# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: voidrat, venomrat, velos, vermin, s400rat

# Note: "Today I'd like to introduce you to VoidRAT. Void-RAT isn't a new RAT, it's more of a fork of QuasarRAT. It's also not new in the sense that it's been in active use for several years. I scraped several hundred from Pastebin alone since 2018." -- https://twitter.com/pmelson/status/1249375189638344707

# Note: "This is, in fact, the source of the poorly implemented crypto I've been working on the last few days. VoidRAT uses AES to encrypt its configuration strings, similar to QuasarRAT. In fact, the static Salt is identical to Quasar, just stored as a decimal array instead of hex." -- https://twitter.com/pmelson/status/1249375191114764290

# Note: "VenomRAT - new, hackforums grade, reincarnation of QuasarRAT" -- https://blog.malwarelab.pl/posts/venom/

# Reference: https://twitter.com/DynamicAnalysis/status/1034828121126723584
# Reference: https://twitter.com/James_inthe_box/status/1034829960647593984
# Reference: https://pastebin.com/MgAd0CzR

syscore.duckdns.org
watchdogdns.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1044187140626796545

nhatquang.club

# Reference: https://twitter.com/Racco42/status/1050763535888867328

lagos042.ddns.net
manuel3.publicvm.com

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-menupass-quasarrat-backdoor.html

195.54.163.74:443

# Reference: https://twitter.com/silascutler/status/1154137754051239936
# Reference: https://pastebin.com/s6pkzu0z
# Reference: https://otx.alienvault.com/pulse/5d39d3634b2ef4d157a1f8ae

hostzsz.ddns.net
rkr003.ddns.net
131454.ddns.net
609574.ddns.net
928hafa7.ddns.net
abcdhacked.ddns.net
acidos-44965.portmap.host
adiwax.duckdns.org
afdafadfdfdfaa.ddns.net
agoraadn.ddns.net
akaimpk.ddns.net
alexrobin.hopto.org
alibabajob.duckdns.org
allurbase.warzonedns.com
alphamission.ooguy.com
altsyst3m.servegame.com
aminaqi-32028.portmap.io
androidshegaon.ddns.net
apina123.duckdns.org
apo.myddns.me
argoogle.ddns.net
asdasdjla.ddns.net
ausliandns.ddns.net
auw8duii3j5.gotdns.ch
aziziyehack.duckdns.org
babagee.ddns.net
bebe228855.hopto.org
bigpouley.ddns.net
blacklji.ddns.net
blackslight29.duckdns.org
bonsaichiled.freedynamicdns.org
boooing.hotpo.org
broly.mywire.org
bugido.ddns.net
carbonhdspeed.ddns.net
carelesspineapple.ddns.net
cerberus1980.hopto.org
chad3eboz.ddns.net
chrome.fagdns.com
ckleins.ddns.net
colinmdu78.freemyip.com
cryptoeverwin.ddns.net
cryptoslayer22.ddns.net
csphagah.servegame.com
dancen.ddns.net
dankmemes.ddns.net
darkhorse777.ddns.net
darkkutjood.ddns.net
darkslazz9988.ddns.net
dcgame.ddns.net
ddsess.ddns.net
deaznam.ddns.net
dertanion.ddns.net
dexter1234.duckdns.org
dfssdfds3422344.ddns.net
dnsinass.hopto.org
dracia321.no-ip.biz
dragonslayer22.ddns.net
drdep.ddns.net
drhack.hopto.org
drkcmtt.duckdns.org
dschndr.ddns.net
dupal13.ddns.net
dzchackteam.duckdns.org
ededwdwdwd.hopto.org
eduardorouter.ddns.net
eznecum.duckdns.org
faded.hopto.org
fahd2010.ddns.net
fahd20101.ddns.net
fgeha777.ddns.net
fluffyunicornsftw.sytes.net
forst5ns3a45gpnz.onion.ws
fortnitelol.kozow.com
fromnvpns.theworkpc.com
galacto17.hopto.org
galrov2.ddns.net
gargamel.duckdns.org
ghostisreal.ddns.net
gingles.ddns.net
google64.sytes.net
googlead3321.ddns.net
googleisp.ddns.net
googlessh1.ddns.net
grundle.ddns.net
gsmboxupdates.ddns.net
guccigangyesxddddddd.duckdns.org
gud.ddns.net
hackmee.ddns.net
hackportals.ddns.net
hackprova.ddnsking.com
havocplays.duckdns.org
haxerjack.ddns.net
helloworldhere.ddns.net
hellsharion.myftp.org
henripizio.ddns.net
henripizzio.ddns.net
heros108.ddns.net
holydns.warzonedns.com
host420.ddns.net
hostestreitr.ddns.net
hostvertice.hopto.org
icecreem.hopto.org
icmsecurity.ddns.net
ignuxas64.ddns.net
ilsk-56205.portmap.io
imjustdoingmyjob.ddns.net
internimus.ddns.net
ipointer1604.sytes.net
ivaiva.ddns.net
jacobjones965895-53801.portmap.io
javaupd.ddns.net
javvaa.accesscam.org
jercky.ddns.net
jonreg.ddns.net
justdoitfast.myvnc.com
k1nngurr.myftp.org
kanat26.duckdns.org
katrol1.ddns.net
kekhaxim.duckdns.org
keremabi.duckdns.org
kleur4.ddns.net
kurban187.duckdns.org
lab-wired-kvvgzjkkdr.dynamic-m.com
lancelord88.ddns.net
larofagol-50266.portmap.io
leghost.ddns.net
lekee.duckdns.org
letmeinpls.ddns.net
levinx.duckdns.org
lfjdslkjfslkjf.bounceme.net
m1ngs1.ddns.net
marcirat.ddns.net
marjoserver.ddns.net
martinou.ddns.net
maximazorreguieta.ddns.net
maximazorreguieta.no-ip.info
maxwilly4142-45474.portmap.io
mecanic.freeddns.org
mehack.ddns.net
mertens.mynetgear.com
miseri.duckdns.org
mlks.ddns.net
morokko.duckdns.org
mumbai.webhop.me
myhostdown.ddns.net
myportnotblock.001www.com
nanorat.ddns.net
naskopv.hopto.org
nattawut.ddns.net
neg4tif.duckdns.org
negatifrat.duckdns.org
nemesis423.ddns.net
neoxyne.myvnc.com
new.windowsupdate.live
nezaki-backups.ddns.net
nhk123.ddns.net
nicereverse.ooguy.com
niggerlovers69.hopto.org
nmahnsk1.dynu.net
noipkrutoy.ddns.net
okapia99.ddns.net
omikronium.ddns.net
omka11.duckdns.org
omniserver.redirectme.net
oofed.ddns.net
oofed.sytes.net
oogboog.ddns.net
opstatun.sytes.net
orcabot.ddns.net
p6solutions.hopto.org
paintedwolf.ddns.net
pass2233.ddns.net
pass2233.dzuboks.fun
perdunelo.ddns.net
pigeon143.ddns.net
pingvinic1998.dynu.net
plasty-48256.portmap.host
ppupsekovich.hldns.ru
ptpftp.mypi.co
pusheax.asuscomm.com
q196vbd21.dynu.net
qq529879477.mynetgear.com
quasarandroid.ddns.net
quasarcengo.duckdns.org
quasarez331.duckdns.org
quasarrat.ddns.net
quasarsaiiut.ddns.net
quasartest1.warzonedns.com
qwerty1.ddns.net
qwertyasd.hopto.org
randomhost.ownip.net
rat.bcn-pool.us
rat555.duckdns.org
rat80.ddns.net
rdexter01-50242.portmap.host
recel.duckdns.org
ref12dert6789hty.ddns.net
remoteadmintool.webhop.me
ricardobola.duckdns.org
rizacomet.duckdns.org
russiansecurity.ddns.net
sandshoe.duckdns.org
sclrtlol.gotdns.ch
sezzer93.dynu.net
shadowfriend.ddns.net
shtumichael-40213.portmap.host
simoalal.nerdpol.ovh
sissnemomdesiss.ddns.net
skills.sytes.net
skullman.duckdns.org
skywalker12.ddns.net
soc123.ddns.net
soulnomad.ddns.net
srw-1.noip.me
stealer123.ddns.net
stickygreen666.ddns.net
suckmydick.urown.cloud
suus.ddns.net
svchostddns.ddns.net
tannmistann-31237.portmap.host
test.killwaf.com
testerhousing.ddns.net
testinghouse.ddns.net
testocertificazione.ddns.net
testtesta1.ddns.net
thefatrat23.ddns.net
theprohd-59801.portmap.io
thewayofthemagic.ddns.net
tivict.duckdns.org
tomwahl.duckdns.org
tvariamxuy8.hopto.org
umutgokmn.duckdns.org
unknowhost.ddns.net
urx.myvnc.com
usermata-64665.portmap.host
wareztech.ddns.net
welmer2018.ddns.net
windowsbrowser.ddns.net
windowshabitat.serveirc.com
windowsupdate.asuscomm.com
windowsupdatereap.ddns.net
wsad1122.dynu.net
wuenx1.duckdns.org
wuenx2.duckdns.org
xcorpitx.ddns.net
xeroxhaxor18.duckdns.org
xtremepwned.dynu.net
xtrhost.sytes.net
xylem.duckdns.org
y33tmasters.ddns.net
yaplonkod.duckdns.org
yawani.ddns.net
yesdatpls.duckdns.org
yesps.myvnc.com
youdontknow.ddns.net
youknow.duckdns.org
zeroherecompany-64861.portmap.host
zotrix.ddns.net

# Reference: https://twitter.com/Arkbird_SOLG/status/1157319751238131717

195.12.50.172:46405

# Reference: https://twitter.com/JayTHL/status/1188498558653206528

82.146.51.150:1604

# Reference: https://twitter.com/JayTHL/status/1194671413304672256

206.189.182.212:9999

# Reference: https://www.virustotal.com/gui/file/3af74379234601c1d9cda4e8b20b901b604d6892ecd1e42802303756fba6980c/detection

185.217.1.186:8320
faxjohn01.twilightparadox.com

# Reference: https://twitter.com/killamjr/status/1198459182112006144
# Reference: https://app.any.run/tasks/c0af3b26-4d68-461e-b84b-281f2ee2bea2/

mybaby.hopto.org

# Reference: https://www.virustotal.com/gui/file/3cff40b8cf70ab8685d591e9b7de92e231e86510ea2480b53f24ea25e8aff450/detection

79.134.225.90:4782

# Reference: https://any.run/malware-trends/quasar (Note: as seen on 2019-12-04)

kanat26.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io
aras008-48301.portmap.io
utku01-35105.portmap.io
magicme-54389.portmap.io
gmxvpn-51019.portmap.io
SayNigger123-51458.portmap.host
tkmremi-31995.portmap.io
james871-47359.portmap.host
anonymoushosting-60450.portmap.io
baroud-44589.portmap.io
MORFEY888-55156.portmap.host

# Reference: https://www.virustotal.com/gui/file/8359bc60e9b5bb6c84e0ecd851ead7e4d947482ef0f4997fd1cae2788de842ef/detection

193.161.193.99:33874
meol3555-33874.portmap.host

# Reference: https://www.virustotal.com/gui/file/bb4857b0afa4733905f6f411dcba41ab1e20fe80822d16419fdbf297d10650a9/detection

193.161.193.99:41317
virritast27-41317.portmap.io

# Reference: https://www.virustotal.com/gui/file/4f1de211a439c69076f3c1177ea8135f02a7d6826f6435d93fa2f25b2f035aed/detection

193.161.193.99:30980

# Reference: https://www.virustotal.com/gui/file/01bcba7c8d15fcb97a8c3923dc430f822bb3955dd17611b65008a081679f6910/detection

micalter-62870.portmap.host

# Reference: https://www.virustotal.com/gui/file/5abd187ef6fd30ccfa247191af0dff8b453a7c2815195b93c817e071b1c42451/detection

193.161.193.99:59558
bigbant-30187.portmap.host

# Reference: https://www.virustotal.com/gui/file/0af78e5236f8e26e209545f5b7341b73e8374e26accec827919d9cf3d545a785/detection

befogtad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2bbb5b2eb692d744cf979b786323ee6f515b19617d0c73e1b2c6b45897a04352/detection

193.161.193.99:31776
koyo-31776.portmap.io

# Reference: https://www.virustotal.com/gui/file/ef0e082c1eefe8964366beead5630765d9d8e989ae7671cc9ef0551db75c5198/detection

193.161.193.99:41102

# Reference: https://www.virustotal.com/gui/file/82e73cb494a04a9d6e650149dfb2d5d21acf02ccce57bd2b24f968a4b71988ed/detection

160.177.210.162:5552
41.142.190.236:5552
41.143.142.227:5552

# Reference: https://www.virustotal.com/gui/file/ecf2a706e3aae74d76a4f73e050db6ce5011b1dfd60bdf5e3a9a7b77b3b2aaed/detection
# Reference: https://www.virustotal.com/gui/file/281cf2c4904de81661138240b7ea7a0880402db4083eab697d22d0d5e42cf942/detection

162.200.139.146:1704

# Reference: https://www.virustotal.com/gui/file/b9c1be88add17379ff4ba452a13aa52712680103f0b9e15901b7e80deaeb4716/detection

galrov.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/2cfb5b5d106c732b344e440ff88901100055894c8f1a952ce75afa257c7857b5/detection

18.188.14.65:17825
3.19.3.150:17825

# Reference: https://www.virustotal.com/gui/file/6f86faf12c9b933bb4c13ba4661b9b0f2f2f72eb1a188b6be94f3ac66d2f8ecf/detection

windataservice.club

# Reference: https://www.virustotal.com/gui/file/7a28dcfb7b1b0cfe9178ff1f360f6ca474165f2cb5925c5b5b90697d6a4f491f/detection

104.244.75.220:1101
185.101.94.172:1101

# Reference: https://www.virustotal.com/gui/file/6ae4f8fed85928e981dd91aa512b638ac5c61fe8402382b4cb1c12aaf2bf19bf/detection

79.134.225.112:7799
3five.duckdns.org

# Reference: https://www.virustotal.com/gui/file/be41a7e13a1df3d6ec6009d441a29e262975bbe8d7ea9c819eee79e7dad769ac/detection

193.56.28.161:1608

# Reference: https://www.virustotal.com/gui/file/fce1edbce9398f13a72369d7e00f472c39732ccd25d2c83b04ad32c55b2e0bad/detection

repmodz11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f219c99bae7d406ee40d9528179a93a2eed7c2c942ccda12916177159de6ce92/detection

193.56.28.161:4782

# Reference: https://www.virustotal.com/gui/file/adab3e5e3a61dd1440d0aa3e471a18055cb8e650cb045698e178ef8470f320d5/detection

reversengineerin.duckdns.org

# Reference: https://www.virustotal.com/gui/file/540b5c539846ab341645216dca0f63c78d35cd238b1267058ea7a08bb403f6b1/detection

91.233.116.105:4782
testtest22.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1217031480226041856

magicshavingpowder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d52a899580dd8a6504a0aab527618a276dec3a615485afb1b8e59b5c7ae6aef6/detection

185.140.53.131:9003
79.134.225.96:1972
tracyll.ddns.net

# Reference: https://www.virustotal.com/gui/file/0400cef226621ad00d51b8880025664e3a916c0c3c3207f3525b8423af52a5f6/detection

197.211.58.227:9003

# Reference: https://app.any.run/tasks/26a07c7f-e8b1-4972-8b76-d29be2feb278/

157.230.125.208:8008

# Reference: https://app.any.run/tasks/909ed8a8-970b-46ec-9699-a389c8fdef88/

157.230.125.208:2002

# Reference: https://app.any.run/tasks/2b12feaa-cbc8-478f-8443-44d88558766e/

194.88.106.61:9798

# Reference: https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html (# Win.Packed.Passwordstealera-7544289-0)

apina123.duckdns.org
backtofuture.zapto.org
chrome.giize.com
danek56.ddns.net
dhayan.ddns.net
dike.duckdns.org
gingles.ddns.net
holaholahola.hopto.org
mlks.ddns.net
nerdicon.ddns.net
niroshimax.zapto.org
nirovitch.zapto.org
nume123.hopto.org
pilnaspuodas.ddns.net
sanchosec.ddns.net
scammer.chickenkiller.com
swez111.ddns.net
update1337.duckdns.org
windows13467.ddns.net

# Reference: https://www.virustotal.com/gui/file/e0c2007dd615b777b51667e051b5e625d5e4e706565d1ffe396e432400809749/detection

83.170.70.102:36728

# Reference: https://www.virustotal.com/gui/file/ce9d32d1a31a172bf44c84c465b9f6cf47cbe5085be7bc942aa1e57f78f48d0c/detection

5.2.64.188:36728

# Reference: https://www.virustotal.com/gui/file/4858fcd2879bc6f88623a42e9b27330e80effd746eaaf8432dbf80b4749dca72/detection

80.107.25.98:1608

# Reference: https://www.virustotal.com/gui/file/d32ce01eb6472fbff22a31be6ee6137cf5da45208a828a5b54e6d8b6338d1934/detection

80.107.22.74:1608
80.107.25.98:1608

# Reference: https://www.virustotal.com/gui/file/ef656532743be59237b9bb8ec1b222621c0fd01d25deabdf01a0bd93f17321ce/detection

80.107.17.18:1608

# Reference: https://www.virustotal.com/gui/file/1075b35bba735e0fe5f7c7d5c5995e6681d18f3952ca77dd99f5c3e2d6f57a9e/detection

45.63.29.78:1879

# Reference: https://www.virustotal.com/gui/file/2e429e3b4d385902980aa13fd5acb9d717d2fb2724192a3a6529e619fec2119d/detection

45.63.29.78:1589

# Reference: https://www.virustotal.com/gui/file/71e5d3cfbd16d268791fb02e30393faea48adb43566be455ca7c4796fcf9b270/detection

103.136.43.131:1589

# Reference: https://app.any.run/tasks/93ebca66-fcb7-4610-bf01-25959423c1bf/

176.226.160.199:6522

# Reference: https://app.any.run/tasks/db854e6d-e88a-42c3-b3e2-afcf199852fc/

45.67.231.213:2012

# Reference: https://twitter.com/PhishingAi/status/1117780609688952832
# Reference: https://www.virustotal.com/gui/file/c8273b246205d369ce1c04f0a8f6c5df448bc752cd8159f8ec5f32828d0675ab/behavior/
# Reference: https://www.virustotal.com/gui/ip-address/185.247.228.228/relations

185.247.228.228:45201
pv8stresser.xyz

# Reference: https://app.any.run/tasks/6481821d-12a3-49f4-8f8b-e318b3ec363f/

178.62.47.13:4567

# Reference: https://app.any.run/tasks/8baef533-d6d9-41f8-8686-b4020072b5a6/

178.62.78.66:1222

# Reference: https://app.any.run/tasks/23b322c4-ede2-4fc1-b9cd-744cca6a1a8d/

193.161.193.99:62470

# Reference: https://app.any.run/tasks/c30976d1-5351-49b2-8dc7-bbf271e038b0/

193.161.193.99:57073

# Reference: https://app.any.run/tasks/35022f3b-864d-4160-a752-c366373fba73/

185.17.26.75:3363
69.61.84.233:3364

# Reference: https://app.any.run/tasks/fc23f074-83b3-4ea6-863a-5585a2b5d9ec/

157.230.125.208:4782

# Reference: https://app.any.run/tasks/498ee56f-da90-4443-a828-f8a0e8fb7fc6/

134.209.192.40:6732

# Reference: https://app.any.run/tasks/f73633e5-867d-430b-9c4e-43faab9cc2dd/

196.75.176.4:1188
amerkad199.ddns.net

# Reference: https://app.any.run/tasks/d4fe7165-3760-4566-a4ca-596036d34626/

82.202.167.203:4444

# Reference: https://app.any.run/tasks/41b6d9fb-7ae4-4cff-9117-261d969672f8/

194.5.97.31:5490

# Reference: https://app.any.run/tasks/c40f4844-fa9d-4cc1-9919-c62c669741eb/

35.188.120.120:3741

# Reference: https://app.any.run/tasks/69f634a0-5fea-4e4d-8949-f75c613a3628/

45.153.228.70:2012

# Reference: https://app.any.run/tasks/14c90c72-2003-4780-bc3e-dc0a375ae2ef/

194.9.70.179:1616
216.38.7.246:1616

# Reference: https://www.virustotal.com/gui/domain/r3m0te.65cdn.com/relations
# Reference: https://app.any.run/tasks/0d25dc42-8f63-4fb7-84bf-532eb1b93475/
# Reference: https://www.virustotal.com/gui/file/550389172e36dbd5efab3a49bc68d0130fc565110d25a2b1ae87227bfe0d8db6/detection

207.246.103.61:53
45.32.230.221:53
80.240.22.198:53
r3m0te.65cdn.com

# Reference: https://app.any.run/tasks/82087fda-173c-4c7a-9df1-1bcf1610ff1a/

nlggnjggmlggniggidggngggmjgg.iknlbkgp.traveroyce.com

# Reference: https://app.any.run/tasks/6be6fbb6-09c9-4996-9f28-50b13e2d475c/

91.218.65.24:4782

# Reference: https://app.any.run/tasks/7abafd85-87b4-42b0-9eb4-4ab625303308/

141.136.172.55:4782

# Reference: https://app.any.run/tasks/2ae1c72c-a989-4b0a-a7e2-51cdc8ad7991/

185.217.1.170:56098

# Reference: https://app.any.run/tasks/68bd09b4-809e-4e0e-a0af-79bec46b23f1/

199.66.93.168:4782
al3nzi1.ddns.net

# Reference: https://app.any.run/tasks/cd354138-433e-42b5-b868-036b73500898/

141.255.150.253:4782

# Reference: https://www.virustotal.com/gui/file/1c6c46bfc7c297cab5f790298ef7f92b5dfe1d4e2c3d441521379fd71f03ca7f/detection

210.16.120.250:1616
78.156.87.166:1616

# Reference: https://www.virustotal.com/gui/file/07cbca8fcb06a73a9a9d5855d69b0dc2953ece735f9dd43385695fa15f26cae7/detection

143.225.142.37:5147
79.2.172.253:5147

# Reference: https://app.any.run/tasks/e214a846-50f8-4cac-beff-434bd1bc3cf1/

141.98.212.23:28194

# Reference: https://app.any.run/tasks/75fcf8c1-b3af-4f18-bf62-ded0d217ae0f/

178.238.8.229:1608

# Reference: https://twitter.com/casual_malware/status/1242607122187198466
# Reference: https://app.any.run/tasks/ae6b0ed9-f16f-440a-ba69-e277ebd68b04/
# Reference: https://app.any.run/tasks/4571e5c5-70ce-4157-b7a1-edccdebec208/

192.169.69.25:4782
ikorodu.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1242880176469524480
# Reference: https://twitter.com/James_inthe_box/status/1242892393424142336

193.161.193.99:23030
DarkHate-23030.portmap.io

# Reference: https://app.any.run/tasks/829ab7e1-52d5-4672-91cb-08214558cbf6/

185.165.153.8:13291
cloudpassreset.ga
goodattack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9f9140490ea952c92ebe705bcb64437ed3bc91ddcc7d600869b8bc992dabefc4/detection

185.165.153.227:13291

# Reference: https://www.virustotal.com/gui/file/953861b541ece75e7fc471743cd2e87a843f94238857d5c189dcb434fb455bb3/detection

91.218.65.24:4782

# Reference: https://www.virustotal.com/gui/file/d295784b5991ef0b57bad469889a98881540ae22d105b7324e23e82298c3c498/detection

220.126.22.233:5553

# Reference: https://app.any.run/tasks/048dbdda-7252-4c72-9a48-771faf3ffa47/

157.230.125.208:3333

# Reference: https://www.virustotal.com/gui/file/8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416/detection

dnessss2.o-r.kr

# Reference: https://www.virustotal.com/gui/file/ad5d7d539088c0b57c8871d097bf8853da8039ffd65d6acdeda7cb7f28685232/detection

192.253.246.140:3360

# Reference: https://www.virustotal.com/gui/file/5605cf4460e58cc1c1f41baaf78400ff034efbad4e19367a2b53021ef824e7bc/detection

95.213.195.71:5052

# Reference: https://twitter.com/pmelson/status/1249375191114764290
# Reference: https://twitter.com/ScumBots/status/1249380937391013889

64.69.43.237:12259
free.idcfengye.com

# Reference: https://twitter.com/ScumBots/status/1249379530126565377

171.48.121.83:4782
dliker.myq-see.com

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/cdcf02ebd69dbb38874a456358732b66d8bd75897f6d7f49923360006ca3b0be/detection
# Reference: https://www.virustotal.com/gui/file/c2f70806a9fddb3ff61f045c92c48a19a0f889b839f68a2acd0e71e6c091499c/detection

23.105.131.162:4281
leetlauncher64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e9c623f9afbf6529763899c99d7a93911c645d803e9756a01295a4a6577c27df/detection

79.134.225.33:7974

# Reference: https://www.virustotal.com/gui/file/7c3a759d9812dae0e9c2851b2ccc5418a8c3b929854efcbfc142d3b70384605c/detection

192.169.69.25:41102

# Reference: https://www.virustotal.com/gui/file/a8133852a9c83ea7e383d84ef30c991d87fcda65e2dadf39b2f6e5791d5aa4ae/detection

25.68.8.40:1604

# Reference: https://www.virustotal.com/gui/file/df2198d1b9defab192c1d34157c9add7a0f732330b16d85dfbc70519113c0e0e/detection

80.189.158.57:25565

# Reference: https://www.virustotal.com/gui/file/cf729c46717f95052092cc40b03b455f6c4f7b31f0720d5b79f80dc963a10b35/detection

98.30.237.66:8080
visualstudionet.ddns.net

# Reference: https://www.virustotal.com/gui/file/631c1218c9f7b208afd95a341f92e6436f4e894bc4cd34f4f07ee68682db9e49/detection

159.89.214.31:25687

# Reference: https://twitter.com/ScumBots/status/1249398486702882823
# Reference: https://www.virustotal.com/gui/file/d24a38c9c8ba49b16d835617bf0f382d692547eb77961d99e2147e0570785f43/detection

192.169.69.25:3389
scario.duckdns.org

# Reference: https://www.virustotal.com/gui/file/87522a1f67d1b1ea11ff1d414e6e41a4bbd9df394b7502ddd9685671f47e2831/detection

82.205.35.252:7974
hip.webhop.net

# Reference: https://twitter.com/ScumBots/status/1249398095214981132

109.234.37.166:4782

# Reference: https://twitter.com/ScumBots/status/1249398020900294658
# Reference: https://www.virustotal.com/gui/file/156e94878f5dc982ce0b3ffe381146edff4d5978cc324325e34ae6fec961c5c7/detection

141.255.155.141:4782
deputa.hopto.org

# Reference: https://www.virustotal.com/gui/file/39cbc35bb2110405e66a3818df4dcdecc19482f724ef7e38b075183e573d6dbf/detection

88.114.20.111:5552
apina22.ddns.net

# Reference: https://www.virustotal.com/gui/file/14d93dc9869abecb9db83fa0ee2e6062def5c413ea1270b504ac9df27860bb64/detection

onedollarr.ddns.net

# Reference: https://www.virustotal.com/gui/file/f76006828a7e23845ae8488e6a5397607c54eb6de1465e9b16f8dffc2212e401/detection

intelserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/de6f87a6111a389d05b3fac7d3c266296416e323f13f1695dd6f5f2b7835779e/detection

84.117.133.163:1177
mog.servegame.com

# Reference: https://twitter.com/ScumBots/status/1249396818535907330

149.28.201.253:4782

# Reference: https://www.virustotal.com/gui/file/f0eb82f2828d2819d3003b7efdef6139af4387fad9a20c5f8b2ca21ea28937eb/detection

193.161.193.99:43045
hibro-43045.portmap.io

# Reference: https://www.virustotal.com/gui/file/379b77231e552f1c56637d6b373aee287be8127bc8b55484e8ddd344c7029ae4/detection

94.79.235.91:477
localcv.hopto.org

# Reference: https://www.virustotal.com/gui/file/6d1540821c19e4074e619511ec783c898ef759873bada62e4234cd05042baad1/detection

178.124.140.147:54984

# Reference: https://twitter.com/ScumBots/status/1249396132293345281

65.184.25.147:5552

# Reference: https://twitter.com/ScumBots/status/1249376293717708805

178.63.148.235:2988

# Reference: https://twitter.com/ScumBots/status/1249395982208569350

193.161.193.99:42900
bykertix-42900.portmap.io

# Reference: https://www.virustotal.com/gui/file/095b484575676d4b31e84d6165d6d1e9e52840958800c7ea8c56dc823e331b12/detection

171.96.98.86:5000
hellofuizz.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249395757758795779

77.46.232.248:2323

# Reference: https://www.virustotal.com/gui/file/e3fe2223aad351226dcdc7ed6eba64a698e42cd70520f3acab75300794715feb/detection

archimed07.ddns.net

# Reference: https://www.virustotal.com/gui/file/c54e060c2466ff870ba2d728c2e32dbd2126c70b27c6ae6580ebee2aab3d6360/detection

84.51.52.166:4782

# Reference: https://twitter.com/ScumBots/status/1249395372453224450

77.83.174.51:4782

# Reference: https://twitter.com/ScumBots/status/1249395297601626114

207.154.213.157:5425

# Reference: https://twitter.com/ScumBots/status/1249394685380001795

207.154.213.157:9595

# Reference: https://twitter.com/ScumBots/status/1249394610423595008

185.231.69.80:4782

# Reference: https://twitter.com/ScumBots/status/1249394458568916998

177.40.135.97:4782

# Reference: https://twitter.com/ScumBots/status/1249394294609383429

54.90.225.37:4545

# Reference: https://www.virustotal.com/gui/file/3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6/detection

176.133.189.113:2411
nasjshome.myqnapcloud.com

# Reference: https://www.virustotal.com/gui/file/728a78f654264825676f43579a8f00ad48433d0a2e7a9c11f61966eb755fac7a/detection

46.246.27.131:5050
gusanitogusanito.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9b339df38ba31476a4c85344cf03837578485a54035445bd692d791867b9facc/detection

193.161.193.99:62544
edal-62544.portmap.io

# Reference: https://www.virustotal.com/gui/file/57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac/detection

78.224.10.150:1630

# Reference: https://www.virustotal.com/gui/file/e7053e90884cde9416d3993d4e1b5f72d6e9d39f14be489447a17eee23ef6b96/detection

crulol.ddns.net

# Reference: https://www.virustotal.com/gui/file/630b83f1ea85ac9bfb828ecbbf1cb7841ac1cccf962a92b555164d862ff55440/detection

impawn.ddns.net

# Reference: https://www.virustotal.com/gui/file/d77afe27777032a8ecc348894dbd9e25b7586a6995484b39739ae196f963bfaf/detection

78.83.123.253:4782
kosinker.casacam.net

# Reference: https://twitter.com/ScumBots/status/1249393006169460737

2.82.185.236:4782

# Reference: https://www.virustotal.com/gui/file/6837ebeda99e2bf8df13092d6d7a3a82b491cd79f8ba88d4be22cc05bae80d64/detection

93.202.202.155:99
aldsajdodsdasd12.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1249392543101583361

58.236.228.50:25252

# Reference: https://www.virustotal.com/gui/file/090f9aa6fe88fd3cf6750ef8f09a8713520c13a9c2b207c907fa6022428ab1a0/detection

sumer.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249392315141160961

151.16.225.247:4782

# Reference: https://twitter.com/ScumBots/status/1249392240499228672

207.154.213.157:4465

# Reference: https://www.virustotal.com/gui/file/04d8bdc0c8d10cac881526b8c8f43f791544a9e84d9535bcd1386c4f424b5b7b/detection

192.169.69.25:3360
fx123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/935ab05c65e0de5114d5b4d997fbb907f3699a859dcb3cde07afee8595f366db/detection

3.17.117.250:10923

# Reference: https://www.virustotal.com/gui/file/35826857f7763122fb380c1392f2d0fb820ec28c1f16e858b3846b9f681525af/detection

193.161.193.99:34655
gameranil88-34655.portmap.io

# Reference: https://twitter.com/ScumBots/status/1249391506902974465

207.154.213.157:7766

# Reference: https://twitter.com/ScumBots/status/1249391270809788418

185.17.26.75:3782

# Reference: https://www.virustotal.com/gui/file/c7482af7971b3fef8b458eb284f0f3de177ae3fbe6fc7b7fb4e91f8f84d0152d/detection

ninjakiller1.ddns.net

# Reference: https://www.virustotal.com/gui/file/8826d9cdb01c714426e9f93b9c22fff72a5ea547d8f2df6469556c07ae659d42/detection

charlesrat.ddns.net

# Reference: https://www.virustotal.com/gui/file/a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5/detection

92.63.110.250:9999

# Reference: https://www.virustotal.com/gui/file/bf64c22f0698dc97db127d88456d4d155f2dc96b6e8327a4753bf8747adfae1b/detection

89.245.196.17:5052
zero1.ddns.net

# Reference: https://www.virustotal.com/gui/file/abcc40b928a54fa98a175106dce553d3a19d5fcc5adcf0e163a6d6da2d8bba4a/detection

188.25.202.178:4445
revellboosting.serveblog.net

# Reference: https://www.virustotal.com/gui/file/3acd4e7cf3c0f690581ede29a8fc05a17c6ce65280008f203da54631df06f730/detection

199.16.158.190:1337

# Reference: https://twitter.com/ScumBots/status/1249390024677896206

211.215.89.102:6522
dhhdtestserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/f18d7b47f79f5d93513670417c438ec4b75a7faf0b6c634f6453004b93db901b/detection

192.169.69.25:4061
chromeconnection.duckdns.org

# Reference: https://www.virustotal.com/gui/file/94e10458cf1a57ead9ae551e05094e3ce540a7441701cab391008685d3e00222/detection

193.161.193.99:43045
hibro-43045.portmap.io

# Reference: https://www.virustotal.com/gui/file/0a78b1618c225808ef645280b48fda51923b811fdc38cf210c34672fb80ba6df/detection

luko.dynu.com

# Reference: https://www.virustotal.com/gui/file/d547eaf8f5fb791372d2793d5833f31d9c33f08e0ff3d7d4c892748d8d0ca489/detection

193.161.193.99:42443
noyon007-42443.portmap.host

# Reference: https://www.virustotal.com/gui/file/425eecf3bdd7c9fc731f263283260bacbc1c505c9104f68ae291b4cf78ec5af7/detection

193.161.193.99:43597
deneme12-47909.portmap.host

# Reference: https://www.virustotal.com/gui/file/0af78e5236f8e26e209545f5b7341b73e8374e26accec827919d9cf3d545a785/detection

193.161.193.99:41102

# Reference: https://twitter.com/ScumBots/status/1249388944455761922

159.203.16.166:8383

# Reference: https://twitter.com/ScumBots/status/1249388831238995969

193.161.193.99:26063

# Reference: https://www.virustotal.com/gui/file/1c4787902baff1a8e51b1a9b80eefe7e7928b237edff80d3387454bcac643dfd/detection

78.13.63.66:1604
trolled.ddns.net

# Reference: https://www.virustotal.com/gui/file/e60fed1dfce5f593fae643d02900ee65168aeaeaaedd626a064b71d1da842887/detection

192.169.69.25:1604

# Reference: https://twitter.com/ScumBots/status/1249388601865101312

185.12.45.79:53841

# Reference: https://twitter.com/ScumBots/status/1249388451620950023

217.120.237.39:4567

# Reference: https://www.virustotal.com/gui/file/59a3b394925765cc2773f1b1ef1dd5d8020715366f2978ad3a2cd064bdc11211/detection

193.161.193.99:62870
micalter-62870.portmap.host

# Reference: https://www.virustotal.com/gui/file/87b17a191a1098f5ff1aa7f5dac344cf00ddacafe4589018e692d9a0d540ac70/detection

213.249.194.103:4782
ytp.nsupdate.info

# Reference: https://twitter.com/ScumBots/status/1249388226118324227

88.243.116.39:30

# Reference: https://twitter.com/ScumBots/status/1249388075752587265

159.89.11.68:7900

# Reference: https://www.virustotal.com/gui/file/47686cbf6524d558337f479bf7ce69eeaeedc1178c30dc03a282418ba6f95690/detection

174.58.56.234:1177
aesthetic.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249387757216161792
# Reference: https://www.virustotal.com/gui/file/55742eb250243df64778bf60e910012d8cb5891049613726776a218cb2cfad0a/detection

197.200.44.30:6666
microsoftss.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1249387682607894529

182.191.90.92:4782

# Reference: https://www.virustotal.com/gui/file/09277fda08860febda2652dc57b28a7b34618d7fccf12b02433403a6d490fb62/detection

41.102.37.199:2001
ra2luxe16.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1249385384921960451

89.65.90.37:4782

# Reference: https://www.virustotal.com/gui/file/1d494495056a9adb45449af2c3e724242e339d82acf55496288d04da3fc7e76b/detection

havochacks.duckdns.org

# Reference: https://www.virustotal.com/gui/file/56acdc05a2fbdc0415e9d30af716323dc54cd955a2893515318108780a608c12/detection

israelrules.ddns.net

# Reference: https://www.virustotal.com/gui/file/4496d69d4b0ebe706d4829324165b6aebc501a9903496018bcfeb36120759f5a/detection

193.161.193.99:55061
zyrus-55061.portmap.io

# Reference: https://www.virustotal.com/gui/file/1559baccaadca011a4ad0207c966079e8fa632f6a00499b5d752b30986492215/detection

191.47.71.116:6522
mumojuw.ddns.net

# Reference: https://www.virustotal.com/gui/file/20c0b5be94cb8392f6b02403fadeeea73d83358d1ed66bda69c62e2d7f640df0/detection

79.134.225.122:10150
raje01.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249384071974785026

156.198.85.159:5555

# Reference: https://www.virustotal.com/gui/file/9bbb7384378ccedd3cd9780a95e170d0080a0b30d9bd218b0afead760adfd909/detection

jonathan.d.leet.pw

# Reference: https://twitter.com/ScumBots/status/1249383614686642176

95.154.199.21:60372

# Reference: https://twitter.com/ScumBots/status/1249383535435231233

185.130.104.186:1010

# Reference: https://twitter.com/ScumBots/status/1249383307965579269

79.137.121.218:4444

# Reference: https://www.virustotal.com/gui/file/2b766f8b807b2b39b6f347983ebe042f14eae2c8ddb3dfd3a2c9a3c096048d95/detection

messervices.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1249382046402777090

207.154.213.157:10123

# Reference: https://www.virustotal.com/gui/file/71a5f2d9aa531adae8bbc3ac60ca3444d8b610865c45040a921ec054f431432c/detection

24.131.141.50:54984

# Reference: https://www.virustotal.com/gui/file/00fd890f5850727bd58f0c5ce8522c7b4bbead9310d54511befe9e185c569012/detection

188.134.75.116:4782

# Reference: https://twitter.com/ScumBots/status/1249381578050023426

185.161.209.66:4782

# Reference: https://www.virustotal.com/gui/file/24891cd836c6e0a7154a4e1b11daf173b6c7c1214587b7fee5a41e586d86c657/detection

193.161.193.99:56636
hardpr0x0r-56636.portmap.host

# Reference: https://twitter.com/ScumBots/status/1249381334197379074
# Reference: https://www.virustotal.com/gui/file/885953234e2e1a4643aff0dd7fdab0024beab9751bbcbd7d5707fea103893f2c/detection

wales10.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249381012884402176

78.129.32.187:4782

# Reference: https://twitter.com/ScumBots/status/1249380787683803137

173.212.216.217:6666

# Reference: https://twitter.com/ScumBots/status/1249380711573925888

209.250.236.170:4782

# Reference: https://www.virustotal.com/gui/file/745d65c0a358cdd6083928055b2d675006534184931f0b8118d83736334fb089/detection

193.161.193.99:35617
xXKamilloXx-37712.portmap.host

# Reference: https://www.virustotal.com/gui/file/e9917a58f2227cf0a184e35fee72c9890a3e0f24d813623c5c32d9f02e1a46d1/detection

79.134.225.96:1313
nybenlord.dynu.net

# Reference: https://www.virustotal.com/gui/file/284ffcf3e1cbe3a03e2406ca3fa07b7376aca0a136961ed642beb24213352942/detection

corpse666.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249376523553046533

176.123.10.227:4782

# Reference: https://twitter.com/ScumBots/status/1249376447581622275

88.136.26.45:6598

# Reference: https://twitter.com/ScumBots/status/1249376142072713218

159.65.32.133:9898

# Reference: https://www.virustotal.com/gui/file/ffe6eaa089817fd83aa4d7c61ff27cd77a11882ea21cd1ca743a851595c4f3c7/detection

192.169.69.25:2458
212.47.247.76:2458
viralcfdnshost.duckdns.org

# Reference: https://app.any.run/tasks/171ebc29-01cd-42b3-8878-70a1bb78bf18/

194.127.178.200:4782
domainshit.cf

# Reference: https://app.any.run/tasks/e8a9b353-b67c-4257-b90e-cffb24a3e515/

76.16.201.143:29457
rxtpredz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257440289884643331

91.109.188.2:3030
crsiedem7.ddns.net

# Reference: https://www.virustotal.com/gui/file/0f44b13d72a71e094884853649d5dfbe64b2d92b44c3b8d5fa63583bdae9a034/detection

141.255.158.137:3030

# Reference: https://www.virustotal.com/gui/file/33149db8184ed445510259b12f84a57654d7876a4ef1102475f1e867bec95418/detection

188.146.134.101:3030

# Reference: https://www.virustotal.com/gui/file/c3febfb1b5d672cfb0b5a8e307ce3c39d4fabb4277cef0f6ead498dfd105f2d8/detection

141.255.144.233:3030

# Reference: https://twitter.com/ScumBots/status/1257439302444814338

193.161.193.99:48059
JanFinas-48059.portmap.io

# Reference: https://app.any.run/tasks/ecccff06-360c-4eb6-b91a-542c69a8598f/

109.228.225.8:1604
eceda.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257981518556860416

222.238.154.10:4782
qua.kro.kr

# Reference: https://www.virustotal.com/gui/file/e3703b0fe905cdbde58b03ff78c482ea766df2a30d30b7b4dc3a18187ecfdfc3/detection

185.140.53.106:4782

# Reference: https://www.virustotal.com/gui/domain/tartarus124578.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/8c64f15363ae3a35a492c35e310d12842e61fbee6a0efb82e7b89a739aa78b7e/detection

2.87.45.151:1601
79.130.204.204:1601
79.130.251.240:1601
79.130.255.148:1601
79.131.50.186:1601
94.71.151.99:1601
tartarus124578.ddns.net

# Reference: https://www.virustotal.com/gui/file/d400059cf7e07897e19dc5ee052c0f7bdc6b85dda05cf4ed37a6f96456b69b71/detection

185.140.53.43:4782

# Reference: https://www.virustotal.com/gui/file/bc3a0af7b5ca896fd305204459f6647a5d22169cb9776969a6b7e972b59738c6/detection

kenya1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ab0c370e055d72438a8ba9d1e4bd7b16d50e5f6b7cc39bc0fa90e28ecd3a1b29/detection

212.125.26.57:1601
cenk3431.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1261874049870897161

74.91.115.145:4782

# Reference: https://twitter.com/JayTHL/status/1262217942655291393

94.104.170.10:1605
czhost.ddns.net

# Reference: https://twitter.com/ScumBots/status/1263236145015664653

46.196.45.35:1604

# Reference: https://www.virustotal.com/gui/file/27fd728bc657ee7c2d0ec4fe4715e890225c6d12690080b854e61cb33b995ddb/detection

185.140.53.247:8280
duarte83.bounceme.net

# Reference: https://twitter.com/ScumBots/status/1268902232281550848

141.255.144.120:4782
werfgjsbzhnw.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b7df1cfc092eb55c3f7135666ed916e283f21b8ddf9f97d8f683638504762bc/detection

148.103.183.5:4444

# Reference: https://www.virustotal.com/gui/file/6732e6b2fee87b2d544613938533273983b71fb13180aed4c0cee06dbfe59410/detection

94.60.172.123:5353

# Reference: https://app.any.run/tasks/06c7cc02-0955-4435-8589-6250b8b5b737/

ayewhatsgoodbrolmao.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1271937224070791169

85.25.210.57:4782
dns0676398717.myftp.org

# Reference: https://app.any.run/tasks/a5badbb9-ac6a-468b-9048-29144a6042c7/

128.90.105.57:3468
128.90.105.57:9093
cepeda.linkpc.net
migracion.linkpc.net

# Reference: https://www.virustotal.com/gui/file/8f262a933be275930b09e0f01eacd7931ac20be063a9d4306439be095f9ce588/detection

39.41.16.61:1997

# Reference: https://www.virustotal.com/gui/file/504e075b3107cd1019b85cd8abb2f23fccc6d66419625357046c78d4383a326e/detection

et10.ddns.net

# Reference: https://www.virustotal.com/gui/file/2df82d12b3e4627ffb2f7c0e6c8371f23c4beabb935f93b2c88389953fc07027/detection

reversetcp.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1275354027845398530
# Reference: https://app.any.run/tasks/7f242d3e-8ea6-423e-9add-a82d5e4980a8/
# Reference: https://app.any.run/tasks/765b8842-7850-4923-abcb-780f402841dd/

payloads-poison.000webhostapp.com

# Reference: https://twitter.com/ScumBots/status/1277093703199477761

34.75.102.183:1604

# Reference: https://app.any.run/tasks/28cd2661-3ddc-4f3d-b6a5-bae37987392d/

86.144.71.246:4782
bungleboo.ddns.net

# Reference: https://app.any.run/tasks/9dfcfbd8-a7c7-49ba-8ed1-7dfb5be53c2b/

141.98.252.168:16248
quasimodo.onthewifi.com

# Reference: https://www.virustotal.com/gui/file/29d48bc1e21fb275d4801c5f326937d71543c2d8cf57220086702c1c74bce0b2/detection

159.89.214.31:4782

# Reference: https://app.any.run/tasks/9ab92853-b7eb-45da-8053-4875963d9797/

37.223.208.94:1604
hatenigger.ddns.net

# Reference: https://twitter.com/ScumBots/status/1284507557588082691

51.161.105.101:4782

# Reference: https://www.virustotal.com/gui/file/893eb1609e54fe685e7bf26400b6ae37776cb4749748a60172aa3cb4e8e7156e/detection

145.249.55.249:1177

# Reference: https://twitter.com/James_inthe_box/status/1285294414475087872
# Reference: https://app.any.run/tasks/42fe73c9-d488-4893-a201-f40337b56456/

129.205.124.8:444
bak505.duckdns.org

# Reference: https://app.any.run/tasks/2ed9777d-8227-4bb7-a142-face7c1c4421
# Reference: https://app.any.run/tasks/e4f346c5-87ba-47e7-ab93-fabc01252c70
# Reference: https://app.any.run/tasks/26e4b9c2-7e1a-4f28-89be-445ce6315d37
# Reference: https://www.virustotal.com/gui/ip-address/185.153.222.198/relations

185.153.222.198:2404
185.153.222.198:3189
185.153.222.198:5147
185.153.222.198:5552
185.153.222.198:5579
185.153.222.198:5677
185.153.222.198:5912
185.153.222.198:6666
185.153.222.198:7371
185.153.222.198:20000
academy.3utilities.com

# Reference: https://www.virustotal.com/gui/file/a20c73149b150bbb7bb8069abcbe2c6366ddf712a9d3e5907daa2b44c783d371/detection

193.161.193.99:54017
sanu99-54017.portmap.host

# Reference: https://www.virustotal.com/gui/file/20f049ed4778e06ebcb53b8335a7441666c1b5b12c8106cb183fcffc3e1b0f1c/detection

185.174.102.105:5991

# Reference: https://www.virustotal.com/gui/file/f0c1b7c0322a3d940b5b3388c391dcfd6ca736a975248650a4d8ead0e3569506/detection

84.127.74.183:4782
quasar123.ddns.net

# Reference: https://www.virustotal.com/gui/file/900012c0fcd4c9adae1001b7f32965f2d39629f807bb7bc2c57ce88d043e246f/detection

retard.myddns.me

# Reference: https://www.virustotal.com/gui/file/e46f9d5725828b9ba18e8e5934836b82dc1cdcf67100290c47d673674bcc43f1/detection

141.136.135.118:1337

# Reference: https://twitter.com/_re_fox/status/1293368339423780866
# Reference: https://app.any.run/tasks/63b38da6-63d6-44d2-824a-53d07352b020/

216.38.2.214:1148
sept2019.serveftp.com

# Reference: https://twitter.com/iamwinstonm/status/1294761707445854209 (# VenomRAT, Velos)
# Reference: https://blog.malwarelab.pl/posts/venom/
# Reference: https://github.com/MalwareLab-pl/ioc/blob/master/venom/c2s.txt

http://91.134.207.16
payloads-poison.000webhostapp.com
1.197.16.130:9999
103.121.78.249:4782
109.104.215.139:4782
115.78.135.163:6666
116.203.207.137:4782
123.123.123.123:4782
13.66.218.91:60554
136.244.79.165:4782
139.99.167.153:4782
172.20.10.6:9090
177.45.83.138:34012
185.16.160.204:4782
186.123.32.82:81
186.137.129.110:7770
188.165.165.18:4782
193.161.193.99:1194
193.161.193.99:36267
193.178.169.191:4782
217.114.218.29:4782
3.20.98.123:13935
3.20.98.123:14700
3.20.98.123:18375
35.196.132.85:4782
35.237.4.214:4782
45.77.243.161:7182
5.181.151.210:4782
51.38.29.129:2222
51.38.29.129:4444
51.68.250.107:6361
51.81.105.226:4782
77.140.68.143:1505
80.85.157.34:4782
81.109.117.136:4096
81.109.117.136:6606
82.37.243.209:6606
85.214.90.252:81
90.131.33.170:4782
93.25.186.160:26656
95.181.157.143:3380
95.181.157.143:4448
95.181.157.143:4449
BOSSIX-41718.portmap.host
blackjackk.ddns.net
casadomoticaelle.duckdns.org
chadseybert-52742.portmap.io
dontreachme3.ddns.net
dontreachme4.ddns.net
eceda.duckdns.org
filepony.ddns.net
fivemmods222.ddns.net
leagueoflegends001.publicvm.com
loler123.ddns.net
metin2white.sytes.net
microsoftsecurity.systes.net
nigger69.ddns.net
rays.kro.kr
slicetortoise.ddns.net
steamguard.ddns.net
support-apple.publicvm.com
testt1234.ddns.net
tiago123.ddns.net
van0m.ddns.net
vegaspoofer.ddns.net
venomghost.hopto.org
viperfuck.ddns.net
zbeubzbeub.ddns.net

# Reference: https://www.virustotal.com/gui/file/78b4e6a4b4fa0483b0cfc85e882e3808a8b5d5979ff993ea55a844525d5bf8c6/detection

141.255.144.113:4782
mhmod123.ddns.net

# Reference: https://www.virustotal.com/gui/file/221ec23c0034263020977725da21010e22ef265969d445d2eacf941383a8f38f/detection
# Reference: https://www.virustotal.com/gui/file/3f808ee9391ef2e282b963f23db9442cb04722691fe6f0594c408bb05667df4e/detection
# Reference: https://www.virustotal.com/gui/file/4251d8525baad5ef02878f7eb9b93ce1a1ed1ba9f24faeba9c85a2c490321640/detection
# Reference: https://www.virustotal.com/gui/file/34e34ba6836866ef6f49402f89def0c54fa3252d12c5d88964be4c39ada45860/detection

156.223.185.50:4782
156.223.77.244:4782
156.223.82.185:4782
156.223.94.98:4782
41.233.216.227:4782
lapoire3.hopto.org

# Reference: https://www.virustotal.com/gui/file/ec2e9c8c110756ec3bfcab551b53397221310769db8d7713a88367c43c94ca09/detection

193.161.193.99:38904
scarphed-38904.portmap.host

# Reference: https://www.virustotal.com/gui/file/c6d64d67db1ea314041569ff38363af43157cb40d4ae03a6bfb9c25f82649b50/detection

193.161.193.99:52505
hoptoorger-52505.portmap.host

# Reference: https://www.virustotal.com/gui/file/6a222d7ef754ad21afaffb596fadc1b4f82953c6325e3924d67c68706eeb5289/detection

193.161.193.99:35837
spam-35837.portmap.host

# Reference: https://www.virustotal.com/gui/file/720146e3b059cbafacee69ae0c65dd58cb255383dc7cf16eb71d69cbb05aa393/detection

193.161.193.99:49521
microsoft2020copyrights-49521.portmap.host

# Reference: https://www.virustotal.com/gui/file/3a2c4d045bfb0210a7b0e238a1005a18a6820564d458c1501b723a9f5c5bf90d/detection

193.161.193.99:42038
microsoft2020copyrights-42038.portmap.io

# Reference: https://www.virustotal.com/gui/file/b2c169e3d67e48f2e79e33d7b97ad4da38f8cd9e150bd9f8b408f1a43c946010/detection

193.161.193.99:29492
hwkeyez-29492.portmap.host

# Reference: https://www.virustotal.com/gui/file/7d92373cd202cf3ce22b187976387f566d8969b46d95000f0d4878f6a4bdf2d3/detection

193.161.193.99:42282
apogaming-42282.portmap.host

# Reference: https://www.virustotal.com/gui/file/5d3e2f59f490de57916dc30ca2a33698938717ef6682acf524c272a513db988a/detection

193.161.193.99:27716
pycurrocax-5207-27116.portmap.host

# Reference: https://www.virustotal.com/gui/file/97c3137afaf8fcceded845fd106bbe8d9d8aac1cdef6c0907866be9f7040939e/detection

193.161.193.99:45651
WindowsRCL-45651.portmap.host

# Reference: https://www.virustotal.com/gui/file/6e0526c525c996ca8f3d54bab54a3d575dd9a8416df41dbb8a149c0b4cd52065/detection

85.215.81.202:2303

# Reference: https://www.virustotal.com/gui/file/298bf9f8f1007903eca07d19e00a6754d50791eaf07b34086d97bc8c323f0aed/detection

156.223.102.92:3030
firstcompanyrechner.duckdns.org

# Reference: https://app.any.run/tasks/e3456ecc-2912-454a-a116-01f3cf7bd35e/

177.255.88.109:3876
alfonsoalferez1967.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c2d61b92e92bb73c180b4aba67051650fa728aa19e069b181c0b3f7970c8e443/detection

175.37.36.152:1877
zakelakes.ddns.net

# Reference: https://www.virustotal.com/gui/file/71db5cdfd9e27d2bbb7d43979ce0d9637a1a190549c2c8e978cb1cf5b509087a/detection
# Reference: https://www.virustotal.com/gui/file/1c2b38e7f929c96563e9599eb527f7a27354a34b4d70b4ce8322db8d6b077b90/detection
# Reference: https://www.virustotal.com/gui/file/83200d64a920af3351f315a0c51b854e287917b94579eb4d455c7c1ab945ab0e/detection

194.9.70.179:11061
49.2.123.56:11061
92.53.66.44:11061
niogem117.soon.it

# Reference: https://www.virustotal.com/gui/file/8117dbf1179628d105c6297150e4f18c1ddf952d66e19de9faf93008dffa74db/detection

41.233.248.164:3030

# Reference: https://app.any.run/tasks/e29eeb34-1f1f-4891-94ac-7631364de315/

89.38.99.64:222

# Reference: https://www.virustotal.com/gui/file/baa8fed19ef5ee68817c2ee77807d7e002114eb7402d72023a25f6f9ceae7e11/detection

3.22.15.135:11075

# Reference: https://www.virustotal.com/gui/file/2801e23864a2d65490e0ef7663d0d0e4292242f84d8368f0cdeefa868c375521/detection

18.218.177.181:7112

# Reference: https://app.any.run/tasks/3b577865-731d-4c32-9772-87125c4429d7/

109.236.88.17:5552

# Reference: https://www.virustotal.com/gui/file/0a1a060933d914d898f655fc01130aae36b7d9ee33f98e3c9f01513cad9274ee/detection

185.140.53.135:1111

# Reference: https://app.any.run/tasks/ccdc9825-ae21-4abc-aaaa-e26913013552/

xxxzxxx.ddns.net

# Reference: https://app.any.run/tasks/ca528cfc-8a3c-48bc-a6d2-2e52cfde9e58/

193.161.193.99:29077
z2020-29077.portmap.host

# Reference: https://app.any.run/tasks/553ac7ce-3322-4890-be49-4de1953ff3b1/

193.161.193.99:26273
ZXCVASDF-26273.portmap.host

# Reference: https://www.virustotal.com/gui/file/03ba76ed11ea5c691cba39d4937c3dd18a200911f91b8f741e0f9a5cb27292e1/detection
# Reference: https://www.virustotal.com/gui/file/01ea5b9d22efc873c8e8b1e6f8c7d0f749af0689c19ea9545bd266b66cc11441/detection
# Reference: https://www.virustotal.com/gui/file/937d573d7c4cf550f28ecf87a0cd495bfdd9521e66400bc8d1fe996e27fdc140/detection
# Reference: https://www.virustotal.com/gui/file/1aa0bbffa2da1f6adbe887effd2fe5b85cf6910e48a7ff9233e34d6a2fb103e7/detection
# Reference: https://www.virustotal.com/gui/file/814b70e078c672595023c580716e80ea44cf692d313b6e60d72b5c33e1b9c937/detection

139.162.113.21:10044
windowsup.microsoftupa.com

# Reference: https://www.virustotal.com/gui/file/87ae5ccfeb79d40cc9f4a8fd6a86fb34233a55e8b2de2cbfee3958f2f4dc0a04/detection

104.18.44.248:4782

# Reference: https://www.virustotal.com/gui/file/aacfd54183f4afdf0982230069833b23e78a64d0e7748a4a07afa039d8741290/detection

95.234.164.252:4782
desdemone.ddns.net

# Reference: https://www.virustotal.com/gui/file/bcc61b17a7237aa62e3d4ee4dba06bb53b033ecd4628200ff7c33544b3855b48/detection

51.195.200.153:1177
nazoplay.ddns.net

# Reference: https://twitter.com/wwp96/status/1327896383333019650
# Reference: https://app.any.run/tasks/4f82c810-38b5-4af9-accc-5a8ddf906890/

94.242.224.249:222

# Reference: https://app.any.run/tasks/5d51ce75-0740-4235-b508-47971cf23fa1/

185.244.26.221:4782
devils.shacknet.us

# Reference: https://www.virustotal.com/gui/file/d41310d33dccb0343373261b7c5468f89329095556eede577686b4864446e8d0/detection

194.5.97.88:4770
brightgee1.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/9d913ac92ef644aa22656ee6cb54e4590729477be7d65e5980fe9b2b272d9078/detection

124.62.162.230:9600
korea12.co19.kr

# Reference: https://www.virustotal.com/gui/file/a6cb60fb9e287fd0f8aca77c1cde66dff1e879822f80a797bf635313ab9cae96/detection

ddns170.airdns.org

# Reference: https://otx.alienvault.com/pulse/5fcb77747ed85445c567eef4

mail.hsjinteriordeco.com

# Reference: https://www.virustotal.com/gui/file/9599df844bcb3e0be8cb99e96114b3f36b8ba5e34144ac667ed6af14993c2b67/detection
# Reference: https://www.virustotal.com/gui/file/7786900a5f08e4c090d1a4b3507afe271aff4891af740abf8212be79d9e231b6/detection

5.8.88.191:443
5.8.88.191:8080
sockartek.icu

# Reference: https://app.any.run/tasks/7d2ac8cc-2aaa-4466-9780-921ee5891a63/

45.13.58.25:9999
mynmds.myq-see.com

# Reference: https://www.virustotal.com/gui/file/f0e8b7f7e23ca59f8913b7507c420abe3f81bbfd48a0b78531ff28ecb78a916f/detection

193.161.193.99:34240
zezoro321-34240.portmap.host

# Reference: https://www.virustotal.com/gui/file/03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca/detection
# Reference: https://www.virustotal.com/gui/file/4db8e6a74e70cae2842e96711c617f4c8c6654ac9c487dd90a728f4a8d558bfe/detection
# Reference: https://www.virustotal.com/gui/file/3b3a0f30ba6beee60ff78b8762673cd547f3aa32371feb4c6ad082a7ad4711e9/detection

178.124.140.134:1970
185.157.162.81:1970
185.86.106.226:1970
xyz.videomarket.eu

# Reference: https://www.virustotal.com/gui/file/82c614670064affc788ff48a0474c782d9d4f91b6f0ed191a5bbd71f7c5f4d1c/detection

88.24.171.143:4782
hackblood.bounceme.net

# Reference: https://www.virustotal.com/gui/file/80c46f4aff799888e97a25b7c75580d7d5235f8bbc91f3090ba8e840018b81ce/detection
# Reference: https://www.virustotal.com/gui/file/0cc6df9a0a29276120d4552a6a64a110b571e6f223c93678f78c3f6dd054f255/detection

pashalol.ddns.net

# Reference: https://www.virustotal.com/gui/file/c4c8e6d34090b2d68aad28fc0ae0d8630c4a8ee58169b0f30600b9f50713d5e6/detection

193.161.193.99:43971
password0-43971.portmap.host

# Reference: https://www.virustotal.com/gui/file/903f547b462548cc2b4d19d9195b2301ce624e3de48e18941364c17954f76a0e/detection
# Reference: https://www.virustotal.com/gui/file/ab4d2429d0d15b5999ebf2f312b187ff4ef67d6a3500816cb6140b03fed0bcf2/detection

105.154.186.111:4444
105.155.90.11:4444
cd5e527fb8.hopto.org

# Reference: https://www.virustotal.com/gui/file/0813c443788eaaa34194d78a1d9e9cad94f18c54d75f68d6ca1a306f410db934/detection
# Reference: https://www.virustotal.com/gui/file/c86f7c8a5ba61582390b76266b9bd3d5b0b324f9b17736d8fe9731464a240229/detection
# Reference: https://www.virustotal.com/gui/file/75528a32a51ed0f5bbec33eec6fc6bce72f505a3be5de97c54d56e11f3668f11/detection
# Reference: https://www.virustotal.com/gui/file/318c45bb26241801c1ed0819289b9b49d2aef61934344892c39c67dab936e1d8/detection
# Reference: https://www.virustotal.com/gui/file/34e1c4149be373470b23ae9b0ca7613c77afa228dbe9ff38c6bb2f87cf28b3d8/detection
# Reference: https://www.virustotal.com/gui/file/5ec7e5c7793093fe1d1bb7f98cdc388613da7df767cbdf40fae19b93b1965147/detection
# Reference: https://www.virustotal.com/gui/file/bb9a1578f59d63b185023ada6c485e8b5cf9336e4b6bd3cad139d234b4f03c6d/detection

54.39.152.114:21
54.39.152.114:55132
54.39.152.114:55646
54.39.152.114:57182
54.39.152.114:58039
54.39.152.114:58275
54.39.152.114:60671
54.39.152.114:60792

# Reference: https://www.virustotal.com/gui/file/0294e192621b21d5c8f2288496930fe5e947fd66cdff1a119ca2f8bbdd8a537e/detection

193.161.193.99:36284
stremtyyt-36284.portmap.host

# Reference: https://twitter.com/mstoned7/status/1346240500576047104
# Reference: https://asec.ahnlab.com/ko/19439/ (Korean)

103.125.216.106:8080

# Reference: https://app.any.run/tasks/12ddb9d3-9e26-4506-993e-91e1d8a6c865/

185.157.162.81:1972
yz.videomarket.eu

# Reference: https://app.any.run/tasks/9b940d78-781a-41f7-8c83-6bb53a772eff/

193.161.193.99:48089
vusal0219-48089.portmap.host

# Reference: https://app.any.run/tasks/3136a32d-f462-4a63-91ad-ed6fc5128ac7/

167.172.160.108:8008

# Reference: https://www.virustotal.com/gui/file/587fd4af21f5b7843bfb58ba965bd8a7f245aa11eaea82ecd649019b27596e06/detection

trashddns.hopto.org

# Reference: https://www.virustotal.com/gui/file/dab6379a2915bfe18c4734d0ba081673b1275a566cf6b0ef722fe49442cec9c8/detection
# Reference: https://www.virustotal.com/gui/file/1b3a5d67420261d445d7cb30709db5f35b565a572c715e69fb44ee886a9886d8/detection
# Reference: https://www.virustotal.com/gui/file/832ae6fdde4e6c0c5e3dd0cb14c8626310f9f2c4e6ff19b6da9227f03d800d62/detection

212.102.50.120:3088
3.34.248.52:3082
3.34.248.52:3088
winupdates.myftp.biz

# Reference: https://otx.alienvault.com/pulse/600184f66ce603ae4330b79a

dakesse-21018.portmap.host

# Reference: https://www.virustotal.com/gui/file/196a12b406480570e64fd78166249d694b67ecdfebdd94f648d38d3d3c1b6af8/detection

viper.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/a2af5a2dcb355de6beab587bbb594eca70c35ef0eaacb1db2772997fae62da9d/detection

elixr.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/f234480632c908053869cfec4f31a2077dc2bf92df6ccebfbbd1e25c38924996/detection

neji.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/68b1e631965fd0f1c53a69fd2611aaf5776df3f7480c5666628d42af9fa71eee/detection

105.108.195.156:82
kakobik.linkpc.net

# Reference: https://www.virustotal.com/gui/file/0b51b8480d05467c4d535fa4c3e73d0bcec79b573d45a121708863d97c14853c/detection

haha.servehttp.com

# Reference: https://www.virustotal.com/gui/file/707189ddb2b7df88888e5ad95e275bca6d4a75e6b1b6f5957ad37cbd66cc9cb5/detection

stp.servehttp.com

# Reference: https://www.virustotal.com/gui/file/a48d0e87dfd7dfec35ccb85e395a866bd9ca5fee6a64503ca26e166d09d21ccc/detection

204.95.99.109:82
tms.servehttp.com

# Reference: https://app.any.run/tasks/13054168-9eb0-4561-bfa8-cab61ee66cb6/

185.244.43.60:4782
185.244.43.60:5552

# Reference: https://www.virustotal.com/gui/file/a073f05706d7f6668b10e93de3057846addf282d827eb77597eb975ed75022dd/detection

87.66.106.20:7642

# Reference: https://www.virustotal.com/gui/file/1cfc9cc516bee497baa6533fdd061e21179263f80cb1777a2632b140e5ef3eb4/detection

87.66.106.20:4782

# Reference: https://www.virustotal.com/gui/file/f48edae04aded0b2c5bd17ef1b0bd478c2439c60e5d489d50354f1c1a086c4ae/detection
# Reference: https://www.virustotal.com/gui/file/9216307e273a047bfc8576e0cd020f1aa99c7deae432a9c0e4cd6970b9a0d8be/detection
# Reference: https://www.virustotal.com/gui/file/888cd3e0c9046fc3b5e2441b7bada003552c0bd346f9bc284307e786c0705b12/detection
# Reference: https://www.virustotal.com/gui/file/98f9c04c6d4a44e2e04440b4816932a383f4725fced77d4fd61eea2301a9d1ee/detection
# Reference: https://www.virustotal.com/gui/file/c6d27d7c4b643205bbfb6b42d02e70865dcfcace603fd0bf588f60d4deba7674/detection
# Reference: https://www.virustotal.com/gui/file/a4a9d8e54b6cdc1f0743eb9d42bb55a7d5f81517f1391dc1e1786847e6ff6c8c/detection
# Reference: https://www.virustotal.com/gui/file/83e8bf52029e0d61ff9f07b02d52e1a32deb46d7258f4212ba018c3f9c4eb305/detection
# Reference: https://www.virustotal.com/gui/file/239b5f0f4ace74ca154c49814e30670f94f7008baaf6a3a978f4c8fceaf776e4/detection
# Reference: https://www.virustotal.com/gui/file/846e619b72311320846057131325e3197c5e317446f72d34787686646a61af04/detection
# Reference: https://www.virustotal.com/gui/file/63407b80d92c77e4ecc5a953b9ffd0b88768bed58e7c9789348cf57cdb4fe04c/detection
# Reference: https://www.virustotal.com/gui/file/7b87ddbee7b40b901a60f10a6944099378311563a9c367ebb46b79c7b49f747b/detection
# Reference: https://www.virustotal.com/gui/file/8921811046b0174d2372fc6abc359f3dfa04033f9c8b9c70a055836c3c7a1aad/detection
# Reference: https://www.virustotal.com/gui/file/5d22085aec8646c9c4615ed5babd765eeeada5e7b54d960aad9cfa9ef50e851a/detection
# Reference: https://www.virustotal.com/gui/file/13c12d4e10d3b446e5056bc710fdfd9883c55f5269207b39970814265c176ba6/detection

102.52.0.42:2514
105.155.221.57:17935
141.101.168.56:2514
141.101.168.62:17935
141.101.168.75:2514
172.94.62.102:2514
188.72.101.107:2514
188.72.101.141:2514
188.72.101.149:2514
188.72.101.150:2514
188.72.101.151:2514
196.71.79.159:17935
41.143.164.21:2514
41.143.204.82:1425
wxcvbn2.ddns.net

# Reference: https://app.any.run/tasks/53ef1cb6-bf18-426d-b10b-ef70edb4019e/

193.161.193.99:33409
jebacdisaskurwysyna-33409.portmap.io

# Reference: https://www.virustotal.com/gui/file/19ea4f8d6f36b7a8d5b8ade979f2d2ca56b21075e7100700c6dca6a4731c0322/detection

microsoftns.dynamic-dns.net
microsoftns.system-ns.net
supportwin.dyndns.pro

# Reference: https://app.any.run/tasks/d6c127ea-47c9-43fa-a188-77924207f648/

cupastore.ro/zook/

# Reference: https://app.any.run/tasks/6588ffdc-9204-46eb-a999-21c08c3db64b/

2.56.152.93:1604
2.56.152.93:54984

# Reference: https://app.any.run/tasks/ec9d6cce-66b7-46c1-a057-f24019974d42/

193.161.193.99:42884
paul994i3-42884.portmap.io

# Reference: https://www.virustotal.com/gui/file/7cae26824336e46214fe0635d3c73073dfffbe38909896a6a586f939d39e091f/detection
# Reference: https://www.virustotal.com/gui/file/c04b1facc631a33e22799f2ba896ed90e485b9e3e1dc26f83b660cadf98ddf36/detection

82.202.167.227:4445
82.202.167.229:4444
mnl485.hopto.org

# Reference: https://app.any.run/tasks/72e3f753-c529-4b64-8319-e25fcdba2e58/

172.104.63.12:4782
blackfriends.ddns.net

# Reference: https://www.virustotal.com/gui/file/a3fa75a72b8e74f8907911061f06378d5eb56762c204019d5a61ff63c9b31ce3/detection
# Reference: https://www.virustotal.com/gui/file/3c2520e74f1afbd199c2f3722f7d29ea5bbcc743fac84ef35c7126a72ba995e0/detection
# Reference: https://www.virustotal.com/gui/file/88175cfd23cf4f14077a7de848eda87fd603b59a1c4b47d69e589deb91ce87e5/detection

178.187.178.66:25055
178.187.186.145:25055
178.187.233.124:25055
scandalize.bounceme.net

# Reference: https://www.virustotal.com/gui/file/baf003124429c4fe49b8b6c5f55762a54378d3c2e12c44ba2a5c8e8d5c33cf08/detection

177.205.152.182:4782

# Reference: https://www.virustotal.com/gui/file/8484a7a2ead6abc20fae7bb2db2714fa0e9f5544dd1484e2774a472d4bae35e7/detection

95.165.5.79:1338

# Reference: https://www.virustotal.com/gui/file/c1223b7097737efe776fee604cb4557e6e8668ef29b435ab42e053621a1e923d/detection

95.165.5.79:1339

# Reference: https://www.virustotal.com/gui/file/7bd59fd11300f587bc2830fc3543e89dbdfb71f2095e4154447720aa35791efb/detection

31.220.4.216:4782
baggard443.ddns.net

# Reference: https://www.virustotal.com/gui/file/dbf987aa1a9f886c3e9c4a7a2efa26a33fb63ae5cad5f1b06dc0a85bb2d5c6e1/detection

82.29.120.193:4782

# Reference: https://www.virustotal.com/gui/file/ab127e608e37fb20be0e23c048cb5b35a3dcdfec1abfda80ea971914b18a18f5/detection
# Reference: https://www.virustotal.com/gui/file/0417a72247b87e34735206c56f625477cf5a93ff1adcf7e6cdcc2c72ed636235/detection

65.21.19.42:6969

# Reference: https://www.virustotal.com/gui/file/81457d43d3d1fbef9a4f102aa64d267166f193ba9886817ff56ecb8f12ae85b6/detection

172.111.154.46:5555

# Reference: https://www.virustotal.com/gui/file/9406e240514471d7af9f2ad55985fd3b34b9636924a392686316b4e23b0bb543/detection

164.68.122.235:5559

# Reference: https://www.virustotal.com/gui/file/8c087fe6a295dcb398447069e0a7f7ade16291acdc959751337fb9d650097814/detection

50.34.62.208:4444
certalaw.ddns.net

# Reference: https://twitter.com/pmmkowalczyk/status/1374061231934484482
# Reference: https://www.virustotal.com/gui/file/eadcb3875456a7061f5ada0bb2d90b0489970fb6fa92ae276af4ddbb65575dc8/detection

176.31.8.233:4782

# Reference: https://otx.alienvault.com/pulse/605f1f7b0b6771231bc9b3e9

ketamin.jednoduse.cz
niggerballs.funsite.cz

# Reference: https://www.virustotal.com/gui/file/4851f56184e0254f14ae9f3351f32a16e5761892375d7baa685a8a7096675f55/detection

193.161.193.99:54721
193.161.193.99:8420
voxxx-54721.portmap.host

# Reference: https://www.virustotal.com/gui/file/fc4d7f21116c0f5d9629490536a4932a6acdf53dda5a6a86f232d7fc283c9675/detection

185.204.1.236:1528
pisulka228.ddns.net

# Reference: https://www.virustotal.com/gui/file/e62d5d03c66c9d4bfef592850e8e0589d3fe4bf81b582627d53fd9666eab4499/detection

85.25.93.141:82
monlolo.publicvm.com

# Reference: https://www.virustotal.com/gui/file/ed63e1665ccf622e7db42689fac31491ccdad75a37c328e2bcffef958e2b0a85/detection

81.225.131.230:4782

# Reference: https://www.virustotal.com/gui/file/e3b7a3f309ac6b5dacb02cf23af104f79ac16b537be3a71b03eafe034e3e66f3/detection

104.220.155.240:139
flyhighontop.ddns.net

# Reference: https://www.virustotal.com/gui/file/fba17f739e49a3d2971b3240a0f151a38d362b54ea91d465131e35d487407e62/detection

46.101.249.24:59863

# Reference: https://www.virustotal.com/gui/file/a64ad0ace6bcedb3d6b6fe281696e1e9f608f0dfb448ec15d99b82403d259ea3/detection

noamkennane.ddns.net

# Reference: https://www.virustotal.com/gui/file/3db8dffa572ff7fb2cabcae80f33f58305d2ef01b8cc59e97a032ae1634ce43a/detection

178.194.244.97:9081
rrnns.ddns.net

# Reference: https://www.virustotal.com/gui/file/1b23264d466775652ab9a55156a66d6b6ee4f494ca435856d9236aa47449459e/detection

89.160.26.37:1807

# Reference: https://www.virustotal.com/gui/file/78047575407c55f45b582f01ce6112136fa06200e9c98ed714833a4bba56cbeb/detection

151.115.36.90:48716
war2.playit.gg

# Reference: https://www.virustotal.com/gui/file/ac6cb34e13a090e1704b0b37057d0d71447c153fe01203f9c034ca6d9649d1b7/detection

134.122.66.170:54882
amazing-locket.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/feed59f571e1e7e9c4a6a308debe76ec5e6c1ec8ee6f587e80fb36100a85c176/detection

134.209.194.210:56966
awesome-street.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/034b2dcff6b90ed402439cc9406f951264df4f884219ba9c6c06f40c9b5f88e3/detection

134.209.194.210:55383
whimsical-sleep.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1c508e1680871ca36b601eec6c8404eb4d0580bc9c40535a562b0c0a98efbbac/detection

46.101.249.24:52838
fnk2.playit.gg
whole-range.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/17ab3138b8d663151506c9781e1d7185ec5162ba50f914905d3b2015e7a8c4e8/detection

134.209.194.210:59559
mighty-ear.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/43ed3800cf12ce5e5cb4014c776404de2b8758b1c4e9a0f720c3372e0c8492c5/detection

134.122.66.170:58810
ad-business.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/eba893dcdd2eca6dc2c73edb2bc55caa72ec0181e385fd53091809535761fd35/detection

134.209.194.210:59313
striped-page.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/17619c62a9481d0df457e78676427cae921a6c893340e00b31dc848ad51d52b0/detection

46.101.249.24:55732
spotted-feeling.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/fb41b76f7b9eff1425e2ebe84c2717abaf3510c0447f92f3371305a571596d7f/detection
# Reference: https://www.virustotal.com/gui/file/718b6ff7898ca5c0d3365bfcbf3075927d2d82d09c4339cd4e2b50fb635cd4bb/detection

134.122.66.170:43533
151.115.36.90:43533
straight-anger.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/9c31ff69fc51ca8009806734f71391cbfc0c193f36d0721f009679e2ff87e462/detection

46.101.249.24:41798
narrow-ink.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/f700dbb00b021ec7aae45730deae300139cc3e644d6375d7d9d2a6d2330bb0d6/detection

46.101.249.24:41705
extra-large-step.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/8b991be4706455f00586b345e836f27f8bc7c739a5e74090f425267f7e23230b/detection

134.209.194.210:43523
brawny-seat.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/4f659f6cf574a8904cf22199060ba624ce9da8d1bc8109144737915ec014987e/detection

151.115.36.90:46094
gorgeous-leaf.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/abec58e458a1fa4f7ccc6e973b92fbf66c514be260c898418e1f841d2494f009/detection

151.115.36.90:57331
changeable-giants.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1ce8680acc2835396aaedc6a25fdfe5f5c870558462bd303de540425f671b499/detection

46.101.249.24:55340
complete-payment.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/19e244532cd6ad24727c86f56b5cdff2602293c66851696e3ee2214b6f8bd3b9/detection
# Reference: https://www.virustotal.com/gui/file/48177e1ead1bdd70f6ebdb8c4441e78ad669103e8d4d26fee4b37a1f823832c3/detection
# Reference: https://www.virustotal.com/gui/file/690426e7d8467c818fe9ee7235480722898ddff21a880f28a1beca78afcefad7/detection

134.122.66.170:58810
134.209.194.210:56579
46.101.249.24:56403
ad-business.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/91168324a09faafa887ef10df274041fe4d08f61ae1ff46c289d5f9980d488c0/detection

151.115.36.90:47956
possible-fang.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/d9bfb7c59b057e74b499903db445403bd52f7749c7769861839d6180ad3bb287/detection

134.209.194.210:47610
curved-pickle.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/96a48b55c3778439dc40d26ad0253d75e706187d08a1144e4fa0367ba81fb93b/detection

134.122.66.170:51717
normal-head.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/c53aac525970eab5237d076ed8d546bba4a5392ba7b5853ec1aae924f56f9551/detection

151.115.36.90:59217
151.115.36.90:59218
flimsy-punishment.auto.playit.gg
solid-daughter.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/837b9a497f114cab46d6d2048b3b7fee8d05acd1a4d41611bb49516e99a38f2f/detection

46.101.249.24:59842
46.101.249.24:8182
89.70.105.138:6801
89.70.105.138:8182
true-blood.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/66318276cb8c1d91f6c5a18150894ad855291a56ad5827fd72517c9e2bde3be9/detection

151.115.36.90:58708
46.101.249.24:59863
dazzling-appliance.auto.playit.gg
lamentable-rail.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/3b84dafeea7371a64717b2923acc1846bc95dad25593aa62835479320700eb7c/detection

193.161.193.99:2222
193.161.193.99:35036

# Reference: https://www.virustotal.com/gui/file/8408d1f093d32f89a3ce5ba353e9c3040ddfb5404666fde3dd66816df9927496/detection

46.101.249.24:52841
thundering-grade.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1a2afe47a8f33065790e4db59e44e6df8c1ed94ce539e602a3c4c96f23c6f7c5/detection

151.115.36.90:53960
adamant-ear.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/2914cdab27d016c72c57f394b65bf0e58123ca7beac43abf77954d3e5a519e3e/detection

peaceful-woman.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/78047575407c55f45b582f01ce6112136fa06200e9c98ed714833a4bba56cbeb/detection

151.115.36.90:48716
astonishing-cent.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/5f4f3656295faa101f83c611df9d1842773d27d8fe52a63317dd527c9433abd7/detection

134.209.194.210:51952
roasted-flag.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/67d44cc5b685c7b4155145afd1bc4a1e1f052f94af56e9de8efc1ce097fad4d6/detection

134.209.194.210:49473
witty-apple.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/404b9b48521597b0c740cd0f945c0c2050ff9c4b1c1e98164ea9bc89e854f9d6/detection
# Reference: https://www.virustotal.com/gui/file/9627bda879a554b285be5321a6e3c206c88d86c0040782d49679f89a92ab3fe1/detection

134.122.66.170:45908
134.122.66.170:59566
miniature-road.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/ca98d71d7440f5b6c680c99824931c10fb5f0055a710ee059fb1978455cc9596/detection

46.101.249.24:58736
steady-cows.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/fbebdf6e8fa43a2458cd66a14dfa5b7127727c55b93a67f40f400e8c48b6a92f/detection

134.122.66.170:40020
abrupt-zinc.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/061fa898d76a5b1abb5fc77ecc6fa935bdd0476f8973b8494617d01c81ef8005/detection

134.209.194.210:42533
wide-party.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/93f9dc469e9aa67e641e2f0773a1362eddf91ee6b8e3cf42680dd8f55f1327db/detection

mrmonopol.de/Download-Status/Menu-Status.json
mrmonopol.de/GetLoginCount.php

# Reference: https://www.virustotal.com/gui/file/e2ba0150a208eab7dc9a705540cfaa5687e2f70081d5cd87032beb08b4556d68/detection

135.181.170.169:111

# Reference: https://app.any.run/tasks/65b32213-989e-4e3c-8239-412e0bf8110e/

77.29.72.108:1900

# Reference: https://www.virustotal.com/gui/file/bea681346030b94a93aa5e888c60cbcff238835fe066e2f518ba27a116c0dc40/detection

24.101.234.141:4782
bigass33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c04b1facc631a33e22799f2ba896ed90e485b9e3e1dc26f83b660cadf98ddf36/detection

82.202.167.227:4445

# Reference: https://www.virustotal.com/gui/file/c13f62c823eaa3253a15824288e526c454bb311a1c7d51547f777495cd115b19/detection
# Reference: https://www.virustotal.com/gui/file/f31a7aa81569e5f9cb7cfd42e617c9d7e9564727edbd58666368c98e41ab9a84/detection

185.63.190.102:4445
185.63.190.190:4445

# Reference: https://www.virustotal.com/gui/file/09b554ac2170b876c7a602d616782b3ee93a22aebed13ce4ef6eb56ee04ea457/detection

95.111.241.233:786
jayshreeram.cf
/windows/fghdcfrtxcgfvhgdfvhdhtgjdsgvhtgt1b.txt
/fghdcfrtxcgfvhgdfvhdhtgjdsgvhtgt1b.txt

# Reference: https://www.virustotal.com/gui/file/a55a037feda593917f9c302f51159ee9835e4ac1fc3320cae36ead2202658f02/detection

104.243.252.61:4782
managementlover.hopto.org

# Reference: https://otx.alienvault.com/pulse/60c745f853687724fee52779

crnjari.myftp.org
titine555.ddns.net

# Reference: https://www.virustotal.com/gui/file/b01426ea91c9a88de2248a505a2307936e11ab06e1f84516e308ee69bf7f0407/detection

zeroplan.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/30e775618deea4b49973f84a4b97a6e8ad42edd6cc3f6d629b9245efae186b4e/detection

176.49.167.65:4782
erbaevbann5.ddns.net

# Reference: https://www.virustotal.com/gui/file/ddb20b3961c7efca1d3bd6a5e7ca0ecec2c4e03df46f22fa83f72d0416f8fbb3/detection

94.78.243.127:8882

# Reference: https://www.virustotal.com/gui/file/fe8da12b49bb4840abd7def92daad0f69cc9caded24f9a508723c43fd449fb85/detection

176.49.43.50:3332

# Reference: https://www.virustotal.com/gui/file/c0eee6869cb1d1b6c8309151b45795b8866f7171b365dc29f7610cf385264239/detection
# Reference: https://www.virustotal.com/gui/file/e42b7deb2e234a6a5a1e3d152ce111e1a529428c494119fc46f3edc8495a5997/detection

104.21.13.168:5480
91.109.178.4:5480
societyf500.ddns.net

# Reference: https://otx.alienvault.com/pulse/610e76f9ad6c0f66cafac828
# Reference: https://www.virustotal.com/gui/file/a725bb8800499239e18eb3973b4c4371214e8da4efb12108ac42957a3819572b/detection
# Reference: https://www.virustotal.com/gui/file/4c4e3338698163228a0956b7ac502339f0e6e489bffc99355b6ec761adec2bd2/detection

166.62.33.218:6624
79.134.225.109:7894
gfhtytydj.xyz

# Reference: https://www.virustotal.com/gui/file/000ae7a6d1910aa7e076a5c9be84edb45edcb642c8299d9e94121653d838f548/detection

172.93.187.248:6767
greathop.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/bd8d5510731334889a329ee2312a9e2fb5cbe69f24e9c79f36bf1c96ee1e3cf9/behavior/C2AE

193.161.193.99:60692
windowsupdate-60692.portmap.host

# Reference: https://www.virustotal.com/gui/file/880cf669488f32e9a063753d945bc76603e60c2595186eb865db28781dbd5926/behavior/C2AE

111.68.98.167:5525
chanvick.ddns.net

# Reference: https://www.virustotal.com/gui/file/b732551af8559cc4cdae7bc6e7ef72e8d262ccb20e2cf6852a712dcbe454840b/behavior/C2AE

188.26.26.28:4444
ifuckedyou.ddns.net

# Reference: https://www.virustotal.com/gui/file/a7233919091d3e986cbd6083ad66b40c233330b75244c8fa621cb0e5c0b77c29/behavior/C2AE

176.216.222.56:1604
darkerzm.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2ed34002c15c4a5c51ab7092f93c2e528da978c4f526a9260b7b327b6b96ccd9/behavior/C2AE

201.113.64.208:4748
facebookmovil.ddns.net

# Reference: https://www.virustotal.com/gui/file/21be527bf9faf1d1b299303567e311b8af41ca147f59c969ba3a1cb7ab89fb55/behavior/C2AE

191.95.50.114:4444
otave.ddns.net

# Reference: https://www.virustotal.com/gui/file/27e86a7ce0bb3a2059ce5bbe9bf4fc785b9fab069b23e19c33f023ec1aeba992/behavior/VirusTotal%20Jujubox

43.248.201.133:22179
a473308269.e1.luyouxia.net

# Reference: https://www.virustotal.com/gui/file/8283431468392c588fe58acf4f8fae3d6340ab8f670eb98e74712c60fc469c72/detection

194.29.101.219:8808
microsoftcorp.ddns.net

# Reference: https://www.virustotal.com/gui/file/ca43e0d13b3be91ccf4f970a32c3baaf4d860f88b5291d09d93eebf18f35e851

91.109.188.11:5556
91.109.188.15:5556
wade442.ddns.net

# Reference: https://www.virustotal.com/gui/file/c918aa776b530cb53328b1737f542f9d5df3ee52f6499e83e1cad95a04448946

kalukalia.bounceme.net

# Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt

http://62.171.157.185
af-gov.ml
afghancdn.world
brkle.tk
vmi649360.contaboserver.net
vmi596205.contaboserver.net
vmi387094.contaboserver.net
vmi479022.contaboserver.net
vmi356403.contaboserver.net

# Reference: https://twitter.com/pr0xylife/status/1465745543821504521

37.0.10.5:8021

# Reference: https://www.virustotal.com/gui/file/069a8947620cd2bf8dc94a23c3526099126d5050e149002fa0c82f00a1654ee3/detection

68.119.12.79:4545
money14.ddns.net

# Reference: https://twitter.com/pmmkowalczyk/status/1466722279820337162

89.64.38.50:4782

# Reference: https://www.virustotal.com/gui/file/9ab9f18dcd72590c539f4fab5653e80a42a3236c093db5ea465c008972db0ad8/detection

149.56.200.165:4782

# Reference: https://www.virustotal.com/gui/file/6f194457591e38ef91c704ee2e78d676158721b7123c5d6f1f7ab893525c1d0f/detection

5.36.102.135:4782

# Reference: https://www.virustotal.com/gui/file/ebd2a856d7839f3e9439d2932cf9667d5a93669e82a14ea07928a214912909ef/detection

193.161.193.99:20983
193.161.193.99:21462
193.161.193.99:28588
193.161.193.99:46831
193.161.193.99:53748
193.161.193.99:58369
baguito81-20983.portmap.io
guinobatan710-58369.portmap.host
kurama98-28588.portmap.host
minokawa386-21101.portmap.host
orationseas7145-59097.portmap.host
oyashiroen83-53748.portmap.io
shenron481-46831.portmap.io
vestigiallorde041-21462.portmap.io

# Reference: https://www.virustotal.com/gui/file/f058237a17377f527e5328787b632bac3d231216ebdf7b543ce2b09538284db0/detection

86.211.116.251:10134

# Reference: https://www.virustotal.com/gui/file/3f7221f4ced4281ddbbc86481b8e47f23726fddc593d339cc59d07584516ecc9/detection

23.227.199.106:111

# Reference: https://www.virustotal.com/gui/file/3c915591d124d4ba2a7cf4c520f35e072f2867b7565b79720f706d46e8212922/detection

70.69.200.38:2004
70.69.200.38:2912
karmakoin.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/64ef17ace9a8106442a5982791116fcec1d77f3affe177e4a02ee1d5c9446580/detection
# Reference: https://www.virustotal.com/gui/file/113550041ffe36f04838584d21680a5c21e33723e0eee88a81223216901dc627/detection

92.15.9.84:5025
92.18.56.180:5025

# Reference: https://app.any.run/tasks/f8d58093-9db3-422e-a162-e6cc1885b411/

92.9.26.75:5000

# Reference: https://otx.alienvault.com/pulse/61d97dff8f93b99c434c27b4
# Reference: https://www.virustotal.com/gui/file/e1792c836a45863c38eee83a446874828f54c1d3bdad3f1d79c83c360d40c647/detection

18.158.58.205:17874
3.67.62.142:17874

# Reference: https://www.virustotal.com/gui/file/d2f8a802257bfd775207a7dfe678bab09df35585b08e804cc5f400c9563d5c75/detection

90.113.134.137:4782
lahuisshamilton.ddns.net

# Reference: https://www.virustotal.com/gui/file/6ec6403a556329054228ec1382db4b840a0febc58e8c2d800bcd59b9ec39deb4/detection

3.13.191.225:11555
3.17.7.232:11555

# Reference: https://www.virustotal.com/gui/file/a4a782953e6a2b1366e842125b9671e097d0eb1e132b7e861cb7de2085fa3f88/detection

79.134.225.79:4782
nv1quasar.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1479767752885874688
# Reference: https://twitter.com/malwrhunterteam/status/1479855377642569730
# Reference: https://twitter.com/malwrhunterteam/status/1479859667471896581
# Reference: https://www.virustotal.com/gui/file/70ad9112a3f0af66db30ebc1ab3278296d7dc36e8f6070317765e54210d06074/detection

107.191.42.179:4782
149.28.28.241:4782
black-crystal.net
inject1byte.com

# Reference: https://www.virustotal.com/gui/file/2ba92b46b189663bb5cd8c1b865bf514a390e7e81e74e7a7fa0829bebff827e6/detection

3.236.172.182:4782

# Reference: https://www.virustotal.com/gui/file/3b2255cb175608da1c8d79e3d2225121e905a296a4d1c8ea7023f48b1af3d5a5/detection

195.214.133.99:1604
enayiqwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7d2e8483a08d518c6fc8024de0e59f559bd3aa7608d89f9e3f9d5e2f323a6098/detection

51.15.19.32:4755
vhosts.linkpc.net

# Reference: https://www.virustotal.com/gui/file/021d05f5b032f1335021652d3b1243a6413039eed56ef8012420a79a9c9cd768/detection

86.81.129.56:4782
happythepeppie.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f0fa158a064d54287a050472af25d509efbd0fcb13bbeb12d0b2437e50d5e81/detection

ronisbon.ddns.net

# Reference: https://otx.alienvault.com/pulse/61eaa17a2c74b1810990d4c5
# Reference: https://www.virustotal.com/gui/file/c698e97adc80f1c848dc6cb5786337679579eb09879423a2667b94f5e740c4f4/detection
# Reference: https://www.virustotal.com/gui/file/56e17524d7094f21b736888208ec3b7e427f60c3bc53a184bcda5a656a8f1976/detection

176.27.117.213:7763
82.27.178.185:4782

# Reference: https://www.virustotal.com/gui/file/1a3c5e1a2a52a3796116eaf838e36a23bc6428b42bd1c5c5a17aa73ab8974e46/detection

212.192.246.239:1488

# Reference: https://twitter.com/0xrb/status/1488731693624467458
# Reference: https://www.virustotal.com/gui/file/e217101735da4d01fca4b7b8a0ed676c9b41497e612a3185edb732dbb9f4e893/detection
# Reference: https://www.virustotal.com/gui/file/0b40fee2e4acd420e61d90ec27e1779c3e947fa514ea31dc8efa90883bd01d42/detection

41.233.92.230:1338
41.234.46.29:1338
anubisgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00f18e101bb64d3f88a17ca042f2906eb66322fb43aa1e131979dea24395f5b8/detection

141.255.144.69:4782
45.164.102.183:4782
192.3.118.147:4782
111234cdt.ddns.net
warzonecdt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c3b2f3123f6eb080c81b10f7d5cff547514b9c66e5f5aa273190a9ee6ebd262c/detection

15.235.13.122:3043

# Reference: https://www.virustotal.com/gui/file/da6a34bce3465d3cedf6d1f2a4b2861fb17442c5e66b69791c3f9fc2f3909cb0/detection

limanlimanlawyers.com

# Reference: https://twitter.com/James_inthe_box/status/1494023486896939011
# Reference: https://app.any.run/tasks/70e72460-7a24-4004-b404-91c9346aa7e4/

195.62.52.147:222

# Reference: https://www.virustotal.com/gui/file/4c15ba67e0ecccf9d3349f77dbaacb5d54328d59709eee91973699f463a5ca02/detection

141.255.158.240:1177
testintru.ddns.net

# Reference: https://app.any.run/tasks/11802417-6001-412c-a9c7-19c5c51da909/

77.243.191.246:1604

# Reference: https://otx.alienvault.com/pulse/621b68f83ceb36e568fc2606
# Reference: https://www.virustotal.com/gui/file/1c29392ce620c075397f10b33feba9314da6c354cb4b5d005786a6bee759d14c/detection

86.100.178.31:4782
getratted47.ddns.net

# Reference: https://www.virustotal.com/gui/file/04152d9b7dc4f535a86bfefa95b6d8b210b1f4b277c2ea2dab511692e906a120/detection

107.189.13.175:4782
gonpdaorgkwkphn4.ddns.net

# Reference: https://www.virustotal.com/gui/file/9adada1eea936515bebe468ee4c1bc040d58ef4f1e4cc09e03c569a4d117e47b/detection

40.71.25.32:4782

# Reference: https://www.virustotal.com/gui/file/98a1b7684f5f24409ab531b79e1e6964f0143d6ef69cc2c177142d2b6e9fa7f7/detection

51.77.78.41:4782

# Reference: https://www.virustotal.com/gui/file/6c2333bfe08608f84e4088de6313ea668378076ef5caccec6f8bf72a08afad2f/detection

178.183.86.253:1223
quasarisking.ddns.net

# Reference: https://www.virustotal.com/gui/file/e31a1f48f047cec3c0930ad4799c07f4d37896fe6db7efc78aea2b18a3585cfb/behavior/C2AE

telo1928.ddns.net

# Reference: https://www.virustotal.com/gui/file/f07b79a4702ebbe6bcd7db0dff1a9e803f0fcaf2893ec8148d45ff36aad1284e/behavior/Microsoft%20Sysinternals

83.226.174.10:4782
sigmahq.asuscomm.com

# Reference: https://www.virustotal.com/gui/file/8b83cd673984ad7ef6c1c54c75e0c511625d66ca58a7bcf0f63ba7a3bb900600/behavior/Zenbox

nullmeta-46673.portmap.io

# Reference: https://www.virustotal.com/gui/file/27a41b7363b04ba21e8d60bfe711d5afbf41649ed09d9eadb413228e4ce695f1/behavior/Zenbox

5.45.84.220:5552

# Reference: https://www.virustotal.com/gui/file/f4d3dd9889b6b38650c7595cea792bcb7ac9567a91dfe2c3937424679e9251bd/behavior/Zenbox

152.69.230.196:25575
103.19.2.56:30700
frp.freefrp.net
jp.cdjxt.net

# Reference: https://www.virustotal.com/gui/file/1cc2a06106328b2795423289396d061132c6dfa606089f3bccb5b31cc3076a3f/behavior/Zenbox

atomic-nt.ddns.net

# Reference: https://www.virustotal.com/gui/file/53cc1b9d26b50fb7f2aed41661629de08be45fa6fbbfadd7a860919d2183ec6f/behavior/Microsoft%20Sysinternals

137.184.106.160:1609
savedavid899.ddns.net

# Reference: https://www.virustotal.com/gui/file/b9f98fdd38a1b512c4efdae5469061d6427e5956d26c73874eb631247860055b/behavior/Zenbox

seuq-40577.portmap.host

# Reference: https://twitter.com/pmelson/status/1113099808485642242
# Reference: https://www.virustotal.com/gui/file/367edd938062646374f9fe5f101181ec51602c13d885cbfaff113e35cd0a7e38/detection

piwebserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/86bace047ff817520aef555193c6ea42a96fe65e2546b0ae1254072f4c9523a3/detection

178.26.177.127:4782
quasi1212.ddns.net

# Reference: https://www.virustotal.com/gui/file/f09425c4cb30ba3a380b92b3bd6bcf2f56e0c146dbd907e211df861ac13e2eab/detection

cookiehub.ddns.net

# Reference: https://www.virustotal.com/gui/file/ea6b5f72b61df130d8f4e58752e97f5c88a59067b7dc2b5a1aec9fc4ffcbf663/detection

216.250.97.121:1447
decodedenied.duckdns.org
terminalstack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8491fa9f72ee8a693ebd5397e86acbead5c1ecffeeeb78a430bedcaa414acde1/detection

150.129.234.203:4782

# Reference: https://www.virustotal.com/gui/file/cf34c3f4a55300effbe908be4642b8a0b6a0317e6beaa885e0cff0f70ab830e2/detection

taisunwin.club

# Reference: https://twitter.com/h2jazi/status/1500859722475442178
# Reference: https://twitter.com/BitsOfBinary/status/1503414495548428296
# Reference: https://twitter.com/BitsOfBinary/status/1503414588582289413
# Reference: https://www.virustotal.com/gui/file/d374e125e7c44d898d3e679d3d428dbfbd9c6af246544f1edf0a46a37a6564b7/detection

b29.bet
choigo88.us
playgo88.fun
web.sunvn.net
web.sunwinvn.vip

# Reference: https://www.virustotal.com/gui/file/010a37b27832617f514bd1269406a7790fcf2464a8cb894e10c03cd34d299df2/detection

185.162.41.52:5431

# Reference: https://www.virustotal.com/gui/file/d0ef4dca82793b28b195630226cb3ccdf9d257b91c0d6f2f60641dde0b1427ec/detection

45.77.71.50:8082

# Reference: https://www.virustotal.com/gui/file/72873e81f5b42d04e6576f46d9032f01a98529fe5ea2f3d65fd58e6367b3d9d3/detection

92.240.245.41:69

# Reference: https://www.virustotal.com/gui/file/026344fc96db577e228afc3a99367872c53e5d83cc8dfd93fbc274272961be97/detection

24.67.58.197:4782

# Reference: https://www.virustotal.com/gui/file/b932926b0935ff35573487d23de29f01253a51cb9aac214b61d463942c9ff0c8/detection

194.33.45.23:1188
puredgb.duckdns.org

# Reference: https://twitter.com/BitsOfBinary/status/1506558985884905479
# Reference: https://twitter.com/BitsOfBinary/status/1506559083524104192

go88.gold
go88c.net
go88code.com
go88vn.vin
sunvn.vin
sunwinvn.vip
play.go88vn.vin

# Reference: https://twitter.com/h2jazi/status/1524012184010997760
# Reference: https://www.virustotal.com/gui/file/d9e15030ccb843d7869f808e3fa2e1962c95caba4e8c84331df171d94f5ecfbd/detection

go88.live
tai.go88.live
/EW4KQN3GTWST.html

# Reference: https://twitter.com/BitsOfBinary/status/1506559228680544260

thesieutoc.net
/wp-admin/pE8xYY3x6p

# Reference: https://twitter.com/souiten/status/1508707816722210822
# Reference: https://otx.alienvault.com/pulse/624467133751159cb76936f7
# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
# Reference: https://www.virustotal.com/gui/file/b19af42ff8cf0f68e520a88f40ffd76f53a27dffa33b313fe22192813d383e1e/detection
# Reference: https://www.virustotal.com/gui/file/38f2b578a9da463f555614e9ca9036337dad0af4e03d89faf09b4227f035db20/detection

digital-ministry.ru
wallpaper.skin
/GtkjdsjkyLkjhsTYhdsd/exploit.html
/GtkjdsjkyLkjhsTYhdsd/

# Reference: https://www.virustotal.com/gui/file/1464e7d26d44d7a83f057056954155a3bec0ee3dfebde5bea8e36945e735c79c/detection

binatones.gq

# Reference: https://www.virustotal.com/gui/file/000a82405a057d0c893eea42241e4a13a088c9323155d1c3efd1072c639a05d0/detection

18.189.106.45:17365
3.141.177.1:17365

# Reference: https://www.virustotal.com/gui/file/a6cf306779e3d40aad5afe4690357ecba8447ef325683848ecf10531eeaa8311/detection

104.238.221.246:7002

# Reference: https://www.virustotal.com/gui/file/4bf237f0bca40a3cb4db6d764c053834267d6d69f9f5bb719bc7714884108d27/detection

195.133.40.110:9281
boauzbjqc.ratkings.net
milcnzkaghjp.ratkings.net

# Reference: https://www.virustotal.com/gui/file/5e118482e9bece1a30b00fd304f745894768a50e70572c3ea63e4925a1a8dee0/detection
# Reference: https://www.virustotal.com/gui/file/d6832f52d4ca9135366c91cb614e562dfe5ea70d1880d2721912e6de9d8ba051/detection
# Reference: https://www.virustotal.com/gui/file/61057b45b0e7f6a3dceffbeab6fe70c1cd23d0757a9b91462911bd07401d79d9/detection

203.159.80.136:9164
payygnwixvapfuev.ratkings.net

# Reference: https://www.virustotal.com/gui/file/919c3ac16cfb309d464a667538fa4747bb714150c7b7178db5d266d1391c2305/detection
# Reference: https://www.virustotal.com/gui/file/919c3ac16cfb309d464a667538fa4747bb714150c7b7178db5d266d1391c2305/detection
# Reference: https://www.virustotal.com/gui/file/898216543dfbe03ead8ae9e2963d972b1963da5e00addab93702a9ec1a4b216a/detection
# Reference: https://www.virustotal.com/gui/file/3e42b7042e49eb4cc68fd8b74134090409c8321714fb2dfd2cf7d651b36002a8/detection
# Reference: https://www.virustotal.com/gui/file/004604c4b53089c333f87fb67e4ca87a0d30395656b8d1760b38a5f91535bbac/detection

195.133.40.84:9521
nwocbautemxpq.ratkings.net

# Reference: https://www.virustotal.com/gui/file/d6989e78c8426490d04abd3bc6b54f024082dd501aaf6f7ddd850aa70d06e7b2/detection

2.56.59.95:9425
owryqmzprba.ratkings.net

# Reference: https://www.virustotal.com/gui/file/f9a3361dfac60a4230222e12e75fb1252e8d7ca9d99056509750826939f632ac/detection

88.241.115.137:4784
94.182.110.170:8080
deli.mywire.org
kral.linkpc.net

# Reference: https://otx.alienvault.com/pulse/6252c7ef5988485ad5c95e25
# Reference: https://www.virustotal.com/gui/file/778237b400877a786777628b39dca1c1ae0fe6f44f312523179775d4d51b4729/detection

185.215.113.62:4782

# Reference: https://www.virustotal.com/gui/file/6f69b9f462a1259d0a98b50465313aa21d280dd5ff71bff8ad2259e3f466dc6a/detection

152.67.214.67:16706
3ccbb2.gq
c12123.top

# Reference: https://otx.alienvault.com/pulse/6256bc76512ff0aa00c84c39
# Reference: https://www.virustotal.com/gui/file/13cce0103de2c7f5ab8d3703e468a60e171cfa1597d0b3b7f712418bd9d7bb41/detection

abook-29729.portmap.io

# Reference: https://www.virustotal.com/gui/file/f5edbd082c285f6a6bdfaa059105b70730a3f568fadb55ba766f2170b1d6181d/detection

64.188.13.46:13373

# Reference: https://www.virustotal.com/gui/file/2f45acc826d020443c1a92e7e970f969e8eee6cec4f2f9a524a11d5dcffa6ee5/detection

45.61.136.244:2404
45.61.136.244:7070
45.61.136.244:7777

# Reference: https://www.virustotal.com/gui/file/30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668/detection

letmerat.xyz
selfdestructdns.xyz
whereami3.xyz

# Reference: https://www.virustotal.com/gui/file/a16d5e943be3ac61b273bc52c1e7ec7f130a322d427835c75db2838fc162710f/detection

91.174.27.217:4782
ipfix.ddns.net

# Reference: https://twitter.com/h2jazi/status/1524408606363471873
# Reference: https://www.virustotal.com/gui/file/fe86697bd0cba7c7a55b3bf1f75034be5dc689f3428a0a465f5d473350354383/detection
# Reference: https://www.virustotal.com/gui/file/e66e57a7cf24c9c2fc4b874bb68f95e7d1b5d1c8b47cc59a0360145bd7497103/detection

taisunwin.club
/JXDKam/n8NUgjqV9EDcz/
/JXDKam/
/n8NUgjqV9EDcz/
/MIHREE3J9PTE.html

# Reference: https://www.virustotal.com/gui/file/faa38595a083c174ccca2b3be0089dc049b429e9d94a77cc1ed862d395372f2e/detection
# Reference: https://www.virustotal.com/gui/file/0db1d14dc510cf6310e63b3dba2f2168b35dde1066abfa279881b9752b45d49a/detection

181.61.105.211:5965
94.242.225.215:5965
gu3rr4.duckdns.org

# Reference: https://www.virustotal.com/gui/file/61971106dc557667f92a06730da04bc115e62409ca866c4dcee85cc4a9779e9b/detection

222.117.71.35:4782
kupool.ddns.net

# Reference: https://www.virustotal.com/gui/file/d699a445a2c895e19f2177f62633cc47d78fbfec82dfa0231d97915ac43f311f/detection

94.213.15.133:4782
joopman.ddns.net

# Reference: https://www.virustotal.com/gui/file/c14373e35343444055b6ec261909e4318f586076dc8edcff68e24abdd4d92176/detection

209.85.220.41:4782

# Reference: https://otx.alienvault.com/pulse/628f6cef22692a090514d2c0
# Reference: https://www.virustotal.com/gui/file/fe17c2862811d1e06f1ae641d8bdbf22d43ac41ce4b5f2379cc3a9c44cbce827/detection
# Reference: https://www.virustotal.com/gui/file/6a05b061654529b497f2a9d2fba073a0014bf39357c9532640a65eb9f0427892/detection

18.156.13.209:18496
18.197.239.5:18496

# Reference: https://twitter.com/malwrhunterteam/status/1529834806275710977
# Reference: https://twitter.com/1ZRR4H/status/1529838492330647553
# Reference: https://www.virustotal.com/gui/file/6b779ab528a62630fd4fc463bf239e419a165ce208a795e3d2080b7e11d869fc/detection
# Reference: https://www.virustotal.com/gui/file/b8731f50a3521c8a0fe4d8adf418a7fe0e82509863ada12a058744a239b31115/detection

191.102.246.151:4782
carlossosrepete.servecounterstrike.com

# Reference: https://www.fortinet.com/blog/threat-research/threat-actors-prey-on-eager-travelers

opensea-user-reward.serveusers.com

# Reference: https://otx.alienvault.com/pulse/62a09071847b18abceb0ff17
# Reference: https://www.virustotal.com/gui/file/f2f31deba0b7d9454ea559f9d2aac3f950ed67b50832238b5bdc23a46d506ad6/detection

172.105.103.207:8000

# Reference: https://otx.alienvault.com/pulse/62a09071847b18abceb0ff17
# Reference: https://www.virustotal.com/gui/file/c95b837396a5ea55ba9011f2c5a0bc96b304c4b7ed53d9dbfcacf0d3eb67df95/detection

101.35.197.186:1212

# Reference: https://otx.alienvault.com/pulse/62a09071847b18abceb0ff17
# Reference: https://www.virustotal.com/gui/file/3e73d57c7b4b65585caee8e51dac168e2cc81c8adccc17a0defbfdaa90b33e15/detection

62.197.136.18:5150
issymoss.sytes.net

# Reference: https://otx.alienvault.com/pulse/62b06270bc7002209219a66f
# Reference: https://www.virustotal.com/gui/file/c3330bca19b166680e89ec530b6cf61ff68094151c9e9c29c8b65d8b861c3341/detection

113.90.168.53:4782
hkr.sbgarity.tk

# Reference: https://otx.alienvault.com/pulse/62b3057488a075374982aee8
# Reference: https://www.virustotal.com/gui/file/c57eccb8cdaf519a21b68d69e5da20b87fa104f71760b4292bf1a4e33d486cc6/detection

86.213.165.219:4782
oqhuduhzqd.ddns.net

# Reference: https://otx.alienvault.com/pulse/62b3057488a075374982aee8
# Reference: https://www.virustotal.com/gui/file/ae85e9a1f56566c5077b455278fe69c6e6d3c554f2e9820144a5a92ca58be237/detection

193.161.193.99:27414
criss23-27414.portmap.io

# Reference: https://otx.alienvault.com/pulse/62b3057488a075374982aee8
# Reference: https://www.virustotal.com/gui/file/4a3a8abd7f6d5fd9adfb51703085e839781cffc341705123be40b0c146dcf0a9/detection

67.241.61.219:4782

# Reference: https://www.virustotal.com/gui/file/6ca5972971cc19ab4972106dada32ac6b1e0579fe375f96d53cdb8d4c2605514/detection
# Reference: https://www.virustotal.com/gui/file/797e33c7a7b5cc7fbb20100d22bfd7f9c8b8d53cc6a43ff439d70e2c8b6e12af/detection

147.185.221.224:8080
sent-adoption.at.playit.gg
sent-adoption.gb.at.playit.gg

# Reference: https://www.virustotal.com/gui/file/c816c5aa37d63a02d404015f121a80b32240a38185096bd38816ede5c140f6e2/detection

147.185.221.224:8081

# Reference: https://www.virustotal.com/gui/file/baf8acb11b30c5226d6c4e45dfb425bb7c54b2b9b93be5d8b8dbe1c1570ab98b/detection

181.131.218.47:1010
lup1ngreen.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ccfd2a3404d129cd951d34b31da0a4192f3a7ef8567ba6cca4a6e865d6499670/detection

193.37.215.168:81
lols.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/eb9f9715d52a62ee8337f5fd19c370b927c266ae1166eb571117e85f66216343/detection

95.168.191.10:1980
manecraft.giize.com

# Reference: https://www.virustotal.com/gui/file/09d8451dc6facfe27b63b3daf89f47d9f70820a87a68bd630188958b40edf928/detection

94.244.79.91:1674
gewagg.hopto.org

# Reference: https://www.virustotal.com/gui/file/287860ac8293b8e6161ccd7c5eb1fe2187e7593567690dfefb4e73e6a24eaa63/detection

securitychecker1.ddns.net

# Reference: https://twitter.com/r3dbU7z/status/1562698817170178048
# Reference: https://www.virustotal.com/gui/file/953eea5757d78536aa654da079a8f04e87874043d848b938cce9fc9aa85ee83d/detection

179.43.176.64:3124
firecho.cc
pesho.firecho.cc

# Reference: https://www.virustotal.com/gui/file/b62c93ed31a858baa4f55a4178f9f135721f6085ed283dd927416c4a7799242b/detection

139.9.164.7:4782

# Reference: https://twitter.com/1ZRR4H/status/1567012014018420736

venomcontrol.com

# Reference: https://twitter.com/__0XYC__/status/1567524546848395264
# Reference: https://twitter.com/mal_analysis136/status/1567794340944117760
# Reference: https://www.virustotal.com/gui/file/081ff426ca94307aee5afaf02e76e908b8d63cb58c7c8b9df41ac66114612c29/detection
# Reference: https://www.virustotal.com/gui/file/9f216c4205e5ff1b09bc89977794aba855002f1018738b9067ce381ff1e1aee2/detection

mailflix.live
o.mailflix.live
r.mailflix.live

# Reference: https://www.virustotal.com/gui/file/aac2a46338d7fc35f813863709d2622e53fa1a66facefd6133fa69f4d74e1b3b/detection

138.197.189.80:4782
blackid-4782.portmap.io

# Reference: https://twitter.com/r3dbU7z/status/1574428719489368064
# Reference: https://www.virustotal.com/gui/file/cfba9dab9282455d194d30dad7eac6cfc5c8e5d6caf94d631ed2b01a86e3a97f/detection

80.213.5.74:13370
fsociety-router.asuscomm.com

# Reference: https://twitter.com/h2jazi/status/1576735632558153729
# Reference: https://www.virustotal.com/gui/file/a4d6b3bb1e1db59d58bc7369aaf1aa66b281dcf092fb3acdc9c1456fe2a2259a/detection
# Reference: https://www.virustotal.com/gui/file/bfc9ceb09f9b08c934337036b1e3eb2eef6bfe093e0b9818a53a7c071ee5086b/detection

sun.to
sunwin.poker
sunwin.tel

# Reference: https://www.virustotal.com/gui/file/04ab651d6b7fc0b609f40e11556a6283943d5e6e4fe2c92703618820f8973d85/detection

previous-page.mooo.com
pzpr.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5128e6afa475716fd7797663d9bf59058de6bc0196a806b7ef01f7a4ced68c09/detection

193.161.193.99:24143
greenzye-24143.portmap.host

# Reference: https://www.virustotal.com/gui/file/bb6cd5c6e872e027bbc4c9cec7ae10a13b96d9c378b35a4bcb8ff48175b25ce8/detection

193.161.193.99:23825
muzi667-23825.portmap.host

# Reference: https://www.virustotal.com/gui/file/31196e7bbb312d2b7fd27ac5500b1c5fed21337ea27cb09eff008d46d8e2fada/detection

bupinbupin.ddns.net

# Reference: https://tria.ge/221010-t251tacee7/behavioral1

64.44.167.136:54780
qsars.duckdns.org

# Reference: https://www.joesandbox.com/analysis/719000/0/html

45.82.179.76:4499
45.82.179.76:49705

# Reference: https://tria.ge/221022-zw6caaehbp

107.172.206.108:54782
quazar.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3060b7b9ff15cc03cc0bfe11d26f54575064f33792517d2888d0927ed675197d/detection

103.73.161.4:4785

# Reference: https://twitter.com/0xToxin/status/1590640258810454016
# Reference: https://tria.ge/221110-k4kyzsged8/behavioral1

185.216.71.78:64594
dnuocc.com

# Reference: https://twitter.com/r3dbU7z/status/1591569830628712449

81.161.229.133:888

# Reference: https://twitter.com/r3dbU7z/status/1592062685163786240
# Reference: https://twitter.com/silentpush/status/1592226662300946432

95.214.24.140:2022
lilth.duckdns.org
xamlaz.cc

# Reference: https://www.virustotal.com/gui/file/6a01a4470f0290e76bc5c5b9d97a739aa4ca3b3856015f4a852e7b4beb7da05c/detection

158.247.232.56:4444
bofphosalf.net
freemaple.net
bot.freemaple.net
/Crypted_Loader_Zpfdzyxb.png
/Eiybe_Gmmcibip.bmp
/Ifdnxbsr_Saddmwbs.jpg

# Reference: https://threatfox.abuse.ch/browse.php?search=tag%3Aquasarrat

101.43.238.170:60001
103.136.199.131:4782
103.146.23.112:1571
103.146.23.112:2001
103.207.36.123:4782
103.239.247.113:33279
107.150.23.186:8808
107.173.219.111:4782
109.206.241.81:4782
114.132.232.148:4782
121.62.17.105:8848
124.120.53.223:4782
129.232.17.6:4782
13.233.24.14:812
139.99.244.21:4782
14.32.99.105:443
14.32.99.105:808
142.44.252.26:4782
144.126.133.48:4782
15.204.13.245:5000
150.253.77.7:6520
151.80.238.28:6606
154.12.250.38:4782
157.90.51.195:6980
159.69.234.4:4782
160.20.145.136:3392
161.97.148.204:1604
162.19.131.197:4782
173.225.115.99:7702
173.234.155.109:4782
176.159.113.196:4782
179.43.187.19:2326
182.186.84.121:6904
185.112.83.206:4782
185.141.63.211:4782
185.156.172.149:2271
185.165.169.235:8080
185.176.220.169:4782
185.193.127.228:5893
185.241.208.134:7331
185.241.208.134:7332
185.246.221.7:4782
188.255.114.14:4782
193.149.176.156:8080
193.161.193.99:23636
193.161.193.99:28132
193.161.193.99:48452
193.161.193.99:52307
193.161.193.99:53370
193.164.17.129:443
193.47.61.249:1024
195.133.95.3:2874
198.23.212.148:4782
2.133.130.23:443
20.218.120.153:4782
20.223.155.39:8808
207.244.235.47:4782
209.126.2.34:4782
211.118.205.243:443
212.192.241.35:3360
212.252.198.21:1337
213.152.161.240:12482
23.105.131.196:9970
27.72.56.186:9782
3.83.129.253:4747
31.7.63.14:8957
34.125.93.181:8080
35.157.111.131:17136
35.177.17.33:4782
35.79.36.216:812
37.0.11.118:5423
37.0.14.205:4783
37.120.206.86:1738
37.120.210.219:9771
37.48.117.136:4782
39.107.242.96:47820
40.117.196.252:4782
41.102.117.114:500
41.232.207.130:1338
41.234.44.38:1338
41.79.11.214:61032
45.131.109.121:8080
45.133.174.122:4782
45.138.16.148:5050
45.138.16.40:4782
45.138.99.3:3796
45.14.13.20:4499
45.14.50.120:8808
45.242.183.154:5
45.242.237.245:5
45.242.93.241:5
45.61.184.36:5050
46.196.26.192:4784
5.181.166.139:4782
50.54.215.55:4444
51.178.13.102:8324
52.221.201.97:4444
54.37.125.37:1111
54.84.208.91:58466
59.26.93.6:443
59.26.93.6:808
65.0.50.125:22247
67.191.63.138:4781
68.196.160.138:55552
70.70.19.220:4753
74.201.73.122:10600
75.136.204.139:4782
77.136.120.46:4783
77.34.128.25:8080
77.83.242.206:4782
78.142.29.103:7332
80.76.51.137:4782
81.161.229.127:4444
81.68.193.9:4782
84.140.101.75:4782
85.202.169.69:4573
85.202.169.69:5352
87.90.86.173:4782
89.117.21.144:4782
89.117.77.193:4782
89.160.134.202:4782
91.109.176.4:5490
91.109.176.5:5490
91.109.178.7:5490
91.109.180.10:5490
91.109.180.4:2002
91.109.188.2:4782
91.109.188.6:5490
91.109.190.12:5490
91.109.190.2:5490
91.109.190.5:2002
91.121.214.19:1605
91.178.236.90:8808
91.192.100.36:8084
91.209.226.129:4477
92.118.36.201:4782
92.99.178.55:1444
93.177.135.66:4782
96.8.112.20:3355
98.238.116.145:30815

# Reference: https://www.virustotal.com/gui/file/19a5b4f70b2ee4703aa7f74ce9d77bf25456619e21b249c97b07fc04c1b01ed0/detection

15.204.170.24:4782

# Reference: https://www.virustotal.com/gui/file/ddfd3f006ee9fd5bcc433fdf824b444cfabdc9c452ec629bba87e4df69b1d4c4/detection

188.33.191.33:4782
12233332f.sytes.net
12341.ddns.net
sdgfdgfasdgafs.ddns.net

# Reference: https://otx.alienvault.com/pulse/63aadf7d37e91773ab1032f8
# Reference: https://www.virustotal.com/gui/file/facaa2df3532a287e115e7e2c8198f9213d96f241df1a6121be54fab72d0384b/detection
# Reference: https://www.virustotal.com/gui/file/c698e97adc80f1c848dc6cb5786337679579eb09879423a2667b94f5e740c4f4/detection
# Reference: https://www.virustotal.com/gui/file/1336d3b40762f05abf6ef438251a838a5979e062bfb8d36f883dfbaaf1ca402c/detection

176.199.27.160:1337
213.238.177.169:30303
bruno2002.hopto.org
xmarvel.ddns.net

# Reference: https://twitter.com/MalwarePotato/status/1607797904093184000
# Reference: https://www.virustotal.com/gui/file/01e901f17153b749ab6ab8ef54a3581a4553f5d8717006937f9518bdcfc9ba01/detection

194.49.94.75:7272

# Reference: https://www.virustotal.com/gui/file/f5fa16ad33bbe14aff9ae7365956f27a763f129bf48b1d01dad512e37d7b4306/detection
# Reference: https://www.virustotal.com/gui/file/8b699d2973999fe632f268459e4ffb8f44a50971c8645878290260c389fed481/detection
# Reference: https://www.virustotal.com/gui/file/6e27179c94098b1c87ba3bceda8383149a7c40ea77996fd167e3b6a8aa2ba9ee/detection

123123456.hopto.org

# Reference: https://www.virustotal.com/gui/file/0a73126eb4dc9b6be4f17d481259d18ef2ab50c9e45a1fca2ac58c9170b826f8/detection

123minecraftez.hopto.org

# Reference: https://www.virustotal.com/gui/file/e5c50650165f374f9859dfeea8fe51e116391588a62c6f3b4998d5d7e17d9f6f/detection

1337qwert.hopto.org

# Reference: https://twitter.com/binlmmhc/status/1554288021490782211
# Reference: https://www.virustotal.com/gui/file/1ff521308231e8ed13552056b2b7e8a6dd55dda1ea05e9e030562c9b5569b8df/detection

176.223.134.12:55777
fbr-notice.com
secure-domain.link
update.secure-domain.link

# Reference: https://twitter.com/binlmmhc/status/1550414413697798145
# Reference: https://www.virustotal.com/gui/file/0a218fdb059f60327f520e174af1c2567364e4d18d71f9c5be235f981ca828b9/detection
# Reference: https://www.virustotal.com/gui/file/0eeeeb23573a7efd3eb3e7fbd02d88658c46978885357551be3c232b954876cb/detection
# Reference: https://www.virustotal.com/gui/file/54e2ecf7b3cbe0b1dea1dff5557c3f32d7b79696470cfe6240714a679eadd0ff/detection

103.152.255.55:35444
103.152.255.55:40666
176.223.135.130:35444
176.223.135.130:40666
mofa-kpi-update.link
sslupdate.online
updateserver.cloud
cloud.mofa-kpi-update.link
mofa.updateserver.cloud
secure.sslupdate.online

# Reference: https://www.virustotal.com/gui/file/bc0829b6ad1fb678dd6970021587fe3a6d82749e232b533a801d38efa88ededc/detection

000888.ddns.net

# Reference: https://www.virustotal.com/gui/file/fb4183e440ccccf253d31c9a0d3a749f1a86eeb0b40b69da01c868e59935bfb8/detection

109.206.243.198:4782

# Reference: https://www.virustotal.com/gui/file/dac7beb9685a7290e75c0502c97d8819eb7130390729cb4b7c008c1be68a6114/detection

185.163.124.151:4782
direct-trojan.com

# Reference: https://www.virustotal.com/gui/file/d472c72c1c20d8e039a21cb5fcb4bdd7b24cc698bdfd4dc6dfafd735c726fd18/detection
# Reference: https://www.virustotal.com/gui/file/5c8dd9d7ca2cef4d892164f338a1e5500bbd131ff66594719edadd7a21422cc2/detection

141.95.84.40:3047
15.235.53.10:3047
161.129.66.224:3047
38.79.142.66:3047
67.214.175.69:3047

# Reference: https://twitter.com/xorJosh/status/1617549902757642244
# Reference: https://www.virustotal.com/gui/file/0c108995489e9a40512a0ea00f562eae5e2ebc0a484eceb1116daec26b7c47a4/detection
# Reference: https://www.virustotal.com/gui/file/de87a9bc4bdeef0fcd47a0b236e3b5db026ef0d8bf7d54c86d8c1438b0b77d57/detection
# Reference: https://www.virustotal.com/gui/file/df98aaf76671380bfdd88ff302dbf5cbcb3498fcd9ad9b7c393efeaafcccf06b/detection

34.211.199.148:310
senddarkserver.cloudns.nz

# Reference: https://www.virustotal.com/gui/file/9d186a9a96f030f51c55cbf6a43043c26818191bad4ff9cd06f8e3d63a56a561/detection

157.90.51.195:4782
tapwater.ddns.net
tapwater.ftp.sh

# Reference: https://www.virustotal.com/gui/file/1a5d1da64c9b85d4da8804dc0f2561a735a816d75158a3b7c931c04098c69e8b/detection

185.254.96.226:4782
nohosst.ddns.net

# Reference: https://www.virustotal.com/gui/file/d852fc95294c086d341629021e7ea5e750956610b13115e5c5e55987dc6c0ab3/detection

95.216.102.32:4782
ghcc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e664da9f04b865436ed35f2aeb9f5349ea4cec9f48146c3f733d57ab96f34190/detection

192.99.180.181:6574

# Reference: https://www.virustotal.com/gui/file/b40ce6e124b9442dddc5dbc2ad4736054680c71d8a65b4338893279acdf35e8f/detection

20.195.202.119:4782

# Reference: https://www.virustotal.com/gui/file/4245bb44ce88dce8c77ed44dba40629ac6e489767b46521a45cf7f52554ed1ca/detection
# Reference: https://www.virustotal.com/gui/file/d0298b630deda48afe5853031e2459bc7d27bdcc0c383a1a591a4a578b8a747a/detection
# Reference: https://www.virustotal.com/gui/file/7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b/detection

154.12.234.207:4782
207.244.236.205:4782
quasharr.ddns.net
quasharr21.ddns.net

# Reference: https://www.virustotal.com/gui/domain/manbaco2023.duckdns.org/relations
# Reference: https://www.virustotal.com/gui/file/aff9dae78f13a7e13244cf022de01470272b00e4f6961a40a61c9e9c9b8ca7ed/detection

178.73.192.3:1029
188.126.90.20:1029
46.246.14.16:1029
46.246.4.13:1029
46.246.6.21:1029
46.246.6.8:1029
46.246.80.26:1029
46.246.80.7:1029
46.246.82.16:1029
46.246.84.11:1029
46.246.84.4:1029
46.246.86.4:1029
manbaco2023.duckdns.org

# Reference: https://twitter.com/souiten/status/1635568417918042112
# Reference: https://www.virustotal.com/gui/file/e8475fe3ac277d2eda466aaa4d42044d7230ac650b62dde38bf9727514c3ad69/detection

1.234.41.14:2158
115.21.139.222:2158
121.160.252.1:2158

# Reference: https://twitter.com/ScumBots/status/1637923803941556225
# Reference: https://www.virustotal.com/gui/file/54346a7a040be3f21373bf39fd0ed63b9cf06ebd666d6b182de45eeec8a8c08f/detection

148.255.9.59:4782
myhost88.ddns.net

# Reference: https://twitter.com/ScumBots/status/1638538354705694720
# Reference: https://www.virustotal.com/gui/file/f548d4d3dd4866eac8b73b912b2ec15abd29afd8377dbec57094689e306b196f/detection

185.70.104.42:5710
yolo23.line.pm

# Reference: https://twitter.com/peterkruse/status/1638843454330490880

asnyc2020.ddns.net
dart23.ddns.net
dartkom22.ddns.net
qassar22.ddns.net
qassar23.ddns.net

# Reference: https://twitter.com/suyog41/status/1638810812717342723
# Reference: https://www.virustotal.com/gui/file/8a9fdfd577337a30ecb6828922d85096357982f072191e7080fbc346bf69cf4c/detection
# Reference: https://www.virustotal.com/gui/file/b4cf260b4fec0aaf93e8f195b38057da04ca14c74bfbc14a48f1b31287bb8364/detection

142.250.184.110:1234
4.227.0.183:1234
tugastealer.ddns.net

# Reference: https://www.virustotal.com/gui/file/59917b4b4d1a67912f5896bfd274350cb4253cc2bf3c522781fda75ec72debf4/detection

186.6.57.58:4782

# Reference: https://www.virustotal.com/gui/file/947b7652ee3eab63fbf18856d957122fb166ecde863a6ce63d2d72f876929773/detection

http://182.43.124.6
185.238.3.205:5556
/fzyujing/?parameter=
/fzyujing/

# Reference: https://www.virustotal.com/gui/file/8dddf22e96a6a22b5ed6ddcab093052a7f2e5419a8e3edc25eee6fc4a90076f3/detection

185.70.104.58:6440

# Reference: https://twitter.com/r3dbU7z/status/1640106189617766401
# Reference: https://www.joesandbox.com/analysis/1202193

103.123.242.104:8080

# Reference: https://twitter.com/sicehice/status/1638330650733207555
# Reference: https://www.virustotal.com/gui/file/f73ee54fe59edc4ccface49203fe231446ff7cf51cd92c619c22c55817c83802/detection

178.186.181.247:4545
89.23.100.240:8888
ms17server.duckdns.org

# Reference: https://www.virustotal.com/gui/file/117d00bd7a0e08602f499e30151b999d6c13e7d3247769a5041d1cfd27fc7f5c/detection

yourass1.ddns.net
yourass1.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/f865eaf36d15356e81f043a8c94ea116aba70e9912f81679cc70a5b53bb595b0/detection

91.193.75.153:26133
95.214.27.180:26133

# Reference: https://www.virustotal.com/gui/file/593d5422f60594c17ba8e5759f7317b95733315a152c309b14ae8a5c681c867f/detection

104.219.234.167:5552

# Reference: https://www.virustotal.com/gui/file/787f69a34ec652837445cddee0610b367bfc9595514256d56627972db15c9d70/detection
# Reference: https://www.virustotal.com/gui/file/5c07f81e07ae16422f358a0623e921fe653b3d19ae763780478b7b47a44562db/detection

77.84.182.39:54984
0ogama.ddns.net
ogama.ddns.net

# Reference: https://www.virustotal.com/gui/file/406547f8776aa23f90eab4e061c314de753e82d50384612b471b6bbb3c01e52e/detection

213.152.162.79:7176

# Reference: https://www.virustotal.com/gui/file/50e7ddd4d1fd4d6f57e5a39f9e31f20ea967a032ab60458af63bb43c0996b67b/detection
# Reference: https://www.virustotal.com/gui/file/8705d26a491c2be89c1aeb98a7407f6cf71128208fea3f491e579f78282bfad8/detection

176.97.70.164:1111
176.97.70.164:1122
yourmom1.o-r.kr
sexy.yourmom1.o-r.kr

# Reference: https://twitter.com/r3dbU7z/status/1657835312146522112
# Reference: https://www.virustotal.com/gui/file/c8277e88b37878917b46d509324a57846d58e285c3e06720a282e7bb34fd9bc0/detection

5.161.113.202:555
asyfguas.con-ip.com

# Reference: https://www.virustotal.com/gui/file/d969fc2e15743d6d44f477907368f2ebc96cefba20a232861fc7337bfa938d75/detection

45.141.27.208:4780

# Reference: https://www.virustotal.com/gui/file/a465dc617b7717232fc1b455362c992ec0383b6b1fc692ee0c07008acf7e54fa/detection
# Reference: https://www.virustotal.com/gui/file/7943f6f2d61c7740064444908a89dcf669544f043b5451ca70b7ff5ba1b706ad/detection
# Reference: https://www.virustotal.com/gui/file/6c87a7f056d1d58c866403dcbacf41b7ff0d50d0d8b5730b124fb3bd37ba826a/detection
# Reference: https://www.virustotal.com/gui/file/6233466a0b7c4e4875e74699942385e0caae248d6a38c49c6f40036cb07fe560/detection

213.114.67.80:4343
213.185.43.105:4343
213.41.67.10:4343
79.110.49.27:4343
213.114.67.80:5757
213.185.43.105:5757
213.41.67.10:5757
79.110.49.27:5757
frontbrockmepronto.ddns.net
frontbrockmepronto.sytes.net

# Reference: https://twitter.com/Kostastsale/status/1670196417586167809
# Reference: https://tria.ge/230617-16r33sch4z/behavioral2

5.2.68.84:4782
smplt210smlprt.com

# Reference: https://www.virustotal.com/gui/file/1c300da55b692124f8efeda5305d86d4e280bbb785ea87cff49239dc026a7c55/detection

194.147.140.137:7171
indigo22.ddns.net

# Reference: https://twitter.com/StopMalvertisin/status/1678307398250004480
# Reference: https://www.virustotal.com/gui/file/2b2c926a0d587f409f3c7453d3d9018642cdc51abce1752eb2bf395728619576/detection

116.10.184.211:25089
frp-bar.top

# Reference: https://www.virustotal.com/gui/file/d5e6260ad66a6493ac6ea963a765f15e773e8d848261024628e6b9e753b4f603/detection

2.59.222.127:4782

# Reference: https://www.virustotal.com/gui/file/adf16ab5af4f98c0b9ff8f8855f822134620123d6fac197301726821d42e389a/detection
# Reference: https://www.virustotal.com/gui/file/70ad9ebd57e6faeb29e337bf2e9cc0b782aca4be2484f6d9cf97c2f80ae8a1d6/detection
# Reference: https://www.virustotal.com/gui/file/1f639934a5e343014e9b0b0648ac54dff754f1b3426544d8d08f332a9dde3c60/detection

2.59.222.127:6699

# Reference: https://twitter.com/1ZRR4H/status/1681168522494328835
# Reference: https://www.virustotal.com/gui/file/20633717b608c0d4b45f5d3f3bb670d0de9bec4ec346175deaded094acf0eba9/detection

http://45.134.173.182
51.77.167.52:6060

# Reference: https://www.virustotal.com/gui/ip-address/191.89.247.6/relations
# Reference: https://www.virustotal.com/gui/file/038c37cbf6050e8371b9e4ea76498b6297ef4645262fbf14cb25198f0f42b51e/detection

191.89.247.6:3232
dosremdos.duckdns.org
ftlamto.duckdns.org
newnewnewx.duckdns.org
procesojudicial.duckdns.org

# Reference: https://app.any.run/tasks/e08da6bd-7036-4b6d-9734-cb2ba2c5b3af/

174.44.108.32:4782
brorats32932.ddns.net

# Reference: https://twitter.com/sicehice/status/1674057027704836097
# Reference: https://app.any.run/tasks/7af98d54-6d0b-4b66-b870-570cab074a17/

213.181.206.70:4782
45.128.234.78:4000

# Reference: https://www.virustotal.com/gui/file/9c884e2891fd5f783cc0b06f9405b3c2b31a89e2e6ad4a816c93f8e15df200dd/detection

proxmoxfox.xyz

# Reference: https://www.virustotal.com/gui/file/76a7490d3f1b0685f60a417d1c9cf96927b473825a914221f092f82ea112b571/detection

158.247.227.231:4782

# Reference: https://threatfox.abuse.ch/ioc/1149037/

62.171.159.243:9000

# Reference: https://www.virustotal.com/gui/file/8be4c83e8b2dfc0c98e9789d9b230601a953b2ea7159249600eb7a30a02d69fa/detection
# Reference: https://www.virustotal.com/gui/file/58b20a28c808631021a89efa35c9d3fef3b894ff261dfea2659b73138f631444/detection

86.252.133.190:4782
92.170.137.253:4782
hahalol.ddns.net

# Reference: https://www.virustotal.com/gui/file/f0a143ffef3fc4041bf000ea933cfdb565fd5aef8b20a862300c568b4e2aa049/detection

100.42.74.199:10215

# Reference: https://www.virustotal.com/gui/file/0494c152c9f43e1e468d75b5e20d9c6ca2d3ae1f43203557aae0165dc77fadcf/detection

104.220.158.189:4782
wflyhigh.ddns.net

# Reference: https://twitter.com/sicehice/status/1689858299837980672

172.104.142.200:8000
linode.bratbg.eu

# Reference: https://www.virustotal.com/gui/file/777894a1cb29d3cc1b4030000a5fb1d6f63c1af15a3daaddff1faeb142827c7d/detection

177.255.88.161:4782
nanoinformcor1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/182140c6c6f883a3c81a37aa94635d5820dc903c30611c6eeb98ffe01f265198/detection
# Reference: https://www.virustotal.com/gui/file/a338c03483149a3d571177520213e5772d99dac1c53cc026aa848b98c3faf631/detection

37.139.129.231:4782

# Reference: https://www.virustotal.com/gui/file/4b4d40c1dfe7d17bd8350d1e8e23c107495df13be32a19b48eb2ec99c88c2bcb/detection

94.156.6.110:1414
94.156.6.110:6767
greightcethebui.sytes.net
wreightcethebui.sytes.net

# Reference: https://www.virustotal.com/gui/file/d11798f905c57c9067f0a419ccdd7ce2224d666593c8a27932fb31b9d7db9927/detection

139.99.170.18:4444
2121quasar.ddns.net

# Reference: https://www.virustotal.com/gui/file/91dcf38077fc1f6e2f8069bff2a26d3a18a1137a67f6bc7f6893daffd4324436/detection

103.212.81.154:5050
woahimsorich.ddns.net

# Reference: https://twitter.com/Gi7w0rm/status/1693604866185117912
# Reference: https://tria.ge/230821-prkjxacg64/behavioral1

139.99.32.95:8888

# Reference: https://www.virustotal.com/gui/file/1b88154b9cbc3fd6a2b74ebe40e20dca46443133787322ec18eef48508ea491b/detection
# Reference: https://www.virustotal.com/gui/file/4cf4fd4813d8ee148fb1d6f5205f85f5382cbdd6eaafc57d922e881313db800e/detection

45.133.181.50:5558
yankee.m-x.cfd

# Reference: https://threatfox.abuse.ch/ioc/1151967/

83.143.112.45:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-08-29)

193.142.146.212:4782
37.139.129.145:5512
51.79.169.103:9099
8.210.13.235:17099

# Reference: https://twitter.com/fr0s7_/status/1696193596653711509
# Reference: https://www.virustotal.com/gui/file/e8fcddca33d734dc65ce4737193e9f2e9598d7d4d42b85dea91b21435d165860/detection

198.50.218.165:4782

# Reference: https://www.virustotal.com/gui/file/00c63fc205bcb68aa91380c002d862341aaf44c764fced0675efc5dc92beb1e4/detection

192.121.247.8:2000

# Reference: https://twitter.com/Jane_0sint/status/1697249874251813038
# Reference: https://app.any.run/tasks/17924791-8ac4-4b5f-bb07-aa86c369f92d/

185.238.3.205:6669

# Reference: https://www.virustotal.com/gui/file/45386645c84c5dcbd8f889a87cd070d5dc1f7c69a1b6f6f5e62e7fa0a14ab471/detection

46.246.86.18:9887
obtener19.duckdns.org
qsar9887.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1155333/

167.86.88.89:4782

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/DDGroup/historical_C2_Domains.txt

quasharr22.ddns.net
quasharr33.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1155840/

23.94.171.142:4782

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/QuasarRAT/quasar_rat_c2s_found_2020_to_2023.txt

http://176.27.117.213
http://2.56.213.169
http://212.114.52.251
http://52.188.208.85
http://52.188.6.118
http://67.61.188.107
http://99.233.209.178
100.26.221.183:4782
101.99.92.134:4782
102.22.83.110:22649
103.146.23.112:4807
103.20.221.33:4782
103.28.149.74:1604
103.82.249.78:4782
104.129.26.162:4782
104.143.14.52:824
104.158.167.45:4782
104.238.149.39:8080
104.248.133.59:5424
106.12.192.231:4782
106.52.168.175:4782
107.150.23.186:6265
107.150.23.186:6606
107.172.176.138:5556
107.173.219.125:1714
108.46.243.186:666
109.197.195.118:9805
109.205.181.190:232
109.230.215.181:4782
112.154.0.240:3783
112.154.0.240:4784
112.154.0.240:5784
115.186.136.237:4000
118.208.43.110:10000
118.208.43.110:9000
118.208.43.110:9991
118.208.43.110:9992
118.208.43.110:9993
118.208.43.110:9994
118.208.43.110:9995
118.217.52.98:4783
121.254.204.13:4782
124.148.202.22:4782
125.177.149.250:4782
129.146.123.64:4782
13.53.42.228:3389
13.58.157.220:13969
13.69.9.10:5555
13.88.187.244:6241
130.61.179.221:1111
130.61.179.221:6969
134.209.192.40:4782
134.255.220.204:4782
135.181.241.49:111
135.181.241.49:2590
135.181.242.186:111
136.243.111.71:4782
136.244.94.164:3232
138.201.82.113:3615
139.129.54.18:4782
139.99.114.150:4782
141.195.132.52:478
141.255.145.175:1177
146.56.36.222:4782
147.135.106.246:4782
147.135.165.27:4782
147.185.221.180:5050
147.189.170.61:6666
148.251.16.2:4782
149.248.2.160:1488
15.235.109.170:4782
151.60.129.97:6241
154.16.137.62:4782
154.91.228.193:4784
156.226.21.194:2222
156.227.24.184:4783
157.90.253.169:6868
158.247.227.231:4788
158.69.104.33:4782
159.203.168.89:4782
159.223.62.230:4782
161.97.160.48:6241
161.97.160.48:7009
161.97.255.73:4782
162.206.16.208:4782
165.22.3.91:4444
167.71.56.116:22218
167.99.143.40:4782
167.99.143.40:7483
167.99.187.240:2323
167.99.251.51:3693
172.104.148.228:6543
172.193.161.155:8080
172.81.131.113:4744
172.81.131.113:4782
173.162.117.22:4782
173.254.223.66:1111
173.46.85.227:1337
174.139.46.13:4782
176.186.13.236:1337
176.205.43.31:4782
176.27.117.213:7765
176.31.88.156:60001
178.26.157.122:4782
178.33.23.183:60000
178.80.145.59:4782
179.43.140.175:4782
179.43.163.246:4111
179.67.150.63:4782
181.215.176.73:59955
184.105.238.80:4782
184.89.110.95:1776
185.102.170.133:4782
185.136.169.200:2541
185.140.53.137:4449
185.142.55.243:4782
185.153.222.198:7845
185.156.46.173:56156
185.158.139.148:1337
185.163.127.20:61110
185.165.153.138:4781
185.172.131.112:442
185.174.172.24:222
185.177.125.198:222
185.183.35.122:4782
185.183.35.38:4000
185.195.237.203:19068
185.204.1.236:4521
185.213.155.160:57361
185.213.155.161:57361
185.213.155.162:57361
185.213.155.163:57361
185.213.155.164:57361
185.213.155.165:57361
185.213.155.166:57361
185.213.155.167:57361
185.213.155.168:57361
185.213.155.169:57361
185.213.155.170:57361
185.219.134.245:4782
185.222.58.150:4449
185.229.243.34:6241
185.233.92.7:6241
185.236.78.58:4782
185.238.171.234:5552
185.239.242.185:4782
185.239.242.210:4782
185.239.242.241:1738
185.241.208.43:4782
185.241.55.88:4782
185.244.217.92:4782
185.244.36.245:1240
185.246.220.65:5000
185.248.100.84:111
185.250.205.156:4782
185.38.142.185:3138
185.41.187.220:5874
185.62.243.53:6241
185.65.134.175:55498
185.70.185.89:4782
185.81.157.174:4554
185.81.157.202:2001
185.81.157.20:5720
185.81.157.212:62024
185.81.157.41:5050
185.81.157.41:9000
185.81.158.102:2026
186.145.80.169:6666
188.119.45.143:9896
188.227.107.49:8808
188.233.89.107:65001
188.60.70.87:4785
190.2.137.34:222
190.213.54.56:5001
190.213.72.103:5001
190.213.78.26:5001
191.233.198.81:4782
191.96.249.27:4412
191.96.249.69:4412
192.227.223.11:7707
192.228.105.13:8080
192.253.245.243:7812
192.3.213.200:7080
192.3.255.150:5557
192.95.57.120:4782
193.106.214.204:7230
193.107.8.94:2222
193.142.146.212:7777
193.142.146.213:4782
193.142.59.30:4261
193.161.193.99:23029
193.161.193.99:25334
193.161.193.99:36295
193.161.193.99:4782
193.161.193.99:58546
193.161.193.99:64006
193.179.48.98:21
193.218.118.190:2266
193.239.147.158:4782
193.239.147.40:4444
194.39.126.82:4782
194.49.94.22:3306
194.5.98.18:4782
194.5.98.23:4001
194.5.99.16:3049
194.55.224.38:16145
194.60.201.88:4782
194.87.151.87:3332
194.87.197.78:9200
195.154.242.51:4782
195.181.163.32:4782
195.242.219.21:23564
196.74.39.169:4444
198.23.209.187:1604
198.245.116.112:4782
198.46.235.194:1417
198.98.54.161:1616
198.98.54.161:6666
2.136.215.141:6241
2.229.90.226:6241
2.32.188.135:6241
2.56.165.151:4782
2.56.245.127:7707
2.58.56.188:4782
2.59.255.71:64594
20.216.177.36:4782
20.223.161.175:4782
20.52.129.170:5552
20.82.128.5:4444
20.86.129.162:8080
20.86.129.162:9121
202.2.12.13:4782
202.62.53.116:2022
204.152.219.117:1337
205.185.123.144:666
205.185.126.148:666
206.189.92.41:1888
209.126.85.216:9632
210.187.193.230:4040
210.247.245.87:4782
211.101.233.234:1026
212.114.52.171:1605
212.114.52.251:443
212.154.101.132:3000
213.146.188.157:2222
213.166.70.161:4382
213.221.12.222:4782
216.170.119.147:4782
216.172.99.151:8080
216.250.250.94:4788
217.196.96.37:5678
217.23.14.81:4782
217.64.31.3:8848
220.235.40.8:25565
23.105.131.178:7812
23.105.131.186:7812
23.105.131.221:9000
23.105.131.241:9000
23.249.161.211:1714
24.152.37.45:4782
24.152.39.240:5555
3.131.190.22:21630
3.131.190.22:4444
3.133.207.110:10183
3.14.113.26:21630
3.14.113.26:4444
3.141.160.179:21630
3.141.160.179:4444
3.142.169.125:21630
3.142.169.125:4444
3.16.211.183:21630
3.16.211.183:4444
3.17.60.254:5354
3.36.121.136:4782
3.83.242.140:8686
31.210.20.167:5959
31.210.21.106:5553
31.27.54.82:6241
31.37.199.237:6241
31.44.3.55:8808
32.208.85.1:6606
34.141.231.83:812
34.159.18.8:812
34.210.89.142:3333
34.95.169.39:9000
35.139.129.139:6241
35.232.191.196:4782
35.246.76.97:812
37.120.141.165:13832
37.120.206.108:1738
37.123.102.103:1337
37.139.128.94:5000
37.19.210.35:57736
37.201.79.39:4782
37.252.15.153:4782
37.46.150.197:4449
37.72.168.166:4782
37.77.167.230:6241
38.242.128.85:5559
40.71.226.219:1604
40.89.136.80:4782
41.185.97.216:4782
42.194.162.142:6677
45.11.19.156:2222
45.12.253.64:4782
45.130.136.10:4782
45.137.155.118:6678
45.138.16.230:8808
45.140.190.110:25565
45.140.190.110:4782
45.146.254.225:4782
45.146.254.75:444
45.147.229.231:4
45.61.184.125:666
45.74.53.124:4782
45.77.103.131:4782
45.77.20.114:1604
45.77.32.251:6241
45.8.145.254:5984
45.83.122.111:5557
45.83.89.153:50146
46.135.37.166:4782
46.212.113.82:1604
46.249.59.99:111
46.55.218.169:8080
46.65.125.215:4782
46.69.66.108:4782
5.165.98.151:4782
5.180.180.66:4782
5.181.7.60:4516
5.249.163.32:4782
5.255.94.117:5353
5.45.67.165:2874
5.45.76.7:5550
5.61.58.196:4782
5.61.59.192:5552
5.61.61.202:2222
5.61.62.193:5552
5.78.110.192:6050
5.9.226.161:8080
51.12.244.74:3788
51.79.116.37:500
51.79.141.119:10110
51.79.143.7:10110
51.79.197.196:4449
51.83.153.85:5000
51.89.157.248:4782
52.14.81.142:21630
52.14.81.142:4444
52.187.50.165:5552
52.188.202.106:8888
54.188.236.78:22
54.237.208.95:4444
54.237.250.208:5553
54.38.124.51:3760
54.39.198.245:4782
54.39.249.59:4782
64.52.80.152:4782
65.1.228.201:812
65.21.118.113:111
66.135.0.161:5890
66.191.218.42:6606
66.30.2.43:4782
66.60.1.236:4782
66.63.167.164:55640
66.63.167.167:55640
67.213.221.18:7812
67.82.36.97:2404
68.106.199.207:4782
68.114.150.185:6241
68.81.183.145:4867
68.89.69.83:4782
68.94.252.162:4782
69.30.242.214:4782
69.65.7.131:4281
70.70.19.220:4770
70.70.19.220:4782
73.208.109.252:4782
75.127.254.214:4782
75.176.178.56:4782
76.87.74.54:4782
76.95.73.74:2404
76.95.73.74:4782
77.21.216.101:4665
77.241.13.90:6241
78.111.89.20:4782
78.140.241.23:4444
78.140.241.23:7878
78.173.187.50:4782
78.174.118.185:4782
79.134.225.115:5456
79.134.225.15:4449
79.134.225.22:7898
79.134.225.54:4545
79.134.225.69:4782
79.134.225.77:1973
79.58.243.41:6241
79.61.133.217:6241
80.14.190.2:6241
80.3.189.149:25565
80.66.87.55:4782
81.1.158.128:25565
81.68.120.79:4000
82.146.49.191:5544
82.153.167.249:4782
82.202.167.203:5555
82.208.16.140:5893
82.65.150.176:72
83.128.119.37:4782
83.139.245.62:6241
84.234.96.141:1717
84.51.52.166:1976
85.208.139.62:7070
85.215.222.129:65535
85.215.230.159:4700
86.126.172.252:36295
86.126.172.252:4782
86.93.121.149:1783
87.106.127.109:3001
87.121.52.241:4000
87.123.245.14:6241
87.16.77.254:6241
87.180.165.249:4444
87.21.66.231:7777
87.27.183.51:6241
88.103.237.113:4782
88.136.6.160:6598
88.218.17.195:4449
88.230.51.165:9999
89.203.249.64:5893
89.248.163.79:4787
89.46.100.217:7777
89.46.114.24:55442
89.46.114.25:55442
89.46.114.26:55442
89.46.114.27:55442
91.109.178.8:7070
91.193.75.58:5050
91.193.75.72:2024
91.211.251.108:4782
92.115.115.14:4444
92.119.159.23:5000
92.45.199.157:4545
93.114.128.184:4501
93.35.198.71:4782
93.67.13.190:6241
93.83.35.2:4782
94.131.105.161:12344
94.54.179.75:1604
94.62.38.122:3456
94.62.38.122:4782
94.62.38.122:5678
94.76.127.105:88
95.106.44.244:4782
95.156.227.151:4747
95.179.163.245:3152
95.214.24.37:6967
95.214.27.90:8080
95.216.56.1:4782
95.217.102.123:111
95.217.102.123:2404
95.217.140.35:1307
95.24.224.241:4782
95.87.224.123:4782
98.230.131.105:4782
1oxcv1.duckdns.org
2348fh3fhu23289r8932r82f923f9239.dolaprime.cf
2cool4school.ddns.net
2y9ea4pnl01jyr7.xyz
44334333-31579.portmap.io
44334333-37569.portmap.io
75372712.duckdns.org
76t7hh-51153.portmap.host
81747174.duckdns.org
92875782.duckdns.org
aare.linkpc.net
aayush160-34939.portmap.io
across-trap.at.ply.gg
adequatelicensing.at
adobe.mypsx.net
aeronaut-25032.portmap.io
alexdaprophet-48452.portmap.host
alexthedns.com
allahoyunda.duckdns.org
alltogether.hopto.org
amine94522.zapto.org
amiramir8565-20409.portmap.host
amiramir8565-21667.portmap.host
among-publication.at.ply.gg
androidapk.ovh
animeserverarchives.serveminecraft.net
anoverflowtest.duckdns.org
apenasumcarasozinho.hopto.org
api.flawcra.cc
araplarversion9.myddns.me
around-mud.at.ply.gg
asscend-41247.portmap.host
authgg-37696.portmap.host
azee12x-21531.portmap.host
backgb.itmenagerie.tech
baguvix918-26613.portmap.io
bartu1337.duckdns.org
bckp.llcdn.eu
benito77.ddns.net
bettergg.ddns.net
bideo.duckdns.org
billpham2001.hopto.org
billythesailor.ddns.net
blablashitspreading.ddns.net
blackid-30073.portmap.host
blinken-47096.portmap.host
blue-fog-95386.pktriot.net
borat.ddns.net
bore.pub
botnetps.ddns.net
bravo20-38305.portmap.host
buihieu.ddns.net
cable-cp.at.playit.gg
cahe.microsofts.org
camesurvelizerditis.sytes.net
camgreetgroop.sytes.net
camo23-28132.portmap.host
captain1.zapto.org
careeem.duckdns.org
carolina-electro.at.ply.gg
cars-sys.at.ply.gg
ceeloblack.xyz
chasetrades.life
checkme12.freeddns.org
chrome.ath.cx
chromeservers.ddns.net
cloud014.cisconode.com
cloudserv.ddns.net
cochonita.ddns.net
colpatvalidacionnuevo.xyz
connorb839-25244.portmap.host
consider-brochure.at.ply.gg
constantinedev.ddns.info
copresamvom.freedynamicdns.net
cordonhomeservices.com
craciton.duckdns.org
craft.ooguy.com
craftip.gize.com
crafts.mywire.org
craftup.giize.com
craftupdate.mysynology.net
crazysocket.ddns.net
crimify-41189.portmap.host
crossfire17.ddns.net
cryptersandtools.ddns.com.br
cypher-tech.ca
damnbeow.duckdns.org
dark-001.darknethn.com
dark-crystal.at.ply.gg
darkpass3nger.sytes.net
darwin22.ddns.net
dashmicrosoft.duckdns.org
dawideqgames-50634.portmap.io
dedi001.dynip.online
deepfred420.ddns.net
dejvicek-46680.portmap.host
delikral.mywire.org
demasox.ddns.net
devilkahika-35580.portmap.host
dfgfdsaghewedfg-36753.portmap.host
discordid-55700.portmap.host
dixip52.ml
dj8soidh901dsa.sytes.net
djetdixipleshacker.ddns.net
dmmd.ddns.net
dns3.iujoaqstqiywertgpu.club
dolaprime.cf
don567678.ddns.net
donbo13.ddns.net
dopeillusions.hopto.org
drec123-39864.portmap.host
eazyrape.ddns.net
ebkdoagbg.ddns.net
eggsbenedict.onthewifi.com
ehotemnoty.ddns.net
elegant-sky-11289.pktriot.net
elpepemanca.ddns.net
emusteven-50898.portmap.host
erbaevbann3.ddns.net
escanorsan12345-43147.portmap.io
etoneratnik.ddns.net
even-lat.at.ply.gg
executer.duckdns.org
existing-ultimate.at.ply.gg
existing-ya.at.ply.gg
faithovercome.myftp.biz
fdpfdpfdpfdpfdp.duckdns.org
fe9vap4vhlmkuaee.ddnsfree.com
female-boost.at.ply.gg
filipmntz-49636.portmap.host
filmguard.co
firewall.trustedvpnservices.com
fit.microgent.ru
five-frequency.at.ply.gg
fivemilliondollars.duckdns.org
flashy-rake.auto.playit.gg
flawcra.cc
flawgfx-25466.portmap.io
forex.4cloud.click
francaparroz21.hopto.org
france20202.casacam.net
fronadeatcam.publicvm.com
fronadeatcam.sytes.net
fronpeatcam.publicvm.com
froxybuzi.ddns.net
fruitingsuccess.ignorelist.com
fuckdudeifarted.ddns.net
gabrielloginek-33939.portmap.host
gamingserver0001-32952.portmap.io
gamisi.ddns.net
garden-makers.at.ply.gg
getrattedlol.inner574.kro.kr
getrektscrub.hopto.org
gh0008888.ddns.net
glare.hadaw.ml
glitchbuds-22803.portmap.host
googlehostroute.zapto.org
goose1.ddns.net
gregjoe-40894.portmap.host
grivenop.duckdns.org
gyanbu.duckdns.org
gyhbujikmkbu.zapto.org
h6ttr.duckdns.org
hachess-24356.portmap.host
hack4money.myftp.org
hacker.548848.xyz
hadaw.ml
hailrussia.ddns.net
happy-lake-71709.pktriot.net
hasamu.duckdns.org
hermes0.duckdns.org
higradevpn.xyz
hoba7be.ddns.net
holl4-64003.portmap.host
hostmeta.duckdns.org
howmanytimes3.xyz
ickfredkople.ignorelist.com
ihateniggers5544.ddns.net
ildriendfrirotoi.zapto.org
images1.c9z.in
images2.c9z.in
imgay69.ddns.net
international-berry.gl.at.ply.gg
internetip.ddns.net
ipaf3.sytes.net
ipaf4.sytes.net
ipaixincungduoc.hopto.org
ipaixincungok.hopto.org
ipdafds.ddnsking.com
iplytieulong666.hopto.org
iplytieulong777.hopto.org
ippie2.ddns.net
isosex.duckdns.org
j3vahjkvzinaqax.xyz
jereshost.ddns.net
johnprot-42263.portmap.host
jokerbaba-55552.portmap.io
jovydr-30307.portmap.host
joyyatlast.duckdns.org
k-essex.at.ply.gg
kanna917-29754.portmap.host
kas22.kro.kr
kenya6.duckdns.org
kenzo.ddns.net
kf99gkdfk1m2.ddns.net
king10-24873.portmap.io
king34spy.linkpc.net
kolptyubeatcam.sytes.net
krazey-62470.portmap.host
krejzolek-36859.portmap.host
ktsa-62303.portmap.host
kurganec228.ddns.net
labeokunta.dynnds.org
lafeuilee.duckdns.org 
latticino.hopto.org
lenixx.ddns.net
lenystylexd.ddns.net
levinizm.duckdns.org
libermanbrice.freemyip.com
license-boolean.at.ply.gg
life-chase.at.ply.gg
likeboostingsrebulity.ru
littlehf.ddns.net
lively-voice-43447.pktriot.net
localpc.ddns.net
lolmaster91-58005.portmap.host
lolog.hopto.org
lucid-cherry-14510.pktriot.net
mala.malatifs.com
mamitox.duckdns.org
manlap.linkpc.net
manoftheyear-58512.portmap.io
mapleauto77.ddns.net
markphoto.casacam.net
max-cleaner.at.ply.gg
me.hansang.me
mellowfishy-24901.portmap.host
metav.bumbleshrimp.com
mewhenjoj-46726.portmap.host
microhost.hopto.org
microsing.duckdns.org
microsoftbackup.duckdns.org
microsoftdiagnosis.camdvr.org
microsoftedge-57498.portmap.host
microsoftstolewindows.duckdns.org
microsoftteams.ddns.net
microsoftupdatehost.ddns.net
microsotf.ddns.net
microsotf.sytes.net
mictobozo.duckdns.org
midnightt.ddns.net
mill.hopto.org
minecraftgaming009-61323.portmap.io
minecraftpelx.serveminecraft.net
mingrelian.ddns.net
mingrelian.duckdns.org
misor85829-59050.portmap.host
misov.asuscomm.com
misov.kro.kr
mjj.xinbiquge.net
mommerishere.sytes.net
moneypack1101.ddns.net
ms-insider.net
mscompany.dynu.com
mydreambaphomet777.anondns.net
myowndomain394863467.com
myownvm.anondns.net
nadehzdakr.duckdns.org
narereti-40382.portmap.host
natural-sugar.auto.playit.gg
nazimaster123.duckdns.org
nettero.duckdns.org
newqs.ddns.net
news.nerdpol.ovh
niggahunter92-23962.portmap.io
niggeridiot-21095.portmap.host
nortonsys.sytes.net
ntdetect.ddns.net
office365wdswwq.dynu.net
office396.site
oiemaldriendfri.sytes.net
okbro2.zapto.org
onemilliondollars.duckdns.org
oooooojijantejijantes-51415.portmap.host
openvpnservers.duckdns.org
optimization.camdvr.org
p2x4y.xyz
pangrowman.myddns.me
pax.mentality.cloud
perpetual-scale.auto.playit.gg
piko.ddns.net
pimveldhof-60417.portmap.host
plsno.chickenkiller.com
pool-bernard.at.ply.gg
poppinbottles-35305.portmap.host
prem131bn-32385.portmap.io
prem131bn-42895.portmap.io
probka.ddns.net
products-behalf.at.ply.gg
promlag.ddns.net
promlag.hopto.org
prophetab-51441.portmap.io
psotre.dynuddns.com
pubgm.ddns.net
purepanel.duckdns.org
pwhfatal.ddns.net
q.ub3r.in
q1q1qa.ddns.net
qasa.dynamic-dns.net
qassar1122.ddns.net
qrss.duckdns.org
qs.mngbfdghsdfa.xyz
qsar1928.duckdns.org
qsr-4782-cnnctor.software-updates.pro
quaqua.shipnotifica.com
quasar1805.ddns.net
rares14023-51676.portmap.host
rat.softups.info
rat25565.ddns.net
ratpog.ddns.net
rattherattyrat.dynamic-dns.net
ratting-42498.portmap.host
raxterlmao-25631.portmap.host
raxterlmao-44943.portmap.host
reallyweirdshowcase.duckdns.org/
region-madison.at.ply.gg
region-remarks.at.ply.gg
regular-childrens.at.ply.gg
rely.no-ip.biz
requiredhome.ru
retorickjeremiah-25604.portmap.host
revolutionhacker-58546.portmap.io
romapro28937723-49554.portmap.io
router.negro.systems
runtimebroker.ddns.net
rv0day47.ddns.net
ryluniverse.zapto.org
s3.z100.vip
s33s4wqsr-31933.portmap.host
sadasdasd.re
sadax2s.duckdns.org
sadsadsada23.duckdns.org
sakshamgaming-21105.portmap.host
say-development.at.ply.gg
screenrx.ddns.net
scru.bz
scvhosts.duckdns.org
sense-null.at.ply.gg
server1.trustedvpnservices.com
sex55.duckdns.org
sharaga.ddns.net
sherlock457-40088.portmap.io
silktoupinarina.sytes.net
siltoncurl.de
simolife.ddnsfree.com
simplyrat.ddns.net
slowboi123-45036.portmap.host
smtp.yassine-bolard.nl
sommerishere.sytes.net
sparkling-desk.auto.playit.gg
spm.llcdn.eu
spm.llcdn.in
spoofer.sytes.net
staff-defines.at.ply.gg
stoic-dust-35219.pktriot.net
stopman.ooguy.com
studentesting.duckdns.org
studentestingrim.sytes.net
stuhowe.ddns.net
supsup23223-28150.portmap.io
suspicious-morning-30221.pktriot.net
system32.camdvr.org
t3ems3c-23636.portmap.host
tech.blog.net
techandro.duckdns.org
telebit.cloud
testert3.duckdns.org
thanksfam.xyz
thedarkly.linkpc.net
thedroidomania.ddns.net
therealbigbig-58273.portmap.host
thesekidsmans.ddns.net
this.speedfastmaking.com
thisisfakeih2d.ddns.net
thomasfunte.zapto.org
tornoob.me
totalfree.myqnapcloud.com
traffic.hadaw.ml
tumamaesgay.ddns.net
u863495.dynu.net
umcarasozinho.giize.com
undone.sytes.net
unknown2131-55332.portmap.io
updatesvfirefox.hopto.org
updateyahoo.duckdns.org
us-east-63815.packetriot.net
useittoday.ddns.net
user3574com-28920.portmap.host
uzgrode.hopto.org
venomia.ddns.net
vhf.sytes.net
via-introduction.at.ply.gg
vilvaraj-32652.portmap.io
vipeek1990-25013.portmap.host
vlad.myddns.me
vorphdns.ddns.net
vpngoogle.duckdns.org
vpnnid.hopto.org
wallpaperengineu11.ddns.net
war-committee.at.ply.gg
wc-ltc.ddns.net
wh-access.ddns.net
whynobtwlol228.ddns.net
wikidp888.ddns.net
williamkilghore.duckdns.org
windowsdefenderinc.duckdns.org
windowstap.duckdns.org
winserver.anticriminalonline.ru
workday2022.hopto.org
worldwide567678.zapto.org
wrz.ddns.net
x5-7.duckdns.org
xegefi6666-30878.portmap.host
xhidden.ddns.net
xianxe.duckdns.org
xmrstak.ddns.net
xnxx199.dynu.net
xrejat.hopto.org
xsaz3412.duckdns.org
xtestx.ddns.net
xuanhiepip.ddns.net
y33tmaster.ddns.net
yawn593921-38020.portmap.io
yeet.3utilities.com
yerrionminutes.freedynamicdns.org
yitvpfqrobw.duckdns.org
yncesucesss.chickenkiller.com
yohavoc.duckdns.org
youhackernetpaingodxd.duckdns.org
zaidtheboii-50153.portmap.host
zayprostofyrim.zapto.org
zickfreddickople.freedynamicdns.net
zilhd.giize.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-09-15)

147.185.221.16:45918
147.185.221.16:46473
released-caribbean.gl.at.ply.gg

# Reference: https://twitter.com/SarlackLab/status/1703484033743597968

46.1.55.35:4782

# Reference: https://www.virustotal.com/gui/file/79ebe0bdd4a59c52b377ddffa03a8ff2a470eef6304b97c1cb4df65294796cc3/detection

84.54.50.42:1337

# Reference: https://www.virustotal.com/gui/file/eb4f98a7aadc4eb5feceab64bd93b1d9c077510dd3cdb0efb6c733acd45b6e41/detection

141.255.150.209:4782
microsoft-virtualpc.duckdns.org

# Reference: https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
# Reference: https://raw.githubusercontent.com/pan-unit42/iocs/master/venomrat_iocs.csv
# Reference: https://www.virustotal.com/gui/file/c2a2678f6bb0ff5805f0c3d95514ac6eeaeacd8a4b62bcc32a716639f7e62cc4/detection
# Reference: https://www.virustotal.com/gui/file/b77e4af833185c72590d344fd8f555b95de97ae7ca5c6ff5109a2d204a0d2b8e/detection
# Reference: https://www.virustotal.com/gui/file/2a9b2dbd1319db27f844bfef1f23f748cdde7acdada01fa132fab2620e616432/detection

http://67.213.221.18
100.2.131.22:4449
101.99.90.110:4449
103.133.109.108:4449
103.143.249.203:4449
103.155.82.74:4449
103.39.109.47:4449
103.39.109.73:5205
103.45.232.168:4449
103.45.232.168:8001
103.74.174.160:4449
103.8.215.226:4449
104.205.188.45:7772
109.123.237.143:2247
109.123.237.143:4449
109.206.242.138:5353
111.242.191.104:4449
116.8.105.33:4449
119.29.243.12:4449
121.127.233.181:4449
121.175.209.128:4449
121.175.209.128:7000
121.175.209.128:8000
124.222.202.170:4449
125.182.30.132:10
129.226.175.203:7771
141.95.71.203:4449
142.93.137.173:4446
142.93.137.173:4447
142.93.137.173:4449
143.92.56.77:4449
144.138.71.99:6066
146.70.102.14:46146
146.70.50.106:3222
146.70.83.154:4449
146.90.154.118:4449
147.185.221.16:24582
147.185.221.16:32320
147.185.221.212:20487
147.185.221.212:8080
149.102.249.116:4449
151.236.17.83:1111
154.12.82.59:7771
154.37.51.77:9528
154.9.30.146:4449
154.91.85.75:4449
157.143.34.217:4449
157.230.85.119:4449
16.16.29.185:13562
16.170.222.231:13044
164.155.252.71:4449
168.182.176.153:4449
168.182.176.153:8080
173.212.192.72:3434
173.212.192.72:3435
174.126.118.156:4449
177.102.219.156:4449
179.174.51.167:4449
179.174.51.167:5052
18.133.225.113:32431
18.198.77.177:17487
18.198.77.177:4824
185.149.146.79:4449
185.221.67.43:4449
185.223.77.170:4444
185.223.77.170:4449
185.236.228.68:4449
185.24.9.195:555
186.166.246.159:2742
186.166.246.159:4449
187.84.121.138:9556
188.74.83.10:4449
192.71.249.141:1999
192.71.249.141:4444
192.71.249.141:4556
193.109.85.128:4449
193.149.185.42:4545
193.149.185.42:4646
193.161.193.99:21359
193.161.193.99:24224
193.161.193.99:25460
193.161.193.99:27573
193.161.193.99:29332
193.161.193.99:31780
193.161.193.99:33360
193.161.193.99:33913
193.161.193.99:4449
193.161.193.99:4567
193.161.193.99:47758
193.161.193.99:505
193.161.193.99:5251
193.161.193.99:58618
193.161.193.99:61948
193.161.193.99:64084
193.161.193.99:8000
194.147.140.177:45992
194.26.135.222:4449
194.58.33.98:4449
196.115.8.54:1288
196.117.149.187:1177
196.117.149.187:4449
196.127.115.30:4449
2.224.144.191:7771
2.59.255.190:3389
2.59.255.190:4449
20.195.166.5:30120
20.206.160.43:7771
20.231.13.19:4449
200.153.238.94:4449
206.188.197.37:4449
206.189.80.59:22317
206.238.115.213:8888
209.25.140.181:46769
209.25.140.181:50794
209.25.140.194:4444
209.25.140.194:54203
209.25.140.211:21055
209.25.140.211:42417
209.25.140.211:43278
209.25.140.211:5050
209.25.141.181:2309
209.25.141.181:23640
209.25.141.181:29667
209.25.141.181:30093
209.25.141.181:37566
212.102.53.23:37076
212.118.42.249:4449
213.52.130.95:1337
213.52.130.95:9200
216.173.116.182:4449
216.173.116.182:8888
223.165.6.30:3333
24.241.229.173:3389
24.241.229.173:4449
25.48.43.42:4449
27.3.194.101:4449
3.126.37.18:18642
3.126.37.18:4824
3.66.38.117:9512
3.69.157.220:14418
3.69.157.220:4449
31.201.66.248:3032
31.210.55.103:33770
31.210.55.103:42811
31.210.55.103:4449
31.210.55.103:7775
34.118.105.198:1337
36.73.32.123:4449
37.222.178.27:3305
37.222.178.27:3306
37.222.178.27:4449
38.242.147.248:4449
43.138.166.76:6593
43.156.44.109:2345
43.205.210.118:4449
45.123.56.33:4449
45.80.158.189:4449
45.84.199.148:8080
46.153.131.183:6666
47.98.159.180:4449
5.230.54.132:4449
5.83.190.86:4444
65.0.50.125:22796
65.109.58.182:4449
65.2.185.165:4449
67.213.221.18:4449
67.213.221.18:8080
68.219.242.195:4449
68.219.242.195:7000
75.72.252.34:4449
77.123.31.10:7666
77.123.31.10:7777
77.73.69.3:5785
79.110.49.132:4449
79.134.225.8:1234
80.170.28.14:4449
80.26.19.8:4449
80.26.19.8:60238
81.0.246.141:4449
81.0.246.141:8089
82.180.147.87:4446
82.180.147.87:4447
82.180.147.87:4449
85.192.40.255:8080
85.203.34.34:4449
85.209.176.47:4449
85.237.227.56:4449
87.121.221.16:4449
87.132.210.154:4449
88.10.43.57:4449
89.208.103.42:1335
89.208.103.42:4449
89.23.96.35:4449
90.105.113.79:4449
90.132.25.80:4449
91.134.187.22:4449
91.137.64.248:19102
91.223.169.39:1111
94.156.253.109:4449
92.158.105.84:4449
93.114.61.173:4449
94.46.175.132:45807
95.214.26.61:4488
95.214.26.78:5556
95.214.26.97:4449
95.214.26.97:5566
checkblacklistwords.eu
lcf.icu
tym.pw
123zhang123.e1.luyouxia.net
7706d61f16.zicp.fun
baiwu123.e2.luyouxia.net
binzai.e3.luyouxia.net
bj-1.lcf.icu
bomba1.ddns.net
s1567749.e1.luyouxia.net
wnindi9-24224.portmap.host
yk.tym.pw

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-09-25)

104.37.215.1:4782
37.139.129.145:5505
45.66.230.22:4782
46.13.89.41:9999
94.156.6.246:4782
buy-positioning.at.ply.gg
casino-within.at.ply.gg
donbaguette-43001.portmap.io
eain-63347.portmap.io
go-bean.at.ply.gg
supply-dressing.gl.at.ply.gg

# Reference: https://threatfox.abuse.ch/ioc/1167850/
# Reference: https://www.virustotal.com/gui/file/1b539938fa3f6c57bbeb64943b8b3f5d0c5069439081fdda40ef7a12f030874e/detection

103.241.72.56:3650
103.241.72.56:7788

# Reference: https://twitter.com/ScumBots/status/1709543723380379685
# Reference: https://www.virustotal.com/gui/file/8bbf013e1a095f5841b572e0aadc6c3929533b2332620fa470fe5e744b828b91/detection

2.59.254.111:3000

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-11)

http://47.99.65.37
103.136.199.131:4783
104.37.215.1:443
106.14.153.130:4782
107.148.0.61:33389
107.150.23.167:7771
118.163.164.39:11211
139.159.245.157:9816
14.225.204.247:6060
14.225.211.123:22222
14.225.254.32:9090
14.32.78.98:1297
14.32.78.98:1298
141.11.21.40:443
145.239.2.154:4782
146.70.111.19:23140
150.107.2.105:8880
150.107.2.176:8089
150.107.2.177:8089
150.107.2.178:8089
150.107.2.179:8089
150.107.2.180:8089
152.44.217.5:18473
154.116.255.91:4782
154.204.32.72:8089
158.69.133.72:993
159.223.52.78:9898
159.223.52.78:9981
164.68.124.135:8080
167.160.93.196:4782
168.75.105.185:4782
175.16.184.111:8089
180.235.137.45:9443
181.161.3.56:8080
185.186.66.8:443
185.211.160.112:4782
185.81.157.129:8808
188.153.77.109:4781
188.173.86.162:4873
194.180.48.239:2096
194.195.90.102:8080
194.26.192.144:6666
195.154.54.52:4959
197.225.107.178:10000
197.225.107.178:1194
197.225.107.178:18333
197.225.107.178:20122
197.225.107.178:20421
197.225.107.178:2086
197.225.107.178:2096
197.225.107.178:21148
197.225.107.178:21902
197.225.107.178:2376
197.225.107.178:26449
197.225.107.178:29070
197.225.107.178:30005
197.225.107.178:37600
197.225.107.178:38512
197.225.107.178:40590
197.225.107.178:42202
197.225.107.178:44662
197.225.107.178:45734
197.225.107.178:4583
197.225.107.178:46162
197.225.107.178:4687
197.225.107.178:48438
197.225.107.178:48810
197.225.107.178:50001
197.225.107.178:54270
197.225.107.178:54388
197.225.107.178:54563
197.225.107.178:57548
197.225.107.178:58603
197.225.107.178:6006
197.225.107.178:631
197.225.107.178:63131
197.225.107.178:64211
197.225.107.178:7425
197.225.107.178:8010
197.225.107.178:8090
197.225.107.178:8668
197.225.107.178:888
198.167.207.26:19132
198.27.97.83:4782
2.59.132.140:2585
20.49.52.110:1337
202.79.165.140:22336
202.79.165.142:22336
202.79.165.152:22336
202.79.165.153:22336
202.79.165.154:22336
202.95.14.202:7777
202.95.8.26:7777
202.95.8.64:7777
202.95.8.78:7777
212.23.222.42:7331
212.23.222.42:7332
222.187.254.8:53779
222.253.182.185:9090
222.253.182.185:9091
223.155.16.108:23333
223.155.16.110:23333
223.155.16.112:23333
223.155.16.124:23333
223.155.16.126:23333
223.155.16.130:23333
223.155.16.23:23333
223.155.16.37:23333
223.155.16.62:23333
223.155.16.74:23333
223.155.16.91:23333
27.124.4.200:7777
3.6.115.64:11536
3.94.91.208:587
34.146.234.67:5563
35.201.216.249:443
42.51.42.232:5885
43.134.191.126:443
43.139.242.9:56789
43.198.100.247:9443
43.248.185.248:53779
45.40.96.155:5000
45.77.112.196:8080
45.81.39.183:8084
46.105.31.161:8888
47.242.201.16:12199
5.102.157.70:4782
5.43.196.245:35
51.79.169.103:8888
51.79.197.146:23456
54.36.226.168:4444
72.18.130.237:7321
72.18.130.238:7321
72.18.130.48:7321
73.100.102.44:4445
73.198.68.21:4782
74.234.79.25:8080
74.91.117.229:4783
79.110.48.153:4448
8.129.179.142:22
8.210.13.235:12099
8.210.13.235:14099
8.210.13.235:15048
8.210.13.235:15099
8.210.13.235:16099
8.210.82.139:12099
8.210.82.139:14099
8.210.82.139:15099
8.210.82.139:16099
81.230.10.189:8080
86.17.224.159:1604
87.207.183.69:7531
95.179.171.234:4228
etapi.ydzh.ltd
etcs.ydzh.ltd
nebularemote.ydzh.ltd

# Reference: https://twitter.com/abuse_ch/status/1712458006833594589
# Reference: https://www.virustotal.com/gui/file/b9dc56e8f15327270b75cd4499049a19988d681f17691713d1ebd085831aa2a4/detection
# Reference: https://www.virustotal.com/gui/file/ae8c4f72c13b4103e0e977bbf2939a4b97860d1c279994d1b0bd27e00cbf8c2f/detection

185.196.8.30:22
dhlmissed.com
frankmullers.duckdns.org
hta4lyfeohyea.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-12)

150.107.2.104:8880
18.134.53.58:502
185.17.0.246:1419
50.114.32.155:4782
50.47.187.192:4444
51.79.247.142:10000
77.105.147.71:10000
77.78.31.79:9000
89.231.229.174:4782
usacupid.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-13)

150.107.2.102:8880
150.107.2.103:8880
150.107.2.106:8880
163.5.215.216:4788
164.68.124.135:8090
194.26.192.15:4400
87.163.178.244:13832

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-16)

109.205.213.42:4444
122.106.91.202:8888
134.255.254.225:5058
147.185.221.181:22242
193.109.85.197:443
209.25.140.181:22242
209.25.141.181:22242
209.25.143.181:22242
221.151.105.222:8888
23.133.216.181:22242
45.76.215.118:8080
72.140.185.189:8082
80.92.205.4:4782
82.76.223.18:7000
92.96.200.253:993

# Reference: https://www.virustotal.com/gui/file/0aa2b99b072736a522905c80505e8bfb45f545ee4d4f5a2fc02fb8f163b44225/detection

179.13.0.48:9820
berlinqua.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c430f8a55f610a2e7f4e5d68666dddfa69de6631397e8ba352399f8f45601e76/detection

197.202.140.193:4782
61.254.225.112:4782
bgxhost.servegame.com
eliminatorhost.servegame.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-19)

http://194.180.48.114
107.148.73.100:8880
107.191.62.170:8080
139.180.143.130:8080
143.198.143.66:443
148.252.73.49:6606
185.189.12.147:2323
191.82.202.123:2000
193.104.222.171:443
193.104.222.97:443
193.161.193.99:63447
193.164.5.70:4782
193.181.46.162:443
206.237.2.202:13014
223.155.16.127:23333
223.155.16.148:23333
223.155.16.89:23333
24.68.49.45:8080
27.124.4.202:7777
27.124.4.206:7777
31.40.4.149:4444
37.120.137.230:1433
45.152.70.133:2096
50.60.169.138:1337
51.20.181.222:587
51.79.247.142:12345
52.186.179.225:8848
81.0.21.60:5500
85.209.176.202:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/

http://154.39.152.134
http://195.14.123.15
http://34.154.103.104
http://62.234.175.104
103.140.251.156:4449
103.155.82.74:5000
103.42.30.83:4449
103.45.104.76:4449
103.74.102.181:3612
103.74.102.181:4449
107.148.8.5:4783
110.40.229.65:5050
111.180.204.133:4449
115.79.234.191:4449
116.102.233.195:8000
118.70.46.160:8080
121.37.250.168:1990
129.159.101.93:4444
141.98.10.132:4444
147.189.169.29:8890
149.88.73.111:4449
149.88.73.123:4449
149.88.73.37:4449
154.12.84.88:4449
156.254.126.133:4444
171.235.43.31:8000
171.235.43.31:9999
172.252.236.200:30120
172.93.100.82:2565
176.29.69.108:8000
18.194.136.156:4449
185.16.38.41:4449
185.202.173.103:4449
185.221.67.40:4449
185.221.67.40:8000
185.221.67.40:8001
190.28.134.15:4444
190.28.161.89:4444
193.161.193.99:59460
193.34.212.163:4449
193.42.33.190:25
193.42.33.190:4449
194.33.191.171:4449
194.33.191.245:4449
198.44.167.103:4449
198.44.167.106:4449
198.44.167.151:4449
198.44.167.157:4449
198.44.167.193:4449
198.44.167.209:4449
198.44.167.36:4449
198.44.167.3:4449
198.44.167.50:4449
198.44.167.72:4449
198.44.167.7:4449
198.44.167.85:4449
198.44.167.86:4449
198.44.185.105:4449
198.44.185.106:4449
198.44.185.118:4449
198.44.185.13:4449
198.44.185.19:4449
198.44.185.66:4449
198.44.186.111:4449
198.44.186.128:4449
198.44.186.185:4449
198.44.186.216:4449
198.44.186.230:4449
198.44.186.234:4449
198.44.186.245:4449
198.44.186.4:4449
198.44.186.58:4449
198.44.186.71:4449
198.44.186.80:4449
198.44.186.92:4449
198.44.187.42:4449
198.44.187.65:4449
198.44.187.98:4449
202.79.169.84:4449
202.79.169.89:4449
202.79.169.99:4449
203.20.113.225:1433
223.155.16.145:23333
23.26.76.142:2004
27.74.166.36:8000
27.74.166.36:9999
31.214.240.67:4449
37.120.158.245:25045
38.181.35.233:4449
38.181.35.91:4449
4.227.142.4:443
40.67.150.126:2000
43.139.166.120:4449
45.145.230.107:4449
45.145.230.129:4449
45.145.230.130:4449
45.145.230.137:4449
45.145.230.173:4449
45.145.230.209:4449
45.145.230.249:4449
45.145.230.31:4449
45.145.231.135:4449
45.145.231.141:4449
45.145.231.152:4449
45.145.231.185:4449
45.145.231.207:4449
45.145.231.216:4449
45.15.157.71:7777
45.88.180.13:6666
51.195.145.76:8808
64.227.106.181:443
64.40.154.127:8888
79.110.48.153:4449
85.209.176.48:5000
85.239.33.132:4449
86.204.232.82:9090
87.237.54.174:4447
95.214.25.75:4444
95.217.202.238:7777
96.45.174.196:4449
99.103.131.181:2222

# Reference: https://twitter.com/JAMESWT_MHT/status/1717093728525983846
# Reference: https://app.any.run/tasks/50894cc8-5473-4374-bf36-483d4ab05e86/

41.251.117.93:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-30)

100.80.114.4:4782
103.71.154.60:4782
107.148.238.82:4783
120.25.239.25:59823
135.181.235.186:2424
156.206.138.228:5552
172.234.16.71:4444
173.249.3.15:8443
182.92.222.213:7453
185.161.209.202:29185
186.222.176.105:4782
188.134.71.71:5559
191.82.214.147:2000
191.82.223.103:2000
197.61.171.237:5552
211.62.168.220:8080
34.118.240.134:4782
37.216.22.195:888
37.216.22.195:8888
45.76.251.189:4782
45.77.3.60:82
85.215.194.162:8080
87.138.218.214:47000
90.255.152.189:4782
90.255.152.189:8080
servet.site
cameraunitsdtock.sytes.net
cherrywoods-29890.portmap.host
contacto25.stafsolutions.com
filter-ranked.at.ply.gg
msi.servet.site
nancyagoatron.sytes.net
neko10.tplinkdns.com
overheaven.ddns.net
prnt.dedyn.io
prtsc.kozow.com
puryx-64788.portmap.host
qpurrybeatmecamtest.ddns.net
si.servet.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-01)

http://154.12.254.216
http://86.130.196.77
108.165.101.16:4449
109.147.149.255:4782
128.90.108.113:4433
138.59.198.231:5900
149.56.244.237:4782
156.224.27.244:4449
163.5.215.177:4782
172.232.134.145:443
191.254.169.139:5000
191.82.252.100:2000
192.3.86.10:8089
193.149.190.168:4782
209.203.54.177:8000
223.155.16.135:23333
223.155.16.149:23333
223.155.16.150:23333
223.155.16.151:23333
223.155.16.152:23333
223.155.16.153:23333
27.158.214.241:52516
3.129.208.252:587
51.161.107.9:4782
64.176.81.70:9090
64.52.80.114:4782
77.78.31.79:6000
77.91.73.70:1488
81.205.110.65:4783
93.85.85.86:4782
94.156.68.178:4448
makaa.work.gd

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-11-02)

http://18.166.249.66
http://185.62.58.77
http://5.255.117.112
101.43.141.31:4782
103.53.126.17:443
105.111.84.84:288
106.52.95.146:8880
110.92.64.176:4449
115.74.32.60:8000
115.74.32.60:9999
115.74.37.140:8000
124.29.223.193:4443
128.90.108.62:4433
139.99.80.193:8888
141.98.10.132:4449
154.204.181.104:4449
154.204.181.141:4449
154.204.181.146:4449
154.204.181.148:4449
154.204.181.170:4449
154.204.181.200:4449
154.204.181.212:4449
154.204.181.214:4449
154.204.181.225:4449
154.204.181.230:4449
154.204.181.244:4449
154.204.181.246:4449
154.204.181.27:4449
154.204.181.29:4449
154.204.181.5:4449
154.204.181.82:4449
156.224.27.100:4449
156.224.27.103:4449
156.224.27.106:4449
156.224.27.111:4449
156.224.27.114:4449
156.224.27.115:4449
156.224.27.116:4449
156.224.27.117:4449
156.224.27.118:4449
156.224.27.119:4449
156.224.27.121:4449
156.224.27.123:4449
156.224.27.126:4449
156.224.27.129:4449
156.224.27.130:4449
156.224.27.131:4449
156.224.27.132:4449
156.224.27.136:4449
156.224.27.138:4449
156.224.27.140:4449
156.224.27.144:4449
156.224.27.145:4449
156.224.27.148:4449
156.224.27.151:4449
156.224.27.157:4449
156.224.27.161:4449
156.224.27.163:4449
156.224.27.174:4449
156.224.27.182:4449
156.224.27.184:4449
156.224.27.185:4449
156.224.27.186:4449
156.224.27.193:4449
156.224.27.195:4449
156.224.27.197:4449
156.224.27.204:4449
156.224.27.207:4449
156.224.27.208:4449
156.224.27.209:4449
156.224.27.20:4449
156.224.27.210:4449
156.224.27.216:4449
156.224.27.217:4449
156.224.27.218:4449
156.224.27.225:4449
156.224.27.231:4449
156.224.27.232:4449
156.224.27.236:4449
156.224.27.238:4449
156.224.27.241:4449
156.224.27.242:4449
156.224.27.243:4449
156.224.27.245:4449
156.224.27.246:4449
156.224.27.248:4449
156.224.27.24:4449
156.224.27.252:4449
156.224.27.254:4449
156.224.27.36:4449
156.224.27.43:4449
156.224.27.50:4449
156.224.27.54:4449
156.224.27.55:4449
156.224.27.56:4449
156.224.27.57:4449
156.224.27.65:4449
156.224.27.67:4449
156.224.27.68:4449
156.224.27.71:4449
156.224.27.74:4449
156.224.27.75:4449
156.224.27.82:4449
156.224.27.86:4449
156.224.27.87:4449
156.224.27.89:4449
156.224.27.90:4449
156.224.27.92:4449
156.224.27.93:4449
156.224.27.95:4449
156.251.17.118:8880
159.100.22.58:9999
161.129.40.95:4449
171.250.185.235:8000
171.250.185.235:9999
171.250.188.34:8000
172.162.233.190:8081
172.171.254.153:5000
18.166.249.66:443
18.166.249.66:8443
199.127.60.151:4449
20.237.228.234:8000
206.72.202.109:1604
208.64.33.115:4449
212.118.40.208:1200
213.65.233.25:4782
43.128.4.110:8888
43.239.251.54:4449
43.249.193.131:4782
52.188.84.174:3000
64.253.87.233:4433
64.40.154.127:4449
65.108.26.147:25
81.28.6.148:9090
93.123.85.34:4444
93.123.85.37:5060
94.156.68.178:4449
95.214.26.67:7788
95.214.26.88:7788
95.216.249.152:4449
chromewebkit.com
xbhdabss.org

# Reference: https://www.virustotal.com/gui/file/f97675217ef1956a5a089517d69e4285fd2e1b71e049801ec68a459558eef74a/detection

182.30.57.19:4782
lordhades.ddns.net

# Reference: https://twitter.com/suyog41/status/1721402450509226446
# Reference: https://www.virustotal.com/gui/file/244b142725520624d3670e6a229e881ef3bffae6a2978c4bdea58e7d1b412188/detection

209.25.141.229:58369
st-patrol.at.ply.gg

# Reference: https://threatfox.abuse.ch/ioc/1199705/

nathwood23.mysynology.net

# Reference: https://www.virustotal.com/gui/file/303c9b9194ee78feed58a6ba788498a6c8d58d603ab7dacdda550ae8b67fe54a/detection

76.115.134.129:4782
sashok.ddns.net
truely.ddns.net

# Reference: https://app.validin.com/axon?find=91.92.241.80&type=ip
# Reference: https://www.virustotal.com/gui/file/bea1f3abe5f8cacae97c4cd7855465d2878c42d5ee8b2ac99392379792188266/detection

o7lab.me
panel.o7lab.me
puredns.o7lab.me
purepanel.o7lab.me

# Reference: https://twitter.com/JustWantToQ1/status/1725066269664084426
# Reference: https://www.virustotal.com/gui/file/1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a/detection
# Reference: https://www.virustotal.com/gui/file/5fd5a293e7320d340dda0457da801157129c138d09cc359d1edf187b375f8ed7/detection

http://101.34.70.230
http://106.12.126.136
103.30.76.56:8000
45.32.119.154:4782

# Reference: https://www.virustotal.com/gui/file/ef678ca84f44f94d68ed6025669da9990c2590a5bdb8188afa7ed56903bc145f/detection
# Reference: https://www.virustotal.com/gui/file/b42a304941cb1301ddc4429fe3a0b5804460deb1b6571c5827df4134e311c2e0/detection

37.67.159.50:4782
guttshost.ddns.net

# Reference: https://www.virustotal.com/gui/file/7d8f6f1d10938d4cad3743b7b9e50d8283e59a45f0b6096ec1fe8e42c1adad1d/detection

193.161.193.99:40520
ryanpsn-40520.portmap.host

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-20)

108.160.136.232:8088
109.99.113.208:4782
167.71.56.116:22112
178.254.32.61:4782
192.160.0.65:5040
193.42.33.210:4444
201.79.229.55:1000
37.1.207.27:222
43.135.4.224:4789
45.148.244.83:7752
45.61.128.77:5552
54.94.248.37:16018
8.134.72.167:8808
alex123123123141-56619.portmap.host
alibabash.ddns.net
allah420.ddns.net
awoware.ddns.net
bitra12.duckdns.org
boogerbreath-59460.portmap.host
com-overhead.gl.at.ply.gg
dance-civilization.gl.at.ply.gg
dng.dns05.com
dng05vpn.v4.softether.net
douzi.my-wan.de
everyone-substantially.gl.at.ply.gg
fragrant-pine-29547.pktriot.net
frosty-wind-77851.pktriot.net
frp.deitie.asia
johndoenut-37242.portmap.host
memet.ddns.net
mercurial6969-64808.portmap.host
okaa0-35095.portmap.host
rxalp.direct.quickconnect.to
scambaiting2022.ddns.net
schools-softball.gl.at.ply.gg
serverlolxd.ddns.net
short-shortly.gl.at.ply.gg
throbbing-mountain-09011.pktriot.net
tsxrkj.synology.me
visoxd-63447.portmap.host
voicia-net.ddns.net
without-sure.gl.at.ply.gg
youtubevideos.duckdns.org
zeroski.ink

# Reference: https://www.virustotal.com/gui/file/92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7/detection

20.205.140.63:1024

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-21)

http://136.50.194.181
http://194.55.224.24
http://85.98.162.136
136.50.194.181:4782
154.9.253.177:4782
163.5.169.28:8080
180.195.205.155:4782
193.161.193.99:58530
194.55.224.24:9030
195.133.197.3:4782
45.61.174.20:5552
87.159.4.210:4782
88.209.197.253:4782
cock.holyshithowmanydomainandproxycanigettorunmyserver.info
download.adaklab.ir
goldbolbein.chickenkiller.com
goldgoblein.sytes.net
holyshithowmanydomainandproxycanigettorunmyserver.info
infallible-water-17742.pktriot.net
laraloveu-44526.portmap.host
malhost.loca.lt
points-deep.gl.at.ply.gg
quasardeez.ddns.net
riprealworld-55179.portmap.host
rough-night-92806.pktriot.net
sero.definitivlegit.xyz
shipperd69.strangled.net
statics.kozow.com
testrun.ddns.net
topportas.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-22)

103.127.80.52:4782
107.148.58.234:4783
107.148.58.236:4783
109.193.93.28:4782
110.148.223.254:4444
139.99.80.193:9999
156.96.154.217:4444
191.205.93.92:5000
191.82.199.36:2000
191.82.205.52:2000
191.82.208.212:2000
191.82.220.234:2000
193.149.176.5:4443
193.161.193.99:27212
194.195.90.102:587
194.33.191.141:8080
194.49.94.45:4789
20.198.253.168:1337
202.79.175.110:7777
223.155.16.118:23333
223.155.16.120:23333
223.155.16.128:23333
223.155.16.139:23333
223.155.16.140:23333
40.81.26.134:8443
43.154.232.190:8441
66.85.157.78:443
77.232.132.25:4999
82.147.85.227:443
85.209.176.33:1337
91.92.246.130:8080
93.177.167.240:4782
95.214.25.72:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-11-22)

103.241.66.73:1604
103.245.236.118:4449
103.82.26.41:4444
115.74.20.156:8000
115.79.230.192:8000
115.79.230.192:9999
115.79.234.191:8000
115.79.234.191:9999
123.99.200.184:2139
134.195.90.8:8890
154.204.181.114:4449
154.204.181.116:4449
154.204.181.137:4449
154.204.181.15:4449
154.204.181.188:4449
154.204.181.197:4449
154.204.181.208:4449
154.204.181.228:4449
154.204.181.22:4449
154.204.181.33:4449
154.204.181.53:4449
154.204.181.71:4449
154.204.181.88:4449
154.204.181.93:4449
154.204.181.94:4449
154.39.250.214:4449
154.39.250.229:4449
154.39.250.234:4449
154.39.250.38:4449
154.39.250.52:4449
154.39.250.85:4449
154.39.251.113:4449
154.39.251.210:4449
154.39.251.246:4449
154.39.251.32:4449
154.39.251.52:4449
154.39.254.105:4449
154.39.254.124:4449
154.39.254.70:4449
154.39.255.109:4449
154.39.255.111:4449
154.39.255.141:4449
154.39.255.152:4449
154.39.255.156:4449
154.39.255.191:4449
154.39.255.199:4449
154.39.255.210:4449
154.39.255.211:4449
154.39.255.54:4449
154.39.255.81:4449
154.39.255.89:4449
154.39.255.94:4449
154.39.255.95:4449
156.253.13.217:4848
158.220.89.102:8940
171.232.3.175:9999
172.93.110.114:4449
176.96.136.233:443
185.239.87.136:4449
188.119.113.105:2323
189.152.202.202:16714
189.152.202.202:222
189.152.202.202:31193
189.152.202.202:49152
189.152.202.202:81
189.152.202.202:8880
193.124.205.20:4449
193.169.245.86:4449
194.9.172.60:4444
206.233.132.110:4449
206.233.132.208:4449
206.233.132.250:4449
206.233.132.27:4449
206.233.132.41:4449
206.233.132.67:4449
206.233.132.84:4449
206.233.132.92:4449
23.133.216.212:54696
3.6.115.64:12480
34.154.103.104:80
45.207.27.4:4449
45.88.180.23:6000
85.209.176.113:4449
85.209.176.184:4449
85.209.176.79:4449
88.99.214.187:4449
91.92.241.80:5000
91.92.248.121:5902
91.92.248.152:6606
91.92.249.88:5000
91.92.251.28:4444
95.214.25.144:4444

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-12-04)

http://195.189.98.5
http://20.106.201.109
http://45.147.231.88
http://59.14.118.202
http://8.217.83.74
1.117.42.60:4782
103.13.209.45:4782
103.161.171.127:4782
103.168.19.82:4782
103.71.154.48:4782
103.99.186.113:4782
104.218.54.245:1604
105.106.223.78:9999
106.160.59.123:5468
107.150.23.151:31337
107.172.76.140:8080
107.175.243.138:4782
108.216.43.217:4782
111.90.143.37:1888
116.97.240.228:9981
118.195.235.103:4782
118.69.101.91:38353
121.4.103.222:4782
121.41.5.68:4782
13.127.185.18:4783
138.197.189.80:64191
139.159.221.73:8443
139.224.36.193:8088
139.99.23.9:12024
14.0.24.177:7004
14.224.174.212:4782
14.225.210.209:23456
14.225.210.97:12024
14.225.210.98:12024
141.98.102.227:24482
141.98.112.145:1604
143.92.61.241:7777
143.92.61.243:7777
143.92.61.248:7777
149.28.201.102:82
150.107.2.176:8880
150.107.2.177:8880
150.107.2.178:8880
154.12.30.94:8880
154.7.177.155:9999
154.9.227.45:6774
154.9.254.21:8080
154.9.255.235:8080
159.223.52.78:9783
164.152.19.24:4782
172.232.148.85:443
175.16.147.232:8089
175.16.183.116:8089
178.20.47.103:9090
181.162.142.77:8080
181.162.155.84:8080
181.173.5.64:443
181.173.9.167:443
181.215.229.195:4782
181.41.200.232:3000
185.209.22.155:4782
185.81.157.103:9090
185.81.157.119:1020
187.101.166.245:5000
187.59.65.160:4782
188.240.121.104:4444
188.52.168.200:1337
191.17.127.135:5000
191.17.127.227:5000
191.17.4.199:5000
191.19.176.126:5000
191.82.193.90:2000
191.82.196.250:2000
191.82.201.157:2000
191.82.204.28:2000
191.82.205.177:2000
191.82.235.60:2000
191.82.240.73:2000
191.82.255.52:2000
192.121.102.21:443
192.36.57.216:4782
192.71.172.159:443
192.99.168.172:8082
193.161.193.99:38655
193.233.255.34:4848
194.147.140.134:8081
195.214.251.131:4444
195.3.220.71:1337
196.65.209.44:4444
202.79.175.51:7777
202.79.175.67:7777
206.123.135.125:2008
209.145.59.89:443
211.62.168.220:587
216.164.253.125:3334
216.219.83.227:4443
217.122.155.51:4783
217.208.240.203:25565
218.200.147.248:4782
221.194.78.221:4782
222.211.73.134:5566
222.211.73.134:5666
222.211.73.134:5766
222.253.182.185:4782
223.155.16.102:23333
223.155.16.109:23333
223.155.16.114:23333
223.155.16.115:23333
223.155.16.119:23333
223.155.16.121:23333
223.155.16.95:23333
24.75.175.47:4782
27.124.6.248:7777
27.124.6.249:7777
27.124.6.253:7777
3.129.208.252:443
3.236.102.180:4782
31.220.97.187:443
34.124.177.146:443
35.189.151.174:443
36.134.54.228:8088
37.120.137.230:3333
37.220.121.42:4782
37.59.174.109:4782
38.54.93.184:9999
43.136.181.103:4782
45.133.181.42:4444
45.141.27.187:4782
45.88.186.145:4782
5.161.225.245:8008
5.196.243.97:4782
5.206.224.18:443
50.60.8.72:1337
51.178.91.192:4782
51.20.164.68:4782
51.79.247.142:12000
51.81.105.237:4782
51.81.170.216:4782
54.39.132.191:4782
61.136.187.248:4782
64.176.65.152:443
64.52.80.98:4782
65.108.111.159:4782
65.20.67.1:4782
66.85.157.78:8443
72.140.185.189:8092
73.161.248.136:4782
73.72.200.242:8081
74.234.34.236:1337
77.21.10.243:29041
77.91.122.22:4782
79.245.246.193:13832
8.210.77.104:9443
8.212.132.182:5001
80.232.245.48:4782
82.27.71.69:4444
82.64.82.74:1604
84.247.161.111:443
85.209.176.247:2096
85.215.230.244:4782
85.239.53.165:443
89.117.79.31:2
89.221.224.197:443
91.109.176.8:4782
91.109.188.4:4782
91.161.14.130:5555
91.92.240.98:17444
91.92.246.130:3333
91.92.252.111:37156
91.92.252.152:8084
91.92.252.64:4782
91.92.254.40:4782
92.118.235.253:4545
94.12.43.18:49947
94.131.101.86:4782
94.156.66.76:6969
94.249.3.0:6565
95.46.107.25:23731
96.32.172.60:1194
obsidia.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-12-04)

http://162.33.178.82
http://91.219.148.77
113.207.49.54:9803
115.74.20.156:9999
115.74.22.203:5000
115.74.22.203:8000
115.74.22.203:9999
116.203.221.205:8890
123.99.198.130:14363
124.248.69.97:9999
141.255.150.200:888
141.255.159.128:4444
141.255.159.128:9999
154.39.251.85:4449
154.91.230.40:4449
154.91.230.50:4449
163.5.169.22:1194
171.232.3.175:4449
171.232.3.175:5000
171.232.3.175:8000
185.216.117.91:6666
185.81.157.213:4444
223.155.16.133:23333
45.141.215.178:61240
5.189.175.70:587
5.189.175.70:8080
51.195.251.9:4449
66.135.26.66:10010
74.199.99.167:4783
84.17.34.8:4782
84.32.5.135:8888
91.92.242.235:12330
91.92.248.239:4449
91.92.250.79:8080
91.92.250.80:8080
91.92.251.84:587
94.228.169.198:3000
95.214.26.66:7788

# Reference: https://www.virustotal.com/gui/file/404af34493708c09b1559146696d563013ef2017a2659a2a3b33b3d357d8e3cb/detection

207.32.218.138:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-12-07)

http://103.82.26.41
http://154.92.16.100
http://167.88.168.158
http://176.107.190.41
http://176.107.190.42
http://176.107.190.44
http://176.128.134.182
http://176.40.9.245
http://176.96.136.233
http://206.166.251.107
http://4.228.56.58
http://8.218.80.239
http://91.229.76.199
103.142.9.155:6688
103.145.253.245:4449
103.145.87.4:4449
103.164.62.9:6666
103.234.72.81:4449
103.42.30.19:4449
103.42.30.21:4449
103.42.30.30:4449
103.42.30.39:4449
103.42.30.42:4449
103.42.30.58:4449
103.74.106.117:4449
103.82.26.41:4447
103.82.26.41:4449
103.97.177.62:8888
104.161.50.230:1900
104.194.11.45:4449
104.244.72.108:9999
105.75.30.83:1080
105.75.30.83:18029
105.75.30.83:25050
105.75.30.83:48106
105.75.30.83:502
105.75.30.83:62491
105.75.30.83:6362
105.75.30.83:63889
106.119.249.59:14782
107.151.240.126:4449
108.160.140.12:443
111.92.241.2:4449
113.207.105.200:5501
113.207.105.229:4002
113.207.49.39:4001
113.207.49.50:16804
113.207.49.50:4004
113.207.49.53:4002
118.107.41.120:30360
118.195.164.90:4449
124.70.154.188:4449
142.202.242.196:4449
150.158.169.143:4449
154.19.84.98:4449
154.61.77.210:2323
154.91.64.183:7800
161.97.178.199:3435
161.97.178.199:3436
161.97.178.199:3437
161.97.178.201:3435
161.97.178.201:3436
161.97.178.201:3437
161.97.178.207:3435
161.97.178.207:3436
161.97.178.207:3437
162.19.192.193:1555
172.233.153.107:4449
172.233.153.107:5000
172.233.153.107:6000
172.247.132.3:4449
173.212.192.72:3436
173.212.192.72:3437
173.212.219.45:3435
173.212.219.45:3436
173.212.219.45:3437
173.212.224.186:3435
173.212.224.186:3436
173.212.224.186:3437
176.107.190.41:8888
176.107.190.42:8888
176.107.190.44:8888
176.40.9.245:10070
176.40.9.245:1026
176.40.9.245:1080
176.40.9.245:110
176.40.9.245:11778
176.40.9.245:11933
176.40.9.245:1200
176.40.9.245:1231
176.40.9.245:12445
176.40.9.245:1311
176.40.9.245:14120
176.40.9.245:1433
176.40.9.245:15825
176.40.9.245:179
176.40.9.245:1883
176.40.9.245:20000
176.40.9.245:2004
176.40.9.245:20201
176.40.9.245:2079
176.40.9.245:2080
176.40.9.245:21
176.40.9.245:22081
176.40.9.245:2222
176.40.9.245:23515
176.40.9.245:23630
176.40.9.245:2375
176.40.9.245:2376
176.40.9.245:23803
176.40.9.245:24233
176.40.9.245:25
176.40.9.245:26589
176.40.9.245:26808
176.40.9.245:27017
176.40.9.245:27585
176.40.9.245:2761
176.40.9.245:28080
176.40.9.245:28389
176.40.9.245:30617
176.40.9.245:3306
176.40.9.245:33389
176.40.9.245:33416
176.40.9.245:33742
176.40.9.245:33913
176.40.9.245:36401
176.40.9.245:37262
176.40.9.245:4087
176.40.9.245:44369
176.40.9.245:4444
176.40.9.245:44467
176.40.9.245:44861
176.40.9.245:44886
176.40.9.245:46571
176.40.9.245:48742
176.40.9.245:49502
176.40.9.245:51091
176.40.9.245:51178
176.40.9.245:51783
176.40.9.245:52435
176.40.9.245:53346
176.40.9.245:53782
176.40.9.245:54252
176.40.9.245:56323
176.40.9.245:57002
176.40.9.245:57287
176.40.9.245:587
176.40.9.245:5903
176.40.9.245:6000
176.40.9.245:60000
176.40.9.245:6001
176.40.9.245:6003
176.40.9.245:6006
176.40.9.245:60143
176.40.9.245:60402
176.40.9.245:60845
176.40.9.245:61105
176.40.9.245:62577
176.40.9.245:631
176.40.9.245:63523
176.40.9.245:6379
176.40.9.245:6697
176.40.9.245:6918
176.40.9.245:7375
176.40.9.245:8000
176.40.9.245:8010
176.40.9.245:8085
176.40.9.245:81
176.40.9.245:833
176.40.9.245:9205
176.40.9.245:9543
179.14.8.10:5000
181.173.21.240:443
185.16.38.93:4449
185.16.39.245:4449
185.181.10.240:443
185.196.8.237:4449
185.220.204.33:4444
185.36.81.57:4444
190.123.44.233:4444
191.82.212.175:2000
193.34.212.163:4545
193.34.212.163:7777
194.147.140.154:8889
197.146.76.15:11029
197.146.76.15:20086
197.146.76.15:2990
197.146.76.15:37747
197.146.76.15:52224
197.146.76.15:52407
197.146.76.15:54488
197.146.76.15:54564
197.146.76.15:5902
197.146.76.15:7474
197.146.76.15:7801
197.146.76.15:8159
20.188.113.132:9099
20.201.112.166:5522
20.201.119.163:1025
20.213.246.160:8080
20.6.33.42:9099
206.238.199.163:2022
206.238.199.163:4449
207.32.217.107:4449
207.32.217.117:4449
222.186.56.59:10000
27.124.2.230:4449
27.74.166.158:8000
27.74.166.158:9999
34.70.203.199:4449
37.1.208.55:4449
38.165.8.185:4449
4.227.176.184:8080
4.228.56.58:1024
41.216.183.22:4782
43.140.194.203:2233
43.153.109.213:4449
43.156.51.101:4449
43.248.100.54:9881
43.248.140.96:4520
45.131.111.98:7000
45.155.249.230:4449
45.235.49.52:4449
45.74.34.32:1993
45.77.2.11:443
45.88.9.100:4444
47.96.68.247:4449
5.182.87.154:4449
51.38.57.226:4449
51.79.196.122:5000
54.37.237.170:4444
62.234.175.104:45678
62.68.75.236:1602
64.156.192.19:8888
77.105.132.88:9999
8.130.84.209:4449
8.212.49.198:9827
8.218.80.239:8443
83.220.164.105:4449
83.220.164.114:4449
83.220.164.11:4449
83.220.164.2:4449
85.209.176.158:4449
90.255.118.25:9999
91.229.76.199:8888
91.92.241.170:4449
91.92.241.23:4449
91.92.241.65:8080
91.92.242.184:4444
91.92.246.52:4449
91.92.248.39:4444
91.92.251.81:5001
91.92.252.194:4444
91.92.253.13:4449
91.92.253.13:8080
91.92.253.14:8080
91.92.254.174:4444
parlimenmalaysia.myftp.org

# Reference: https://twitter.com/V3n0mStrike/status/1734057776861655431
# Reference: https://www.virustotal.com/gui/file/007e4f5ae18d5c2f0ef3dddeedaaab82ae3cdcefd98943a6b039cd3a7ab596ac/detection

http://45.40.96.164
45.40.96.164:5552

# Reference: https://www.virustotal.com/gui/file/207c4ebe49833b09d5bbf7d05e50851891a29b04b2b413106092e739ce0dcab3/detection

176.131.238.95:4782
jlrat.ddns.net

# Reference: https://www.virustotal.com/gui/file/5629dac4ae6bcdb1d9e9401d338b7af892009a056c8f74ffc2f657341c5df4e3/detection

46.246.4.6:2636
shop27.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b8919fe0360c97ac26161f11d4903450ab3333bf0ae4aaed0223f14562d5d022/detection

42.51.37.132:4782

# Reference: https://www.virustotal.com/gui/file/0d852de86784800a9e7ae5c7f484c9218015bce59dc541a9d38743a0cfe3d29e/detection

178.255.168.49:4782
sfxn.ddns.net

# Reference: https://www.virustotal.com/gui/file/de8bc458f91a587c571d91aa578b1f6dded34aae730e5e38e4bfcf2d9f8e79eb/detection

79.107.199.218:6666
ratsakis.ddns.net

# Reference: https://www.virustotal.com/gui/file/a5d2600ca75a5e5f74209cca81c154b6a4c1d862701107f08f8260479ff6510f/detection

59.92.91.175:2000
allan123.ddns.net

# Reference: https://www.virustotal.com/gui/file/c9c3add3e6318415f298edbc85cded2dc3c232624e53ea9cca7f10a8633e0cc0/detection
# Reference: https://www.virustotal.com/gui/file/7f8e64ce3699ccf9de01c007e6a3692261c9abdbc275b6195f46ba3f0a22eeb1/detection
# Reference: https://www.virustotal.com/gui/file/60c01572944d3605ab9d72e2053fcc6f90cbd54c94cd8b8decff62b12a231b05/detection

90.255.118.25:9999
antilag.ddns.net

# Reference: https://www.virustotal.com/gui/file/3cc84e3c93493e0d6e636db209aedd2f9b1a6f12c30c501adcc8929306917700/detection

23.19.58.161:1982
59.24.3.174:1982
gamestramar.4cloud.click

# Reference: https://twitter.com/noexceptcpp/status/1744349230196523062
# Reference: https://app.any.run/tasks/ccab90e4-7e74-4189-a12c-bbd30a989c42/

91.92.249.238:4789
hts.guru

# Reference: https://www.virustotal.com/gui/file/c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4/detection

49.36.144.228:4782
myhost567098.ddns.net

# Reference: https://www.virustotal.com/gui/file/32aa4355cbed96bc5f95b9e18425fcfa9e3191007e13e2e6764eb8355f276c8d/detection

103.163.182.164:4782
1800hacker.ddns.net

# Reference: https://twitter.com/smica83/status/1744648066563453017
# Reference: https://www.virustotal.com/gui/file/cd0f465d5aafd57b4ec1c13d042b5eaa4643fa46a6143091b8fc61c2650c4484/detection
# Reference: https://www.virustotal.com/gui/file/26a281534bcbf467b36882cb224d95e6f93e6307bd4b6c82cfe16f1c4b30bc32/detection

147.185.221.17:60702

# Reference: https://twitter.com/smica83/status/1744345751314923526

109.55.109.94:4782
91.92.251.28:4782
94.130.171.180:4782

# Reference: https://www.virustotal.com/gui/file/21fcc1fb15a66fc37d5964cfdb02752a84ca15c6625418ad7c6bb06e50b04522/detection

91.92.246.52:4789

# Reference: https://www.virustotal.com/gui/file/ff9e47820f576d830fa635e46f98aab57f8612b7505983c34ff4073e409b947a/detection

23.237.25.134:2557
mylicolalrotloacl.cloudns.nz

# Reference: https://www.virustotal.com/gui/file/c3ea4515299f94d6074da256513ec0270345622a29e6e2b2acface25bf58977e/detection

catlol.ddns.net

# Reference: https://www.virustotal.com/gui/file/e617b795597c13a3447b2070b0e8bc990ce35e52092287daf7ed5053e0e21ec5/detection

194.33.191.246:4782

# Reference: https://www.virustotal.com/gui/file/b50219d19ed3045ea1e40b9d9e01e689db0e9ae90da91f8cf67001e52db74854/detection

185.70.104.90:5080
vmwareupdate.sytes.net

# Reference: https://www.virustotal.com/gui/file/c6b13f981432120bb9800951d77193b16ed90a410c34624cfd8f20d74624b8ae/detection
# Reference: https://www.virustotal.com/gui/file/c64ebcf3cccf0017d6e2cfdedb40b02a833f96bc0cc5c8ebbb56093a0e24531b/detection

nkxingxh.top
xshost.co
cdn.nkxingxh.top
one.nkxingxh.top
cdn.xshost.co
cdn8833.cdn.xshost.co

# Reference: https://www.virustotal.com/gui/file/ddadf75173b62b863d7160b1c61b07978d30fd9033f0ed5a050b03ed945f04f0/detection

94.156.68.145:7639

# Reference: https://www.virustotal.com/gui/file/9e6fa1f280864e2933528e17984bf2d448b003bda842145f34e63cc8a4b337ef/detection
# Reference: https://www.virustotal.com/gui/file/85f3d6263a9c1f9946c68d62217cb0eca348a34ff4b48090f527fd7d438396e6/detection

147.185.221.17:63027
147.185.221.17:63042
szczurson1337.freemyip.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-02-03)

http://47.93.42.113
http://52.81.76.168
125.130.86.64:4782
176.105.230.74:2404
181.162.151.66:8080
181.162.169.153:8080
191.82.204.88:2000
191.82.244.204:2000
194.147.140.138:3320
197.225.117.157:10000
197.225.117.157:102
197.225.117.157:10258
197.225.117.157:104
197.225.117.157:10443
197.225.117.157:1080
197.225.117.157:110
197.225.117.157:11467
197.225.117.157:1200
197.225.117.157:12078
197.225.117.157:1521
197.225.117.157:16196
197.225.117.157:16993
197.225.117.157:18029
197.225.117.157:18049
197.225.117.157:18084
197.225.117.157:2004
197.225.117.157:20547
197.225.117.157:2078
197.225.117.157:2079
197.225.117.157:2095
197.225.117.157:2096
197.225.117.157:2222
197.225.117.157:2323
197.225.117.157:2380
197.225.117.157:24663
197.225.117.157:2701
197.225.117.157:27017
197.225.117.157:27199
197.225.117.157:2761
197.225.117.157:2762
197.225.117.157:28139
197.225.117.157:31763
197.225.117.157:3390
197.225.117.157:33920
197.225.117.157:36043
197.225.117.157:37215
197.225.117.157:40000
197.225.117.157:40329
197.225.117.157:40846
197.225.117.157:43014
197.225.117.157:4369
197.225.117.157:443
197.225.117.157:44332
197.225.117.157:45118
197.225.117.157:45910
197.225.117.157:46207
197.225.117.157:465
197.225.117.157:48148
197.225.117.157:4840
197.225.117.157:4887
197.225.117.157:49451
197.225.117.157:50001
197.225.117.157:50580
197.225.117.157:50956
197.225.117.157:51376
197.225.117.157:5220
197.225.117.157:52200
197.225.117.157:52219
197.225.117.157:5307
197.225.117.157:5432
197.225.117.157:5672
197.225.117.157:57983
197.225.117.157:58603
197.225.117.157:5900
197.225.117.157:5902
197.225.117.157:5903
197.225.117.157:6000
197.225.117.157:60000
197.225.117.157:6001
197.225.117.157:6002
197.225.117.157:6004
197.225.117.157:6006
197.225.117.157:6008
197.225.117.157:61616
197.225.117.157:6362
197.225.117.157:63842
197.225.117.157:64374
197.225.117.157:64611
197.225.117.157:6513
197.225.117.157:6597
197.225.117.157:6667
197.225.117.157:6697
197.225.117.157:6699
197.225.117.157:7170
197.225.117.157:8000
197.225.117.157:8010
197.225.117.157:8080
197.225.117.157:8081
197.225.117.157:8389
197.225.117.157:8443
197.225.117.157:9000
197.225.117.157:9042
197.225.117.157:995
216.238.78.129:8888
35.189.151.174:5563
46.4.80.247:4782
62.234.61.157:6000
64.231.120.66:8080
70.34.252.163:8888
91.92.247.180:57420
94.103.188.123:1111
LaraLoveU-44526.portmap.host

# Reference: https://www.virustotal.com/gui/file/882f7cd8be3aa3c10e8ebec979432cc7e1eeca70578af17a0989aaa8b18dd9e5/detection

74.91.116.12:4784
yaniqueque.sytes.net

# Reference: https://www.virustotal.com/gui/file/60398c306948c297487363d89ca453a9c26de6a209da104f83625c4945a387d6/detection

45.140.146.156:2012

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-02-14)

102.117.152.61:104
102.117.152.61:12920
102.117.152.61:18925
102.117.152.61:222
102.117.152.61:2375
102.117.152.61:2376
102.117.152.61:24828
102.117.152.61:28015
102.117.152.61:4242
102.117.152.61:4444
102.117.152.61:4781
102.117.152.61:5671
102.117.152.61:57963
102.117.152.61:5903
102.117.152.61:6009
102.117.152.61:64741
102.117.152.61:832
102.117.152.61:9036
103.120.201.75:2222
110.139.46.105:36969
114.104.183.54:4782
14.225.210.222:12024
140.82.48.210:2404
142.202.191.144:443
154.61.74.84:4782
159.100.13.218:1606
167.86.86.15:1010
177.138.248.251:5000
181.161.3.29:8080
181.161.6.87:8080
185.16.39.253:8888
185.81.157.203:9090
185.81.157.211:9191
191.82.252.2:2000
193.161.193.99:30650
194.147.140.234:82
204.44.124.8:4782
41.216.183.126:3741
45.195.198.204:443
51.120.7.94:1337
73.186.83.59:4782
79.109.104.58:2222
8.222.144.134:443
82.102.23.170:8081
90.15.154.112:4789
94.156.69.73:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-02-12)

http://5.206.224.7
103.243.180.11:5588
103.243.180.16:5588
103.243.180.7:5588
109.107.182.205:25
147.50.240.224:4444
157.254.165.110:8888
172.233.240.86:8080
178.33.57.149:4444
178.33.57.149:5000
185.238.171.42:4449
194.33.191.239:4449
194.48.251.10:4449
194.48.251.11:4449
194.48.251.120:4449
194.48.251.189:4449
194.48.251.220:4449
195.62.47.154:8890
45.112.205.126:5588
47.92.123.66:1311
85.105.91.170:4449
93.177.100.138:8080

# Reference: https://www.virustotal.com/gui/file/d1f0a56e337a88c174c9ba1fb791fa4b7695c154b0b5720194958e01fc7f9875/detection

179.13.2.154:7720
46.246.12.2:3669
rverde.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d13a25f8c9dcf0cd27369a3889e37cfa00801ccaf9ac0a5da9e68d6b9cade24b/detection

5.181.159.31:3000

# Reference: https://www.virustotal.com/gui/file/705da998431176a202f1f9600344b39cc26b64f1a07bb8e6ca801104f5a79b5c/detection
# Reference: https://www.virustotal.com/gui/file/0b5e901d7b6bf73a49de04a246299490f217793a465e85daf449e1eac3d2902f/detection

147.45.45.6:4782
77.239.90.215:4782
myhostter.ddns.net

# Reference: https://www.virustotal.com/gui/file/02477657cae4d96972360345c7490ed65c7267d1dac1998300ca0d6b0dd1c1c3/detection

45.154.98.24:5008

# Reference: https://twitter.com/IronNetTR/status/1767991209065115925

107.148.237.29:8088

# Reference: https://www.virustotal.com/gui/file/d7ca9ee174e7dc24f37dd3a2a40b8407016db60ff39b637ec994b126c86d69d8/detection

110.164.146.49:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-03-24)

http://83.242.63.186
http://91.92.250.110
103.74.172.161:4444
103.82.24.193:443
104.209.128.50:4444
110.41.44.130:8888
115.74.30.127:4449
115.74.30.127:8000
115.74.30.127:9999
115.79.233.243:8000
115.79.233.243:9999
128.90.108.211:4433
128.90.115.54:4433
136.0.3.250:4444
138.201.82.227:4444
142.202.240.134:5555
147.124.223.16:5903
147.189.161.48:4444
154.23.141.66:4449
172.86.66.57:8080
178.168.70.101:443
181.215.4.52:6000
185.16.39.117:4449
185.229.237.51:2000
192.121.102.205:8888
192.71.172.113:8888
193.222.96.13:4449
193.222.96.14:4449
193.222.96.20:4449
193.222.96.41:4449
193.222.96.86:4449
193.222.96.95:4449
193.222.96.96:4449
193.233.161.246:443
20.169.80.43:4449
202.134.56.2:443
37.114.37.177:4444
37.120.141.144:5903
45.148.4.18:8888
45.148.4.19:8888
45.148.4.76:8888
45.15.157.90:3000
77.91.124.37:3001
82.115.223.46:7777
87.241.217.87:4444
91.151.88.209:4449
91.92.250.116:25
95.216.117.33:8088

# Reference: https://www.virustotal.com/gui/file/e0e633cb04164184e6a203995b73055fc92ffb95d5c816dc98b00150ef6b7394/detection

185.196.10.233:4782

# Reference: https://www.virustotal.com/gui/file/f4f212325a9c4f063b753139e08534a97338d141d088872acefb1be1864d2a49/detection

193.26.115.138:4782
genss.wi-fi.rip

# Reference: https://www.virustotal.com/gui/file/a841a1fe8b81516cb7d07d1bf57d663a26ce360e61f2f90c9dc046e9280bd318/detection

91.92.247.69:3634
94.156.66.151:3634

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-03-31)

http://3.99.102.8
http://94.156.66.151
1.9.177.252:9876
102.117.113.205:1024
102.117.113.205:13946
102.117.113.205:17393
102.117.113.205:18080
102.117.113.205:18084
102.117.113.205:1883
102.117.113.205:2004
102.117.113.205:2053
102.117.113.205:21
102.117.113.205:2380
102.117.113.205:2404
102.117.113.205:2455
102.117.113.205:25516
102.117.113.205:26238
102.117.113.205:26641
102.117.113.205:27049
102.117.113.205:27646
102.117.113.205:29975
102.117.113.205:36249
102.117.113.205:36945
102.117.113.205:389
102.117.113.205:40022
102.117.113.205:40240
102.117.113.205:40961
102.117.113.205:41489
102.117.113.205:4433
102.117.113.205:4444
102.117.113.205:4572
102.117.113.205:465
102.117.113.205:48087
102.117.113.205:5060
102.117.113.205:50995
102.117.113.205:51005
102.117.113.205:53311
102.117.113.205:56597
102.117.113.205:56832
102.117.113.205:57609
102.117.113.205:58603
102.117.113.205:631
102.117.113.205:63696
102.117.113.205:65245
102.117.113.205:7077
102.117.113.205:8082
102.117.113.205:8088
102.117.113.205:8418
102.117.113.205:9142
102.117.113.205:9653
103.200.29.109:1364
103.211.56.154:14782
111.90.143.125:8921
115.134.90.74:9876
124.13.185.107:9876
124.223.48.86:4285
14.225.210.222:12345
143.110.191.139:8080
161.97.162.173:4782
162.222.206.193:4782
166.88.132.139:8443
167.172.87.109:8080
167.86.115.184:443
172.111.148.62:19933
172.111.148.69:19933
172.111.148.93:19933
175.42.16.2:4784
175.42.18.7:4784
177.103.63.67:5000
181.161.15.137:8080
181.161.23.232:8080
181.161.4.80:8080
181.162.129.236:8080
181.162.133.144:8080
181.162.154.20:8080
181.162.168.165:8080
184.107.123.217:1990
185.196.8.93:4782
187.35.7.19:5000
187.59.70.10:4782
189.78.187.139:5000
190.205.241.70:443
191.82.209.29:2000
191.82.215.55:2000
191.82.221.165:2000
191.82.223.234:2000
192.151.244.144:14782
193.161.193.99:41985
194.68.32.11:443
194.87.252.184:4782
195.214.254.161:4444
198.167.201.212:19132
2.58.56.142:4782
20.42.80.234:8080
206.188.197.213:443
209.182.234.69:5000
217.63.234.90:1313
220.78.13.217:8080
223.155.16.116:23333
223.155.16.52:23333
223.155.16.58:23333
35.137.73.119:22222
46.39.224.38:9876
47.243.49.209:8443
47.97.41.73:6000
5.102.157.70:4872
5.144.177.67:6090
51.178.185.143:443
69.53.121.162:4782
77.105.219.98:443
8.218.71.187:8443
90.62.10.177:2222
91.134.187.25:3336
91.150.120.14:25565
94.156.66.151:39001
94.156.69.145:7539
94.156.8.44:4787
95.214.53.95:57896
95.216.117.153:4782
liceback.online
the.networkguru.com

# Reference: https://www.virustotal.com/gui/file/f28b2786c5703701a9079db2856dcb018a126039fd605c61ea4a952a50a4c656/detection

186.169.60.158:4782
newrecaerga1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d0cea17545da44187702d901a236a2d8a65bd2b00f176c8092cbc07ff55cdacd/detection

186.169.56.42:4782

# Reference: https://twitter.com/ULTRAFRAUD/status/1776591638640443676

212.192.31.211:4782
37.1.200.46:8081

# Reference: https://twitter.com/karol_paciorek/status/1777391702040351120
# Reference: https://www.virustotal.com/gui/file/b09096b5dc0e3fa723403e1410fc419448e50da1ba8cd26ff16b8d2ea2318c84/detection

45.11.57.24:8888
microsoft-cloud.sytes.net

# Reference: https://www.virustotal.com/gui/file/0277739966e1e3e6af04e7c717f1b49419a682b804668e4db5771ca60d1ac76a/detection

93.123.39.28:8890
venomken.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6d206f1c2b3017e47119f4ba875c155bfd9315d9f89e48e9b1c06eac92838a2d/detection

194.147.140.150:64598
194.147.140.180:64598
194.147.140.218:64598
noerewtionet.chickenkiller.com
rlauseystzits.jumpingcrab.com

# Reference: https://www.virustotal.com/gui/file/0ff056d3958a58c61eeb03b4da7ca452ec168eaafa3a6e1d66f86603cc4eb08e/detection

194.147.140.214:4782
igboat.com
nazi.igboat.com

# Reference: https://www.virustotal.com/gui/file/5b01febfead4b89d06ea792c89fedf765728f39e14c58335b0c173b4859c9a6c/detection

147.78.103.173:4001
94.156.79.26:4001
ppprosyl.con-ip.com

# Reference: https://www.virustotal.com/gui/file/0170695628a300a03e01da6352aa80d75dac69694a65d5962aaf1bdb89191095/detection

94.156.69.145:7310
peurnick24.bumbleshrimp.com

# Reference: https://twitter.com/banthisguy9349/status/1782448247551688808

http://67.191.63.138

# Reference: https://www.virustotal.com/gui/file/7fb40b33056e478db6faa2faa2dcc47d200a8cd2f4a5a3e2c82af84e47f92a87/detection

157.20.182.46:4782

# Reference: https://www.virustotal.com/gui/file/451f300d14014ed0d89f00dde44295272d1672507a449a6106dc450493baa52e/detection

proxybreve.duckdns.org

# Reference: https://twitter.com/suyog41/status/1787452543687336087
# Reference: https://www.virustotal.com/gui/file/1203184ceedf34816263b2ac5b7f4d8360194e93dd5e7d1e10138c1b19e397a8/detection

65.20.67.1:4782

# Reference: https://www.virustotal.com/gui/file/c5758433ef16949fe40b872e9456eed40aa65c0d9c11d78b3a71046781485aee/detection

94.156.67.11:7000
crazydns.bumbleshrimp.com

# Reference: https://x.com/johnk3r/status/1792639637153878106
# Reference: https://www.joesandbox.com/analysis/1444545/0/html
# Reference: https://www.virustotal.com/gui/file/14f9d6d20222a1b9824dd22e6173731b934dfbf1670f8228f740a8a2e3b824f0/detection

outsell.shop
sup-docul.life
samorai-3e912-default-rtdb.firebaseio.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-05-28)

http://1.53.31.3
http://206.237.6.174
1.180.161.186:5000
1.53.107.135:9000
101.237.34.239:4449
102.165.56.50:4449
103.155.93.148:8080
103.74.102.181:2981
106.53.162.128:8080
111.173.116.170:1235
111.173.116.29:8541
111.173.116.82:2312
115.74.21.108:8000
115.74.21.108:9999
118.68.145.50:9000
120.156.150.101:8085
13.77.123.222:4444
139.180.171.110:22841
14.5.161.232:5001
144.202.40.66:7771
149.88.75.162:80
154.62.175.113:8080
156.253.8.166:4444
157.254.223.10:8085
162.238.154.3:8080
171.232.6.144:4449
171.232.6.144:8000
171.232.6.144:9999
171.249.233.153:4449
171.249.233.153:8000
171.249.233.153:9999
171.249.235.149:9999
171.250.188.12:4449
171.250.188.12:9999
171.250.191.217:4449
171.250.191.217:5000
171.250.191.217:5001
171.250.191.217:8000
171.250.191.217:9999
173.248.141.247:8080
173.249.52.60:6000
178.33.57.150:443
179.100.74.227:1024
185.216.70.75:7771
185.224.135.175:4449
185.234.75.77:6666
193.187.175.70:8080
193.222.96.114:4449
193.222.96.114:7287
193.222.96.128:4449
193.222.96.143:4449
193.222.96.143:7287
193.222.96.234:4449
193.222.96.41:7287
194.48.251.169:4449
194.48.251.169:7287
197.82.164.175:8080
222.239.35.173:4449
3.141.40.232:8443
3.21.170.65:4444
37.221.93.29:4444
42.118.144.192:9000
42.119.107.175:9000
45.145.43.183:9955
45.15.156.173:8080
45.152.243.228:9090
45.94.170.223:2000
45.94.170.223:4449
47.76.113.146:8888
5.42.96.86:4449
51.89.158.68:7777
54.224.170.33:443
58.186.236.71:9000
65.191.34.123:6000
82.153.64.23:9999
86.106.87.158:2222
89.88.69.115:8080
91.219.62.14:7777
91.92.244.76:4449
91.92.245.225:1024
91.92.247.34:6667
91.92.250.96:6667
91.92.251.136:4443
91.92.251.153:4443
91.92.251.179:4443
91.92.251.245:4443
91.92.254.21:4443
91.92.255.16:4443
91.92.255.79:4443
94.156.128.246:3323
94.156.64.193:10110
94.156.64.5:4443
94.156.64.90:4443
94.156.65.172:4449
94.156.68.82:4449
94.156.69.161:4443
94.156.69.163:4443
94.156.69.164:4443
94.156.69.166:4443
95.164.3.243:4449

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-05-28)

http://116.204.42.20
http://2.56.245.124
http://216.9.225.194
101.201.150.204:8888
103.143.15.58:8080
103.200.124.194:4782
103.200.124.195:4782
103.200.124.197:4782
103.200.124.198:4782
103.244.226.133:8086
108.46.243.201:8000
111.173.106.171:53779
114.116.244.244:4495
114.132.87.123:4782
117.18.7.76:3782
118.161.124.220:17814
118.161.124.220:34820
118.161.124.220:49078
118.161.124.220:6004
120.26.136.167:8088
121.184.1.234:443
128.199.66.119:18982
13.43.245.50:3306
14.225.208.152:9999
14.225.219.33:9999
141.11.250.181:443
143.92.56.46:4782
143.92.56.50:4782
143.92.56.60:4782
144.217.189.92:3000
147.45.189.30:8080
150.158.139.196:6666
158.247.236.255:443
162.55.134.240:9001
175.137.217.128:9876
175.137.217.143:9876
176.241.64.239:1080
176.241.64.239:15443
176.241.64.239:22206
176.241.64.239:23142
176.241.64.239:25616
176.241.64.239:2762
176.241.64.239:28888
176.241.64.239:30827
176.241.64.239:33786
176.241.64.239:38519
176.241.64.239:44770
176.241.64.239:45835
176.241.64.239:49501
176.241.64.239:5000
176.241.64.239:50995
176.241.64.239:51200
176.241.64.239:51269
176.241.64.239:51601
176.241.64.239:52200
176.241.64.239:5222
176.241.64.239:58603
176.241.64.239:6007
176.241.64.239:6540
176.241.64.239:6697
176.241.64.239:8081
176.241.64.239:8159
176.241.64.239:831
176.241.64.239:8545
176.241.64.239:8636
176.241.64.239:88
176.241.64.239:939
177.102.67.107:5000
177.102.67.47:5000
177.60.122.85:5000
177.60.18.92:5000
177.68.45.3:5000
179.97.173.22:5000
181.162.141.33:8080
181.162.143.146:8080
181.162.156.123:8080
181.162.159.238:8080
181.162.177.31:8080
181.162.177.83:8080
181.162.187.238:8080
184.145.64.157:4444
184.190.169.22:3389
185.174.101.93:6546
185.245.183.74:2
187.35.7.95:5000
189.110.0.220:6653
190.203.52.245:443
191.82.192.124:2000
191.82.201.30:2000
191.82.203.72:2000
191.82.205.54:2000
191.82.213.14:2000
191.82.222.55:2000
191.82.231.105:2000
191.82.238.74:2000
191.82.251.201:2000
192.121.102.103:19933
192.121.102.3:19933
192.144.128.196:1994
193.161.193.99:33547
194.48.251.116:4782
202.188.41.179:9876
202.188.41.26:9876
206.233.128.64:8080
222.108.86.185:8888
223.26.61.23:5121
24.14.83.31:8081
38.15.51.3:4444
45.125.44.78:4782
45.144.30.147:4747
45.88.186.209:4782
47.120.35.45:4782
5.189.159.115:8080
5.44.196.220:9999
50.34.35.222:4444
51.178.195.149:443
51.223.58.16:2404
51.79.171.174:1337
54.193.220.196:4782
54.39.249.55:81
62.60.130.8:10000
8.130.34.199:443
82.69.26.196:5000
83.143.112.27:25565
84.247.179.77:443
84.247.179.77:587
84.247.179.77:8080
86.242.42.233:1194
89.121.228.226:25565
91.206.178.85:9000
91.92.242.80:4782
91.92.251.216:7000
91.92.254.190:8084
92.44.20.216:9733
93.123.85.108:4782
94.102.59.173:58943
94.156.10.119:4782
94.156.66.54:7310

# Reference: https://x.com/RacWatchin8872/status/1798686001587720409
# Reference: https://www.virustotal.com/gui/ip-address/216.238.78.129/relations
# Reference: https://www.virustotal.com/gui/file/d8538711014fff7a8fbe116e2ed843f03497976641d52e949b1c922496f5f52f/detection

http://216.238.78.129
configurationappfnb.myddns.me
totallylegit.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5d9c02ab6658662d0f49974cb9bfbe0728447122402bf9590e96836506a4555c/detection

193.161.193.99:49246
ramzishiabna-49246.portmap.host

# Reference: https://x.com/banthisguy9349/status/1798772817040703722
# Reference: https://www.virustotal.com/gui/file/a86032d9a2f6a503cdfde7062e97c627cd975897a073473fdf84786c2ffbce90/detection

http://20.197.248.195
193.187.174.93:1389
20.197.248.195:4782

# Reference: https://x.com/V3n0mStrike/status/1799590093868380634
# Reference: https://www.virustotal.com/gui/file/d5647dd8dbd73ac01bad18aefafab4b7848861c12eaff129b37f65cfc940575d/detection
# Reference: https://www.virustotal.com/gui/file/187892400b7506d72a75d516ad1afb001478bb29e631553a688f4d181285bf0a/detection

64.42.179.59:62604
mediafire.zip
roblox.airdns.org

# Reference: https://x.com/ValidinLLC/status/1800490293516746806

154.91.230.183:443
154.91.230.197:443
154.91.230.204:443
185.234.72.39:443
191.243.146.124:443
201.210.67.172:443
201.211.212.62:443
92.118.151.64:443
rodiina.online
ip149.ip-51-178-195.eu

# Reference: https://x.com/karol_paciorek/status/1803028724671000850
# Reference: https://www.virustotal.com/gui/file/164e19d48c8d3ed423d4d4c68dff47899f375b6ef4f2a27005562e16b3a8d33f/detection

94.228.166.40:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-06-22)

http://149.88.75.162
http://2.58.84.229
103.102.228.188:4449
107.175.101.155:4449
115.74.42.106:4449
115.74.42.106:5000
115.74.42.106:5001
115.74.42.106:5002
115.74.42.106:8000
115.74.42.106:9999
119.59.98.116:7812
128.90.108.187:4433
13.60.33.38:4449
146.19.213.22:9090
147.78.103.60:2525
148.113.165.11:82
149.0.1.32:4444
172.203.104.154:4444
176.218.133.216:4444
178.20.42.245:4449
192.227.228.34:4782
194.55.186.49:2424
207.154.230.90:4782
212.23.222.48:8888
3.125.209.94:19605
3.68.171.119:11492
38.180.9.93:4782
5.180.155.40:4782
58.87.70.252:4449
87.248.157.236:8080
91.92.246.193:4444
93.123.39.16:4443
94.156.68.38:4444
94.156.8.15:4443

# Reference: https://www.virustotal.com/gui/file/02b24fe75d4bc7d81f50400d38d49358f698c986fa15b417c9b8fcb5d6196d19/detection

91.92.120.127:7702

# Reference: https://x.com/1ZRR4H/status/1804861971944378840
# Reference: https://x.com/V3n0mStrike/status/1804881776201888154

http://181.162.183.41
103.50.33.63:8080
103.50.33.90:8080
158.220.78.17:8080
158.220.78.45:8080
177.54.151.190:8080
181.161.18.110:8080
181.161.30.223:8080
181.161.31.121:8080
181.161.4.220:8080
181.161.9.149:8080
181.162.129.192:8080
181.162.129.89:8080
181.162.132.121:8080
181.162.132.39:8080
181.162.137.174:8080
181.162.143.39:8080
181.162.144.66:8080
181.162.146.165:8080
181.162.147.213:8080
181.162.149.26:8080
181.162.150.167:8080
181.162.151.240:8080
181.162.152.143:8080
181.162.152.196:8080
181.162.154.235:8080
181.162.159.201:8080
181.162.161.66:8080
181.162.165.161:8080
181.162.165.195:8080
181.162.168.131:8080
181.162.170.67:8080
181.162.170.89:8080
181.162.171.121:8080
181.162.172.141:8080
181.162.173.228:8080
181.162.177.53:8080
181.162.180.241:8080
181.162.181.30:8080
181.162.181.48:8080
181.162.183.41:8080
181.162.188.222:8080
185.153.176.89:8080
185.216.73.171:8080
186.11.102.136:8080
201.219.233.115:8080
201.219.233.50:8080
85.190.229.74:8080
85.190.229.79:8080

# Reference: https://x.com/karol_paciorek/status/1806025566229066016
# Reference: https://www.virustotal.com/gui/file/07fc41a684f289e5b0675570db4d99dbd14d19ddc72fe047ba431d356440d020/detection

http://134.122.3.3
134.122.3.3:8888
usps-test-new.codeanyapp.com

# Reference: https://x.com/1ZRR4H/status/1808612777453629461
# Reference: https://www.virustotal.com/gui/ip-address/181.162.170.67/relations

http://181.162.170.67
dragon4.freedynamicdns.org

# Reference: https://x.com/Gi7w0rm/status/1808856821928431812

91.92.253.215:4782

# Reference: https://www.virustotal.com/gui/file/0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1/detection

64.112.85.3:4449

# Reference: https://x.com/johnk3r/status/1812923002692248002
# Reference: https://www.virustotal.com/gui/file/f1f7a98c79875b189193c82da59aa40ce7412e5fdd67d56f9816de437e47908f/detection

http://18.231.251.59
argentina-e4162-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1813812043562004780
# Reference: https://www.virustotal.com/gui/file/307d1fc0c524e69ce8c8fe8aa41d0b5d314fd9553f0138fdf370efacaa2e0c67/detection

5.206.224.223:36920
ainvestinternational.com
/wp_doors/img-files/louzy.db
/wp_doors/img-files/Obbuq.db
/wp_doors/img-files/

# Reference: https://x.com/RacWatchin8872/status/1815072969422508265
# Reference: https://tria.ge/240721-vn9mhswblc/behavioral1

45.66.231.154:4782

# Reference: https://x.com/malwrhunterteam/status/1815666793194643468
# Reference: https://www.virustotal.com/gui/file/e1f7046e743c59807a55926e177b3d2c552b02565582cbb3c19e0710ab49d03a/detection
# Reference: https://www.virustotal.com/gui/file/ace5504608d43d701becbb246abe3c7b0483fd3904c13a5677084e6f98ef0271/detection

http://15.235.61.212
15.235.61.212:5552

# Reference: https://www.virustotal.com/gui/file/587e7b53aa25dc0a426c5e385a275e366b9bc203f7a0027a82dbd7a702909468/detection

workserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/10360cc5cb54e067dd7384b9d3fd96d0359a91fba804a8a88c5d298a0139df85/detection

85.28.47.123:4782

# Reference: https://www.virustotal.com/gui/file/bb6c313c94a7ba44d0712ad96047cec2e63ee5fe9238a08262ef6977f78ce420/detection

94.156.71.212:7000

# Reference: https://www.virustotal.com/gui/file/9ef2a78f139360ed0f31bcdf06e189291e8fae8a9aecef700c6eff0fd085151c/detection

91.92.243.120:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-08-03)

http://5.206.224.223
103.74.101.154:4443
103.97.178.205:2000
104.238.23.4:4449
13.50.4.180:7854
146.19.9.48:4449
147.185.221.20:63331
157.20.182.172:4449
171.232.6.89:4449
171.232.6.89:5000
171.232.6.89:5001
171.232.6.89:5002
171.232.6.89:6000
171.232.6.89:8000
171.232.6.89:9999
171.235.46.230:4449
171.235.46.230:5000
171.235.46.230:5001
171.235.46.230:5002
171.235.46.230:6000
171.235.46.230:8000
171.235.46.230:9999
193.222.96.24:4449
194.55.186.187:4443
194.55.186.188:4443
198.12.66.100:4443
38.181.25.40:8899
39.101.122.168:9000
45.66.231.182:7777
5.206.224.154:4449
5.206.224.223:4449
64.190.113.27:8081
78.142.29.49:4443
79.110.49.25:4449
80.253.246.53:2000
89.213.56.62:3306
91.92.247.147:8080
91.92.250.148:7777
94.156.79.190:4449
95.142.46.3:7000
95.65.165.151:4444

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-03)

117.18.7.76:4044
121.62.23.208:4999
143.92.49.122:4545
154.221.25.6:443
185.208.158.208:5012
191.82.218.149:2000
193.29.13.46:5850
193.42.11.9:4329
202.103.157.162:4999
203.23.128.30:5353
43.135.119.209:8443
45.77.45.120:443
91.92.249.238:443
94.156.64.24:443

# Reference: https://x.com/P4nd3m1cb0y/status/1820508693001052396
# Reference: https://www.virustotal.com/gui/file/deebb3404de726f330e122ea377c38a79970788de0205b3ccfca1b8b99cf0291/detection

103.252.123.135:2424

# Reference: https://x.com/Huntio/status/1820061868515549464
# Reference: https://x.com/ValidinLLC/status/1820777327069913191
# Reference: https://x.com/ValidinLLC/status/1820804580935979186
# Reference: https://app.validin.com/detail?type=ip&find=118.193.68.175#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=118.193.69.19#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/8575051c6515732e6262e9c00b665e0e81736bdeab2253276d4180d89b520f04/detection

172.86.106.218:443
172.86.106.218:587
172.86.106.218:8080
fonmgesdr.top
gdrivnam.click
gdrivnam.rest
gdrivnam.shop
gdrivnam.site
gghoimi.hair
gghoimi.site
gghoimi.website
gjomopop.online
gkolpo.store
gmlouop.online
gmlouop.rest
gmlouop.site
gmpamak.click
gmpamak.online
gmpamak.rest
gmpamak.shop
gmpamak.site
gnasdoin.online
gnasdoin.rest
gnasdoin.site
goloplop.store
gskoplp.site
gtoresdom.online
gtrasdoi.site
hbssdaswfq.top
nafimalo.online
nafimalo.site
nagolm.online
nagolm.rest
nagolm.shop
nagolm.site
namsoiep.quest
namsoiep.shop
namsoiep.site

# Reference: https://x.com/malwrhunterteam/status/1821801130269040785
# Reference: https://www.virustotal.com/gui/file/fa384a11792270eb9d8599aa1c72e504f2c6552683cd4fe919c0160188f10fa9/detection

liaron.com
ttasstsat.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-10)

http://172.207.72.220
http://45.94.31.65
102.117.113.205:13999
102.117.113.205:1492
102.117.113.205:39109
102.117.113.205:4125
102.117.113.205:4721
102.117.113.205:47800
102.117.113.205:49502
102.117.113.205:8080
103.136.199.168:4783
106.54.209.24:4782
107.172.159.50:6000
109.199.104.52:4782
123.113.8.123:4285
124.222.109.145:4782
124.71.225.72:4782
14.225.208.152:8888
14.225.210.222:20242
14.35.42.91:8888
141.134.11.187:4782
146.190.103.72:8080
147.45.44.138:4782
149.28.201.31:82
152.136.159.133:5168
154.92.17.171:443
159.223.52.78:9782
172.86.110.12:8080
177.138.248.85:5000
179.181.103.213:4782
18.134.234.207:3306
181.161.13.84:8080
181.161.2.204:8080
181.161.30.246:8080
181.162.178.142:8080
189.38.106.100:443
190.9.208.167:8081
191.17.96.243:5000
191.82.250.214:2000
192.121.102.70:443
193.107.109.76:54664
193.124.33.125:4782
193.124.33.141:4782
193.142.59.109:6546
193.181.41.109:443
193.233.113.77:2323
194.147.140.176:2222
194.163.171.74:443
198.27.97.88:919
209.126.7.24:4444
213.176.29.29:10000
27.124.46.142:8080
27.124.46.227:8080
27.124.46.236:8080
37.97.36.121:25565
38.242.236.116:443
40.81.17.50:8080
45.84.198.9:30120
45.85.250.180:4782
5.189.175.70:443
5.44.252.181:4782
50.34.48.26:4444
51.103.213.60:8080
8.210.77.104:4086
81.68.190.186:4782
82.157.51.56:4782
83.229.69.9:8080
84.247.179.77:25
88.184.9.216:4444
91.225.219.120:4782
94.156.66.50:82
94.156.69.145:7000
94.156.69.158:57420
172-232-134-145.ip.linodeusercontent.com
174.151.189.35.bc.googleusercontent.com
applereports.ddns.net
ec2-3-129-208-252.us-east-2.compute.amazonaws.com
goofy-satoshi.142-202-191-144.plesk.page
vistc.com
vmi1501059.contaboserver.net
vmi1502954.contaboserver.net
vmi1502970.contaboserver.net
vmi1528797.contaboserver.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-08-10)

http://51.161.12.215
http://91.238.103.153
103.176.169.120:4449
116.102.238.236:5000
116.102.238.236:5001
116.102.238.236:5002
116.102.238.236:6000
116.102.238.236:8000
116.102.238.236:9999
157.20.182.167:4449
157.20.182.226:4449
34.45.30.242:443
45.66.231.202:5000
5.9.101.133:22
51.161.12.215:443
87.19.18.186:1927
91.92.244.207:2025
91.92.244.207:4449
watermellon.site
gho0kgklj.watermellon.site

# Reference: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

anachyyyyy.duckdns.org
drvenomjh.duckdns.org
xoowill56.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-18)

121.169.59.210:443
121.169.59.210:808
14.225.219.33:8888
141.95.84.40:35
147.45.45.65:2323
149.28.156.134:25
157.254.223.251:1337
166.88.61.138:22255
172.103.135.112:8888
172.86.112.30:8081
177.172.52.195:5000
181.161.11.94:8080
181.162.184.197:8080
184.145.64.242:4444
191.82.218.55:2000
193.161.193.99:34180
194.26.192.177:4782
204.12.245.100:8443
210.1.226.236:443
223.155.16.187:23333
223.155.16.190:23333
24.11.130.108:25565
31.220.101.25:8000
45.147.228.196:4782
47.236.182.237:4782
59.14.118.202:443
62.234.21.225:443

# Reference: https://x.com/marsomx_/status/1825537918087385185
# Reference: https://www.virustotal.com/gui/ip-address/15.228.186.93/relations
# Reference: https://www.virustotal.com/gui/file/ef3673c6ad613b1b14d2f7e72c43977008534d8e085aafe22a7c8cfcb3b83b6c/detection
# Reference: https://www.virustotal.com/gui/file/4c1d62f8473f64aa7d0b6fb86b972c58cae5d242d0ee048f41604f1f23a2196d/detection
# Reference: https://www.virustotal.com/gui/file/0ec987a8cf5a6359a641bff9018fcfe1944309ac0037a1bfdfbb5fc3a5b7ce0b/detection

http://15.228.186.93
agicltursement.ink
cfestlolequiep.store
gastronomleo.lat
mercantokiko.xyz
noticiasnovidads.xyz
varjolatijolos.space
coletasegura.ddns.net
notificacao.noticiasnovidads.xyz

# Reference: https://x.com/ShanHolo/status/1826917813379846419
# Reference: https://app.validin.com/detail?type=ip&find=45.45.238.213#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/df1a4fc766fde3ad56195e192c5f0e33bd0ef088128cca6c95f10e3135669963/detection
# Reference: https://www.virustotal.com/gui/file/76e762cc7073a3bdee1117c79fd7ab7fcaf8bf1e393d25e165f59ca30ebd2dbf/detection
# Reference: https://www.virustotal.com/gui/file/6e2060f5ac86d80be2d3b4f66a229dd3f1114cd3c0b232e8653335dfcf5a75a3/detection

45.45.238.213:2052
45.45.238.213:4782
funpass.services
nigger.zone
niggerdns.cloud
packets.fun
mail.nigger.zone
play.funpass.services

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-25)

http://146.70.113.183
104.237.252.41:7310
177.172.85.227:5000
177.201.54.142:831
181.162.135.102:8080
181.162.185.79:8080
222.253.182.185:4783
223.155.16.113:23333
223.155.16.159:23333
223.155.16.161:23333
223.155.16.165:23333
223.155.16.167:23333
223.155.16.168:23333
223.155.16.170:23333
223.155.16.173:23333
223.155.16.174:23333
223.155.16.176:23333
223.155.16.177:23333
223.155.16.180:23333
223.155.16.181:23333
223.155.16.182:23333
223.155.16.183:23333
223.155.16.184:23333
223.155.16.185:23333
223.155.16.186:23333
223.155.16.188:23333
223.155.16.189:23333
223.155.16.191:23333
223.155.16.192:23333
223.155.16.194:23333
223.155.16.195:23333
223.155.16.196:23333
45.138.16.215:4782
45.63.16.30:8088
88.174.225.208:16385
92.40.112.165:4444
93.109.60.3:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-08-25)

http://124.223.40.253
103.191.241.8:4449
103.65.234.126:4444
104.238.189.204:4449
111.90.151.197:8080
171.233.26.60:5000
171.233.26.60:6000
171.233.26.60:8000
171.233.26.60:9999
185.162.75.19:4449
195.201.76.21:8890
202.95.19.142:8888
34.67.75.224:1080
37.1.220.7:1605
45.66.231.241:5000
45.87.173.129:4449
77.83.196.126:4449
85.190.243.242:8888
85.208.110.83:4449
s7.canada.wiretun.com

# Reference: https://www.virustotal.com/gui/file/2450bc33607f6c985ec171ba34940dcdc57c95b1add77bd98675e54a431d5fab/detection

89.47.113.60:4449

# Reference: https://www.virustotal.com/gui/file/00b02d486e044d9513a7a737074e56a0cada1518ffee821cbf8e27a77a9f8b5a/detection

148.113.165.11:82

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-09-08)

http://139.64.37.72
http://143.92.163.215
http://2.59.135.162
104.245.247.85:57896
108.253.252.20:8888
119.196.227.203:8888
139.64.37.72:10000
139.64.37.72:11211
139.64.37.72:11300
139.64.37.72:13145
139.64.37.72:135
139.64.37.72:13562
139.64.37.72:1433
139.64.37.72:18398
139.64.37.72:2000
139.64.37.72:20000
139.64.37.72:20547
139.64.37.72:20650
139.64.37.72:2086
139.64.37.72:21
139.64.37.72:21577
139.64.37.72:25206
139.64.37.72:32870
139.64.37.72:3623
139.64.37.72:39513
139.64.37.72:40396
139.64.37.72:41869
139.64.37.72:43918
139.64.37.72:49152
139.64.37.72:49501
139.64.37.72:51200
139.64.37.72:5366
139.64.37.72:54164
139.64.37.72:5432
139.64.37.72:54739
139.64.37.72:58000
139.64.37.72:58297
139.64.37.72:60000
139.64.37.72:60130
139.64.37.72:65405
139.64.37.72:8013
139.64.37.72:8089
139.64.37.72:8090
139.64.37.72:83
139.64.37.72:9876
139.64.37.72:990
139.64.37.72:993
143.92.163.215:10000
143.92.163.215:1080
143.92.163.215:12220
143.92.163.215:13012
143.92.163.215:14265
143.92.163.215:1687
143.92.163.215:16993
143.92.163.215:18809
143.92.163.215:1962
143.92.163.215:2000
143.92.163.215:2004
143.92.163.215:20594
143.92.163.215:20888
143.92.163.215:234
143.92.163.215:27256
143.92.163.215:28820
143.92.163.215:28906
143.92.163.215:28994
143.92.163.215:29457
143.92.163.215:30005
143.92.163.215:31990
143.92.163.215:3260
143.92.163.215:3390
143.92.163.215:37215
143.92.163.215:38171
143.92.163.215:41036
143.92.163.215:43
143.92.163.215:43996
143.92.163.215:4433
143.92.163.215:44418
143.92.163.215:4443
143.92.163.215:4444
143.92.163.215:445
143.92.163.215:44772
143.92.163.215:45081
143.92.163.215:45436
143.92.163.215:49501
143.92.163.215:49509
143.92.163.215:49837
143.92.163.215:5060
143.92.163.215:50805
143.92.163.215:5191
143.92.163.215:5357
143.92.163.215:5366
143.92.163.215:54515
143.92.163.215:54964
143.92.163.215:565
143.92.163.215:56600
143.92.163.215:58603
143.92.163.215:5900
143.92.163.215:5903
143.92.163.215:6003
143.92.163.215:6379
143.92.163.215:64566
143.92.163.215:6700
143.92.163.215:7002
143.92.163.215:8000
143.92.163.215:8008
143.92.163.215:8089
143.92.163.215:83
143.92.163.215:8389
143.92.163.215:8545
143.92.163.215:9000
152.44.219.243:18473
174.70.151.61:2404
177.60.19.211:5000
178.215.236.82:8008
179.13.0.19:2000
179.14.10.24:2004
181.161.12.107:8080
181.161.9.125:8080
181.162.166.32:8080
181.162.173.152:8080
185.245.183.74:7
188.173.90.67:4873
192.227.228.34:5555
193.183.217.32:443
193.233.74.94:1414
198.167.199.172:19132
198.167.199.181:19132
198.167.199.225:19132
198.167.199.249:19132
203.23.128.30:443
213.159.74.80:9792
217.194.133.95:1372
223.155.16.132:23333
223.155.16.134:23333
223.155.16.137:23333
223.155.16.13:23333
223.155.16.154:23333
223.155.16.160:23333
223.155.16.166:23333
223.155.16.171:23333
223.155.16.178:23333
223.155.16.201:23333
223.155.16.22:23333
223.155.16.26:23333
223.155.16.34:23333
223.155.16.39:23333
223.155.16.73:23333
223.155.16.96:23333
23.158.232.33:2003
31.49.244.152:9300
49.13.11.125:2137
5.189.175.70:25
65.108.9.243:3389
8.134.166.134:85
87.248.130.16:443
93.177.167.223:4782
87-89-82-13.abo.bbox.fr
8msv-27569.portmap.host
i15-lef01-t2-87-89-82-13.ft.lns.abo.bbox.fr
juankaa123516-42965.portmap.host
unimeduberlandia.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-09-08)

http://103.114.104.48
103.114.104.48:443
149.88.85.23:4444
154.216.17.138:4444
157.20.182.193:888
171.233.26.60:5001
171.233.26.60:5002
171.233.26.60:6001
172.94.18.237:4444
176.218.141.64:4444
185.243.181.125:4444
202.95.15.107:8880
45.155.124.230:4449
94.156.67.40:4449
95.179.140.46:4443

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-09-09)

139.64.37.72:10443
139.64.37.72:10839
139.64.37.72:1200
139.64.37.72:12587
139.64.37.72:12922
139.64.37.72:13570
139.64.37.72:13998
139.64.37.72:14063
139.64.37.72:16633
139.64.37.72:17778
139.64.37.72:18245
139.64.37.72:1883
139.64.37.72:19960
139.64.37.72:2004
139.64.37.72:20256
139.64.37.72:20620
139.64.37.72:2375
139.64.37.72:28167
139.64.37.72:3390
139.64.37.72:35874
139.64.37.72:37089
139.64.37.72:37787
139.64.37.72:38231
139.64.37.72:40628
139.64.37.72:4242
139.64.37.72:45615
139.64.37.72:4567
139.64.37.72:46773
139.64.37.72:47001
139.64.37.72:4730
139.64.37.72:5061
139.64.37.72:52628
139.64.37.72:55016
139.64.37.72:57555
139.64.37.72:58415
139.64.37.72:587
139.64.37.72:5902
139.64.37.72:59510
139.64.37.72:6009
139.64.37.72:60378
139.64.37.72:6362
139.64.37.72:832
139.64.37.72:8636
139.64.37.72:9201
139.64.37.72:9300
139.64.37.72:9865
172.94.13.207:4444
176.124.203.97:25565
181.162.183.79:8080
181.22.146.11:4444
185.49.126.16:4788
198.167.199.195:19132

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-09-22)

119.196.227.210:8888
122.243.128.71:10001
123.113.10.246:4285
141.11.95.183:1606
160.124.255.25:4782
177.172.85.234:5000
181.162.138.13:8080
181.162.163.60:8080
181.162.182.194:8080
181.22.146.21:4444
181.22.159.53:4444
185.241.208.234:8080
191.19.129.250:5000
191.82.222.121:2000
193.161.193.99:34101
198.167.199.145:19132
198.167.199.167:19132
198.167.199.196:19132
198.167.199.197:19132
198.167.199.237:19132
198.167.199.242:19132
198.167.199.251:19132
198.167.199.252:19132
199.180.113.10:4285
20.241.63.211:4782
223.155.16.100:23333
223.155.16.125:23333
223.155.16.141:23333
223.155.16.156:23333
223.155.16.162:23333
223.155.16.172:23333
223.155.16.19:23333
223.155.16.60:23333
223.155.16.90:23333
223.155.16.9:23333
34.72.83.57:4444
4.248.59.179:8080
45.138.16.146:8888
45.138.16.90:8888
45.81.243.209:443
46.43.91.253:66
47.76.177.218:9443
47.99.65.37:8043
91.92.241.122:6969
94.156.67.52:8080
94.156.67.52:8082
146-70-113-183.cprapid.com
185-47-174-89.cloud-xip.com
ec2-3-99-102-8.ca-central-1.compute.amazonaws.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-09-22)

103.211.201.109:6000
108.61.177.169:4449
114.132.232.233:4449
15.235.155.2:1080
158.69.41.120:8000
171.249.228.3:5000
171.249.228.3:5001
171.249.228.3:6000
171.249.228.3:6001
171.249.228.3:8000
171.249.228.3:9999
195.85.207.33:2000
45.66.231.150:4449
5.161.231.57:4449
74.249.113.208:6000
88.80.150.190:443
94.156.64.6:8080
242.30.45.34.bc.googleusercontent.com
ns570052.ip-51-161-12.net

# Reference: https://www.virustotal.com/gui/file/ada0631dc37f95d59ee0f77998d576c5668e339aeb9f3a8cbb0dde772e7df8bb/detection

45.120.178.138:5173

# Reference: https://x.com/DaveLikesMalwre/status/1840473495941128388
# Reference: https://www.virustotal.com/gui/file/9be0c0d484d2b5c1aca1cb9e6247adf908f4cdd14ec0cfdf5378898180860124/detection

157.20.182.63:4449
157.20.182.63:8080
