217.247:5555
207.32.217.71:8008
207.32.218.23:6666
207.32.218.23:8808
209.126.11.174:6606
209.126.11.174:7707
209.126.11.174:8808
209.141.47.27:6606
209.141.47.27:7707
209.141.47.27:8808
209.145.56.0:1956
209.145.56.0:2001
209.145.56.0:53
209.145.56.0:5555
209.145.56.0:8877
209.209.40.132:199
212.102.59.83:6666
212.102.59.83:7777
212.102.59.83:8888
213.170.135.22:7777
213.170.135.27:6666
213.170.135.27:7777
213.170.135.31:444
213.195.120.176:5002
23.106.125.206:443
23.254.227.121:20000
23.254.231.83:1001
23.254.231.83:2001
23.254.231.83:2002
23.254.231.83:2004
23.94.171.142:6606
23.94.171.142:7707
23.94.171.142:8808
24.133.200.15:6606
24.52.60.3:8080
27.78.181.161:257
34.125.63.198:5000
34.125.63.198:5001
34.125.69.88:5000
34.125.69.88:5001
34.125.83.204:5000
34.125.83.204:5001
34.125.83.204:5002
35.172.119.52:8888
37.139.129.145:8442
37.211.90.37:4782
38.242.242.149:1991
38.242.242.149:2000
40.113.131.31:7777
40.113.131.31:8888
41.155.10.158:135
41.155.10.158:1433
41.155.10.158:49152
41.155.10.158:49154
41.155.10.158:5432
41.155.10.158:8002
41.155.10.158:8081
41.155.10.158:8181
41.155.10.158:8880
41.155.3.95:2080
41.155.3.95:554
41.155.3.95:8020
41.155.3.95:8081
41.210.0.105:25
41.210.11.200:25
41.210.3.29:11000
41.210.3.29:9090
41.210.3.29:9100
41.35.23.138:6606
42.117.250.222:8084
42.117.76.36:8085
42.117.76.36:8252
42.117.76.36:8463
42.117.76.36:8589
45.128.234.233:8081
45.133.235.219:7777
45.137.22.236:5000
45.138.16.133:222
45.138.16.133:2222
45.138.16.133:7777
45.138.16.161:1010
45.138.16.186:1234
45.138.16.186:22
45.138.16.186:6666
45.138.16.186:7777
45.138.16.186:89
45.138.16.202:7777
45.138.16.206:1010
45.138.16.213:5555
45.138.16.252:1194
45.138.16.252:2222
45.138.16.39:5001
45.138.16.41:5555
45.138.16.48:4444
45.138.16.48:6666
45.138.16.48:7777
45.138.16.89:555
45.138.16.89:5555
45.139.199.152:4445
45.141.215.103:2021
45.141.215.103:7777
45.141.215.103:8888
45.141.215.121:2106
45.141.215.139:1010
45.141.215.141:7788
45.141.215.145:555
45.141.215.145:8888
45.141.215.3:3310
45.141.215.3:3312
45.141.215.41:7777
45.141.215.63:7777
45.141.215.77:1010
45.141.215.77:2020
45.141.215.81:5555
45.141.215.81:8888
45.141.215.84:2222
45.141.27.86:9999
45.147.45.253:7
45.147.45.253:81
45.15.157.71:6606
45.15.157.71:7707
45.154.98.110:1991
45.154.98.110:2000
45.154.98.110:2001
45.154.98.110:2002
45.154.98.110:5555
45.154.98.110:7777
45.154.98.151:6666
45.154.98.192:2222
45.154.98.192:444
45.154.98.192:4444
45.154.98.192:5555
45.154.98.192:6066
45.154.98.192:666
45.154.98.192:6666
45.156.85.189:7777
45.43.18.229:6666
45.58.190.125:6606
45.58.190.125:7707
45.61.128.122:8808
45.61.128.231:6666
45.61.129.206:7707
45.61.129.206:8808
45.61.166.56:8888
45.66.230.96:5552
45.76.46.64:6606
45.79.170.6:6606
45.79.170.6:7707
45.80.158.183:7707
45.80.158.57:2222
45.80.158.57:7777
45.80.158.66:2222
45.80.158.66:6666
45.80.158.66:7707
45.80.158.66:7777
45.81.39.110:8808
45.81.39.153:7707
45.81.39.77:6606
45.92.1.17:7707
46.109.232.207:6606
46.109.232.207:7707
46.246.12.19:2000
46.246.14.16:2000
46.246.14.21:8000
46.246.6.13:8000
46.246.6.17:2000
46.246.6.6:2306
46.246.6.8:5427
46.246.80.15:2424
46.246.82.17:2000
46.246.84.17:8000
46.246.86.8:8000
46.246.86.9:8000
47.120.0.195:6606
47.120.0.195:7707
5.161.111.38:7777
5.161.111.38:9999
5.161.182.109:7707
5.161.182.109:8808
5.161.67.9:7777
5.161.68.223:7777
5.180.81.207:7707
5.196.117.233:1975
5.224.222.63:5002
5.231.208.228:6606
5.231.208.228:7707
5.249.163.32:7777
5.249.163.45:7777
5.61.40.196:81
51.195.251.7:7000
51.195.251.7:8000
51.195.251.7:8088
51.222.69.3:8808
51.38.247.74:6666
51.81.76.84:9999
51.81.97.229:6666
51.89.190.17:5600
51.89.190.17:5700
51.89.204.172:3306
51.89.204.69:6606
51.89.204.69:7707
51.89.204.69:8990
62.106.84.211:7707
62.106.84.212:7707
62.106.84.213:7707
62.106.84.214:7707
62.106.84.215:6606
62.106.84.215:7707
69.172.233.16:6066
69.172.233.44:4433
69.172.233.44:4444
74.234.126.146:8080
77.228.78.243:5000
77.228.78.74:5000
77.228.78.74:6060
77.231.107.226:5001
77.231.107.226:5002
77.231.107.226:7070
77.231.37.221:5000
77.231.37.221:5001
77.73.129.60:7707
78.135.83.219:8080
78.161.26.61:3000
78.161.3.93:888
78.161.41.50:3000
78.161.41.50:3001
78.163.63.59:3001
78.164.59.222:888
78.180.125.80:8080
78.185.120.130:888
78.84.244.67:6606
78.84.244.67:7707
78.84.244.67:8808
78.84.249.41:8808
79.110.62.191:6606
81.214.77.85:3000
81.214.77.85:3002
81.214.77.85:777
81.230.10.189:443
82.159.146.144:5001
82.159.146.172:5001
82.159.170.113:5001
82.159.175.186:5000
82.159.175.186:5001
84.38.135.222:8808
85.107.56.38:3000
85.107.56.38:888
85.208.136.58:222
85.208.139.71:2222
85.208.139.71:4444
85.215.172.173:7777
85.215.205.213:6606
85.215.205.213:7707
85.215.205.213:8808
87.237.52.235:8888
87.237.52.40:5555
88.229.10.198:20000
88.229.11.248:3000
88.232.119.41:7777
88.237.19.232:3002
88.244.33.230:3000
88.251.135.18:3000
88.251.135.18:3001
89.117.21.144:7707
89.117.55.98:3110
89.117.72.232:8808
89.117.77.110:7707
89.117.77.193:7707
89.140.147.214:5000
89.140.147.214:5001
89.44.9.137:6606
89.44.9.137:7707
89.44.9.137:8808
91.109.176.4:8888
91.109.176.5:8888
91.109.176.6:8808
91.109.176.7:6606
91.109.176.7:8888
91.109.178.8:8888
91.109.180.3:8808
91.109.180.5:9090
91.109.190.11:6666
91.208.92.220:7777
91.208.92.68:7777
91.208.92.80:7707
91.208.92.83:444
91.208.92.9:444
91.208.92.9:7777
91.92.240.97:9191
91.92.252.69:111
93.43.214.206:6606
94.130.207.164:1010
94.26.246.198:8080
95.214.24.218:6606
95.214.24.218:7707
95.217.0.146:1604
95.217.121.188:8848
95.23.150.98:7707
95.23.150.98:8808
95.65.130.17:4444
2escob4r.ddns.net
44box.ddns.net
jntls.publicvm.com
money.ddnsgeek.com
nets.homedns.org
optimization-marketing.com
s2x1ce.from-ma.com

# Reference: https://twitter.com/banthisguy9349/status/1731596141278400938

http://91.92.244.16
91.92.244.16:222

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-04)

113.207.105.229:8302
136.243.151.21:76
141.255.144.96:8888
141.255.146.81:8888
141.255.159.47:8888
193.149.176.5:6606
193.149.176.5:8808
193.222.96.19:6606
193.222.96.19:7707
193.222.96.19:8808
5.249.161.42:8888
88.229.10.198:3004
91.109.178.9:8808
91.92.244.16:6606
91.92.244.16:8808

# Reference: https://www.virustotal.com/gui/file/4a880f082a6ded92d2b65ff46f3876ad5d15657c166a3290431c093f06430552/detection

207.32.218.138:4444
adad3.casacam.net

# Reference: https://www.virustotal.com/gui/file/beb770ec5787870eba31691540aa5f7d30361afeb95ba5976ce432a3bf7a227f/detection

207.32.218.138:3333
syncca.theworkpc.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-05)

104.243.47.96:2233
107.175.113.198:7710
107.175.113.198:8018
107.175.113.198:8801
136.243.179.5:700
141.255.150.149:8888
144.126.149.221:9999
149.13.5.179:5050
154.38.172.60:555
154.38.172.60:5555
161.97.151.222:2006
162.244.210.198:6060
173.212.250.19:1717
173.212.250.19:1818
173.212.250.19:1998
173.212.250.19:1999
173.212.250.19:6060
185.62.85.197:555
185.81.157.103:1111
185.81.157.119:1111
185.81.157.201:9991
185.81.157.238:6301
190.28.157.161:2000
191.101.206.72:6666
191.233.245.58:60000
194.26.192.34:555
198.12.125.30:8011
2.58.56.37:6666
206.123.132.162:2000
209.145.56.0:2020
213.195.114.146:4002
213.195.114.146:4003
213.195.114.146:5001
213.195.114.146:5003
213.195.114.146:6606
213.195.114.146:7707
213.195.114.146:8808
213.195.125.89:4001
37.19.216.81:6666
41.251.193.151:66
45.32.173.196:6969
45.92.1.59:6666
78.163.243.12:3000
80.253.246.12:7707
85.209.176.108:8080
85.239.237.148:7788
88.229.10.198:3002
88.229.10.198:3003
91.109.188.4:7707
91.109.188.4:8808
94.130.130.51:5505
95.214.26.58:9909
mta1.candledmush.net

# Reference: https://twitter.com/ScumBots/status/1732041986474180873
# Reference: https://www.virustotal.com/gui/file/779468167b7fb6ae608f098d8460a0c6f7a825e088fe60ed31ea4f9e8e664f00/detection

179.14.8.224:1984
diciembre12.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e8c2e235a5d47cbe374d5aadea5a7f5cc21616a1ffe1ed7a8217fba02c7620db/detection

91.92.251.143:8200
greatkingtravel8200.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e437950df0a59d8a6d6a0ca0a4ca52c3d8c733b02d263a8f63987dc211e40b30/detection
# Reference: https://www.virustotal.com/gui/file/87aa05b65e67ddfb826e987343b64af0ab5b11b166ea2d35575c487076518a79/detection

91.92.251.143:8100
greatkingxlimited.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e879574d750ebd02a3affea08fca995185c05ed7deda29882463b3f81c25d6e1/detection

173.44.50.84:2016
window10.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-08)

103.161.112.130:4449
142.202.240.140:4444
149.0.232.42:4444
178.33.57.150:4449
181.41.200.232:4000
185.81.157.24:6126
20.168.112.95:8888
20.168.112.95:9999
209.145.56.0:2017
23.145.120.49:8808
27.64.157.66:257
38.181.25.204:5858
46.1.103.124:2341
46.1.103.124:9371
52.185.48.220:8585
82.165.74.190:2003
88.251.226.111:20000
91.92.248.48:5552

# Reference: https://www.virustotal.com/gui/file/5771678df53b5f26796bd57c74de0917e65ee23c9e6f46d67dd7a5e190f41ee6/detection

141.255.144.8:6606
141.255.144.8:7707
141.255.144.8:8808

# Reference: https://www.virustotal.com/gui/file/f5917e4093be8eda6413dc810e8a2156886e2ba03895784672b059753887adde/detection

85.215.218.19:2023
85.215.218.19:777

# Reference: https://www.virustotal.com/gui/file/96e14b48b61a6cd9748446ce2d54e0474d5852c18ce23c00bf95ca9ecf0c8e39/detection

85.215.218.19:2024
/arasramo

# Reference: https://www.virustotal.com/gui/file/5bc5d0bac3cb3194ac6f62d1cfc4ae12964972c40e3becad4defc10c668615de/detection

85.215.218.19:2026
java-runtime.servehttp.com

# Reference: https://www.virustotal.com/gui/file/2bc4c1c50a459ed02dbd8ee98d5ef346425e0125c5014ba9650b5c3af4a33fa1/detection

196.196.227.93:8521
01net.sytes.net

# Reference: https://www.virustotal.com/gui/ip-address/85.215.218.19/relations

updatedriver.3utilities.com
utilitaires.servegame.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-12)

185.81.157.154:2727
213.195.115.111:4002
213.195.115.111:4003
213.195.115.111:5001
46.105.147.140:1602
84.38.129.116:8080
91.92.243.58:8808
95.15.65.177:20000
95.15.65.177:888
95.214.177.110:4444

# Reference: https://www.virustotal.com/gui/file/bd08d9ecd8e02b4eee95353fe94ce148f31758ee1271e63e6951ccac032ce58b/detection

204.44.124.113:3000

# Reference: https://www.virustotal.com/gui/file/c3287d43e42a5d93dbb7ee425d8f9d22678f900d8b9c9132e7ec4cf73c8a07b3/detection

204.44.124.113:6666

# Reference: https://www.virustotal.com/gui/file/3ad3a9385859a3063e5a8e1ea9a93ea41e113e5107baaf6efd23537662993c1d/detection

46.246.86.24:8000
reader08.duckdns.org

# Reference: https://www.virustotal.com/gui/file/82bf98526028165b2b4700282a2a0e88f36015c1948ba4890aee7e53f14b2a50/detection

46.246.80.20:1618
46.246.84.18:1618

# Reference: https://www.virustotal.com/gui/file/cd3a8f6ea97d9b8879c0d7e623d94e5f12dac5cef00538f82b200f48daf45666/detection

46.246.84.8:1504

# Reference: https://twitter.com/V3n0mStrike/status/1736058054884388929
# Reference: https://www.virustotal.com/gui/file/dcbe457f09b71c4ed6fbb2183246f39d5229bc29ac5736a627604249398fb78e/detection
# Reference: https://www.virustotal.com/gui/file/b988d864e59da4746ff4d24377c57942ae3f0e20e28164bae9b848e98c3bda23/detection
# Reference: https://www.virustotal.com/gui/file/b988d864e59da4746ff4d24377c57942ae3f0e20e28164bae9b848e98c3bda23/detection
# Reference: https://www.virustotal.com/gui/file/f5eb7f30ca962192527a03ef232e74274a727969ea42a761acc19db26b741703/detection

91.92.251.22:5122
innomac.duckdns.org
mcwillis.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-17)

103.195.103.33:8808
136.175.8.57:4545
142.202.240.78:8888
181.32.146.243:7707
185.62.87.237:4444
185.62.87.239:4444
185.62.87.247:4444
185.81.157.103:4444
187.24.7.81:9999
194.33.127.198:2086
20.197.242.109:6060
207.246.82.230:5290
213.195.115.111:5003
213.195.115.111:6606
213.195.115.111:7707
213.195.115.111:8808
37.1.208.229:4444
37.1.208.229:8888
37.1.208.229:9999
5.161.200.142:333
5.75.147.113:3000
91.92.248.48:222
91.92.248.72:6606
95.216.41.33:81

# Reference: https://twitter.com/1ZRR4H/status/1736870188480434417
# Reference: https://www.virustotal.com/gui/file/048b743925b2f30e9300e30bafb67985185653f1c3adcef2dc3257db705020c2/detection
# Reference: https://www.virustotal.com/gui/file/c2ae169495738288c01df97f582da3db67e4f4d4514be563a7e2cbc069b76448/detection

http://91.92.245.38
193.26.115.142:2004
91.92.245.38:445
love1.loseyourip.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-22)

103.186.215.91:3390
103.186.215.91:4449
103.193.188.13:8080
103.193.188.13:8848
103.195.103.33:6606
103.195.103.33:7707
103.207.165.25:4449
106.53.119.74:8848
109.205.214.146:8848
109.248.151.48:1997
111.173.80.91:8848
111.173.80.92:8848
111.173.89.39:8848
111.229.116.176:8848
121.62.23.71:8848
123.99.200.134:2351
123.99.200.157:2450
123.99.200.157:2991
123.99.200.175:4595
123.99.200.184:2650
123.99.200.188:4449
123.99.200.191:4449
124.156.160.52:8848
124.221.43.13:5222
124.248.69.70:8848
124.248.69.71:8848
125.64.108.85:4449
134.122.133.177:4449
143.92.32.18:4449
143.92.35.85:4449
147.185.221.16:49190
147.185.221.17:20761
147.185.221.17:22684
147.185.221.17:2276
147.185.221.17:3767
147.185.221.17:6606
147.185.221.17:7707
147.185.221.17:8264
147.185.221.17:8808
154.12.87.251:8301
154.12.87.251:9601
154.91.229.111:4449
154.91.229.36:4449
154.91.230.208:4449
156.251.19.50:4449
159.69.85.54:4449
163.172.165.144:8080
165.73.249.21:6606
165.73.249.21:7707
165.73.249.21:8808
167.71.56.116:22942
176.129.191.64:5123
18.192.93.86:14444
182.43.76.21:7788
185.196.9.95:8008
185.62.87.238:4444
185.62.87.246:4444
185.81.157.19:3310
185.81.157.19:3314
185.94.29.178:4477
188.148.105.135:3113
193.161.193.99:41254
198.13.34.134:4449
198.23.227.140:6661
2.56.245.187:3232
202.63.172.63:8848
206.119.117.179:4449
206.123.140.95:3232
206.233.132.232:8848
206.233.240.31:4449
213.195.115.250:5001
3.64.4.198:15224
3.64.4.198:4824
31.214.243.202:8848
38.55.197.206:4449
42.51.39.90:4449
43.248.186.20:8848
43.251.16.74:5342
44.193.61.216:4449
45.125.46.201:57469
45.138.16.216:8888
45.141.215.230:4449
45.145.224.40:4449
45.145.229.151:8803
45.145.229.151:9603
45.152.66.153:8807
45.152.66.165:8808
45.152.66.165:9608
45.84.199.34:7000
62.234.175.104:9000
68.10.7.227:5620
81.11.198.38:4449
82.165.213.242:7771
82.64.54.249:3232
91.92.241.17:4449
91.92.248.33:7707
91.92.248.33:8808
94.130.130.51:206
1.err.line.pm
a0880508.xsph.ru
agent-thumbnail.gl.at.ply.gg
aniuus.linkpc.net
basgoingbrewca.serveirc.com
bold-bush-09147.pktriot.net
browse-classic.gl.at.ply.gg
cn-bj1-kvlqs4ee.frp.cool
country-wellness.gl.at.ply.gg
dlitryuzoneu.sytes.net
doradp.gleeze.com
ecuadorasyn.duckdns.org
enviofinal.kozow.com
fat7ola07.ddns.net
fhfgjghkgh.ddns.net
flitryuzoneu.zapto.org
getting-roommate.gl.at.ply.gg
gnbeatscagig.sytes.net
gtitryuzoneorji.zapto.org
hdr.theworkpc.com
hexrxr.duckdns.org
iced.ddns.net
loribard.ddnsfree.com
luci2023.kozow.com
mxrecordsipcordsss.ddns.net
national-pension.gl.at.ply.gg
nationalteams11.publicvm.com
noescorrecto2023.kozow.com
pasgoingcrewmoviand.3utilities.com
pibirat.ddns.net
pythondsh4.loseyourip.com
reply.gl.at.ply.gg
test56654.myddns.me
tndeatcamside.sytes.net
w3llstore.mywire.org
win009.theworkpc.com
windowsddns.duckdns.org
wins23octok.duckdns.org
xcrew1990.kozow.com
xdatarfree.ddns.net
zhangfeng123.eu.org

# Reference: https://twitter.com/noexceptcpp/status/1738148336056647907
# Reference: https://www.virustotal.com/gui/ip-address/185.81.157.148/relations

185.81.157.148:777
ae-dhwaybill.com 
ae-express-delivery.com 
amaznemiratesapp.com
chronopost-aidecolis.com
express-ca-waybill.com 
express-ie-package.com 
express-ie-waybill.com 
express-ireland-waybill.com 
ie-dhwaybill.com
instruc-for-iraq-pack-collection.com
instruc-for-pack-collection.com
iraqi-package-and-instruc-for-collect.com
liefer-routing.de
netflix-infopayment.com
notifications-chronopost.fr
payment-restriction.com
sfr-espaceclientmessagerie.fr
sfr-messageriemail.fr
suivi-acheminements.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2023-12-24)

140.82.26.84:5959
185.81.157.119:2222
185.81.157.123:6606
185.81.157.123:7707
185.81.157.123:8808
185.81.157.183:2222
190.28.128.226:2000
190.28.155.51:2000
193.34.212.17:7777
206.123.132.227:2000
207.180.238.243:8888
213.195.115.250:4002
213.195.115.250:4003
213.195.115.250:5003
213.195.115.250:6606
213.195.115.250:7707
213.195.115.250:8808
38.242.236.116:8888
46.246.86.8:8889
5.51.198.41:1155
88.229.3.212:20000
88.229.3.212:888
91.109.182.6:7707
91.109.186.4:7707
91.92.241.23:8000
94.130.130.51:202
95.10.154.172:4444
like-sports.linkpc.net

# Reference: https://embee-research.ghost.io/threat-intel-queries-with-fofabot/

1.14.206.144:6606
103.252.136.171:6606
103.252.136.171:7707
103.252.136.171:8808
109.107.189.163:6606
109.230.238.165:6666
130.51.42.190:6606
135.125.27.218:6606
136.175.8.57:6606
136.175.8.57:7707
136.175.8.57:8808
136.243.151.21:7788
144.217.36.75:6606
144.217.36.75:7707
144.217.36.75:8808
147.189.169.67:5555
149.28.103.159:1234
151.80.238.21:6606
151.80.238.21:7707
151.80.238.21:8808
154.16.67.94:6606
154.16.67.94:6666
154.16.67.94:7707
154.16.67.94:8808
154.3.2.209:6606
154.3.2.209:7707
154.3.2.209:8808
16.170.146.242:6606
172.111.139.148:7707
172.86.98.98:6606
172.96.172.69:6606
172.96.172.69:7707
173.212.250.19:1990
173.212.250.19:1991
173.249.13.74:6606
173.249.13.74:7707
173.249.13.74:8808
178.33.203.39:6606
181.214.240.179:7777
185.16.38.38:6606
185.16.38.38:7707
185.16.38.38:8808
185.172.128.52:5555
185.25.51.99:8808
185.62.85.197:777
185.62.86.134:1411
185.81.157.103:3333
185.81.157.172:6666
185.81.157.172:7777
187.24.66.110:9443
188.2.200.58:6606
190.213.184.38:8808
193.26.115.142:7707
193.26.115.142:8808
193.26.115.142:9909
193.26.115.69:8808
194.26.192.57:6606
194.26.192.57:7707
194.33.191.242:7707
196.206.8.44:55555
198.12.125.30:5505
198.12.125.30:8091
198.12.125.30:8801
198.12.125.30:9990
20.168.112.95:7777
207.244.254.163:3331
207.32.218.155:6606
207.32.218.155:7707
207.32.218.155:8808
209.145.56.0:3331
212.13.186.180:10001
212.98.224.226:7707
212.98.224.226:8080
213.195.115.250:5002
216.250.253.166:6606
23.94.99.6:8808
31.215.109.21:8808
31.220.103.103:7707
31.220.103.103:8808
34.29.228.84:1998
34.71.108.66:4444
37.1.208.229:5555
37.1.208.229:7777
38.242.236.116:880
45.138.16.125:777
45.138.16.213:7777
45.154.12.105:7707
45.154.12.105:8808
45.154.98.34:6606
45.154.98.34:7707
45.154.98.34:8808
45.77.92.194:2021
45.88.186.145:8808
46.196.24.72:8808
47.95.197.160:8808
47.95.197.160:9898
5.161.182.109:6606
5.249.163.45:6666
51.195.94.209:6606
51.195.94.209:7707
51.195.94.209:8808
54.38.151.131:6606
54.38.151.131:7707
54.38.151.131:8808
78.161.78.78:3000
78.178.154.228:20000
78.84.235.110:6606
8.141.93.70:6606
8.141.93.70:7707
8.141.93.70:8808
85.239.237.141:6606
85.239.237.141:7707
85.239.237.141:8808
87.121.87.41:7707
87.121.87.42:7707
88.229.10.198:3005
88.229.3.212:3000
91.92.250.202:6606
91.92.251.62:6606
91.92.251.62:7707
91.92.251.62:8808
91.92.252.126:6606
91.92.252.126:7707
91.92.252.126:8808
91.92.254.36:8808
92.118.235.49:1604
94.130.130.51:9909
95.15.65.177:3000
95.214.177.110:8080
amazon-prime-support.com
auth.optimization-marketing.com
authsmtp.optimization-marketing.com
box.optimization-marketing.com
cpanel.ruankpp.top
dev.optimization-marketing.com
exchange.optimization-marketing.com
gamcis.com
greedylandshinjirulorder2.sexidude.com
gw.optimization-marketing.com
hermes.optimization-marketing.com
imap.optimization-marketing.com
juankorkie.net
m.ruankpp.top
mail.missiondentalcentre.com
mail.optimization-marketing.com
mail.palmexpilipinas.com
mail.parachutisme-beziers.com
mail.randyzadra.com
mail.roelofkiers.com
mail01.optimization-marketing.com
mail10.optimization-marketing.com
mail2.optimization-marketing.com
mail4.optimization-marketing.com
mail7.optimization-marketing.com
mailbox.optimization-marketing.com
mailer.optimization-marketing.com
mailgate.optimization-marketing.com
mailin.optimization-marketing.com
mails.optimization-marketing.com
missiondentalcentre.com
ms.optimization-marketing.com
mx02.optimization-marketing.com
mx1.optimization-marketing.com
mx10.optimization-marketing.com
mx20.optimization-marketing.com
mx3.optimization-marketing.com
mx4.optimization-marketing.com
mxs.optimization-marketing.com
newmail.optimization-marketing.com
ns.optimization-marketing.com
ns1.optimization-marketing.com
outmail.optimization-marketing.com
palmexpilipinas.com
parachutisme-beziers.com
pbrand.optimization-marketing.com
po.optimization-marketing.com
pop.optimization-marketing.com
post.optimization-marketing.com
postmaster.optimization-marketing.com
pourtousagir.com
randyzadra.com
relay.optimization-marketing.com
remote.optimization-marketing.com
roelofkiers.com
root.optimization-marketing.com
ruankpp.top
server1.optimization-marketing.com
smtp.ruankpp.top
smtp1.optimization-marketing.com
smtp2.optimization-marketing.com
smtps.optimization-marketing.com
smtpseguro.optimization-marketing.com
spam.optimization-marketing.com
taikang.com.optimization-marketing.com
update.smartpromogroup.com
webdisk.ruankpp.top
webmail.optimization-marketing.com
zimbra.optimization-marketing.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-01-01)

http://212.13.186.180
1.14.206.144:7707
103.82.134.190:7707
104.161.27.4:8888
135.125.27.218:6000
135.125.27.218:7000
135.125.27.218:8000
135.125.27.218:8088
136.243.151.21:78
14.234.25.153:8080
144.126.128.158:7777
144.126.128.158:8888
15.235.3.1:2001
154.223.17.134:5959
155.133.27.6:2000
158.220.96.15:3320
163.5.215.211:4449
172.111.248.167:8088
172.94.122.166:8088
172.94.122.166:9999
172.96.172.69:1002
181.214.240.107:8808
185.16.38.41:2034
185.16.38.41:6666
185.172.128.52:7777
185.172.128.52:8888
185.172.128.52:9999
185.250.148.237:2424
185.81.157.154:2302
185.81.157.160:777
185.81.157.172:4444
185.81.157.172:8888
185.81.157.213:888
186.112.202.162:2404
186.112.202.162:8888
187.24.64.252:9999
190.28.142.129:2000
206.123.132.167:2000
206.123.132.170:2000
206.123.132.236:2000
209.145.56.0:4123
212.102.59.84:7777
212.102.59.84:8888
212.13.186.180:15618
212.13.186.180:17970
212.13.186.180:2082
212.13.186.180:33389
212.13.186.180:3497
212.13.186.180:37578
212.13.186.180:40000
212.13.186.180:54603
212.13.186.180:55524
212.13.186.180:5649
212.13.186.180:8000
213.195.112.94:5001
213.195.119.8:4001
213.195.119.8:4002
213.195.119.8:4003
213.195.119.8:5001
213.195.119.8:5003
213.195.119.8:6606
213.195.119.8:7707
213.195.119.8:8808
213.195.120.238:5001
23.225.40.139:8808
27.64.172.13:257
31.220.103.103:6606
37.1.214.209:2222
37.1.214.209:4444
37.1.214.209:8088
37.1.214.209:8888
37.1.214.209:9999
37.221.93.62:8080
38.180.91.62:8088
45.126.209.4:7707
45.88.186.145:7707
46.1.103.124:9876
47.95.197.160:6606
47.95.197.160:7707
51.20.249.187:8080
74.222.22.109:8888
78.178.154.228:3001
78.178.154.228:3003
78.178.154.228:3004
78.178.154.228:888
82.65.19.134:4443
87.121.87.195:6699
87.121.87.36:1335
87.121.87.92:6699
88.201.16.151:443
88.214.56.145:4444
88.214.56.145:8088
88.214.56.145:8888
88.214.56.145:9999
88.229.34.236:20000
88.229.34.236:3001
88.229.34.236:3004
88.235.35.170:20000
91.109.178.8:7707
91.109.186.9:7707
91.109.190.6:7707
91.92.243.45:6606
91.92.246.124:7707
91.92.250.243:4887
91.92.254.36:4747
92.46.172.137:10258
92.46.172.137:28363
92.46.172.137:29256
92.46.172.137:36274
92.46.172.137:427
92.46.172.137:46949
92.46.172.137:636
94.156.64.168:222

# Reference: https://twitter.com/banthisguy9349/status/1742109603133857897

http://94.156.69.26

# Reference: https://www.virustotal.com/gui/file/5d58c5fa7aa0f5a8c4d2448b0f5fbb8ffb835228bcb3e4b6fa53f5593a2166bb/detection

23.95.13.189:6606
23.95.13.189:7707
23.95.13.189:8808

# Reference: https://www.virustotal.com/gui/file/968a2f466fbd0e777f6e33eddb60bc3f953b4da4235758d60370dac5a99b6157/detection

46.199.193.93:3551
myhostfrfr0.ddns.net

# Reference: https://www.virustotal.com/gui/file/1742b48fad9814441ee7726009a0e375757134dcc872f88ed584b6a2099c7473/detection

46.246.6.15:1234
46.246.6.15:8889
asegurarasyncrat.4cloud.click

# Reference: https://www.virustotal.com/gui/file/2bf22438c6aeb5c825c35d92e3d31fd62b9fc2a997ed3618e1b71030e5e00b4f/detection

111.180.188.53:6606
111.180.188.53:7707
111.180.188.53:8808

# Reference: https://twitter.com/K_N1kolenko/status/1744626527210266949

116.204.169.212:26879
45.88.186.145:6606

# Reference: https://www.malware-traffic-analysis.net/2024/01/09/index.html

45.126.209.4:222
45.126.209.4:6606
45.126.209.4:8808
madmrx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6e658c94d36a1177444666ade64855bbefc1a6ae0afe1616a76dadc41b8daa9d/detection

peribzw.top
/ritgzoe/us1/gde.php
/ritgzoe/us2/gde.php
/ritgzoe/us3/gde.php
/ritgzoe/us4/gde.php
/ritgzoe/us5/gde.php
/ritgzoe/us6/gde.php
/ritgzoe/us7/gde.php
/ritgzoe/us8/gde.php
/ritgzoe/us9/gde.php
/ritgzoe/

# Reference: https://www.virustotal.com/gui/file/097aeda9f5d3d3c979d37b0b6bd8249254ff5b9636a2b0947c47702628086b6b/detection
# Reference: https://www.virustotal.com/gui/file/9b8b9e6ce4e03da593d4c5591b4bd2c2b6b72ca5087eb142aa7c42de6a631abd/detection
# Reference: https://www.virustotal.com/gui/file/836e7ddc748d65441117ca62254783a04cb1939e906c20329993ee694bcadf29/detection

140.82.27.51:14235
149.248.20.213:53245
34.174.61.199:6567
34.29.71.138:6567
45.32.94.58:6567
asdvua78v8ed4t6fhvha.cn
asfyvisoeogtca3.fun
erouhisugvizi4.cn
saofidubixo4r.top
sdhvvy7vbysuxnvjdr6gtd64.com

# Reference: https://www.virustotal.com/gui/ip-address/164.90.149.198/relations

akamai-cdn.top

# Reference: https://www.virustotal.com/gui/ip-address/181.131.217.242/relations
# Reference: https://www.virustotal.com/gui/file/02f7ef431654292b6b80cccbe9ecc391cafa706918ee2b3510a5c8dfd8378a15/detection

181.131.217.242:1984
bancolombia-token.duckdns.org
hernanenvio.duckdns.org
jairoee.ddns.net
soslilolilo.duckdns.org
soste2023.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-01-10)

http://149.102.235.34
http://93.153.68.186
1.14.206.144:8808
103.195.103.138:5555
103.67.162.240:2256
104.131.167.132:4747
104.243.37.176:5555
104.243.37.176:6666
107.150.23.137:8020
109.234.34.210:4449
136.243.151.123:222
136.243.179.5:82
139.180.171.110:1604
139.180.171.110:22636
139.84.229.159:2017
141.255.156.121:4443
141.255.156.150:4443
142.67.130.172:31415
146.70.161.85:4217
147.124.212.75:2010
149.102.235.34:61125
158.220.83.114:9909
158.247.235.51:443
163.5.64.75:7391
172.234.95.198:8443
176.40.9.245:40249
176.40.9.245:42358
176.40.9.245:50126
176.40.9.245:62822
179.13.3.199:8020
181.131.219.252:4203
181.235.94.107:2404
181.235.94.107:8888
185.81.157.119:4444
185.81.157.129:7707
185.81.157.148:9999
185.81.157.150:777
185.81.157.152:6606
185.81.157.152:7707
185.81.157.152:8808
185.81.157.183:8181
185.81.157.1:6606
185.81.157.1:7707
185.81.157.1:8808
186.112.204.173:2404
186.112.205.208:8888
186.168.66.85:2404
186.168.66.85:8888
186.168.66.85:9999
187.24.11.12:9999
187.24.12.179:9999
187.24.65.44:9999
190.28.139.66:2000
190.28.171.243:2000
193.142.59.177:443
193.26.115.51:6606
193.26.115.51:7707
193.26.115.51:8808
194.213.3.123:6606
194.213.3.123:7707
194.213.3.123:8808
194.33.191.248:4449
203.20.113.158:6606
203.20.113.158:7707
203.20.113.158:8808
206.123.132.169:2000
207.32.217.14:8888
207.32.219.78:8888
212.118.52.86:4449
213.195.118.64:4002
213.195.118.64:4003
213.195.118.64:5001
213.195.118.64:5003
213.195.120.238:4002
213.195.120.238:4003
213.195.120.238:5003
45.74.34.32:1994
45.80.158.60:2003
45.80.158.60:2004
46.246.80.19:8889
46.4.37.212:81
72.11.158.94:8808
74.222.22.137:8888
80.79.7.197:8888
82.115.223.244:4449
83.213.157.103:4444
88.229.34.236:888
89.148.48.240:443
91.109.178.4:8808
91.109.182.12:9999
91.109.184.6:7707
91.109.184.6:8808
91.109.188.6:8808
91.109.188.9:7707
91.109.188.9:8808
91.92.240.159:8088
91.92.241.54:4782
91.92.248.67:6606
91.92.248.67:7707
91.92.248.67:8808
91.92.251.144:4449
91.92.255.187:4449
93.123.39.68:4449
93.153.68.186:61125
94.156.64.207:1337
94.156.66.169:4449
94.156.67.158:3392
94.156.68.120:7707
94.46.246.95:2404
elofizetesitearea.com
185azyn6606dec24rd13.ddns.net
moonvenom4449.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1745382312483696766
# Reference: https://www.virustotal.com/gui/file/bd23b38717e8fec3a17dc23020ffc985172f7683d2d46d0080eff8a80825845c/detection
# Reference: https://www.virustotal.com/gui/file/5d6cc4d7e7ce998cf1d7bc8b78f787f9b034ab3dbdf8c91a33ad0233ddef2ac4/detection
# Reference: https://www.virustotal.com/gui/file/585f9d699807c982dac2f8384a20d510736aa771653de965fe7bb2c40b4a3fa8/detection
# Reference: https://www.virustotal.com/gui/file/27ec0c704261af619ce67a04c2f71b34e5c74110970b555208afb4aa65b4a723/detection
# Reference: https://www.virustotal.com/gui/file/26d19bf8f5b21152256f078fdd31a2749d85fb05a2bc34ff1de557b54a4dfca4/detection

194.33.191.248:7287

# Reference: https://www.virustotal.com/gui/file/a531f0dd0dafe349094b69c4c136961f07787b9b78b4778a8bbcc94ee1de94be/detection

91.92.250.149:3333
91.92.253.187:5531

# Reference: https://www.virustotal.com/gui/file/70bbe17e106d5112380cc14f8b2cf155910ea79544b1fe3c849e2d87b422e783/detection

91.92.253.186:5531

# Reference: https://www.virustotal.com/gui/file/d4076291918200b06355a617109b38fd7ee923db078fb1c46cc4ddf7f517de80/detection
# Reference: https://www.virustotal.com/gui/file/8a77e94a47c7a06b194248676e3837dae7f5305cdd81fddb0affc6a2cff69ed9/detection

103.214.23.99:1599

# Reference: https://www.virustotal.com/gui/file/e4ebcfe60d19d3e2fdd578070af1ddcf25af1834335fa357761a165cb3bcf8a6/detection

91.92.250.222:8100

# Reference: https://www.virustotal.com/gui/file/4ea73062b3a81d30d88472993cc5f4dc9a3efbcb0c5ef27419b513bea41a1361/detection

94.156.65.114:4449

# Reference: https://twitter.com/K_N1kolenko/status/1747861984261898444

193.26.115.55:333

# Reference: https://www.virustotal.com/gui/file/fc6574ad10963a5edfaa488cfb4ba221eac437c85026b8efe77dbfa55cd01bd1/detection

46.246.84.13:9000
cocomelondc.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/185.81.157.150/relations
# Reference: https://www.virustotal.com/gui/file/002e8d95c4d009cda92b5708f324a5107c42b7739c5a37b3960b245006170a6d/detection

185.81.157.150:2033
185.81.157.150:2034
185.81.157.150:2035

# Reference: https://www.virustotal.com/gui/file/090023db3b15f48bdb182b8d7c04ce0e2a55ad75d37816799117bd07d6a65fd4/detection

141.255.144.122:5554
disgold.ddns.net

# Reference: https://twitter.com/1ZRR4H/status/1751310603916882357
# Reference: https://www.virustotal.com/gui/ip-address/91.92.251.163/relations
# Reference: https://www.virustotal.com/gui/file/d576202174867dbed41a0dde9841b8deb1c4c3cb54bc3f3cb1311d97e0f1fd58/detection
# Reference: https://www.virustotal.com/gui/file/2986cab6e805bdeeedf6b815ee439417e2c861c33ef67c77b4c1ad57ad9d6169/detection
# Reference: https://www.virustotal.com/gui/file/ac702ccbd80c7f46d05ed6ecbbac34a930c0c1befe4dfc9e74bdcd7c7b4c09a4/detection
# Reference: https://www.virustotal.com/gui/file/861c39ed6c9c822297b546d05fc0c5ea6011a29fc8ed9afd8c2a34b07aa043b9/detection
# Reference: https://www.virustotal.com/gui/file/504be1f8bf80df47b6cbe74f1837864da5ec119e4ea91eae268e3652a626a4a9/detection

178.33.57.153:4449

# Reference: https://twitter.com/1ZRR4H/status/1751656174515098023
# Reference: https://twitter.com/r3dbU7z/status/1753692024216113625
# Reference: https://www.virustotal.com/gui/file/b69ec13ecdd61c9959d3a0a99efa0b23579c37bfbd5747e9647e1fd8439be3b6/detection
# Reference: https://www.virustotal.com/gui/file/9ba372b8822cbf5a131c426cc16a1e7d1ded7ade81b1b2887ac70ad8c001beb8/detection

http://91.92.254.14
http://91.92.255.205
91.92.254.14:4412
91.92.254.14:443
91.92.254.14:445
91.92.255.205:58001
91.92.255.205:58002
91.92.255.205:58003

# Reference: https://twitter.com/r3dbU7z/status/1752379313863709174
# Reference: https://www.virustotal.com/gui/file/96a45d777aeadce4f44c6208e7a8b335d1d75372af628174c256bb0dffde335e/detection
# Reference: https://www.virustotal.com/gui/file/947fe877e46776464c29e85fae444e6c0ff1465f7b32543230eccf5e766e5b23/detection
# Reference: https://www.virustotal.com/gui/file/65d6301d607eb8b0a5b95d13a57c779e4508aa28b07f74322e4d6cc5148e1cbf/detection

41.216.188.138:555
41.216.188.138:6606
41.216.188.138:7707
41.216.188.138:8808
cartel.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/eb5fb8d9eecb22126ad410533c44136dd28928e5ba1dbbba72dad0058dbbb20b/detection
# Reference: https://www.virustotal.com/gui/file/1ba09bcd10729085d28a1c0377f351ad1f4c0029a4d173676b3aa7cc91a709cf/detection

95.217.208.125:3232

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-02-04)

151.67.33.99:8080
172.94.32.33:6606
172.94.32.33:7707
172.94.32.33:8808
172.94.32.33:8881
175.24.197.196:53576
178.73.192.6:2000
18.134.234.207:443
18.192.31.165:13832
185.81.157.135:8181
186.112.194.124:2404
186.112.194.124:8888
186.112.205.208:2404
20.106.168.188:8808
209.145.56.0:1995
216.250.254.227:7707
34.29.228.84:2000
45.141.215.222:8808
45.145.55.81:6606
46.246.84.15:2000
80.79.7.197:6606
80.79.7.197:7707
80.79.7.197:8808
87.98.177.182:1337
89.148.24.117:443
91.92.240.147:7000
91.92.240.147:8000
91.92.240.147:8088
94.156.67.155:8088
94.156.69.136:1337

# Reference: https://www.virustotal.com/gui/file/5d819ed56f094d863f70ab2654243b00f263646b48d0e680f9b76bac113ce76f/detection

103.48.85.6:9999

# Reference: https://www.virustotal.com/gui/file/a07b12177cd55059f812ca04ed2f6da5ab7a66a603a6995a6d480a7bf824fb68/detection

172.171.254.153:4748

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-02-11)

104.156.247.38:8000
107.161.81.150:6606
107.161.81.150:7707
107.161.81.150:8808
138.201.176.60:7707
154.16.67.94:8088
154.212.145.72:8008
154.212.146.81:8008
161.97.151.222:2011
172.96.172.203:6606
172.96.172.203:7707
172.96.172.203:8808
172.96.172.69:8808
181.235.80.187:2404
181.235.80.187:8888
185.81.157.104:6606
185.81.157.104:7707
185.81.157.104:8808
185.81.157.106:777
185.81.157.14:8181
185.81.157.179:6606
185.81.157.179:7707
185.81.157.179:8808
185.81.157.183:9696
187.24.66.48:9999
190.28.167.19:2000
194.26.229.212:8080
20.106.168.188:6606
20.106.168.188:7707
20.81.43.192:8080
206.123.132.163:2000
206.123.132.240:2000
216.250.254.227:6606
216.250.254.227:8808
27.79.88.176:8007
40.66.42.165:8808
45.141.215.222:6606
45.141.215.222:7707
45.145.55.81:7707
45.145.55.81:8808
45.154.98.190:6606
45.154.98.190:7707
45.154.98.190:8808
45.88.186.16:7707
46.246.82.3:2000
46.246.82.4:2000
68.67.203.245:80
78.161.49.74:20000
78.161.49.74:3003
78.161.49.74:888
91.92.255.64:6000
91.92.255.64:8000
91.92.255.64:8088
93.242.137.1:51124
94.156.68.217:3162
94.156.69.196:6000
94.156.69.196:8000

# Reference: https://www.virustotal.com/gui/ip-address/5.39.43.50/relations

asyncrr.ddns.net
moriatri.serveminecraft.net
nechaev.hopto.org
newfuture.hopto.org
russianmurders.myvnc.com

# Reference: https://www.virustotal.com/gui/file/fb76f99beccd51813b860fccb5ef75881a921be0fbfd354e83619ac02f332f0f/detection

192.177.98.104:1337

# Reference: https://www.virustotal.com/gui/file/f93a1d7d6fe9d5b8210963f708214c797855d976baf3a39d7b4475b170a910b7/detection

5.181.159.31:2106
contodapug.con-ip.com

# Reference: https://twitter.com/ScumBots/status/1758508495589028007
# Reference: https://www.virustotal.com/gui/file/df37b362150d37374f604ed290c613701e5167d84abae499b82bc74f970d966b/detection

186.169.36.241:7082
186.169.60.26:7082
186.169.80.244:7082

# Reference: https://twitter.com/naumovax/status/1759572523539214715
# Reference: https://tria.ge/240219-kw6kqabf3w/behavioral1
# Reference: https://www.virustotal.com/gui/file/bc6005c0a53f37d259323fd3aeb2682b914050f20409fcfd21da5b31474a908b/detection
# Reference: https://www.virustotal.com/gui/file/6564e424cf162beab08aef52693eb9f16d0716332ead8b7a956c18bbfa0fe898/detection

171.233.98.70:1337
171.233.98.70:18274

# Reference: https://www.virustotal.com/gui/file/6462c1ebef5a874a824bd055723d2784dc62e81849a8715a4d118db95106c431/detection

46.246.80.20:2023

# Reference: https://www.virustotal.com/gui/file/1874360499cbed040d9e1f182bb150c9ef6c20740419b0e36de80860cfe46f27/detection

46.246.82.18:2023

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-02-21-IOCs-from-SocGholish-AsyncRAT-infection.txt
# Reference: https://www.virustotal.com/gui/ip-address/167.71.107.109/relations
# Reference: https://www.virustotal.com/gui/ip-address/49.13.65.235/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.161.113.150/relations

0f2onmxtqv5ih2h.fun
0f2onmxtqv5ih2h.top
bjlkchhaaigceke.top
bo2fob5q7ieimav.top
c9gvk11qg9v2zba.top
dggnbheeebmnngl.top
euuahsxqozcnddo.top
eykle9pb40gl1hz.top
fdbcngcjiifkjcf.top
fjy1a0lbdrx5eid.top
h4cg7rhbmieqskr.top
hmndbhadcibafhn.top
jjifagmhgbilbdh.top
ldfgchkbbbdbmjc.top
naajagigfikmhfj.top
pbvzje4.top
uzrn46l8bv5abtl.top
vk530xh8kmmuouz.top
vnveyd8sznqtcy9.top
w89tu45t8e7dqzo.top
x5jixoe8td3f2wd.top
ytn9rv1th4ox312.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-02-24)

http://5.252.74.133
http://77.105.132.94
104.210.36.227:8808
104.243.46.129:6666
109.199.104.52:8888
113.174.1.186:8080
136.243.111.71:5900
136.243.179.5:8888
138.201.176.60:6606
138.201.176.60:8808
147.124.213.188:4444
147.124.213.188:6006
147.124.213.188:8008
147.135.97.94:6606
147.135.97.94:7707
147.135.97.94:8808
147.189.172.103:6969
147.189.172.2:6666
154.212.146.81:7707
154.212.146.81:8808
172.111.148.12:222
172.111.148.20:222
172.94.111.213:8888
178.33.203.39:7707
178.33.203.39:8808
178.73.218.5:2000
181.131.216.198:6606
181.71.216.30:4040
185.222.58.40:1978
185.81.157.103:8888
185.81.157.106:443
185.81.157.21:7707
185.81.157.21:8808
185.87.150.199:2222
186.112.206.181:2404
186.112.206.181:8888
186.112.207.226:2404
186.112.207.226:8888
186.170.114.55:2404
186.170.114.55:8888
186.170.96.237:2404
186.170.96.237:8888
186.170.98.239:2404
186.170.98.239:8888
192.250.225.3:6000
192.250.225.3:7000
192.250.225.3:8000
192.250.225.3:8088
193.26.115.221:6606
193.26.115.221:7707
193.26.115.221:8808
193.26.115.42:6606
193.26.115.42:7707
194.67.204.7:88
196.112.147.229:5566
204.12.229.169:5600
206.123.135.63:2020
207.231.111.88:6606
207.231.111.88:7707
207.32.217.170:2004
212.193.11.40:7707
213.195.118.64:4001
213.195.119.244:4002
213.195.119.244:4003
213.195.119.244:5001
213.195.119.244:5003
34.176.21.185:8808
34.86.252.187:8808
37.1.214.209:1111
38.242.236.116:7707
38.242.236.116:8808
45.128.96.16:4449
45.134.83.162:8808
45.134.83.165:8808
45.138.16.248:9090
45.40.96.97:9441
45.80.158.25:5055
45.88.186.16:8808
45.88.186.65:6606
45.88.186.65:8808
46.246.4.7:2000
46.246.6.5:2000
46.246.82.18:2000
46.4.37.212:100
5.252.74.133:8080
51.89.199.122:6606
77.105.132.94:4449
77.105.132.94:465
77.105.132.94:8080
82.165.208.218:8888
85.215.197.98:8888
85.239.237.148:2006
88.214.59.174:9090
89.117.21.203:6606
89.117.21.203:7707
89.117.21.203:8808
91.92.242.133:2025
91.92.242.57:8008
91.92.243.63:5000
91.92.251.202:2024

# Reference: https://www.virustotal.com/gui/file/c29da2306b6d491c1907b6fa1150104854bc32530fd70f50cd7da4d37c1fcc26/detection

172.111.139.95:7771

# Reference: https://www.virustotal.com/gui/file/d96a05ace2861cae6b3143918c3e42004ee3d5740dabefb710028b6609e89114/detection

144.172.73.36:22
144.172.73.36:6606
144.172.73.36:7707
144.172.73.36:8808
193.176.29.231:1900
193.176.29.231:443

# Reference: https://www.virustotal.com/gui/ip-address/37.120.141.139/relations
# Reference: https://www.virustotal.com/gui/file/e8fe2be82f8af0c2ba3570fdcf18bdd5d22f030dedec85b924ee89ede119a6d9/detection

37.120.141.139:25044
fornet-wire.duckdns.org
pandora-ams.duckdns.org

# Reference: https://urlhaus.abuse.ch/url/2773510/

91.92.247.100:666
kareemovic22.webredirect.org

# Reference: https://twitter.com/banthisguy9349/status/1765362836065141045
# Reference: https://www.virustotal.com/gui/file/c753aa350f21c0b97c8b84aacc92d07997b3f8c300ebacd20b458a02cfdb3401/detection

147.124.213.188:6606
147.124.213.188:7707
147.124.213.188:8808
45.154.98.24:222
strongandliving.ddnsfree.com

# Reference: https://twitter.com/DonPasci/status/1765692054674251999

kolove.accesscam.org

# Reference: https://twitter.com/Dkavalanche/status/1766180682584232361
# Reference: https://app.any.run/tasks/e24ad05b-7afe-4f0a-b2fa-d27833d7c452/
# Reference: https://www.virustotal.com/gui/file/4cf8aecd3c9028fa90f3d9090c77825e74d764f883eb3d240abf50e59ac28697/detection
# Reference: https://www.virustotal.com/gui/file/13e222f0ed3ce85b8dde6dc7d39fa21acc66fbfadfadbef16d75086d318513fe/detection

46.246.4.22:1234
46.246.4.22:8889
91.92.244.103:2202
heztak.pro
bg1.heztak.pro

# Reference: https://www.virustotal.com/gui/file/06074b04985faa20b53a36bf8fa355041929c9bca9cd7a5707dbcd8b744d1eed/detection

pepecasas123.mywire.org
pepecasas123.net

# Reference: https://www.virustotal.com/gui/file/ee08667ddd29bc7ae5129a14f8feefeda818bf8e165082225e3470b9999671e2/detection

186.169.80.244:7080
companinuevoano1.con-ip.com

# Reference: https://twitter.com/1ZRR4H/status/1766223253360574957
# Reference: https://twitter.com/doc_guard/status/1769670285031100672
# Reference: https://www.malware-traffic-analysis.net/2024/03/14/index.html

101.99.94.234:8789
91.134.150.150:3232
91.92.252.234:3232
sunshine-bizrate-inc-software.trycloudflare.com

# Reference: https://twitter.com/1ZRR4H/status/1766945121650569598
# Reference: https://www.virustotal.com/gui/ip-address/12.202.180.134/relations
# Reference: https://www.virustotal.com/gui/file/43feb4c81e9e5be7b22c542dd0d54725075a67dbf592bb65b3b625c04256af55/detection

12.202.180.134:8890
194.48.251.9:8890
87.121.105.4:8890
febvenom8.duckdns.org
jossmaybs.duckdns.org
jsspreadew.duckdns.org
markvenm2.duckdns.org
mkys.duckdns.org
momenttoday550.duckdns.org
myday.duckdns.org
nevinxwrm.duckdns.org
vendjksld.duckdns.org
vernotom6.duckdns.org
vrnmmondays.duckdns.org
dial-posters-corporations-des.trycloudflare.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-12%20ScreenConnect_AsyncRAT%20IOCS
# Reference: https://www.virustotal.com/gui/file/a4307eefdf28abe7c3148164e0b539ac01c50b9037099afb972708ad13285d73/detection
# Reference: https://www.virustotal.com/gui/file/b2435f2ad323243d174aea7cb04511ccc1d794a98c2b3b60a25c5841423c90b3/detection
# Reference: https://www.virustotal.com/gui/file/6d385d3e4cc971a1d9528181514b1b087baf6d0dec5915cbae3fb7bd058d8a1e/detection

http://45.74.19.84
15.204.170.41:555
15.204.170.41:6606
15.204.170.41:7707
15.204.170.41:8808
ahyoussef.webredirect.org
akok.winconnection.net
macafee.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/29f3c5f06270cc2b6edd54a49d485edf762a82054ea84f643c57a86e176d3799/detection

194.147.140.138:2200
reverseproxy.con-ip.com

# Reference: https://www.virustotal.com/gui/file/493bf4b452ca75101bcadb25cfe9f2525f67c39e5f1a0c897416aeb8278eb7ec/detection

194.147.140.199:6606
194.147.140.199:7707
194.147.140.199:8808
roolingstone.sytes.net

# Reference: https://www.virustotal.com/gui/file/a790b9a416ef7767ef09e45ad0971eec91f712d362b23f5b13070638f95e3ac9/detection
# Reference: https://www.virustotal.com/gui/file/2ce1a4c789df5d7915e45c979acd87efd3294f9c86b04b1dcb68fdd4a5cae2a7/detection

49.13.200.170:7878

# Reference: https://any.run/malware-trends/asyncrat

ansy.duckdns.org
aobertoferndomip.con-ip.com
asystore.duckdns.org
fat7e007707.ddns.net
johnjo.ddnsgeek.com
johnsonville.ddnsgeek.com
kdfsv.duckdns.org
miguel2024.kozow.com
proceso122024.duckdns.org
torrentsports.co
wangli.cyou

# Reference: https://twitter.com/alex_lanstein/status/1769711805507486034
# Reference: https://www.virustotal.com/gui/file/b77024add128e3b0fd17dd694b06b41a9ff49f6a09488b69df6c981dc4bed62d/detection
# Reference: https://www.virustotal.com/gui/file/b53d6081f93c3405d8bbd8b1ecc24ee73d3c5b7719c0d0bc6c6ddb8ca8c8cdfa/detection
# Reference: https://www.virustotal.com/gui/file/cad704f67c07750fe76eaec079ebc850fa02a54fd5c978e5a8c8a82e147cba0a/detection

0ho.la

# Reference: https://www.virustotal.com/gui/file/bc1dccf2aeeeda040449933ff595cbb7e243ef1be7709012e55134b673c53000/detection
# Reference: https://www.virustotal.com/gui/file/5ea2e0e5450f0ac01aa2288a4f1a60e16965a47b32814dea6d5b308db4171b01/detection

85.102.113.105:9899
85.97.153.196:9899
88.226.148.207:9899
hlevcik.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-03-20)

http://193.124.205.80
http://91.92.254.250
128.90.113.242:9999
128.90.113.56:9999
128.90.122.163:9999
128.90.128.157:9999
128.90.61.78:9999
135.125.21.74:4242
142.11.201.125:8712
142.113.120.107:8080
147.124.217.110:6666
147.124.217.110:8888
147.124.217.110:9999
15.228.170.102:5000
151.81.14.228:8080
154.16.67.94:4242
154.16.67.94:4444
154.27.70.229:4449
154.30.255.175:8887
172.111.148.11:222
172.111.148.61:222
178.73.192.17:2000
181.131.218.39:4041
184.147.209.221:8080
185.117.250.169:3393
185.174.101.80:6606
185.174.101.80:7707
186.170.114.55:1111
187.24.4.94:9999
188.126.90.14:2000
191.88.250.63:4203
191.88.250.63:4208
191.88.250.63:4210
192.159.99.54:8888
193.124.205.80:4608
193.32.162.198:8808
2.58.85.145:6004
2.58.85.145:8808
203.30.9.90:443
206.123.132.164:2000
213.195.119.244:4001
216.250.255.99:6606
216.250.255.99:7707
216.250.255.99:8808
23.26.201.73:5555
23.26.201.73:6666
23.26.201.73:8888
37.120.141.139:1113
38.180.30.53:8080
38.242.236.116:7777
45.134.83.162:6606
45.134.83.162:7707
45.134.83.165:6606
45.134.83.165:7707
45.138.16.228:9090
45.240.136.144:5055
45.94.31.49:8888
45.94.31.49:9999
46.246.84.11:2000
5.161.113.150:25658
51.161.107.68:8808
51.195.231.121:6606
51.195.231.121:7707
51.195.231.121:8808
51.77.68.50:1231
51.89.109.154:6606
51.89.109.154:7707
51.89.109.154:8808
66.225.254.138:7707
66.94.120.244:9999
69.64.95.233:6606
69.64.95.233:7707
69.64.95.233:8808
72.167.134.164:5055
85.99.80.60:888
89.117.49.133:1337
89.117.49.133:1996
89.117.49.133:2000
89.117.49.133:6006
91.92.246.100:4443
91.92.246.100:6606
91.92.246.100:7707
91.92.246.100:8808
91.92.246.134:8808
91.92.246.152:4747
91.92.250.61:3232
94.156.68.16:137
94.156.69.174:6606
94.156.69.174:7707
94.156.69.226:1337
94.156.69.251:6606
aireynvuw.homeunix.com
scambaiter11.ddns.net
windows11.loseyourip.com

# Reference: https://www.virustotal.com/gui/ip-address/178.73.192.2/relations
# Reference: https://www.virustotal.com/gui/file/6bab7f86a6b3d13bd73b22d2dc210713452130fd83d7e1fe455aac8945f6dab8/detection

178.73.192.2:9003
sostener200.duckdns.org
winscapmarzo.duckdns.org

# Reference: https://twitter.com/ULTRAFRAUD/status/1771590513973395666
# Reference: https://tria.ge/240323-vjw6macc4s/behavioral1

download-updata.com
s2.download-updata.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-03-24)
# Reference: https://www.virustotal.com/gui/file/94ece5a7d0c2fd5d90185356145b00e9ffa4f7b595ee02ae4b3771c0462c3bee/detection

103.48.85.6:4449
103.74.172.94:40288
103.74.172.94:4499
104.243.34.3:2003
104.243.34.3:2004
104.243.34.3:4016
107.148.49.57:39632
109.205.162.97:4739
109.205.162.97:8361
109.248.201.153:6606
109.248.201.153:7707
109.248.201.153:8808
113.128.118.199:6606
113.128.118.199:7707
113.128.118.199:8808
113.207.105.195:15806
113.207.105.200:3201
113.207.105.200:8301
113.207.105.224:16804
113.207.105.229:7302
113.207.105.241:9803
117.18.12.59:8880
119.42.170.7:443
120.46.33.65:8848
121.62.63.238:8848
123.99.200.157:2802
123.99.200.158:7223
123.99.200.175:8848
123.99.200.184:2140
124.166.95.10:4449
124.166.95.10:8080
124.248.66.160:6422
124.248.69.96:4449
128.90.122.92:9999
13.36.174.17:6606
13.36.174.17:7707
13.36.174.17:8808
13.66.133.43:6606
13.66.133.43:6821
13.66.133.43:7707
13.66.133.43:8808
13.66.221.58:7707
134.19.177.59:5003
136.244.89.250:3131
139.99.86.164:6606
139.99.86.164:7707
139.99.86.164:8808
141.105.130.87:6606
141.105.130.87:7707
141.105.130.87:8808
141.94.223.150:6677
141.95.84.40:4291
141.95.84.40:6262
142.11.201.122:8712
142.11.201.123:8714
142.11.201.126:8712
142.11.201.126:8714
142.202.242.170:6666
144.208.127.116:7707
144.208.127.116:8808
146.56.230.174:1720
146.56.230.174:4449
146.70.129.19:38371
147.124.212.80:6606
147.124.212.80:7707
147.124.212.80:7777
147.124.212.80:8808
147.124.212.80:8888
147.185.221.16:4040
147.185.221.16:63770
147.185.221.17:33732
147.185.221.17:48347
147.185.221.17:50732
147.185.221.184:41092
147.185.221.18:35708
147.185.221.18:41437
147.185.221.18:43941
147.185.221.18:4449
147.185.221.18:56236
147.185.221.18:7771
147.189.161.48:4449
147.189.161.48:4839
149.127.237.203:6606
149.127.237.203:7707
149.127.237.203:8808
15.237.210.97:4444
153.36.240.58:15092
153.36.240.58:15095
154.204.60.74:6610
154.221.22.54:4449
154.39.238.95:4449
154.48.237.186:8808
154.91.65.150:8848
154.91.65.153:8848
159.146.14.122:1604
159.146.14.122:18068
159.146.14.122:18840
159.146.14.122:4040
159.146.14.122:4782
163.5.215.225:1602
168.119.211.236:115
172.94.105.163:2222
176.150.69.221:42474
176.150.69.221:42475
176.150.69.221:4449
178.20.230.68:4784
179.127.14.82:29000
181.131.216.198:7707
182.254.221.150:4449
185.157.162.206:2191
185.234.247.30:4449
185.253.161.186:4444
186.112.193.255:2404
186.112.203.192:2404
186.168.67.211:2404
186.168.67.211:8888
192.161.193.99:5058
192.161.193.99:5228
192.161.193.99:8848
192.177.111.46:18200
192.177.111.46:4449
193.161.193.99:49207
193.161.193.99:64023
193.222.96.253:4449
193.222.96.47:4462
193.222.96.47:9471
193.233.132.186:4404
193.233.132.186:5505
193.233.132.186:6606
193.26.115.42:100
194.147.140.239:7707
194.33.191.245:2405
194.33.191.3:7391
195.213.0.34:2008
198.44.165.35:5602
198.44.167.139:38795
198.44.167.139:41352
198.44.167.139:57321
198.44.167.215:38795
198.44.167.215:41352
198.44.167.215:57321
198.44.167.231:38795
198.44.167.231:41352
198.44.167.231:57321
2.58.56.152:3232
20.69.96.235:7707
20.98.80.51:6606
20.98.80.51:7707
20.98.80.51:8808
207.32.217.101:8888
207.32.218.138:2002
207.32.218.138:2003
207.32.218.138:2004
207.32.218.138:2005
207.32.218.47:666
212.129.30.248:6000
213.195.124.90:4001
213.195.124.90:4002
213.195.124.90:5001
213.32.243.233:6606
217.64.31.3:3819
217.64.31.3:4871
23.105.131.217:83
24.50.117.82:8848
26.199.97.56:13377
3.6.115.182:11800
3.6.115.182:13997
3.6.115.182:4040
3.6.115.182:4444
3.6.115.182:6080
31.210.20.231:200
31.214.240.57:3232
37.114.41.142:8848
38.147.172.98:6307
38.165.8.185:7771
38.180.91.75:4444
38.54.1.41:4449
39.103.129.63:6606
39.103.129.63:7707
39.103.129.63:8808
40.66.40.50:4173
40.66.40.50:6214
43.138.156.178:6606
43.138.156.178:7707
43.138.156.178:8808
43.240.221.130:9833
43.248.140.94:8848
43.248.140.96:8848
43.251.17.199:4449
45.128.36.146:8848
45.128.96.133:8848
45.131.111.98:4449
45.138.99.2:6606
45.138.99.2:7707
45.138.99.2:8808
45.141.215.32:4449
45.145.224.55:7000
45.145.229.147:9606
45.145.229.148:9604
45.145.229.150:9605
45.15.143.164:6606
45.15.143.164:7707
45.15.143.164:8808
45.76.155.94:6606
45.76.155.94:7707
45.76.155.94:8808
45.76.232.247:6606
45.80.158.48:4449
45.83.31.113:2004
45.83.31.113:8888
45.83.31.113:9999
45.94.31.248:4447
46.246.4.5:2000
46.36.67.36:51566
46.36.67.36:8848
47.104.179.7:8848
47.104.236.243:8848
47.94.3.159:4455
47.94.3.159:8848
5.9.194.71:3232
50.29.244.5:5753
50.29.244.5:6606
50.29.244.5:7707
50.29.244.5:8808
51.195.231.121:6000
51.195.231.121:7000
51.195.231.121:8000
52.59.51.24:1932
54.39.29.90:6606
61.14.233.111:4404
61.14.233.111:5505
64.176.178.205:1989
64.44.167.67:6900
64.56.68.144:8888
66.135.22.80:6000
66.135.22.80:8000
66.135.22.80:8808
66.154.122.230:1337
67.205.154.243:4431
74.81.52.179:33643
76.70.94.161:4449
76.70.94.161:9999
78.186.152.249:1938
78.187.224.170:1604
79.134.225.21:8646
79.134.225.35:6606
79.134.225.35:7707
79.134.225.49:1984
79.134.225.82:3004
8.140.33.34:6606
8.140.33.34:7707
8.140.33.34:8808
80.48.119.72:8848
81.249.25.228:1605
85.105.88.221:6935
85.215.196.156:2222
86.153.66.129:443
86.20.95.188:8080
86.20.95.188:8848
88.232.116.241:3007
88.232.116.241:888
89.148.44.245:443
89.163.221.170:4444
90.8.19.214:7006
91.134.150.149:8808
91.92.242.227:6606
91.92.247.123:5531
91.92.247.161:5531
91.92.247.96:5531
91.92.250.147:5038
91.92.254.14:58004
93.190.10.16:7707
94.156.64.122:8888
95.164.3.135:4449
95.216.85.80:6606
96.9.215.146:6606
96.9.215.146:7707
96.9.215.146:8808
1hitler.accesscam.org
1tapfinn.ddns.net
23preguntas.duckdns.org
28febnde.dynv6.net
2hitler.ddnsgeek.com
404nothere5-52195.portmap.io
404nothere5-62048.portmap.host
404nothere5-63469.portmap.io
46tochristmas15dec.ddns.net
470krlio.shenzhuo.vip
5ra.webredirect.org
999triana999.1cooldns.com
a0979283148.ddns.net
alerts.linkpc.net
aliveafterguard.icu
allay.x3322.net
ancy2024.kozow.com
aoputer.crabdance.com
armandocastillodominio.con-ip.com
asdofugugja883.xyz
asdugvua37vhax.cn
azurecloud-bridge.cn
bebefiin.duckdns.org
bestcoder.duckdns.org
bofa.su
boty.theworkpc.com
buike.kozow.com
chichichi01.duckdns.org
chingyen-23182.portmap.host
cn-wh-plc-1.openfrp.top
competent-elion.193-142-59-177.plesk.page
copyright-sofa.gl.at.ply.gg
cringelord6969.ddns.net
cryptojoke.con-ip.com
cutecat-46661.portmap.host
cyesterbill.chickenkiller.com
danielballesterosdominper.con-ip.com
darkstorm275991.ddns.net
davidricardodom.con-ip.com
dohavevictem2024.duckdns.org
drax2023.run.place
e7team-54210.portmap.host
eaxhost.ddns.net
ech0.theworkpc.com
ekuroak.hopto.org
fat7ola0077.ddns.net
fearme-45002.portmap.host
fearme-55506.portmap.host
fearme-62451.portmap.host
febrerososte.duckdns.org
finessebitcoin.duckdns.org
fl-survivor.gl.at.ply.gg
g6666lrd10424346129.ddns.net
ggghmn8766vg.hopto.org
h2mhost123ontop.ddns.net
hassan.webhop.net
helprxr.duckdns.org
hitler55.dvrdns.org
hitler55.dyndns.org
hmnms.duckdns.org
hoes-truth.gl.at.ply.gg
hsm.theworkpc.com
icant.theworkpc.com
interstellar.onthewifi.com
jksdghfsd.loseyourip.com
jojomo.duckdns.org
kapobiko1.mooo.com
koradon.giize.com
krallarcarding.duckdns.org
kreyze.ddns.net
lemback.dns.navy
littlenerd.duckdns.org
loan-mode.gl.at.ply.gg
loliletnotnoobonf-28917.portmap.host
lolzpopbob-31243.portmap.host
magarodriajhsdbajifuqwe12341safqdv.duckdns.org
mankemane-47945.portmap.io
mariarizazapata09.duckdns.org
martingonzalessoto09.duckdns.org
mcehonline-48303.portmap.io
meowpc-33643.portmap.host
merthamurc.duckdns.org
milan.giize.com
momentdhs.duckdns.org
mono2024.kozow.com
mrrxr.duckdns.org
mydogis.onthewifi.com
myryam.con-ip.com
mytestdns123.mooo.com
mznhr.ddns.net
nabeellasdfasdf-52048.portmap.host
nagerproxysinintercavi8464perringuta.duckdns.org
nasser.is-found.org
ndichinnenanna0110.ddns.net
newhost.dyndns.info
nezo123-21027.portmap.host
non.theworkpc.com
nso1.nsolau.net
okaa0-60956.portmap.host
osso.camdvr.org
patients-councils.gl.at.ply.gg
podejrzanylink.xyz
pooldiaz14.duckdns.org
popo.office-on-the.net
powellfrank.ddns.net
proxy-shady.cloud
quepasa2024.kozow.com
rat.loseyourip.com
rat2024.e3.luyouxia.net
rat34.ddns.net
ratdeniyoz7386.duckdns.org
rawy.ooguy.com
rem-new-2.duckdns.org
reyfelipeborbon.loseyourip.com
richard-foods.gl.at.ply.gg
roscript.ddns.net
rtx.con-ip.com
sandraferreirodominiopersonal.con-ip.com
scrubloader.ru
sdd4514136100juciywrldl.ddns.net
sebastianmindioladomini.con-ip.com
selldrugs.duckdns.org
ser.nrovn.xyz
sfclog.ddns.net
shailputrimt1.publicvm.com
shoes-truth.gl.at.ply.gg
sis.4cloud.click
sis.is-a-blogger.com
sosob9ta.line.pm
spidermanbaba.ddns.net
spiffy-balloon.auto.playit.gg
spongethug.ddns.net
stormx.dynu.net
subdominiodesub.duckdns.org
sunday-survivors.gl.at.ply.gg
swifty123-23089.portmap.host
swifty123-48281.portmap.host
t3fakpraf.ddns.net
talapain.ddns.net
tanta.theworkpc.com
testdamahe.duckdns.org
testdns.ydns.eu
tobacos.ddns.net
torbrowser-39837.portmap.host
torenta2.vpndns.net
travisway-41408.portmap.host
trbe.mentality.cloud
tularz.duckdns.org
usaugen.xyz
utorrent.theworkpc.com
volam2.club
vx2sw7soh8ds5.hopto.org
w3llsfarg0h0st.ddns.net
wandering-field-84417.pktriot.net
wassgoodmane-45751.portmap.host
wassgoodmane-46736.portmap.host
waytovwmk40.ddns.net
whiteshadows.ddns.net
win0090.theworkpc.com
worldxw.xyz
xfreddy2751.duckdns.org
yubarats.ddns.net
yy.webhop.me

# Reference: https://www.virustotal.com/gui/file/c0a969afb972ff37818cbcdad02c52c1cf2a20e94e626eee7fc7c7322b92189c/detection

194.147.140.138:1549
team3004.myddns.me

# Reference: https://twitter.com/malwarelab_eu/status/1772779102849614292
# Reference: https://app.any.run/tasks/1cbca783-8323-474e-aa6a-ca655ed6637e/
# Reference: https://www.virustotal.com/gui/file/e86017b846165690bcaf38242e09df96651aec60e9c2dae4bf50de8ace77f029/detection

154.30.255.175:8890
154.30.255.175:8895
154.30.255.175:8896
bagdg.duckdns.org
hjkdnd.duckdns.org
jdokds.duckdns.org
mdgh.duckdns.org
posters-dial.com
vbdsg.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-03-31)

104.243.37.110:6667
109.199.120.42:2023
128.90.122.170:9999
142.11.201.124:8712
142.11.201.124:8714
172.94.125.164:2222
172.94.8.37:2222
172.94.9.23:222
185.196.10.233:6606
185.196.10.233:7707
185.196.10.233:8808
185.196.11.223:1339
192.227.177.214:7707
194.156.90.112:6666
2.58.56.109:9090
206.123.132.165:2000
38.180.92.22:4444
54.39.29.90:7707
54.39.29.90:8808
88.229.0.76:20000
89.163.221.180:4444
89.163.221.180:8888
91.92.120.13:8888

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-04-03)

128.90.122.249:9999
128.90.123.31:9999
146.103.11.88:6606
146.103.11.88:8808
172.111.137.194:2222
185.174.101.164:8888
185.174.101.246:6006
91.92.241.169:3434
91.92.254.251:8808
94.156.68.16:4443
94.156.69.11:1337

# Reference: https://www.virustotal.com/gui/file/17e26fd4612acbe0b3f6c597e7abac5e1bdfabb50b1017b93c1a836f57202b2c/detection

45.74.7.59:8898

# Reference: https://www.virustotal.com/gui/file/782bb5dccbd7b065aac6ab04ec053097bc9d8031d6e33a3a03692eb33e262926/detection

8.217.140.110:65503
91.204.226.63:65503

# Reference: https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins
# Reference: https://www.virustotal.com/gui/file/8843b83e255dfacd3d78539a144db0a209d0a6772150102904c773a41b39b158/detection

185.252.179.71:8075
markjohnhvncpure.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-04-10)

103.47.147.22:2000
110.42.102.204:7000
123.253.32.76:22
128.90.102.230:9999
128.90.103.14:1018
128.90.103.14:9443
128.90.103.14:9999
128.90.123.160:9999
146.103.11.88:7707
157.254.223.38:6606
157.254.223.38:8808
16.171.25.219:8099
163.172.59.233:6606
167.88.168.110:9090
172.111.131.97:8808
172.111.137.179:2222
172.111.137.180:2222
172.111.245.38:2222
172.111.245.98:2222
172.94.73.133:2222
172.94.73.162:2222
172.94.8.100:2222
177.255.88.116:8020
178.73.218.12:2000
179.13.3.18:8020
185.174.101.246:4444
191.89.247.6:6606
194.26.192.34:666
195.3.223.146:4443
2.58.56.66:4443
207.32.217.79:9090
213.195.121.48:4001
213.195.121.48:4002
213.195.121.48:5001
213.195.121.48:6606
213.195.121.48:8808
31.124.151.205:9000
34.88.143.155:8808
38.180.31.223:2222
38.180.62.112:2222
45.138.16.235:2003
45.77.24.231:9090
46.246.84.8:2000
5.63.21.76:1604
51.116.96.182:3000
52.185.161.226:8808
91.207.102.163:9899
91.92.254.44:1339
91.92.255.45:2000
91.92.255.45:20000
94.156.64.122:9999
94.156.65.159:6606
94.156.65.159:7707
94.156.65.217:6606
94.156.65.217:7707
94.156.65.217:8808
94.156.65.9:6606
94.156.65.9:7707
94.156.65.9:8808
95.216.41.33:82

# Reference: https://www.virustotal.com/gui/ip-address/179.13.2.154/relations
# Reference: https://www.virustotal.com/gui/file/56f60067ded74f202a942df75d72e8ea0f24c2d789658e5796ebba39947b5fa9/detection

179.13.2.154:2141
conesperasehetodo.duckdns.org
conmuchafesi.duckdns.org
deioreseesteo.duckdns.org
dioasamigoayu.duckdns.org
enladediosest.duckdns.org
esesmiodio.duckdns.org
estedominaya.duckdns.org
horastenebb.duckdns.org
listospordi.duckdns.org
lostemasson.duckdns.org
seanamia.duckdns.org
semanticasto.duckdns.org
senderodedios.duckdns.org
seraestemidiadi.duckdns.org
serastefssr.duckdns.org
seremosgagdores.duckdns.org
sistemasparajoy.duckdns.org
trenemfdo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a678475627246ac2716b5618ec5010e67660ab4441367bee23de473449d98c11/detection

185.183.106.85:42069
420.igboat.com

# Reference: https://www.virustotal.com/gui/file/14c66a0b3a199d38a236bed7780258d84c8a3cf335f9397769dc06a17d5707e0/detection

46.246.4.3:8887
adminrodrem.duckdns.org
bypass-asyn.4cloud.click
proxy21.duckdns.org

# Reference: https://twitter.com/banthisguy9349/status/1780489993762332900

103.47.147.18:11113
103.47.147.18:1140
103.47.147.18:12140
103.47.147.18:12141
103.47.147.18:12142
103.47.147.18:12143
103.47.147.18:2000
103.47.147.18:2053
103.47.147.18:222
103.47.147.18:3306
103.47.147.18:3954
103.47.147.18:7800
103.47.147.23:2000
104.156.247.38:2024
104.243.32.185:3389
104.243.32.185:47001
104.243.32.185:5985
151.106.34.168:2224
151.106.34.168:3389
151.106.34.168:5055
156.195.153.143:7547
178.73.218.8:2000
178.73.218.8:5357
178.73.218.8:8888
181.131.216.198:2222
181.131.216.198:8808
181.214.223.125:3389
181.214.223.125:47001
185.196.11.252:1337
185.196.11.252:3389
185.196.11.252:47001
185.196.11.252:5985
191.88.250.63:2869
191.88.250.63:7070
194.105.5.194:3389
194.105.5.194:4444
194.26.192.34:3389
194.26.192.34:47001
194.26.192.34:5357
194.26.192.34:5985
194.33.191.3:3389
194.33.191.3:7070
2.224.144.191:1188
20.2.223.28:3389
20.2.223.28:5555
20.2.223.28:7070
20.226.0.95:3389
20.226.0.95:7707
20.226.0.95:8808
207.32.217.79:3389
207.32.217.79:47001
207.32.217.79:5985
31.124.151.205:8085
45.138.16.235:3389
45.138.16.235:47001
45.138.16.235:5357
45.138.16.235:5985
5.63.21.76:3389
5.63.21.76:47001
5.63.21.76:5357
5.63.21.76:5985
51.81.126.50:3389
51.81.126.50:47001
51.81.126.50:5555
51.81.126.50:5985
51.81.126.50:5986
51.81.126.50:7070
77.134.63.213:1122

# Reference: https://twitter.com/banthisguy9349/status/1780500318846906644

147.124.213.188:222
192.159.99.43:222
192.3.109.131:222
207.244.249.35:222
207.32.219.92:222
212.23.222.206:222
35.233.238.201:222
45.94.31.103:222
51.195.94.201:222
87.120.84.91:222

# Reference: https://www.virustotal.com/gui/file/37c59b4a6bc52f2fa3398bba784ab89b2316c17edf13bb350e2c7dbf5933d285/detection

45.32.168.59:4040
powerdc.dynuddns.net

# Reference: https://twitter.com/r3dbU7z/status/1780877399070015700
# Reference: https://www.virustotal.com/gui/ip-address/185.81.157.148/relations
# Reference: https://www.virustotal.com/gui/file/aba88f736591e30f238049e3585ae6d67a83bc7aed9223b613010b29946939e4/detection
# Reference: https://www.virustotal.com/gui/file/b797141148c613d952a1d86790620a705c3c385daa61eb805a46555105f518cb/detection

192.227.177.214:6606
192.227.177.214:7707
192.227.177.214:8808
raw223111.com
raw3losh2321321w.com
raw39w493.com

# Reference: https://www.virustotal.com/gui/file/f5d4afb68b4ceacbb6d5a5b8b153d55e452f08f1c0c1674b35c904673da5e2cd/detection

82.114.186.73:6606
82.114.186.73:7707
82.114.186.73:8808
myserver7.sytes.net

# Reference: https://www.virustotal.com/gui/file/be0c7f808c76369d03678fae7ed3dac43e292586c2cec1541af9424ade3f6fa5/detection
# Reference: https://www.virustotal.com/gui/file/12cbff9bb36d6f63d5fec636980581530abfb0ad3d3bdd0bbad07892d2637b27/detection
# Reference: https://www.virustotal.com/gui/file/257a49d59b2b2ae5f44688cf4d2cac26f583e121c826787e7046324d9890adee/detection

186.169.47.11:7081
186.169.62.202:1990
njverde1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0c9b67e54ea019fcbcb375de464025d82eb3fb62de692a3492f67c6d6fb93212/detection

186.169.37.89:1988
statusnuevoano1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dcf90d69b4a83839e6b741986745c373a2c386a1a5518cab19133fda1f7f6e16/detection

179.13.0.175:7090
preferenciales12.duckdns.org

# Reference: https://twitter.com/banthisguy9349/status/1783059801255063882

http://91.92.252.220

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/45.94.31.69

45.94.31.69:222

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/51.38.95.108

51.38.95.108:222

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/51.195.94.205

51.195.94.205:222

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/80.94.95.238

http://80.94.95.238

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/87.120.84.126

87.120.84.126:222

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/104.243.32.185

http://104.243.32.185
104.243.32.185:222

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/109.199.101.109

http://109.199.101.109

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/149.102.147.106

http://149.102.147.106

# Reference: https://twitter.com/banthisguy9349/status/1783409848576516361
# Reference: https://urlhaus.abuse.ch/host/154.12.231.18

http://154.12.231.18
154.12.231.18:443
154.12.231.18:90

# Reference: https://www.virustotal.com/gui/file/731a20791887573ed4bd909011e707ae8be38524b43b54e798a97ab2d96d76b4/detection

80.133.66.162:7777

# Reference: https://www.virustotal.com/gui/file/90a2c2490d375e84023257c2698971641714043e140b07d90207fe31e6e20efa/detection

151.95.173.129:255
cholito1312.ddns.net

# Reference: https://twitter.com/x3ph1/status/1784948127226568770
# Reference: https://www.virustotal.com/gui/file/64f373211953aa5e294e9d7dee8dee07866ceb7fa944f8c5845792489433afb6/detection

144.76.71.93:313
eve.now-dns.net

# Reference: https://www.virustotal.com/gui/file/eb8cc36d9f0c3ac66b51583fa0674e50c911cfddcacdb3b7111583a0caf0ca76/detection

45.133.174.75:8795
aysmasterpro.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1786305462133997951
# Reference: https://www.virustotal.com/gui/ip-address/91.92.247.100/relations
# Reference: https://app.validin.com/detail?find=Invoice%20Informations&type=raw&ref_id=03cfa3a9c25#tab=host_pairs

http://91.92.247.102
invoiceinformations.com
invoicesinformation.com
liket.top
myposty.bond
au.liket.top
au.myposty.bond

# Reference: https://urlhaus.abuse.ch/browse/tag/AsyncRAT/ (# 2024-05-03)

http://1.14.206.144
http://104.243.38.245
http://109.172.45.94
http://116.62.11.90
http://141.98.6.105
http://142.11.211.80
http://157.254.223.253
http://158.69.131.146
http://159.223.189.221
http://16.171.25.219
http://172.96.172.203
http://176.107.185.29
http://178.33.57.158
http://185.117.91.202
http://185.196.8.223
http://185.216.70.70
http://185.241.208.181
http://185.241.208.97
http://185.252.178.121
http://185.81.157.148
http://185.81.157.152
http://185.81.157.213
http://185.81.157.244
http://192.119.74.208
http://192.3.109.131
http://192.99.180.181
http://193.26.115.238
http://193.34.212.17
http://193.42.32.101
http://194.213.3.23
http://195.133.40.128
http://195.178.120.137
http://198.46.178.147
http://20.127.168.10
http://209.126.7.24
http://38.242.242.149
http://41.216.188.20
http://45.12.253.105
http://45.154.98.81
http://45.80.158.237
http://45.92.1.59
http://5.206.227.251
http://51.89.109.154
http://62.171.178.45
http://65.21.177.234
http://77.221.151.42
http://77.91.68.249
http://79.110.62.189
http://79.137.202.195
http://84.54.50.9
http://85.209.133.106
http://85.209.176.59
http://85.239.240.244
http://85.239.241.136
http://86.68.222.14
http://88.218.61.219
http://91.92.240.177
http://91.92.242.80
http://91.92.247.100
http://91.92.252.85
http://93.123.39.225
http://93.123.39.68
http://94.156.128.246
http://94.156.69.208
http://94.156.69.220
http://94.156.71.212
http://94.156.79.216
http://95.216.192.137
104.243.38.245:222
104.243.44.136:666
107.161.81.150:222
129.213.49.94:8888
141.98.6.105:222
147.124.212.80:222
156.96.156.177:222
18.118.199.163:353
185.16.38.38:555
185.81.114.175:642
185.81.157.104:222
185.81.157.108:222
185.81.157.142:222
185.81.157.150:222
185.81.157.152:222
185.81.157.152:333
185.81.157.1:222
185.81.157.219:222
185.81.157.244:222
185.81.157.24:222
193.26.115.174:222
193.26.115.230:555
198.12.81.135:222
198.20.177.229:444
200.98.145.181:8888
4.229.235.23:222
45.12.253.107:222
45.128.96.133:8000
45.128.96.204:222
45.138.16.39:222
45.141.215.109:555
45.76.232.247:222
45.80.158.168:222
45.81.39.110:222
45.90.222.198:8080
5.249.163.134:333
51.161.61.92:222
51.195.94.209:222
51.222.98.70:222
51.89.109.154:3000
51.89.212.151:222
84.54.50.9:222
86.48.18.223:666
91.92.240.177:888
91.92.253.239:888
91.92.254.77:222
94.156.69.35:222
94.72.113.52:770
24help.ooguy.com
2m-store.com
a0920080.xsph.ru
adminigobnal.store
anonhost.in
arm-cc.com
arthurcambell.ac.ug
autoenhancer.tech
autoupdate.com.ua
ayazsehk.beget.tech
beautifulqueen.com.br
buypropertyinuae.com
carthagefire.net
cdn-120.filechan.org
cdn-130.filechan.org
chrisco-upperroom.org
documentacionrav003483980903884833.blogspot.com
duckz.online
eionsfsjk.tk
f0868357.xsph.ru
familyfontsview.mooo.com
file-drop.cc
fransceysse.ac.ug
hydramecs.com
invitadoscarlsjr.mx
jonnyomar.xyz
joshbystrom.com
js-hurling.com
kareemovic22.webredirect.org
maincoon.frido19777.repl.co
makkahmart.org
mphasistech.com
mrfreeman.shop
mrfreeman.xyz
nestlejobs.tk
okokokokokok.khaby.lol
paldo.ac.ug
pmjo.fra1.cdn.digitaloceanspaces.com
pub-bfce74d1910148989228a2ae7c102b8a.r2.dev
rec4.tv
s2r.tn
s3rrrv3r.xyz
sbs-sysco.com
sinopecllc.top
solutionsinengineering.com
specialetrt.online
theemirateshills.com
thrivetrail.org
totalhorsehealth.com
tr62gf3t.ngrok.io
tractorandinas.com
upload.vina-host.com
vps-135c3c5b.vps.ovh.ca
vptriathlon.com
winderswonders.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-05-03)

103.249.112.118:8848
128.90.103.36:9999
128.90.123.67:9999
128.90.128.169:9999
136.175.8.35:444
136.175.8.35:4444
139.99.133.66:6666
142.202.191.162:222
154.53.42.53:8448
154.53.42.53:8847
156.195.128.36:8000
163.5.210.97:3307
172.160.240.225:7654
172.160.240.225:8976
179.14.9.152:2020
181.131.217.222:4203
184.174.96.94:2222
184.174.96.94:4444
184.174.96.94:5555
184.174.96.94:8888
184.174.96.94:9999
194.26.192.196:1610
207.32.219.85:8888
213.252.247.202:222
213.252.247.202:6606
216.250.252.159:50545
41.43.199.238:8000
46.246.14.22:2000
51.195.145.87:7071
78.161.0.177:3001
78.185.140.143:81
85.97.168.208:20000
87.121.105.4:8797
88.229.18.221:20000
88.229.18.221:888
91.92.247.15:8008
91.92.250.227:7707
91.92.253.249:6606
91.92.253.249:7707
91.92.253.249:8808
93.71.184.63:6606
94.156.65.26:6006
94.156.65.26:7777
95.211.208.153:6606
95.211.208.153:7707
95.211.208.153:8808
hjdsasync.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0225ab7231a491eba5d422b3fc0589d02b3f35525740ed804c635c3272e43985/detection

194.26.192.57:222
194.26.192.57:5552
194.26.192.57:57114
194.26.192.57:8808

# Reference: https://www.virustotal.com/gui/file/71a53e0ee0dbb54b4125b864908a5335d7dbbafb723f6dcd60c5560f1fb6ed40/detection

197.58.43.133:54984
197.58.43.133:6606
197.58.43.133:7707
197.58.43.133:8808

# Reference: https://twitter.com/CyberRaiju/status/1787013536549679292
# Reference: https://twitter.com/c_APT_ure/status/1787046377035309389

102.188.149.156:6666
102.46.149.233:6666
102.47.223.168:6666
105.196.137.169:6666
194.127.178.224:6666
196.157.103.228:6666
197.132.65.63:6666
197.37.104.46:6666
197.37.111.190:6666
197.37.140.174:6666
197.37.198.12:6666
197.37.229.172:6666
197.37.233.55:6666
197.37.33.248:6666
197.58.154.105:6666
197.58.43.133:6666
41.43.12.86:6666
41.43.55.99:6666
41.68.112.224:6666
41.68.56.78:6666
41.69.33.153:6666
41.69.35.144:6666
41.69.47.180:6666

# Reference: https://twitter.com/banthisguy9349/status/1787421260575600786
# Reference: https://www.virustotal.com/gui/file/1b8a7847861a5325f1f0c4c1586e28fda420b9b32c6fcbfad31c4dbd479d5134/detection

103.195.103.142:443
103.195.103.142:90
103.195.103.142:6606
103.195.103.142:7707
103.195.103.142:8808
45.88.91.145:443
66.94.120.219:443
85.239.240.244:443
94.156.79.216:443
evolve27.com
sirdff309.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/87.121.105.4/relations
# Reference: https://www.virustotal.com/gui/file/15fe3ab91a5454d888ceec3916cac3d80de7b79fe650c843522605ff4b73122d/detection

87.121.105.4:8896
ghshe.duckdns.org
hjxwrm5.duckdns.org
kdke.duckdns.org
nmds.duckdns.org
undjsj.duckdns.org

# Reference: https://twitter.com/alex_lanstein/status/1788269323020280277
# Reference: https://www.virustotal.com/gui/file/2f8dc972e9ec1b47d2beb064776d2df9778d253a5030870405843bed0fb32640/detection
# Reference: https://www.virustotal.com/gui/file/4ee40029d668e951398af606ed60163cfba237dda047f98c13f53937411d9fde/detection

193.222.96.124:5050
193.222.96.124:7287

# Reference: https://twitter.com/karol_paciorek/status/1788556707620159734
# Reference: https://www.virustotal.com/gui/file/29841f038da6a26dac5df28f23b4adcb080f5b0a2312bf996c8073940849eef6/detection
# Reference: https://www.virustotal.com/gui/file/4eedc7ed6ade620eef8eb160d18518afc9c59eb262baf8a9fdbe758fb611b6f0/detection

http://45.88.186.125
193.222.96.193:81
45.61.150.201:6606
45.61.150.201:7707
45.61.150.201:8808
45.88.186.125:6606
45.88.186.125:7707
45.88.186.125:8808
beshomandotestbesnd.run.place

# Reference: https://twitter.com/banthisguy9349/status/1789341523823169815
# Reference: https://urlhaus.abuse.ch/host/45.138.16.97/

45.138.16.97:222

# Reference: https://www.virustotal.com/gui/file/3bc93aa2bfad02c3e93e87242b7789c657d72d983b8f10daaaccd6ad935b2a4e/detection

185.29.11.28:43147
obime.duckdns.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-05-17-v10598/1649

bangkok-generally-ensemble-nfl.trycloudflare.com
invoice.trycloudflare.com
invoicetrycloudflare.com
loaded-swift-degrees-packages.trycloudflare.com
maintenance-princess-musical-vocational.trycloudflare.com
nail-lists-compact-project.trycloudflare.com
oral-career-renewable-bacterial.trycloudflare.com
snap-guide-leeds-des.trycloudflare.com
tired-shareholders-reservoir-talked.trycloudflare.com

# Reference: https://x.com/banthisguy9349/status/1792886215479349594

141.11.109.151:8000

# Reference: https://x.com/karol_paciorek/status/1793201205050499327

185.196.11.223:1339
185.196.11.252:1339
85.239.241.136:1339
91.92.249.94:1339
94.156.64.207:1339
94.156.69.136:1998
94.156.69.226:1998
leetboy.dynuddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-05-22)

http://156.195.80.192
http://156.195.84.201
http://181.214.223.125
http://193.111.125.200
http://88.138.253.60
http://94.156.8.44
103.1.40.154:8000
104.234.204.57:7707
104.250.169.165:2222
12.202.180.134:8797
128.90.103.12:9999
128.90.103.39:9999
128.90.122.129:9999
128.90.123.108:9999
128.90.123.87:9999
135.125.21.74:4545
136.175.8.56:9090
14.164.99.119:8080
147.135.165.29:6606
147.135.165.29:7707
148.163.101.182:6606
151.106.34.110:8081
156.195.143.153:443
156.195.80.192:8080
165.227.44.40:6606
172.105.121.169:6606
172.105.121.169:7707
172.105.121.169:8808
172.111.148.205:222
172.111.148.95:222
172.111.169.67:2222
172.111.216.199:7707
172.111.216.4:6606
172.111.216.4:8808
173.211.46.114:6606
173.211.46.114:7707
173.211.46.114:8808
178.215.236.224:4444
178.73.192.2:2000
179.13.4.37:8082
18.192.31.165:15221
185.104.195.215:1337
185.104.195.215:4444
185.196.11.252:4444
186.102.167.18:6606
186.137.33.82:2112
187.24.4.218:9999
192.227.228.34:8808
193.38.34.125:2000
195.26.240.251:9999
198.23.227.175:8881
199.223.235.67:8808
2.29.196.40:9000
200.9.154.160:10000
202.133.88.95:8080
204.12.199.30:6606
204.12.199.30:7707
204.12.199.30:8808
207.246.64.185:6161
209.145.56.0:7788
213.195.117.131:5001
213.195.126.87:5001
3.125.102.39:15221
3.125.209.94:15221
3.125.223.134:15221
34.41.72.142:2000
4.233.217.192:8808
45.126.209.172:5555
45.126.209.172:6666
45.126.209.21:4444
45.126.209.21:7707
45.126.209.21:7777
45.126.209.21:9999
45.126.209.49:6666
45.126.209.67:7707
45.126.209.70:6666
45.128.96.103:6666
45.128.96.103:8808
45.128.96.204:6666
45.141.215.159:8088
45.88.186.197:4444
45.88.186.197:6666
45.88.186.197:7777
45.88.186.197:8888
45.88.186.241:6606
45.88.186.241:6666
45.88.186.62:8888
45.88.90.224:2222
46.246.6.18:2000
46.246.80.12:2000
46.246.80.15:9004
47.245.105.90:9876
5.249.165.126:9090
5.252.53.186:1337
51.195.211.231:1337
51.195.94.205:6606
51.195.94.205:7707
51.195.94.205:8808
51.254.53.24:4449
51.81.105.250:8808
51.81.169.92:6606
51.81.169.92:7707
51.89.158.68:8888
54.39.216.104:2222
64.23.156.73:4047
66.66.146.74:9511
78.161.80.54:888
78.179.134.46:3000
78.179.134.46:888
78.179.247.213:888
79.110.49.252:6606
79.110.49.252:7707
79.110.49.252:8808
84.247.154.81:6606
84.247.154.81:7707
84.247.154.81:8808
84.38.134.107:59543
85.107.228.217:20000
85.107.228.217:3001
85.107.228.217:7070
85.107.228.217:888
85.114.96.11:1602
85.209.133.18:4545
85.239.237.148:2005
87.121.105.252:6606
89.39.106.35:1339
91.110.144.65:9000
91.219.62.14:8888
91.92.246.53:5554
91.92.248.82:4443
91.92.248.82:8900
91.92.250.227:6606
91.92.251.136:8900
91.92.251.153:8900
91.92.251.159:4443
91.92.251.159:8900
91.92.251.179:8900
91.92.251.245:8900
91.92.251.57:1337
91.92.254.201:4443
91.92.254.201:8900
91.92.254.21:8900
91.92.255.108:6606
91.92.255.108:7707
91.92.255.108:8808
91.92.255.16:8900
91.92.255.182:4444
91.92.255.190:6606
91.92.255.190:7707
91.92.255.190:8808
91.92.255.220:6606
91.92.255.25:4443
91.92.255.25:8900
91.92.255.79:8900
94.130.130.51:1919
94.156.10.12:443
94.156.64.21:4443
94.156.64.21:8900
94.156.64.51:4443
94.156.64.51:8900
94.156.64.5:8900
94.156.64.90:8900
94.156.65.181:3434
94.156.67.103:6606
94.156.67.103:7707
94.156.67.103:8808
94.156.67.112:6606
94.156.67.214:4444
94.156.67.214:6006
94.156.67.214:7777
94.156.67.214:8008
94.156.69.161:8900
94.156.69.163:8900
94.156.69.164:8900
94.156.69.165:4443
94.156.69.165:8900
94.156.69.166:8900
94.156.79.216:8888
94.156.8.44:443
94.228.162.82:6606
94.228.162.82:7707
94.228.162.82:8808
95.7.175.50:20000
afterksmelipandmahdiimadss.ddns.net
character-acquisitions.gl.at.ply.gg
comas.sells-it.net
comm.sells-it.net
coms.sells-it.net
comss.sells-it.net
de-engines.gl.at.ply.gg
goodone.loseyourip.com
linux-treatment.gl.at.ply.gg
mark1234567.ddns.net
nerakar.duckdns.org
strekhost2085.con-ip.com
twinks234.duckdns.org

# Reference: https://x.com/banthisguy9349/status/1793331162502353303

http://94.156.69.134
http://94.156.69.246

# Reference: https://www.virustotal.com/gui/file/11d0a663c5d6ee1b77b3a62d755c11312598ebaa10fda764b1551b106ef517a8/detection

191.88.248.162:6606
191.88.248.162:7707
191.88.248.162:8808
telegramsystem32dn.duckdns.org

# Reference: https://www.virustotal.com/gui/file/94907cb7c5a3d388de870383d35ed9d8564985fd5d913403b2888f8c42583dd5/detection

181.131.216.141:1524
canastapatrones.con-ip.com
paseoencarro2024.con-ip.com
pasoscon.con-ip.com
pasticosmemos.con-ip.com
remixripiolo.con-ip.com

# Reference: https://www.virustotal.com/gui/file/a8eea383b255aa5e3f762534e08b635697ddf21aeba04bef038eb9c647b516f3/detection
# Reference: https://www.virustotal.com/gui/file/a87e8ab853de960f05f82b36d0a604a50d1af983a6a14d764508402c2d8d2a69/detection
# Reference: https://www.virustotal.com/gui/file/e5321f397068d010f4c218d85eea1d878a3905031b2477c2330ea218845d7727/detection

181.141.2.226:1013
181.141.4.186:1013
181.141.4.186:1014
loggedestadosundns.duckdns.org
segundoservestadosuni.duckdns.org
vanyplasserrem.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2b335c518a6168241e941c02c1fb91012dbd0f9171531718b60d1a162b1f28ab/detection

177.255.88.252:5023
aefw3rgevoyv7bgnwev.con-ip.com

# Reference: https://app.validin.com/detail?find=181.141.0.0%2F24&type=ip&ref_id=cca0920a3a7#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/52abf2d9d26529b8d17b31ce9ae97329c68d1bea55033d5217f21b2370ae664e/detection

181.141.0.182:1800
asrhadhf.duckdns.org
ayudamedios.con-ip.com
bdmtnz.ddns.net
bendicionespatoelmundo.duckdns.org
carteraada.duckdns.org
comercdgvhhn.duckdns.org
dfghwfh.duckdns.org
dfgsdkfasjfaslfnalf.duckdns.org
dfjeyj.duckdns.org
dfsdhdsvasgfh.duckdns.org
dgfdsafyjdgj.duckdns.org
dgjhdvfjdsklasdlas.duckdns.org
dgysru.duckdns.org
enviocacha.duckdns.org
fagheklolkdhsk.duckdns.org
fastidiasdf.duckdns.org
fgfdshrt.duckdns.org
fghff.duckdns.org
fneibvuwcusd.duckdns.org
gabriela2021.duckdns.org
gdjsbdsbdkbk.duckdns.org
gfhjrrb.duckdns.org
gsgdgjghkfgbdf.duckdns.org
guejsyatidjkgh.duckdns.org
hdjdksnshjcsc.duckdns.org
hjgxadfa.duckdns.org
jfusdhakdnfjf.duckdns.org
jgffgstst.duckdns.org
relucas.con-ip.com
rswerfressd.duckdns.org
santuario.con-ip.com
sdhqrth.duckdns.org
sdhrt.duckdns.org
volvimosfuertesdios.con-ip.com
wrytrioag.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4f9ae5b89c89e5c79c53db694d4d67e2d9b3c47c7389c8c3899dedbc9e92be76/detection
# Reference: https://www.virustotal.com/gui/file/c7c5e47db28796b3f6ece9dea26af6aa9b960c7a2e628434b245a344be469c3f/detection

20.117.108.240:5612
20.117.108.240:7825

# Reference: https://x.com/karol_paciorek/status/1797594552758411301

12.202.180.134:8797
asyncss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/250b462897a479fdcd5b11e5deb8b86decd999dc97e1062ea151cc4db997f168/detection

dhhj.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e596d827af9b25d8348caffa981f5ef4a6ea88bfcfb35e5a5d2d337d6bf90aa9/detection

103.156.90.165:6703
103.156.90.165:7301
103.156.90.165:8890
strig3982.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1798618849040113999
# Reference: https://www.virustotal.com/gui/file/a9ee57985d3757c31f8529dc176889069d0a1ff57d2cc0a02152f17266c0a725/detection
# Reference: https://www.virustotal.com/gui/file/98436572cf0f7a2b027582b07c3327decea5a5ede68b0d49dfaf75b86ba9cdad/detection

http://46.102.174.48
91.92.254.123:8848

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-07-08)

103.179.189.111:8848
110.42.248.7:4449
185.196.10.81:4449
191.88.248.178:3008
194.26.192.147:7244
194.59.31.74:5552
195.10.205.90:4608
198.55.115.39:6606
198.55.115.39:7707
198.55.115.39:8808
23.227.196.84:6606
66.235.168.242:3232
66.235.168.242:4449
80.76.49.162:4545
85.209.133.248:4449
91.92.243.101:1081
94.232.249.90:8848
unio.bumbleshrimp.com

# Reference: https://urlhaus.abuse.ch/url/2864552/

postaipay.top

# Reference: https://x.com/banthisguy9349/status/1799493903021723748
# Reference: https://www.virustotal.com/gui/ip-address/109.199.101.109/relations
# Reference: https://www.virustotal.com/gui/file/dbf24ee62e11f79ecb32f6cda9e8ab0cec3e8c12789acaf9f73cae9db6a02ef1/detection
# Reference: https://www.virustotal.com/gui/file/34f6634f4d992f3159096ba6bd46592ad15e43fafc40f589c0c77c3581a6e907/detection
# Reference: https://www.virustotal.com/gui/file/193175474fa67a46cacd15c7c3221b4e9f50b1a68074437bc2a81bf9f10a225d/detection

http://109.199.101.109
109.199.101.109:1000
109.199.101.109:770
ch3.theworkpc.com
world1.webredirect.org

# Reference: https://www.virustotal.com/gui/file/fd8d402ef7a6c8c46c03fac9f89893d71360d0dcff12b67f34024d66dbe04373/detection

184.75.214.163:12380
96.47.229.59:13293
asyn.airdns.org
asyn.anondns.net

# Reference: https://app.validin.com/detail?type=ip&find=64.42.179.59#tab=resolutions

alex-ssh.airdns.org
artemi.mooo.com
bettyscupcakes.ddns.net
campbellm.duckdns.org
checkout.awsmppl.com
hanli.dedyn.io
jetbear.duckdns.org
micropython.duckdns.org
rbl.ddns.net
runningbrushln.asuscomm.com

# Reference: https://x.com/IronNetTR/status/1801285491431555328

135.181.65.141:4099
45.80.158.22:9090
45.94.31.124:6606
45.94.31.124:7707
45.94.31.124:8808

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-06-13)

168.119.119.140:8808
172.232.239.216:8808
45.74.25.39:6606
45.8.146.124:2005
51.81.30.54:7707

# Reference: https://www.virustotal.com/gui/file/c767c1608932a04a286984d8f940d9cb2acdeb4cfc4f885bb836518589fb65fd/detection
# Reference: https://www.virustotal.com/gui/file/6927cee8b7d0f4b7934d9c439945ef0e9fe854a2e7e06ebd69e9e4860c6e1f1d/detection

157.173.197.177:6606
157.173.197.177:7707
157.173.197.177:8808

# Reference: https://x.com/banthisguy9349/status/1801548426288472405

61.160.213.14:48596

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-06-15)

http://108.174.200.80
http://157.254.223.212
http://45.83.31.241
http://98.67.161.144
103.195.102.21:5555
104.223.22.86:7777
104.223.22.86:8888
104.234.195.153:8888
104.238.173.66:6606
107.175.31.172:6606
107.175.31.172:7707
108.165.237.196:7707
108.174.200.80:8808
115.223.43.224:8888
128.90.113.119:9999
128.90.113.241:9999
134.255.217.251:7707
136.243.111.71:3000
136.243.111.71:888
136.243.151.123:110
136.243.151.21:2000
136.243.151.21:6606
136.243.151.21:9990
136.243.151.21:9999
142.11.201.122:8715
142.11.201.122:8716
142.11.201.123:8715
142.11.201.123:8716
142.11.201.124:8715
142.11.201.124:8716
142.11.201.125:8715
142.11.201.125:8716
142.11.201.126:8715
142.11.201.126:8716
142.202.240.93:7777
142.202.240.93:8888
147.135.165.29:8808
149.56.30.19:8808
154.17.167.74:7707
154.194.50.163:6606
157.20.182.6:4443
158.220.83.114:6606
158.220.83.114:7707
162.244.210.243:6606
162.244.210.243:7707
162.244.210.243:8808
162.244.210.92:6606
162.244.210.92:7707
162.244.210.92:8808
162.244.210.96:6606
162.244.210.96:7707
162.244.210.96:8808
163.5.64.209:6000
163.5.64.209:7000
163.5.64.209:8000
168.119.211.236:116
168.119.211.236:117
168.119.211.236:119
172.81.60.16:443
178.73.192.10:2000
179.13.4.37:8020
185.196.11.252:1338
185.196.11.252:1999
185.212.47.40:1998
185.212.47.40:2000
185.212.47.40:20000
185.212.47.40:5000
185.212.47.40:5555
185.212.47.40:8888
185.241.208.213:8080
185.62.86.134:555
186.137.33.82:2113
192.250.225.3:5020
192.250.225.3:5600
192.250.226.28:7066
193.26.115.74:6606
193.26.115.74:7707
193.26.115.74:8808
194.26.192.194:6666
194.26.192.194:9999
194.26.192.34:222
195.3.223.146:6667
195.3.223.146:6668
207.174.26.100:5505
207.32.218.51:8080
213.195.117.131:4001
213.195.117.131:4002
213.195.117.131:5003
213.195.117.131:6606
213.195.117.131:7707
213.195.117.131:8808
213.252.247.202:555
213.252.247.202:8808
38.180.92.22:2222
38.180.92.22:3333
38.180.92.22:5555
41.216.188.58:8808
45.126.209.49:5555
45.126.209.67:6606
45.126.209.67:8808
45.8.146.124:2004
45.88.186.241:4848
45.88.186.241:7707
45.88.186.241:8808
46.4.37.212:82
51.195.76.65:6606
51.195.76.65:7707
51.195.76.65:8808
51.77.113.177:222
51.77.113.177:2222
51.77.113.177:6606
51.77.113.177:7707
51.77.113.177:8808
51.77.113.177:888
51.77.113.177:8888
51.81.105.250:6606
51.81.105.250:7707
51.89.207.240:8088
54.39.216.104:555
54.39.216.104:5555
54.39.216.104:777
54.39.216.104:7777
61.14.233.130:6606
61.14.233.130:7707
61.14.233.130:8808
66.225.254.182:443
66.225.254.182:6606
66.225.254.182:7707
66.225.254.182:8808
66.225.254.222:6606
66.225.254.222:7707
66.225.254.222:8808
93.123.39.166:2222
94.130.130.51:116
94.130.130.51:117
94.156.69.169:4444
94.156.69.169:5555
94.156.69.169:6006
94.156.69.169:6606
94.156.69.169:6666
94.156.69.169:7707
94.156.69.169:7777
94.156.69.169:8008
94.156.69.169:8808
94.156.8.181:7777
94.156.8.181:8888
94.156.8.54:9999
95.216.41.33:83

# Reference: https://x.com/karol_paciorek/status/1802255896355000653

12.202.180.114:8797
ghdsasync.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c067efbc87b2ada250df9e72f9daad58f3789fda430cfa38817fc17c4358ac0e/detection

106.54.204.119:5050

# Reference: https://www.virustotal.com/gui/file/b3228db9bbc763295df17ec8c46d2a68bb6bba6f3300251ad0d90006b10cd979/detection

110.42.255.125:5050

# Reference: https://x.com/k3yp0d/status/1802636686238638088
# Reference: https://perception-point.io/blog/operation-red-deer/
# Reference: https://www.virustotal.com/gui/file/2a27a38de7465dbbfcf49f70cba4c348af659fb2d2623c7c7756334bc548960c/detection

149.102.147.106:550
149.102.147.106:90
194.26.192.174:222
45.80.158.65:2005
salah2.webredirect.org

# Reference: https://x.com/ShanHolo/status/1802993175637696869
# Reference: https://www.virustotal.com/gui/file/fb7138752fb4c7bce1d21471f820f05ef71ed77d1f761f4c56baca036b8d646b/detection
# Reference: https://www.virustotal.com/gui/file/ee78fefba7a8a09c433a3d6a41e130f04a39b946e0334460d8d4f0456bb3aeab/detection
# Reference: https://www.virustotal.com/gui/file/a921f5b1086e398f226a6e4d0720eec65548deae54e5c93f083b482f757ddd6b/detection
# Reference: https://www.virustotal.com/gui/file/97af53988ade69e98cad451478796dcaaa01aae88175f959bb084218123a4202/detection
# Reference: https://www.virustotal.com/gui/file/7eef14dbead999058d4128a195c533d0a016de055ac2364a87a131a677c18e40/detection

http://89.213.177.87
89.213.177.87:443

# Reference: https://x.com/K_N1kolenko/status/1803380619587535355

72.5.43.15:4449
80.76.49.148:4545

# Reference: https://asec.ahnlab.com/en/66790/
# Reference: https://www.virustotal.com/gui/file/e4358dfec6b848ffd5cf195a4055a3619c47432170281da3617c7110ec8e9e72/detection
# Reference: https://www.virustotal.com/gui/file/55f047455519bc3cd96322361a66cd3667293f50811afe16c553382fa443465c/detection

118.41.52.88:3255
119.201.129.13:3255
121.181.165.56:3255

# Reference: https://x.com/K_N1kolenko/status/1803687246203138405

123.56.8.218:9215
2.58.56.168:4449

# Reference: https://www.virustotal.com/gui/file/a595fea24e86e504bc4e5936979f51b6376e5bec1fd7ba25be00eddb067805eb/detection

160.154.253.51:3615

# Reference: https://www.virustotal.com/gui/file/1b43831c91e21c1d2b8854f0d871d0770473132cf0c4f6e9e82152f96f60049b/detection

160.154.253.51:8204
endgame.sytes.net

# Reference: https://x.com/K_N1kolenko/status/1805833957214241211

1.26.179.43:8848
1.31.93.59:8848
110.6.28.25:8848
110.6.31.1:8848
124.67.198.80:8848
194.55.186.121:1313
94.156.8.65:8080

# Reference: https://x.com/K_N1kolenko/status/1806200263536947587

86.208.62.200:4449
93.123.39.250:31145

# Reference: https://x.com/banthisguy9349/status/1806367283746332812
# Reference: https://x.com/NDA0E/status/1806371737522552833

104.243.47.93:222
172.93.111.165:6666

# Reference: https://www.virustotal.com/gui/file/bb3f2ff46e9dae66cf62c6e7606a66d02b65abc8dac96e96acd554ebf6fd40ad/detection

136.243.111.71:5500
services-line2.freeddns.org

# Reference: https://www.virustotal.com/gui/file/18e58d0adbdcb4dd150e75f6580e612afc92da61bdeaf32d768e4393a1ebafe0/detection

85.100.179.157:20000
88.246.94.229:20000
ultra.webredirect.org
webextension.accesscam.org

# Reference: https://www.virustotal.com/gui/file/da8cbc01230c7de6230f933355c8db5c5ec8b0d4df8b0fe2b293477a99332ade/detection

147.185.221.20:45478
during-goto.gl.at.ply.gg

# Reference: https://x.com/K_N1kolenko/status/1806586425044804026

194.55.186.155:2424
94.156.79.137:5650

# Reference: https://x.com/ShanHolo/status/1806608159491924450
# Reference: https://www.virustotal.com/gui/file/e35692b4f8b054ac141f02c5eafadf49340f89a51aea1aecc163460516b8dfb4/detection

136.243.111.71:155

# Reference: https://x.com/80vul/status/1807059491340333475

35.194.215.14:111
35.194.215.14:5985
35.194.215.14:85

# Reference: https://www.virustotal.com/gui/file/44e26831198bfdcdcc8e8dfb22cb3c2dac765435fd8e10f83a8a73319efd6e33/detection

94.232.249.111:6606
94.232.249.111:7707
94.232.249.111:8808

# Reference: https://x.com/K_N1kolenko/status/1807648901589074375

216.250.252.142:4449
45.40.96.164:3232
47.242.70.176:8848
5.180.155.164:2020

# Reference: https://www.virustotal.com/gui/file/000bfb90323a9ed3927b5a1d691fab2e920070bf78745f003d5a82e695eaaa97/detection

147.185.221.20:31102
it-postage.gl.at.ply.gg

# Reference: https://x.com/banthisguy9349/status/1808888209306251349

http://104.223.22.86
http://212.70.149.205
http://23.26.76.239
http://23.94.126.49
http://38.22.104.227
http://51.89.34.245
http://66.225.254.182

# Reference: https://x.com/ScumBots/status/1808685459188453390

101.99.92.203:4449

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-07-06)

http://197.0.49.10
http://41.62.90.108
128.90.113.125:9999
128.90.113.88:9999
128.90.128.115:9999
136.243.111.71:20000
136.243.111.71:20001
142.11.201.122:8713
142.11.201.123:8713
142.11.201.126:8713
147.189.170.37:7777
154.12.229.73:1994
157.20.182.5:9898
163.5.112.100:6606
163.5.112.100:7707
163.5.112.100:8808
172.111.150.131:2000
172.111.150.139:2000
172.111.150.142:2000
172.232.164.13:6606
172.232.164.13:8808
178.73.218.22:2000
185.104.195.215:2005
185.216.70.112:7777
185.241.208.181:9090
191.93.113.10:9003
193.26.115.30:8808
195.174.240.3:25
20.199.8.16:1726
213.195.117.131:5000
34.126.174.34:20000
34.126.174.34:2001
34.126.174.34:3000
34.126.174.34:3002
34.126.174.34:888
45.66.231.254:4444
45.66.231.254:5555
45.66.231.254:6006
45.66.231.254:7777
45.66.231.254:8008
46.246.6.14:2000
46.246.84.10:2000
51.81.24.83:3333
54.255.147.4:6000
81.19.137.226:2024
85.117.242.77:8848
90.112.70.19:8080
93.123.85.133:1337
94.156.64.188:5555
94.156.64.188:6006
94.156.64.188:7777
94.156.64.188:8008
94.156.69.27:6606
94.156.69.27:7707
94.156.69.27:8808
s1mpl3.simple-url.com

# Reference: https://x.com/lontze7/status/1810171725373383158

http://207.32.218.10
207.32.218.10:443

# Reference: https://app.validin.com/detail?find=xt.png&type=dom&ref_id=de06224bc55#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/ip-address/207.32.219.59/detection
# Reference: https://www.virustotal.com/gui/file/610fcb9d69b7f1f3ae6302bcd761b92ec3a7b8334694a05674cbe2c017a2caa5/detection

http://207.32.219.59
207.32.219.59:443
207.32.219.59:999

# Reference: https://asec.ahnlab.com/en/67861/
# Reference: https://www.virustotal.com/gui/file/b8f1fe93386003e82a148e0efd52759bc3be7bc7088537f6d031faec54870fb3/detection

157.20.182.5:36365
booosisnhead.ddns.net
stevenhead.ddns.net

# Reference: https://x.com/ScumBots/status/1811378434624393516

207.32.217.25:6606
207.32.217.25:7707
207.32.217.25:8808
khalidhost.loseyourip.com

# Reference: https://x.com/K_N1kolenko/status/1810917401279574290

138.201.226.58:4449
15.235.151.228:8848

# Reference: https://www.virustotal.com/gui/file/9f60cdba09c697e1277f56435afaa9a7922e62a53d87f44d2cf1eeef2eacbaf8/detection

193.26.115.78:7077
newwork.ath.cx
newwork.webredirect.org

# Reference: https://www.virustotal.com/gui/file/c6c9ebaffa00c12062f244fab1e0919ce8e4904ca7f1501595d7e002b426c5f7/detection
# Reference: https://www.virustotal.com/gui/file/8892f78d9929116bfd47ddcf9814dc91ec0640ea8e9eece9e5adc78722e34ef6/detection

khalid.dnsdojo.org

# Reference: https://www.virustotal.com/gui/file/4bcbe93bd355b824252d1f51f12d4c9c9063b8d316e84d9bb84530228dcfcbf8/detection
# Reference: https://www.virustotal.com/gui/file/98c208ad12bf758a390cc7a69004d69a8c172708e26f4c259580fa40168b306e/detection

45.138.16.251:6666
45.138.16.251:81
elsa3eed.ath.cx

# Reference: https://www.virustotal.com/gui/file/3ef5ae6a142303afb66b2fb9d376a0304874666bcdb3f9dc3f6224ec6eaf5b40/detection

http://91.92.248.36
91.92.248.36:6210
maggiorallic.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://104.243.32.103
http://172.245.20.196
http://185.18.222.24
http://194.233.73.183
http://197.0.103.174
http://23.94.197.108
http://79.110.49.135
103.195.100.175:6666
104.238.222.104:6606
104.243.34.3:6668
104.243.34.3:6669
108.174.200.80:222
108.174.200.80:7707
109.228.40.86:1433
128.90.106.157:9999
128.90.106.58:9999
128.90.106.59:9999
128.90.113.228:9999
128.90.113.26:9999
128.90.113.3:9999
128.90.128.201:9999
128.90.128.218:9999
128.90.128.88:9999
128.90.129.55:9999
128.90.129.74:9999
128.90.129.79:9999
128.90.129.85:9999
136.243.151.123:200
14.230.105.105:8080
142.11.201.122:8714
142.11.201.124:8713
142.11.201.125:8713
142.11.201.125:8714
144.126.151.185:2004
144.126.151.185:2005
149.56.30.19:6606
149.56.30.19:7707
151.106.34.110:7707
154.12.229.73:1995
154.12.229.73:2000
154.12.229.73:2002
154.12.229.73:2005
156.195.234.60:222
157.20.182.5:4443
157.20.182.8:9898
157.66.25.16:8888
158.220.83.114:8808
161.97.151.222:113
172.111.150.141:2000
172.111.150.143:2000
172.245.20.196:2003
172.245.20.196:2004
172.245.20.196:222
172.245.20.196:8080
172.94.111.21:8888
173.208.162.39:20000
173.208.162.39:3000
173.208.162.39:888
173.208.162.39:999
176.111.174.140:8808
178.156.8.185:4002
178.156.8.185:5001
178.156.8.185:6000
178.16.141.152:443
178.73.192.19:2000
179.243.0.223:9441
179.243.0.223:9442
179.243.0.223:9443
179.243.0.223:9999
185.104.195.215:2003
185.18.222.24:443
185.208.158.113:8010
185.216.70.112:8888
185.240.104.231:25565
185.241.208.181:2020
185.62.86.134:333
187.24.12.84:9999
187.24.4.91:9999
188.126.90.4:2000
188.126.90.7:2000
188.218.202.7:7707
192.227.190.133:7777
192.227.190.133:8888
192.227.190.133:9999
192.250.226.28:4800
192.250.226.28:7077
193.201.9.183:8808
193.23.161.147:7777
193.26.115.132:6606
193.26.115.132:7707
193.26.115.139:8888
193.26.115.222:6606
193.26.115.222:6666
193.26.115.222:7707
193.26.115.222:8808
193.26.115.226:6606
193.26.115.226:7707
193.26.115.22:4444
193.26.115.22:6606
193.26.115.22:7707
193.26.115.22:8088
193.26.115.22:8808
193.26.115.22:9999
193.26.115.34:6606
193.26.115.34:7707
193.26.115.34:8808
193.26.115.78:5555
193.26.115.78:6666
193.26.115.78:7707
193.26.115.78:8080
193.26.115.78:8888
193.26.115.78:9999
193.26.115.85:6606
193.26.115.85:7707
193.26.115.85:8808
194.26.192.132:6666
194.26.192.194:8088
194.26.192.214:8808
194.26.192.34:444
194.26.192.59:4444
194.26.192.59:5555
194.26.192.59:6666
194.26.192.59:7707
194.26.192.59:7777
194.59.30.113:4609
194.62.157.160:8888
196.65.181.213:4444
198.58.123.40:5505
198.58.123.40:6606
2.58.56.39:2000
2.58.56.39:4444
2.58.56.39:7777
2.58.56.39:8888
2.58.56.39:9999
2.89.135.29:888
207.174.26.115:5505
207.174.26.69:5505
207.174.26.70:5505
207.244.238.106:7707
207.32.219.81:8808
209.145.56.0:1113
209.145.56.0:1114
213.195.119.157:4002
213.195.119.157:5000
213.195.119.157:5001
213.195.119.190:4002
213.195.119.190:5000
213.195.119.190:5001
213.195.119.190:6001
213.195.120.40:5000
213.195.120.40:5001
216.225.202.59:2005
23.26.108.141:8888
23.94.126.49:6606
23.94.126.49:7707
23.94.126.49:8808
23.94.197.108:8080
31.124.151.250:9000
34.45.75.65:888
34.83.210.13:6606
37.230.62.29:443
4.246.230.34:2000
45.126.209.221:81
45.126.209.221:82
45.138.16.66:9090
45.32.169.187:2000
45.66.231.69:4444
45.66.231.69:6006
45.66.231.69:7777
45.66.231.69:8008
45.80.158.42:6001
45.83.31.19:6606
45.83.31.19:7707
45.83.31.19:8808
45.83.31.19:8888
45.83.31.241:4444
45.83.31.241:6606
45.83.31.241:7707
45.83.31.241:7777
45.83.31.241:8808
45.83.31.253:7707
45.88.186.147:6606
45.88.186.147:7707
45.88.186.147:8808
45.88.186.151:6606
45.88.186.151:7707
45.88.186.151:8808
45.88.186.168:7707
45.88.186.168:8888
45.88.186.168:9999
45.88.186.203:6606
45.88.186.203:7707
45.88.186.203:8808
45.88.186.213:6606
45.88.186.213:7707
45.88.186.213:8808
45.88.186.228:6606
45.88.186.228:7707
45.88.186.228:8808
45.88.186.43:6606
45.88.186.43:7707
45.88.186.43:8808
45.88.186.63:7707
45.88.186.63:8808
46.183.25.108:443
46.246.12.3:2000
46.246.12.8:2000
46.246.14.14:2000
46.246.4.15:2000
46.246.4.17:2000
46.246.4.4:2000
46.246.6.20:2000
46.246.6.21:2000
46.246.80.20:2000
46.246.80.22:2000
46.246.86.16:2000
47.121.120.18:6606
47.129.39.120:6606
47.238.53.31:8888
5.34.182.173:8808
5.42.105.59:6606
51.161.104.86:777
51.254.67.181:6666
51.68.30.114:6606
52.12.49.46:2000
54.39.216.118:5050
57.128.136.230:9090
64.188.26.202:1604
74.208.107.116:8443
77.105.161.171:8808
82.165.74.190:6606
82.165.74.190:7707
83.147.55.53:8808
91.92.255.114:7707
91.92.255.79:4444
91.92.255.79:6006
91.92.255.79:6606
91.92.255.79:6666
91.92.255.79:7707
91.92.255.79:7777
91.92.255.79:8008
91.92.255.79:8808
93.242.156.76:51125
94.130.162.223:666
94.156.68.100:5555
94.156.68.100:6006
94.156.68.100:6606
94.156.68.100:6666
94.156.68.100:7707
94.156.68.100:7777
94.156.68.100:8008
94.156.68.100:8808
94.156.68.10:6606
94.156.68.10:7707
94.156.68.10:8808
94.156.68.118:6006
94.156.68.118:6606
94.156.68.118:7707
94.156.68.118:8008
94.156.68.118:8808
94.156.68.59:8808
94.156.8.54:2222
94.156.8.54:4444
94.228.166.40:7707
95.98.144.201:2222

# Reference: https://x.com/K_N1kolenko/status/1812729790153060719

149.88.68.93:4449
2.56.245.243:7777
45.83.246.140:3232
54.153.17.157:14445

# Reference: https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software
# Reference: https://www.virustotal.com/gui/ip-address/64.94.84.200/relations
# Reference: https://www.virustotal.com/gui/file/3abdcdaf35d27527fe642e94cf0b33b72267e1f05fa8d947d3c6f9bd4e79f63c/detection
# Reference: https://www.virustotal.com/gui/file/11be386867f47cf17cd8f556efe4a89ba46084cbb13f608bae5591ed75532dcf/detection

http://104.238.34.204
http://216.245.184.105
adednihknaalilg.top
bfcfkihhjhldhbf.top
cangmifbdhhidha.top
dcliihflnaeacln.top
flijkidfhaaendh.top
ga1yo3wu78v48hh.top
gggkmibncajjjic.top
hidmjhbklhgbimb.top
jcbnlineghcffek.top
jembhhnabanmeij.top
klmnnilmahlkcje.top
lnkcjhlikajcaad.top
nihclijcfaeglfm.top
nkffihjnahcnkkl.top
pretoria24.top
rosetta.cn
rosetta.top
rosettahome.cn
rosettahome.top
rzegzwre.top
/4gdufvx3ezhtr.php
/9kp158bfixhtr.php
/hwgk5n7slfhtr.php
/d%20czioh%20f.php
/k%20lzioi%20l.php

# Reference: https://x.com/malwrhunterteam/status/1815314302233887188
# Reference: https://www.virustotal.com/gui/file/bb957ba522861a3d00e340f2cceb051d19046bb4fc6a0bcf03a6942c1a60c809/detection
# Reference: https://www.virustotal.com/gui/file/ae37daf1ed803957ad1c9775be7796e8a5eeed47ec840c479aaf14b4906aa4f2/detection
# Reference: https://www.virustotal.com/gui/file/51553e1373d3c97cf6f4c4aaf49fb3602adae02f7df245c4c98be467c687ed3a/detection
# Reference: https://www.virustotal.com/gui/file/3f9dce25ab9db240fe97438eba1882e13f0f7cd3ffbf4c6151035980d3e792f5/detection

128.90.59.154:6161
128.90.59.185:6161
xsesx.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1815649563270688897

141.98.7.91:7771
217.15.160.54:8848
27.124.45.70:8848

# Reference: https://x.com/malwrhunterteam/status/1816093946059120803
# Reference: https://www.virustotal.com/gui/file/961ce7460021cc08a288b9c950f890b0c3f4f975638f29ff8ef712ea5598201c/detection

nkprotect.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-07-26)

102.72.3.145:1111
147.185.221.16:2035
147.185.221.19:2035
2.58.80.130:6606
2.58.80.130:7707
2.58.80.130:8808
37.130.98.195:1604
4.233.220.67:6670
45.132.107.72:4449
45.132.107.72:8090
45.138.16.215:3232
45.148.244.13:1604
50.18.145.13:14445
89.213.56.62:4449
scar77747.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1817956577162510622
# Reference: https://www.virustotal.com/gui/file/c0885fb20ec6822ecf51e73751f0192f09f0e747ca20f9b75458222bc4c685e5/detection
# Reference: https://www.virustotal.com/gui/file/7ca2ea6fe909eba4e36a7c8bcdc3593160088dffa65a4ddf845f397e6c513ea2/detection
# Reference: https://www.virustotal.com/gui/file/15a6914f80e47de6d4aae8a90c124435ff8e05e8b6077a6c0cd4be4ee11b64d9/detection

85.209.133.142:1420
85.209.133.142:1488
riu.one
qa.riu.one

# Reference: https://www.virustotal.com/gui/file/86d3e077adb81ff6aff73b71363a7bd62d8817e617b6878bbb67849bc05d0ab1/detection

37.120.239.54:2211

# Reference: https://www.virustotal.com/gui/file/de3fd1673c2ad1ab4b44ee5434a70240ae43722b82a86add6cac1bc22414a34b/detection

85.192.63.68:8245

# Reference: https://x.com/RacWatchin8872/status/1818232911784550539
# Reference: https://tria.ge/240729-y2bt7asgpf/behavioral2
# Reference: https://tria.ge/240730-mfmtsa1fma/behavioral2
# Reference: https://www.virustotal.com/gui/file/41ae3eb86359c776ac1b40faf1eb43eb7d874cbf233444aa3af554257d64e62a/detection

104.243.37.35:222
199.127.63.32:6666
abdallah07.ddns.net
backwork07.ddns.net

# Reference: https://www.virustotal.com/gui/file/6edbed1b167849bf9808b2288299949fd931495836ee3c756d3c724e3d8e9ead/detection

8.218.154.78:8443
xianggangip.oss-cn-hongkong.aliyuncs.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

http://34.136.20.17
http://45.141.151.163
103.195.100.105:100
103.195.100.105:113
103.195.100.105:222
103.195.100.105:8808
105.158.34.226:4444
105.72.0.59:64
108.174.200.80:6606
108.61.192.110:8808
110.42.66.74:8808
113.169.210.19:8080
13.60.33.38:60120
144.126.149.221:77
144.91.79.54:32769
147.135.165.29:6666
147.185.221.19:59786
147.185.221.20:36797
147.185.221.20:60349
15.188.86.159:2000
154.12.229.73:1992
157.20.182.8:8067
157.20.182.8:852
160.177.63.69:4444
163.5.64.209:7707
173.44.139.179:8000
173.44.139.179:8080
173.44.139.179:8191
176.111.174.140:6606
176.111.174.140:7707
176.174.54.18:4449
177.255.84.124:4041
177.255.84.124:7040
178.215.236.100:1852
185.104.195.215:7070
185.104.195.215:8808
185.216.214.217:5858
185.241.208.181:3030
187.24.11.141:9999
192.228.105.2:7707
193.23.160.13:7707
193.26.115.132:8808
193.26.115.226:8808
193.26.115.22:2222
193.26.115.22:8888
193.26.115.34:888
193.26.115.34:8888
193.26.115.78:4444
193.26.115.78:6606
193.26.115.78:8808
194.26.192.194:6606
194.26.192.202:1010
194.26.192.214:6606
194.26.192.214:7707
194.55.186.129:5000
194.62.157.160:4444
194.62.157.160:9999
198.23.227.140:1901
198.23.227.140:8000
198.23.227.140:9090
198.23.227.175:1901
198.23.227.175:8000
198.23.227.175:9090
2.58.56.39:5555
2.58.56.39:6666
20.82.141.111:6576
207.174.26.115:7707
23.94.197.108:6606
23.94.197.108:7707
23.94.197.108:8808
41.142.19.167:4444
41.249.239.195:4444
41.43.215.72:2003
45.139.198.242:6606
45.141.151.163:4449
45.80.158.42:8808
45.83.31.19:6666
45.83.31.19:7777
45.83.31.253:6606
45.83.31.253:8808
45.88.186.63:6606
45.90.13.137:7707
5.252.74.251:8808
64.188.9.173:1526
84.44.148.177:4782
85.28.47.123:7707
93.242.156.76:51123
94.156.64.156:8000
94.156.68.100:4444
94.156.68.118:4444
94.156.68.118:5555
94.156.68.118:7777
94.156.68.59:6606
94.156.68.59:7707
94.232.249.204:6606
94.232.249.204:6660
94.232.249.204:7707
94.232.249.204:8808
95.142.46.3:4449
95.142.46.3:7000

# Reference: https://x.com/banthisguy9349/status/1820096535981691337
# Reference: https://app.validin.com/detail?find=o7lab%20Security%20Whitehat%20Blog&type=raw&ref_id=3380ec169f6#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/e24dd26925db61391a279370f6ee22e4d35ea0a13ca88ae7dae5a8def177832e/detection
# Reference: https://www.virustotal.com/gui/file/7ce2d225442252064d744be1c38e9c1572dd355bbbaf7fa411ce79e41288dfca/detection
# Reference: https://www.virustotal.com/gui/file/736575d7277732b652edade1e21e8614755935b24ba6b032c2a831748a006ac4/detection

http://142.171.23.18
http://45.89.247.62
194.55.186.129:5000
94.156.69.242:1337
94.156.69.242:4449
94.156.69.242:7777
o7lab.me
o7labs.top
prizes.biz
underground-cheat.xyz
blue.o7lab.me
server.underground-cheat.com
server.underground-cheat.xyz
thruster.financetop.privo.net

# Reference: https://x.com/raghav127001/status/1820237011761926208
# Reference: https://www.virustotal.com/gui/file/abdf746e4c16ddc86d74533bd0e4d724ab4f45e81f0139a03c00bfb152139aab/detection

87.89.82.13:1337
namz.read-books.org

# Reference: https://tria.ge/240806-qtmygsvanf/behavioral1

anothonesevenfivesecsned.ddns.net

# Reference: https://www.virustotal.com/gui/file/2a396766fa969c0034d88c3b3d7f048c3e2807b6e185bf81b6e1b5e2af0fd165/detection

91.92.241.190:6606
91.92.241.190:7707
91.92.241.190:8808
salan1.webredirect.org

# Reference: https://x.com/banthisguy9349/status/1821871423368953936
# Reference: https://www.virustotal.com/gui/file/0b63d48fadc191ad675eb56b7d618aa8eb2e8968b9602c41eff49dcff7fc052e/detection

bmexcellentfocus.net
nc.bmexcellentfocus.net

# Reference: https://www.virustotal.com/gui/file/985239f8b609384593ddf4ccb5310eac3cad3dd7779d6d3355b3f46541d2fd14/detection

213.159.74.80:14143

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-08-10)

http://34.30.200.104
103.174.191.71:6606
103.174.191.71:7707
103.174.191.71:8808
103.195.100.105:116
103.195.100.105:119
103.195.100.105:6606
103.195.100.105:7707
103.195.102.21:2222
103.195.102.21:4444
104.238.222.104:7707
104.238.222.104:8808
104.243.37.24:6666
138.128.247.216:1231
14.237.71.174:8080
154.12.229.73:1337
154.216.20.190:4449
154.216.20.242:4449
154.216.20.242:5000
163.5.112.122:6606
163.5.112.122:7707
163.5.112.122:8808
163.5.112.78:6606
163.5.112.78:7707
163.5.112.78:8808
172.96.172.158:8888
173.208.162.39:3001
173.44.139.179:8090
173.44.139.179:8099
173.44.139.179:8880
181.131.217.255:1524
194.156.88.2:222
194.26.192.59:6606
194.26.192.59:8808
196.206.75.48:4444
196.64.255.65:4444
196.65.175.15:4444
2.58.56.193:222
2.58.56.193:5555
20.19.33.124:1125
31.220.85.74:8808
34.154.67.14:6606
34.30.200.104:60
34.30.200.104:81
45.126.209.221:83
45.66.231.149:6606
45.66.231.149:7707
45.66.231.149:8808
45.66.231.202:7777
45.66.231.217:4444
45.66.231.217:6006
45.66.231.217:6606
45.66.231.217:6666
45.66.231.217:7707
45.66.231.217:7777
45.66.231.217:8008
45.66.231.217:8808
45.80.158.42:5001
46.246.14.10:2000
5.252.165.55:1986
62.60.210.205:10000
66.179.254.54:8808
78.161.52.128:20000
78.161.52.128:8808
78.161.52.128:888
91.92.243.191:5401
91.92.246.91:7777
94.156.69.242:5000
vmi1946577.contaboserver.net

# Reference: https://www.virustotal.com/gui/file/0fa269be03146fff09c0ed89d794dc3c141f9e60a5c1e83c432a022294e2a19d/detection
# Reference: https://www.virustotal.com/gui/file/dc2d68253a4a4ea14e4abf2216d780ed1d54f32547a156496581174e2e1f013e/detection

91.92.243.101:6606
91.92.243.101:7707
91.92.243.101:8808
drasticqq.zapto.org

# Reference: https://www.virustotal.com/gui/file/cb92050fe9d71b8a850b65229ea0d2a4c4c2761245f2915cfdf48ccf28acf451/detection
# Reference: https://www.virustotal.com/gui/file/cb92050fe9d71b8a850b65229ea0d2a4c4c2761245f2915cfdf48ccf28acf451/detection

107.173.62.136:6644
181.141.8.140:6644
888manotools.duckdns.org

# Reference: https://www.virustotal.com/gui/file/09fa650f618080d0d0a934302c896f4d17c5cfd96199c73c197ba5cca0fc1bd9/detection
# Reference: https://www.virustotal.com/gui/file/d04bd140e96d286f8769a38420ea1136f9a52ee7ae8da7f1ce19982ae1055b5b/detection
# Reference: https://www.virustotal.com/gui/file/f84f4d3f03f23f0437407b23a95553917dd0c38335a3deac098a0bb63a961c84/detection

107.173.62.21:6606
107.173.62.21:7707
107.173.62.21:8808
173.249.196.196:6606
173.249.196.196:7707
173.249.196.196:8808
multitaskerx32.duckdns.org
ndpalacabeza.duckdns.org
/loader/uploads/Ovxnztupybj.png
/Ovxnztupybj.png

# Reference: https://x.com/K_N1kolenko/status/1822951281448640667

154.221.20.129:8080
3.120.176.240:8848
45.32.157.174:1337
82.45.178.145:1337

# Reference: https://www.virustotal.com/gui/file/b7b215211636bce8abde21c537e455cb05d0e010148f51dd022bc55acdfcb160/detection

179.14.168.79:1990
16dejulio2020.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00784c7c4c9d7d84b2d1b81d05f06663ad4ab69104ce84e43efb6d45687d5475/detection

bookreading2024.net

# Reference: https://www.virustotal.com/gui/file/56ccf81ed97f04a364b92c272c933aacdc1c3bc92f4f92ef8e8e8c6500bc5546/detection

206.53.55.147:1004
salah4.webredirect.org

# Reference: https://x.com/banthisguy9349/status/1824832570011328863

109.199.101.109:443
149.102.147.106:443
154.216.20.112:443
185.150.190.160:443
206.53.55.147:443
23.94.126.49:443
51.81.30.54:666
/DDkFuG3qWJdaZoc4qrzpg.txt
/Dddoxxx.jpg
/HOtbZNroLdCOlkmC.jpg
/MiyLdAnAfs.jpg
/Q8ks7fS084FaHjcHtiDMwiDAX.txt
/ojzxjopybsmvtkuv.txt

# Reference: https://www.virustotal.com/gui/file/54ea368d620e9725254bbbe65acc48fc56b36c7cc468e52a8dcb1c84015bf325/detection

109.199.101.109:1002
word2.webredirect.org

# Reference: https://www.virustotal.com/gui/file/0cc59c7a224ace617aeb365684f5272fd07723c2ae0deacb2c8909521559756b/detection

23.94.126.49:6606
23.94.126.49:7707
23.94.126.49:777
23.94.126.49:8808
jackboyrx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0ee1a4bfda6573e96c5e5be149a31fc7cdcf700b973a438f1a9431530e5ad56f/detection

154.216.20.112:555
hema2024.from-ut.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-08-18)

http://45.126.209.221
104.238.189.204:2424
104.238.189.204:4444
105.156.60.187:4444
105.156.61.62:4444
142.202.240.141:6606
154.216.18.213:6606
154.216.20.112:7777
154.216.20.112:8808
154.216.20.112:8888
160.179.65.105:4444
160.179.66.190:4444
163.5.32.129:7707
172.96.172.158:2222
172.96.172.158:5555
172.96.172.158:6666
172.96.172.158:7707
173.44.139.179:9090
178.73.192.14:2000
179.241.191.175:9999
181.137.113.195:2021
187.24.1.114:9999
192.159.99.43:7707
2.58.56.92:7777
216.107.136.24:7777
23.95.106.22:35153
41.142.192.11:4444
41.142.192.236:4444
41.249.56.199:4444
45.66.231.130:6606
45.66.231.130:7707
45.66.231.130:8808
45.66.231.241:7777
45.88.186.244:6606
45.88.186.244:7707
45.88.186.244:8808
45.94.31.119:111
45.94.31.119:222
45.94.31.120:111
45.94.31.120:222
46.246.12.21:2000
46.246.6.15:2000
46.246.84.19:2000
62.60.210.205:2086
69.197.145.38:888
82.165.74.190:8808
94.156.69.198:4444
94.156.69.198:6006
94.156.69.198:6606
94.156.69.198:6666
94.156.69.198:7777
94.156.69.198:8008

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

156.195.155.193:2004
156.195.159.197:2004
187.24.64.197:9999
192.210.229.8:8880
196.64.246.160:4444
196.65.171.214:4444

# Reference: https://www.virustotal.com/gui/file/0af0b4bffa67145e4e5ecd2321bb7790e9c14ed802a7984798fc7c00b6763207/detection

45.148.244.112:7702

# Reference: https://www.virustotal.com/gui/file/96830a2a4a61ba8263513f4a76c620f1da22a12fb4eb9324f18128404c9170bb/detection

23.94.207.116:1177
nova.sytes.net

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

104.243.37.126:4444
104.243.47.235:443
107.178.105.137:6606
128.90.106.105:9999
128.90.106.219:9999
128.90.113.100:9999
142.44.252.8:222
147.189.168.167:4444
147.189.170.37:7707
154.216.20.112:9999
154.216.20.29:8808
163.5.32.72:7707
172.111.150.137:2000
173.44.139.179:1901
176.31.147.216:6745
179.13.4.53:8082
192.210.229.8:8000
194.26.192.121:2000
194.26.192.121:7777
198.23.227.140:8881
2.58.56.157:6606
2.58.56.157:7707
2.58.56.157:8808
2.58.56.157:9909
2.58.56.92:6606
2.58.56.92:7707
2.58.56.92:8808
45.94.31.119:5555
45.94.31.119:6606
45.94.31.119:7707
45.94.31.119:777
45.94.31.119:8808
46.246.6.4:2000
69.197.145.38:20000
69.197.145.38:3000
69.197.145.38:999

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-08-25)

http://2.59.134.73
103.195.100.105:202
107.178.105.137:8808
23.95.106.22:7790
45.55.194.173:9090
62.113.117.95:4449
80.240.28.67:3826
80.240.28.67:3827
kenesrakishevinfo.com

# Reference: https://www.virustotal.com/gui/file/0b9189931f5ff0ebcbfe32c05ae62b645b5a9dffe3d5fc6af3effbf218d0b4c3/detection

185.29.11.28:9983
floor-contemporary-genius-accommodation.trycloudflare.com

# Reference: https://x.com/JAMESWT_MHT/status/1828191158045901013
# Reference: https://app.any.run/tasks/0434cf44-9e95-4808-aa13-4620e4fabaf2
# Reference: https://app.any.run/tasks/1f006b3a-1147-472c-85db-c9ab3016d4d8
# Reference: https://www.virustotal.com/gui/file/39c4d2c738925df996e66aa13c3db2c58e81f2bcd8b7c0c312ace0562b13b322/detection
# Reference: https://www.virustotal.com/gui/file/b3ebae9c04c8ab1c5aee3c6733fd02bd67117d7028666c71f385dbb2fce426ff/detection
# Reference: https://www.virustotal.com/gui/file/da9d6b0a69c4c406914b1c5b7e1c395c6c2e9bd55d67f07fa54e2c8930d6bc0d/detection

173.249.196.110:2020
181.235.10.116:2020
enviasept.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1828387904361533611
# Reference: https://www.virustotal.com/gui/file/59beb9bd5fd9ef67e6b90313622aee0e41568befa1cfb7f08aa88f4d0fbabc69/detection

148.113.165.11:3090

# Reference: https://x.com/RacWatchin8872/status/1829163583986643429
# Reference: https://x.com/g0njxa/status/1829177645348860120

/vvTBswN.php

# Reference: https://www.virustotal.com/gui/file/8dd63124c53ad2539f0a8442d5f7dbe0b582f84f6d40ca725e77b1cf2fd9f140/detection

91.109.190.5:2019

# Reference: https://x.com/K_N1kolenko/status/1830555300589449255

146.103.40.243:4449
154.216.20.204:1602
157.20.182.193:881
167.88.165.20:4444
198.98.58.93:999

# Reference: https://x.com/K_N1kolenko/status/1831980364199596121

157.20.182.18:4449
198.23.219.104:7001
204.12.203.92:4449
213.238.177.243:8848
95.179.246.167:1024

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-07)

http://5.180.106.132
103.164.226.125:2222
103.195.102.21:2266
104.243.37.177:443
104.243.37.177:6606
104.243.37.177:7707
104.243.37.177:8808
104.243.47.56:4444
107.175.31.172:8808
108.61.177.169:4444
128.90.102.146:5155
128.90.102.146:9441
128.90.103.16:9999
128.90.106.199:9999
128.90.122.41:9999
128.90.123.215:9999
141.98.154.54:8808
147.189.174.48:6666
149.102.147.106:60
154.12.242.122:8808
154.216.17.231:2222
154.216.17.231:4444
154.216.17.231:7777
154.216.20.112:6666
154.216.20.29:5454
163.172.125.253:82
163.172.125.253:83
164.92.232.138:9927
164.92.232.138:9928
173.44.139.179:8881
178.73.218.17:2000
185.104.195.215:7707
185.174.101.88:7707
188.218.110.233:7707
188.218.98.93:7707
192.250.226.28:8401
193.26.115.159:6606
193.26.115.159:6666
193.26.115.159:7707
193.26.115.159:8808
193.26.115.70:6606
193.26.115.70:7707
193.26.115.70:8808
194.26.192.222:222
194.26.192.222:4444
194.26.192.222:555
194.26.192.222:5555
194.26.192.222:6606
194.26.192.222:6666
194.26.192.222:7707
194.26.192.222:8808
194.26.192.74:4444
194.26.192.74:555
194.26.192.74:5555
195.3.223.146:6969
207.231.111.82:301
207.32.218.21:6666
45.202.35.12:6606
45.202.35.12:7707
45.202.35.12:8808
45.83.31.241:100
45.83.31.66:6006
45.88.186.113:7077
45.88.186.169:7077
45.88.186.218:7077
45.88.186.244:7077
46.246.84.6:2000
51.254.67.181:6606
51.254.67.181:7707
51.254.67.181:8808
64.188.9.172:5090
64.188.9.177:5080
66.154.113.81:6606
66.154.113.81:7707
66.154.113.81:8808
88.170.194.154:40000
88.201.9.34:443
89.39.106.35:1331

# Reference: https://www.virustotal.com/gui/file/6bb2386101837fd4e8a32018f2d8ec5bbd646bef9a5513783f782fe2ae1ff3e0/detection
# Reference: https://www.virustotal.com/gui/file/2e63b012bb3fa9df55bdcef31185577686fe71756580ac2f2fa23f6e9b82c687/detection

179.13.0.188:3000
179.13.0.188:4000
179.13.0.19:3000
179.13.0.19:4000
179.13.2.131:3000
179.13.2.131:4000
trabajo25.duckdns.org

# Reference: https://www.virustotal.com/gui/file/425e3e4f280f19e1de7ced375ab0b31dbd2ffe49ed2684ecb140918d662d58ff/detection

194.147.140.241:5552
y20.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-08)

103.195.102.21:2233
198.23.197.108:7707
20.109.46.176:8080
64.23.232.116:7812
21562-36559.bacloud.info
asynctechlino.duckdns.org
danieltorrenegra5020.con-ip.com
deadpoolstart2025.con-ip.com
editorials.duckdns.org
fernandocuellar909080.con-ip.com
fernandoesquiveldominio.con-ip.com
fttuvgt.ddnsfree.com
mail.er-lach.eu
modsmasync.duckdns.org
momehvenom.duckdns.org
nanarchym.duckdns.org
v57018.php-friends.de
vulcano10.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1833018771436413396

45.131.109.206:4449
85.17.106.240:707
tenfreehse.dynuddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-09)

104.243.35.72:8888
146.235.38.234:8225
157.20.182.8:8888
188.190.193.62:4449
192.129.178.59:8713
198.71.58.46:8000
198.71.58.46:888
64.188.9.175:3007
88.119.175.153:5555
88.119.175.153:6666

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-14)

http://124.156.206.217
http://163.172.125.253
103.195.100.105:57
103.198.26.95:8000
104.243.34.3:2002
128.90.123.33:9999
136.175.8.35:8080
142.202.240.39:8088
142.202.240.72:4444
142.202.240.72:6006
142.202.240.72:8008
144.126.151.185:2006
156.244.14.14:8080
163.172.125.253:81
165.227.81.186:4444
172.111.189.20:2000
178.215.236.114:2222
178.215.236.114:4444
192.129.178.58:8713
192.129.178.60:8713
192.129.178.61:8713
192.129.178.62:8713
198.23.227.175:8090
2.58.85.196:2323
23.95.106.22:6756
31.220.85.74:7707
45.77.112.205:8000
45.88.186.211:4444
45.88.186.211:6006
45.88.186.211:6606
45.88.186.211:7707
45.88.186.211:8008
45.88.186.211:8808
45.88.186.211:8888
45.88.186.61:7077
45.89.247.62:7777
46.246.4.13:2000
46.246.80.10:2000
86.38.225.234:9091
88.119.175.153:7777
88.119.175.153:8888

# Reference: https://x.com/Racco42/status/1835588779509199035
# Reference: https://app.any.run/tasks/87a918fc-f5f0-46f3-92fc-5f1a10dc91eb
# Reference: https://www.virustotal.com/gui/file/e90a2422a138f3033f7bbaea5ec42f4e44e67ee1bbf1f8f439bf5a2b43cd1d21/detection
# Reference: https://www.virustotal.com/gui/file/169ac835fb39875b99786bfd826c482807fb92a8630897c75db6d562cbdd2d6f/detection
# Reference: https://www.virustotal.com/gui/file/5baa818d0b2d658a26691715da4953a584acf69d053b3dbd5bff68379e8d748c/detection

144.202.36.158:2107
149.28.100.37:2107
207.246.71.153:2107
45.77.72.186:2107
juanjuan20231.kozow.com

# Reference: https://x.com/malwrhunterteam/status/1835584557334089904
# Reference: https://www.virustotal.com/gui/file/2c295492de80df3a89ee60ae665b4209455aafe8574e044ff4f4ebe205e5ba15/detection

193.26.115.48:7077
45.88.186.223:777
mohfat7y.freeddns.org
workingzoon.work.gd

# Reference: https://www.virustotal.com/gui/file/2b867ff217653a0ae8a7cdc35b7596e5cc9493a8ad140f04ddd4180a6440b027/detection

147.185.221.22:27881

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

105.154.29.81:8000
105.159.143.49:8000
109.199.101.109:1001
128.90.122.238:9999
128.90.123.30:9999
128.90.123.9:9999
163.172.125.253:84
172.111.189.21:2000
172.212.97.180:6606
178.215.236.114:8888
191.93.114.27:9003
191.96.235.192:5555
193.26.115.102:6606
193.26.115.102:7707
193.26.115.102:8808
216.107.136.76:7777
23.95.106.22:28351
38.165.1.3:39315
41.141.146.213:8000
41.141.147.188:8000
41.250.25.231:8000
45.126.209.19:22
45.126.209.19:2222
45.126.209.19:4444
45.126.209.52:5555
45.126.209.52:6666
45.202.35.100:6606
45.202.35.100:7707
45.202.35.100:8808
45.77.72.102:2727
46.246.82.8:2000
5.83.48.5:6001
51.89.207.240:4343
57.128.132.198:4049
64.188.9.175:9200
77.105.161.6:8000
88.119.175.153:6606
88.119.175.153:7707
88.119.175.153:8808
89.117.23.22:6606
93.123.85.247:7777
93.123.85.247:8888

# Reference: https://threatfox.abuse.ch/browse/malware/win.asyncrat/ (# 2024-09-22)

103.252.93.30:4449
154.216.17.155:7707
154.216.17.155:8808
191.96.235.192:7777
198.23.227.140:8090
34.145.18.233:7707
34.31.210.192:8808
5.226.137.132:4449
85.198.108.36:7667
163-172-125-253.rev.poneytelecom.eu
ansj.duckdns.org
asyn8097.duckdns.org
delonuevomision.con-ip.com
govpet.mysynology.net
timez0.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1839216071150121271

148.113.165.11:3236

# Reference: https://x.com/RacWatchin8872/status/1839253450288198121
# Reference: https://app.any.run/tasks/fd329952-711e-4351-ab6b-a6c6205cdbee

kareemovic11.duckdns.org

# Reference: https://x.com/threatcat_ch/status/1839177437374022109
# Reference: https://www.virustotal.com/gui/file/5d5b4f259ef3b3d20f6ef1a63def6dee9326efe2b7b7b7e474008aa978f1f19b/detection

185.91.69.119:56001

# Reference: https://www.virustotal.com/gui/file/943671d4114a0fed608e7c43bc2cf5443a121a3100875eb818693c67d011ce61/detection

45.135.232.38:52350
64.44.156.35:52350
asmby.duckdns.org
