# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: korat, lsslogger, remcos

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Remcos-G/detailed-analysis.aspx

remcos.legacyrealestateadvisors.net
remcos2.legacyrealestateadvisors.net

# Reference: https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html

dboynyz.pdns.cz
streetz.club
mdformo.ddns.net
mdformo1.ddns.net
vitlop.ddns.net
ns1.madeinserverwick.club
uploadtops.is
prince.jumpingcrab.com
timmason2.com
lenovoscanner.duckdns.org
lenovoscannertwo.duckdns.org
lenovoscannerone.duckdns.org
google.airdns.org
civita2.no-ip.biz
pimmas.com.tr
mervinsaat.com.tr
samurmakina.com.tr
paulocamarao.com
midatacreditoexperian.com.co
lebontour.com
businesslisting.igg.biz
unifscon.com

# Reference: https://twitter.com/MaelSecurity/status/1036551872008605696

test200.dynu.net

# Reference: https://twitter.com/ps66uk/status/1040576968750706689
# Reference: https://www.virustotal.com/#/ip-address/185.163.100.45

gclarke77.gotdns.ch
gclarke7.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1040620171692466176

yvonne.ddns.net

# Reference: https://twitter.com/avman1995/status/1040472512356855808

top.taijh.xyz

# Reference: https://twitter.com/Racco42/status/1040154199592509440

auxlorenagomez.ddns.net

# Reference: https://twitter.com/luc4m/status/1021670673247285248

worldwide.weldwire.top

# Reference: https://twitter.com/luc4m/status/1019948492947709953

gatewayglobal.strangled.net

# Reference: https://twitter.com/James_inthe_box/status/1018792273574678528

http://185.62.190.232

# Reference: https://twitter.com/ps66uk/status/1046900765493739520

menaxe.duckdns.org

# Reference: https://www.cyren.com/blog/articles/fake-invoice-carries-rescoms-malware-targeting-businesses-globally

infocolornido.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1051360120834265088

satan969.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1044204804354957312

ddns.njegidi888.xyz

# Reference: https://twitter.com/Racco42/status/1027883312252108800

2419.damnserver.com
2419.duckdns.org
2419.geekgalaxy.com
2419.health-carereform.com
2419.pgafan.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/939146342357536768/photo/1

gemalto788.ddns.net

# Reference: https://twitter.com/Racco42/status/1054384363524235264

eskimoz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1102437794025295872

112.204.228.252:2323

# Reference: https://www.cert-pa.it/notizie/analisi-del-malware-remcos-veicolato-tramite-packer-delphi/

pekniecza.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1108949343074054144
# Reference: https://app.any.run/tasks/5e5404b2-4018-4da4-a6a3-19465fa7cc9c

185.244.29.73:6767

# Reference: https://twitter.com/malwrhunterteam/status/1111352801693782016

castelfable.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1104327117309968384

infosblogwar.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1098553609375993856

194.68.59.41:1956

# Reference: https://twitter.com/pollo290987/status/1083401581670875136

194.5.98.173:7081

# Reference: https://twitter.com/ps66uk/status/1062514051165704192

argonsa.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1060547624418168839

cjmoney.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1049011930411794432

185.148.241.58:2442

# Reference: https://twitter.com/FewAtoms/status/1104355364391305216

196.127.74.118:2402

# Reference: https://twitter.com/Racco42/status/1088469487387664384

utchmann.bounceme.net

# Reference: https://twitter.com/pancak3lullz/status/1075888625261387777

info1.duckdns.org
185.244.30.126:5552

# Reference: https://twitter.com/James_inthe_box/status/1063118942095331328

449ers.ddns.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/ViriBack/status/971430374919122944

top.carolp1.xyz
185.62.189.72:1992

# Reference: https://twitter.com/pollo290987/status/963073970542129152

jerryemperror2.punkdns.top

# Reference: https://twitter.com/avman1995/status/960419643704913920

obereagu.ddns.net

# Reference: https://twitter.com/Antelox/status/884773449520095232

178.73.210.233:100

# Reference: https://twitter.com/makflwana/status/1104376804293263360
# Reference: https://app.any.run/tasks/8149d283-b550-4b31-9adf-4b4c85962e7d

juanbouyant.ddns.net

# Reference: https://twitter.com/x42x5a/status/1114133426708340736

prueba00223.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

triggerd.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1121754056517537792

winsec.ddns.net
46.246.86.67:2606

# Reference: https://twitter.com/dvk01uk/status/1123210727483957248
# Reference: https://app.any.run/tasks/0e57a079-57d4-4c2d-8e01-82d316ac2d55

ablegod.hopto.org
79.134.225.6:6691

# Reference: https://github.com/edchavarro/RAT_IoCs

lacoste587.lacoste587.agency
dsquared21.dsquared21.rocks
hugoboss01.hugoboss01.store
luisvuitton.luisvuitton.tech
supreme12.supreme12.recipes
automovil1.peugeot10.cc
comida2.kfc52.club
auto14.wolsvagen7.mobi
telefonia1.telcel75.asia
consola2.nintendo3.life
microsofteup.pdns.cz
lexusempresa.100chickens.me
mojarracompany.pdns.cz
camilo6541.pdns.cz
balvinnew.100chickens.me
mercadolibre.pdns.cz
ebayeup.pdns.cz
antonio6532.pdns.cz
daniel6536.pdns.cz
181.57.221.10:4450
181.57.221.10:4452
181.57.221.10:4851

# Reference: https://twitter.com/pancak3lullz/status/1009524847314194434

185.209.85.75:7921

# Reference: https://twitter.com/suyog41/status/1129322130078916608
# Reference: https://www.virustotal.com/gui/file/817e345ac4e63947b592e28774c71c4a01d7c0f2005324b028871e0dedd7c4ef/detection

bego.hopto.org

# Reference: https://twitter.com/HerbieZimmerman/status/1131977968950099968

185.244.31.137:6666

# Reference: https://twitter.com/James_inthe_box/status/1132292966062518272

manihackz.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1132294012100960257

amanihackz.ddns.net

# Reference: https://twitter.com/ffforward/status/1133631211337912320

mgc2.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1133667461335801857
# Reference: https://app.any.run/tasks/5c919ea0-0f27-481a-af41-42057d090096/

185.244.31.137:6767

# Reference: https://twitter.com/dvk01uk/status/1134014391249252357
# Reference: https://app.any.run/tasks/8d26c7f7-70bc-40c7-bfe2-b664d555054b/

185.244.31.34:6868

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

darlz.freeddns.org
185.62.190.214:1695

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

13.250.1.111:1986
13.250.1.111:1992
194.67.209.128:1992
194.67.209.128:7707
216.38.8.168:1986
216.38.8.168:7707

# Reference: https://twitter.com/James_inthe_box/status/1139839056748011520

xcv87xcv7xc7sd5f67s5dxc67vxdsfwe342.publicvm.com

# Reference: https://twitter.com/James_inthe_box/status/1139881993607380993

stainlessplc.ddns.net
184.75.209.163:6799

# Reference: https://twitter.com/dvk01uk/status/1141314328362176512
# Reference: https://app.any.run/tasks/8f80f415-a02e-451b-9797-96a3d03c793d/

185.247.228.199:6868

# Reference: https://twitter.com/x42x5a/status/1142113259044179968

jaybaba2.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1142187271283548160

91.189.180.203:3480

# Reference: https://twitter.com/x42x5a/status/1142436174755192833

cemileorucs.ddns.net

# Reference: https://twitter.com/DbgShell/status/1143669818652069894

vubhijk.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1144186368483975168
# Reference: https://app.any.run/tasks/e5283183-af56-4628-bff3-b12572b43896/

185.247.228.99:1998
terrymamela.ddns.net

# Reference: https://twitter.com/reecdeep/status/1145646210398773249
# Reference: https://app.any.run/tasks/e89b3c70-50a6-421a-b639-299a918e147c/

jerryo.duckdns.org
185.247.228.236:8815

# Reference: https://pastebin.com/S4ggik78

du4alr0ute.sendsmtp.com

# Reference: https://twitter.com/killamjr/status/1154121304213094401

talkmess.dns-cloud.net

# Reference: https://twitter.com/Racco42/status/1157207083382652928

newrr.duckdns.org

# Reference: https://twitter.com/Racco42/status/1157242080932089856

191.101.150.90:2950

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Remcos-7089920-1)

abeasinf.duckdns.org
remsalvados2019.duckdns.org

# Reference: https://twitter.com/killamjr/status/1161983614197936128

185.244.31.32:2404

# Reference: https://twitter.com/James_inthe_box/status/1148692646942015488
# Reference: https://twitter.com/killamjr/status/1167454907676467201
# Reference: https://app.any.run/tasks/1c8c17b6-2628-4a06-8c2a-deb889e3e010/

185.244.31.96:3090
top.subaroone.waw.pl

# Reference: https://twitter.com/reecdeep/status/1163796233363906560
# Reference: https://app.any.run/tasks/e990631e-57b0-49db-b0b0-750dc33927dc/

185.244.31.26:6265
safer.ddns.net

# Reference: https://twitter.com/wwp96/status/1163788636036501504

evergraced.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1164517058672906241

daya4659.ddns.net

# Reference: https://twitter.com/killamjr/status/1165459331912888320
# Reference: https://app.any.run/tasks/211498a3-95a8-44ee-a87b-25cdac3d8edc/
# Reference: https://www.virustotal.com/gui/file/6b32d6a32540884c3fb1a195b32b02aec9dd06797c464dee1c02bbb6ee97ffd1/detection
# Reference: https://twitter.com/killamjr/status/1168575703656189952
# Reference: https://app.any.run/tasks/346f19a6-7cd8-4da7-b7ba-76651bc540f1/

193.56.28.241:4444
193.56.28.241:8888
23.105.131.202:8888
crackme.hopto.org
noface55.kozow.com

# Reference: https://twitter.com/oguzpamuk/status/1166293812714659841
# Reference: https://app.any.run/tasks/d069fcb1-1c81-4f87-97bc-d4afb40a06e7/
# Reference: https://twitter.com/Racco42/status/1168449724724084737

193.56.28.173:2404
95.216.17.186:2404
23.105.131.169:2404
rownip.3utilities.com
rownip.dyndnss.net
rownip.theworkpc.com

# Reference: https://twitter.com/ps66uk/status/1167016794260946944
# Reference: https://app.any.run/tasks/121e7cd1-6954-44be-a1b4-825c2615c11c/
# Reference: https://www.virustotal.com/gui/file/15b83a6155f1aba3acb68e4ecb475bb742790b82de364d1df4dd918a31f7872e/detection

79.134.225.48:3765
79.134.225.86:3765
79.134.225.87:3765
79.134.225.89:3765
remcoss.onmypc.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

du4alr0ute.sendsmtp.com
helloweenhagga.ddns.net
hhlari.ddns.net
moneybag123.ddns.net
revengerx111.sytes.net

# Reference: https://twitter.com/malware_traffic/status/1169050682386763776

37.19.193.217:2404
37.19.193.217:2405

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

charlesremcos.duckdns.org

# Reference: https://twitter.com/wwp96/status/1170314034564018180

uaeoffice999.warzonedns.com

# Reference: https://twitter.com/wwp96/status/1170332469960331266

66.154.113.142:2404
jkharding2014.myddns.rocks
tomharry.ddns.net

# Reference: https://twitter.com/wwp96/status/1170334923892371459
# Reference: https://app.any.run/tasks/e2340ee4-ba30-44ec-b748-1d625e65db63/

79.134.225.77:2019
gratefulheart.ddns.net

# Reference: https://twitter.com/wwp96/status/1171448440535973888
# Reference: https://app.any.run/tasks/fcbb836f-7ade-44f1-bbeb-9c7d9047fbe1/

185.4.29.140:24009
inf111.ddns.net
inf111.hopto.org

# Reference: https://twitter.com/luc4m/status/1171783171677065217

charstiago6.dynu.net

# Reference: https://twitter.com/DynamicAnalysis/status/1172221575376134144

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl

# Reference: https://twitter.com/dvk01uk/status/1176383495339483136

217.20.114.220:1010
myhousedubem.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1176933671389081601

79.134.225.101:1188
sciano.duckdns.org

# Reference: https://twitter.com/Racco42/status/1179472593927200774
# Reference: https://twitter.com/Racco42/status/1179880257438003200
# Reference: https://www.virustotal.com/gui/ip-address/185.105.236.187/relations

185.105.236.187:5001
cepastr.ddns.net
manafuuh.ddns.net
teryts1802.sytes.net
updatechrome.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1179782506465366020

ulnews.duckdns.org

# Reference: https://twitter.com/Dashowl/status/1179833764651962369
# Reference: https://app.any.run/tasks/e38aa085-4cc2-43e6-befe-0b4d5caeb0b6/

204.152.219.70:5731
abundantgrace1.ddns.net

# Reference: https://app.any.run/tasks/9bfe4193-bfea-4523-be81-68953435e7b7/

181.215.247.18:2404

# Reference: https://twitter.com/MalwareConfig/status/1180886611602612224
# Reference: https://malwareconfig.com/config/daca573a51e9b080e2f3f6303611ee83

160.116.15.149:35364
henryofonyiri.ddns.net

# Reference: https://twitter.com/killamjr/status/1180968029858910209
# Reference: https://app.any.run/tasks/f9985b06-08a9-41dd-b2d4-d051e02f8c08/

137.116.73.45:2404
reneelauto.ddns.net

# Reference: https://twitter.com/teoseller/status/1179318648718188545
# Reference: https://www.virustotal.com/gui/file/550baa07a33c62d24636d672c5a0973dbb1babc8ddc75e434d316ece595296f6/detection

185.81.157.41:2404
santzo.warzonedns.com

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1795

# Reference: https://app.any.run/tasks/7634c4dc-dee9-41e0-a2c0-32b4ef3d1885/

213.184.126.134:1337

# Reference: https://twitter.com/P3pperP0tts/status/1181578274394251264
# Reference: https://www.hybrid-analysis.com/sample/47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4/5d9c9ed50288383e19febfe6

185.158.249.88:2404

# Reference: https://twitter.com/killamjr/status/1183421884794204160
# Reference: https://app.any.run/tasks/deed1a67-8d99-4e3c-9e87-5e63c39cb4c6/

top.intelprovidejordan.waw.pl

# Reference: https://github.com/edchavarro/RAT_IoCs/blob/master/README.md (# Remcos section)

181.57.204.130:4452
46.246.82.66:2000
bolso.gucci12.cc
celularmovil.huawei10.digital
consola2.nintendo3.life
consolajuego.nintendowii12.email
telefonia.claromovil1.work
tennis1.adidas3.tech

# Reference: https://any.run/report/613f437f01744740c4e96d84c970c51128929fcdaa1a9d7e31a1ee063bf49f8e/3ae8d7b9-9a47-4ac4-b564-96510dc901d7

185.217.1.173:2404
algheithcompany.duckdns.org

# Reference: https://twitter.com/smica83/status/1186542376355094529

91.189.180.214:7890

# Reference: https://twitter.com/killamjr/status/1188630140076658690
# Reference: https://app.any.run/tasks/a9de27e3-1bdc-43e9-8349-25bbe9c6cd90/

192.169.69.25:8077
redditmercy.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1189251481943363586
# Reference: https://pastebin.com/H5UqcHv1

37.19.193.217:2398
toptoptop2.online
toptoptop2.site
toptoptop3.online
toptoptop3.site

# Reference: https://twitter.com/James_inthe_box/status/1189202165161529344

79.134.225.95:4050
79.134.225.95:6080
mnx.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1189301538142990339
# Reference: https://app.any.run/tasks/a8a4f079-0296-41fa-bcb0-546a54db9e56/

109.202.103.170:8733
213.152.161.40:8733
213.152.162.89:8733
213.152.162.109:8733

# Reference: https://twitter.com/VK_Intel/status/1189602729498464257
# Reference: https://www.virustotal.com/gui/file/9235b1f5f9cc8efbf0ad96e4b48872a4043286fcdd182423746ed2e3700e1559/detection

79.134.225.20:2404
hobbotgy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1190072879242596352
# Reference: https://www.virustotal.com/gui/file/6e366fd065815118100c0a7fe8fa95208e87944b9dd4ce9df556c6d9f31151ec/detection

menaxe.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/d23189d4520692301d6a013f60d59972fb61fd4bc3f011693411b20e9bdbd1e6/detection

185.244.31.85:4050
menaxe212.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ddca5e1a4a9a4afd6663da5c05252d4150c8e271fbe28a81b3ae3af4cbca49c/detection

185.165.153.185:4050

# Reference: https://pastebin.com/29uSdMAk

sub.thebest1jewels.waw.pl

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.29/relations

79.134.225.29:3018
bzsoftwaress.hopto.org
faxjohn01.dyn.ddnss.de
londonchap.duckdns.org
samuelcity.ddns.net
top.citycentrejo.waw.pl
sub.winkcaffe.waw.pl

# Reference: https://twitter.com/killamjr/status/1191192709727506438

79.134.225.73:2404

# Reference: https://app.any.run/tasks/508a6b73-18b4-490e-a1f3-69341ba72512/

79.134.225.80:2404
clintonlog.hopto.org
joseph3m.ddns.net

# Reference: https://app.any.run/tasks/880d03b6-ed40-4688-a1ee-7f27e9873013/

91.189.180.214:7890

# Reference: https://twitter.com/malwrhunterteam/status/1060836685771087873

35.237.81.215:1604
fuckerswashere.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191790897714913281
# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/

91.193.75.51:4343

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/ip-address/179.33.152.127/relations

msipro2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191486608249368581
# Reference: https://app.any.run/tasks/4ca60fe6-eb65-48eb-8f80-eb28e19ecfa4/

79.134.225.11:5198
mpremx.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191443761563353089
# Reference: https://app.any.run/tasks/bd34ac22-9167-4ae5-a91f-e5600e21e72f/

115.133.245.72:3908
115.133.245.72:4101
115.133.245.72:4421
ego9.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189778893298970624
# Reference: https://www.virustotal.com/gui/file/1511d64209925c818d7db8eb1d0229e54debbea0d2a60bba094a05edd8d76a1d/detection
# Reference: https://www.virustotal.com/gui/file/0634fc3acc43e1b3a357a28e4f0e20edac01ea07aa5de6e0373b8eb521bfd150/detection

194.5.97.96:22940
194.5.97.96:7493
lekwahouse.ddns.net
pirorityclient.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189761540251103232

82.112.40.135:1604

# Reference: https://twitter.com/VK_Intel/status/1194260473631428608
# Reference: https://twitter.com/VK_Intel/status/1194338499085778944
# Reference: https://www.virustotal.com/gui/file/73cd4a5fd5d4670ecfa8d3e1d64055b76373e7730e0f7947ae850dbf2ee41549/detection

194.5.97.119:1000
nanoprivv.duckdns.org
zotizieweb1.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196471158054494208
# Reference: https://app.any.run/tasks/66e92f07-3225-4d85-838f-cb3ccdbd90c8/

79.134.225.99:4387
respainc.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196491717572222977
# Reference: https://app.any.run/tasks/594a9510-e48a-4dd5-89ea-73fe6929c225/

185.140.53.168:5980

# Reference: https://www.virustotal.com/gui/file/db21285f8f62e182c6cb217073632a0c878c44e6b9d7dd2cf68df573391aa924/detection

154.16.93.170:8320
185.217.1.186:8320
217.79.184.12:8320
79.134.225.29:8320
faxjohn01.dyn.ddnss.de

# Reference: https://app.any.run/tasks/c735b356-3ad6-47b2-8db9-4b820fba23ce/

pharmalobster.duckdns.org

# Reference: https://app.any.run/tasks/1c7dc445-3d6f-4219-a2e1-afc99d3916a0/

rt.sexsweet.vip

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.105/relations
# Reference: https://www.virustotal.com/gui/file/331003b87d0c8194b40ca96740295c74a3695331e917a9d0511c62e6ffdd7e80/detection

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl
top1.supertouchhaircare.waw.pl

# Reference: https://www.virustotal.com/gui/file/4a43fde440d91d130acd096114cfbe5e965100793f354297657d6595e2a4b941/detection

electroking444.hopto.org

# Reference: https://www.virustotal.com/gui/file/2478c6c90b6c4ecfc0a010b111bde48456898aba2946625784ecc083960f683a/detection

electroking444.ddns.net

# Reference: https://www.virustotal.com/gui/file/10c47670d9b565e7911364006e01fc545ef9b313bf5d230405f067b6a7795b50/detection

79.134.225.89:2501

# Reference: https://www.virustotal.com/gui/file/31022c5eb483f3b105050ab054e45541b206583996aec342b20fad359b1978ce/detection

199.195.250.222:6464
leebase.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/3692d98da1a9c209fe3f7789caa282a374eb39acde6d3b6690297773cd201c2a/detection

79.134.225.89:6464
filebase.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3121062c6478104325d7bdf59a08f9c416c2c8343ee4eb80829775c984a06310/detection

79.134.225.89:3369
fucktoto.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e0d19b6ddfce89c11868bd8afdcfb53fa8d8c7c17623d25d04065aac411b521/detection

79.134.225.89:32002
work1234.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Dropper.Remcos-7395733-0)
# Reference: https://www.virustotal.com/gui/ip-address/186.170.64.85/relations

186.170.64.85:2404
msipro2019.duckdns.org
nashpink2019.duckdns.org
proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

186.170.64.85:6404

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

161.18.215.40:6404
179.33.63.205:6404

# Reference: https://www.virustotal.com/gui/file/ec3c174d36d5f8faa784d42a6972406d5ad258b770a308027a0bea1bb04a2fa3/detection

186.170.70.152:3370

# Reference: https://www.virustotal.com/gui/file/a0f495716cd691031cef9c3e92aa0c19f6f97a1179a60518797f1fdb5e1d82f7/detection

79.134.225.90:6553

# Reference: https://www.virustotal.com/gui/file/bb81e35d7d90e9d2a97408c256c4a498d85cfd36568e85b631766d34a9182b57/detection

79.134.225.90:2404
graceofgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d22fa075c100254780f36d4ece00b40fad5cad6c5be21e15ed929c99680b904/detection

79.134.225.90:24197
registerme.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/646178cbc5b2452e1f3ee34500f039ab15f1f4d81533e1abc7db290fe43a10e7/detection

79.134.225.90:54985
1338099.ddns.net
jaden222.kozow.com

# Reference: https://www.virustotal.com/gui/file/eb712d5bb30e21cac53acdac476e526371534827486ad228c592facad084d220/detection

79.134.225.90:7331
7331.duckdns.org

# Reference: https://www.virustotal.com/gui/file/04393c8b23e1742c3ca20a081739b7bb959274adc61f83158d0ef96ef575779e/detection

79.134.225.90:1720
jack2019.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/5689e69c5f46ab06f7b5b8d4aaaf235210ce6cf014fb3324c6d6c785ccb688c7/detection

79.134.225.90:5656

# Reference: https://www.virustotal.com/gui/file/330e409e8edbecfd1e3146c7dd09670e6d3364fb3f16ff0b2c129aea37b03e2f/detection

79.134.225.90:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/83c8a487ae867ea10107a1a6a93a5c1b6b54744a384338e166317049a53f97ec/detection

79.134.225.90:5355

# Reference: https://www.virustotal.com/gui/file/8bbfa7a830568b039465d6abf3c517422c94d3abfe6455410a1437430a48e2de/detection

64.42.179.59:33089
sdkljsdf89237487428974wrewrwrereerwerw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/747cc60bf20b60daa1441457d74becb38f01564068d56e8eed000a1f9557d344/detection

199.249.230.22:33089

# Reference: https://www.virustotal.com/gui/file/da9f70611fc313108dfd69262954d2b926761528e20acda0593878ba0bd7a0ab/detection

198.203.28.43:33089

# Reference: https://www.virustotal.com/gui/file/60fc1a6f625150ec93ea5eb5cc91252542f15bd91dda6ea27d389b828a383061/detection

192.69.169.25:4864
abeasinf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97571694c24fc14cfb658d7620d74c69ef42a78e2bad32ca047022b984edf922/detection

186.170.76.206:4864

# Reference: https://www.virustotal.com/gui/file/45f8ba1f2b1456f4192a0ac31b2788c18b957fdec9d94da8f3c3a581cf0e0591/detection

192.69.169.25:1626
wiskiriski15.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1daf168cc60d73346093932e5db44e055166da7e26c06e7fa7453ced43cffd42/detection

192.69.169.25:3864
pichicoyote.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060231c7729f65f39c1cc05fbe097d9c872dabd9391cc20eaf60c8d3c3cb0b5a/detection

79.134.225.80:3360

# Reference: https://www.virustotal.com/gui/file/e8a34e6e1db7c73ffea0618863c3d4ce31f3b32c4a16ec04b11460efb13a195e/detection

79.134.225.99:3360

# Reference: https://www.virustotal.com/gui/file/d96c1dc0ea3859660cd97e0f88b0cb0fab0a974ac0f07c7eadd45f48407a0224/detection

79.134.225.123:3360
79.134.225.125:3360

# Reference: https://www.virustotal.com/gui/file/1f6baac0b57ae8c9a3dfe83c6c4bf14ed0b00c785c333cfd905f3b403c036077/detection

79.134.225.122:3360
79.134.225.124:3360

# Reference: https://www.virustotal.com/gui/file/29bd4d55cb24fd04eabdc27eabcabe11f348ed1fc60b4c066af3be4c5eed869c/detection

185.165.153.113:3360
185.165.153.198:3360

# Reference: https://www.virustotal.com/gui/file/cc0f030f39bfc8c65c10bbcee2ce8679f313687dcce2ea8218e2a8fc8cd5c14d/detection

79.134.225.58:5609
remcus.chickenkiller.com

# Reference: https://any.run/malware-trends/remcos (Note: as seen on 2019-12-04)

ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
slimyuyo.duckdns.org
vemvemserver.duckdns.org
3forall2019.servesarcasm.com
mozillamaintenanceservice.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io

# Reference: https://pastebin.com/r5ZV1TCJ

menaxe.nsupdate.info

# Reference: https://twitter.com/wwp96/status/1203002510765707264
# Reference: https://app.any.run/tasks/30aa42c6-1bf5-4eed-84fc-099cc2f69404/

174.127.99.167:8970

# Reference: https://pastebin.com/7Ak2nP2T

reverse.spamassasins.icu
top.multigamingjo.waw.pl

# Reference: https://www.virustotal.com/gui/file/80120be87db5c64640fbd69a55cfd335601de08d5bcff393e66ff6f51c460850/detection

79.134.225.121:22940

# Reference: https://twitter.com/smica83/status/1205000837430468608

top.phonefix1.waw.pl

# Reference: https://twitter.com/Paladin3161/status/1197842954037018625

192.169.69.25:1116
ashawo.duckdns.org
wecollect11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e444ad341b93f3150b1eae401b84c1b8afd73a80345b4b328bd26c9e5dc5d66/detection

185.148.241.48:1115

# Reference: https://www.virustotal.com/gui/file/a22ede52f14be480dd478fa0ec955b807e4b91a14fbe1b5d46c07bbb5cacccbb/detection

185.244.30.116:1116

# Reference: https://www.virustotal.com/gui/file/53a20bb94b5f34076b98b161b786e24a3fe4c1d3ba36892a901f0709461d096e/detection

185.244.30.116:2444
proudsoldier.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf16f2332e28ac589939efd41ce77fafeed6c9f8b20661f55a0e1264c78bebd0/detection

91.193.75.49:1116

# Reference: https://www.virustotal.com/gui/file/efda9ecdddba583c653b76dbc825daaba070e16d4e6be3f6439278c6c023450a/detection

185.165.153.231:2404

# Reference: https://twitter.com/ActorExpose/status/1196103594845593600
# Reference: https://app.any.run/tasks/4be5595d-4651-40ae-b24d-917a47b26fbb/

79.134.225.46:1960
mgc1.duckdns.org

# Reference: https://twitter.com/coderippers/status/1194935759775641600

185.165.153.186:5132
91.193.75.51:3434

# Reference: https://twitter.com/Paladin3161/status/1194813271494148096

192.169.69.25:100
jamesremcos.duckdns.org
savagesquad.ooguy.com

# Reference: https://www.virustotal.com/gui/file/a8c80446c78199908f9187795627a6111e765b7abf20662cd0f1762ba80abaa1/detection

185.165.153.27:100

# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/
# Reference: https://www.virustotal.com/gui/file/9b4585e342acf00e8d7c0f0b215af2f74ce1a0b428583c30868dbc616d87e1dd/detection

srvc50.turhost.com

# Reference: https://www.virustotal.com/gui/file/1efc346c6761b933adc7a10ab7e6da5e6c65369b5b90f3ddd528ce2bcc3116ab/detection

91.193.75.51:4343

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/

rmagent.biz

# Reference: https://www.virustotal.com/gui/file/8003d7af85e3d328eb0c789e32bba3de456523c109847eca2ace5ae0252c1ee2/detection

185.165.153.22:2211

# Reference: https://www.virustotal.com/gui/file/04455422ee74836e38315b4ac9740470c963e45d5cf61fb3927f02ed9be4d995/detection

185.165.153.22:11011

# Reference: https://www.virustotal.com/gui/file/606aee9e6f0ec6e51dd94cda76b4978392bf5c7f505e049fbd936e7b97928387/detection

185.165.153.22:3330

# Reference: https://www.virustotal.com/gui/file/9fe933614e864926edb99dd6a6c1df31e3db0f74fb8c0d622ef73fd1c6e14104/detection

91.192.100.37:23850

# Reference: https://www.virustotal.com/gui/file/444a412bebf61392e5368bd1464f5773024d1c8758626cd7c5f061ba7688403a/detection

88.172.243.236:23850

# Reference: https://www.virustotal.com/gui/file/d2ddf0997db4b87a354abacba8f0b22f5923eeff7f01bcf3e2bae535160c579a/detection

79.134.225.122:23850
79.134.225.122:3366

# Reference: https://www.virustotal.com/gui/file/bd6220c705c6f321f59d1f45eea1e13c5171f7a2061dec9f907ffa291f3b9ec1/detection

79.134.225.122:2404

# Reference: https://www.virustotal.com/gui/file/c176c510cdc4c587528c7b3fd414ff373f966e669243ade0f76bc674e8053a9f/detection

23.105.131.156:2404

# Reference: https://www.virustotal.com/gui/file/abb4c76901b644cb756fe3727d3933d6a614d0709b62c78c9c54f2dd3ba6aea0/detection

192.253.246.140:23850

# Reference: https://otx.alienvault.com/pulse/5c4543d7fa493a3bac56ae13

jaxboss.publicvm.com

# Reference: https://www.virustotal.com/gui/file/fffb52d51e9688cc08c2a2ad0d818528174eda3e9738c7df8d009301bd127419/detection

173.242.125.75:7241
mysit.space

# Reference: https://www.virustotal.com/gui/file/8e99fca6285e318095ad693fa35b922f88743bf7743a1a8316eb0138fb771e2c/detection

185.82.202.149:7241
uploadtops.is

# Reference: https://www.virustotal.com/gui/file/a0dd3cf4f046432c109448c53687a0cf06cdc1d287fda725c7c15397dab984f0/detection

66.85.185.105:7241

# Reference: https://www.virustotal.com/gui/file/6caecb1c499dfb5b9a00c1eed46b7c6b223893f5a95a10dbb7dc41515a132c7e/detection

66.85.185.105:1427

# Reference: https://twitter.com/DynamicAnalysis/status/1205555781095108608

79.134.225.99:2018

# Reference: https://www.virustotal.com/gui/file/8c49d633a12c6ea14ac72e58de6c9f7ba239403f21cc25c6f1ae867b5df29b36/detection

41.203.78.140:2888
41.203.78.93:2888

# Reference: https://twitter.com/wwp96/status/1210224614149939200

185.140.53.26:2404
michaelking102.hopto.org
michaelking102.loseyourip.com
rennelautos.zapto.org
sunwap878.ddns.net
sunwap878.dynu.net

# Reference: https://app.any.run/tasks/8541d798-8243-46a8-8631-f54e6ed5d19e/

redsocial.instagram21.best

# Reference: https://twitter.com/James_inthe_box/status/1211999781721006081
# Reference: https://www.virustotal.com/gui/file/a05be2b7d477cf006794c746d241b4dad0a392f59d19238f17bc7128418108f2/detection
# Reference: https://www.virustotal.com/gui/file/76b700b072fd5820e296c1fd9a62f2a63c8c6715e778ad32213cdfcae5bae878/detection

108.62.12.134:4922
nolim.duckdns.org

# Reference: https://www.virustotal.com/gui/file/472aa23054d16bcf70e18d254613161d80cb345229aafca5e0b103e0afb65271/detection

aprsgkpc-51401.portmap.host

# Reference: https://www.virustotal.com/gui/file/51ba982bff7c5afbb35f5ce500570bf94aacda560e649e32fa9445155a31994c/detection

193.161.193.99:54120

# Reference: https://www.virustotal.com/gui/file/7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31/detection

tunedd30.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4f477f955ae23cb599858715626e86d3c5a8869d7cfd340af87147e2e7c9818/detection

178.124.140.136:6640

# Reference: https://www.virustotal.com/gui/file/28842367cd70d14f0776b246cb821275ff817051813b3ad4090eb412496d319c/detection

178.124.140.136:1284
dfrannk.hopto.org

# Reference: https://www.virustotal.com/gui/file/63e1f393cbd4bfe5c8e431af3de70b382482ed3e11b967db8caccf4c38ada733/detection

expertyline.mooo.com

# Reference: https://www.virustotal.com/gui/file/4c407408ea383edc394a84baed80b6991581a5df5d9cbcb818f83dfc1c6b4317/detection

ddfranks.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb91f6ed14de853b1d987e199eaede7005c4cf6671321315d22e4626677bfb7c/detection

178.124.140.136:1515

# Reference: https://www.virustotal.com/gui/file/72b74037adf3cf0cf6e9ead907f565d4976b0ed15a8b62e2c8a8cde28a09867b/detection

178.124.140.136:2033
blessederic.ddns.net

# Reference: https://www.virustotal.com/gui/file/978b349faa2c6e8894897bb1cc54d1f92ca9613af0078528fab4f10466c2667b/detection

178.124.140.136:2669
dfranki.ddns.net

# Reference: https://www.virustotal.com/gui/file/b57e631645446ad3744528b05f961ea2c4cb23f426f0a6a6dea8203786c9e528/detection

178.124.140.136:3333
menorte.ddns.net

# Reference: https://www.virustotal.com/gui/file/2bd9dd47981f11b696c2ad7c6b11723da0f091c658210799e2fdd1efd326172a/detection

104.244.75.220:9300

# Reference: https://www.virustotal.com/gui/file/26d109f07bff6ad6142cc1e2c455849a3f641ac43660372686aad7381527fe00/detection

103.136.43.131:7368
104.244.75.220:7368
105.112.99.44:7368
194.5.98.25:7368
sam555.ddns.net

# Reference: https://www.virustotal.com/gui/file/48fafbbccc345ad4f5b9d525107cd139bde73ec2b4eb54432336bf6450943a5f/detection

91.193.75.49:2016
91.193.75.49:3001
proud.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf76c5ca49445e8aacb161337d1d333cf481c4ea7eaecfd2c2a3170e70a69ce7/detection

91.193.75.49:3111

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985
tools4money1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/254a0ac154ebc83d9838fb52af5dc8118cfc31d81571cfdac3d3bf4f75be5d6a/detection

remcos.got-game.org

# Reference: https://www.virustotal.com/gui/file/f9aae3f8af4a70b5634a9ec9f069ac3458ff6835547107e42955fa12c5a2cf8a/detection

91.193.75.66:3039

# Reference: https://www.virustotal.com/gui/file/223e21cb4169999a2086cbcb4d56013d151b81745a541f300ffbbfd838c1a8f5/detection

79.134.225.72:4564
ebuxxxxx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8889736c0a30eb477236a624f55e66d38f52025db003cf7fe621fd084109db5e/detection

79.134.225.72:7676

# Reference: https://www.virustotal.com/gui/file/166e944c81082a59ffbf8cf5a2ae228913dc8656990d71238ad2db19cd2221b5/detection

top.pubgstores1.waw.pl

# Reference: https://www.virustotal.com/gui/file/5ee090b3c5b98a33e60f2a3eeb6f8429ffabc5ac0ea932e373c6a383cfce5289/detection

smart0147.ddns.net

# Reference: https://www.virustotal.com/gui/file/2170aa91350c123fa9a2319492afbd73c2b5fbe29a84c001efd545980c330856/detection

79.134.225.73:6569
passwrdboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4538221d4740b28f2aa439fddfba69448a2751a0a4f78b54145ddd7ef7d6992/detection

79.134.225.73:18943
cashoutmoney.ddns.net

# Reference: https://www.virustotal.com/gui/domain/top.fishingjoco.waw.pl/relations

top.fishingjoco.waw.pl

# Reference: https://www.virustotal.com/gui/file/72e6c5ce4b7844eee3a6b293f54aeedd38d572bd5ff7c3609507030da46041fe/detection

185.158.139.238:9334

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

185.140.53.93:9334

# Reference: https://www.virustotal.com/gui/file/38de8ff2bdcad25f923d0d22138c23541991c3f96095a0ee22de5e1849f3f20e/detection

185.140.53.59:9334

# Reference: https://www.virustotal.com/gui/file/ad74423af971f9d55f4fb2ca010f6dc81ef98a6dd36fd18b833c2623d17eb913/detection

185.140.53.192:9334

# Reference: https://www.virustotal.com/gui/file/d99ac8879353bd8cbc3ca502cdc6cf5581652f1a26f7de6337644758d6370e16/detection

185.140.53.107:8787
185.140.53.107:9334

# Reference: https://www.virustotal.com/gui/file/0bca93258e81977fd667e4ceab83f2e3460dd5fa5d5f4e88549bd4bfad20ee12/detection

185.140.53.52:9334

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

185.140.53.26:5200
185.140.53.26:8153
185.140.53.26:8787
185.140.53.26:9334

# Reference: https://www.virustotal.com/gui/file/63f7dcd1893c84eae20fe494fd9d0bda10dd809ead94eb4d2c271d25208fc992/detection

185.140.53.222:5200
185.140.53.222:8153
185.140.53.222:8787
185.140.53.222:9334
185.140.53.52:5200
185.140.53.52:8153
185.140.53.52:8787

# Reference: https://www.virustotal.com/gui/file/8fdf5d5c5cf41f4f80a563d12f07d6f59bdeed91028eaa888a982a45df76bd09/detection

185.140.53.115:9334

# Reference: https://www.virustotal.com/gui/file/44558aeedee27b83942c4e33a0c0f060035f2ef4beaf66af23f719f121934194/detection

185.140.53.94:9334

# Reference: https://www.virustotal.com/gui/file/f5a7efd0ffb5145945fed2f92b2df8a79847085547333ec841e3e0b1fc5e1133/detection

185.140.53.50:5200
185.140.53.50:8153
185.140.53.50:8787
185.140.53.50:9334
185.140.53.149:9334

# Reference: https://www.virustotal.com/gui/file/4d51a099cfcab43ebfdaef8d4bc8bd0560c933c665cb6ca353f63d2d97bb2f18/detection

185.140.53.91:9334

# Reference: https://www.virustotal.com/gui/file/225c850cfd1f040c9b7f3513eb77aa5830a4b37b9cb1a516cd128e7841429537/detection

185.140.53.162:8787
185.140.53.162:9334

# Reference: https://www.virustotal.com/gui/file/49e01999814d095689ceda6247ccaea14bcd21d0267e8705b393de930e883667/detection

185.140.53.114:8787
185.140.53.114:9334

# Reference: https://www.virustotal.com/gui/file/cbe362033ba85e20d7b86bc9108c1d1db1786febfbf0b99258e755ac8b6297b2/detection

185.140.53.194:8787
185.140.53.194:9334

# Reference: https://www.virustotal.com/gui/file/27d2f7b50dc11a146fd7d950a1d3eec3031882b970463b7b685b516849071fe1/detection

185.140.53.232:9334
185.247.228.103:9334

# Reference: https://www.virustotal.com/gui/file/d4487b370ba2645516192a1461cb25ed3d11d02e4d0fdce3025269ca7d63aefa/detection

185.247.228.251:8153
185.247.228.251:8787
185.247.228.251:9334

# Reference: https://www.virustotal.com/gui/file/c68b820b65097d851e33a977e562fd51d12d852613b43caba3b325dd74b0e618/detection

185.140.53.96:8787
185.140.53.96:9334
185.247.228.103:8787
23.105.131.142:8787
23.105.131.142:9334

# Reference: https://www.virustotal.com/gui/file/b4f87be6ab41d1216a36822bf791212e29eb07c469059571d916221f0508ef97/detection

185.140.53.208:5200
185.140.53.208:8153
185.140.53.208:8787
185.140.53.208:9334
79.134.225.10:9334

# Reference: https://www.virustotal.com/gui/file/a246556f34f23f1e8c67a4aadda22bd03324521aadf4526b0db5f696b6761d35/detection

23.105.131.216:9334

# Reference: https://www.virustotal.com/gui/file/eae3e753b4461e78f7f0206f2d3434f9ced9c302ec509e952e69332b2be73ee4/detection

sub.jofishingco.waw.pl

# Reference: https://www.virustotal.com/gui/file/cfc1e1ff16319b95761d4b4b950bd46e7c7b8cab339cbf556b21fa56cc7f069a/detection

23.105.131.216:5200
23.105.131.216:8153
23.105.131.216:8787
173.254.195.173:5200
173.254.195.173:8153
173.254.195.173:8787
173.254.195.173:9334

# Reference: https://www.virustotal.com/gui/file/590fac000e2f4cbe9a27520e6cf3223e045bc3386633c25088e55439679150f7/detection

173.254.223.68:5200
173.254.223.68:8153
173.254.223.68:8787
173.254.223.68:9334
91.193.75.128:8787
91.193.75.128:9334
98.143.144.221:9334
98.143.144.243:5200
98.143.144.243:8153
98.143.144.243:8787
98.143.144.243:9334

# Reference: https://www.virustotal.com/gui/file/9f945ca391310fb2880045f5bd60393d62b2a0c65f06aa57396d9bcb313128a7/detection

173.254.195.172:8152
173.254.195.172:8153
173.254.195.172:9334
173.254.223.121:8152
173.254.223.121:8153
173.254.223.68:8152
173.254.223.74:9334
204.152.219.119:8152
204.152.219.119:8153
204.152.219.119:9334

# Reference: https://www.virustotal.com/gui/file/96158e53f76c37ba6590d80f10bbc5009bdc758d388d456274fb065a5ce8f325/detection

173.254.195.173:8152
173.254.195.173:8153
173.254.195.173:9334
173.254.223.110:8152
173.254.223.110:8153
173.254.223.110:9334
185.140.53.236:8152
185.140.53.236:8153
185.140.53.236:9334
73.0.71.4:8152
73.0.71.4:9334
98.143.144.217:8152
98.143.144.217:8153
98.143.144.217:9334
98.143.144.243:8152
98.203.61.135:8152
98.203.61.135:9334

# Reference: https://www.virustotal.com/gui/file/5cac3d994fcc5eefdaef9ffd6b9fae41dd49f1a699e88746e17fb51a49f73bd2/detection

204.152.219.90:8152
204.152.219.90:8153
204.152.219.90:9334
91.193.75.126:8152
91.193.75.126:8153
91.193.75.126:9334
91.193.75.220:8152
91.193.75.220:8153
91.193.75.220:9334
91.193.75.128:8152
91.193.75.128:8153

# Reference: https://www.virustotal.com/gui/file/a26302049b7fbfa6d107b726717cc1a29c7b1dc04d3ad07b6a2f56fd3ca9cd1d/detection

185.247.228.103:5200
185.247.228.103:8153
173.254.223.110:5200
173.254.223.110:8787
73.0.71.4:8787
98.203.61.135:8787
91.193.75.126:8787

# Reference: https://www.virustotal.com/gui/file/0c92e3f679873eae4f540f6f62d29bd80abd6bdc7267221c5a0ba1f82c9e90f7/detection

185.140.53.213:8152
185.140.53.213:8153
185.140.53.213:9334
91.193.75.232:8152
91.193.75.232:8153
91.193.75.232:9334
91.193.75.238:8152
91.193.75.238:8153
91.193.75.238:9334
91.193.75.97:8152
91.193.75.97:8153
91.193.75.97:9334
98.143.144.211:8153
98.143.144.211:9334

# Reference: https://www.virustotal.com/gui/file/4b5c755f37994c6474cabd023f83ec8d58ff7f875d25fb788ec9770383833af5/detection

173.254.223.124:8152
173.254.223.124:8153
173.254.223.124:9334
204.152.219.93:8152
204.152.219.93:8153
204.152.219.93:9334

# Reference: https://www.virustotal.com/gui/file/1053aed27e83dc8f682739c0d1716060b1fa525d3a8cef7fb066e8103a3fe50b/detection

91.193.75.107:9334

# Reference: https://www.virustotal.com/gui/file/82889980e77fab696835eb230b3d3b04ade235e7a2442f267bfeae32dcb189f0/detection

173.254.223.121:9334
173.254.223.92:8152
173.254.223.92:8153
173.254.223.92:9334
98.143.144.207:8152
98.143.144.207:8153
98.143.144.207:9334

# Reference: https://www.virustotal.com/gui/file/925e39df3d71d49ed7c31790de157fd50e6bfc7eed6d151fa0c89760b059937e/detection

204.152.219.94:8152
204.152.219.94:8153
204.152.219.94:9334

# Reference: https://www.virustotal.com/gui/file/daaa67b875f56060c05fae1fa635f9a30786054b3efb9c3ef82204b30f6dd7fe/detection

185.140.53.137:9334

# Reference: https://twitter.com/wwp96/status/1214559701280722945
# Reference: https://app.any.run/tasks/fa298bab-4c01-4269-93af-1808d94595fd/

jessene.ddns.net
rennelautos.kozow.com

# Reference: https://app.any.run/tasks/ef3a8b4d-0d5b-4f7a-a187-336b1327884c/

successfulghost.duckdns.org
185.244.30.35:2009

# Reference: https://twitter.com/wwp96/status/1214925176632225799
# Reference: https://app.any.run/tasks/1ad4f2da-7513-4d09-bd27-f6cf3327b489/

209.127.18.228:2424
roboscchi.duckdns.org

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://app.any.run/tasks/a58e0909-6db7-4a3e-961d-02dcb6800803/

161.117.86.44:2500
88.198.205.179:2500
devicenet.org
devicenet1.org
devicenet2.org
devicenet3.org
devicenet4.org
devicenet5.org

# Reference: https://www.virustotal.com/gui/file/3bcfb4fec5c49609ce2e1688f24ae874728e9fd53a1769673d2ad3ac0c5554aa/detection

174.127.99.211:9493
vision2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0c2912541176b553f2d4595ea338f88bc8d6110ac43cb892cf86dd06ca49307c/detection

41.242.137.4:9493
41.242.138.53:9493

# Reference: https://www.virustotal.com/gui/file/6e5a7c74c609d6363a56cca712900ec5ab4ffa4e22c0307adf9b30f56b7eb218/detection

185.244.31.31:9493

# Reference: https://www.virustotal.com/gui/file/972cd696927d9d1804566fe6a610a67ca4f9a1bd631769ba7a2d3b06f8413497/detection

79.134.225.104:1871
umc621.myftp.biz

# Reference: https://twitter.com/DynamicAnalysis/status/1217873533310816257
# Reference: https://app.any.run/tasks/a948d44d-9d3b-4675-8c4f-6ec951a9346a/

79.134.225.36:2121
79.134.225.98:2030
srvr1.serverpubg1.pw
srvr2.serverpubg3.pw

# Reference: https://twitter.com/Racco42/status/1221707041615630336
# Reference: https://app.any.run/tasks/ced5f8bb-826d-4ece-9e0b-35408f6e3b90/

91.189.180.199:672
srvr2.callofdutyserver.pw

# Reference: https://twitter.com/Racco42/status/1221721585868058625

80.209.240.101:2030

# Reference: https://twitter.com/wwp96/status/1221878428623872001
# Reference: https://app.any.run/tasks/d41682fc-e350-4a38-a2b2-397fbf22a3d6/

185.244.30.53:2404
lupend.ga
lupendbackup.ga
lupend.duckdns.org
lupendbackup.duckdns.org
rownip.lupends.com
rownip.mailredirect.ooo
rownip.schneidstore.com
rownipbackup.ga
rownipbackup.tk

# Reference: https://pastebin.com/R6JP78G1
# Reference: https://www.virustotal.com/gui/file/5cfda191c0a46c7849afb2014c290dbd57101d20407ef9bfcaacac5886a80814/detection

103.145.255.163:4040
103.145.255.163:6566
vip6654.live

# Reference: https://app.any.run/tasks/8b8041c8-7f80-4bed-944b-1e28edacaf3d/

olavroy.duckdns.org

# Reference: https://app.any.run/tasks/1d360fda-c2a3-48d3-9c0a-5d5911a5574b/

66.154.98.108:24046

# Reference: https://twitter.com/wwp96/status/1222574424450355201
# Reference: https://app.any.run/tasks/75213c65-a28d-4053-b6ce-691a95f2b91b/

91.193.75.248:1005
mohit36241.ddns.net

# Reference: https://twitter.com/Racco42/status/1222614871293845504

178.124.140.136:7894
xyz345.spdns.de

# Reference: https://www.virustotal.com/gui/file/5a0d3279a6a703f809a0526fb425c8f4d2d42a3794b35315d1ae05c9960702e9/detection

185.148.241.50:9727
lawwena.ddns.net

# Reference: https://pastebin.com/SamC9MPD
# Reference: https://www.virustotal.com/gui/file/a309e11a1eb76c83efa58d90a6870234603c819636e7acefea389790b6d83d32/detection

37.1.207.27:5555

# Reference: https://twitter.com/wwp96/status/1224385908394352642
# Reference: https://app.any.run/tasks/092bbf7f-4edc-4073-972b-e98000608a8d/

154.16.93.178:3376

# Reference: https://twitter.com/wwp96/status/1224777426305196038
# Reference: https://app.any.run/tasks/06d959a6-057c-43e2-af0b-41971499e6c2/

chommyflozy.duckdns.org
milky123.casacam.net

# Reference: https://twitter.com/wwp96/status/1225528218209394689
# Reference: https://app.any.run/tasks/255e11a7-fd7f-470a-b0a2-e4c557aeb2d2/

41.242.139.6:8484
legacy2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0230436c843aff9c00a762954bb2317e6a90c3c8b25d453fe3405805b22020b2/detection

184.75.223.227:56699
213.152.161.20:56699
213.152.162.109:56699

# Reference: https://app.any.run/tasks/45613eaa-cd76-409c-abd6-57d49c3245fb/

104.37.1.38:7902
rolandgeraldinelacotta.mywire.org

# Reference: https://app.any.run/tasks/7839af44-a26a-4b1e-885d-edee4e9aa7ae/

nj2ratt.ddns.net

# Reference: https://twitter.com/wwp96/status/1228361945780232192
# Reference: https://app.any.run/tasks/67e987d3-8e12-495e-a04a-aa965765cc6c/

41.242.138.29:8484
remcos247.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155
# Reference: https://app.any.run/tasks/657b7a80-7a29-4353-9fbb-d73b24100c39/

185.244.31.114:3090
backup1.gam2ng.pw

# Reference: https://twitter.com/wwp96/status/1229495413281054721
# Reference: https://app.any.run/tasks/d5332906-8319-4e81-a1b7-3cf6ee4f54d3/

185.244.30.16:8484

# Reference: https://twitter.com/wwp96/status/1229816791876198403
# Reference: https://app.any.run/tasks/091c477d-f4c1-41ea-a55d-8d6b6a70842a/

216.38.7.245:7279

# Reference: https://twitter.com/wwp96/status/1229810377959116800
# Reference: https://app.any.run/tasks/bff65255-585a-489e-a9a6-b9b31ccf56ca/

79.134.225.77:5151
mygodissogoodtome.ddns.net

# Reference: https://twitter.com/wwp96/status/1229843377711128577
# Reference: https://app.any.run/tasks/a38c2851-2556-4f73-863f-fd895d152cb1/

185.244.30.19:1930

# Reference: https://app.any.run/tasks/48f66baa-9be1-4325-9d78-54da7353f337/

jacksonsmit.ddns.net
185.244.30.16:8484

# Reference: https://twitter.com/yvesago/status/1230414301221019648
# Reference: https://app.any.run/tasks/3211cb34-3ead-4e2f-96d3-30d887c1a208/

79.134.225.52:1994
experience1994.hopto.org

# Reference: https://twitter.com/500mk500/status/1230557502862843904

191.101.22.21:1005

# Reference: https://www.virustotal.com/gui/file/3909a024c17e133fea95cbdc7e54a25d1144a24a78d43af4e84de35e00227b68/detection

79.134.225.38:4000
79.134.225.79:4000
iyamahrem45.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d97f1dc45bb4cc7224ac9fd00306abc925b8af72e0bc0520fd5a072f78318277/detection

79.134.225.38:1989
agshrf.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Generickdz-7586813-0)
# Reference: https://www.virustotal.com/gui/file/dfb75c837ea961311b96c32257c46ebfa53d679834cc6fbd207dae4c2a8297b9/detection

46.105.98.53:4782

# Reference: https://www.virustotal.com/gui/file/74c3a5f44d545c7eb905dced1d5b0ffb4a56a81e5b722c2252d0f60fba627318/detection

185.165.153.29:3636

# Reference: https://www.virustotal.com/gui/file/6a6784d34afba70572cc188f5853e06ee3ea5422fe80fc5e42bf3ff6203b5527/detection

185.140.53.139:3636

# Reference: https://www.virustotal.com/gui/file/7f9d115776d5a404d6b02a64473f3f4b2e36aa13bdd22b2437dc220385b65e09/detection

79.134.225.75:1234
sixteen147.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Ransomware.Remcos-7586925-1)

secure.jagexlaucher.top

# Reference: https://www.virustotal.com/gui/file/c5193ef79fb9a0e616eeb7904bc66b9aeb9b1c42aee393b6829f9617462664b0/detection

186.118.80.105:3201
186.118.93.21:3201
elcamionsr.duckdns.org
impindusltdz.duckdns.org
induspals.duckdns.org
induspalse.duckdns.org
msyswintxl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db12191309c125be008c08d8ba8444cf7a0240ea36b1f54aace2ba46bb3228d8/detection

167.0.102.88:3201
167.0.104.40:3201

# Reference: https://www.virustotal.com/gui/file/a352d00e0322a0e397f167c1164f7667c672935ba14d29c4f4b60f26d0a88f5d/detection

186.116.218.183:9134

# Reference: https://www.virustotal.com/gui/file/963abe7aa94c8b3e12e231e10c62ba00e3f89948edb77e017cb2eb25bc24ca56/detection

179.32.78.10:9134

# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection
# Reference: https://app.any.run/tasks/aab68fdc-ebbb-4416-be92-6469b1145c0c/

149.167.94.36:8754
167.0.101.103:3201
toolpres.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6416daf02055125dd7a513058a8c5a3e1bb97c049ae428ccb5c7600ab576ccb1/detection

94.73.22.187:83
bobbylight.zapto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1231999794035535875

185.140.53.214:1898
mercy01.ddns.net

# Reference: https://twitter.com/killamjr/status/1232457439229820928
# Reference: https://app.any.run/tasks/47b0c22e-98c8-4234-99af-5d23b31c74c3/

79.134.225.102:2030

# Reference: http://benkow.cc/export_rat.php  (Note: as seen on 2020-02-26 - filtered)

agbero.duckdns.org
civita2.no-ip.biz
dixenweb.ddns.net
ejiroprecious.ddns.net
emilylattaa4111.serveftp.com
firstclass197007.hopto.org
ichie.hopto.org
jaxboss.publicvm.com
keypay033.dynu.net
mdformo.ddns.net
microsoft24515062.serveftp.com
opitalia.ddns.net
provafood.ddns.net
semonsemon.zapto.org
vice.hopto.org
wecollect.duckdns.org

# Reference: https://app.any.run/tasks/4ed77208-4026-4fdf-b990-a66732c6e7f8/

jload06.xyz

# Reference: https://twitter.com/wwp96/status/1236003598812753921
# Reference: https://app.any.run/tasks/70206853-5fda-45bb-b99b-387b79dbd42a/

87.101.92.68:1067
servr1.willbeban1fabuses.xyz

# Reference: https://twitter.com/wwp96/status/1235999989685420033

185.140.53.4:5151
goddywin.freedynamicdns.net

# Reference: https://twitter.com/wwp96/status/1236020295225536512
# Reference: https://app.any.run/tasks/77f4fcf4-962a-4552-a70d-6a73b79bb901/

chommyflozy.casacam.net
unitransports.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1236812973156364289
# Reference: https://app.any.run/tasks/00c5eeea-f240-4a69-9e30-b68676cdd2d2/

185.244.30.14:7171
favournwa.ddns.net

# Reference: https://twitter.com/wwp96/status/1237468685415178242
# Reference: https://app.any.run/tasks/ae5b24b1-2e57-4986-ad20-ade9b057f9bf/

u864246.nsupdate.info
u864246.nerdpol.ovh
fs03n2.sendspace.com

# Reference: https://app.any.run/tasks/3b110d0e-15aa-4f3a-b592-fa1da1444a88/

185.208.211.64:2020

# Reference: https://www.virustotal.com/gui/file/d86075425ffb3c196e64ca71bcf7a0846df91444e53987638cf212dae52e5961/detection

79.134.225.112:2404
79.134.225.95:2404
41.190.31.245:2404

# Reference: https://www.virustotal.com/gui/file/da0f330f3e5992eb6c9dd0b38eaa332be093b04153c0fa1852b0b5309543c5a6/detection

79.134.225.74:8906

# Reference: https://www.virustotal.com/gui/file/44c13aa211c5571aec2cdb56f461d2f4309b4070a271dfaca037e8e56db87804/detection

104.37.1.38:7650
79.134.225.74:7650
Nanomoney.entrydns.org

# Reference: https://www.virustotal.com/gui/file/08dcfa6f7dcd4c907f01000ea4890dfaea8a386d9c3fee253127d1c6f6974810/detection

79.134.225.74:7890

# Reference: https://www.virustotal.com/gui/file/66137b5faf49de1ffa5990b57f6f4d8543ddb7b7a19d0e8bce53446dc1ee91d6/detection

79.134.225.87:5001

# Reference: https://www.virustotal.com/gui/file/1f524e469d0ee3bdb24feff5dead9b188f609c74beb90888cbde4c042a1075ca/detection

79.134.225.87:888
primspa1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b3f39059e7f85c0312423abd50a311e6f1df8e04136bf8e4bedb9884229e11a/detection

79.134.225.87:999
ziccusu00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/776eaa3b21ac18c01341a09b6db2dddd6049a70e3c5285de6474da7097049fc3/detection

185.165.153.158:3765

# Reference: https://www.virustotal.com/gui/file/e0f393f5a884cf5d65640260db9aa2b6d68a4be9e4ab8d0a27a911a0b3c876ce/detection

79.134.225.87:2404
lpisback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/39046a68d3a0b89281dd3e8d5713f76ba6cd15497279586cbf016bf6bac5eedb/detection

79.134.225.87:40099

# Reference: https://www.virustotal.com/gui/file/00bf0217afa40f1d254bb60b4885151fc8e7b0d22bbcc64e7c6c88144296cb76/detection

79.134.225.87:5578
osloc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac96d8c75320162a4e4e32760ece2b5ad066899ee5204c99bc2b2b17012fe4a4/detection

79.134.225.87:1630
tmppaparazi.dynu.net

# Reference: https://www.virustotal.com/gui/file/6eefcc4df76863d15eb7dd46148a156465db96d2a7c3a44c77a17c1434d06a86/detection

flasback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a770498f38ef674902cfc8879eb0ae88d2201d7fb5b61e63541244e10c2de7c8/detection

79.134.225.113:2404

# Reference: https://www.virustotal.com/gui/file/79843b0bc5b7770bf06ab747a069a34ef8933045b3a64c021f67823a602e90cc/detection

79.134.225.113:5355
79.134.225.121:5355
richarddsimps.ddns.net

# Reference: https://www.virustotal.com/gui/file/a13a787fe0a742da7f9d147e80dcb122b9fe8eaf60a78ca506c9a21149f99373/detection

79.134.225.117:666

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

185.244.30.251:1122
shabi1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/545212a4eb881f34fc2d3adb1f2bf62aa4e5ca37e7a1c7a8e4b5fabec0525386/detection

178.124.140.145:8652
pcent4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/db2524104c83282dd3d42a07f0cfe4fad0ed9b7a3e664caefe4b2669b027e083/detection

178.124.140.145:5132

# Reference: https://www.virustotal.com/gui/file/10f04c28ff3663fb84394c007d8d170e0a3b78bfd9c5b5a39c79ca7254037559/detection

178.124.140.145:7272
5.135.67.231:2404
aboki.ignorelist.com

# Reference: https://www.virustotal.com/gui/file/ddc1be7028b2502d6d9fd951e420decfe6346df4d9c5c98cdbbda0ec317e1690/detection

178.124.140.145:5000

# Reference: https://www.virustotal.com/gui/file/c52767fc4b82c893fddbe94767d0c488469ad05332f0216cbb07b7be3aecd62c/detection

178.124.140.145:1994
experience1994.ddns.net

# Reference: https://www.virustotal.com/gui/file/719d66b11a535ce3fc2cde6cd2dbc8de9ba14701ff39ed372fd0bb17e734a6f5/detection

91.193.75.137:1969
papi231.duckdns.org

# Reference: https://twitter.com/MSteve25/status/1240341489101803521

185.244.30.12:8970
remkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/38cf49c1fb4e9090ffaca117d64bb985e1df8d0b88952c2322b3230c76b44538/detection

216.38.8.179:777
newvision.ddns.net

# Reference: https://www.virustotal.com/gui/file/8cb4eb249cb024561fd1949a44f98356b95e60ba14c17f4ae4962fc0234df011/detection

216.38.8.179:1379
airsack.ddns.net

# Reference: https://www.virustotal.com/gui/file/a2e020e6642854a20d9b7523c29bb5e1a7fb730ddafbeccd53f5595ce596d179/detection

185.165.153.228:6868
bukamm.warzonedns.com

# Reference: https://twitter.com/JayTHL/status/1241125967424360458
# Reference: https://www.virustotal.com/gui/file/9a555e49a8804460c067fff544fba3663c8cc0be92a1a0ad92bb6fe1b8f206c6/detection

185.244.30.125:2404
jbarn.sytes.net
kenthomas.giize.com
rex2015.freeddns.org
rex2016.freeddns.org
rex2016.hopto.org
rex2017.freeddns.org
rex2017.hopto.org

# Reference: https://www.virustotal.com/gui/file/3eb378421462244e5ec0a6d50eca01badfe1f88160e0a758a567c7930dfb8290/detection

brhsapir.hopto.org
protopacink.gleeze.com
rex.hopto.org
rex2013.freeddns.org
rex2014.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/a90d204e48d815b3c3376552f5fc5a01ebcf115d6022abb3f97b1b111b079c0d/detection

financeff.hopto.org
jkharding2013.ga
jkharding2014.ga
joyceedwards2013.casacam.net
tylerfreer.ooguy.com
wrtan21.hopto.org

# Reference: https://www.virustotal.com/gui/file/753883fa972dda966abb3adad3cfc94f0a82ca128d1908df58bac3ba93e60bd3/detection

37.47.79.124:132
nocpnv.ddns.net

# Reference: https://twitter.com/w3ndige/status/1242138938501926915
# Reference: https://app.any.run/tasks/aa3e9e89-05d5-474c-a3c8-706699312a72/

91.193.75.7:7171
onyeoma111.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b31dab1a7fa6a0e3bc6f3fe2d856869d16c84f374b64e5ceca1bd73b18ab186/detection

185.19.85.158:7100

# Reference: https://www.virustotal.com/gui/file/02d100b77777705d86a940c8f3142fb4b125fdcb91a3be68797d40f19c6410eb/detection

178.124.140.144:7100

# Reference: https://www.virustotal.com/gui/file/f0dc6049711ee06b8f28bf1e9f596d9fbb3075d0aba1f3a0561127c97091fb9e/detection

178.124.140.148:7100

# Reference: https://twitter.com/baberpervez2/status/1242335218901663747

u864246.tk

# Reference: https://www.virustotal.com/gui/file/5560a23de5ed8b729830c1c515a9f5459e9e29cb6888d119638a4770b79754c1/detection

185.244.30.124:2404

# Reference: https://twitter.com/ScumBots/status/1242425273079017472
# Reference: https://www.virustotal.com/gui/file/abd4e6ee8152822c0545bd27a4f4c5114728873873e227044dfb48ecf1ecb37f/detection

149.248.160.226:7005

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

185.244.30.78:24048
185.244.30.78:34046
54.37.160.139:34049

# Reference: https://www.virustotal.com/gui/file/c23b6f93d8449166426d90a1cf9d468037f62e641bc50e7c1005da6f8be69608/detection

185.165.153.228:2019

# Reference: https://twitter.com/ScumBots/status/1244176813699616769

193.161.193.99:49483
193.161.193.99:50721
193.161.193.99:62254

# Reference: https://www.virustotal.com/gui/file/397f1ec81db07d97dc246c38a16ecf1eb5b7bbf900218a60197d2db446585e32/detection

41.103.10.32:5673

# Reference: https://app.any.run/tasks/e9a9e116-924d-4411-a454-9a841c51c39d/

185.244.30.123:5149
kirtasiye.myq-see.com

# Reference: https://twitter.com/James_inthe_box/status/1245714128695521280
# Reference:  https://app.any.run/tasks/cc60c746-1cf8-4adf-8055-4964111c1c9f/

23.105.131.161:7279

# Reference: https://app.any.run/tasks/d54e08fd-f22a-4beb-9ac1-633ebbe77584/

199.249.230.42:2492

# Reference: https://www.virustotal.com/gui/file/28e8568f488b4573da6b13cd3d8601e6a624098e45d773f37e4aa6f78a4d9fc4/detection

91.170.144.1:16800
themaster3314.ddns.net

# Reference: https://www.virustotal.com/gui/file/284b368d39d240ce2cda28e143d8d48205fc211379ace30e4abbb888402058d4/detection

79.134.225.122:5001

# Reference: https://www.virustotal.com/gui/file/ff66c3616bcc13713378f0b89c7f9a7d754ebdadd027b511a4599b1675b4841a/detection

79.134.225.114:5052
neshoitry.ddns.net

# Reference: https://www.virustotal.com/gui/file/b39a30e55d55c69ad75cd21cebb5be1749325cb10a05dbcc334964ef963f5d65/detection

79.134.225.114:2332
owensmith.linkpc.net

# Reference: https://app.any.run/tasks/0618ea81-3606-4992-be9d-d296c03d679c/

79.134.225.72:3800
vision2020success.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1248696301275025409

162.218.115.147:7070

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html (# Win.Dropper.Remcos-7647550-0)

malu1234.duckdns.org
erunski22.ddns.net
barrywill.hopto.org
chacert.gq
alljobnew.duckdns.org
elintec.site

# Reference: https://www.virustotal.com/gui/file/c3832484e342390c0a3c406da30af7d2536ff2e615714a95ed143f5ecd73be89/detection
# Reference: https://twitter.com/malwrhunterteam/status/1036972726404177921?lang=ca

140.82.57.249:8003
svchost.club

# Reference: https://www.virustotal.com/gui/file/eed983f0eedd7a3f07f49177b8fe0e18d89fa885359e70b02433afd4fb099818/detection

kabiru.ru

# Reference: https://www.virustotal.com/gui/file/b71f954a6371076f9c87b1005208bf5e712806af1f5e037b5eeaa6aadac6d7fb/detection

binexeupload.ru
stubbackup.ru

# Reference: https://www.virustotal.com/gui/file/df560a99f2f4fbd221ddfe1b9f6a9e3bea247677cd4512f74538568160d95126/detection

5.253.114.116:2404
sponsored-ads.co

# Reference: https://www.virustotal.com/gui/file/8f79778cf67b649928a83b3367814f15a2c74119acc90b6ccc819dedc1b83a28/detection

5.253.114.116:2405

# Reference: https://www.virustotal.com/gui/file/f761911e8a45e794bf89a605b14aa7b97785541a186ad593d3ec71e5a1494724/detection

5.253.114.116:2406

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/28ac3a50d51131f60e087aace3c06a5a9181f19f1b5830ca5a906074bb7cb449/detection

79.134.225.37:1332
gaming.smartbuyjordan.xyz

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.Remcos-7662156-0)

brockmax2v2.hopto.org
ch31238.tmweb.ru
danishcent.duckdns.org
harri2gud.duckdns.org
hjkgfhsf.ru
menaxe.nsupdate.info
omorem.duckdns.org
onelove03.duckdns.org
sabbbb.ddns.net
securehub.top
snooper113.duckdns.org

# Reference: https://app.any.run/tasks/9cb9db8b-9cb1-4bb0-9f94-8d692ea983c3/

185.140.53.21:2404

# Reference: https://twitter.com/malwrhunterteam/status/1253767947325235200

185.244.30.22:8970
79.134.225.9:8686

# Reference: https://twitter.com/malwrhunterteam/status/1254097817162915843
# Reference: https://twitter.com/James_inthe_box/status/1254102265876508672

185.140.53.9:47580
lachattemouilleee387538783444.duckdns.org

# Reference: https://twitter.com/Racco42/status/1255448660646735875
# Reference: https://app.any.run/tasks/67f663a3-1513-4aa3-9769-3e3cd9bb7ce3/

top.gaminjo1.pw

# Reference: https://twitter.com/Racco42/status/1257561671268208647
# Reference: https://app.any.run/tasks/af0223e5-6920-4b03-9df1-d3e0cc4e9856/

154.16.93.185:672

# Reference: https://www.virustotal.com/gui/file/71ae4c1afb9db6641a4bc94c7d48b83d5b2d0af8507620588e971c9c609c88d7/detection

103.125.217.169:2310
105.112.100.65:2310

# Reference: https://app.any.run/tasks/4914378f-0c6c-4348-944e-f332f7cc88dc/

181.52.103.140:1011
remcquince.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f69fcfb9de5546dc7b98f20d6d4f387f66e4583637f29a494cb664138d441a73/detection

79.134.225.73:7650

# Reference: https://twitter.com/JayTHL/status/1258880410416799746
# Reference: https://www.virustotal.com/gui/file/8ac973617b45c5d0ea2711e9ba025a2cd19a65a97cf82273845472c9ae74f2e9/detection

79.134.225.81:2266
coolta66.gq
coolta67.ga
coolta68.ga
coolta69.ga
coolta70.ga

# Reference: https://www.virustotal.com/gui/file/54c528daf8bbe5f232464f76e3f3ab482486b590009e5b4121896dfbca152ac7/detection

91.193.75.239:2266

# Reference: https://www.virustotal.com/gui/file/7ebf6d9d55089b045426dad354ba80120db475f16dc13dc9401e4ebbd10f647c/detection

79.134.225.105:2266

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Dropper.Remcos-7724400-0)

dolxxrem.hopto.org
goddywin.freedynamicdns.net
godspower19566.hopto.org
khalifa.dynamic-dns.net
mide1.ddns.net
millionaire232.ddns.net
myb22.camdvr.org
remcos.got-game.org
rex2017.hopto.org
rex2018.hopto.org
youngboss23.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f704c20024f02d19c096f82158d891dce7bf7a1b261dcce3226fd6d43b7fc64/detection

104.248.133.59:2403

# Reference: https://www.virustotal.com/gui/file/4b13bb36220d46ab9fa89c4163c8ec571fe0c113af00773d0968fa51c4056bbd/detection
# Reference: https://www.virustotal.com/gui/file/8df9bddf123ffa3fa0f312d56bedde096310a02676e2b023530d8cd6856caa37/detection

185.140.53.18:7082
freenigga.ddns.net

# Reference: https://www.virustotal.com/gui/file/678cbb81b782c58df5e2790b34e9a9a8a4d3af1b0a17fd320bf27111e959bc6d/detection

185.140.53.43:2404
godwin12.warzonedns.com

# Reference: https://news.sophos.com/en-us/2020/05/14/raticate/

cashout2018.ddns.de

# Reference: https://twitter.com/JayTHL/status/1261339604239646723
# Reference: https://www.virustotal.com/gui/file/d76de8b8be89cd4dbe4f861cd4152eae2fafa783bace624cae1b231d8de8da3e/detection

194.5.99.146:1982
testbush.duckdns.org

# Reference: https://twitter.com/dynamicsoaring/status/1261048946438397953
# Reference: https://app.any.run/tasks/3f7e4a16-00dd-4168-9552-db30c5194c05/

185.140.53.69:2404
doc4.ddns.net
doc5.duckdns.org
donald30m.gleeze.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Remcos-7771461-0)

experience2477.ddns.net
godsfavoured.ddns.net
jbcbeads.myddns.rocks
johnhoff2.hopto.org
lakeside007.awsmppl.com
myb50.myddns.me
nagod.ddns.net
rex2018.myddns.me
rex2020.myddns.me
u863495.awsmppl.com
xxxxza.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/98f031407df4d599b9027f8e672436f1b61876048529a1304bc3118c82d42bd6/detection

185.244.30.247:4045
enmark81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5171603aba08d750c97604eb510f3586245b86eaae0cb08461d734c72258e95/detection

185.165.153.238:9210
mtz11.duckdns.org

# Reference: https://twitter.com/Bl4ng3l/status/1264862595082788866

194.5.99.143:6666

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

79.134.225.98:6996

# Reference: https://www.virustotal.com/gui/file/95e5e81e7413f7c7c5294525ec7e0ed2f1f022d0e2ce02717483d7e3ba438bf9/detection

193.218.118.190:42017
site.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Malware.Remcos-7914589-1)

boot.awsmppl.com
coolcc1.xzy
coolget1.xzy
coolta1.xzy
coolta2.xzy
coolta71.com
dolxxrem.hopto.org
goddywin.freedynamicdns.net
latua.nsupdate.info
newdawn4me.ddns.net
thankyoulord.ddns.net

# Reference: https://www.virustotal.com/gui/file/91842f75fd9b77f4e8d171b6103d26ed7fde38232ef520ee2b066c2ba7381bef/detection

41.111.43.45:1337
sh.sytes.net

# Reference: https://www.virustotal.com/gui/file/0ffdd28e152681a8abca0a9c7f88ba1cd7b945c7ee2df82af6606adf4a426f0f/detection

197.207.171.72:1337

# Reference: https://www.virustotal.com/gui/file/2830a6a923b2d7ff9c4839672db11f64675732aa4d44343b9b7573ca4d6486a1/detection

45.74.35.38:1144

# Reference: https://www.virustotal.com/gui/file/d76483dd726209229a345e0d3856094275e62326ba800cff3b506ba6b7aaca5e/detection

197.207.191.156:1144

# Reference: https://twitter.com/ScumBots/status/1270113968649113604

134.249.160.9:7777

# Reference: https://twitter.com/JAMESWT_MHT/status/1270365125464203264
# Reference: https://app.any.run/tasks/5f6b1ed2-3f06-4a9c-b4f6-b8bc9c757a17/

193.104.197.27:4229
193.234.95.68:4229
newrem.duckdns.org
servr2.plzbanif3abused.xyz

# Reference: https://twitter.com/reecdeep/status/1270747853573537792

185.244.30.113:6996
eastsidebandit.myddns.rocks

# Reference: https://twitter.com/JAMESWT_MHT/status/1270981434703056899
# Reference: https://app.any.run/tasks/821468ce-9c90-48fb-afe5-7df3e1096df4/

194.5.99.132:42017

# Reference: https://twitter.com/MalwareConfig/status/1271561068167512065
# Reference: https://www.virustotal.com/gui/file/d810038d3a2198564a3fe1a23260f4adef32385f265f1d79f77ff1b282f09710/detection

144.217.255.52:10134
phazeonrunescape.ddns.net

# Reference: https://www.virustotal.com/gui/file/09a16ee256f6a7b289e4a65013e3cd9f2c271d14ab1bf44ed89b856aeb13f2c2/detection

36.70.188.129:9798
uqm.ddns.net

# Reference: https://www.virustotal.com/gui/file/48404246cff844b59a4734b2ac30a05b4fa1a6f8750a7eb6ef403db312b7ba42/detection

23.105.131.141:8811
nagod.ddns.net

# Reference: https://www.virustotal.com/gui/file/15d899d86ec22da49666a2e19883acf76c17f8c0fb4cc79f6860de2e687b7061/detection

216.38.7.231:8811

# Reference: https://www.virustotal.com/gui/file/4691e58de9940ece438bdf64bcfd43d3186a1a19c9fe43b5164e6a83d60f5f08/detection
# Reference: https://www.virustotal.com/gui/domain/dns.dunamix.me/relations

185.244.30.82:2048
192.169.69.25:2048
dns.dunamix.me
easter87.duckdns.org
oluchi.ddns.net

# Reference: https://www.virustotal.com/gui/file/a8d761e48b662116fd637b656e6138e3cfb902af76ecdb31e73ddde18f0affa5/detection

216.38.8.168:8787

# Reference: https://www.virustotal.com/gui/file/0b4964c33138a53c916b451fdaec7372f9e238361a9bbcde428cdd941f1d7f11/detection

216.38.8.168:7070

# Reference: https://www.virustotal.com/gui/file/d1649b71e9c38f0dc10838f258998914a966fdb2caccd78f210cc34707420497/detection

23.105.131.154:7070

# Reference: https://www.virustotal.com/gui/file/efe9c3a82e0b98a6b144d86f06ec68e8f6b3d735117de23dacc598ad2ab1dc37/detection

23.105.131.154:5050

# Reference: https://www.virustotal.com/gui/file/e0d227ec8d25b5d6b05b931435fed286895edbfe9990a388c925e0b91911e9d3/detection

185.244.30.82:2048
igbo.hopto.org

# Reference: https://www.virustotal.com/gui/file/063cee4d23dc9351a9805b239fb6ddd531af5d7a4657919b5feeab757f877ec7/detection

185.244.30.17:1965
ifeanyiogbunebe.ddns.net

# Reference: https://www.virustotal.com/gui/file/eefb8c8f6588ed3c764a1384fae0da22874ba64bedac4ba1a7b92fa08878cb8d/detection

91.193.75.27:7070

# Reference: https://www.virustotal.com/gui/file/0cdfbe3c9db21651126b282d338539c625748118f6a1045c3d5c12d5e12f0d3c/detection

91.193.75.27:1990

# Reference: https://www.virustotal.com/gui/file/20c0e5b7620d51b026ce693ce54ccdf0dad76fcda9747913feeba3f8d34f25e8/detection

185.165.153.17:1120

# Reference: https://www.virustotal.com/gui/file/373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3/detection

185.165.153.17:1010

# Reference: https://www.virustotal.com/gui/file/b097d38be9a17b46ba76b5eb4c22b3201af79492bef21a8a765128337a55f57b/detection

91.193.75.5:8678

# Reference: https://www.virustotal.com/gui/file/2003c5fea62a63caca412982a0a5d7288fe7b5a063eebc7c9b84ea7baab539b6/detection

3.126.37.18:10752

# Reference: https://www.virustotal.com/gui/file/14cd5671644e47f0336603c7abfd8868c066e52e2d1411f42b2987d35b00ce2e/detection

18.197.239.5:10752
3.127.138.57:10752

# Reference: https://www.virustotal.com/gui/file/63955e38216c81a4fcee2be6cbb14273bd57abab9e7b2042fbe2100e44aad91b/detection

185.140.53.11:8090
newbackomo.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1272889477430722562
# Reference: https://www.virustotal.com/gui/file/af167bda48f2c529f5c40634b0656e1a200806b7f04fa340c6f2cc649da6cde4/detection
# Reference: https://app.any.run/tasks/f7950d7e-918d-4044-b82e-aca79ba124d7/

http://91.235.143.133
185.244.30.113:6996
twistednerd.mywire.org

# Reference: https://twitter.com/reecdeep/status/1273201836858716166

flambouyantpapi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/414d4369268bd3d1c22d2c295e2b5af0cf11c09a754a99be438c4a14f37f6896/detection

185.140.53.18:7082
baby212.ddns.net

# Reference: https://pastebin.com/eifTii1e
# Reference: https://app.any.run/tasks/cc1f12e5-66d8-4b74-b1e7-904a2c2b3dfa/

194.5.99.29:1400
protondata.myq-see.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275720358658793474
# Reference: https://app.any.run/tasks/de05898e-058b-4955-a98b-fe7d2e1c5e31/

cobbtownholiness.com/king/search/frontend/host/town/index/crewe/Attack.jpg

# Reference: https://www.virustotal.com/gui/file/fd446f0c654fd5e240c025a49b22c82391e94fcb7d3c6c98cb99137ff665c13d/detection

194.5.98.111:5422
morrishittu.ddns.net

# Reference: https://www.virustotal.com/gui/file/35095733c5364f67a3226c5de81ff2caaf0524a097a3c1c3e06272d5706d00f9/detection

185.125.205.73:5422

# Reference: https://www.virustotal.com/gui/file/7db77a40561aa86261d37b5e5941d5b1bfa3e0d9aeb62abea87bf7e6a26ed71d/detection

185.247.228.165:5422

# Reference: https://www.virustotal.com/gui/file/587a47a6e509433e808a3d6aec6cd7fe4602f331f94c44eb7b35a643852b4bb8/detection

85.203.22.68:1419
95.0.134.226:1419
91.193.75.235:1047
morrishittu.linkpc.net

# Reference: https://www.virustotal.com/gui/file/813643336711b2753845b25bf7ce235e06dceaa4066e32fb9c986cea0b458c83/detection

91.193.75.235:1047
91.193.75.235:1419

# Reference: https://www.virustotal.com/gui/file/8b5f39b1886022b9eb1e343f2c050fa263a5c7f121942b421d27d8548df90a2d/detection

129.205.114.28:5422

# Reference: https://twitter.com/pmelson/status/1280322293965688832

boleto.duckdns.org
camera02.ddns.net
cdtsupremo.duckdns.org
guestbooking.ddnsking.com

# Reference: https://twitter.com/Bl4ng3l/status/1280415293521739778
# Reference: https://www.virustotal.com/gui/file/18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195/detection

194.5.98.23:1965

# Reference: https://twitter.com/iamwinstonm/status/1281715105391140864

fgdjhksdfsdxcbv.ru
karimgoussd.ug
smiothmadara.ug

# Reference: https://inquest.net/flash-alerts/IQ-FA008_Remcos_Maldoc_Utilizing_Macrosheets

47.106.112.106:8032
update.huobibtc.net
update.office365excel.org

# Reference: https://www.virustotal.com/gui/file/30973f3f141356fa1b6f7435575dec35971702185013e246ba7a68a8e51c391c/detection

185.140.53.10:7171
zimchi2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73/detection

79.134.225.111:20207
magiobi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b718c4fe8e03c60658ddf0a98496c0cfd06bddae6884b28c57d5897c837ad57d/detection
# Reference: https://www.virustotal.com/gui/file/767509d1864123651103929b145e83d3c56d230935ff11a2a1d8b5566aedc7b6/detection

185.165.153.37:9111
194.5.97.125:9111
rem-pounds.zapto.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1285177330508464133
# Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/

185.165.153.90:3949
myfrontmanny.duckdns.org
myfrontmanny.ddnsfree.com
myfrontmanny.ddns.net

# Reference: https://app.any.run/tasks/1bc823c2-5852-41d3-b745-9eb26008de1b/

107.175.32.212:58826
79.134.225.32:8950
babushkaboy.myq-see.com
rapture666.myq-see.com

# Reference: https://www.virustotal.com/gui/file/5b9361351db7c650fa5ebbd9eca3f9601da77d6165f7a02a0f7c3b694ac2872c/detection

95.181.157.6:3333
rem.payeermine.com

# Reference: https://www.virustotal.com/gui/file/43a7ad11c500e6f3338f620a4056ae808ef5b61cd13b621bbf7d2e04122a61ec/detection

51.161.96.106:3001

# Reference: https://www.virustotal.com/gui/file/93241314c69219ff7ad7f7be291a8320a20ea4153898f7c660976812bfb57e0e/detection

194.5.97.15:3871
okamoto.hopto.org

# Reference: https://www.virustotal.com/gui/file/3bfa63455e4936d261be757e92b1acae0b3a03870e7b81b5581a0ef46b954ddc/detection

194.5.97.23:3871

# Reference: https://www.virustotal.com/gui/file/b673fe86224dba05fa6b976aaa6561709b8b3fc370dcef01c798d7f5d3414728/detection

46.38.151.236:3871

# Reference: https://twitter.com/reecdeep/status/1293089692418822145
# Reference: https://app.any.run/tasks/38a328b5-b9f5-4be5-8ece-635692b6893d/

79.134.225.52:6666

# Reference: https://bazaar.abuse.ch/sample/10ec185be9504c09a3c52c97abc34b879f4224459f154a57a56ab15df1829208/

185.244.30.243:46617
79.134.225.32:46617
boyflourish.myq-see.com

# Reference: https://www.virustotal.com/gui/file/52e7edc928a8ebe518c76972d45dec866927a7f7fc672a99f92b0d92a4479826/detection

86.99.25.192:5552
empirepvp.zapto.org

# Reference: https://www.virustotal.com/gui/file/1f38232ff5cc0a22f104f4efff9724183cc4551e7d93047a28df6496ea13a59d/detection

deeminol063.hopto.org

# Reference: https://www.virustotal.com/gui/file/67680350052c8774c2173e716367760200dcdcee362d317e5ee3dd97222ed887/detection

194.5.97.11:2404

# Reference: https://www.virustotal.com/gui/file/9308214d32419cfd7af3203fb1982798b270554888a50679655959dbab1ad957/detection

216.38.2.205:4050

# Reference: https://www.virustotal.com/gui/file/81abcabdc6ec5f22cf55310f31d596bdbbac2fe24adbed126fb5124d74d85800/detection

94.194.4.192:2404

# Reference: https://www.virustotal.com/gui/file/54695494b42242c0b442851febff5eff3ae97b457278323ea32ed70bb9397e36/detection

51.15.22.167:20202
regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/68a42b25fb48d8337952e1dda259ef0c1922817b8bd8eb5c13ad199fb9cca4ce/detection

51.15.22.167:20402

# Reference: https://www.virustotal.com/gui/file/e546566be4ea436e1fa7a62f7ffd531525fddc4484b83e571025984d12a4fe77/detection

216.38.7.231:8811
nagod1.ddns.net

# Reference: https://www.virustotal.com/gui/file/14f58e94b51704d4f0d0540f47cf1a06175e9919aeb9ba58d209adece64a737a/detection
# Reference: https://www.virustotal.com/gui/file/bdfd5e1d7d560ce9656e4b4594ff1bddbb6b44993c8e7d2aa6ae21a10c08a6e0/detection

82.102.211.13:2404
82.205.33.194:2404
googledrive.dynu.net
googledrive.linkpc.net
googledrive.myftp.org

# Reference: https://www.virustotal.com/gui/file/52b9c393d076fe63033126e342e7987e464f016bb70601356365481738042670/detection

centos4u.strangled.net
kellop114.myftp.biz
ostopol.myftp.net
satell990.dyndns.org
wertopol.strangled.net

# Reference: https://www.virustotal.com/gui/file/d5c98032ca72405fef0d8d88380730fa85bc892ea2a38ef42395bb3fca861bdc/detection

spartanrulz-32158.portmap.io

# Reference: https://app.any.run/tasks/e90145d2-b04c-46ee-b58b-708ef4472880/

185.19.85.159:672

# Reference: https://twitter.com/58_158_177_102/status/1302863025121058816
# Reference: https://app.any.run/tasks/9f56a787-bd36-4741-adb6-2ad5e556ae23/

193.218.118.190:42020
style.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html (# Win.Trojan.Remcos-9753190-0)

eysk.city
edhrtyujffd.xyz
muhoste.ddnsfree.com
menstyle.duckdns.org
boyflourish.myq-see.com
mysticalsailor.myq-see.com
vikingo1928.duckdns.org
3houturk.casacam.net
foustraje.mywire.org
koustaeik.dynu.net
2houtie.kozow.com
houstus.gleeze.com
keking.myq-see.com

# Reference: https://twitter.com/reecdeep/status/1311252180670742529
# Reference: https://app.any.run/tasks/df3d660c-3bc6-405c-9efd-4cad0b9bf066/

79.134.225.83:8638
incidencias6645.ddns.net

# Reference: https://app.any.run/tasks/f2301ec1-9e5a-488e-a351-dc94c209860f/

103.147.184.53:4042

# Reference: https://www.virustotal.com/gui/file/689dcaa3c134cbccfb0c10d14c668c7b71334da8f7710503e03ed5bc8d714b97/detection
# Reference: https://www.virustotal.com/gui/file/a46df0abf052617a893f0d4093f77021f2c23e7e133f10ba2f222fae03020cd0/detection
# Reference: https://www.virustotal.com/gui/file/575bdd6efa08ed4ec3a18034716e35fd2444f1d37a43de6edaaf4ff0a18c5b60/detection

103.212.228.68:2404
103.212.228.68:7271
45.138.209.39:2404
45.138.209.39:7271
we.fanasp.co.kr
we.fanasp.com
we.oneasiaex.com

# Reference: https://otx.alienvault.com/pulse/5f7c5d703a6e8fae8295a637

doublegrace2020.ddns.net

# Reference: https://twitter.com/InQuest/status/1316097241489301505
# Reference: https://www.virustotal.com/gui/file/c1092cf4a7c2ddf97cc2e18a63fa7b7aae817995e995de5e774c8b141785d18f/detection

185.244.30.243:40619
voodooangel.myq-see.com

# Reference: https://twitter.com/ps66uk/status/1316126806232256514
# Reference: https://app.any.run/tasks/730d0464-45fb-4b4d-823c-db1ef0cc9a07/

79.134.225.48:1011

# Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html (# Win.Dropper.Remcos-9775269-0)

bushuc009.duckdns.org
fuckfuck0.ddns.net
insidelife1.ddns.net
rromaniitalfoodsinc.zapto.org
u875414.ddns.net
zubbymoney4life.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1318087844359974912/
# Reference: https://tria.ge/201019-w9w13727jx/

95.217.144.93:5864

# Reference: https://twitter.com/reecdeep/status/1318469829268000768
# Reference: https://app.any.run/tasks/c05755c4-b1f3-4ddf-a3b1-9e368976d6fc/

115.134.23.40:2910
115.134.23.40:6639
115.134.23.40:7762
194.127.179.245:7762
rromaniitalfoodsinc.zapto.org

# Reference: https://www.virustotal.com/gui/file/4dad95676736402a2fe6368eb4efed088f4898cf85c8f6e2abda6e94efd8e77e/detection

185.19.85.141:8808
21421412515215.ddns.net

# Reference: https://www.virustotal.com/gui/file/d90248d8d9d8fb8bdd69bca18f09acaebfbe2935292bcf54def3b21195e920b4/detection

193.161.193.99:34775
revenge01-34775.portmap.host

# Reference: https://app.any.run/tasks/f9925414-f338-4f5b-8add-f9e34fa9500e/

79.134.225.20:1980
bushremcos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0bedf163c25f8a5728ff01ff7e163eaa6205e05d9811397ce3e8ab0a151d53e1/detection

185.165.153.243:2021
79.134.225.30:2244

# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.166/relations
# Reference: https://www.virustotal.com/gui/file/7845e2797aaa8ebce29c1fee5704578cb15211bc85447cea5b2c7da9010c0ba7/detection

23.105.131.166:2888
gsky.warzonedns.com
ounixpro.duckdns.org

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/1a1924da9d272ea46f8a0a62d7e2ecf01746e9a7621c8b1c36950788c3a3bd8c/detection

u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/62d88acc465626086cf8a5e266f2fbcd2f51bc3c462a236b0c9349e70b5194a9/detection

185.19.85.149:6667
jaffinryu.loseyourip.com

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection

198.23.192.204:41289
jollymorgan.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b71e07e53baaeb13a8f617b56ba6944529401798ef32c55f9fb362f0531983ab/detection

79.134.225.50:42025

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/dbabf85d66c08e57af2a3ffc46b5e915291849b19aa00f1ab9ab61d5b0fe7bfc/detection

185.244.30.226:2267
kay34.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1323941877918388226
# Reference: https://app.any.run/tasks/9de16759-7dfb-4c15-9c2d-26e1951b9fe8/

185.140.53.129:4354
uzbektourism8739.ddns.net

# Reference: https://twitter.com/anyrun_app/status/1326050738607452161
# Reference: https://app.any.run/tasks/bbfccd29-2c3b-4a71-8713-63285f610029/
# Reference: https://www.virustotal.com/gui/domain/indoreisenslovenia.com/detection

indoreisenslovenia.com

# Reference: https://www.virustotal.com/gui/file/75250cab773991fd76bf14b8c397b2f143100cf5b13f3213528167e43409a537/detection

5.2.68.77:2404
hassavanarel22k1.xyz

# Reference: https://www.virustotal.com/gui/file/f21dc0aa7ef43f5799073c250f581c7c8ec1f7a1ec8518fb90b3df4759075472/detection

64.188.18.166:1983
honoexpress.linkpc.net

# Reference: https://app.any.run/tasks/66dadbe4-2d6e-4f7a-8d17-6a833d0a5ce5/
# Reference: https://www.virustotal.com/gui/file/680998e260bbd7b843f923f3ae3c1fcadbd1037fbd795c7da98149876f791e7b/detection

205.185.125.42:3014
cupidwap.com

# Reference: https://www.virustotal.com/gui/file/6ba00445a5c30db7e57de9335d2afc28a63315badef37d97af8b602b9e820aeb/detection

185.140.53.231:5050

# Reference: https://www.virustotal.com/gui/file/a20bf2ab10263ca3dd2ada84854a22d9e6fd9029925ed65cef91765f6347aa66/detection

79.134.225.37:4050

# Reference: https://www.virustotal.com/gui/file/9128e156ef2c0ed95d615729316ff82615354d6509e30a2e931913cb574dd4dc/detection

185.185.3.40:2404

# Reference: https://twitter.com/James_inthe_box/status/1331333639464841219
# Reference: https://www.virustotal.com/gui/file/e18773082c76655f9222fd26198eab9011af2bebea85fb4c7d525e37e3e84024/detection

79.134.225.120:12489
daemontime.myq-see.com

# Reference: https://otx.alienvault.com/pulse/5fbe488fe0a954169992d27e

al-sharqgroup.com
deviatefromnorm.com
sandshoe.myfirewall.org

# Reference: https://www.virustotal.com/gui/file/52e6d14ed04c5d7b44a0966a6357a62c8ab7550cda38c37f3c6c11bc0ff19f60/detection

5.39.11.47:2404
citym.camdvr.org

# Reference: https://app.any.run/tasks/b3ddcec2-f0ee-4a87-9fef-5ae96671dffe/

45.10.88.89:2404

# Reference: https://app.any.run/tasks/f5fde18d-e250-4011-a63a-bb63732935ba/

185.19.85.183:5004
stellionlab.com

# Reference: https://otx.alienvault.com/pulse/5fcf6bf6695f8abeb583b291

agentpapple.ac.ug
agentpurple.ac.ug
agentttt.ac.ug
brice.ac.ug
darkangel.ac.ug
nilemixitupd.biz.pl
taenaia.ac.ug
doublegrace2020.ddns.net
softg.duckdns.org
u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1336585927221768193
# Reference: https://www.virustotal.com/gui/file/e4adc99ec527422ee85c7260633d9e7abe452215f6c68bee28b4d4e8ac48d4db/detection

85.114.134.130:5850
85.114.134.130:5851

# Reference: https://app.any.run/tasks/cd97dd8f-a088-4c78-80c7-66c6b47e297a/

194.5.97.32:959
softgee.duckdns.org

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html (# Win.Dropper.Remcos-9802952-0)
# Reference: https://www.virustotal.com/gui/file/f862eb253778c7b1c35349d798736124d7ee97db446217b2e5962fe2431d1e46/detection

185.140.53.129:3871
waxb.ddns.net

# Reference: https://app.any.run/tasks/d73cc422-8f5d-4d45-9f4d-b58a2ecb5baf/

181.48.139.42:6695
postreg.caserogourmet.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1339442811092013056

mute-saga-0240.lovesick.jp

# Reference: https://app.any.run/tasks/8cf679a2-d1e1-4bd9-be0d-93da9c9fa041/

185.140.53.225:6609
cato.fingusti.club

# Reference: https://www.virustotal.com/gui/file/94ec48d884762cb9f15584b01baa677445daa83d4093ccae7f70f6773b949799/detection

81.136.50.222:1604
hamstro1.hopto.org

# Reference: https://www.virustotal.com/gui/file/5cbed2f8a5fdadbd99816c4c8792bd51a2db7479f80bf70409f0f257f942d0c9/detection
# Reference: https://www.virustotal.com/gui/file/6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275/detection

185.244.30.180:4902
185.140.53.202:4902
4sureme.ddns.net

# Reference: https://www.virustotal.com/gui/file/134a6f4d0867df4570a3c569a0a5be3cca92537e8f27ff169e89c3eefa59fe6b/detection

194.5.97.198:2021

# Reference: https://www.virustotal.com/gui/file/849c170a469dc6f5b1bc190923744b08c51ea0ea593e435f0121b874af58c3ec/detection

185.140.53.221:2404
194.5.98.145:2404

# Reference: https://www.virustotal.com/gui/file/fde81d8213468a66ed189297ca748d5c4f07963d5cf33d622f245cd76135ccc8/detection
# Reference: https://www.virustotal.com/gui/file/80eb23e554c801edb57a51883e0ac40d26fa6aa8f764a2d30d31e451359486cf/detection

109.163.234.141:19109
185.206.225.59:19109
86.105.9.67:19109
sub2.xboxjordan.waw.pl

# Reference: https://www.virustotal.com/gui/file/72afbcd580f1ab2994b13938db2fad12fdd7619961d346a220fc2110d348490f/detection

89.249.74.213:50119
wghavenn.airdns.org

# Reference: https://www.virustotal.com/gui/file/03e055979496752e7f81aed9884a6acbcbeda20148e60f7b5d8eda30852e4e23/detection

2.58.47.203:50119
wghavennn.airdns.org

# Reference: https://www.virustotal.com/gui/file/461aeaa36397feb9322660fb537a2c976f6ef41509d428993c924279ca6c7f56/detection

79.134.225.28:24007
mariasteven1.ddns.net
mariasteven1.hopto.org

# Reference: https://twitter.com/malware_traffic/status/1346947588075868161
# Reference: https://www.malware-traffic-analysis.net/2021/01/06/index.html

79.134.225.92:2889
whatgodcannotdodoestnotexist.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/17/h/cve-2017-0199-new-malware-abuses-powerpoint-slide-show.html

192.166.218.230:3550
5.134.116.146:3550

# Reference: https://app.any.run/tasks/837b76df-3fc8-4b34-8a61-f25d1a32c4b8/

45.137.22.52:8780

# Reference: https://www.virustotal.com/gui/file/15598151d970675376778697c2c6498a104856b88a58fdc2c663a35574892abe/detection

193.161.193.99:31403
35.225.160.245:5762
agaoajz1hrvevre.info
bcbncq393z3hplq.club
cbiq1neygyp1wno.info
cedsxoisslv2nim.club
cwt1u0vv8ic357ov.info
gwty0fig58dcq6f.xyz
maui16azsncpo97.info
mj99puoba6c3gun.info
pgqduoyxvzennam.xyz
pmfiryhhkin98px.xyz
poykoqnl7jkj632.info
se2qwz60l2oxznm.xyz
tu90to3b4q4uqze.info
usd7o88wemlutx5.xyz

# Reference: https://twitter.com/fr0s7_/status/1353668898994999296
# Reference: https://app.any.run/tasks/5e41e266-b135-4604-b58b-9facafe8d0dd/

54.39.198.228:6332
moneyds.ddns.net

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

185.140.53.149:6969

# Reference: https://www.virustotal.com/gui/file/ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930/detection

185.140.53.12:1170
185.140.53.12:1180
anonfriendz.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b77ee0649ca157f9c5bfa3f1a81425bb8a72d704e7298fff81936843c2714443/detection

185.244.30.3:1170
185.244.30.3:1180

# Reference: https://www.virustotal.com/gui/file/54943c180b2fa915dd676406c3ef2c61597da86b982de4a685d59288e08888dd/detection

185.140.53.138:1170
185.140.53.138:1180
96.47.236.78:1190
tradeworld.duckdns.org

# Reference: https://app.any.run/tasks/ac3857dd-b08b-4dbf-8d37-1e941949eee0/

46.243.248.15:2177
gdyhjjdhbvxgsfe.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/375f949cba028f5722641af5c2b8d62086639d0663796ea01ac18cd1470184d2/detection

13.59.15.185:16391
3.138.45.170:16391
3.22.53.161:16391
3.128.107.74:16391
52.14.18.129:16391

# Reference: https://twitter.com/malwrhunterteam/status/1356889417030500353

datamicrotransfer.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1356909089746530304
# Reference: https://www.virustotal.com/gui/file/df2b517d9777fb1b734d1f25e7eac6f5217988596427086c7821a272f1fd9abb/detection

185.244.128.34:2404

# Reference: https://twitter.com/petrovic082/status/1357010449909350408
# Reference: https://app.any.run/tasks/91c4e993-c6d9-45e4-8863-8c6d6baed913/

79.134.225.114:1814
covid19safety.myftp.org
mercyofgod.myftp.biz
mercyof4god.myftp.biz

# Reference: https://app.any.run/tasks/b0dc1122-9b02-4592-996a-6a27952af5bf/

37.252.11.23:6969

# Reference: https://www.virustotal.com/gui/file/3efd0b10958683468b618a94f3b3888d6879c190b7e1c7425a23fc434f64271d/detection

66.42.107.233:1337

# Reference: https://otx.alienvault.com/pulse/602128ef6c24b8ff3a8da56b
# Reference: https://www.virustotal.com/gui/file/95977953d059ed0e495628fc2906d05c1bfce1d8154adce122db8e19b01ba398/detection

starbuckscoffeeohyea.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a4991196a119e42c7256e986d66df9b2b8f8bf5e43353c195cd495634231103/detection

46.243.230.51:2177

# Reference: https://twitter.com/reecdeep/status/1359110973009899520
# Reference: https://www.virustotal.com/gui/file/1e5a328f760c35f905390fb4bcf0eefa75936c79a43e22ca7557da0e315c72ed/detection
# Reference: https://www.virustotal.com/gui/file/926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff/detection

194.5.98.14:7369
highwayraider2021.ddns.net

# Reference: https://malwargsecurity.com/2021/02/08/remcos-rat-net-unpacking/
# Reference: https://www.virustotal.com/gui/file/3908ede26aad1fc2a1db9d3a26a017549b40ebc7d73d731fcb5691aab82b830f/detection

68.9.207.24:37845
transcendentalistschool.com

# Reference: https://twitter.com/r3dbU7z/status/1359374669921550336
# Reference: https://www.virustotal.com/gui/file/c062b4a790666b338f7955ea792605bf0244a8d36cb1050c602727ff6d654e36/detection

37.120.137.254:30288
remmyma.duckdns.org

# Reference: https://otx.alienvault.com/pulse/6023cbf090368b63de15730a

tanjiim19713.sytes.net
xchilogs.duckdns.org

# Reference: https://app.any.run/tasks/711e1f28-747f-4e74-b634-dd377aa9531d/

186.169.39.242:3202
resener.duckdns.org

# Reference: https://www.virustotal.com/gui/file/52f07520a01a6da3c6bc7545fbc53fc567cd4cdce70f25d849cd32d163474d45/detection

obereagujnr.damnitjim.xyz

# Reference: https://app.any.run/tasks/f1e86c26-0af4-4181-ab13-ed53844fa708/
# Reference: https://app.any.run/tasks/7d1dad7c-6c33-44f4-82be-1cf81a5ae55c/

185.86.106.202:3234
79.134.225.96:5397
gentamakina.com/tt/
marstonstyl247.ddns.net

# Reference: https://twitter.com/reecdeep/status/1361943725354741761
# Reference: https://app.any.run/tasks/02066148-b1e0-4e0c-b503-b468d1929467/

79.134.225.11:2021
talkmyown.kozow.com
talkmyyown.kozow.com

# Reference: https://app.any.run/tasks/bc1c9de5-d4ad-4293-ab89-0336089d0c9c/

78.198.121.158:666
yifflez.ddns.net

# Reference: https://otx.alienvault.com/pulse/602fa97362b6279a63a34907
# Reference: https://www.virustotal.com/gui/file/adda1acb8d885b3725058cf0a26d22b0c98a80673126a7bf7216ac7f6ba86005/detection
# Reference: https://www.virustotal.com/gui/file/d10921fef4f5d706859246d7e4f988f7df830d59e2ba6daab16665fd5637a16c/detection
# Reference: https://www.virustotal.com/gui/file/8a59bb0e1678af1df0b5d32e17ecc543310876b8b27ed18350ffced305ac32bd/detection
# Reference: https://www.virustotal.com/gui/file/71321f5d0edaa1d1bd1a9f4f931233a02cf2bf4919954b4c8337aea75f100feb/detection

103.151.124.64:2243
103.153.76.111:2667
103.89.88.238:4299
160.177.121.69:59
adadwdgfgdfg.ddns.net
sknre.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1363765805314420739
# Reference: https://app.any.run/tasks/e79ebc0c-f8fe-483c-a4df-3419b26895b5/

194.127.178.174:4021

# Reference: https://otx.alienvault.com/pulse/60379278fbce7ab73ca18941

greenfieldsde.duckdns.org
j8.andnolikeandtoo.ru

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html (# Win.Trojan.Remcos-9835338-1)

ghdyuienah123.freedynamicdns.org
ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop.ydns.eu
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu
hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap.ydns.eu
hsyuwbvxczbansmloiujdhsbnbcgywqauaghxvz.ydns.eu
mtspsmjeli.sch.id
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu

# Reference: https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html (# Win.Trojan.Remcos-9835542-0)

cwzxas.ddns.net
rem1.camdvr.org

# Reference: https://www.virustotal.com/gui/file/076943b4bde772d9f6c5239dae006557e6ea21a6c72307a98475a422b75b618a/detection

193.161.193.99:50915
artemlok134-50915.portmap.io

# Reference: https://otx.alienvault.com/pulse/6047646f1a9d70bd963228bb

asnrg84tr15e.ddns.net
vpsnnog.ddns.net
kazeni.ru

# Reference: https://www.virustotal.com/gui/file/425125474825c83c556ddb9686d06c0fe3bed8fd1a6a7058b60a26189aec81ca/detection

46.21.147.203:5850
fasdf324v4355642dfssbzsdfv23vasvf12.xyz
w8s.graviimaster.ru

# Reference: https://tria.ge/210315-t7r5mz9tv2

37.48.89.8:4783

# Reference: https://www.virustotal.com/gui/file/1cf604ac116b7d480da4fff508c4ef036ab842df708c8ce0b8e81e4b6f37efd8/detection

79.134.225.46:2405
ogidikasi.hopto.org

# Reference: https://www.virustotal.com/gui/file/84cf1bbee36c2424d48072b0f3cc8083ab37e04b93e72d455f9d545ea3a72c4f/detection

23.83.132.179:1414
bu250653.hopto.org

# Reference: https://www.virustotal.com/gui/file/c38b0ffb44c8586dff8c8ec3546b3bfd332c4e84f9b636fceb322522fe2ed409/detection

164.68.122.235:7775

# Reference: https://www.virustotal.com/gui/file/5e0fe09b76750751f25ee170f4e3f5d3de441614a887316e3a62334d859b769c/detection

176.111.174.72:3139

# Reference: https://www.virustotal.com/gui/file/38e003f280936ad6c0cacd7a57e6864de55b11058f5c0d45f8b3e42313bfdf84/detection

5.172.199.55:3513
dfxczaqwvcutbnmewxvfqwercfgrwzxcdcdfvgws.ydns.eu

# Reference: https://www.virustotal.com/gui/file/ef91414c679b45b0100bac70a53d65eac5c0b280feffe3350c803d215bb7607a/detection
# Reference: https://www.virustotal.com/gui/file/17c742f29afb5c4352f3fb0079fbb0b2d72da1e65cfc59695f9a7259088b4615/detection
# Reference: https://www.virustotal.com/gui/file/d34d907900597c60df794fea4bc35e8ecafe3359f8cc8ef32742ba4e0747afbc/detection

185.140.53.133:4344
23.105.131.132:4344
79.134.225.73:4344
ongod4life.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f0cb02c449739d35bc024bd78983126dbba1b3c78f566184177f8e0206f1b60/detection

159.89.86.174:4810
oberenwa.ddns.net

# Reference: https://www.virustotal.com/gui/file/5adf963b1c92ba79a5003d87943b4cb6c8a72fb9db63d8922c43f6631ad27995/detection

46.243.239.31:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/1b49da172b79de32c6df4e87385e57c0e3768b0b227b84cc38cd746b05200720/detection

172.94.24.120:2177
172.94.110.79:2177
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu

# Reference: https://www.virustotal.com/gui/file/13bde9ef7157ee47c6906c69e6fe0d810b04ce60b8b4f2e74743da33e526dbf2/detection

37.230.130.89:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/631c6d3b1c526c8bb366cc72b009da37ec83994c72b210b0132650fef93c147c/detection

sfghfsfjskdjkdfbvndcnfjskaklwrrfw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/f4385738ec4059ccdb1cdc3d0027ea44d002dbbbaebcb300ec8591bc9397e184/detection

104.247.222.46:2404
agdyieyrtghbncmloawghdvbxcvztyijgrtwqbcs.ydns.eu

# Reference: https://www.virustotal.com/gui/file/5a5e322d26a9565ef099e9c62ded4b7430e13cb13303bb97000d720e023f30a2/detection

172.94.16.38:2486
wywtrwbnmhtytrebsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/0905d7304968596830e1a0fc7bdec0954a625fadce64a784b45f8905de7f022e/detection

moep123.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/f1f8906bdbdffe1be2f02db42adeb93dc23bac4dbaba91904fce2d3810223c5d/detection

irukdns.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d1c41d983e4fd40ab80cc8b393d39bb8290836c2793075b9c8fb41f0ce44238d/detection

niftywar2.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/c9f0e613181a2a984e46341992a601596462e80aa9bdee144b27fa2c76b04b74/detection

bc3.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/178d7aba3b04fb8ae4cd50e7e3f8da86565b93f724e2d38acbf9789411e79395/detection

79.134.225.84:6767
steve200.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/eb7b058c625b1306c70d8a76546af054bd769347ca067f5db5e1b0b1c7306298/detection

185.158.115.38:5000

# Reference: https://www.virustotal.com/gui/file/4922d66a76f44ddb8fef492d8ba36d40c57c9e6fd40e1df87a0c9ca135b76da7/detection

185.158.115.38:5001

# Reference: https://www.virustotal.com/gui/file/b250bb73821f32afff2287989bbb61b5470efdc3d14fa1006bea3602da8b3328/detection

185.158.115.38:5002

# Reference: https://www.joesandbox.com/analysis/373731/0/html

185.158.115.38:5004

# Reference: https://otx.alienvault.com/pulse/605c7c79a457812f750a15cc

0e19yo.grinchim.ru
5sis5z2.grinchim.ru
d.kaunieni.ru
hz.tudara.ru
rgc1.grinchim.ru
ynoil.asubeshi.ru

# Reference: https://www.virustotal.com/gui/file/e5ed9e5b1976279f51d9c47d275ad01143b62e23c83692981c74c367a34e0b25/detection
# Reference: https://www.virustotal.com/gui/file/e058733307afcc2954f7ae1e98d25d6778dee869fdd92355b0117a783648a690/detection

185.140.53.7:2012
185.140.53.7:7171
greatful111.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1efb13491a849b91ae8ddea21fe86f42b725c3f89bd5d4abf57adbaf03c7fee/detection

193.161.193.99:24405
actcoolbro-24405.portmap.host

# Reference: https://app.any.run/tasks/8ec193ba-d31d-4aa6-a3da-aec198ece841/

52.14.18.129:11797

# Reference: https://www.virustotal.com/gui/file/25b789678cb803bcb9ce9f1b7a375846812a83c89d9d4ff8abe1b90a8aa54a47/detection

45.15.143.140:5200
creeping123.ddns.net

# Reference: https://www.virustotal.com/gui/file/85adbdc2d0f35bf0a922251edd55f4a44d6aee52f2945eb71177a73a88a86fef/detection

demco.hopto.org

# Reference: https://twitter.com/Racco42/status/1380048908391448585
# Reference: https://app.any.run/tasks/05c3497d-fee9-4a3c-98ea-0a6dd6d048c0/

79.134.225.118:2405
osisego.ddns.net

# Reference: https://www.virustotal.com/gui/file/9fad68bbaba3bcd69e3b8100eb5c035ea2caf59e0f9115e36667a62b2dce84bb/detection

194.5.97.173:10001
remcosagent.com
1.remcosagent.com

# Reference: https://www.virustotal.com/gui/file/60716f52814e9b88c1c69b16058ed783a6ca59b125b34c7f0af0e87a8e05c546/detection
# Reference: https://www.virustotal.com/gui/file/a52615bd2b0c2fd4d1070030206c07fee192d00b7c307b4bf9babcc53dd38bd4/detection
# Reference: https://www.virustotal.com/gui/file/1bd08a5a9fa260ba34749b97d3a31d9de432f7fe74abc51ddbc7cdeab16ecbd4/detection

194.5.97.173:10004
23.105.131.188:10004
45.90.222.101:10004
1.ispnano.dns-cloud.net

# Reference: https://www.virustotal.com/gui/file/40ce7df3b4b481626b5082a1516631b05530819fb9ba434028103474ad959ab0/detection

185.140.53.9:8905
zubby2468.hopto.org

# Reference: https://otx.alienvault.com/pulse/60855af69ecf01b490310da4

brainy-example.auto.playit.gg
pleasant-ant.auto.playit.gg
tasty-comfort.auto.playit.gg
johanvargas97832.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40043c77c684191274bbf6d72c932ffb34f55b09033f631fdf9abe106349d637/detection

poiarmex247.ddns.net

# Reference: https://www.virustotal.com/gui/file/3253409d3bc8d987a390ca661d46c81e7f4b98636867d1b323de10e3f0e54784/detection
# Reference: https://www.virustotal.com/gui/file/936f3a9ae7a98440c6a63c0efcd91c145dbbc665773c69c7404c56de2495db9e/detection
# Reference: https://www.virustotal.com/gui/file/841c9a9df354e8e904f06a41a3ad5a9fc63213bd0070f9cf2b3f1ed07f036abc/detection

194.5.99.25:9950
197.210.29.184:9950
91.192.100.4:9950
kzi.ddns.net

# Reference: https://www.virustotal.com/gui/file/6d9f887bef0ec963729f0484a302b846d0cb024cf861d16f99f0ea21d02614a7/detection

108.170.13.104:1144
jaxfriend.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7364b6f75f48db8f3a34910e562dc12ad06b1dbed250606383b86d7e1b083293/detection

191.101.22.150:1313
204.11.56.48:1300
youtube.proxy8080.com

# Reference: https://www.virustotal.com/gui/file/a8284b3545fbef308d3c11d3d1d4547521a662e521363f32519a71279946839a/detection

drkao2.publicvm.com

# Reference: https://www.virustotal.com/gui/file/6e889790fc403f49ed9e7537fbf1573d7d835c66a8937c134b1e2d2f58b2d70d/detection
# Reference: https://www.virustotal.com/gui/file/4c9428c3afaec204fde3cd2ae46cc7f4db5501c28dc52ea2d72b64e5f063d1d0/detection
# Reference: https://www.virustotal.com/gui/file/4b3b08c356b54f95bca518bd5c12ec1ec0cd32fbfac860f5a1a1a8e36da66c26/detection
# Reference: https://www.virustotal.com/gui/file/9293ff8bf51a6345a7bf3600fa9a8734b2184ac9c68ec534e382197bcfee2755/detection

107.173.140.145:500
41.102.107.65:500
41.102.126.56:500
41.102.222.13:500
41.103.179.251:100
jessads14.publicvm.com

# Reference: https://www.virustotal.com/gui/file/9af05c1cb783bb50a2f280fd22bdc4a8b5160488afc7093a383e6e60cac4d90e/detection
# Reference: https://www.virustotal.com/gui/file/bbceef2cd8724fc87db474357e3e08d064ae4211ec9d7bc8367720794c867bd6/detection

79.134.225.50:83
nassiru1166.webhop.me
weloveplayinggames.servegame.com

# Reference: https://www.virustotal.com/gui/file/6b0eea8aa1f1b8232bb5be47b581d06030fd457a3e92654f949ca8dd474b4bae/detection

194.5.97.16:3866
blessmegod.ddns.net

# Reference: https://www.virustotal.com/gui/file/57c784d345d5da29536127681d5831917418835f23021ba2797a36c2d970ed22/detection

185.202.175.208:54604
salonirang.duckdns.org

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html (# Win.Dropper.Remcos-9855176-0)

urchamadi.ddns.net

# Reference: https://www.virustotal.com/gui/file/b80bd7a65be99417565de85e074fca3ee71c3d065bdfbce60bd38772883d1c8f/detection
# Reference: https://www.virustotal.com/gui/file/bbf876e3bcfddf50eb4eeb30a318061f8f882cc37f9a3ac0ebca8fde5ac7c8b5/detection

172.111.192.30:5100
172.111.192.30:5101
tangaza.ddns.net

# Reference: https://www.virustotal.com/gui/file/fa42adf2a52de72f3332a57e26d420aa900d4e37cb074defc96b0fb2e91cc8bb/detection

193.176.87.173:5556
sfilm.ddns.net

# Reference: https://www.virustotal.com/gui/file/56fe55a19838b565147a2cb69b67c400d82dcfe628e7945094a85b0ca433cdbd/detection

5.133.11.56:1843
link2.hopto.org

# Reference: https://www.virustotal.com/gui/file/526a55fde827d3e610e4e63553f3aa104debba5c7ab27c209b2c3135a58e0b6e/detection

194.5.98.168:1181
wassimaldo.hopto.org

# Reference: https://www.virustotal.com/gui/file/96e975e9e509e40c6b069f4fe4ef338ddaa76472a30e3115374d5ae3b25c7616/detection

45.137.22.107:5888

# Reference: https://www.virustotal.com/gui/file/4c6f0e6133b1b9d709c39c94d3e51facc2f840c550fbf900ceb2cd2d67d8d0c3/detection
# Reference: https://www.virustotal.com/gui/file/af4c8495dd4f20c61cd4e12e3eba996da63965245c781a06cfb03cc2a6ecf4b9/detection

185.244.30.118:7255
192.169.69.25:7255
money4life.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d/detection

23.105.131.201:2021
igatyou.mywire.org

# Reference: https://www.virustotal.com/gui/file/25e031c016e316abfdc7fcd4125a0f1e018864369d56b55429aaca841e2b4e49/detection
# Reference: https://www.virustotal.com/gui/file/77f3963993f7fd03fa8722eddb591e2dd348eaea7f9f04cca095f1cd13ae52d0/detection
# Reference: https://www.virustotal.com/gui/file/576148808d739c615fe9d015588bd767467a504d0272abfb4c7475ab758e9177/detection
# Reference: https://www.virustotal.com/gui/file/1fdbad9bf3d6647702d79ea8d13de188be6c9c290c7b0349a476f218d3f10428/detection

185.140.53.19:5149
185.244.30.87:5149
194.5.98.58:5149
45.156.31.56:5149
noapology.myq-see.com

# Reference: https://www.virustotal.com/gui/file/a17bc1d444f1da0570f4a2eb986b582b13603e8d48c5ff285bc30640e4fed9b8/detection

79.134.225.18:5749
zabdy.myq-see.com

# Reference: https://www.virustotal.com/gui/file/d32d689d49f6978dfb2855d35e42a4fecfb34dce218d6b87ef2752d7a501fddd/detection

89.160.26.37:8811

# Reference: https://www.virustotal.com/gui/file/8d2bdeec509458f3b1734e4f63bc29c679ea66214e42fabc5b4f83453a96bc56/detection

181.141.13.58:1717
gabriel64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2e81ce0a08b7e6ad6210b1068d6583628d8ebb11d93ce4f1b424fede249a39df/detection

45.144.225.94:4145
brownfilleds.duckdns.org
ghytrty.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c841bc4893813d54a5b6d044bafa4d50bc508a8d0ff0eafa1f395cd1db98ee6e/detection

45.144.225.94:6553
aaeeerbbbeee.duckdns.org
fieldsdegreenf.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60a80e420ee6b40903ac9f67
# Reference: https://www.virustotal.com/gui/file/70a7510210a1e2316407273b03185c5bdf293f37f25d74e72e9efcfbe3730205/detection
# Reference: https://www.virustotal.com/gui/file/ac72c88ac869b33d667fe46ba26647c6faba1629ccd9f4d4b9dc7bbbb05755aa/detection
# Reference: https://www.virustotal.com/gui/file/d8a77ade2160a14931640aa5117db27d70755cb53465a036e03770216d661b90/detection
# Reference: https://www.virustotal.com/gui/file/e0bd17f8c8cc6a994c6b22b21a781d3c52c42e0b5bf5fa39aef843254baab035/detection
# Reference: https://www.virustotal.com/gui/file/7513d01b0a6429c8fa0313ad11d546ecbd7d4ac4ae4c660901bfe113b641c266/detection
# Reference: https://www.virustotal.com/gui/file/73525db851cd3b329df6fc009e0a478f21655947188fccfb0b0f56558a9b56f5/detection
# Reference: https://www.virustotal.com/gui/file/bc2de67edc62f73bc31759317d846a3e3fdc9a74624b52cc51ddbe1008c01a91/detection
# Reference: https://www.virustotal.com/gui/file/219d8dc53843abf0fca983501c395c9dd5a188de9bfd2a4077112f357154b5c8/detection

37.1.206.16:5656
37.1.206.16:5757
37.1.206.16:6161
37.1.206.16:7071
37.1.206.16:7272
37.1.206.16:7474
37.1.206.16:7575
37.1.206.16:7676

# Reference: https://www.virustotal.com/gui/file/9df7d15ccf6f6fa896936b3a1547aa0a862ebc735551cbcd41aa7813efd9a585/detection

142.44.161.51:2065
91.193.75.136:2065
kingmethod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9c873107151e9c3ef157e81665f402ebeaea2c73638e6d2d66c4ccaf549b6d8c/detection

147.124.219.204:3303

# Reference: https://www.virustotal.com/gui/file/649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418/detection

31.214.157.40:1312

# Reference: https://otx.alienvault.com/pulse/60b773ef50d74a062977cfbe
# Reference: https://www.virustotal.com/gui/file/a52ef1b90c14bc6cb890c0c7710e3988310fdfe3a0b29887d39bdab8b6f521fb/detection
# Reference: https://www.virustotal.com/gui/file/0bb724b323436b461068d01ef83c6f06e322a8f6543f6f3c752f864ebd651f09/detection
# Reference: https://www.virustotal.com/gui/file/15f2c8def8807cb5391448f40e71f5871f75195dbb46bc0dfbad7c5978212550/detection
# Reference: https://www.virustotal.com/gui/file/9f110e4425fb423e422fae6f90e17f6c3420fb5a94da388204017780c952fc42/detection
# Reference: https://www.virustotal.com/gui/file/424e0801ba42dbae1f4b2e9669c8a628168ceaff00dfe9ef1417093477bea9ac/detection

116.203.140.78:2404
162.246.186.170:8199
177.255.91.0:8199
arangojuancarlos45.duckdns.org
mexch.ddnsking.com

# Reference: https://twitter.com/_CPResearch_/status/1400467814117478404

hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/8e8e7ed17c0cc7d20256d8ca0b3288e8c0d9499ec097fb8ebfa9a20c8fcecca1/detection

105.112.38.206:1181
oxbornl211.hopto.org

# Reference: https://twitter.com/phage_nz/status/1404992038030897163
# Reference: https://tria.ge/210616-1sgjg7wrga/

79.134.225.106:2050
collectionsdpt.me
eter101.dvrlists.com

# Reference: https://tria.ge/210615-dswhaekpxn

194.5.98.147:12489
killedifabused1.xyz
top.killedifabused1.xyz

# Reference: https://twitter.com/Circuitous__/status/1407099611030900737
# Reference: https://app.any.run/tasks/20920674-4a35-45bb-a113-9831bce57e28/

185.19.85.134:6666

# Reference: https://twitter.com/petrovic082/status/1407102524478431233
# Reference: https://app.any.run/tasks/995d8193-ec44-468d-b25d-dcfd8d528218/

192.3.146.165:3543

# Reference: https://www.virustotal.com/gui/file/f709da4edb2f6bfbac3267a9b28e58191fd2d47e14efd09819b900670828dbf5/detection

191.88.249.118:9803
dominoduck2116.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1408502242320302086

alonso.luda.ydns.eu

# Reference: https://twitter.com/pmmkowalczyk/status/1412756604362149895
# Reference: https://www.virustotal.com/gui/file/dc06bb2257a6c4b556fb02ea5741c4cf6ddbe47a08d3308f7dd87b5ac23baed7/detection

194.5.98.195:2098
mrplayplay009.ddns.net
mypayday0091.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8578bda62e4c8d883e6a75a13cefa9c465a860f05f1f0c54d95314b44d7e01da/detection
# Reference: https://www.virustotal.com/gui/file/f18df8366f69c337b373482151cf5732c7155b55b88db0f78fdc511ab4992f5f/detection

185.244.29.132:2130
185.244.30.4:2130
194.5.97.26:2130
23.105.131.132:2130
91.193.75.131:2130
cashoutooooh.ddns.net

# Reference: https://www.virustotal.com/gui/file/5c519e625e4132e5806da10504cda9e2fc92dad8d27edb7109ad036965ef4200/detection

181.141.3.23:1616
madryurs22.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d380178c93ba5b323f915df1d3f0ab7953630bdd502b699093874cae4b581d40/detection

191.88.249.118:9804
dominoduck2117.duckdns.org

# Reference: https://blog.malwarebytes.com/threat-analysis/2021/07/remcos-rat-delivered-via-visual-basic/

185.19.85.168:8888
randyphoenix.hopto.org
tippet.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60fd537344fd67bcd96f659f
# Reference: https://www.virustotal.com/gui/file/384ac24ef5f4566364596166c5c90b3cc17b4d55679ee359439d395e51015e54/detection

45.155.173.48:30755
xcrew1991.kozow.com

# Reference: https://otx.alienvault.com/pulse/61029970bf4dd605cb62ec4d

duck50501.hopto.org
fosterpapi.dvrlists.com
plantaincutter1809.ddns.net

# Reference: https://www.virustotal.com/gui/file/0b95c91f6e73b5c87727bba93de2f435e6695ad884b9faa932df5cb3357e0d47/detection
# Reference: https://www.virustotal.com/gui/file/33b1629dc01123f78d568c7638f33ca6619834daad9866f666c00062920b13da/detection
# Reference: https://www.virustotal.com/gui/file/a9fdfe935ff4adda29a2302a61368d2168f534b18a790a48b2bb00212ce65656/detection

141.98.102.243:41078
185.189.112.27:8618
213.152.187.215:41078
twistednerd.dvrlists.com

# Reference: https://twitter.com/petrovic082/status/1422131119542185987

ibotool.com/Kuhfcgvxvdmngzrvwucoqaisbrmnaqvahk.exe

# Reference: https://www.virustotal.com/gui/file/f77ee1da37991ac453867f3ec63c1e0d18f139d6585c5158fc92b78aa4f07b02/detection

79.134.225.95:6060
kashbilly2.ddns.net

# Reference: https://www.virustotal.com/gui/file/239d05f508f2055daa1e4bf62f465f3ccbe7104fcb3c98504630d40d37466e02/detection

79.134.225.95:5050
kashbilly.ddns.net

# Reference: https://www.virustotal.com/gui/file/44e5e569ffc3aaafaa238edb4371abdeb03f449f64b230b6deccb19c2ea56a46/detection

45.137.22.101:5888

# Reference: https://www.virustotal.com/gui/file/e7f428e6ab2a008daad896a354a1544d76993b88587b9ac77cb52df09ee7364a/detection

45.137.22.101:8787

# Reference: https://www.virustotal.com/gui/file/a10a6b45a930f2de06af77ac304a249af70978bb3346bc1bd64ca556d0856bb8/detection

194.5.97.183:8888

# Reference: https://www.virustotal.com/gui/file/28195c5efb0785a7e261e8ea1a3d76ecac4c1639e7df6d9b9309e436437547b8/detection
# Reference: https://www.virustotal.com/gui/file/84638535fc6db5df3d5029b7417810c3d70fa83c6f9a380df0066db5f5955c51/detection
# Reference: https://www.virustotal.com/gui/file/1c33eed32ee64e2abbc1b66486b46f93b5ca61d42e384d3dd49810c73f48147f/detection

185.19.85.133:8231
185.19.85.133:7735
79.134.225.76:8898
typejimbo.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6a3c1c7df2e3310ec079de07f3b5a6d2d1fe95a607ab15405f92a43d26e97cd/detection

135.181.17.47:4783

# Reference: https://twitter.com/Racco42/status/1422922614348165122

194.5.98.7:3759
june248.ddns.net

# Reference: https://www.virustotal.com/gui/file/274f593f9355f88c70b5cfa1514c7f450761e26d2b8cda5c2a5055173be937ac/detection

194.29.101.219:42022

# Reference: https://www.virustotal.com/gui/file/2171810fe0b26c614280e7d94577eb1ffb589b5e0a053b46f014d813fca4baca/detection
# Reference: https://www.virustotal.com/gui/file/7026331983c26573b4f9c17b3aa3f83c6f80256eabe5cdb812499d6c13831286/detection

79.134.225.109:4202
79.134.225.109:6005
damuztech.com

# Reference: https://www.virustotal.com/gui/file/d8fa4fc5f326fb18e73af1a0fff52453eb7244ae53d8e236579fe43e8c11fa2a/detection

51.68.170.39:5551
dd90.phatbois.biz

# Reference: https://www.virustotal.com/gui/file/734d4eb7d217d43cf71f0ab2cb9a9866da75ae3fae5368a94ab74ad32b2e2f87/detection

cicada3310.phatbois.biz

# Reference: https://www.virustotal.com/gui/file/b888c007a3c361a462f736cb14ad487a96d4a0b09b4d7ffce2cb47546810e22f/detection

181.57.221.10:4850 
54.72.130.67:4850
infomevi.100chickens.biz
mundoinc.phatbois.biz
publicidad.100chickens.me
sexyhost.madinson.club
thastk.grupoexito18.online

# Reference: https://www.virustotal.com/gui/file/44db2df3f3bb2525bc7d36ea6d15cc0f457791c4b9d957f6835ce6facbecfffb/detection

79.134.225.109:1759
defias3343.ddns.net

# Reference: https://www.virustotal.com/gui/file/0d2b945884ac6edf81b42d5d74fbaacc95453d05cb4497b70555067cc16834aa/detection

185.140.53.8:6397
ventasmayorista.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1435499213845147648
# Reference: https://tria.ge/210908-g6n7mshbap

204.44.86.179:49151
123qwegus.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1438728921944666113
# Reference: https://www.virustotal.com/gui/file/c865520d5f85982cd38ed5cb6ced866e69b8b133bedf008f2237ca6b7024de6f/detection

204.44.86.179:49151
123qwegus.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1c4626b824597dd40d841d91258029fb26f4075ebd6c4437a209c53426ff4d7/detection

195.133.40.125:2404
nan.ydns.eu

# Reference: https://www.virustotal.com/gui/file/18e7778ca7011e78b0c8bcf8e4c72d7c7ee26bbe4ea30d4003c799cb5740fa40/detection
# Reference: https://www.virustotal.com/gui/file/2a51f81fe3b66e5d065e15fccc4c0e767a01ceafcee23d8ab66c04c48b9bc8f9/detection

185.140.53.130:6642
185.244.30.19:6642
manneedmoney.ddns.net

# Reference: https://twitter.com/peterkruse/status/1440593007376416774

sonofgrace.ddns.net

# Reference: https://twitter.com/Racco42/status/1446163693507579916
# Reference: https://tria.ge/210907-lwm9taccf3

212.192.246.191:2310
Officialsw.chickenkiller.com
hurricane.ydns.eu
official.ydns.eu

# Reference: https://www.virustotal.com/gui/file/be6a62531303bf8b02db40d9e0215cab0bce1f27e8468384656df2d765353f25/detection

194.5.97.16:4479
wealthgod456.ddns.net

# Reference: https://www.virustotal.com/gui/file/f0cb4cbb5ee6badf310de6b82b7d5b469e2d5126bc417dc0791f74f502e70c92/detection
# Reference: https://www.virustotal.com/gui/file/b60594a558a504fe8cfdb49b563ba69a4b055a5a3bbd30d108f39865becf53d6/detection

103.1.184.108:3365
103.1.184.108:46594
45.61.49.107:46594
ndu.testfood.ml

# Reference: https://www.virustotal.com/gui/file/c9fad97fbc7d306ae0a8b6ba457d295786934e6580b279e40ab2ca7ad5bd818c/detection

194.147.140.17:6041
mirroronthewall.hopto.org

# Reference: https://www.virustotal.com/gui/file/5a9a65eda5013bb8b73ac76236ce34bef1e5f3a78efb328abeb452c131b93fc1/detection

markaug.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f9a0a3e221a74f1829eb643c472c3cc81ddf2dc0bed6eb2795b4f5c0d444bc9/detection

185.244.26.201:2405
mychi.hopto.org

# Reference: https://blog.talosintelligence.com/2021/08/threat-roundup-0813-0820.html (# Win.Dropper.Remcos-9885489-0)

freelife.hopto.org
freelife1.hopto.org
freelife2.hopto.org
freelife01.hopto.org
freelife3.hopto.org
freelife4.hopto.org
freelife5.hopto.org
pentester01.duckdns.org
sinzu1.camdvr.org
thankyoulord4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/2435ea27d49ac33d5edffc4cffdc9a91bfaa21fcffc9e695ba13ff4158a5c502/detection

mmiri1.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a1308e82ca707444939e3c946b0830859ff63b08c0fa3a5c37e8c5481c71fb9/detection

37.0.11.231:6932
kingsley1124.bounceme.net

# Reference: https://www.virustotal.com/gui/file/5bf0ade6b571ef4341d48d1e795daebce85d24969ca082e9a7b0d45c863bc787/detection

185.19.85.139:24007
cfo11.camdvr.org
cfo11.dynu.net
gpaul9178.ddns.net
gpaul9178.hopto.org

# Reference: https://www.virustotal.com/gui/file/7ca71e9c5e42d6cf04d0d14011e6c94147628d4bbbe758c241a8d7279cf59bd3/detection
# Reference: https://www.virustotal.com/gui/file/fa66310d09441ef074ebec4df91a8210a710a44c5ddb7d7040a1aabce1679f59/detection
# Reference: https://www.virustotal.com/gui/file/8bec6a9b8df3b417e9e9857a7989722b7aadd5db806ee428e3b772185605a9dd/detection

104.243.251.163:1707
172.94.103.58:1707
45.74.35.194:1707
45.74.35.61:1707
mrbigs.hopto.org

# Reference: https://twitter.com/pr0xylife/status/1468228012269355015
# Reference: https://www.virustotal.com/gui/file/1814342a47e6ea264ef34d80e36d9363a83d4a2d09a6eaf8fb2759f59697dd74/detection
# Reference: https://www.virustotal.com/gui/file/ef6a74a99e6f3945eda8bd082a0adbcc2df584aff03838ed1b5face974a4a6b7/detection
# Reference: https://www.virustotal.com/gui/file/60532512eccc2ead7f39fa3eed5d22e10375f1a3177ddf3bcdc1db06740146b9/detection

185.157.161.174:1975
185.157.161.174:53030
185.157.161.174:9090
hotmarzz.eu

# Reference: https://otx.alienvault.com/pulse/61b4940461d3f7f1b900cf62
# Reference: https://www.virustotal.com/gui/file/791f5d4b43f59f51f06c67ae979f371c15d302125d2211528e9b7c2926e1b431/detection

178.238.8.177:32095
kent0mushinec0n3t.casacam.net

# Reference: https://twitter.com/pr0xylife/status/1447556826451611649
# Reference: https://www.virustotal.com/gui/file/bf6251175fb2a5ae101238d7dc36f284235d68d64384a65c385956b183985a70/detection

184.75.221.171:5119
185.103.96.143:5119
185.104.184.43:5119
199.249.230.27:5119
213.152.162.181:5119

# Reference: https://www.virustotal.com/gui/file/39539756528b3c4add76725c5b686460fb936cc890a76f60603e81a78219a0ec/detection

scream.ddns.net

# Reference: https://www.virustotal.com/gui/file/7e9b81278965632f7c3dca8877fc074fb8747cce3468ffdb5cc5bfe056c9336b/detection

http://194.85.248.219
216.250.97.121:1025
divinecryn2021.nerdpol.ovh
/token_gn65gy.txt

# Reference: https://otx.alienvault.com/pulse/61d1950b8eab0b4e59ac29a7
# Reference: https://www.virustotal.com/gui/file/dd05f19aebc70bca6d6acd3f4018a8b7da6fdca6b6fe88d76e633ec228080a1d/detection
# Reference: https://www.virustotal.com/gui/file/bc4fa81780292b761443a2d5aeb14975fe3f5b713310e5e38867b5e2741cb044/detection
# Reference: https://www.virustotal.com/gui/file/53e5013bf8fb9f6958aceefd4a542f15a25c02d185d1a0964068e88ed3853bfc/detection

152.89.162.59:2404
193.161.193.99:24403
20.106.94.110:2404
20.110.185.77:2404
dynasty1.ddns.net
dynasty2.ddns.net
dynasty3.ddns.net
gene.ddnsgeek.com
generem.hopto.org
generem1.hopto.org
henderson.camdvr.org
henderson1.camdvr.org
hendersonk.hopto.org
hendersonk1.hopto.org
xotic69-24403.portmap.host

https://otx.alienvault.com/pulse/61d0437832aa76dcc2167235
# Reference: https://www.virustotal.com/gui/file/5ea1922e49e15289a0cf38d03742ca50da001d40df0dd0df8ff745453b1fd51d/detection
# Reference: https://www.virustotal.com/gui/file/99dd413a8dd8cabbc22b5ddf6c1bc057a1bb2957ea7e9b952a68f198f2d06e99/detection
# Reference: https://www.virustotal.com/gui/file/edbb7af2f834817e6abc370701371e360567fd46d4a63a23f138212432a2d401/detection

176.186.212.241:2404
199.195.253.181:48656
2.56.56.2:2404

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html (# Win.Dropper.Remcos-9892963-1)

mgc001.hopto.org
mgc0147.hopto.org
mgc007.ddns.net

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html (# Win.Dropper.Remcos-9894274-0)

obinwa.ddns.net

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/8bd0820c812a195244553470e5ca299bfb863244040852981e2e937bb78dedbf/detection

trapboijiggy.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/80b5832b3cfb5142bfa2d3a34c0c8e5b77ec519aee7d6e0361b750df17057d7c/detection

79.134.225.119:2404

# Reference: https://www.virustotal.com/gui/file/fe47a56654e3bf83e05578c422202548ec194af30edee1338d1a3d1f4c7bb7a1/detection

185.244.29.216:4050

# Reference: https://www.virustotal.com/gui/file/8dcebb614aab265875408dd5226c8b6cfdf5d68caba830744d827fda81529c16/detection

185.140.53.37:1900

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html (# Win.Dropper.Remcos-9903276-0)

hwzpgovt.nsupdate.info
remman1.ddns.net
remman2.ddns.net

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html (# Win.Dropper.Remcos-9903810-0)

fdsfsga.ru
fdsdfgdfgdf.ru
okugbawaha.icu
nickdns123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/86c58706bb8e8602ea034ca99b3835a7d82f10714e270c2c3c0972ce567e0293/detection

103.167.85.148:1012
2.56.57.112:1012
xp18.ddns.net

# Reference: https://www.virustotal.com/gui/file/a6d7f2c76e49ea8e18f7768aeec228514a2e346a843a0a454e799014018acbb7/detection

2.56.57.112:1996
xp19.ddns.net

# Reference: https://otx.alienvault.com/pulse/61d97dfc3437895ce4479b58

lot0s.ddns.net
shiestynerd.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/4d5e431a79433ce5d8a7ace14564c4e645888fd821007c041793e7b3f8deb953/detection

217.131.82.22:35890
emedoo.ddns.net

# Reference: https://www.virustotal.com/gui/file/d9dba72f5ed7e52ea12d6c30826cd468a4285058c8cd6e87af1ec36c6ad24b3a/detection

rattim.ddnsking.com
rempower45.warzonedns.com
securefbi.ddns.net

# Reference: https://blog.talosintelligence.com/2021/11/threat-roundup-1112-1119.html (# Win.Trojan.Remcos-9909797-0)

hdgavzxcniopkjhsvcbnxmnzvqaswyiokdseacbu.ydns.eu
rhbavzcmkopdhunbsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/85648195f2224ec1ad0531e85ae3128ef57d59b408edbfb5a3c817812960429a/detection

79.134.225.77:3457
mateking3888.linkpc.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1481146363496865793
# Reference: https://www.virustotal.com/gui/file/04bb50786dcd75cc530486e6e306d6d9f982d2f0519a7c62c7c544b6fb9967c0/detection

91.193.75.224:2142

# Reference: https://www.virustotal.com/gui/file/a3a67c8e9cea416eac9ff526588d49b8d52e2d69b3e601190e572dfe2c0b3483/detection

13.77.222.211:7828
20.196.222.122:7828
wz303811.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9c0b6dd76212644b551d5b8ea745b3f14f6c92365e767836382a4c8ea54906b/detection

tochmini.mooo.com

# Reference: https://www.virustotal.com/gui/file/d407be0656a3b89dd4d6789df741efceeaaf7b756e10e7be13d2c5efb1dce9e9/detection

doggydoc.mooo.com

# Reference: https://www.virustotal.com/gui/file/856abd55c2d6a761dc2e335ab73e44853653c5a5403034291e8bb463d1b0133e/detection

leavemylinkpls.mooo.com

# Reference: https://twitter.com/petrovic082/status/1483798599238656003
# Reference: https://app.any.run/tasks/138451ce-f933-4045-b8da-4c39a6ac826e/

193.161.193.99:35767
193.161.193.99:36189
193.161.193.99:45369
193.161.193.99:50443
cloverbeats-35767.portmap.io
DarkVader94-36189.portmap.host
lanzopunch-45369.portmap.host
ZeldorisPiety-50433.portmap.host

# Reference: https://twitter.com/petrovic082/status/1484252860879618057
# Reference: https://app.any.run/tasks/ade09391-8ece-4e8b-bfff-bbf554f907e3/

103.231.91.59:39207
saptransmissions.dvrlists.com

# Reference: https://twitter.com/milannshrestga/status/1489299227381727232
# Reference: https://twitter.com/ffforward/status/1489515500363259905
# Reference: https://www.virustotal.com/gui/ip-address/185.212.130.218/relations

avalaunch-app.com
diviprojects.com
pancakeswaps.fund

# Reference: https://twitter.com/milannshrestga/status/1489510860049752067

server-storage-dwl.com

# Reference: https://twitter.com/ffforward/status/1489522013454671876
# Reference: https://tria.ge/220204-kcm92afhcr/behavioral1

157.90.1.54:4783

# Reference: https://twitter.com/dubstard/status/1489527460458811392

sushi-v3.app

# Reference: https://twitter.com/ffforward/status/1491120270866006017
# Reference: https://www.virustotal.com/gui/ip-address/64.42.179.67/relations

nobullshyt1.xyz
nobullshyt2.xyz
sub.nobullshyt2.xyz
top.nobullshyt1.xyz

# Reference: https://www.virustotal.com/gui/file/3de5e117f449ed7422118dd4325d8ed9a75eb928f15d4f66f54d03b491125be2/detection

134.19.179.179:13293
198.12.105.44:48242
198.12.105.44:48243

# Reference: https://twitter.com/reecdeep/status/1491738743723733000

79.134.225.121:1200

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-10%20Remcos%20IOCs

194.5.98.156:10174

# Reference: https://www.virustotal.com/gui/file/843e4aea82147be3450a58c9ccbd518a89b33f1687e2544d3f2c39be4e48e358/detection

167.71.56.116:22494

# Reference: https://www.virustotal.com/gui/file/eaea1ea1cae4ddbf919993f52eb7646b11146769cc3d4965477ab668f3be46f2/detection

206.189.80.59:22380

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Remcos%20IOCs

91.92.120.140:4973
govdouglas.ydns.eu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs

194.5.98.207:691
freightmgmt.duckdns.org

# Reference: https://app.any.run/tasks/d4a9cdfa-6961-4622-aaa9-418c9d4c2c10/

62.102.148.152:8618
twistednerd.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-12%20Remcos%20IOCs

lplazadtemins.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-04%20Remcos%20IOCs

23.105.131.222:2040
moneyrem.cc.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-06%20Remcos%20IOCs

185.19.85.155:119
following.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-15%20Remcos%20IOCs

104.254.90.235:54614

# Reference:https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-16%20Remcos%20RAT%20IOCs

104.254.90.251:54614

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-05%20Remcos%20IOCs

79.134.225.79:10174

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-12%20Remcos%20IOCs

185.19.85.169:2050

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20Remcos%20IOCs

194.5.98.156:47893
gherbo.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%202%20IOCs

191.101.130.129:2050
eter103.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%20IOCs

2.58.47.203:39207
saptransmissions.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f5fd0bf12d34abb670da1d115e7c842932874f366b22d7f7016a1b56847e8562/detection

199.195.253.181:30040
dextority.ddns.net

# Reference: https://tria.ge/220211-n56hvscfb9/static1

69.174.98.123:49505

# Reference: https://www.virustotal.com/gui/file/d39304eea7c64cacd19e7a86a539d248b620e8e3a169a7ced02b6f54fc9c1fdf/detection
# Reference: https://www.virustotal.com/gui/file/c2e2791ef2c1021d84648d57975dc4cb28c1f0be1f8d46859394ef31340eba56/detection
# Reference: https://www.virustotal.com/gui/file/b61bcb861e27356973e4b41c0e430753ad753fcd898c3375422ec38f7a837b69/detection
# Reference: https://www.virustotal.com/gui/file/600b2251ae4efebfc6e8c882a546ec7f6d86ebebe1e359c88793a83dc778fe01/detection
# Reference: https://www.virustotal.com/gui/file/1549aea6b4b91525d4f3b776335e448b9f8080f300150b31e1f6f7bff634f571/detection

159.148.186.15:3927
159.148.186.19:3927
159.148.186.28:3927
159.148.186.32:3927
46.183.220.203:3927
destinyrem.kozow.com

# Reference: https://www.virustotal.com/gui/file/fa9feaa6941e0f79585ebce2bfff5d59b88df8b22a7d0a90d85ad1d6754048ef/detection

142.11.215.106:2404
secured1.hopto.org
secured2.hopto.org
secured3.hopto.org
sumag.hopto.org
sumav1.hopto.org
sumav2.hopto.org

# Reference: https://www.virustotal.com/gui/file/e53122230df3df822e7e4476d12fe580f5b6a18e793b42703e00fb58e9f2547b/detection

u876134.nsupdate.info
u876135.nsupdate.info
u876136.nsupdate.info
u876137.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/01bbb9d854552376059f89a143d487e714665432c104cdaf9b3f79b5262ace65/detection

217.64.149.78:2404
salford1.ddns.net
salford2.ddns.net
salford3.ddns.net

# Reference: https://www.virustotal.com/gui/file/0042c5d32b87ea97030b99df29c04c179d8ec29be9110eeb7246683bea97694b/detection

37.120.138.222:2404
rem1.camdvr.org
rem16.camdvr.org
rem16.hopto.org
rem166.hopto.org
rem1666.hopto.org
remmusic.freeddns.org
sunwap1.ddns.net

# Reference: https://www.virustotal.com/gui/file/280a8b23bac630e32859fccdeb3dd2eb98990ae94de255d97113aadc6150a693/detection

79.134.225.118:2405
ogidi.ddns.net

# Reference: https://www.virustotal.com/gui/file/128de1f0afc928bcbbcd321202a1704aa25db3950cbaff7da96c5ebfe59620c2/detection

194.5.98.11:691
hawman.cc.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/226d0ea20dccb9f0b091d02ccacaec73b537fc9b61157eff759b74d742d48b00/detection

23.105.131.220:3956
edwardjamie.duckdns.org

# Reference: https://www.virustotal.com/gui/file/164a1de7f4395ede6d18bc0f4a597cb5864897c42d9d5245ab6a79ade67050be/detection

185.86.106.246:9090
palmetto22.ddns.net

# Reference: https://www.virustotal.com/gui/file/29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b/detection

23.94.54.231:3050
eter102.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f2b2d82456c636e2198b4f59c5fdec27bb86299e1582c872a1a1d92fed6feddc/detection

194.5.98.213:2405
23.105.131.236:2405
79.134.225.118:2405
79.134.225.95:2405
disabel.hopto.org

# Reference: https://otx.alienvault.com/pulse/620e39f7e76aa32ed2070f90

amlls.servegame.com
chujcidodupy1.ddns.net

# Reference: https://tria.ge/220218-j5f6radbep/behavioral1

193.56.29.242:4783

# Reference: https://isc.sans.edu/diary/28354
# Reference: https://www.virustotal.com/gui/file/d710708424046250ccef3424c9c758d1750e4a7a2b18f49862501a06d3febff5/detection

176.218.11.210:4376
176.218.11.210:5267
185.140.53.67:4376
185.140.53.67:5267
194.5.98.127:4376
194.5.98.127:5267
91.193.75.249:4376
91.193.75.249:5267
notme.linkpc.net

# Reference: http://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html (# Win.Dropper.Remcos-9938935-0)

febbit1.ddns.net
generem2022.hopto.org
private0091113.duckdns.org
xxxanonymous147.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fb1dddc298eb8e049c053ebc2e1585d7338769af53d60a635c296ad47d559dff/detection

2.56.59.252:1338

# Reference: https://www.virustotal.com/gui/file/3a579576db5f3660a4683f356ff06b3820661c656ed0fa81ee449fdfbd7187b5/detection

2.58.149.114:1338

# Reference: https://www.virustotal.com/gui/file/9adada1eea936515bebe468ee4c1bc040d58ef4f1e4cc09e03c569a4d117e47b/detection

40.71.25.32:1337

# Reference: https://github.com/pr0xylife/RemcosRAT/blob/main/RemcosRAT_07.03.2022.txt
# Reference: https://www.virustotal.com/gui/file/44d963269f8d6e5ec5c15354be28c9078f58eea78943d39eb78c6485dea5065d/detection

79.134.225.9:7838
91.193.75.132:7838
boysgoblow.hopto.org

# Reference: https://www.virustotal.com/gui/file/874bbdc6aaa2bd45e2249e5f728e29055b3c83cd4e91c58d31e685a8a8ee1970/detection

31.167.60.221:5552
mjrm2022.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-08%20Remcos_2%20IOCs

79.134.225.48:10174

# Reference: https://www.virustotal.com/gui/file/e72f87a66620c131f1f53fab099f2c8e40ced0a7d314570e5a813e326c43ea64/detection

103.73.64.115:1025
rem2021.nerdpol.ovh

# Reference: https://www.virustotal.com/gui/file/9e4d3c31e6cb0e034025bed1ea265d53c843dfe255129760d907f4718bc79882/detection

185.105.37.136:2404
dofusexploit.sytes.net

# Reference: https://www.virustotal.com/gui/file/a2a55a376e4bcf3772a0311f1063d0398a8f374f95a5ae7d50627fd1185e6f8b/detection

104.215.112.107:2404
hobbyhrs.zapto.org
hobbyhrs1.zapto.org
hobbyhrs2.zapto.org



# Reference: https://www.virustotal.com/gui/file/9395c1e6ca8f59400a742d292ba944d420396fec84d0dcbec9f2e4f0aeff02b0/detection

91.243.44.22:5621

# Reference: https://www.virustotal.com/gui/file/fc91425305ce4217b675c66b6cafa440960bbcc5cbb466d529e1c9b9303cc699/detection

91.243.44.22:5533

# Reference: https://www.virustotal.com/gui/file/e4e72188c2ac639908bc523023366f3b6b9022a800ad399d7c9c66c25264df4c/detection

91.243.44.22:4201

# Reference: https://www.virustotal.com/gui/file/c7abab8ec67577eb3aabc2591c7c284c34fcc1eb0491058220dfe9d4c3c7e9a0/detection

91.243.44.22:3048

# Reference: https://www.virustotal.com/gui/file/c635c1c96ad08183eab3a1515feed9c796c7cbfc0074bc0c5f2bd631ac05403c/detection

91.243.44.22:2954

# Reference: https://www.virustotal.com/gui/file/c41e2f6660e2ac81d7eada76784c03f2a7eeda5abe6a8ccb1dd00013ef1bc5bf/detection

91.243.44.22:2596

# Reference: https://www.virustotal.com/gui/file/b4102aeaa1b388e05f418f6a1d84d972b9079ba8fe68b5eab35359c5abb97d7b/detection

91.243.44.22:3612

# Reference: https://www.virustotal.com/gui/file/b2e4a9f5900fa31bd7daee73fbad3b1e44fa35a75adc768a6f2236d1a8fa400d/detection

91.243.44.22:3628

# Reference: https://www.virustotal.com/gui/file/91715312cd2c862bc26eb9192a03dd061bbfba4f1668030377b99dfb13400a85/detection

91.243.44.22:3785

# Reference: https://www.virustotal.com/gui/file/6c886424408b30c171b78d2b9bfc8b34942a37b4d55f6cc9e89f1697a0c09ebb/detection

91.243.44.22:4128

# Reference: https://www.virustotal.com/gui/file/5634fe55d27efc9de13da86394d7c187d1d3096c79d3e1549daabf9fb4dfc88a/detection

91.243.44.22:4009

# Reference: https://www.virustotal.com/gui/file/5404b2dd7e94c3a0eab6f4712d85651e172d1b984c46bdbbf5aa2ec83c74d9ab/detection

91.243.44.22:4045

# Reference: https://www.virustotal.com/gui/file/53f28e88e0ff9ce047d46ebd3718ceaf4d27e7bb76aa21baef3491a52bff40e9/detection

91.243.44.22:3523

# Reference: https://www.virustotal.com/gui/file/4bca1b86326dc0a328a3d4e65a77dec11d1006351624052e3cb2fe207bfbe74b/detection

91.243.44.22:4041

# Reference: https://www.virustotal.com/gui/file/116b263706dadd499131e81478ab369076fb40f14d0f20d0cbc72045b6971c74/detection

91.243.44.22:3831

# Reference: https://www.virustotal.com/gui/file/006008640cd22a03d8702bfb2a65d2974f5c719e3d05fcd5bf381c12d2537ac7/detection

91.243.44.22:3215
91.243.44.22:3354
91.243.44.22:3521
91.243.44.22:3621
91.243.44.22:3852
91.243.44.22:3921

# Reference: https://twitter.com/James_inthe_box/status/1504843053730738179
# Reference: https://twitter.com/James_inthe_box/status/1504843176846131201
# Reference: https://www.virustotal.com/gui/file/f1a61a31c172f4b21d34d099ecf544609dfc528a981ff8572e7b4c393bef84a8/detection

185.19.85.155:162
breakingsecurity.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/e2be1e3ac94168c1090867610af82e77a9ea318ea5042f4a962f9e7e58044b61/detection

185.19.85.155:50708
alilockincadmin.ddns.net
olashostadmin.ddns.net

# Reference: https://www.virustotal.com/gui/file/fc4b62bf81d0ab27f687255c8e95188e01524b8f7d425b77f244efa0d0c8a9c7/detection

185.19.85.155:1619

# Reference: https://www.virustotal.com/gui/file/c9543baa2ba0d7d8b670213c02ba258041823cf79f558a3c7e4c9ad7923b2bc3/detection

hayhaytv.biz

# Reference: https://www.virustotal.com/gui/file/f400d36892785b2f2bd25e3b8797b8626bd3985dddd3760920ae5c96e3858dfe/detection
# Reference: https://www.virustotal.com/gui/file/a6ccb6bb7e81ed05f95e23d941f491d182ffff03809c8f639149d8a32f2fd3ce/detection

104.215.84.159:2404
harveyautos110.ddns.net

# Reference: https://www.virustotal.com/gui/file/8ec9d95f0e4a49043f69017eefba8f73b29484cbc15bc614510052e834a21a64/detection

81.110.133.241:4782
wallass.ddns.net

# Reference: https://www.virustotal.com/gui/file/e9c4316b6ada458ce1d7cab0cf31449631f33a24a314ea19fd68afd7d92c9e39/detection

212.193.30.96:3535
sungito3.ddns.net

# Reference: https://www.virustotal.com/gui/file/42720ffc4a7f017d0ca760fc2288d462cacb64f11bfad6910519571d631a6f75/detection

194.5.98.46:5050
remcoss12.ddns.net

# Reference: https://www.virustotal.com/gui/file/0741ed5681e40443d25c89040297c1bb4f943b43ff88a8a218b4cd26cfb5c604/detection

157.90.152.72:5202

# Reference: https://twitter.com/malwrhunterteam/status/1509578549535064065
# Reference: https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
# Reference: https://www.virustotal.com/gui/file/f40b0b7ba6036c4d53d9572c1aa00d4014ba40a66eb16abab0d75f48ab8057bd/detection

185.19.85.174:119
freshdirect.dvrlists.com
gotovacoil.com
kingspalmhomes.com
dreamwatchevent.com/wsalptza/
dreamwatchevent.com/zp-user/
fisintegrateds.com/zp-admin/

# Reference: https://www.virustotal.com/gui/file/f31dace8463709ef3916f3e2b51168c06ca78e9df379ce98bd112556e2634d41/detection

79.134.225.76:2311
achimumuazi.hopto.org

# Reference: https://www.virustotal.com/gui/file/08a4e96444eab85c7d841f25fcbce6f9f77cceeed3206bb51e0f82f6b275dad4/detection

212.192.241.50:1010

# Reference: https://www.virustotal.com/gui/file/0605c2c0504437a3e2dff8452001a6b547919525594fa84dd5d713022e8395ba/detection

20.225.154.34:2404
xoftmanrem001.camdvr.org

# Reference: https://www.virustotal.com/gui/file/4ce893ef0bd7abeb769c3c3e57863700f41882befbee770733f0da86e015e7cb/detection

20.110.197.26:2404
flexyval01.hopto.org
flexyval02.hopto.org
flexyval03.hopto.org
flexyval04.hopto.org
flexyval05.hopto.org
flexyval06.hopto.org
flexyval07.hopto.org

# Reference: https://www.virustotal.com/gui/file/56ac1555cc21d3400c4168a52da00cab97bfb205f0b43ab417fbaa85e02def9c/detection

20.106.76.138:7782
pandemic4u.awsmppl.com
pandemic4u0.awsmppl.com
pandemic4u1.nerdpol.ovh
pandemic4u2.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/68a0057f18e9c4b63ba1247db4b21a83cc3a2adebac3dacff282a4577b35dc06/detection

31.210.20.25:2030
davidwongwarzone.zapto.org

# Reference: https://www.virustotal.com/gui/file/a6ccc05556ccbb60a723a57a8a584cc150e2f4819ef7b11c76e947e84dff0e10/detection

104.214.103.50:2404
amalar.camdvr.org
moroga.camdvr.org
stopeet.camdvr.org
stopeet1.camdvr.org
stopeet2.camdvr.org
stopeet3.camdvr.org

# Reference: https://www.virustotal.com/gui/file/f216501f3a4213b738c07cc290e3b5eceb2f35ea410b2ae1b1b188e27ebddc7d/detection

31.210.20.130:2828
vkllaw.com

# Reference: https://www.virustotal.com/gui/file/c96d9d1cd9a19f89a578b97b7f0e7b426f90916239d63c39f0381b02e91c7c50/detection
# Reference: https://www.virustotal.com/gui/file/6daadbef2fe61209a6bb5d9a938c0978890af2ec274064bdec966b71a353765a/detection
# Reference: https://www.virustotal.com/gui/file/251c1a1c793a99db5db99d80d4ffce0ffe63be7316c8da165b7e54b8ad276a7a/detection

203.159.80.136:4981
viabouhm.ratkings.net

# Reference: https://twitter.com/peterkruse/status/1510929891944022017

1harvey205.camdvr.org
1harvey206.casacam.net
1harvey207.accesscam.org
1harveyautos111.hopto.org
1harveyautos112.ddns.net
harvey205.camdvr.org
harvey206.casacam.net
harvey207.accesscam.org
harveyautos110.ddns.net
harveyautos111.hopto.org
harveyautos112.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc3406cfa902a5245fc7fa8bd110f02c236d04d1a80c312ebc43dd208f3a0adb/detection
# Reference: https://www.virustotal.com/gui/file/c4c6dc73fd49a18f2070e68d5de3503961ee5754164b231db5e0cc6f5a799611/detection
# Reference: https://www.virustotal.com/gui/file/3e9ccff518cd3800a268847b9e66cdda1b2ee9d1969607069c3c1e3e9427b9c8/detection

105.112.122.238:8181
88.235.51.237:4923
91.193.75.132:4923
remcoss11.ddns.net

# Reference: https://www.virustotal.com/gui/file/eabe284e5c499c80125043b351693551e84b94276a0bed00345af8613cf3491e/detection

91.193.75.132:1199
recmcozjan22.ddns.net

# Reference: https://www.virustotal.com/gui/file/632dd54f1fc0c1d3fcb5de2710648265fa48ef67c94696e0f81c0ec1049546dd/detection
# Reference: https://www.virustotal.com/gui/file/2666bb71e611ddf80450eedc51f64210ea0cd8a190f84b7384fdc55af6269dac/detection

79.134.225.75:3370
91.193.75.132:2882
richyigboks.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a5d2d4c2feb0080390e1e6b8ebac4487ebbcd14e9bf183415b862112dbbb6369/detection

82.222.99.2:5050
zoonm.ddns.net

# Reference: https://www.virustotal.com/gui/file/a3d08a4bcf30bc1eb141643c55025dd2d03550262e21b04624baf368b18f653e/detection
# Reference: https://www.virustotal.com/gui/file/a3d08a4bcf30bc1eb141643c55025dd2d03550262e21b04624baf368b18f653e/detection

91.193.75.132:45901
menz.ddns.net

# Reference: https://www.virustotal.com/gui/file/87e1f0731c3fda7489b0c2f71261182d4f510a79bca666d6c0379863d5298d8b/detection

91.243.44.85:2404

# Reference: https://www.virustotal.com/gui/file/fdc5cd9307d2298bc150b68203dd71982f4d88de40f838d0eb91ec26569caed4/detection
# Reference: https://www.virustotal.com/gui/file/8ae7581b43a54b58ceb0b9f5b75762d3befdb584008cf734785aa32b71eb8f81/detection

194.5.98.213:1942
mimi44.ddns.net
rbfoods.us

# Reference: https://www.virustotal.com/gui/file/8ae7581b43a54b58ceb0b9f5b75762d3befdb584008cf734785aa32b71eb8f81/detection

194.5.98.213:1987

# Reference: https://www.virustotal.com/gui/file/e6de286b094197f95411d10400f85549dc619254190c6664615cc3ac3c64a8f3/detection

37.120.212.230:2404
xhangzhi.duckdns.org

# Reference: https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing

23.226.128.197:2404

# Reference: https://twitter.com/0xrb/status/1513733548800634888
# Reference: https://www.virustotal.com/gui/file/27836b6948d7ce67236c868845032376044afac9a92214d44f6f73c428ac9098/detection
# Reference: https://www.virustotal.com/gui/file/b3393118d47aee3ea17dcb3051e609275bd3ca9e18341e9de833d11ab09d047e/detection

http://91.243.44.85
91.243.44.85:47823

# Reference: https://twitter.com/0xhido/status/1513801393907417094
# Reference: https://www.virustotal.com/gui/file/b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c/detection
# Reference: https://www.virustotal.com/gui/file/453408c1b42c5747704808c0226169d58c4947c248734bf99514a7ae84a257e3/detection
# Reference: https://www.virustotal.com/gui/file/2b7bed63bef18e380e05de0f668bc534c045d94c02c26fc83ce4ebf57a9a1af8/detection

145.239.253.176:4782
hector.fund

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-12%20Remcos%20IOCs

199.195.253.181:162
hawman.cc.dvrlists.com

# Reference: https://twitter.com/Bank_Security/status/1514493778018643968
# Reference: https://twitter.com/Artilllerie/status/1514591697195442178
# Reference: https://pastebin.com/iYuLKpRS
# Reference: https://www.virustotal.com/gui/file/44c144fb9b610b5927a9553468bb262c5b2b5c5d24a64cc05cfd4b098ec644fa/detection

45.15.16.162:2404
afbd-bad.org
afdb-bad.org
afdb-za.org
ns.atps-proximo.pt

# Reference: https://www.telsy.com/remcos-and-agent-tesla-loaded-into-memory-with-rezer0-loader/Cyber-Report-1-REMCOS-and-Agent-Tesla-loaded-into-memory-with-Rezer0-loader.pdf
# Reference: https://otx.alienvault.com/pulse/614c8b0439d5b0b66f92cbf7

psm-ir.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1517395274532114433
# Reference: https://app.any.run/tasks/83cb500f-a79b-406d-bc4d-6021eb02aff1/

136.144.41.237:6061

# Reference: https://isc.sans.edu/diary/rss/28616
# Reference: https://otx.alienvault.com/pulse/62739c7e3592b057d33aef7a

http://198.12.89.134

# Reference: https://twitter.com/James_inthe_box/status/1524398222352871424

hydrogiene.co.za

# Reference: https://twitter.com/pr0xylife/status/1524412708895997952
# Reference: https://www.virustotal.com/gui/file/2dca59fd8d72332b1040af729fe0904a58f325db9543c787f0706fca0f21bb10/detection

84.38.133.58:3363
treatcode.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-11%20Remcos%202%20IOCs
# Reference: https://www.virustotal.com/gui/file/12f26a0678ead6807a30af5f667c5b08288254c0c5ef1ba5817a3330f4445940/detection

37.0.14.217:2295
pounds22.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/39f270492601de9bc4fe67dc145af5fa3bf115ac214246d495202e3f153670c6/detection

194.5.99.51:8090

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-18%20Remcos_1%20IOCs

94.46.246.63:2404
generem.camdvr.org
generem2023.hopto.org
hobbyhrs6.zapto.org

# Reference: https://www.virustotal.com/gui/file/77c2b80009f8dbe9d42283b32bb93decbe26179a171c233c078c49bd629bef6c/detection

62.197.136.97:2080
skygroupt6.zapto.org

# Reference: https://www.virustotal.com/gui/file/05c8613bd93d233e369ece36d36ac8a92dec5cb31d7b8ba9fafa61ff343c97a7/detection

434864347.com
434864347.casacam.net
434864347.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/4575a46f553ce382b57d50f8c9255f57ffd14777667cb86d537f9d162339aa8f/detection

185.157.162.101:2404
185.244.30.113:2404
tprem.ddnsfree.com
tprem009.hopto.org
tprem4g.ddns.net
tpremm.hopto.org
tprerem2.ddnsfree.com
tpreremb2.ddnsfree.com

# Reference: https://twitter.com/reecdeep/status/1528634853469609985
# Reference: https://www.virustotal.com/gui/file/c4fd685384b5522ed7cd531245667504871064828ea317a1c8cc8ec9e9d9bded/detection
# Reference: https://www.virustotal.com/gui/file/15c47516d1be5ea577ea79aa35d01ca1100fbb40af42e51782b106bf06734fab/detection

185.157.162.137:59085
blackwealth001.duckdns.org

# Reference: https://twitter.com/satontonton/status/1529448532360384513
# Reference: https://tria.ge/220525-p3eg2aeddl

172.94.127.61:5888

# Reference: https://www.virustotal.com/gui/file/ee0e3ef0d4e024fee83ad9744a0c2fda54ea009c099144d7f3f5972b0e3c7c4d/detection

194.5.98.38:1684
anyinew.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-06%20Remcos%20RAT%20IOCs

185.199.224.92:551
remittance5443.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/20f688a5ad9f3a97a06fbe687bc519f77d68dff4e227cd92c2e377d1f91b6456/detection

192.169.69.25:2996
mastermissis.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d66451cba895543944a91ec8f2230f0e7b1f708d38e830a6502472448379e41/detection

okehieugochukwucassperkroosdavid.duckdns.org

# Reference: https://twitter.com/smica83/status/1536263039464382465
# Reference: https://tria.ge/220613-hebynsecbr/behavioral1

176.119.28.51:9492
power22.myftp.org

# Reference: https://www.virustotal.com/gui/file/138d6b7c14089c460dac2f723c91acb6436fdcc1b9dd9f03e711e035d4bd6620/detection

194.31.98.250:2080

# Reference: https://twitter.com/ffforward/status/1537376671489175552
# Reference: https://www.virustotal.com/gui/file/cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9/detection

noneabusers.xyz
top.noneabusers.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1537394567129059328
# Reference: https://www.virustotal.com/gui/file/1051d3690e70e4227a2b0a0aa87367fb09c49c55360c7a1880b2acfba0b77490/detection

213.152.162.154:19833
213.152.186.19:19833
mine4eva.duckdns.org

# Reference: https://www.virustotal.com/gui/file/428931fca8865aa94ecab4da479ece8f2d82171566d62ef2378825f752b9cb40/detection

2.58.149.33:4333
hsgu2.chickenkiller.com

# Reference: https://otx.alienvault.com/pulse/62b3057069c7fe037d5a21fd

centplus.serveftp.com
centplus1.serveftp.com
fresh12.ddns.net
harrywlike.ddns.net
hobbyhrz1.zapto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Remcos%20IOCs

192.3.152.173:2356

# Reference: https://tria.ge/220626-q9te7sbbcq/behavioral1

91.193.75.131:3060
rawman.ddns.net

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos-%2028062022
# Reference: https://tria.ge/220628-ynswjscaam/behavioral1

103.156.90.165:4053
remcosmoney.duckdns.org

# Reference: https://gist.github.com/silence-is-best/7b71542e9713d9e8c2546090a1358789
# Reference: https://www.virustotal.com/gui/file/1f6b2f123b907738cbb9ec1cc074a4a10a8be6a2a0d4f12e528bc1cd361a0627/detection

23.105.131.237:2405
deoneogidi.hopto.org

# Reference: https://www.virustotal.com/gui/file/ce195de0b69a9f6c6e5aca39cc107917fa06e6d283acbeb79de45e6c85c5cb3f/detection

45.133.174.55:2404
mckennadevelopments.co.uk
darwin06.casacam.net
leaflet308.casacam.net
nunez115.accesscam.org
nunez118.camdvr.org
nuvez110.camdvr.org

# Reference: https://www.virustotal.com/gui/file/e0d0304a43fc6323b1d18b22faa263bfb9b7327028a2a1dc27eccd10b6f98f08/detection

91.193.75.191:6677
csolpflow.duckdns.org

# Reference: https://www.virustotal.com/gui/file/01f187b666a8f17996e6446772b67aaef1de9ecbc573d2b043a007a3bedeaca6/detection

172.111.234.100:5888

# Reference: https://www.virustotal.com/gui/file/a32fd5a09b3ce2abffd7943be510cc0b728d123f69ba9298d41478dd7a6c941f/detection

172.111.153.127:3033

# Reference: https://www.virustotal.com/gui/file/e04e4c474ded78364c1f802de5a653e2d495bc1a0ddb78325962778a221970e6/detection

172.94.127.61:5888

# Reference: https://twitter.com/1ZRR4H/status/1543339315756994563
# Reference: https://www.virustotal.com/gui/file/388c0d40658e7617789643be3aab11bb7462d4b212825527e45aa9e1dd2ead75/detection
# Reference: https://www.virustotal.com/gui/file/dea8443217c19368810fd390a6b5da86d6a07c3c37421e037ee40524e370ea31/detection
# Reference: https://www.virustotal.com/gui/file/19b985c2cd4448f9294948b58c3622c4d2118fb860f75cefdd4fccc01ac1a467/detection

80.66.75.88:2807

# Reference: https://www.virustotal.com/gui/file/5115241c4d951b005e4e38ff34fc53121bc9eb8e62805a157e0358623c258732/detection

80.66.75.88:2407

# Reference: https://twitter.com/malwrhunterteam/status/1544050660433399813
# Reference: https://www.virustotal.com/gui/file/452c3bd1e8cdf19bd89704c81540b995e887ba06e13a9cd12c67977feddfdfba/detection

162.55.210.243:2404
162.55.210.243:8000
/Remcos%20v3.5.1%20Pro.exe
/Remcos_Settings.ini
/remcos_a.exe

# Reference: https://www.virustotal.com/gui/file/14fa8b6b9e28da8046340ddd654b6636852dd113aec964b6297add3bcaa5e558/detection

185.140.53.130:2404
servicepro.ddnsfree.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos-%2017072022
# Reference: https://tria.ge/220717-xlxahsefa8/behavioral1

194.5.98.20:2160
kekeze21.ddns.net

# Reference: https://twitter.com/tosscoinwitcher/status/1549081272063889409
# Reference: https://tria.ge/220718-vlxvyabhgq/behavioral1

212.192.246.194:3542
xpremcuz300622.ddns.net

# Reference: https://www.virustotal.com/gui/file/f79d3098bfb090b6aaa390943e247178f3acff7c8214467df000cd3f102a2382/detection

20.230.127.16:2404
3.132.159.158:10880
3.140.223.7:10880
windda.ddns.net
windda1.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b823d785286362e9cbf36967ce34b278638f528d4f4681c4dd080e6b652c371/detection

87.98.236.198:8080
msft.serveftp.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20Remcos%20IOCs
# Reference: https://www.virustotal.com/gui/file/0a327f7ef9cb260159b10942e80d9c378d9fa29727e2d92e4a146b8a2ab0c563/detection

91.193.75.239:10171
topboysully.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f5fcd1c154f0ad8e635cef464f0f28ba6fbabf07f9379aa2a1cfec9ea59a173d/detection
# Reference: https://www.virustotal.com/gui/file/ed6feff2985efc50e550c04b9c0613c2749c039ce985fb386fdb17c56482df2a/detection
# Reference: https://www.virustotal.com/gui/file/d91e4b8a4169b75730e7dbf1ae01f7408e99bf843a36317579e762faba640153/detection
# Reference: https://www.virustotal.com/gui/file/b4b96d09b65bbe3acc31f204b489e55ccf41ae4170d6163a5ddc801153191d5c/detection

37.0.14.195:3840
37.0.14.198:2830
homesforiiiudgf.ddns.net

# Reference: https://www.virustotal.com/gui/file/f5b62ae366411bf1ded6d25e0788eeb4325fa6ddc58ad819488ad2de2dd1f267/detection

37.0.14.198:3655
stronger.ddns.net

# Reference: https://www.virustotal.com/gui/file/e4eee67f649702026eb3287b7d1e77ab44af7204e9770b31b3e17adff3cd923c/detection

37.0.14.195:5074
godslove1.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6759048cbaa66dec4ee4160d2f6d643fe7a38e2887e458f70a4257a5bca55bf/detection

ramalubegroup.ydns.eu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-02%20Remcos%20IOCs

91.192.100.38:2050

# Reference: https://www.virustotal.com/gui/file/3cd2459f1d568d4aaaf422c284892810f7cb60dc69af99adb060f84a1c94ece6/detection
# Reference: https://tria.ge/220805-hvb9dagcg6/behavioral1

194.5.98.53:991
instment.ga
williamsmack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a80d33725dc44720c5bf641ba8adc05c49194bed8f073b4efccaeec17e8d871/detection

179.43.154.139:6121

# Reference: https://www.virustotal.com/gui/file/5910b251032dcd4f32fac230adf2f86a529a2ab45ada09afcea63f23dc300846/detection

45.156.31.217:6121

# Reference: https://www.virustotal.com/gui/file/4b8d5c7a726e4489e3e527b36d433a23a225bbb32a45dca7b2e3f7786e8beb08/detection

91.193.75.131:7446
julygoals.hopto.org

# Reference: https://www.virustotal.com/gui/file/4accc392a8e545d936119e4eb2f97c9e7779e94829cd52f62d945d1714abf6f5/detection
# Reference: https://www.virustotal.com/gui/file/22997c55858e21d73b43b397d371379cc2acd48b657cb6dfc8c2d472045abede/detection

91.193.75.131:3060
bossraw.ddns.net

# Reference: https://www.virustotal.com/gui/file/56b9e1a9f0704305007504a26661905930387fc49d0fb0f9938d28fd1d46e60a/detection

3.131.207.170:17041

# Reference: https://www.virustotal.com/gui/file/c1b0147d71f0505d82102f1d0db65752604dee80508723ce8a78453e96af358a/detection
# Reference: https://www.virustotal.com/gui/file/de6fbb6cfbf7bb74ea9d0e9dcaa07883dc357d0cfe09562ed45afc726e287607/detection
# Reference: https://www.virustotal.com/gui/file/addd9fa23db5ff36bb8407273637a4d6d20e83888dca5ad9aea3184c6e2d006d/detection

181.141.11.124:2404
181.141.11.124:2405
190.28.170.105:2404
190.28.170.105:2405
nod.con-ip.com

# Reference: https://www.virustotal.com/gui/file/883bb860b3a9a3a3940c54fd2ed5bbc757c1cd762e2962017caea38942b132a5/detection
# Reference: https://www.virustotal.com/gui/file/2b0441416dcfaeb908cf69343fc3c2af82772c0dfd3a2af8cca9659c31cbb1d0/detection

190.28.170.105:2100
190.28.170.105:2101
190.28.226.59:2100
190.28.226.59:2101
avastupdate.con-ip.com

# Reference: https://www.virustotal.com/gui/file/fd42eba50bc383aedeebedea992b3990e3a9fa04a73b574c0528d3cf2f2f9749/detection
# Reference: https://www.virustotal.com/gui/file/37d7e923eea7260124283d599c85c253323dc8c4aa0a55687fc8293f88614d07/detection

190.28.131.226:2200
190.28.202.144:2200
apartachord2.con-ip.com

# Reference: https://www.virustotal.com/gui/file/52bb7d7faf8f4575721894d514eb02d5f9c7d6a8144c50ae985a8a4bce3cf582/detection

177.41.46.96:7777

# Reference: https://www.virustotal.com/gui/file/4a2af578e2798d675503781ba8915b87fb48a109800aa09ac905e8412d27dcb0/detection

187.115.252.56:7777

# Reference: https://www.virustotal.com/gui/file/2bca2ddb0d37c48969f9ca795248774bc84b2408240e8a26a6bf2df03ea3caf7/detection

179.176.129.87:7777

# Reference: https://www.virustotal.com/gui/file/d74343f85e1546e3a5991838d2302793e4f0517ec828692e655e763269e43393/detection

185.140.53.170:55442
55440.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c2e0d247c0342212dc915382e86cb4afee5a22bcd2658e50ba51f47b2e928f0b/detection
# Reference: https://www.virustotal.com/gui/file/a6a2fac02178b0f60c9f33bd587dd7dbbc0f1906585cd72b76c3028bc1495251/detection
# Reference: https://www.virustotal.com/gui/file/a3452537122e1a6b4682461c79036cea1916f358a6cb44e6a7045ff3c17aeb93/detection

185.140.53.170:55443
45.125.239.219:55442
45.125.239.219:55443
55441r.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7a15ae3009674997a8205d2e0aa0ce03fc592a544f2340e1cd2d6b5f61e64a0b/detection

194.5.98.186:55442
194.5.98.186:55443

# Reference: https://www.virustotal.com/gui/file/a0911f69ebcbc93540e63bf007fcab0bbece1a9f55c780ea29fc0a4935e2b93b/detection

67.211.213.207:444

# Reference: https://www.virustotal.com/gui/file/6862cf51b5546665e90e27a0a188ea8c468097f86b8b5d68fa0521f4cd3a9550/detection

94.79.220.83:5330
asmarany.ddns.me

# Reference: https://www.virustotal.com/gui/file/e0b6bc3a80979c9698dc1a45ec43f00b0a35841706e1414fb29996eb57962c44/detection

109.202.103.170:8733
213.152.161.40:8733

# Reference: https://www.virustotal.com/gui/file/766ab97dc545207fe08d285356fa47298904585e8f2690c7d0532d0456d40fb6/detection

172.94.42.34:5555
kklink.duckdns.org

# Reference: https://www.virustotal.com/gui/file/98bd9ce6256c71da1189ff7552bc318b6e9e2e895612248601581b32d85a8e8b/detection

194.5.98.53:9596

# Reference: https://twitter.com/tosscoinwitcher/status/1558136237566767104
# Reference: https://tria.ge/220812-t9qk4ahha9
# Reference: https://tria.ge/220812-vckt1sfefr

184.75.221.163:44850
spy24.online
sfcarbotexpl.ddns.net

# Reference: https://www.virustotal.com/gui/file/dacac52a378ad8d74430d29733767e2b8e6282a86e29aef40e8e0f8544c8b16a/detection
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-17%20Remcos%20IOCs

142.11.211.90:2404
2ndspreading1.ddns.net
july202022.ddns.net
july20220spread.ddns.net
july20220spread2.ddns.net

# Reference: https://www.virustotal.com/gui/file/50365c827bd768ec7fdf1a5b688d19ec0645042e92f04dad712a1955e9bb4c8b/detection

febrem.ddns.net
febrem1.ddns.net
febrem2.ddns.net
febrem3.ddns.net
febrem4.ddns.net
febrem5.ddns.net
marrem1.ddnsking.com
marrem2.ddnsking.com
marrem3.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/detection

freshspread.ddnsking.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-18%20Remcos%202%20IOCs
# Reference: https://www.virustotal.com/gui/file/6c232920b9bb1f2c3bf71124f93f06f49fdf41c3bae35237f7b031bebba14cc5/detection

patronkingoopsalmghandnaiojamexicoquadaras.s3.sa-east-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/27b4a6f09b24a1f951811105ca5bf9d93074a352a37497374ef12807646ca502/detection

181.141.11.124:2425
defenderos.con-ip.com
defenderos2.con-ip.com

# Reference: https://www.virustotal.com/gui/file/07521351177667d93bba36bc8e3ae4bf8f96ec3915f69a23617e5c3c92f2129b/detection

181.141.11.124:33893
serviciosnecesarios.con-ip.com

# Reference: https://twitter.com/malwaremustd1e/status/1561771687720325120
# Reference: https://www.virustotal.com/gui/file/79aba8df0169a2d90b4fad63a8df8f6635f7016276079a2517a263e4b2322fa4/detection

194.5.98.244:4044
67.214.175.69:4044
obologs.work.gd

# Reference: https://www.virustotal.com/gui/file/146e9314dabcad733e15ab5e796c53fda2be2b34ea00a0bc03efda9ea674202f/detection

45.133.174.108:2404

# Reference: https://www.virustotal.com/gui/file/5d2b715da7eafff42396f80ed3fedc8be5fb818da6bd9e476d59d49a8db260bc/detection

45.133.174.47:2404
prosir.casacam.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-23%20Remcos%20IOCs

79.134.225.115:6061
bitm.dvrlists.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos%20-%2024082022

184.75.221.195:22614
184.75.221.195:35749
191.101.30.16:22614
184.75.221.195:35749
safetysystemarea.duckdns.org
securewebareaxxx.ddns.net

# Reference: https://twitter.com/c_APT_ure/status/1563259349757468672

103.231.91.59:55026
185.165.153.84:6699
bustabantu1996.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-26%20Remcos%20IOCs

kopadd.yunethosting.rs
mandingo.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/aef88e2d45f4df7c140ed966a391de2da9ebe34936a3300a6cd5ebd90729be0b/detection

http://120.92.102.194
181.141.5.226:8021
dfdgsfgfg.duckdns.org

# Reference: https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/
# Reference: https://otx.alienvault.com/pulse/630cbb6eb1975f82211a702f
# Reference: https://www.virustotal.com/gui/file/e2816883a7a514fe1a3fbce95c04c2fc735f0c7ab872f7c23978388c42aea5c2/detection

194.147.140.29:4456
falimore001.hopto.org

# Reference: https://tria.ge/220831-e1g52aghak

185.158.251.159:2404

# Reference: https://twitter.com/pollo290987/status/1565474724309778435
# Reference: https://www.virustotal.com/gui/file/0495c0518c4d8f7cb71cdfdd10f4736e11d5d2c7bddbebdd735cf79a86390981/detection

134.19.179.235:31598
mastercoa.co
zbshort.live
vp.mastercoa.co

# Reference: https://twitter.com/c_APT_ure/status/1565631428754345986

163.123.143.143:1664
tzitziklishop1.ddns.net

# Reference: https://otx.alienvault.com/pulse/631737749da32d502398b8d0
# Reference: https://www.virustotal.com/gui/file/f3f903bfd8ee2b9c902e22977a2804ac523c478b0fbd87d5034e39e875782ed1/detection

65.21.9.51:1760
appntw.website

# Reference: https://app.any.run/tasks/daacb7d0-96a7-46c6-8af8-7e8dd7684294/
# Reference: https://www.virustotal.com/gui/file/9e3c6d2f7b4a61b99f97c864da82a42d4e8ab8eacc729618172fbe44bf237155/detection

194.5.98.195:4545
freetogo01.ddns.net

# Reference: https://twitter.com/pollo290987/status/1568310541541580801
# Reference: https://www.virustotal.com/gui/file/48bca1c51f164b95e2f73675cfefdf525bde055caf5c3942bfcee88ff950792d/detection

192.111.146.184:5564
45.83.129.166:5564
newehmpage.webredirect.org

# Reference: https://twitter.com/tosscoinwitcher/status/1570085217507082241
# Reference: https://twitter.com/AttackTrends/status/1614568073129779201
# Reference: https://tria.ge/220914-th1lzsagd4

185.176.220.29:2404
209.145.61.216:2404
genekol.nsupdate.info
genekol1.nsupdate.info
harrywlike1.ddns.net
hendersonk2022.hopto.org

# Reference: https://twitter.com/pmmkowalczyk/status/1571843321428955137
# Reference: https://www.virustotal.com/gui/file/398fdb77c5178377193497b1d19116c647fda7d2d5a7e542ac3628366e7ce8ff/detection

194.147.140.242:10101
194.5.97.59:10101
37.0.14.209:10101
themillions.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1571863696615395329

192.121.102.15:3464
192.121.102.67:3464
193.104.197.103:3464
193.104.197.110:3464
193.104.197.30:3464
193.104.197.79:3464
193.104.197.88:3464
193.104.211.212:3464
37.0.14.204:3464
45.148.4.109:3464
45.148.4.12:3464
45.148.4.3:3464
remnewyear.myddns.me
septrem.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1571900350583508993
# Reference: https://www.virustotal.com/gui/file/22bcff5827e858e9f22a1edeeccc577897103ece173b47c10f7e3a7d0ae6d3f3/detection

163.123.143.208:57952

# Reference: https://twitter.com/pollo290987/status/1572627967137792006
# Reference: https://www.virustotal.com/gui/file/6454523a7bb0aec9d2c66c43447ea65bfe8cff6659b4b4fea26d8919571de430/detection
# Reference: https://www.virustotal.com/gui/file/a646ae729b3f8412fa1e2fd7fe6f4c5a592b3ff7446466c0258bee74f9ef2a62/detection

172.111.234.110:5888
212.192.246.154:41900

# Reference: https://otx.alienvault.com/pulse/6324668c34562390e99611e8

flyerenergy.com
mutaalofomaha.com

# Reference: https://www.virustotal.com/gui/file/28b582488eb5318ec99c37bd78932ea8e641c9ca49cab73145cf25b79935826c/detection

http://194.38.23.170

# Reference: https://twitter.com/StopMalvertisin/status/1576927905652756485
# Reference: https://www.virustotal.com/gui/file/3b44d9aa4abd608f2dd1ec103d734c6402d3cb751dc2f38a46dc682aaa05a6bb/detection

37.0.14.206:6081

# Reference: https://twitter.com/pollo290987/status/1576940654588198917

45.155.165.160:40567

# Reference: https://twitter.com/pollo290987/status/1577292591493545984

185.140.53.160:2404
194.5.98.63:2404
dapsan.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-04%20Remcos%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/69.49.230.231/relations
# Reference: https://www.virustotal.com/gui/file/a4a20a36599949af2301f68e5e636daf2ab4957d1080ead17bedc5050aea755f/detection

194.5.97.174:6268
37.0.14.208:6268
13-9whm.tk
blhlqqip2.site
blhlqqip3.site
blhlqqip4.site
blhlqqip5.site
kiadsadw1.ga
kiadsadw1.gq
kiadsadw1.ml
kiadsadw1.tk
kiadsadw2.ga
kiadsadw2.gq
kiadsadw2.ml
kiadsadw2.tk
kiadsadw3.cf
kiadsadw3.ga
kiadsadw3.gq
kiadsadw3.tk
kiadsadw4.cf
kiadsadw4.ga
kiadsadw4.ml
kiadsadw4.tk
kiadsadw5.cf
kiadsadw5.ga
kiadsadw5.gq
kiadsadw5.ml
kiadsadw5.tk
kiadsadw6.cf
kiadsadw6.ga
kiadsadw6.gq
kiadsadw6.ml
kiadsadw6.tk
kiadsadw7.cf
kiadsadw7.ga
kiadsadw7.gq
kiadsadw7.ml
kiadsadw7.tk
kiadsadw8.cf
kiadsadw8.ga
kiadsadw8.gq
kiadsadw8.ml
kiadsadw8.tk
kiadsadw9.cf
oclkcwpz5.site
server-ellcz1.cf
server-ellcz1.ga
server-ellcz1.gq
server-ellcz1.ml
server-ellcz1.tk
server-ellcz2.ga
server-ellcz2.gq
server-ellcz2.ml
server-ellcz2.tk
server-ellcz3.cf
server-ellcz3.ga
server-ellcz3.gq
server-ellcz3.ml
server-ellcz3.tk
server-ellcz4.cf
server-ellcz4.ga
server-ellcz4.gq
server-ellcz4.ml
server-ellcz4.tk
server-ellcz5.cf
server-ellcz5.ga
server-ellcz5.gq
server-ellcz5.ml
server-ellcz5.tk
server-ellcz6.cf
server-ellcz6.ga
server-ellcz6.gq
server-ellcz6.ml
server-ellcz6.tk
server-ellcz7.cf
server-ellcz7.ga
server-ellcz7.gq
server-ellcz7.ml
server-ellcz7.tk
server-ellcz8.cf
server-ellcz8.ga
server-ellcz8.gq
server-ellcz8.ml
server-ellcz8.tk
server-ellcz9.cf
server-goeif1.cf
server-goeif1.ga
server-goeif1.gq
server-goeif1.ml
server-goeif1.tk
server-goeif2.cf
server-goeif2.ga
server-goeif2.gq
server-goeif2.ml
server-goeif2.tk
server-goeif3.ga
server-goeif3.gq
server-goeif3.ml
server-goeif3.tk
server-goeif4.cf
server-goeif4.ga
server-goeif4.gq
server-goeif4.ml
server-goeif4.tk
server-goeif5.cf
server-goeif5.ga
server-goeif5.ml
server-goeif5.tk
server-goeif6.cf
server-goeif6.ga
server-goeif6.gq
server-goeif6.ml
server-goeif7.cf
server-goeif7.ga
server-goeif7.gq
server-goeif7.ml
server-goeif7.tk
server-goeif8.cf
server-goeif8.ga
server-goeif8.gq
server-goeif8.ml
server-goeif8.tk
server-goeif9.cf
server-hrmpb1.cf
server-hrmpb1.ga
server-hrmpb1.gq
server-hrmpb1.ml
server-hrmpb1.tk
server-hrmpb2.cf
server-hrmpb2.ga
server-hrmpb2.gq
server-hrmpb2.ml
server-hrmpb2.tk
server-hrmpb3.cf
server-hrmpb3.ga
server-hrmpb3.gq
server-hrmpb3.ml
server-hrmpb4.cf
server-hrmpb4.ga
server-hrmpb4.gq
server-hrmpb4.ml
server-hrmpb4.tk
server-hrmpb5.cf
server-hrmpb5.ga
server-hrmpb5.gq
server-hrmpb5.ml
server-hrmpb5.tk
server-hrmpb6.cf
server-hrmpb6.ga
server-hrmpb6.gq
server-hrmpb6.ml
server-hrmpb6.tk
server-hrmpb7.cf
server-hrmpb7.ga
server-hrmpb7.gq
server-hrmpb7.ml
server-hrmpb7.tk
server-hrmpb8.cf
server-hrmpb8.ga
server-hrmpb8.gq
server-hrmpb8.ml
server-hrmpb8.tk
server-jmxhz1.cf
server-jmxhz1.ga
server-jmxhz1.gq
server-jmxhz1.ml
server-jmxhz2.cf
server-jmxhz2.ga
server-jmxhz2.gq
server-jmxhz2.ml
server-jmxhz2.tk
server-jmxhz3.cf
server-jmxhz3.ga
server-jmxhz3.gq
server-jmxhz3.ml
server-jmxhz3.tk
server-jmxhz4.ga
server-jmxhz4.gq
server-jmxhz4.ml
server-jmxhz4.tk
server-jmxhz5.cf
server-jmxhz5.ga
server-jmxhz5.gq
server-jmxhz5.ml
server-jmxhz5.tk
server-jmxhz6.cf
server-jmxhz6.ga
server-jmxhz6.gq
server-jmxhz6.ml
server-jmxhz6.tk
server-jmxhz7.cf
server-jmxhz7.ga
server-jmxhz7.gq
server-jmxhz7.ml
server-jmxhz7.tk
server-jmxhz8.cf
server-jmxhz8.ga
server-jmxhz8.gq
server-jmxhz8.ml
server-jmxhz8.tk
server-jmxhz9.cf
server-nrcje1.cf
server-nrcje1.gq
server-nrcje1.ml
server-nrcje1.tk
server-nrcje2.cf
server-nrcje2.ga
server-nrcje2.gq
server-nrcje2.ml
server-nrcje2.tk
server-nrcje3.cf
server-nrcje3.ga
server-nrcje3.gq
server-nrcje3.ml
server-nrcje3.tk
server-nrcje4.cf
server-nrcje4.ga
server-nrcje4.gq
server-nrcje4.tk
server-nrcje5.cf
server-nrcje5.ga
server-nrcje5.gq
server-nrcje5.ml
server-nrcje5.tk
server-nrcje6.cf
server-nrcje6.ga
server-nrcje6.ml
server-nrcje6.tk
server-nrcje7.cf
server-nrcje7.ga
server-nrcje7.gq
server-nrcje7.ml
server-nrcje7.tk
server-nrcje8.gq
server-nrcje8.ml
server-nrcje8.tk
server-nrcje9.cf
server-nymyq1.cf
server-nymyq1.ga
server-nymyq1.gq
server-nymyq1.ml
server-nymyq1.tk
server-nymyq2.cf
server-nymyq2.ga
server-nymyq2.gq
server-nymyq2.tk
server-nymyq3.cf
server-nymyq3.ga
server-nymyq3.gq
server-nymyq3.ml
server-nymyq3.tk
server-nymyq4.cf
server-nymyq4.ga
server-nymyq4.gq
server-nymyq4.ml
server-nymyq4.tk
server-nymyq5.cf
server-nymyq5.ga
server-nymyq5.gq
server-nymyq5.ml
server-nymyq6.cf
server-nymyq6.ga
server-nymyq6.gq
server-nymyq6.ml
server-nymyq6.tk
server-nymyq7.cf
server-nymyq7.ga
server-nymyq7.gq
server-nymyq7.tk
server-nymyq8.cf
server-nymyq8.ga
server-nymyq8.gq
server-nymyq8.ml
server-nymyq8.tk
server-nymyq9.cf
server-pxhop1.cf
server-pxhop1.ga
server-pxhop1.gq
server-pxhop1.ml
server-pxhop1.tk
server-pxhop2.cf
server-pxhop2.ga
server-pxhop2.ml
server-pxhop2.tk
server-pxhop3.ga
server-pxhop3.gq
server-pxhop3.ml
server-pxhop3.tk
server-pxhop4.cf
server-pxhop4.gq
server-pxhop4.ml
server-pxhop4.tk
server-pxhop5.cf
server-pxhop5.ga
server-pxhop5.gq
server-pxhop5.ml
server-pxhop5.tk
server-pxhop6.cf
server-pxhop6.ga
server-pxhop6.gq
server-pxhop6.ml
server-pxhop6.tk
server-pxhop7.cf
server-pxhop7.ga
server-pxhop7.gq
server-pxhop7.ml
server-pxhop7.tk
server-pxhop8.cf
server-pxhop8.ga
server-pxhop8.gq
server-pxhop8.ml
server-pxhop8.tk
server-sadwb1.cf
server-sadwb1.ga
server-sadwb1.gq
server-sadwb1.ml
server-sadwb1.tk
server-sadwb2.cf
server-sadwb2.ga
server-sadwb2.gq
server-sadwb2.ml
server-sadwb2.tk
server-sadwb3.cf
server-sadwb3.ga
server-sadwb3.gq
server-sadwb3.ml
server-sadwb3.tk
server-sadwb4.cf
server-sadwb4.ga
server-sadwb4.gq
server-sadwb4.ml
server-sadwb4.tk
server-sadwb5.cf
server-sadwb5.ga
server-sadwb5.gq
server-sadwb5.ml
server-sadwb5.tk
server-sadwb6.cf
server-sadwb6.ga
server-sadwb6.gq
server-sadwb6.ml
server-sadwb6.tk
server-sadwb7.cf
server-sadwb7.gq
server-sadwb7.ml
server-sadwb7.tk
server-sadwb8.cf
server-sadwb8.ga
server-sadwb8.gq
server-sadwb8.ml
server-sadwb8.tk
server-sadwb9.cf
server-uewit1.cf
server-uewit1.ga
server-uewit1.gq
server-uewit1.ml
server-uewit1.tk
server-uewit2.cf
server-uewit2.ga
server-uewit2.gq
server-uewit2.tk
server-uewit3.cf
server-uewit3.ga
server-uewit3.gq
server-uewit3.ml
server-uewit3.tk
server-uewit4.cf
server-uewit4.ga
server-uewit4.gq
server-uewit4.ml
server-uewit4.tk
server-uewit5.cf
server-uewit5.ga
server-uewit5.gq
server-uewit5.ml
server-uewit5.tk
server-uewit6.cf
server-uewit6.ga
server-uewit6.gq
server-uewit6.ml
server-uewit6.tk
server-uewit7.cf
server-uewit7.ga
server-uewit7.gq
server-uewit7.ml
server-uewit7.tk
server-uewit8.cf
server-uewit8.gq
server-uewit8.ml
server-uewit8.tk
server-uewit9.cf
server-uewit9.ga
server-waajo1.cf
server-waajo1.gq
server-waajo1.ml
server-waajo1.tk
server-waajo2.cf
server-waajo2.ga
server-waajo2.gq
server-waajo2.ml
server-waajo2.tk
server-waajo3.ga
server-waajo3.gq
server-waajo3.ml
server-waajo3.tk
server-waajo4.cf
server-waajo4.ga
server-waajo4.gq
server-waajo4.ml
server-waajo4.tk
server-waajo5.cf
server-waajo5.ga
server-waajo5.gq
server-waajo5.ml
server-waajo5.tk
server-waajo6.cf
server-waajo6.ga
server-waajo6.gq
server-waajo6.ml
server-waajo6.tk
server-waajo7.cf
server-waajo7.ga
server-waajo7.gq
server-waajo7.ml
server-waajo7.tk
server-waajo8.cf
server-waajo8.ga
server-waajo8.gq
server-waajo8.ml
server-waajo8.tk
server-waajo9.cf
server-wxmqf1.cf
server-wxmqf1.ga
server-wxmqf1.gq
server-wxmqf1.ml
server-wxmqf2.cf
server-wxmqf2.ga
server-wxmqf2.gq
server-wxmqf2.ml
server-wxmqf2.tk
server-wxmqf3.cf
server-wxmqf3.ga
server-wxmqf3.gq
server-wxmqf3.ml
server-wxmqf3.tk
server-wxmqf4.cf
server-wxmqf4.ga
server-wxmqf4.gq
server-wxmqf4.ml
server-wxmqf4.tk
server-wxmqf5.cf
server-wxmqf5.ga
server-wxmqf5.gq
server-wxmqf5.ml
server-wxmqf5.tk
server-wxmqf6.cf
server-wxmqf6.ga
server-wxmqf6.gq
server-wxmqf6.ml
server-wxmqf6.tk
server-wxmqf7.cf
server-wxmqf7.ga
server-wxmqf7.gq
server-wxmqf7.ml
server-wxmqf7.tk
server-wxmqf8.cf
server-wxmqf8.ga
server-wxmqf8.gq
server-wxmqf8.ml
server-wxmqf8.tk
server-wxmqf9.cf
server-xdkhf1.ga
server-xdkhf1.gq
server-xdkhf1.ml
server-xdkhf1.tk
server-xdkhf2.ga
server-xdkhf2.gq
server-xdkhf2.ml
server-xdkhf2.tk
server-xdkhf3.cf
server-xdkhf3.ga
server-xdkhf3.gq
server-xdkhf3.ml
server-xdkhf3.tk
server-xdkhf4.cf
server-xdkhf4.ga
server-xdkhf4.gq
server-xdkhf4.ml
server-xdkhf4.tk
server-xdkhf5.cf
server-xdkhf5.ga
server-xdkhf5.ml
server-xdkhf5.tk
server-xdkhf6.cf
server-xdkhf6.ga
server-xdkhf6.gq
server-xdkhf6.ml
server-xdkhf6.tk
server-xdkhf7.cf
server-xdkhf7.ga
server-xdkhf7.gq
server-xdkhf7.ml
server-xdkhf7.tk
server-xdkhf8.cf
server-xdkhf8.ga
server-xdkhf8.gq
server-xdkhf8.ml
server-xdkhf8.tk
server-xdkhf9.cf
server-xdkhf9.ga
zelthin.dvrlists.com

# Reference: https://www.virustotal.com/gui/ip-address/162.144.81.198/relations

sped-ailyx1.ga
sped-ailyx1.gq
sped-ailyx1.tk
sped-ailyx2.ga
sped-ailyx2.gq
sped-ailyx2.ml
sped-ailyx2.tk
sped-ailyx3.cf
sped-ailyx3.gq
sped-ailyx3.ml
sped-ailyx3.tk
sped-ailyx4.ga
sped-ailyx4.gq
sped-ailyx4.ml
sped-ailyx4.tk
sped-ailyx5.cf
sped-ailyx5.ga
sped-ailyx5.gq
sped-ailyx5.ml
sped-ailyx5.tk
sped-ailyx6.cf
sped-ailyx6.ga
sped-ailyx6.gq
sped-ailyx6.ml
sped-ailyx6.tk
sped-ailyx7.cf
sped-ailyx7.ga
sped-ailyx7.gq
sped-ailyx7.ml
sped-ailyx7.tk
sped-ailyx8.cf
sped-ailyx8.ga
sped-ailyx8.gq
sped-ailyx8.tk
sped-ailyx9.cf
sped-ailyx9.gq
sped-ailyx9.ml
sped-ejeql1.cf
sped-ejeql1.ga
sped-ejeql1.gq
sped-ejeql1.tk
sped-ejeql2.cf
sped-ejeql2.ga
sped-ejeql2.gq
sped-ejeql2.ml
sped-ejeql2.tk
sped-ejeql3.cf
sped-ejeql3.ga
sped-ejeql3.gq
sped-ejeql3.ml
sped-ejeql3.tk
sped-ejeql4.cf
sped-ejeql4.ga
sped-ejeql4.gq
sped-ejeql4.ml
sped-ejeql4.tk
sped-ejeql5.ga
sped-ejeql5.gq
sped-ejeql5.ml
sped-ejeql5.tk
sped-ejeql6.ga
sped-ejeql6.gq
sped-ejeql6.tk
sped-ejeql7.cf
sped-ejeql7.tk
sped-ejeql8.cf
sped-ejeql8.ga
sped-ejeql8.gq
sped-ejeql8.ml
sped-ejeql8.tk
sped-ejeql9.cf
sped-ejeql9.ga
sped-ejeql9.gq
sped-ejeql9.ml
sped-ejeql9.tk
sped-klyit1.cf
sped-klyit1.ga
sped-klyit1.gq
sped-klyit1.ml
sped-klyit1.tk
sped-klyit2.cf
sped-klyit2.ga
sped-klyit2.gq
sped-klyit2.ml
sped-klyit2.tk
sped-klyit3.ga
sped-klyit3.gq
sped-klyit3.ml
sped-klyit3.tk
sped-klyit4.cf
sped-klyit4.ga
sped-klyit4.gq
sped-klyit4.ml
sped-klyit4.tk
sped-klyit5.ga
sped-klyit5.ml
sped-klyit5.tk
sped-klyit6.cf
sped-klyit6.ga
sped-klyit6.gq
sped-klyit6.tk
sped-klyit7.cf
sped-klyit7.ga
sped-klyit7.ml
sped-klyit8.cf
sped-klyit8.ga
sped-klyit8.gq
sped-klyit8.ml
sped-klyit8.tk
sped-klyit9.cf
sped-klyit9.ga
sped-klyit9.gq
sped-klyit9.ml
sped-wbcfd1.cf
sped-wbcfd1.ga
sped-wbcfd1.gq
sped-wbcfd1.ml
sped-wbcfd2.cf
sped-wbcfd2.ga
sped-wbcfd2.gq
sped-wbcfd2.ml
sped-wbcfd2.tk
sped-wbcfd3.gq
sped-wbcfd3.ml
sped-wbcfd3.tk
sped-wbcfd4.cf
sped-wbcfd4.ml
sped-wbcfd4.tk
sped-wbcfd5.cf
sped-wbcfd5.ga
sped-wbcfd5.gq
sped-wbcfd5.ml
sped-wbcfd5.tk
sped-wbcfd6.cf
sped-wbcfd6.gq
sped-wbcfd6.tk
sped-wbcfd7.cf
sped-wbcfd7.ga
sped-wbcfd7.ml
sped-wbcfd7.tk
sped-wbcfd8.cf
sped-wbcfd8.ga
sped-wbcfd8.gq
sped-wbcfd8.ml
sped-wbcfd8.tk
sped-wbcfd9.cf
sped-wbcfd9.ga
sped-wbcfd9.gq
sped-wbcfd9.ml
sped-wbcfd9.tk
sped-xwctm1.cf
sped-xwctm1.ga
sped-xwctm1.gq
sped-xwctm1.ml
sped-xwctm1.tk
sped-xwctm2.cf
sped-xwctm2.ga
sped-xwctm2.ml
sped-xwctm2.tk
sped-xwctm3.cf
sped-xwctm3.ga
sped-xwctm3.ml
sped-xwctm3.tk
sped-xwctm4.cf
sped-xwctm4.ga
sped-xwctm4.ml
sped-xwctm4.tk
sped-xwctm5.cf
sped-xwctm5.ga
sped-xwctm5.gq
sped-xwctm5.ml
sped-xwctm5.tk
sped-xwctm6.cf
sped-xwctm6.ga
sped-xwctm6.gq
sped-xwctm6.tk
sped-xwctm7.ga
sped-xwctm7.gq
sped-xwctm7.ml
sped-xwctm7.tk
sped-xwctm8.cf
sped-xwctm8.ga
sped-xwctm8.gq
sped-xwctm8.tk
sped-xwctm9.cf
sped-xwctm9.ga
sped-xwctm9.gq
sped-xwctm9.ml
uiu-auzq1.cf
uiu-auzq1.ga
uiu-auzq1.gq
uiu-auzq1.ml
uiu-auzq1.tk
uiu-auzq2.cf
uiu-auzq2.gq
uiu-auzq2.ml
uiu-auzq2.tk
uiu-auzq3.cf
uiu-auzq3.ga
uiu-auzq3.ml
uiu-auzq4.cf
uiu-auzq4.ga
uiu-auzq4.gq
uiu-auzq4.ml
uiu-auzq4.tk
uiu-auzq5.ga
uiu-auzq5.gq
uiu-auzq5.ml
uiu-auzq5.tk
uiu-auzq6.cf
uiu-auzq6.ga
uiu-auzq6.gq
uiu-auzq6.ml
uiu-auzq6.tk
uiu-auzq7.ga
uiu-auzq7.gq
uiu-auzq8.cf
uiu-auzq8.ga
uiu-auzq8.gq
uiu-auzq8.ml
uiu-auzq8.tk
uiu-auzq9.cf
uiu-hajs1.cf
uiu-hajs1.ga
uiu-hajs1.gq
uiu-hajs1.ml
uiu-hajs1.tk
uiu-hajs2.cf
uiu-hajs2.ga
uiu-hajs2.gq
uiu-hajs2.ml
uiu-hajs2.tk
uiu-hajs3.cf
uiu-hajs3.ga
uiu-hajs3.gq
uiu-hajs3.ml
uiu-hajs3.tk
uiu-hajs4.cf
uiu-hajs4.ga
uiu-hajs4.gq
uiu-hajs4.ml
uiu-hajs4.tk
uiu-hajs5.cf
uiu-hajs5.ga
uiu-hajs5.gq
uiu-hajs5.ml
uiu-hajs5.tk
uiu-hajs6.cf
uiu-hajs6.ga
uiu-hajs6.gq
uiu-hajs6.ml
uiu-hajs6.tk
uiu-hajs7.cf
uiu-hajs7.ga
uiu-hajs7.gq
uiu-hajs7.ml
uiu-hajs7.tk
uiu-hajs8.cf
uiu-hajs8.ga
uiu-hajs8.gq
uiu-hajs8.ml
uiu-hajs9.cf
uiu-iksk1.cf
uiu-iksk1.ga
uiu-iksk1.gq
uiu-iksk1.tk
uiu-iksk2.cf
uiu-iksk2.ga
uiu-iksk2.gq
uiu-iksk2.ml
uiu-iksk2.tk
uiu-iksk3.cf
uiu-iksk3.ga
uiu-iksk3.gq
uiu-iksk3.ml
uiu-iksk3.tk
uiu-iksk4.cf
uiu-iksk4.ga
uiu-iksk4.gq
uiu-iksk4.ml
uiu-iksk4.tk
uiu-iksk5.cf
uiu-iksk5.ga
uiu-iksk5.gq
uiu-iksk5.ml
uiu-iksk5.tk
uiu-iksk6.cf
uiu-iksk6.ga
uiu-iksk6.gq
uiu-iksk6.ml
uiu-iksk6.tk
uiu-iksk7.cf
uiu-iksk7.ga
uiu-iksk7.gq
uiu-iksk7.ml
uiu-iksk7.tk
uiu-iksk8.cf
uiu-iksk8.ga
uiu-iksk8.gq
uiu-iksk8.ml
uiu-iksk8.tk
uiu-iksk9.cf
uiu-peho1.cf
uiu-peho1.ga
uiu-peho1.gq
uiu-peho1.ml
uiu-peho1.tk
uiu-peho2.cf
uiu-peho2.ga
uiu-peho2.gq
uiu-peho2.ml
uiu-peho2.tk
uiu-peho3.cf
uiu-peho3.ga
uiu-peho3.gq
uiu-peho3.ml
uiu-peho3.tk
uiu-peho4.cf
uiu-peho4.ga
uiu-peho4.gq
uiu-peho4.ml
uiu-peho4.tk
uiu-peho5.cf
uiu-peho5.ga
uiu-peho5.gq
uiu-peho5.ml
uiu-peho5.tk
uiu-peho6.cf
uiu-peho6.gq
uiu-peho6.ml
uiu-peho6.tk
uiu-peho7.cf
uiu-peho7.ga
uiu-peho7.gq
uiu-peho7.ml
uiu-peho7.tk
uiu-peho8.cf
uiu-peho8.ga
uiu-peho8.gq
uiu-peho8.ml
uiu-peho8.tk
uiu-peho9.cf
uiu-unky1.cf
uiu-unky1.ga
uiu-unky1.gq
uiu-unky1.ml
uiu-unky1.tk
uiu-unky2.cf
uiu-unky2.ga
uiu-unky2.gq
uiu-unky2.ml
uiu-unky2.tk
uiu-unky3.cf
uiu-unky3.ga
uiu-unky3.gq
uiu-unky3.ml
uiu-unky3.tk
uiu-unky4.cf
uiu-unky4.ga
uiu-unky4.gq
uiu-unky4.ml
uiu-unky4.tk
uiu-unky5.cf
uiu-unky5.ga
uiu-unky5.ml
uiu-unky5.tk
uiu-unky6.cf
uiu-unky6.ga
uiu-unky6.gq
uiu-unky6.ml
uiu-unky6.tk
uiu-unky7.cf
uiu-unky7.ga
uiu-unky7.gq
uiu-unky7.ml
uiu-unky7.tk
uiu-unky8.cf
uiu-unky8.ga
uiu-unky8.gq
uiu-unky8.ml
uiu-unky8.tk
uiu-unky9.cf
uiu-uwim1.cf
uiu-uwim1.ga
uiu-uwim1.gq
uiu-uwim1.ml
uiu-uwim1.tk
uiu-uwim2.cf
uiu-uwim2.ga
uiu-uwim2.gq
uiu-uwim2.ml
uiu-uwim2.tk
uiu-uwim3.cf
uiu-uwim3.ga
uiu-uwim3.gq
uiu-uwim3.ml
uiu-uwim3.tk
uiu-uwim4.cf
uiu-uwim4.ga
uiu-uwim4.gq
uiu-uwim4.ml
uiu-uwim4.tk
uiu-uwim5.cf
uiu-uwim5.ga
uiu-uwim5.gq
uiu-uwim5.ml
uiu-uwim5.tk
uiu-uwim6.cf
uiu-uwim6.ga
uiu-uwim6.gq
uiu-uwim6.ml
uiu-uwim6.tk
uiu-uwim7.cf
uiu-uwim7.ga
uiu-uwim7.gq
uiu-uwim7.ml
uiu-uwim7.tk
uiu-uwim8.cf
uiu-uwim8.ga
uiu-uwim8.gq
uiu-uwim8.ml
uiu-uwim8.tk
uiu-uwim9.cf

# Reference: https://twitter.com/reecdeep/status/1577668826149306370

45.155.165.117:50005

# Reference: https://twitter.com/MalwarePatrol/status/1577725883074256896

http://194.190.152.126

# Reference: https://www.virustotal.com/gui/file/575b64f8214eb883148c52f8231326446c513181646708e34aa5d7638175527a/detection

carsond5.hopto.org

# Reference: https://twitter.com/pollo290987/status/1578047147676778497
# Reference: https://www.virustotal.com/gui/file/c699c6b1b668b088471e74e8ac09145ced97a45a0db6c59657040257fdc8508e/detection

163.123.142.150:1492
ban318937.sytes.net

# Reference: https://twitter.com/pollo290987/status/1579485354012573696

nonprofit2.mywire.org

# Reference: https://www.virustotal.com/gui/file/a125e30eb975835c5dc09562a25c94891270b1e3ca4f920435aecd1a5ea5653b/detection

81.161.229.148:5050
valvesco.duckdns.org

# Reference: https://tria.ge/220810-txhpqacdfn/behavioral1

212.193.30.230:1024
zyt2.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/1009c900538dc157a378812cec6b2528219cf5133b59b4832456ad0bfa06c139/detection

194.87.84.40:2718

# Reference: https://www.virustotal.com/gui/file/d1a2c9b8c53aac7c1b54ef1356ed4ef8af9c0e5cca965bb757ddad436d30bf1b/detection

173.254.223.68:4040
royal.giize.com

# Reference: https://www.virustotal.com/gui/file/eb6b893999f716633ae89a1ace89ae407e07017ff347b23a5b7753f44732014d/detection

141.98.6.108:15672

# Reference: https://www.virustotal.com/gui/file/0516858d158e7596381b33f25fbd178516e5d6260ddc1e96ad0de562c282af7d/detection

91.192.100.7:1995
ableyahweh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ebf9e88c69338a8acd1bda024bf02c79e3ab357277f885dbdfb4f601623d5d6/detection

91.193.75.9:1990
amblessed.ddns.net

# Reference: https://www.virustotal.com/gui/file/a9399adef4f9beec911d353838ce6cbd5a4eeb83e1a6261b61d2b705c87d765a/detection

46.246.6.73:3669
46.246.84.6:3669

# Reference: https://twitter.com/0xToxin/status/1585274213438472194
# Reference: https://www.virustotal.com/gui/file/8c298764818ca42411115429c1f819577f5ece4d0c3dad949ea46a9ec4b49634/detection

185.225.18.106:2404
hotsdefender.webredirect.org

# Reference: https://www.virustotal.com/gui/file/929df8a15e583ad6b64698fb702cf44183f0d726d86cada07cf072d7f9f74913/detection

193.47.61.205:3542

# Reference: https://www.virustotal.com/gui/file/2f152a8da309e2878e0414477e27d6d041237de92c90f15e371c26ed9344cc40/detection

188.214.106.88:50943

# Reference: https://twitter.com/r3dbU7z/status/1589781653693804544
# Reference: https://tria.ge/221107-j1421shgaj/behavioral2

46.246.6.17:2404
46.246.6.5:2404
nuevosremcs.duckdns.org

# Reference: https://tria.ge/221117-kq1saaaa7y/behavioral1

207.244.231.35:35280
rmcos.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1597421863139160064
# Reference: https://tria.ge/221129-c4pyyaha78/behavioral1

185.246.220.39:1307
drremcoz1.ddns.net

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/08a87793c7ca10af688ef68cf54f4e5a632bef11145a60c6e48027ca91c386a5/detection

http://79.110.63.18
79.110.62.46:50499

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/284749a242c7dcee6d5f8d71bb4de12ccbc7f7acc24a8fb795859b0393f23577/detection

41.216.183.226:41900

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/3202335b43868780fc9f77d4b021c64615ba8bd148684a5d707b64f115d6fa82/detection

79.134.225.16:7967

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/7f6e79aba77c7a0d80ae08f8dabf96e340c06b9da219bc3d6c8fe38b6b33e9c1/detection

91.193.75.214:16662
obscurelegend.dvrlists.com

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/af967c81efde1833856442e497edcfc5da28b6af7940d985bb297fe8c6e3d0f7/detection

84.21.172.33:5763

# Reference: https://www.virustotal.com/gui/file/fa965dc6edbb0e244cef4ecab1dabb2d04c9c174e42ac25c60f463237bcea16b/detection

194.180.48.184:3542

# Reference: https://www.virustotal.com/gui/file/38eaa97605a5428cd10700e2fbfe0bd84c75052abdc963bf6ad151fee74f6130/detection

84.21.172.179:1988
dianmelek.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e85461238ebb99ee7d96d576e2b9a6b9e886ef11da937cf9c4cdc7c4746dde7f/detection

84.21.172.179:58001

# Reference: https://twitter.com/c_APT_ure/status/1603349872735920128
# Reference: https://bazaar.abuse.ch/sample/b13c979dae8236f1e7f322712b774cedb05850c989fc08312a348e2385ed1b21/

213.152.161.219:19888
213.152.161.79:19888
toornavigator.sytes.net

# Reference: https://www.virustotal.com/gui/file/cd676ef098fec646d192a9c14099ade8f10709ee793ee820457e6dc46c02fc5e/detection
# Reference: https://www.virustotal.com/gui/file/ce4085be9c0cea2fdaa6145e86166b051222fcc96eac12e1668d803a6b97ebfe/detection

194.5.97.174:656
tpergtbe2.ml

# Reference: https://www.virustotal.com/gui/file/dfdfddf99781b2553c12dc0eaa764c585279eaa29b70654a11bdc238b6af945e/detection
# Reference: https://www.virustotal.com/gui/file/c4fa78775e976b5e30d4f2fb71d48b068b3dc27d625972296fd5cc28c58eb1c0/detection

79.134.225.28:161
pharmacologicalembrz.ml

# Reference: https://www.virustotal.com/gui/file/3b2c104c6eb24ddf6033a3d0b437b9cb7f58484166b85b2424fe6722fe98c324/detection

41.58.118.71:37186
79.134.225.74:37186
whizzle456.duckdns.org
whizzle654321.serveftp.com

# Reference: https://www.virustotal.com/gui/file/c17492c8733386e70b6a3c5432da0a049e1f659f00a767e086a73813a9162c29/detection

209.209.238.36:16152
209.209.238.36:5880
15prill.dyndns.tv
15prill.sytes.net

# Reference: https://www.virustotal.com/gui/file/338a5d0cf39f62e64dce26cdff1f685d1b80e154ccfa41d0291bfc290d5d8d60/detection

2020.hopto.org

# Reference: https://twitter.com/Racco42/status/1612697711475572738
# Reference: https://app.any.run/tasks/46f2915c-5ebc-447d-976c-f4cfc4339f67/

37.139.128.24:2404

# Reference: https://www.virustotal.com/gui/file/fe39457c9d93744d4bf8e6e08fd4ac9b69966ef2d48588e61160f234a202123b/detection

109.206.243.198:2404

# Reference: https://tria.ge/230112-jptf5sfe26/behavioral2

37.0.14.207:2404
christopherferr.com

# Reference: https://www.virustotal.com/gui/file/0523d273cebb43b4eeba323fc371749c3ed1830ece59c762103f2851128f0722/detection

141.95.84.40:2405

# Reference: https://www.virustotal.com/gui/file/f925b063bdb5c518a812bdfc0281699c73819fa49d27f2a68d0d7c4b2dd9d604/detection

141.95.84.40:3232

# Reference: https://www.virustotal.com/gui/file/f59e46dee3832fe72f66d55121bacd2863022292407b1278acbbe5abf6e6ead9/detection

141.95.84.40:2411
141.95.84.40:3333

# Reference: https://www.virustotal.com/gui/file/da75b0a4f9e3b9106c2ab1a393b8c5fef9046ba29e498f889d3ff92c5c6760f3/detection

141.95.84.40:4090

# Reference: https://www.virustotal.com/gui/file/d72b9f4910cbe10f8d1b3eeb7096f26412fce2b735c9929c354d8f20265aba50/detection

141.95.84.40:2412

# Reference: https://www.virustotal.com/gui/file/5f22fce8c855d810422147bed37ed543c0b187652397e2854b7184fae0a5042f/detection

141.95.84.40:7171

# Reference: https://www.virustotal.com/gui/file/2f53875cb56cc1a1f69655fcfca71ac0f952b8d582bda33e101d8b262e38d0f9/detection

141.95.84.40:2606

# Reference: https://www.virustotal.com/gui/file/2bbf5987d936a4c437176ae1d7bff6de9ad5a39d5a5c77038559a8e1dc93b0c5/detection

141.95.84.40:3055

# Reference: https://www.virustotal.com/gui/file/f854ee6b89136167029b67a2b53c55d438df3099530b352d3e7766daaba9369d/detection

84.21.172.49:4890

# Reference: https://www.virustotal.com/gui/file/0b369a736f1f26563fde964ce5a3e43e6ef527a274ba336b701a7c8c34957541/detection

195.178.120.12:55988
thekillforabuse1.xyz
top.thekillforabuse1.xyz

# Reference: https://twitter.com/petrovic082/status/1614957930633101312
# Reference: https://www.virustotal.com/gui/file/41bebe4ac472b4e0d768fd1b4af192d8685380dd7a86c2341e6958b99c49e8cf/detection

195.178.120.12:1068
hirosguide.hu/ti/

# Reference: https://twitter.com/peterkruse/status/1616424231998210049
# Reference: https://www.virustotal.com/gui/ip-address/181.141.4.137/relations
# Reference: https://www.virustotal.com/gui/file/d6d3cfd0832e5bff7d52697ff3383e23f778957577361f5628922f2a6f0e7dab/detection

181.141.4.137:2001
181.141.4.137:2002
estroyer.con-ip.com
francia.con-ip.com
inglaterra.con-ip.com
lucas.con-ip.com
marruecos.con-ip.com
nacional.con-ip.com
rafael.con-ip.com
rober.con-ip.com
rusia.con-ip.com
social.con-ip.com

# Reference: https://twitter.com/c_APT_ure/status/1615840721227120641
# Reference: https://www.virustotal.com/gui/file/fdbd71c8d64f2707a4c035b246e720504299fac3d8d7ed69af76a2de55f390db/detection

37.0.14.211:3426
skg08.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ba191102fc7fc2a29c3bfd4e6bdf51863982f754c7d7663dcb47af3cbdd42181/detection

37.0.14.211:2404
dansanija.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/

http://104.168.45.122
http://13.124.14.174
http://179.43.155.153
http://52.62.144.52
http://79.110.63.66
103.125.189.83:61328
103.231.91.59:25298
104.223.119.26:7733
104.223.19.115:2404
104.223.67.132:2404
104.254.90.203:42940
104.254.90.251:5502
107.174.202.148:14207
109.206.240.68:50544
109.206.240.6:2405
109.206.243.162:53399
109.70.144.69:3535
109.70.144.79:2000
109.70.144.79:2525
128.127.104.80:5502
134.19.179.243:47855
139.28.36.147:50147
139.28.36.170:50197
139.28.39.161:2408
141.95.16.111:2404
141.98.101.133:5502
141.98.6.9:4500
142.147.97.189:1604
146.70.158.105:9674
146.70.79.79:5050
147.135.146.243:1960
149.202.24.70:1960
149.202.8.123:2404
15.235.53.10:3005
151.106.30.13:1960
155.94.136.147:2409
155.94.136.161:2404
155.94.136.202:2404
155.94.185.15:2404
157.90.145.151:1441
157.90.145.151:2158
161.129.44.36:5888
163.123.142.150:1993
163.123.142.150:9900
164.68.105.38:1960
171.22.30.101:59301
171.22.30.122:2406
171.22.30.129:5890
172.81.61.215:5050
172.93.164.93:2404
172.93.166.85:2404
172.93.187.111:2404
172.94.127.61:3389
172.94.88.33:8080
172.96.14.13:2404
172.96.14.18:2404
173.212.217.108:1050
173.44.55.155:5502
176.126.86.245:62520
178.162.204.238:7913
179.43.155.153:443
180.214.238.18:55898
181.128.108.153:3078
184.75.221.107:42940
185.106.93.201:1337
185.136.161.189:1960
185.136.163.102:1960
185.136.168.135:49177
185.136.170.229:1960
185.136.171.105:1960
185.146.88.243:2404
185.156.174.115:32763
185.157.162.115:2404
185.161.209.113:2404
185.165.153.181:6666
185.169.52.127:2404
185.189.112.27:30544
185.202.175.248:2404
185.206.225.51:18853
185.206.225.59:28027
185.216.71.245:6113
185.216.71.62:46193
185.222.58.243:8780
185.222.58.245:2404
185.222.58.53:1190
185.222.58.53:2049
185.222.58.57:1960
185.225.74.134:13579
185.225.74.148:2404
185.236.76.65:50544
185.246.131.246:333
185.246.220.130:2987
185.246.220.53:50434
185.246.220.63:3285
185.246.221.36:54794
185.252.178.35:41900
185.255.113.251:2404
185.36.191.22:58010
185.65.134.164:57012
185.65.134.165:59301
185.65.134.166:55433
185.65.134.167:55898
185.65.134.167:59301
185.65.134.182:59301
185.9.19.107:11274
185.9.19.107:8716
188.72.124.143:2295
191.101.130.149:2404
191.101.130.149:6606
191.101.130.149:7707
191.101.130.149:8808
191.101.130.24:2404
192.169.69.25:48604
193.23.3.128:28364
193.23.3.34:43672
193.25.214.194:2404
193.29.104.13:8954
193.42.32.19:2409
193.42.33.124:5050
193.47.61.170:22022
194.147.140.100:2207
194.147.140.12:7982
194.147.140.153:1997
194.147.140.168:1985
194.147.140.197:34574
194.147.140.242:2556
194.147.140.24:7657
194.147.140.32:1970
194.147.140.32:4670
194.147.140.6:4485
194.147.140.7:4770
194.180.48.225:1024
194.180.49.17:28282
194.187.251.163:3573
194.190.152.126:80
194.5.98.133:1978
194.5.98.141:2442
195.133.40.119:1993
195.133.40.168:54345
198.20.177.164:3200
198.23.207.34:2404
198.46.173.141:50482
198.46.173.141:50484
198.46.177.210:50483
198.50.231.138:2409
20.251.10.189:2349
20.38.32.202:2347
206.188.197.133:2404
208.67.107.123:8780
208.67.107.146:28288
212.193.30.230:2286
212.193.30.230:3330
212.193.30.230:3343
212.193.30.230:3348
212.193.30.230:3366
212.193.30.230:6320
212.23.211.238:26009
212.87.204.116:42836
212.87.204.130:48591
213.152.161.30:5502
213.152.161.5:53513
213.152.161.85:26342
213.152.162.94:28027
213.152.186.40:53513
213.183.58.19:4000
217.61.105.139:2404
217.64.127.195:18538
217.64.127.195:52651
23.105.131.186:1967
23.105.131.206:1978
23.105.131.238:1212
23.19.227.171:2404
23.19.227.82:1986
31.192.232.48:1991
31.192.232.48:2000
31.192.232.48:2255
31.192.232.48:3455
37.0.14.199:1985
37.0.14.203:2404
37.0.14.204:6969
37.0.14.206:2404
37.0.14.216:20901
37.120.155.179:8716
37.139.128.4:52324
37.139.128.4:54345
41.216.183.195:3060
41.216.183.96:50505
41.216.183.96:55055
45.128.234.54:55433
45.128.234.54:57012
45.137.118.105:443
45.137.22.116:2404
45.137.22.236:5890
45.137.22.248:8780
45.137.22.77:8780
45.138.16.39:5202
45.138.172.94:2404
45.139.105.174:10929
45.139.105.174:2210
45.139.105.174:3111
45.139.105.174:3132
45.139.105.174:5890
45.139.105.174:6320
45.155.165.117:40004
45.155.165.117:56243
45.155.165.139:57604
45.62.170.248:2444
45.66.151.212:1960
45.81.243.246:2022
45.81.39.21:2404
45.82.84.10:2408
45.87.61.104:3033
45.88.66.122:54321
46.183.216.163:8107
46.183.217.11:64702
46.183.223.57:7888
5.206.227.115:2404
5.42.199.110:1703
51.161.212.232:2406
51.161.212.232:2407
51.210.137.26:2404
51.210.137.26:3345
51.210.137.26:5656
51.75.209.245:2404
51.75.209.245:2406
52.9.61.96:2404
62.102.148.160:43219
64.112.85.218:4888
64.44.102.244:1960
65.21.9.53:1104
66.63.168.35:5888
78.138.105.209:1986
79.110.63.178:8974
79.134.225.109:2404
79.134.225.115:2442
79.134.225.116:2404
79.134.225.119:3035
79.134.225.23:1097
79.134.225.36:3400
79.134.225.36:3404
79.134.225.6:62520
79.134.225.94:5050
79.134.225.98:2404
79.142.69.160:24103
80.66.75.36:53777
80.66.75.41:11114
80.66.75.41:1445
80.66.75.41:33222
80.66.75.51:2290
80.85.153.132:2442
81.161.229.194:28888
83.229.39.38:2404
84.38.132.103:2404
85.31.44.145:28888
85.31.44.145:41900
85.31.46.94:5050
87.121.221.150:50012
87.121.221.29:47891
88.209.254.28:2404
89.37.99.49:5888
89.45.6.58:54841
91.192.100.12:2404
91.192.100.20:7967
91.192.100.23:2404
91.192.100.41:8600
91.192.100.48:1979
91.193.75.134:8877
91.193.75.163:10171
91.193.75.179:8780
91.193.75.188:60005
91.200.102.59:2404
91.231.84.41:10929
91.231.84.41:22824
91.231.84.41:52651
95.111.251.64:1405
96.44.132.182:2404
arttronova124.duckdns.org
arttronova23.duckdns.org
aryexpcrt.ddns.net
aza.mastercoa.co
bendiciones777.con-ip.com
blessed.mypsx.net
bmarch459.sytes.net
brremcoz1.ddns.net
bustabantu0817.duckdns.org
caliente.con-ip.com
calvo.con-ip.com
casamami.con-ip.com
craigjonson91211.freedynamicdns.net
cryptersandtools-70d26.appspot.com
dapsan.biz
destroyer.con-ip.com
eaidali101.ddns.net
emberluck.duckdns.org
favgrandson7.sytes.net
fineboy.andosela.xyz
god7.duckdns.org
harvard.zapto.org
iehvihciuwgcihw.con-ip.com
ischishdiuchwdc.con-ip.com
liloskyxpgrot.duckdns.org
loft.london
march4great.ddns.net
maz.mastercoa.co
mazhararyousaf.ddns.net
mesa67279.sytes.net
muwkege4.zapto.org
ndimmiri.hopto.org
noforabusers1.xyz
noneabuse01.xyz
nonprofit2.webredirect.org
not2beabused02.xyz
nuevocarro.con-ip.com
nwconstructions.us
ogcmaw.duckdns.org
palma.con-ip.com
powerstationinfinite.online
remfff.duckdns.org
richardskoug34.ddns.net
santiagoroblesplata.con-ip.com
sas.yuldede.com
sdhbcsidhvosdhv.con-ip.com
seanblacin.sytes.net
sub.not2beabused02.xyz
svervhiubvdc.con-ip.com
tochukwu1122.ddns.net
top.noforabusers1.xyz
top.noneabuse01.xyz
top.not2beabused01.xyz
toshiba1122.ddns.net
ucremcz1.ddns.net
wudciwhefhgw.duckdns.org
yasinkayites.ddns.net

# Reference: https://www.virustotal.com/gui/file/f6847b746e97fbfbf29670e635317472fbfd5524e1f2d9d34bf78a3d15e9a7e3/detection

181.235.5.74:2427
contifico.con-ip.com

# Reference: https://twitter.com/r3dbU7z/status/1621166936703877120
# Reference: https://www.virustotal.com/gui/file/7255c52bd792b4078fb2bc5924259cc3becada28ea69afb76f26a7b2eb2f28cd/detection

185.246.220.63:3689

# Reference: https://www.virustotal.com/gui/file/4c95e2b5198e322af6ec97711dec10264d68c37eb27c19a6ad884430f0e0f638/detection

142.147.97.189:2404
ezeife.kozow.com

# Reference: https://twitter.com/Cyber0verload/status/1623752663153221632
# Reference: https://cert.gov.ua/article/3804703 (# UAC-0050)
# Reference: https://www.virustotal.com/gui/ip-address/80.78.254.28/relations
# Reference: https://www.virustotal.com/gui/file/f1103f0e35b7b47f020f951f07a87c74275aacec6a2610690a0f80e34e8eae73/detection
# Reference: https://www.virustotal.com/gui/file/5047f53e2e496b38b1a11bc856c79d6602fb28f7a0b16a4c4082845dee225677/detection
# Reference: https://www.virustotal.com/gui/file/ca408a4f313a8dc8afe42b490e74b345d758bc319c0b5b251f03fed84e8deb0e/detection

101.99.91.158:5222
124.88.67.67:5222
124.88.67.98:5222
178.23.190.252:8080
178.23.190.253:8080
178.23.190.254:8080
178.23.190.54:8080
94.131.99.153:5222
94.131.99.153:8080
94.131.99.156:5222
94.131.99.56:5222
94.131.99.89:5222
industrial-safety.online
telecomds.online
mail.industrial-safety.online

# Reference: https://www.virustotal.com/gui/file/174d22ee27fbd8ea4dfedfcd32765e3fc48a39de6a8e7ddffbf2038ac75ac6a5/detection

147.185.221.223:10558
147.185.221.223:10559
147.185.221.223:10560
147.185.221.223:10561
147.185.221.223:10562
147.185.221.223:10563
financial-replication.at.playit.gg
kit-era.at.playit.gg
second-serving.at.playit.gg
services-bone.at.playit.gg
sort-perceived.at.playit.gg
time-trigger.at.playit.gg

# Reference: https://twitter.com/r3dbU7z/status/1621535413167874050
# Reference: https://www.virustotal.com/gui/file/73d0dbd4654e3711bb0c4feb8f8e580e3069cb8ae4477799d1db4c566ebd918b/detection

192.99.180.181:2404

# Reference: https://www.virustotal.com/gui/file/fe77b458294e45cb53caf1354ad3e7bba1ea24f8f45c2ee6b33d65ff8052fabb/detection
# Reference: https://www.virustotal.com/gui/file/051c452acf3d8aca8cc7044c8a7a15722cbc146c756789c08f90ade3a4be3d94/detection
# Reference: https://www.virustotal.com/gui/file/d4dbaf7206b04968b0b555406e6e3d8e37eff3eecb2556bd88a3a349bfcab2ae/detection
# Reference: https://www.virustotal.com/gui/file/a2ddaa327b7712ee58f7809794540157d2433bd27aca885cdc98893cf8eebf53/detection

192.169.69.26:2404
80.76.51.46:2404
92.222.212.90:2404
rlbotz.duckdns.org
thorami.duckdns.org
tridengames.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4/detection

142.44.214.143:9051
34.122.119.165:9215
34.173.190.11:9217
35.184.164.194:9212
35.192.147.46:9211
including-bugs.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/fd41341e7936b32a7952b587ded5e3160068656feb358d9ace34e53e508a3f84/detection
# Reference: https://www.virustotal.com/gui/file/ada41a94c2faec325a2e2234c68b80b1309f9e0bd754494fcba5f9f10f6bc260/detection

154.12.234.207:2404
209.126.83.213:2404
retsuportm.ddnsfree.com

# Reference: https://cert.gov.ua/article/3931296 (Ukrainian)

101.99.91.124:5222
101.99.91.170:5222
101.99.91.176:5222
101.99.93.104:5222
111.90.148.194:5222
111.90.148.194:81
217.69.139.209:5222
217.69.139.209:81
217.69.139.232:81
217.69.139.243:81
77.91.100.6:5222
77.91.100.9:5222
94.131.99.159:5222
courtbox.online
courtgova.online
courtgova.site

# Reference: https://www.virustotal.com/gui/file/bb369b5310b6d9812c46d64a408f7556fad21376d1d0c854c43309b2dac34552/detection

37.0.14.209:6299
no4abuse1.xyz
top.no4abuse1.xyz

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

37.0.14.209:2025
zytt.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/e7e71fa866ba62d702c610faec93f3618e3af846f9244b11ba3bba3179b58ce8/detection
# Reference: https://www.virustotal.com/gui/file/35077e72a589bccd4ddab3a75c7ff5d90421d4e79c1cc582c610f31e63f3f24b/detection

185.19.85.162:4939
79.134.225.82:4939
84.38.134.104:4939
backupfrontmanny.duckdns.org
myfrontmannyfour.ddns.net

# Reference: https://www.virustotal.com/gui/file/94798c0478f2ecebff0e05360bb8c6f4646fa267811d15e9d534c7067225df97/detection

194.147.140.242:2556
mercyandgrace.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e18068bd0a755b56b0a23b68b6bf56542f675e0870e20c5e29fc9877ca56267/detection
# Reference: https://www.virustotal.com/gui/file/c2c285151064d2e8fee89d61084df820145e2f65a9798a9264ae0339e6789cf1/detection

http://195.2.79.233
193.188.22.218:4449

# Reference: https://www.virustotal.com/gui/file/82f9f17c738ca81deec5af268b89385215b9995231bb278ca1f3d5f21a09bac7/detection
# Reference: https://www.virustotal.com/gui/file/fd3002c39c81e97b390ccc699b4fbbce86e34ce784df963ae7ed85521c354cc8/detection

162.125.34.133:5854
202.160.130.145:5854
polyxxx.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/3706c1a1a2f12ff1cb47e856954190bab2ff09e46e7c917054a63c00bff57a64/detection

futjaparasetafusin.isa-geek.net

# Reference: https://www.virustotal.com/gui/file/2c05a049d94c304aa3895af58e8d4e5b0e33c7e4dda10bfcb5f3daeeb32b5227/detection
# Reference: https://www.virustotal.com/gui/file/b7b9713d2d43703ef4b66c2df66386453513be78efd25a50ffbe90db656fe472/detection

185.213.154.164:9535
rroki123.linkpc.net
shkurt2019.access.ly
thejerm.cable-modem.org

# Reference: https://www.virustotal.com/gui/file/1fe71ac0c89a0f467c54820e5a95423e71daf94861a8eb26775b788237658199/detection

j1kkkc.is-very-evil.org

# Reference: https://www.virustotal.com/gui/file/aefc0b8991380d4ed310f40efd7426c405ea19aeb2ede611b7f22117c31a3cfe/detection

boutiquezara.myftp.biz
cctv.zapto.org

# Reference: https://www.virustotal.com/gui/file/03afb1b7954f0e777e41101fec1cdab213cb8ce1e836556acb72c9ab73cd3b66/behavior

91.180.129.59:20377

# Reference: https://www.virustotal.com/gui/file/257cf39ae78d946effda763508911f7bb0688962813ef8d006b5e6a0f7327426/detection

141.98.255.145:56134

# Reference: https://www.virustotal.com/gui/file/3af3cffefa2df2c079f2901470005de5c361357e1072fd234226d72ea2214d45/detection

191.101.130.198:2404

# Reference: https://twitter.com/wwp96/status/1632898079421505537
# Reference: https://app.any.run/tasks/00a4ec21-60e9-43bb-96d4-0cdcee47bca1/

207.244.241.149:2304
siigo.con-ip.com

# Reference: https://www.virustotal.com/gui/file/45b2d2ff27a08b400f0e149e5371c683b09963058ff52b5c395ab79ecf6de1c8/detection

181.128.79.6:2500
contificoseguro.con-ip.com

# Reference: https://www.virustotal.com/gui/file/22bad1da863df7a01a4313e5f1a78745c09154ae1cf841c5424a929dda8f96b0/detection

165.227.31.192:22507

# Reference: https://www.virustotal.com/gui/file/797decf73ca98e03c717e08d090b560561f7e8191d324075540fdf84f965ce94/detection
# Reference: https://www.virustotal.com/gui/file/06ec60aeabdb6fc13bac12c233f47973fc644a4c7ae5d94e9efdc8fcfcfb60ed/detection

178.73.192.3:4750
46.246.14.7:4750
46.246.6.11:4750
testfortest.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ac5715dbbb22286a1cc79fe33377cd2dcb71ac6ad5d876da8e938684e7d7cf8/detection

85.31.46.94:5050
valvesco.duckdns.org

# Reference: https://any.run/malware-trends/remcos

njxyro.ddns.net

# Reference: https://twitter.com/1ZRR4H/status/1637119841734651908
# Reference: https://www.virustotal.com/gui/file/6fe0fe1c59a8435b63996576a0f2d303be85d511a8daa8d0c593e633f602395f/detection
# Reference: https://www.virustotal.com/gui/file/10b447223e420c0ab76476d27e868f097ef36ccebbff81803d63c58f6da49748/detection

179.14.8.212:2550
quinto.con-ip.com

# Reference: https://twitter.com/AnFam17/status/1637885778691801089
# Reference: https://tria.ge/230320-wrtadagg7t/behavioral2

78.142.18.37:2404
xlongactive.su

# Reference: https://twitter.com/sicehice/status/1638571831727718401
# Reference: https://www.virustotal.com/gui/file/667bb5198e18e79b8dad7fa903cf92377c05b76716db89db92fff7b62c78b683/detection

141.95.16.111:2420
141.95.16.111:8080

# Reference: https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses
# Reference: https://www.virustotal.com/gui/file/37e6e8c41257b40d4f636227552fd2551123ada208dde4fd71ca34e8ec62cf92/detection

146.70.61.131:9150
217.138.195.19:9150
84.39.117.57:9150
hallowed247.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1640709439933276167
# Reference: https://twitter.com/petrovic082/status/1640709635182309376

chr15.shop

# Reference: https://twitter.com/jaydinbas/status/1643626557070536704
# Reference: https://www.virustotal.com/gui/file/44b446550f315e7eb407e4494373e0ed7ce6b808128b8eb8d06ec556aea7bdf1/detection

194.67.212.47:4050
cancercause.net

# Reference: https://www.virustotal.com/gui/file/3d4ffcd1cd594f452ad1c374933eea8dd36d21a6d01372cc7f1afc636d26fa72/detection

45.137.116.253:443

# Reference: https://www.virustotal.com/gui/file/fe0f85db302b99b7fc610f789839a31398c542abb4d229b94521ae5b16b7d3e7/detection

185.225.73.76:2397
nadiac7806.hopto.org

# Reference: https://www.virustotal.com/gui/file/678d3d4b1057a230e358c3b9b88eb2b5e7611e448427788cc6474ae9a0c19404/detection

212.8.244.201:3641
jovaneo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ca5b31d744ce3575ff60c28f306225332138a098127b4bc8fc811a9c8c1680b/detection

185.225.73.58:18114
forwarding2023.ddns.net

# Reference: https://www.virustotal.com/gui/file/c918a2c1bcad3c73628eb57a95c5d6eb2011b377c110678efa6bbd7fb793a2be/detection
# Reference: https://www.virustotal.com/gui/file/a5d742db1490b373d8c421473b93779ec7d8a5e072b85d849de19b7fb9bcac52/detection

http://23.95.97.22

# Reference: https://tria.ge/230425-gegngsae4t/behavioral2

dfdagsdsag.con-ip.com

# Reference: https://www.virustotal.com/gui/file/717dab9464c35bda378df8f42ceb245e1b34152fe7a5b1cefa632927c6275732/detection

45.146.254.153:993

# Reference: https://www.virustotal.com/gui/file/68fb3a671a5874c2671d327dd9fa5c8b747418567f76f37338b3203d3211cbec/detection
# Reference: https://www.virustotal.com/gui/file/b1afbce51ad052f936b989214964d56e2290a7fb5548763273c1fc4382cd5c1c/detection
# Reference: https://www.virustotal.com/gui/file/e7dc51c8f8a75a1ea71894a8c624d1431362a4da4e297b30e183d41169e7b910/detection
# Reference: https://www.virustotal.com/gui/file/0072e60010ff8494c740d83551263eb547c50eee0d9bbf2425d36795ddcc4684/detection

185.126.237.209:2404
185.126.237.209:7060
212.87.204.98:443
217.61.105.139:7060
cartmort.shop
deflatetesting.info
huffmanresearch.info
infogzip.org
kallitredabbacaza.com
lzmaresearch.org
mjjalaperaba.net
snappyapiv2.org
understandlzma.org
zlibinfos.info

# Reference: https://www.virustotal.com/gui/file/34d301cbabff59f4c4206009bd832ef2e361d91d54c010208ae1bc1207da4596/detection

185.246.131.246:333
majjip22spbax.photography

# Reference: https://www.virustotal.com/gui/file/f9edc031e26e9d37e740acfd3739cc3f0a442bb14ec34d9b2ddbf79db56e073f/detection

mazzancollttyde.business

# Reference: https://blog.talosintelligence.com/threat-roundup-0421-0428-2/ (# Win.Dropper.Remcos-9998831-1)

kelikjoinset.freedynamicdns.org
noblegas.myftp.org

# Reference: https://www.virustotal.com/gui/file/e43e755e8b9f8b1f892cd081a7376af5aa3d89c23320758e80191910be0b3f0f/detection

45.74.19.83:2217
forve.ddns.net
forvegreat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ff8c79939cb030f093d795ddfb6b0a115c46bbe8c035fd22e895471b5bb5a83c/detection

2.58.56.250:57833
tcheck.cloud

# Reference: https://www.virustotal.com/gui/file/b6ba28cd7e6152eca49b060e78ae19121f9b3d4cb9c87743843a076d73f191a1/detection

194.55.224.106:2718

# Reference: https://twitter.com/reecdeep/status/1654432521822543872
# Reference: https://www.virustotal.com/gui/file/f35faa287ffeebfb47b1db14085b92a89ec76c958c3ec246a5a28dc8dbe825d5/detection

193.239.84.153:9184

# Reference: https://twitter.com/reecdeep/status/1655565717347893254

192.3.176.131:2404

# Reference: https://threatfox.abuse.ch/ioc/1119560/

135.181.139.172:2404

# Reference: https://threatfox.abuse.ch/ioc/1119749/

51.195.57.234:333

# Reference: https://www.virustotal.com/gui/file/8a8565e9dfb8f2907a18d68c64ca56dd0c581f585f796f6363270d14556003fc/detection

193.142.146.220:2404

# Reference: https://www.virustotal.com/gui/file/c296470f0a24955e74c6695312974b6f7b32b89147368e84804b47f76d5befa3/detection

134.19.179.211:30491
pekonomiana.duckdns.org

# Reference: https://twitter.com/Jane_0sint/status/1676557127211536385
# Reference: https://app.any.run/tasks/80e04690-c0c0-4bb7-91d3-5e4fb9d215be/

146.70.163.91:8716

# Reference: https://twitter.com/phage_nz/status/1676404211813355520
# Reference: https://tria.ge/230705-avk8aaaa84

138.199.38.132:62429
185.157.162.19:62429
194.32.146.132:62429
45.141.152.68:62429
46.246.34.52:62429

# Reference: https://tria.ge/230705-n2bt3sca74/behavioral1

172.111.140.79:9595
45.74.7.132:9595
salwanazeeze.ddns.net
salwanazeeze.duckdns.org

# Reference: https://twitter.com/dark0pcodes/status/1676396493412900864
# Reference: https://twitter.com/dark0pcodes/status/1681341586037260289
# Reference: https://twitter.com/dark0pcodes/status/1676969339944312834
# Reference: https://www.virustotal.com/gui/file/17f63115e8c161ad2ad85718404c2e3d59a181667ba6b89284c35887a443729a/detection
# Reference: https://www.virustotal.com/gui/file/8265efba54226248bfe4d5c721b8dea37978698b5bda7cb4a2b36cf081c81538/detection
# Reference: https://www.virustotal.com/gui/file/9a3371948a7d362e630c64fa0b8a418cbc86f446089b981f90a76bd259720795/detection
# Reference: https://www.virustotal.com/gui/file/b7682dee32d6c2e86b620114658dc2dc2359166952475cd25f32c434e416c432/detection
# Reference: https://www.virustotal.com/gui/file/b9a960653ff52f45aa18145f1b54f38e8a93a7b7e833315496d42c049cf5fece/detection
# Reference: https://www.virustotal.com/gui/file/b9aac3b32c9cd750aa7f32a8f80f52bbcc3addcea889ed1d428e0b48c6dcec90/detection
# Reference: https://www.virustotal.com/gui/file/c87444d30b44a6a6b939194458d6641c857efa879aa0a8ad762c6dbd5988f6ba/detection
# Reference: https://www.virustotal.com/gui/file/ce93fbd68e459ace2bacd467ffed18410d19e8d40c15f1b379b88179f7fa78d6/detection
# Reference: https://www.virustotal.com/gui/file/ea72af7a6311b86b7a9ff357e22c1c59bc77c95779825adf4a9d9608bbdcab12/detection
# Reference: https://www.virustotal.com/gui/file/eba7929ca243f8e567c43ed30cd31b0e1908d25c6cc0f5390a1c604c8e2360c4/detection
# Reference: https://www.virustotal.com/gui/file/cb0aa2943461630d7a199f770f588fc995dda412eb3fb1c615eedf1560871dbb/detection
# Reference: https://www.virustotal.com/gui/file/b9a960653ff52f45aa18145f1b54f38e8a93a7b7e833315496d42c049cf5fece/detection
# Reference: https://www.virustotal.com/gui/file/4c29b1a43b4155c751f29e263cdfa02b88df61d32547e2d21c7b5a6cff7bf3a0/detection
# Reference: https://www.virustotal.com/gui/file/b3ef1748be797764b40a79f5cf5dccf056466c007a18ee8259c6648cf75edba6/detection
# Reference: https://www.virustotal.com/gui/file/e25d8b0efeaaf2771d2a25b413b97e6c9c78ad66d48c33b03ed367901970f65d/detection

179.13.2.240:1011
179.13.2.240:2424
179.14.173.93:1011
181.131.216.115:1011
181.131.216.115:1011
181.131.218.17:1883
181.131.218.17:7770
181.132.132.53:1883
181.132.132.53:7770
181.132.143.185:1883
181.132.143.185:7770
181.132.143.37:1883
181.132.143.37:7770
81.132.143.37:1883
81.132.143.37:7770
181.141.0.230:1883
181.141.0.230:7770
181.141.7.178:1883
181.141.7.178:7770
aguardiente.con-ip.com
andresisaza.con-ip.com
anueljose.con-ip.com
apto777.con-ip.com
arrebatao.con-ip.com
bendito2.con-ip.com
benito02.con-ip.com
brayan.con-ip.com
bunuelo.con-ip.com
cactus.con-ip.com
carlosperdomoremser.con-ip.com
casa777.con-ip.com
casas.con-ip.com
crucero.con-ip.com
cx.con-ip.com
dominicano.con-ip.com
elbendito.con-ip.com
erjhbsdihbvihdsbisdjbv.con-ip.com
euro.con-ip.com
fgfdbdgnghbgdd.con-ip.com
gilbertosuarezrem.con-ip.com
ginebra.con-ip.com
graciasdios777.con-ip.com
groceria.con-ip.com
gvfrvnjiksnvodmvo.con-ip.com
hoysechichonea.con-ip.com
jfiusdgvusdbvisdguvb.con-ip.com
jhcdiucishcisdfs.con-ip.com
mandado.con-ip.com
moneymoney.con-ip.com
monito.con-ip.com
nidvhuidfnowossax.con-ip.com
olkmnbftyujbvfd.con-ip.com
palenquito.con-ip.com
paletas.con-ip.com
palma.con-ip.com
pandequeso.con-ip.com
parchado.con-ip.com
poderes.con-ip.com
prosperidad.con-ip.com
proteccion.con-ip.com
republicabolibariana.con-ip.com
ricardocuetoren.con-ip.com
santiagocervantes.con-ip.com
sdfjowdjflkdsmfijdscpkpkjkjaa.con-ip.com
sdfvisdbiusdjniudbciu.con-ip.com
sdhbcsidhvosdhv.con-ip.com
suigciacishcucidba.con-ip.com
televisor45.con-ip.com
uribetc.con-ip.com
uyfijbuhvuyguhjvuyhuhbg.con-ip.com
viushhirbhudsgcskjdcnos.con-ip.com

# Reference: https://www.virustotal.com/gui/file/29cbb0d27bbc787365e8c2aa11205b0218a178eda781bca644f8c77e55ad03c7/detection

149.102.243.187:2226

# Reference: https://www.virustotal.com/gui/file/9be6accc4b6d1235258499496f8be06d8ed5a286cc93547cbbb863f42d5ea612/detection

192.119.108.74:6120
wudthost.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1267ceb4db62b39b163313547e169954e55f31be5aa5aec84c0ada071a636adf/detection

173.44.50.86:8091
soatfebrero.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1ccc7e57074fb432d2de187fca944ac480e5b2ad68ad7cc52388e3381990396/detection

191.89.247.6:4404
5junio2023.webredirect.org
5junio2023.webredirect.org.ovh.net

# Reference: https://www.virustotal.com/gui/ip-address/52.152.223.228/relations
# Reference: https://www.virustotal.com/gui/file/094211e442816ff11e5eb8079cc59a26ac41aa54ba00ef9ebbaef994b9c00e03/detection
# Reference: https://www.virustotal.com/gui/file/f4d0a2a3b982f0f926b6a4bfda48569162b14fe878913fe3f0eac91a43b6ff8e/detection

http://52.152.223.228
52.152.223.228:2225
newforting.duckdns.org

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/GuLoader/GuLoader_From_lnk_to_Shellcode.txt

194.187.251.91:12603
banifabused1.xyz
banifabused2.xyz
randomlybackup.duckdns.org
sub1.banifabused2.xyz
top1.banifabused1.xyz

# Reference: https://www.virustotal.com/gui/file/26b6c0a48df8f13ec145995daecdd670d35e5d0e09bac3c3a703a60e753aa1ba/detection

plunder.ddnsguru.com

# Reference: https://www.virustotal.com/gui/file/9f99648517b9f710d70c90aebcf84a8581c894be7e5c04684a2ba4e032d490e1/detection

102.36.149.129:37542
213.152.161.133:37542
claudia7363.ddns.net

# Reference: https://twitter.com/ULTRAFRAUD/status/1677403656587542528
# Reference: https://www.virustotal.com/gui/file/3c2e2530e0fb0773264c08c6e972b7ac271bce223d74f28f83d97b998b7d5cb3/detection
# Reference: https://www.virustotal.com/gui/file/f46cce95f74f08a3f703f1b1e3486c6572478ceb138f37134bd6dab427a3fd8e/detection

http://153.92.126.196
153.92.126.196:7060
marketisportsstumi.win
tempshsavesprt.info

# Reference: https://www.virustotal.com/gui/file/9785533cb7602ad9249482ae31cdb142e4d98e92725cfba370e4577680f5d8b1/detection

153.92.126.196:333
clothingappspalreta.net

# Reference: https://www.virustotal.com/gui/file/e5ab5323642a757a76dd39f0940c9215123051226a560c7ebdf76a5544505854/detection

51.195.57.234:555
kaliinuxnowwdangerou.org

# Reference: https://www.virustotal.com/gui/ip-address/153.92.126.196/relations
# Reference: https://www.virustotal.com/gui/file/25fdcfc2b1a92dce0e2162a43e29a9068c1e3d1849aaf48f9961a815be24a0f5/detection
# Reference: https://www.virustotal.com/gui/file/c9d48368b1cc7976aea7afb8f7e9318469b8c7b176113602a0a8716f2c0c77e1/detection
# Reference: https://www.virustotal.com/gui/file/24ed9643b8e4736cd3efad36802f69380d7e67a36259be6a461dbde4b0cb4bc2/detection
# Reference: https://www.virustotal.com/gui/file/555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33/detection
# Reference: https://www.virustotal.com/gui/file/6b23e539caad82b0b090dafe09ed7dd61ffbf6874e1b8da30551594fdf46f33a/detection

153.92.126.196:1212
38.146.57.60:2404
akakilapphasrespsp.com
caddimilopidelphsimpl.de
ippallsmenremrmc.photography
kerlamaabramsurf.com
malsfedgortrtza.com
mastrrokiakivasai.com
mmnedgeggrrva.com
nikecostanzo.com

# Reference: https://www.virustotal.com/gui/file/75145be95746fcb54ef093b665cc7dcfb1cdfc7e6455dd271b1326b1543bbe16/detection

http://91.244.197.9

# Reference: https://www.virustotal.com/gui/file/ca5ababc4dace1fe81f11aab44e3939447f7946cf2fcac509d2d159f1707aeb1/detection

139.84.139.29:2324
newyearrem.myftp.biz

# Reference: https://www.virustotal.com/gui/file/eb27c48c3d4219fdfb2143fadcc021728c7969bd34fe731b2b17c0469766711f/detection

70.34.197.90:2424

# Reference: https://www.virustotal.com/gui/file/dcd26e9ef9f50646f285a1b577e077cf2d0d33d0c7eab174034fee6f33a234d9/detection

http://103.10.68.110

# Reference: https://www.virustotal.com/gui/file/190b66d218ef0d0b69b6b27cf99a62fffe29139d6f00592bede76928c9f79102/detection

172.111.167.143:3119
mexbar.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4424663695e9749f70cf73c587c910202344b18aa86144ca748aede28239a13f/detection

179.13.3.110:2021
newsestrenos1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b6a909110ca907eb279cfb8f6db432af5564263e49c6982001b83fcffe04c07/detection

154.12.254.215:57832
rxms.duckdns.org

# Reference: https://twitter.com/AnFam17/status/1682446732565643265

94.142.138.111:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-07-23)

103.212.81.154:1940
103.212.81.155:54984
103.212.81.159:3422
110.34.102.159:2404
134.195.139.199:2404
141.95.84.40:2407
141.98.6.232:2404
141.98.83.15:5750
146.70.158.105:9138
153.92.126.194:2404
153.92.126.196:80
154.53.41.212:2404
157.90.206.40:2404
161.97.64.199:2404
172.93.222.140:2404
173.208.140.44:2404
173.243.112.4:2404
176.124.215.147:2404
178.162.212.214:9625
179.13.3.110:1520
185.228.72.156:2404
185.29.11.109:2404
185.56.83.208:2404
185.65.134.188:55433
188.191.106.233:2404
188.72.124.143:7902
191.89.243.236:5151
191.89.247.6:7778
192.154.224.110:2020
192.3.193.40:2404
192.3.193.42:2404
192.3.223.132:2404
193.142.146.203:2404
193.203.238.136:2404
193.23.3.15:32676
194.147.140.144:1993
194.147.140.166:1987
194.147.140.226:55433
194.147.140.226:55434
194.233.72.56:2404
194.59.218.165:2408
194.59.218.181:2404
194.87.151.52:5072
2.59.255.202:2404
2.59.255.57:55433
2.59.255.57:55434
212.193.30.230:6873
212.87.204.153:4100
217.182.15.139:2055
23.227.196.61:8957
24.152.37.94:2404
2peoples.duckdns.org
3df331cc64cdbb3097dc08c5e68b1ed06209dfc0f1eddf6570.crusherx1.sbs
45.12.253.190:35789
45.67.231.82:2404
46.246.6.9:1998
5.253.114.108:2022
51.210.170.199:34087
54.36.226.161:2404
54.37.140.61:2404
54.39.30.229:2404
54.39.36.52:48331
79.124.8.44:2404
80.66.75.116:4567
80.66.75.129:3719
80.66.75.172:2792
84.38.130.197:2404
84.38.130.200:2404
84.38.133.134:32676
85.206.161.12:2404
85.208.139.146:2404
85.208.139.242:2404
85.217.144.119:4031
85.31.44.129:37782
87.121.47.123:43055
87.121.47.123:43077
91.192.100.10:11010
91.192.100.49:32676
91.245.253.46:8709
94.142.138.111:5701
95.214.27.194:45060
b6079658.sytes.net
churchboy19.ddns.net
churchboy2.ddns.net
churchboy9.ddns.net
colukas37.ddns.net
crusherx1.sbs
favor-grace-fax.home-webserver.de
hasperion.kozow.com
mikepedro207yyyxx.ddns.net
mikepedro208yyyxx.ddns.net
mikepedro209yyyxx.ddns.net
monarkpapes.com
pekonomia.duckdns.org
pentester02.duckdns.org
plunder.dedyn.io
plunder.duckdns.org
plunder.dynnamn.ru
plunder.jumpingcrab.com
pops.mastercoa.co
rnnfibiteammony.duckdns.org
supremeswitchgear.com
twyfordtille.com
wealthyblessed.ddns.net

# Reference: https://www.virustotal.com/gui/file/889008d2491e5f92d86a36cd32374eee10e745cc310bd97b23ca17c0735bb061/detection

180.214.236.46:4848

# Reference: https://app.any.run/tasks/b40d702a-4dd3-42c5-a629-70e037ecfe31/

closen.kozow.com

# Reference: https://threatfox.abuse.ch/ioc/1140214/

23.106.60.117:7719

# Reference: https://threatfox.abuse.ch/ioc/1140174/

194.180.48.209:32676

# Reference: https://www.virustotal.com/gui/file/a780671fb8843df86eb6d9a17080a3dfe3caffc2a7ab3d19f5f60025f4e064bb/detection

181.142.211.88:7476

# Reference: https://www.virustotal.com/gui/file/a88132c9eaaae224c518e6bd900b5708850939dcdb65310e06e513a72424db07/detection
# Reference: https://www.virustotal.com/gui/file/92e494319d7ee8a055f2fb64bd5f3ed051877289a0948f1e53b485799613b16b/detection

191.89.247.6:6663
191.89.247.6:6669
remcosamarre.duckdns.org

# Reference: https://tria.ge/230726-d7lw5aha75/behavioral2

192.161.184.21:24050

# Reference: https://www.virustotal.com/gui/file/c7003a9e7e9919888c9a190ec5079c1c92d0fed2a1efc13391935b3f853ddd99/detection

185.174.101.152:2025
192.161.184.21:2025
pegasasufantasydaremogayumemirujiyoutoiutsubasahir.lat
powerdatabaseresearchworkproofficial.online

# Reference: https://www.virustotal.com/gui/file/bb0c54caf772dc967438e03e5944923da6c8ae1c0f01e14e6ce6d9f9d94f7ffe/detection

186.169.74.57:1992
powerstation2021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ecddd8cc1dcf63ad1d437df18a17048db818922f26911273ab5c2534fb2977bc/detection
# Reference: https://www.virustotal.com/gui/file/bc560f1b389e01878838e3d66f72c275e2d30c95b9a3e5b68af4ee8e71f0008e/detection
# Reference: https://www.virustotal.com/gui/file/a7b85993bb6145e1a3afcfea61b6a07c5faddc9124dd395d08ad168bdf7cff6d/detection

181.235.11.105:2404
186.169.45.193:2404
rpower2021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9acd14f51f44097e8f00ff0bf413ffdd856c2d7d762064843040a2cde4df3f60/detection

91.109.190.6:2404

# Reference: https://app.any.run/tasks/b9b1eeeb-a7f8-4abb-8dcc-712b9403499c/

http://212.192.219.52

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-07-31)

134.195.139.194:2404
194.59.218.152:2404
52.152.223.228:8887
80.76.51.205:6262

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-01)

194.180.48.113:1190
20.231.24.237:2368
66.63.163.71:6371
69.61.31.254:2404

# Reference: https://www.virustotal.com/gui/file/8c4bc6ed9991809c5bd70ebd6b31ac467b7a994e023f4442a1330f97d8b7181b/detection

185.195.237.203:57703
remcacount.co
verem.remcacount.co

# Reference: https://www.virustotal.com/gui/file/68f90e7cd6f81bcd548c046cfaca36e766da7fdcdddf286ef769c30062fde895/detection

185.195.237.203:3924
213.170.203.31:3924
ghostboy.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/929ef989b79b634cfbef7c4e8543351fa1c3560aec13e8c8f374298ccc5f947b/detection

208.67.107.168:8117

# Reference: https://www.virustotal.com/gui/file/152c6aa91bc274a0662811c5671f952e44f4f0c72378f667d91a9b4c93a5e4c8/detection

177.255.89.162:2450
iess.con-ip.com
microsoftteams.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.50/relations
# Reference: https://www.virustotal.com/gui/file/98962f488c06605ff276ae7fc49e494635ff1a7b250bffdfb080450ad99c0863/detection

79.134.225.50:5901
anonymous149.duckdns.org
anonymous149149.duckdns.org
breadashetypoccu.hopto.org
coretes.duckdns.org
donp007.myq-see.com
hostlogsadmin.duckdns.org
indaboski.myq-see.com
kaseganbetturio.serveblog.net
kingsdoggy12.hopto.org
kipluterndern.hopto.org
nanocoredt.dnsupdate.info
nassiru1144.ddns.net
uchcn1.hopto.org
vijhantegamedforsea.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1148526/

104.223.35.34:2404

# Reference: https://threatfox.abuse.ch/ioc/1149033/

79.110.49.161:3343

# Reference: https://twitter.com/reecdeep/status/1688812981881077760
# Reference: https://app.any.run/tasks/74fdd4a4-643c-4b62-804b-b62582bcc3da/

172.93.161.245:2404

# Reference: https://threatfox.abuse.ch/ioc/1149111/

178.32.90.242:2550

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-08)

103.212.81.155:3960
194.147.140.213:11011
83.143.245.51:9625

# Reference: https://www.virustotal.com/gui/file/05eab1bf6d6b027055dca440bc4b4470494e33da814a1054e3717a229b30eb0e/detection

91.193.75.133:2815
zion6.ddns.net

# Reference: https://www.virustotal.com/gui/file/71db98626b734cd458a6b030f3aeb6c21153828c9c7d1fb8e319b84acbebc3c6/detection

91.192.100.8:5000
dilshadkhan.duia.ro
dodotyhsga.webhop.me

# Reference: https://www.virustotal.com/gui/file/b6369cfca020a432a0f51d4df317ccaf01637ecc33cbfe9568c6846500ff06ca/detection

91.193.75.173:8978
geo23.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1149223/

167.114.189.33:2404

# Reference: https://www.virustotal.com/gui/file/fb46515be4c07cc1e9eeaf83a86c929bd3aa2c348e808e34aec6d5c35a542c93/detection

moneymagnetjoe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7c97b878e4ada40db957c8a46c7abfa4480dd333ceb788c646a8f493ae78ccfb/detection

172.96.14.57:2404

# Reference: https://www.virustotal.com/gui/file/7c97b878e4ada40db957c8a46c7abfa4480dd333ceb788c646a8f493ae78ccfb/detection

172.96.14.57:8925

# Reference: https://www.virustotal.com/gui/file/cf39a14a2dc1fe5aa487b6faf19c63bc97103db670fa24c62832895e3002eca2/detection

23.172.112.72:2404
binccoco.com

# Reference: https://www.virustotal.com/gui/file/b8eadca25ba0999b19226d5d8e72f93c4287fbb21016a3924e1c11b694d4eb23/detection

177.255.88.161:8787
dvdvalle123.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1149526/

64.188.19.202:1604

# Reference: https://threatfox.abuse.ch/ioc/1149680/

45.74.19.42:6420

# Reference: https://www.virustotal.com/gui/file/cc467d30cee2dfa02e936f81d0b06feb97ac3638b95acc20c02cbec8d912d08e/detection

194.5.98.154:1366
bishoprem.duckdns.org

# Reference: https://tria.ge/230812-kt3faaah99

178.73.218.4:8645
kizitodavina.duckdns.org

# Reference: https://twitter.com/TrackerC2Bot/status/1690785548779048960
# Reference: https://www.virustotal.com/gui/file/7fd1e285f1e5ce2a63513d7122f54b4c02bec1645aab6ae3b74139a60805bd4c/detection

http://192.210.255.48
192.210.255.48:2404

# Reference: https://www.virustotal.com/gui/file/c8fb06e6a2f7cba53be925434e39e1a829db4e9c569d8b5dff71142772646e3e/detection

194.68.59.44:9074

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-14)

194.68.59.44:9074
205.234.181.73:2404
23.19.87.242:1987
67.21.81.85:1481
ojfoidjfoijdijlkjoosodkjjjdc.con-ip.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/remcos_banca-sella_14-08-2023.json
# Reference: https://www.virustotal.com/gui/file/50f3db3dc8ef4ee255514877f5715d26d1838699cf80d057cd046c4ef1ffb6b2/detection

172.96.14.58:9181

# Reference: https://www.virustotal.com/gui/file/4f138cd5c06d63316037e0622fa6c9e91a6798c78a45730777296c332dc4b98c/detection

177.255.88.161:1214
newrqas1.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-15)

191.89.247.6:3078
191.89.247.6:7811
disenospublici.info
procesjudicial2.duckdns.org
servicios.disenospublici.info
tttmundo2022.eastus.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/6291532d8a12896b5213e468896e222ca6c112b977d53c6a0a61cd78a3ee7535/detection

172.111.167.99:9596
exbanebiec.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-18)

192.154.229.70:20911
agent.servegame.com
rainbow-industrie.com

# Reference: https://www.virustotal.com/gui/file/e63794351a4cbd5a14a5dd264911b5e2ce21020b48eeba7d3fee00e8e55990e6/detection

52.152.223.228:3232

# Reference: https://www.virustotal.com/gui/file/c54af7e24215edadf540270b25f677432314d8520f4aaec234b9b5769476fd7d/detection

forevertwon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a65eed2b91a9ee3b27f23be09c38d26dda9c0d7bbbf4582c4a0c8429f70b139/detection

191.89.247.6:8887

# Reference: https://www.virustotal.com/gui/file/91741818480b13eaac1d5547b488142fe2df86b8eb51b62b31acbfd5fef53f47/detection

deidf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac3a6ad13ede048573f561b04558c5b3e0e84a2a4af280b559794087018e369d/detection

191.89.247.6:2254

# Reference: https://www.virustotal.com/gui/file/13eaaf9262a1e2779f91d6cd71b0eab1dcf04407cbb55efec7bf4444a9b4e7a2/detection

181.49.85.74:5507

# Reference: https://www.virustotal.com/gui/file/df8a82e384952b608508a0decd8adfabf4903bb4474b86063b1ad4fbb1870c01/detection

80.66.75.40:53777

# Reference: https://www.virustotal.com/gui/file/e45afde600fe6309191801a04d60dc61f43a74347de9cafc042c2ff579a69b89/detection
# Reference: https://www.virustotal.com/gui/file/2e35fdc17438371969bd8c8474ee720827aca8bcd7f7c8b69fbeaff2ea8e8418/detection

81.141.1.122:7770
graciiasdios777.con-ip.com
multitud.con-ip.com

# Reference: https://www.virustotal.com/gui/file/6460ce4d46ea972d0296bfbfd2315b2686021380c4d22ceb0c0a987faa749fd4/detection

185.225.75.245:2404
185.225.75.252:2404

# Reference: https://threatfox.abuse.ch/ioc/1151083/

192.210.255.48:1070

# Reference: https://www.virustotal.com/gui/file/d986c4d64650cdbb34bfbe5133846627db098f37f6c757d615f511d5a794507a/detection

/00O0o0O0o0O0o0O0o0o0000o0Oo0o0o00O00000o000000##############00000000##############00000000000.doc

# Reference: https://www.virustotal.com/gui/ip-address/103.212.81.154/relations
# Reference: https://threatfox.abuse.ch/ioc/1151365/

103.212.81.154:2404
larforce.duckdns.org

# Reference: https://twitter.com/r3dbU7z/status/1667228091792474115
# Reference: https://twitter.com/ULTRAFRAUD/status/1693384923216781384

http://193.56.28.104
193.56.28.104:443
193.56.28.104:8080

# Reference:  https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-22)

208.67.107.123:8787
46.21.250.36:7722

# Reference: https://twitter.com/reecdeep/status/1694328059694924061
# Reference: https://www.virustotal.com/gui/file/ce7d8dc35f50388ccfdbfed28b7547148e1fdd9e9fcae25782ff74df865e9ede/detection
# Reference: https://www.virustotal.com/gui/file/507600ed1125b37a165b5f10812838fa648437734d92cd313406f35384c013bc/detection

85.209.134.253:6991
macudok.ydns.eu

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-24)

163.123.143.32:42199
163.123.143.32:43991
194.147.140.242:1998

# Reference: https://threatfox.abuse.ch/ioc/1151965/

194.180.48.209:2555

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-04)

103.212.81.155:2404
103.212.81.160:2404
163.123.143.99:34771
193.42.32.237:2404
212.23.211.238:27009
37.139.129.251:2404
80.66.75.86:1234
94.156.6.253:2402

# Reference: https://www.virustotal.com/gui/file/047357fcec6a30308870dcd1f11647c39d775634115d1ad354e1923f81cab20b/detection

212.23.211.238:27999

# Reference: https://www.virustotal.com/gui/ip-address/179.13.6.226/relations
# Reference: https://www.virustotal.com/gui/file/6d69abf704c0ac0c71d7d35cc0eaa5b0ba230b7538ee159ad415b06798143c33/detection

179.13.6.226:7171
xboxoner.duckdns.org

# Reference: https://www.virustotal.com/gui/file/50360abbc508d169cda7d1a79ad2032827b553f0b9ed82c7b1609d074c20a112/detection

179.13.6.226:7000
r3mk05.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e42e3d351d20756f3606d5aa7650bc4ed7743b121c49991daa1e7f96769ddb48/detection
# Reference: https://www.virustotal.com/gui/file/a53d11281e99e8c8a4d0ff272ffd32a43e20e5717e484587788060c71795d9da/detection

103.212.81.157:6609
91.193.75.175:6609
moremoney.myftp.org

# Reference: https://app.any.run/tasks/e7008e71-f53d-42cc-a3bd-b5c7fba70cb9/

46.246.84.10:8645

# Reference: https://www.virustotal.com/gui/file/7a5efa51ae71f8a93dfb88504f5941bb7e46ea3b7b7c1859b8257d84106ee1ea/detection
# Reference: https://www.virustotal.com/gui/file/6af592562ba2e19500b7b633fca1b43423c9360e77eda5537d5f6581765057b3/detection
# Reference: https://www.virustotal.com/gui/file/51752f36f49ff0474ae8ca302ab8e4fd1e195879bcaaf5124d655cecdf4867af/detection

116.203.194.248:2404

# Reference: https://www.virustotal.com/gui/file/fa3cdd8db1e4f8076d405cac16edca8e60c62f08d84c3c2f1e9e9051f5b176e3/detection

181.141.2.24:1213

# Reference: https://www.virustotal.com/gui/ip-address/181.141.3.139/relations
# Reference: https://www.virustotal.com/gui/file/7142b07a5e390f5f22692ce44476cd929d480960cd5cab08441ac94dd6087b10/detection

http://181.141.3.139
xamppsostener.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b58c136a19f5fb1d32d05d11a29f61dca14dffd87dbb81667bd6c66e3613b424/detection

backupjuly2022.ddns.net
backupjuly20222.ddns.net

# Reference: https://www.virustotal.com/gui/file/ed3d534a29859ec5904d1aae4fedc936310a0d92bb69fde1f2770b9bda780822/detection

194.5.98.213:1356
chimarem.duckdns.org

# Reference: https://www.virustotal.com/gui/file/01d67a61839330c6b6668f4e0df2b3d04c9d7ac0c2324eaa5d8e7f23e7439f95/detection

backupmi.ddns.net
frspeed.ddns.net

# Reference: https://www.virustotal.com/gui/file/fb6d878a160b6b646fe4e351238ad28f89281ecc811408b3951715d9b4e37019/detection

52.167.50.75:2404
jessen.hopto.org
jessen.myddns.rocks
jkharding2014.ddns.net
kellyben.hopto.org

# Reference: https://www.virustotal.com/gui/file/f0bea0b603315d014b05dee779470561705b73652f78d68e0341d83a9c3ce5f9/detection

154.12.233.76:2404
mynewfresh.ddns.net
mynewfreshmynow.ddns.net
mynewfreshtop.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc64e03c49f09e0f6fca9109b7c3097ba4415811b78b494c29c2057cabe68bdb/detection

reneelauto.ddns.net
reneelauto.dynu.net

# Reference: https://www.virustotal.com/gui/file/e44b2eb94b410b772fb9fbb4d41b1b3c51fe45e5fe755f21aefc3e029c0fd81c/detection

154.53.45.198:2404
retsuportm.ddnsfree.com
spreadrem1.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/60a3f6763fe980edbf7b492bde61ff253acfd8669c5c23080abb837ae2661744/detection

5.193.9.10:1754
tonymario.chickenkiller.com
tonymaris7342.ddns.net

# Reference: https://www.virustotal.com/gui/file/849a8a4eaa862bfc02805bfd35560d592c6b8a6c295f77da2aa1e0d49219d3bb/detection
# Reference: https://www.virustotal.com/gui/file/77f413c1323f7953e51210235dbf3051e45efed9c2bd8a7984f4a257d5fc38a5/detection

194.147.140.199:3030
194.147.140.212:4045
ascoitaliasasummer.duckdns.org

# Reference: https://www.virustotal.com/gui/file/26cae4cdeef032aea2bd4ea1c5b88fbfb876bb3dd35a54076356195969fe3611/detection

109.206.243.174:6110
b6079658.sytes.net

# Reference: https://www.virustotal.com/gui/ip-address/179.13.2.154/relations
# Reference: https://threatfox.abuse.ch/ioc/1155570/

179.13.2.154:8000
agostodosgad.duckdns.org
bdios8877.duckdns.org
cocomelon27.duckdns.org
dia16mayoje.duckdns.org
diosestaconmiugo.duckdns.org
eduardoestevex.duckdns.org
enagostoestb.duckdns.org
envio7sep2023.duckdns.org
esteesasyn.duckdns.org
esteesmider.duckdns.org
estemesesdedios.duckdns.org
estwrmessol.duckdns.org
lostermas.duckdns.org
mairoester.duckdns.org
marquesosa3.duckdns.org
parahotmejor.duckdns.org
parajulioped.duckdns.org
paraprobares.duckdns.org
quasintiner.duckdns.org
renvosdtutu.duckdns.org
servernjnuevo.duckdns.org
sientosmilter.duckdns.org
somosdecall.duckdns.org
todoparadios.duckdns.org
vamosaverc.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-08)

179.13.3.111:2449
194.147.140.232:6609

# Reference: https://www.virustotal.com/gui/file/f5d707c704a60d1578d0b00f656477eda9b5dbfa440466660bfd92aff363625d/detection

179.13.6.226:9520

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/821297856b7676b60ce6a3350c747efde9e09d94

http://192.169.7.142
http://54.219.186.60
http://88.218.16.126
101.99.93.158:5050
101.99.94.41:2704
103.114.104.136:2404
103.114.106.35:5585
103.114.107.184:20903
103.133.109.176:5456
103.147.184.15:3031
103.147.184.53:4041
103.147.184.53:7070
103.151.124.64:2244
103.151.125.125:1991
103.153.77.83:20901
103.153.77.83:4348
103.156.92.178:1010
103.156.92.178:7006
103.167.84.15:5004
103.167.84.35:2705
103.211.55.190:2404
103.212.81.155:1605
103.89.88.238:3322
103.89.88.238:4292
103.89.91.236:6399
103.99.0.229:2404
104.128.188.243:2404
104.128.188.37:4049
104.128.188.37:5049
104.129.0.106:1989
104.156.238.13:2468
104.207.150.47:2010
104.223.83.103:2022
104.254.90.243:5481
106.54.105.135:2404
107.172.196.134:4100
107.173.219.35:7789
108.174.197.5:5050
109.169.89.116:2021
115.186.136.237:9999
134.19.179.235:8908
134.209.47.156:6664
135.181.140.182:4783
136.144.41.64:2404
136.144.41.64:4675
136.243.153.76:5851
137.74.176.164:1960
138.199.38.132:63560
139.162.67.184:2404
139.64.246.192:444
141.95.84.40:3035
141.95.84.40:4010
141.95.99.22:3001
141.98.83.219:59245
141.98.83.220:24044
142.93.185.195:1999
144.217.68.78:2404
144.217.68.78:3000
144.217.68.78:4040
144.91.123.87:3033
144.91.79.86:4444
144.91.79.86:4783
146.255.79.163:183
146.255.88.199:2286
146.59.156.137:54985
146.70.149.22:2404
146.70.61.147:5481
147.124.221.3:2404
15.235.53.10:3099
15.235.53.10:3111
15.237.137.33:2404
151.106.15.158:4040
151.237.185.211:4681
151.237.185.211:7279
151.80.8.17:1715
154.16.63.197:3360
154.16.93.185:192
154.53.43.207:1905
156.96.59.29:2406
158.46.19.240:2404
159.203.16.166:2777
159.69.9.118:1572
160.116.15.132:1337
160.20.147.120:2404
161.97.180.213:45265
162.218.211.157:8780
162.245.190.35:2404
162.55.210.243:8888
163.123.143.162:45002
163.123.143.162:45200
165.227.31.192:22826
167.88.2.172:2050
167.88.9.73:2035
167.88.9.83:2050
171.22.30.7:5578
172.111.141.64:5888
172.111.153.101:5888
172.111.153.167:2404
172.111.165.135:2023
172.111.165.44:3030
172.111.200.225:8069
172.111.222.165:3030
172.111.234.10:8088
172.111.234.167:3389
172.245.244.102:3310
172.81.129.208:2012
172.81.129.208:8110
172.93.161.248:2404
172.93.161.25:2404
172.93.164.188:1980
172.93.164.35:3774
172.93.187.66:1642
172.93.201.114:1960
172.94.44.202:6606
172.94.88.13:5888
172.94.88.26:3033
173.209.43.16:2404
173.46.85.173:2017
174.128.224.81:33
176.111.174.14:20004
176.113.115.26:8080
176.123.9.138:5855
178.124.140.143:137
178.175.138.219:200
178.18.247.224:45265
178.20.44.131:2404
178.20.44.131:2405
178.20.44.131:2406
178.238.229.54:24311
178.239.21.194:9912
178.32.72.136:1440
179.43.144.204:62520
179.43.187.23:7711
18.218.132.40:2404
181.58.154.181:2224
184.164.77.132:49151
184.164.77.132:54155
184.175.243.180:5050
184.75.209.172:33878
184.75.221.115:5639
184.75.221.171:5129
184.75.221.171:6159
184.75.221.43:46327
184.75.223.203:2678
185.103.96.143:5129
185.103.96.143:6159
185.103.96.151:6698
185.104.184.43:5129
185.104.184.43:6159
185.105.236.179:1952
185.111.75.200:1339
185.121.139.61:2403
185.125.205.91:9727
185.136.171.240:4044
185.140.53.131:4876
185.140.53.136:1818
185.140.53.136:42866
185.140.53.139:8153
185.140.53.13:6649
185.140.53.13:7045
185.140.53.148:1011
185.140.53.152:6890
185.140.53.153:2404
185.140.53.154:8760
185.140.53.163:3362
185.140.53.163:3363
185.140.53.163:6890
185.140.53.178:2404
185.140.53.17:9955
185.140.53.188:7809
185.140.53.190:7172
185.140.53.192:1011
185.140.53.197:1011
185.140.53.200:1987
185.140.53.203:1866
185.140.53.209:1990
185.140.53.233:2021
185.140.53.233:5588
185.140.53.238:1990
185.140.53.239:1988
185.140.53.239:2244
185.140.53.242:2977
185.140.53.4:4380
185.140.53.4:6645
185.140.53.4:7070
185.140.53.4:7289
185.140.53.4:9955
185.140.53.5:3234
185.140.53.5:3849
185.140.53.5:6642
185.140.53.68:3024
185.140.53.69:1122
185.140.53.6:909
185.140.53.9:3007
185.145.45.150:4445
185.148.241.49:1948
185.150.24.39:1011
185.150.24.48:1011
185.157.162.100:49151
185.157.162.19:63560
185.157.162.75:1212
185.157.162.75:2222
185.157.162.75:62186
185.158.115.38:5007
185.158.115.38:5012
185.158.115.38:5019
185.158.139.201:39790
185.161.209.247:5329
185.162.88.44:5500
185.165.153.151:2244
185.165.153.15:6642
185.165.153.177:4323
185.165.153.195:7204
185.165.153.199:27835
185.165.153.214:1011
185.165.153.215:6608
185.165.153.25:8970
185.165.153.27:6768
185.165.153.68:1988
185.172.111.213:27015
185.172.111.229:27016
185.174.40.32:3606
185.189.112.19:5481
185.19.85.135:4509
185.19.85.135:7171
185.19.85.137:10029
185.19.85.141:8855
185.19.85.168:1723
185.19.85.171:2055
185.19.85.174:1999
185.19.85.179:2021
185.19.85.179:2244
185.19.85.182:8078
185.202.175.170:2404
185.202.175.219:4110
185.204.1.236:7777
185.204.1.237:2404
185.208.211.221:3618
185.208.211.226:2333
185.215.113.102:2404
185.215.113.102:666
185.220.35.18:2404
185.222.57.217:1190
185.222.57.217:8780
185.222.57.90:8780
185.222.58.136:8787
185.222.58.152:8780
185.225.74.210:8890
185.234.216.209:3284
185.239.237.197:443
185.244.26.194:11990
185.244.26.204:26500
185.244.26.208:29100
185.244.26.217:2704
185.244.26.241:1989
185.244.26.244:5888
185.244.26.247:1919
185.244.29.165:2404
185.244.29.174:73
185.244.29.195:1991
185.244.29.241:5689
185.244.30.100:20902
185.244.30.101:1990
185.244.30.140:2021
185.244.30.148:2244
185.244.30.18:6642
185.244.30.207:1990
185.244.30.27:2021
185.244.30.28:8780
185.244.30.56:1900
185.244.30.69:1515
185.244.30.90:2244
185.244.30.93:6553
185.244.31.10:1414
185.244.31.251:2423
185.244.31.74:6666
185.246.220.63:2404
185.247.228.253:1998
185.29.11.26:2404
185.29.8.102:773
185.29.9.111:2297
185.29.9.113:7790
185.29.9.125:2404
185.4.29.184:137
185.4.29.184:162
185.62.190.232:7680
185.62.86.145:42024
185.7.214.157:666
185.82.217.154:2845
188.116.40.77:6868
188.127.231.93:2404
188.246.224.154:3284
188.72.124.143:2855
188.72.124.143:2858
189.34.60.225:3333
191.101.22.136:9074
191.101.22.196:2409
191.101.30.16:4444
192.121.87.11:1118
192.152.0.60:1994
192.210.133.19:4042
192.3.141.183:61769
192.3.141.183:8078
193.105.134.94:2728
193.111.198.220:5861
193.111.198.220:5862
193.142.59.6:9494
193.142.59.76:5689
193.142.59.76:6322
193.161.193.99:40488
193.161.193.99:50422
193.188.22.165:2406
193.188.23.26:2121
193.47.61.225:47501
193.56.28.39:2211
194.127.178.68:2404
194.127.179.121:5002
194.147.140.146:8951
194.147.140.251:4952
194.187.251.91:5123
194.26.135.44:2404
194.26.135.44:3891
194.31.98.58:2404
194.31.98.67:2404
194.32.146.132:63560
194.34.132.153:5624
194.36.111.59:5639
194.40.242.22:3404
194.5.212.11:666
194.5.97.103:1011
194.5.97.116:6666
194.5.97.12:30100
194.5.97.14:6645
194.5.97.155:2021
194.5.97.159:7809
194.5.97.174:1990
194.5.97.18:6642
194.5.97.206:2556
194.5.97.209:7743
194.5.97.232:3737
194.5.97.247:1919
194.5.97.27:1988
194.5.97.32:5890
194.5.97.48:2404
194.5.97.66:1840
194.5.97.70:2404
194.5.97.73:6890
194.5.97.90:1234
194.5.98.100:1988
194.5.98.155:3330
194.5.98.171:60009
194.5.98.178:456
194.5.98.202:2404
194.5.98.203:1988
194.5.98.21:23411
194.5.98.21:2657
194.5.98.28:7006
194.5.98.32:959
194.5.98.81:7123
194.5.98.95:4224
194.5.99.119:1882
194.5.99.16:8493
194.5.99.205:1988
194.5.99.218:2060
194.5.99.218:2404
194.5.99.243:1666
194.5.99.243:2017
194.5.99.40:7461
194.5.99.51:2019
194.68.59.47:2404
195.178.120.118:2404
198.46.173.141:50485
199.247.0.12:5553
199.249.230.22:5481
199.249.230.27:5129
199.249.230.27:6159
20.115.127.188:1177
20.115.127.188:30120
20.115.127.188:4447
20.115.127.188:4448
20.214.203.178:4034
20.38.13.217:2524
203.159.80.123:5050
204.44.78.113:3360
204.48.16.32:4567
206.123.129.103:4565
206.123.140.83:5888
206.123.141.211:54382
206.123.158.139:3618
207.32.216.106:2404
207.32.218.137:5430
209.105.243.126:8650
212.193.30.101:7661
212.193.30.23:2873
212.7.208.111:4832
212.80.206.85:2404
212.83.46.177:2404
212.83.46.23:3110
212.83.46.26:4023
212.83.46.26:4044
212.83.46.26:4045
213.152.161.239:8733
213.152.161.24:5639
213.152.161.25:59755
213.152.161.85:47754
213.152.162.181:5129
213.152.162.181:6159
213.152.162.69:8733
213.183.40.17:4765
213.183.58.34:6669
213.183.58.40:6041
213.184.126.144:1337
213.208.129.213:137
213.92.255.174:7707
216.38.2.200:9929
216.38.2.215:2404
216.38.7.225:6524
216.38.7.225:6809
216.38.7.248:2041
217.138.212.58:52667
217.138.252.123:3319
217.138.252.123:8941
217.151.98.163:5639
217.64.149.109:2404
217.64.149.109:61769
217.79.189.38:5852
23.105.131.229:1960
23.105.131.236:8888
23.105.131.244:2404
23.105.131.244:3390
23.105.131.244:4290
23.146.242.110:9142
23.19.227.243:2404
25.68.49.245:3636
31.171.152.100:2404
31.171.152.104:130
31.171.152.104:3104
31.171.152.106:2019
31.171.152.106:4323
31.210.20.56:2404
31.220.44.253:5222
31.223.65.8:2404
34.227.28.79:8866
34.66.5.36:8082
35.247.37.33:2404
35.247.37.33:2809
37.0.14.206:3352
37.0.14.210:6809
37.1.206.146:11011
37.1.206.16:5959
37.1.206.16:7373
37.1.207.123:5858
37.1.218.181:5851
37.1.218.181:5852
37.1.218.181:5853
37.1.218.181:5854
37.1.222.252:5851
37.120.210.219:3398
37.120.217.243:5639
37.120.234.11:2404
37.252.10.80:5858
37.252.10.80:5959
37.252.11.23:5757
37.252.11.23:5858
37.252.11.23:6464
37.252.11.23:6565
37.252.11.23:6868
37.252.11.23:7676
37.252.11.23:7878
37.252.11.66:5858
37.46.150.207:9944
37.46.150.211:9987
38.242.246.175:2404
38.68.53.190:2929
43.226.229.83:5024
45.12.253.189:36897
45.135.128.195:8888
45.137.22.104:4445
45.137.22.104:8780
45.137.22.250:7050
45.137.22.36:20201
45.137.22.36:4838
45.137.22.45:5200
45.137.22.77:5888
45.141.152.68:63560
45.144.225.112:7777
45.144.225.221:5090
45.153.240.189:1986
45.76.221.195:2404
46.0.234.90:1604
46.165.221.14:8092
46.183.220.15:2022
46.183.220.61:2404
46.21.147.82:2404
46.21.250.36:7733
46.246.34.52:63560
46.249.62.250:5850
46.8.211.72:4444
5.181.166.25:27350
5.187.48.36:7656
5.187.49.231:4321
5.2.68.75:2558
5.20.206.229:8888
5.248.241.94:2404
5.252.165.58:34067
5.45.72.225:9003
5.45.87.29:8000
5.61.53.13:8000
5.61.56.10:9003
5.61.56.10:9004
5.61.57.165:5879
51.222.10.175:5861
51.222.10.175:5862
51.79.177.107:5855
51.89.201.42:1960
54.37.160.139:5467
54.37.235.82:8850
54.39.198.226:1960
64.188.26.145:2404
64.44.139.178:7200
65.108.9.124:4783
65.21.127.164:4783
65.21.9.54:1055
66.63.168.12:2404
66.70.141.157:2404
68.9.71.150:2404
69.61.41.126:4020
69.61.41.126:5050
72.11.157.241:4445
74.235.148.214:5000
74.63.220.6:2152
77.48.28.227:2442
78.30.214.80:25565
79.105.173.179:2404
79.110.52.7:2404
79.110.52.93:2404
79.134.225.100:1011
79.134.225.101:1011
79.134.225.102:2023
79.134.225.102:2025
79.134.225.103:6060
79.134.225.105:1910
79.134.225.108:5851
79.134.225.108:6868
79.134.225.10:98
79.134.225.112:1774
79.134.225.117:6767
79.134.225.118:6666
79.134.225.118:6667
79.134.225.120:8958
79.134.225.126:191
79.134.225.12:60256
79.134.225.13:26500
79.134.225.15:1011
79.134.225.17:2050
79.134.225.19:2555
79.134.225.19:2556
79.134.225.19:6606
79.134.225.20:8760
79.134.225.21:1930
79.134.225.21:60512
79.134.225.22:9763
79.134.225.23:6666
79.134.225.25:2404
79.134.225.25:3131
79.134.225.25:4141
79.134.225.27:4001
79.134.225.31:6089
79.134.225.34:20210
79.134.225.39:1982
79.134.225.43:5908
79.134.225.49:1953
79.134.225.52:1712
79.134.225.55:2021
79.134.225.72:2050
79.134.225.72:32765
79.134.225.73:6001
79.134.225.75:1199
79.134.225.75:7171
79.134.225.77:2001
79.134.225.77:2050
79.134.225.78:2404
79.134.225.78:6666
79.134.225.78:6667
79.134.225.7:2050
79.134.225.80:1952
79.134.225.81:3456
79.134.225.8:4241
79.134.225.8:6434
79.134.225.8:8654
79.134.225.8:8686
79.134.225.92:1212
79.134.225.92:1234
79.134.225.97:1558
79.134.225.97:8600
79.134.225.98:9080
79.134.225.99:1337
79.134.225.99:5678
79.172.242.28:2404
79.66.202.242:2404
79.66.202.242:4572
80.66.75.100:8788
80.66.75.109:50981
80.66.75.123:2456
80.66.75.126:53813
80.66.75.27:55777
80.66.75.28:55777
80.66.75.34:55777
80.66.75.36:3121
80.66.75.36:55777
80.66.75.37:53777
80.66.75.41:24155
80.66.75.41:36405
80.66.75.41:55535
80.66.75.51:11111
80.66.75.51:12565
80.66.75.51:13335
80.66.75.51:1352
80.66.75.51:2401
80.66.75.51:2402
80.66.75.51:2403
80.66.75.51:2404
80.66.75.51:49404
80.66.75.51:63464
80.66.75.73:1869
80.66.75.79:8758
80.66.75.90:4567
80.66.77.55:12043
80.66.88.139:36777
80.82.77.221:2606
81.161.229.69:12297
81.19.131.21:2580
83.95.173.122:2404
84.212.68.93:2404
84.43.208.174:4782
85.204.116.30:27017
87.237.165.162:1011
87.251.79.106:4567
87.251.79.117:10101
87.98.236.198:443
87.98.236.198:49650
89.163.144.125:5855
89.163.144.211:5015
89.163.214.180:6003
89.249.74.213:40511
89.249.74.213:4808
89.33.193.60:2845
89.33.193.60:5555
89.35.228.202:5050
89.35.228.236:4848
89.39.107.61:2606
91.103.252.68:2580
91.189.180.205:42018
91.192.100.10:11011
91.192.100.13:11011
91.192.100.25:27835
91.192.100.27:2404
91.192.100.4:1414
91.192.100.55:3360
91.192.100.57:8780
91.193.75.115:4343
91.193.75.121:1011
91.193.75.126:2019
91.193.75.145:1604
91.193.75.146:2021
91.193.75.147:2021
91.193.75.166:1011
91.193.75.178:7689
91.193.75.178:8769
91.193.75.182:2404
91.193.75.185:1989
91.193.75.188:60001
91.193.75.188:60004
91.193.75.188:60007
91.193.75.189:54255
91.193.75.199:1360
91.193.75.199:1361
91.193.75.199:1362
91.193.75.199:2404
91.193.75.216:1990
91.193.75.227:4380
91.193.75.252:2404
91.193.75.252:9003
91.193.75.45:1990
91.193.75.48:2244
91.193.75.78:2021
91.193.75.84:6688
91.236.116.140:666
91.241.19.107:1313
91.243.44.142:3654
91.243.44.200:61212
91.243.44.20:59681
91.243.44.45:1703
91.243.44.75:1703
91.243.44.88:2403
91.92.128.25:11373
92.220.36.40:2404
92.220.36.40:2405
92.255.57.105:666
93.158.208.100:27065
93.183.234.62:2404
93.190.8.107:2404
93.87.38.12:2404
94.23.218.87:4783
94.237.28.110:64526
94.242.206.175:5883
94.242.206.175:5885
94.242.206.175:5886
94.242.206.175:5888
94.242.59.19:27015
95.140.125.37:2169
95.140.125.47:6666
95.154.196.12:5851
95.167.151.238:137
95.214.27.17:8974
95.217.114.96:4782
95.217.114.96:4783
95.217.144.93:5865
96.9.208.176:2404
96.9.246.149:2024
96.9.246.149:2404
98.143.144.208:2404
1.facewii.in
1.qy92v8t2ot.in
1010.http01.com
121991dec.ddns.net
1515.dynu.net
15766.mooo.com
1c04adeeb09f2e8e5f0f7835e3240044dd0d645d050fd511ac33594dfa43.myboyfornow.pics
1zab4ever.duckdns.org
1zab4ever.no-ip.org
2.bgf4s9ydfe.in
2.facewii.in
2021best.duckdns.org
20billion.ddns.net
305way.duckdns.org
3247823647823.duckdns.org
399i6fi7voahk2g.xyz
3xe94lqhph0janx.ru
4mekey.myftp.biz
4rdp.com
5541.gotdns.ch
5778.hopto.org
5bwfdr9ipmxb0qq.ru
5ow86mh1sf1l1mr.ru
6aj7sx0v4x0o7z8.ru
7980.duckdns.org
903b6a1b4bcf0f1d44494cf445debfc6e7f166ea9a7adds.crusherx1.site
9792c43e055ef0733bcda6cf8aba4af1b0d9af10e2254b7b54da28136de2.cryptic.ink
9days.duckdns.org
9x3uvdpd8u3ybu48.chickenkiller.com
a458386d9.duckdns.org
abino.hopto.org
abjhqm11.duckdns.org
ablegodforsure.ddns.net
abuhjil.com
abujafirms.com
abujafirms1.duckdns.org
accessgranted.crabdance.com
activate.office-on-the.net
adminpotalpublicpersonaswps.website
aertdfvaz.ac.ug
afework.ddns.net
afework.hopto.org
afgdsg.duckdns.org
afrog.sytes.net
aguiyi1234.duckdns.org
aircommodore.ddns.net
ajohnston.duckdns.org
alcoholremser.duckdns.org
alegria.con-ip.com
aleksanderbodhan159.ddns.net
aleksandrekuc.ddns.net
alhabib4rec.ddns.net
alhabib4rec.duckdns.org
alhabib4rec.freeddns.org
aliex.hopto.org
alldatalogs.xyz
alukoren.duckdns.org
amanda97132.duckdns.org
ambientadorservre.duckdns.org
anasalgadodu921.con-ip.com
anbritz.com
aneurinbarnard.duckdns.org
angelista23.duckdns.org
anonuser2.club
anotherlevel.ddns.net
anti-vi.duckdns.org
anti.firewall-defender.cloudns.asia
apleegod12345.ddns.net
apostleremcos.duckdns.org
apostleremcos77.ddns.net
arabia465.duckdns.org
arencoservices.ddns.net
arkern-tr.com
arslanturk.duckdns.org
arttronova1.duckdns.org
ascoitaliasa.duckdns.org
asddfftye.duckdns.org
ateraresult.viewdns.net
auragmdh.com
autgerman.autgerman.com
auto7.duckdns.org
avira-antivirus.duckdns.org
awwes-antivirus.duckdns.org
azuite.ddns.net
bababaf5363.duckdns.org
back-effort.at.ply.gg
backup10012.nsupdate.info
bakup.superbanifabused2.xyz
baloto1.duckdns.org
bambam.hopto.org
banananaiop.kozow.com
bandota.con-ip.com
barrmexy321.ddns.net
bash.mywire.org
bash1.accesscam.org
bash2.accesscam.org
bash2.accessscam.org
bbbr1.ddns.com.br
beckz.duckdns.org
beimeltrans.duckdns.org
bekleyen.myq-see.com
belisha.punkdns.top
bendicemihogar.con-ip.com
bendicionesbenciioe.con-ip.com
bensonm3jb3nj1.mangospot.net
bestubuy.ddns.net
betrice1.chickenkiller.com
betterdaysahead.duckdns.org
bgf4s9ydfe.in
bigfish2345.ddns.net
bilibili610003.duckdns.org
billdropping9003.duckdns.org
billion2020.ddns.net
billionsonline.ddns.net
billypax-fax.dyn.home-webserver.de
binly.club
bitcoinpage.dynu.net
bitrem2022.northcentralus.cloudapp.azure.com
bitybity900.ddns.net
bkns-rubis43.ddns.net
blackbb.ddns.com.br
blesseddaxyman.hopto.org
blessedmacatty.ddns.net
blessedudoka.ddns.net
blessings.ddns.net
blessings2021.ddns.net
blessingsfollowme.hopto.org
blessingsnblessings.ddns.net
blessmelord.hopto.org
blessmelord1.ddns.net
blessmyhustlelord.ddns.net
blessthychild.hopto.org
blinkzworld.club
blowmymind.hopto.org
bobo231.hopto.org
bodhansanders.hopto.org
bodhansanders.duckdns.org
bogyz123.ddns.net
boh.anondns.net
bongon.hopto.org
botellita3434-46423.portmap.host
brasil.con-ip.com
brasilia63.duckdns.org
bressonseencrounder.mangospot.net
brian0612.ddns.net
briana.mypsx.net
brianaf511.duckdns.org
bright2020.hopto.org
brudfascaqezd.ac.ug
bruno.camdvr.org
bruno1.camdvr.org
bruno2.camdvr.org
bunkman.duckdns.org
bunkman212.ddns.net
bunkman212.duckdns.org
bush009.duckdns.org
bushaka009.duckdns.org
bushbackup.duckdns.org
bushnew.duckdns.org
businessculture.dvrlists.com
bustabantu0817.ddns.net
bustabantu0817.ddnsgeek.com
bustabantu0817.hopto.org
bvc234.ddns.net
bxtis123.ddns.net
cacgroups.hopto.org
callito2024.sytes.net
calvinlarry3551.ddns.net
calvinlarry3551.hopto.org
camil.con-ip.com
camrow1.duckdns.org
canival.duckdns.org
capriteam.ddns.net
captdic.duckdns.org
captmay.duckdns.org
carmensantanate62.con-ip.com
cartextranss.duckdns.org
casacasa.con-ip.com
casacasa777.con-ip.com
casademamaymia.con-ip.com
casamama1.con-ip.com
casarem.dynuddns.com
cashout2018.ddnss.de
casillas.hicam.net
casillas.libfoobar.so
casillas45.hopto.org
casillasmx.chickenkiller.com
catash.ddns.net
cathodlectr223.zapto.org
cato.iownyour.org
catomaaaaa.freedynamicdns.org
cazt01money.ddns.net
celikklczet.com
centourismeadddynamicoptional001.loseyourip.com
centro.con-ip.com
ceo.point2this.com
ceo2.point2this.com
cfo11.ddns.net
cfo11.hopto.org
chaseric.ddns.net
chaseric.hopto.org
chasesure.ddns.net
chasesure.duckdns.org
chen12.chickenkiller.com
chhjvhvkjbhliiuyuj.duckdns.org
chiboy22.ddns.net
chidera12345.ddns.net
chilegrace.ddns.net
chimmyxx.ipq.co
chinnyann.ddns.net
chinnyann.duckdns.org
chizzy8642.ddns.net
chucksnchucks.ydns.eu
cincuentarem.duckdns.org
cincuentaynueverem.duckdns.org
cincuentayseisrem.duckdns.org
cincuentayunorem.duckdns.org
cjmoneykelvincrugar.duckdns.org
ckay4real.hopto.org
cl-powar.com
classicbube.duckdns.org
clearvisoingraphicsremcoz.ddns.net
clinton2.duckdns.org
clinton3.ddns.net
cnnnnnnnncjldhsfui2ewryyr26734ohisdfsfsdxcvxvvv.publicvm.com
cobeckconstruction5430.camdvr.org
cobeckconstruction5430317.camdvr.org
coemxarre.duckdns.org
coke.nsupdate.info
collector1.duckdns.org
collector2.duckdns.org
collector3.duckdns.org
colombiabus72.duckdns.org
colombiahos.hopto.org
colpengaer.duckdns.org
coman-n.duckdns.org
computer079.linkpc.net
conecioplaystation4.ddnsfree.com
conipjuanchorem.con-ip.com
considered-arrest.at.ply.gg
construcciones.disbayal.me
contactchoweysafe.ddns.net
coronanancy14-50163.portmap.io
costamarfil13.duckdns.org
cothdesigns.com
coto-ar.com
coventry001.ddns.net
covid19remoc.duckdns.org
covornalord.duckdns.org
craigjonson1.gotdns.ch
craxsrat.ddns.com.br
creditdept01.myq-see.com
crusherx1.cfd
crusherx1.site
cryptic.ink
cryptotabhost.online
crystalbally44210.duckdns.org
csc.mastercoa.co
ctbcbk.us
cteu48n17qjpwv4.ru
ctl-plg-ap-12.nsa.gov
cuarentaycinco.duckdns.org
cuarentaycuatrorem.duckdns.org
cuarentaysieterem.duckdns.org
cuartos.con-ip.com
cvbcvb902834dsdfsscxvewr234234dvxcvx.publicvm.com
d02297e47fefcb8af4e517022b64ba0235369fc19f32b013d150666b9.jaytele0.site
darlingnwa4x4.hopto.org
darren2023.sytes.net
dash.3utilities.com
dash1.3utilities.com
dash2.ddns.net
dash3.ddns.net
dash4.ddns.net
databasenash2020.online
databasepropersonombrecomercialideasearchwords.services
datavcc.duckdns.org
datbuggy.servepics.com
davewang.ddns.net
davewang.duckdns.org
davidwong4ghost.ddnsking.com
dbanty2.ddns.net
dcws2kksik85f288.xyz
ddboy.ddns.net
ddns.dbcdubai.com
ddns.rbs.pw
de1.localtonet.com
death1fax.home-webserver.de
dedetsardfkjh.ru
deejay140-37878.portmap.io
defenderavs.mooo.com
deltatradings-eg.com
demoledor.duckdns.org
dera33.ddns.net
desastre.con-ip.com
destallesinformaciones12.duckdns.org
dfgdgertdvdf.space
dfgdgertdvdf.tech
dfkljsdf283293084jksdfsdewrdssdfsdfsdfsfsf.publicvm.com
dfrannks.ddns.net
dftyuj.duckdns.org
dhforklifts.com
dico.is-a-hard-worker.com
dico.is-a-liberal.com
dinero.ddns.net
diosesbueno.con-ip.com
divdemoce.duckdns.org
dkvisbsdidsdubvsdv.con-ip.com
dns2.mailredirect.ooo
dogspeaks.giize.com
dogspeaks.hopto.org
dollarands.duckdns.org
dollarboy1.duckdns.org
dominoduck2102.duckdns.org
dominoduck2103.duckdns.org
dominoduck2109.duckdns.org
dominoduck2113.duckdns.org
dominoduck2120.duckdns.org
dominoduck2124.duckdns.org
donatelo783.duckdns.org
donjon555.ddns.net
donjon555.hopto.org
donlin.dvrlists.com
dontbloc1.duckdns.org
dontbloc2.duckdns.org
dontbloc3.duckdns.org
dontblock.duckdns.org
dontreachme1.ddns.net
doopcrib.club
dopeclones87.ddns.net
dozrem.duckdns.org
dpqw-avira.bot.nu
drgarerd.eu
drgeraldvanluven12.zapto.org
driod.ydns.eu
drlogs1.publicvm.com
droidtech2.com
dropy1.ddns.net
dropy2.ddns.net
dsgrrrgfgf.duckdns.org
duckdb28921.duckdns.org
duckdne7832732.duckdns.org
duckdnw4.duckdns.org
duckguy.duckdns.org
dujuyer375ourf.duckdns.org
duplicado53.duckdns.org
dvsgfdda.duckdns.org
dxb1.mooo.com
dyansy11.ddns.net
dynasy12.ddnsking.com
dynasy13.myddns.me
ea01299e9ae43df8612cc3ecf2c968c41c55b74b483d44927dbc5185bd.crusherx1.cfd
ea01299e9ae43df8612cc3ecf2c968c41c55b74b483d44927dbc5185bdab.myboyfornow.bond
eastsidepapi.myq-see.com
echox12.ddns.net
ecxco.com
edfgh.ddns.net
effef.duckdns.org
egfsdgfdgh.duckdns.org
egommbute2020.ddns.net
eileenwmsscm.duckdns.org
ejimmss.ddns.net
ekuronew.hopto.org
ekurorem.duckdns.org
elastolut.duckdns.org
electricaribe.duckdns.org
elfinal.con-ip.com
elkjvsvhbwue.duckdns.org
elpapa0810.mypsx.net
elrenacer832.duckdns.org
elzy.ddns.net
emarketinglatakva.ddns.net
emilio2024.kozow.com
emiratods837.duckdns.org
emkanat.ddns.net
encoreelectric.dvrlists.com
encrushias328.sytes.net
enmark80.duckdns.org
ennenbach.duckdns.org
entradas2024.duckdns.org
entrandohhh.duckdns.org
envisiensintl.com
envisiensintl.duckdns.org
eowkai122.duckdns.org
ericbishop225.servepics.com
ericbishop225.sytes.net
ernestico8392.duckdns.org
euorvent.com
europarem.duckdns.org
evaclock1.hopto.org
evangelical7395.ddns.net
eventsbypearce.host
everestenterprses21.sytes.net
evnovic.ddns.net
ewewlveojndsv.con-ip.com
ewgxbuwkuncjo90.club
experience247.ddns.net
explorersystem.dyndns.biz
ezfax2021.home-webserver.de
ezisec.duckdns.org
fabiancarrillolora09.con-ip.com
facewii.in
facturadigital.biz
fanarybless.ddns.net
fanta.nsupdate.info
fatherlord1.ddns.net
favor.bounceme.net
favour2020.ddns.net
favour2021.ddns.net
fax-joh.dyn-ip24.de
fax-prince.home-webserver.de
fdfjdfjjhfjhgf.duckdns.org
fdghfghhre.duckdns.org
fernand.con-ip.com
feromo.duckdns.org
fery.mastercoa.co
festivapherma.com
fgbgfyby.loseyourip.com
fgjrtgrgwhwrjjjsr.con-ip.com
fgtrert.duckdns.orgqweerreww.duckdns.org
fiamim.com
filandes72.duckdns.org
finalesdejulio2020202020.duckdns.org
finseca.con-ip.com
firedownplay43883.duckdns.org
fjgjkhltyjj.duckdns.org
flatbar21004.duckdns.org
fmunity247.ddns.net
foodhubcompany.duckdns.org
forcertx.com
foshfjdfnisudhfios.con-ip.com
fouskal.theworkpc.com
franex.gotdns.ch
fredneilq.ddns.net
freeeboyi.duckdns.org
freelife.mywire.org
freelife01.mywire.org
freelife1.mywire.org
freelife2.mywire.org
freelife3.mywire.org
freelife4.mywire.org
freelife5.mywire.org
freeware.gleeze.com
fresh03.ddns.net
fresh134.ddns.net
frostyfoodco.kozow.com
fsdf.is-a-republican.com
fuchvsodfhwgefbaa.con-ip.com
futerty.mooo.com
futy.ga
futy6674.ga
futy676.com
fwgeg.duckdns.org
g8m3cyido670ly5.club
gabriellozanolora09.con-ip.com
gabrielmarquezlora09.con-ip.com
galo.servehttp.com
galoservices.servequake.com
ganster.con-ip.com
gastonlopezlora09.con-ip.com
gato87630.mypsx.net
gatus.ga
gbotowaya.linkpc.net
gcrozona.duckdns.org
gcrozonav.duckdns.org
gd92nof7quuu2l.ru
gem7.nerdpol.ovh
geneish.mywire.org
gethat.publicvm.com
getrektkid.duckdns.org
getrektkiddo.duckdns.org
ghkbffhjkhdxchjkf.ddns.net
github-58677.portmap.io
gitpacdxb1.ddns.net
gkoayu2862.duckdns.org
globalsystempl.ddns.net
gloriamae3232.duckdns.org
gloryandsuccess.sytes.net
goals.sytes.net
goals44.sytes.net
god111favour.ddns.net
godgodgod.ddns.net
godhelpme.ddns.net
godisgood247.duckdns.org
godslovem.ddns.net
gofarbooking.ddns.net
goldie.nsupdate.info
golpe9032.duckdns.org
gonorreaomegonorrea2021.duckdns.org
gonsalogurierreslora09.con-ip.com
goodisgood.ru
goodlife4sure.ddns.net
goodluckfile.ddns.net
goodworkers.ddns.net
goodygoody.duckdns.org
googlepics.gotdns.ch
gozman11.duckdns.org
grace.maximos.quest
grace111.ddns.net
grace2020.home-webserver.de
grace2020.sytes.net
gracefoundme.duckdns.org
graceland2021.ddns.net
graceland22.ddns.net
graceman2021.ddns.net
graceofgod1.ddns.net
graclogs.duckdns.org
grannyclassone.ddns.net
greatglass.servebeer.com
greatzillart.ydns.eu
grevk.ddns.net
grrgfdsagdgfgfsg.con-ip.com
grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu
gstpppp.crabdance.com
guido.con-ip.com
gustavobills.gotdns.ch
gustavobillz.duckdns.org
guy.hopto.me
guysniaja.duckdns.org
h.nerdpol.ovh
hadrqlo.ddns.net
harvard2.zapto.org
haveyoutube.hopto.org
hawmans.cc.dvrlists.com
hazelglory1.ddns.net
hazelglory1.hopto.org
heartdoaz.ac.ug
heinrichbaum.duckdns.org
helisaclou.helisaclou.com
helloservice.mywire.org
hemidiindia.com
henrietta.myddns.me
hillsong5566.ydns.eu
hjieyhe.ddns.net
hoefeynacia.xyz
holamundo.ddns.net
hold.linkpc.net
holygrillfax.home-webserver.de
homoney177.duckdns.org
hoppanga.club
hostdyn77.ddns.net
hostlords24.bounceme.net
hotii.ddns.net
housteko.mywire.org
houstrik.gleeze.com
hpx360pavillon.ddns.net
huracan.con-ip.com
hussanm.duckdns.org
hustlehard.ddns.net
iamfriendz.duckdns.org
iamfriendz.linkpc.net
ichi34.duckdns.org
idiotobocaefabmantenio2021.duckdns.org
idkwhatnameto.ddns.net
iessecuador.con-ip.com
igweumz.myddns.me
ihavemercy.duckdns.org
ihechi.ddns.net
imagine999.ddns.net
imranmhemoodcheema.ddns.net
indira8923.duckdns.org
info111.ddns.net
infoprokaps.ddns.net
infoprokapz.ddns.net
informaciondelproceso.duckdns.org
inicio.con-ip.com
inovacaptab.com
inssolution.duckdns.org
ipbanhbeone.hopto.org
ipngubinh.hopto.org
isp.remcosagent.dns-cloud.net
isrealpicker.duckdns.org
issacc.duckdns.org
iwantcheats.xyz
iwehfojesnojene.con-ip.com
iygfbafn792322.duckdns.org
izlamabad.strangled.net
j3wb76496fukmhj.ru
jackbaur75.linkpc.net
jackpiaau.duckdns.org
jackson910.dvrlists.com
jackyjian1965.hopto.org
jamaica123.ddns.net
jamaru1444.myftp.biz
james111.ddns.net
janeilla.myddns.me
janermontez86723.duckdns.org
jauansantos8721.duckdns.org
jaytele0.site
jbarn.camdvr.org
jeanettee.myddns.me
jfgagnon-31435.portmap.io
jgwmxykzoty0e22ronzlahhrlzd8om139wn9xf5q.duckdns.org
jimmy101.myq-see.com
jimnvv.ddns.net
jkamani.xyz
jkhxcvklsdflujkjhgdfuyter.ru
jluxi.dynu.net
jmtjmt.ddns.net
jobs.closeweek.club
john777.ddns.net
johnhoff.hopto.org
johnhoff1.hopto.org
jokerwe.duckdns.org
joseryeyr.con-ip.com
jqni1my7489jkmb.ru
jswork.ddns.net
jswork.duckdns.org
juanferandresdaza.con-ip.com
judyhus19.dvrlists.com
jueces23.duckdns.org
juliod87qw2.duckdns.org
junio1ok.duckdns.org
justicia.con-ip.com
juzgado832182.duckdns.org
jvofviubedvbev.con-ip.com
k55nfjeasa.ad-center.marketing
kamilaczap.myddns.me
kamryy.ddns.net
karnnod.com
kassssy.duckdns.org
kasssys.ddns.net
katruda.duckdns.org
kaymoni.duckdns.org
kelvincrugar.duckdns.org
kenke.mooo.com
kerrrrr.duckdns.org
kesaihk.com
khazsk.duckdns.org
kike.con-ip.com
king.dyn.ydns.io
king1.warzonedns.com
kingman.hopto.org
kintero.con-ip.com
kjdes.ddns.net
kl8nn6dcsfg69bn20h.duckdns.org
kmt-2.duckdns.org
kobiremcos.punkdns.top
kobiremcos2.punkdns.top
kobiremcos3.punkdns.top
kocdestek.ddns.net
kohjguj.ydns.eu
kokotin.kozow.com
laamanezatuister.duckdns.org
lab-protect.in
labeokunta.dyndns.org
lailataoday.hopto.org
lalalalalaalal.fr.to
leandrorey.duckdns.org
leewardmarineservices.duckdns.org
leewardmarineservices.mywire.org
letitbesoj.ddns.net
letmedie.crabdance.com
lifeless.gotdns.ch
lightvsv.duckdns.org
liguid.duckdns.org
liis036f.duckdns.org
lindron.ddns.net
lindron1.ddns.net
lindron2.ddns.net
linvosuyi.myddns.me
lionsguard.ddns.net
locahost247.org
local8263.duckdns.org
localhost247.org
logan.mypop3.org
logged.duckdns.org
logisctism.duckdns.org
logisctismest.duckdns.org
logisitica.discisoted.info
logzhome.mywire.org
love.nsupdate.info
lovedaysde.duckdns.org
lovelead.ydns.eu
lpbafldpvnsq11i.club
lsdw.dyndns.org
luckymanfavour.ddns.net
luckymanoffavour.ddns.net
luisacastro84.duckdns.org
luisarrieta5.duckdns.org
lunesgermanarellanos.con-ip.com
lxijr.ddns.net
macatyrules.ddns.net
macdonaldo.hopto.org
macho.hopto.org
mafianclub-41203.portmap.host
mageret894.chickenkiller.com
mail.deiomino.icu
mail.mastercoa.co
makuo.hopto.org
malito.con-ip.com
malwarechecker.ddns.net
maly22333.ddnsking.com
mam.mastercoa.co
maneediem.com
mannypenny.duckdns.org
maquivirtual.duckdns.org
marabos.ddns.net
marcando.con-ip.com
marcobalassoneets.ddns.net
marinelife9003.duckdns.org
markspahn490.ddns.net
markusrichard.mywire.org
marlonloperalora09.con-ip.com
marrem0.ddnsking.com
marriagaserrem.con-ip.com
martinelialora09.con-ip.com
marzo172022.con-ip.com
masterpat0nms672ns.duckdns.org
masters4733.sytes.net
maxwealth123.ddns.net
mdipaolo-remm.duckdns.org
medallos.duckdns.org
mediacome.duckdns.org
meembabab.ddns.net
megacomercialproservicesandnetworkingtelemarketing.online
megamoney2021.duckdns.org
mekremcos23.freedynamicdns.net
melvinchrist774.zapto.org
merce.con-ip.com
merceariadobenedito.store
mercedes.con-ip.com
mescot-metal.com
messi.dns.army
metarx.ddnsking.com
metx.duckdns.org
micenaxus.com
michelle247.ddns.net
microsoft-update-tool.duckdns.org
microsoft-updatetool.duckdns.org
microsoftwindowsvanced.duckdns.org
micxrus.ru
miercolesdndurem.duckdns.org
mikegrace2020.ddns.net
mikegrace2021.ddns.net
mikepedro207yxxx.ddns.net
mikepedro207yyyxxx.ddns.net
milbendiciones.con-ip.com
mildebendiciones.con-ip.com
milliondollar23.duckdns.org
mirandli.mirandli.com
mk.gdssa.cloudns.ph
mk.gtsdominicana.us
mmtrade.chickenkiller.com
mmtrade.publicvm.com
mnkhosting.de
mommaowow.myftp.biz
mondanepre.myddns.me
moneymustansme.duckdns.org
moneymustdrop.ddns.net
moneywonders.megasalesltd.com
moorenike.sytes.net
movement2020.ddns.net
mr0910.duckdns.org
mrbigice.hopto.org
mrtoby.hopto.org
msic10.quintetoffshore.com
mstq-designs.xyz
muchogroup.ddns.net
mukatt.com
municiapa821.duckdns.org
mxmeite.duckdns.org
my.bingoroll18.net
my.bingoroll19.net
my.bingoroll20.net
myboyfornow.bond
myboyfornow.pics
myfrontmannyfive.ddns.net
mylabssfsdf.spb.ru
mymann2021name.ddns.net
mynewmachinisonthewaycoming.duckdns.org
myproject1.ddns.net
myworldss.hopto.org
n8hoie32bkdpfd7.info
nakamura.hopto.org
nakamuraa.ddns.net
namonanwa.duckdns.org
naninani11.ddns.net
napaneli.com
navalbroda.ydns.eu
nbvuhvioeodhdu.duckdns.org
ncholazzervas.hopto.org
ndma.chickenkiller.com
nebus2022.duckdns.org
nerverdieorcus.is-a-doctor.com
netcos.mooo.com
neverdiemosole.is-a-doctor.com
new.bingoroll20.net
newdawn.zapto.org
newera625.ddns.net
newifeanyi12.ddns.net
newoneatu.hopto.org
newremc22.ddns.net
newserversforlogs1.ddns.net
newserversforlogs2.ddns.net
newspk.ddns.net
newstub01.duckdns.org
newtyer.hopto.org
nicholds.dyndns-web.com
nickman12-46565.portmap.io
nikkihutsltd.duckdns.org
nitido.con-ip.com
nj.dyndns.org
nkiruka2020.ddns.net
nkosarevaocs.duckdns.org
nkume666.ddns.net
nnnnoy.ddns.net
noneynoney.ddns.net
nonprofit.mywire.org
northside.hopto.org
novic.ddns.net
noviembre7.duckdns.org
nuevodiahoysivamoshacerplata.duckdns.org
nullhacker001.camdvr.org
nuxomexe.hopto.org
nvdiedico.knowsitall.info
nvdiedicob.is-a-chef.org
nvdiedicobies.is-a-hard-worker.com
nvdiedicozeus.dyndns-web.com
nvdiedicozeuse.webhop.org
nvdieroxy.kicks-ass.net
nvdieroxy.servebbs.org
nvisbviurbviuhbrr.con-ip.com
nvremcos.myq-see.com
nwajesu2020.freedynamicdns.org
nwajesu2021.ddns.net
nwokeomadaxy.hopto.org
nxghej4nnhx4j8u.ru
nyan43.duckdns.org
oba12343.ddns.net
obby.hopto.org
obclondon.ddns.net
obclondon.duckdns.org
observatorioplanificacionselectaccount.services
oceantrademn.ddns.net
odi111.ddns.net
odicjidjcsoijcodjicdij.con-ip.com
office1.servemp3.com
officer170.webredirect.org
official.myq-see.com
officialsw.chickenkiller.com
offsensiveho.dnsfor.me
ohekelem4x4.hopto.org
oifjvdofjvofknf.con-ip.com
okkkk1.ddns.net
olhgan3802.duckdns.org
olimpusdnre.duckdns.org
olorunwa.duckdns.org
oluwa12.ddns.net
omari12.duckdns.org
ommi-it.com
one.dmi.cloudns.ph
ongod4ever.ddns.net
onigegegege.duckdns.org
onlinemich-33503.portmap.host
onyedika23456.hopto.org
onyem.myftp.org
openrvdl.duckdns.org
orifak.ydns.eu
orland.con-ip.com
orozco-fax.home-webserver.de
oscarule.xyz
osiris8612.duckdns.org
ostriuyer.myddns.me
ourt2949aslumes9.duckdns.org
ozn.dvrlists.com
pabliotoes.duckdns.org
pabloemilio.mypsx.net
pacorem.duckdns.org
pakchoob.me
pakehoob.com
palmeirasremdns.duckdns.org
paloita9973.duckdns.org
pandemic4u.duckdns.org
pandemic5u.duckdns.org
pandemic6u.duckdns.org
pappysnr.duckdns.org
paraguaydnrempara.duckdns.org
parhatcsafxz.ac.ug
parisdnremparis.duckdns.org
parkingcctv.dynamic-dns.net
partnermepartneryou.duckdns.org
pascality.ddns.net
pastor1.con-ip.com
pcnewsesperanza.duckdns.org
pearlcip111.ddns.net
pearlcip111.hopto.org
pedro2021w.ddns.net
pedro2021w1.ddns.net
pedro2021w2.ddns.net
pekonomie.duckdns.org
pelerem.duckdns.org
pentest.awsmppl.com
perkasa.hopto.org
petebots.cloud
peterwong.ddns.net
petroleum.sytes.net
pfizervacunadns.duckdns.org
picapiedra.con-ip.com
piergxrx.com
pilarpilarifca2.duckdns.org
pilatos1025.dynu.net
pilo99.ddns.net
piratecrusher32-30031.portmap.host
piusdefender.ddns.net
playstachon.duckdns.org
playtime40098.ddns.net
plinio.con-ip.com
plssssssssss.ddns.net
polonia783.duckdns.org
pop.mastercoa.co
port9548.dynns.com
portalwpsiniciopublicvirtual.xyz
porterflrm.com
portugaku386.duckdns.org
portugal16.duckdns.org
ppprrooo.duckdns.org
prantiexport.myq-see.com
prayerarequesttojah.ddns.net
preferencial20.dynuddns.net
preparewell2023.ddns.net
press2.awsmppl.com
primetoolz.duckdns.org
princedaniels.duckdns.org
professionalkeepalive.online
progaming69.ml
progesteron610.ddns.net
programahumanitaria202220222022.duckdns.org
progressive2024.com
proprapra90.ddns.net
prosperidad777.con-ip.com
protagonist.ac.ug
protherm.ddns.net
proverbio.con-ip.com
prueba1666662.duckdns.org
prueba6812111.duckdns.org
pruebanue97382.duckdns.org
pruebaonce83191.duckdns.org
pruebaseisete86322.duckdns.org
pruebatreinai1087182364.duckdns.org
pruebatreintaicuatro91726192.duckdns.org
pruebatreintaiseis721852.duckdns.org
pruebatreintauno167821.duckdns.org
pruebaveinticinco782351212.duckdns.org
pruebavente815113.duckdns.org
pruebaventidos124235.duckdns.org
pruebaventiuni321234.duckdns.org
pruebaventiuwn73185129.duckdns.org
ps5r.duckdns.org
push4me.freeddns.org
pushpush9810.ddns.net
putcalligoanswer.hopto.org
pvtrans.ydns.eu
qaqaqa.ddns.net
qatar1329872.duckdns.org
qaw.mastercoa.co
qnb.mooo.com
qnp.mooo.com
quadrad.duckdns.org
quaxim.ocry.com
que.hopto.org
qweerreww.duckdns.org
qy92v8t2ot.in
raboundeu.duckdns.org
rambolastblood.ddns.net
ramosasdj.ac.ug
ramseycynthia.gleeze.com
ramzy.duckdns.org
rangel713.duckdns.org
ratagainbk.gleeze.com
raz23-51034.portmap.host
razorr.bounceme.net
rdp.con-ip.com
rebekauk.duckdns.org
reboot.duckdns.org
recom-40698.portmap.io
recomwest.duckdns.org
recuperaciondecartera.xyz
redeban.duckdns.org
referantsa12.duckdns.org
referantsa14.duckdns.org
regiskm67.buyshouses.net
relocosrelocos.dyndns-at-home.com
rem-pounds.ddns.net
rem.nerdpol.ovh
rem.unionbindinqcompany.it
rem04smtpmailserver.bid
rem1.nerdpol.ovh
rem2.nerdpol.ovh
rem3876.duckdns.org
remaboki.duckdns.org
remback.blair-reality.com
remback1.blair-reality.com
remcapi.duckdns.org
remco101.duckdns.org
remco102.duckdns.org
remco9200.duckdns.org
remcobakup.duckdns.org
remcolife.duckdns.org
remconuevo.duckdns.org
remcos.fingusti.club
remcos.kolisis.space
remcos009s.duckdns.org
remcos1.ydns.eu
remcos2026.duckdns.org
remcos50501.hopto.org
remcose.ddns.net
remcosw11.mywire.org
remcosw22.giize.com
remcosw33.kozow.com
remcosw44.freeddns.org
remcosw55.freeddns.org
remcosw66.freeddns.org
remcosw77.freeddns.org
remcoswealth.ddns.net
remcoswill.dynu.net
remcozy.duckdns.org
remego.ddns.net
remer.newshipexpress.com
remgeesecond.duckdns.org
remma.ddns.net
remman3.ddns.net
remman4.ddns.net
remman5.ddns.net
remman6.ddns.net
remno.myddns.me
remremrem2021marzo2021.duckdns.org
remsprotocol.servehttp.com
remy.publicvm.com
renan-fax.dyndns1.de
rencos.ddns.net
report1.duckdns.org
report59.duckdns.org
resereved12.nerdpol.ovh
retsuportm2.ddnsfree.com
reubenjet2018.http01.com
reveals.ddns.net
reveals.hopto.org
rex2020.hopto.org
rexarluther.ddns.net
reyreich.ddns.net
rfq.salesbin.digital
ricard32.con-ip.com
rich-fam1.strangled.net
richardd.camdvr.org
richiealvin2021.duckdns.org
rippc.ddns.net
rm.dogetaxi.io
rm.squidgame.to
robertmoore.hopto.org
robertozk.freeddns.org
robinsonwdq222.duckdns.org
rock.extrafive.loan
rockview.duckdns.org
rogeliada333.duckdns.org
rogerhunk41.duckdns.org
rogerhunk41.nsupdate.info
rogerhunk41backup.nsupdate.info
rogerhunk41backup011.nsupdate.info
rokyfilms.3utilities.com
romancito24.duckdns.org
romania3784.duckdns.org
romec.shipnotifica.com
rominar247.ddns.net
rornfl12.duckdns.org
roxy.dynalias.net
roxy.is-by.us
royal0001.hopto.org
rsaupdatr.jumpingcrab.com
runadp-mcos.duckdns.org
runam.ddns.net
ruthy.qdp6fj1uji.xyz
rwanda1010.duckdns.org
rxmz.duckdns.org
sabrinaoyst.ddns.net
sack517.ddns.net
sack517.duckdns.org
salesumishcn.ddns.net
sallyfosterjones.com
saloon-fax.myhome-server.de
sandovalreip.con-ip.com
sandrahurtadosa583.con-ip.com
saocris.ddns.net
saquelargore.duckdns.org
sara.con-ip.com
satsundai.club
sdegreenfieldsdeeenf.duckdns.org
sdfklxcjviouewr237289748234dsrfsdfewrwerewrdsf.linkpc.net
sdfxcvjk23423789dskjfsd234dsfsdvvsdfsf.publicvm.com
sdgsfgjvcbcbc.duckdns.org
sdkvifernuebvhcdbv.con-ip.com
sdsd.nerdpol.ovh
seagloballogistic.in
search.akamaimicro.com
seasons444.ddns.net
seba2580.duckdns.org
sebastianvelezdn.con-ip.com
securewebareax.dyn-o-saur.com
seguridadrc.con-ip.com
seleccion38312.duckdns.org
sep16bebe.duckdns.org
serapey.xyz
server.tanzaltech.pw
servermolink.ddns.net
serverr00008.hopto.org
serververdeparare.con-ip.com
services11.accesscam.org
servr.jordangaming1.xyz
servr.killifabuse1.xyz
servr.killwhenabuse1.xyz
sesentaycuatrorem.duckdns.org
sesentaytresrem.duckdns.org
settings.wifizone.org
sevenrem1.duckdns.org
severm.duckdns.org
sfgrrtyhedgssehyrtj.con-ip.com
sfsvdkjvnksnvknsojdn.con-ip.com
sgfergergfibvisisvgsg.con-ip.com
sgntmichael.ddns.net
shark.vfpi2hz38p.icu
sharongary6.duckdns.org
shell-win11.duckdns.org
shellgang.gleeze.com
shogun-dark.duckdns.org
shooter99.duckdns.org
shooterjob.duckdns.org
shooterjob02.duckdns.org
shooterjobb.duckdns.org
sibepoc.duckdns.org
simplytechnicolor.duckdns.org
simplytechnicolor03.ddns.net
simplytechnicolor03.duckdns.org
simplytechnicolor2.duckdns.org
simsekaluminyurn.com
simshans.duckdns.org
sinzu2.camdvr.org
sinzu3.kozow.com
sinzu4.ddnsgeek.com
sinzu5.giize.com
sinzu6.camdvr.org
sinzu7.camdvr.org
sivhisvishiuhdsfhuhf.con-ip.com
skillupdate.kicks-ass.org
sky.nepis.faith
sky234.ddns.net
skyden.awsmppl.com
skyden.duckdns.org
slidmore.ddns.net
slx-wave.duckdns.org
smartcut.duckdns.org
smb34.duckdns.org
snick.myddns.rocks
snick4059.ddns.net
snrpappy.duckdns.org
sodviodnvsjivosnvd.con-ip.com
sofi90.con-ip.com
sofiavergarate72.con-ip.com
sofie12.duckdns.org
softdream.gleeze.com
softinstall.ug
solardem.strangled.net
solo.chessregister.rss-search.anondns.net
sostenedor.mypsx.net
soweto24.sytes.net
spedra.ddnsfree.com
spiderserver023.duckdns.org
spreadbum1.ddnsfree.com
spreadbum2.ddnsfree.com
spreadrem2.ddnsfree.com
srv01.airdns.org
ssdhir.ddns.net
ssldata-transfero.pw
ssshost.viewdns.net
stahlcran.com
starkduck0001.duckdns.org
startup381.duckdns.org
stateman.ddns.net
statesman.ddns.net
staywoke.ddns.net
storemedia.dyndns.org
storeyman7109.duckdns.org
strekhost2061.duckdns.org
stud.breathlane.icu
style.etanetsys.com
sub.abuse2none.xyz
sub.josmartphones.waw.pl
sub.noneabuse2.xyz
sub.not4abuse1.xyz
sub.wedont1abuse.xyz
subnet.duckdns.org
subservidor.duckdns.org
subsubrm.duckdns.org
suchfamily.eu
suddominio2024.duckdns.org
suiza762.duckdns.org
summitegy2534.ddns.net
sumo.hopto.org
sungito.zklg.net
sunshine08.ddns.net
superboard.ddns.net
supportforrem.ddns.net
supr3m3.xyz
svjhfviuerfvnojdsnvo.con-ip.com
swapo2020.ddns.net
swapo222.ddns.net
swqrn.com
swrypaiii.ydns.eu
sydlarremedies.com
sydor.tjsosda.com
systemcontrol.ddns.net
systemcontrol2.ddns.net
tajelisalamat.duckdns.org
talented.hopto.org
talianau86.duckdns.org
tallboy.zapto.org
tammyberry.duckdns.org
tattonmurpy6.ddns.net
tdegreenffields.duckdns.org
teamfavour111.ddns.net
teamfavour111.duckdns.org
tehilaproj.hopto.org
temmermerble.com
temprem2021.kozow.com
tergat752.duckdns.org
terlevisor23.con-ip.com
terzona2022.duckdns.org
testigood247.ddns.net
testimony.ddns.net
testoctober235.ddns.net
testtingggg5.from-ms.com
thankgod1.ddns.net
thankgodwell.ddns.net
thedoorsisopen.ddns.net
thegatorway.com
thereal2333.hopto.org
theshooter09.duckdns.org
thony.ddns.net
tikettlo.tikettlo.lol
tisnew.ddns.net
titikanor.ru
tobi12345.hopto.org
tokia7823.duckdns.org
toolz.mywire.org
top.abuse1none.xyz
top.alton01.xyz
top.dontabuse1.xyz
top.eaglee1.xyz
top.jordangamingpcs.waw.pl
top.killaifabuse1.xyz
top.never01abuse.xyz
top.noneabuse1.xyz
top.not4abuse1.xyz
top.noway2abuse1.xyz
top.smartphonesjo.waw.pl
top.thesafeheaven.com
top.wedont1abuse.xyz
topfont.duckdns.org
toptoptop1.online
toptoptop1.site
tornado.ydns.eu
torrecuatroremser.duckdns.org
torredosserrenc.duckdns.org
torretresdnremtorre.duckdns.org
torreunoserrenc.duckdns.org
toshiba1122.duckdns.org
totalga.ddns.net
totalgb.ddns.net
totalgp.ddns.net
totalgp12.ddns.net
tprem4g.casacam.net
tprem8g.hopto.org
track.panstar.ltd
transitcapo.duckdns.org
transito.con-ip.com
transporte.serviicargas.design
travisrem.duckdns.org
treelab.hopto.org
trijgrscviomnbvdewacvioplmjytrewwqazxcvty.ydns.eu.ydns.eu
trucker5.ddns.net
trump89238.duckdns.org
tulicknewfavour.ddns.net
turquia111.duckdns.org
twistg.ddns.net
u4wqbjlplzi5hdx.ru
u864243.northcentralus.cloudapp.azure.com
u864243.nsupdate.info
u864244.nsupdate.info
u864245.nerdpol.ovh
u876137.ddns.net
u876137.duckdns.org
ubsgolds.com
ugococa111.ddns.net
ugococa111.freeddns.org
ugodengerguard.xyz
ukraineaugust15.duckdns.org
umuchu.hopto.org
umuoji.hopto.org
united55.ddns.net
unknown-kpera.ddns.net
upstand.duckdns.org
uribito16.duckdns.org
urtyest29458iurtpes4est.duckdns.org
us1.localtonet.com
us2.localtonet.com
utchmann.ddns.net
uyoman.duckdns.org
valjan.in
variety-hat.at.ply.gg
varshtrade.com
vccdata.duckdns.org
vcv.mastercoa.co
vdbto19wogzzu.info
vegospupm.ddns.net
velezdominiore.con-ip.com
venonletmonitprradministratioran.loseyourip.com
veryscary2244.ddns.net
vidrios.ycontrucciones.services
vikkibret.mywire.org
vmware.ndnet2.org
voeurhfvjsdvsd.con-ip.com
vozkidscaracoldns.duckdns.org
vpv.remcacount.co
vstore101.com
vuelta2020.ddns.net
w1w.mastercoa.co
waledon002.duckdns.org
wanananaiop.theworkpc.com
wasy.dynu.net
waterz08.dvrlists.com
wavesvc32.duckdns.org
wavesvc64.duckdns.org
ways-examining.at.ply.gg
wealth.ddns.net
wealth.dynuddns.com
wealth1234.ddns.net
wealth234.ddns.net
wealthambassador.ddns.net
wealthkogd.hopto.org
wealthlyblessed.ddns.net
wealths.duckdns.org
wealthy.duckdns.org
wealthyman.ddns.me
wealthyrem.ddns.net
wealthyremcos1.myddns.rocks
weathbillionaires.ddns.net
webkit.publicvm.com
websetting7777.camdvr.org
welloff.myq-see.com
werverdsfefef.con-ip.com
wetransfers-online.xyz
whiteson2019.publicvm.com
wibhfiwhdciwhfvijdnb.con-ip.com
widda1.ddns.net
wifi.con-ip.com
wilfrido23897.duckdns.org
williams.tjsosda.com
willofgod.hopto.org
wilsocer382.duckdns.org
wilsondavid.ddns.net
winam.ddns.net
winamd.org
windowsupdatenew.duckdns.org
winvohost.ddns.net
wkefewjfnkuhciuwfnhdb.con-ip.com
workbox100.ignorelist.com
workbox100.linkpc.net
workbox100.publicvm.com
worldglobalrem.serveirc.com
wv5hvbijspasvvi.info
x40.spdns.eu
xamp.zapto.org
xandybars1.ddns.net
xcash.ddns.net
xmwire.duckdns.org
xoftmanrem002.camdvr.org
xoftmanrem003.camdvr.org
xpert.dyndns.biz
xrp.mooo.com
xteebaby.icu
xvhjuqq1skbs0bo.info
xyzpree.hopto.org
xzpnhfvnlsjjchr.club
yedaibi.com
yg9twivamv6sw0n.ru
yjune2021.duckdns.org
yjune71021.duckdns.org
yokiri.com
youngboss1994.ddns.net
yousbresde.ddns.net
yousm.duckdns.org
yousucc.hopto.org
ytuna1709.duckdns.org
ytuna7307.duckdns.org
ytuna7325.duckdns.org
yupyup123.duckdns.org
yuyitosjs.duckdns.org
zednet.mooo.com
zeife.giize.com
zekeriyasolek44.duckdns.org
zekeriyasolek45.duckdns.org
zeusnodie.mypets.ws
zimchi2021.ddns.net
zl5uyooepo2sqez.info
zoppere.nerdpol.ovh
zoppere1.nerdpol.ovh
zumanmelden.hopto.org
zxyqx.ydns.eu
zykk5es6go3izsb.club
zysnuy.com
zyt.dvrlists.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-12)

103.202.52.254:5050
172.93.160.33:2404

# Reference: https://www.virustotal.com/gui/file/1ad28ce4f9f5a7e9b9ce2d0e655d4749490201ea7039231caf9f85d751f4f418/detection

172.94.40.145:2000

# Reference: https://www.virustotal.com/gui/file/29cb8ad400f9f4c4f55b39de3cf63903114266795dbfa7cb7e9040d2b23ab4b9/detection
# Reference: https://www.virustotal.com/gui/file/694b1c7f0d1a21c7b495d562c4edd3b93122d17d1f568c118fc5e427cc2489d0/detection
# Reference: https://www.virustotal.com/gui/file/879759742b7ed546f62f1837d15642ed292fd3c859554e11dd3d27dff4f32416/detection
# Reference: https://www.virustotal.com/gui/file/e9a7db610a01f4e6eddaa4fe904ef0bdad386e56a4ea544c6706f9a5bfc94f1c/detection

179.43.144.205:5050
185.213.22.240:2020
5.2.68.68:2020
5.2.68.72:2020
5.2.68.73:2020
5.2.68.74:2020
5.2.68.82:2020
doorbackup.sbs
doorspa.shop

# Reference: https://www.virustotal.com/gui/file/9cd1a5af314816521e29b06c271de6016fcfe71f3e39beb374edd4c56c25a662/detection

5.2.68.70:21090
5.2.68.71:2340
sparaback.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-14)

5.78.40.210:2404
5.78.40.210:2405

# Reference: https://www.virustotal.com/gui/file/040d8d8ba4648cfb66df323b0789a901c34213d9c8e5dc4970c8a5bbfa84cdf2/detection

172.81.60.60:3467

# Reference: https://threatfox.abuse.ch/ioc/1163976/

204.44.124.131:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-18)

45.62.170.73:2405
72.11.142.195:55955

# Reference: https://threatfox.abuse.ch/ioc/1164717/

103.212.81.159:1126

# Reference: https://www.virustotal.com/gui/file/0e022459a85eec6b565b70aa1a2a3ec49009375ec65521758740de2d8e7bb375/detection

103.212.81.159:3256

# Reference: https://www.virustotal.com/gui/file/1e2f3f495e180913a4250f182efec7bab6c029a553abaf6cfdd73416e8eda033/detection

103.212.81.159:3846
bxfpmlncqcmtwgdsxbrn.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b627753254a002ccc97b2db8ac92d130513c85fb2e2e86f3764e8c998611ac02/detection

45.155.7.187:22066

# Reference: https://www.virustotal.com/gui/file/4f4a8ff83672c8134227742b12e228e512d32e3c3dabb8e96bdc6b28628d3d26/detection

104.250.180.178:7902

# Reference: https://www.virustotal.com/gui/file/5286f7e6103043dd6fde463519103ba2dfb395170faaabc601109804182a9a7a/detection

45.142.214.15:3170
45.142.214.15:3180
123123231.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-25)

141.98.6.9:7044
185.255.114.32:2404
185.38.142.102:3107
193.42.33.27:5252
5.252.22.56:2404
64.188.24.134:2404
80.66.75.66:3388
95.214.24.210:2404
alvaritospamlamu.con-ip.com
bliv.duckdns.org
brian0627.duckdns.org
cascada.con-ip.com
claudiabetancurlora09.con-ip.com
comico.con-ip.com
dsoiuhvciosdjncoshvibd.con-ip.com
fgndibsvisdviree.con-ip.com
ifdhbodfijvoidsjvpfdpfijh.con-ip.com
puerta1.con-ip.com
remcostest.ddns.net
remsmart.hopto.org
vanidad.con-ip.com
wedhstinwell.online

# Reference: https://www.virustotal.com/gui/file/a522965f3ee8450fac5ef490fd0dd782fd10235826f9e619935c3b847b676c80/detection

23.105.131.181:1609

# Reference: https://www.virustotal.com/gui/file/63223780aa12fb5c0b23024a61b9dc8f1c8c701e026eccab7a4d2ef667f6a7f5/detection

85.209.176.106:2404

# Reference: https://threatfox.abuse.ch/ioc/1179490/

81.19.131.36:2450

# Reference: https://www.virustotal.com/gui/file/631766c4b41778f45c6b68a1ef6a7f700b249def52f2a5297d6e7e0a32dba49d/detection

45.66.230.12:2404

# Reference: https://threatfox.abuse.ch/ioc/1182618/

45.95.169.191:2404

# Reference: https://www.virustotal.com/gui/file/77b9a0c1a2227c43cf08700532888479d5dc29067277625745a151804f96cd44/detection

186.102.171.59:3337
war.bumbleshrimp.com

# Reference: https://www.virustotal.com/gui/file/4953397ff1e2db23646a3e86c91b1f5fd3b7a4e5565dffa00feb9bb26f054bc3/detection

181.141.3.182:8888
asegurar100.4cloud.click

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-03)

141.95.84.40:2222
185.225.74.166:1606
194.180.49.35:4935
81.161.229.158:2404
94.156.6.57:6657

# Reference: https://twitter.com/doc_guard/status/1709557264250495203
# Reference: https://www.virustotal.com/gui/file/3e090a3f20ab44f4efec21a7896198035f9076a9badc8764e4a0bd2fe68c45f5/detection

/i0i0ii0i0I0OII0OI0OI00I0Iioi0io0oi0ioi000000##############0000000000##############00000000.doc
/i0i0ii0i0I0OII0OI0OI00I0Iioi0io0oi0ioi000000%23%23%23%23%23%23%23%23%23%23%23%23%23%230000000000%23%23%23%23%23%23%23%23%23%23%23%23%23%2300000000.doc

# Reference: https://twitter.com/ginkgo_g/status/1711309741773951129
# Reference: https://www.virustotal.com/gui/ip-address/193.57.33.7/relations
# Reference: https://www.virustotal.com/gui/file/b89c5a9c7ae50cdd6825a645c72d8a7009c38f0372db4fe5224c7e2af8200be4/detection

179.61.237.12:443
allnato.net
drivebackupupdate.com

# Reference: https://twitter.com/karol_paciorek/status/1712422451534045305
# Reference: https://tria.ge/231012-mswmfsdh2t/behavioral1

179.14.9.58:1883
sdvjhdibvcksdnvisdhvsds.con-ip.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-13)

194.147.140.148:1998
194.147.140.246:1998
2.59.254.111:33380
20.110.88.130:6334
5.196.117.233:2023
37.1.222.255:22066
79.110.62.168:6781
79.134.225.83:7400
91.242.229.190:2450
94.156.6.158:50147
95.214.27.6:2409

# Reference: https://twitter.com/reecdeep/status/1714921437050364117
# Reference: https://twitter.com/Tac_Mangusta/status/1714934097657688416
# Reference: https://tria.ge/231004-pq4ldsdf72/behavioral1
# Reference: https://www.virustotal.com/gui/file/1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139/detection
# Reference: https://www.virustotal.com/gui/file/c5898ac379acfcd23bedfceff198bf5e738921bf61b299ca47bdd8c223199515/detection
# Reference: https://www.virustotal.com/gui/file/e16efeb6c3e5c72ff5deb4da48d1ae448da32bb2043e71f2c1b338d1c6a0acda/detection
# Reference: https://www.virustotal.com/gui/file/85bdf691ddbeebf9a11faa642fc7767507014483a7d43ede19406bfe46b8969f/detection

45.90.222.54:2404
45.90.222.54:5500
studioaziende.click
spm23.casacam.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-19)

http://5.2.68.80
139.28.219.36:51147
141.95.84.40:1212
185.214.10.18:8766
194.147.140.158:1997
194.147.140.158:1998
194.147.140.194:1998
194.147.140.194:3030
194.147.140.196:1995
80.76.51.172:8087
80.76.51.172:8787
81.161.229.171:2404

# Reference: https://twitter.com/r3dbU7z/status/1715570648737615991
# Reference: https://www.virustotal.com/gui/file/a38da72082fc2dc1f60b3b245e1f2382d5f8c1d08ebc397dd0d81cc9f74ebbe6/detection

muzu.re

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-24)

135.125.189.140:1030
45.40.96.248:2404
45.95.169.117:2404
45.95.169.140:2404
81.19.131.34:2450
busbuctomorrrw.ddns.net
empireboss.ydns.eu
mancuso.con-ip.com
myfrontmannysix.ddns.net
remcoss2023.duckdns.org

# Reference: https://twitter.com/Racco42/status/1717267956210503879
# Reference: https://app.any.run/tasks/16f53867-81fe-41c4-8019-16ee5cecdeb4/
# Reference: https://www.virustotal.com/gui/file/d4c96c493952ab9601201dc7875a664148107c06a5481ae53414037fc1edccda/detection
# Reference: https://www.virustotal.com/gui/file/15851690d3cb99d95e82bb47d3f31db71688c69dd50b0a8367e97aa3b501b637/detection

105.112.134.82:6426
172.94.4.196:6699
79.134.225.87:7575
bantubusta0816.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-30)

107.150.18.101:2404
107.175.229.139:8087
122.225.124.110:2404
185.225.73.200:2580
185.255.114.50:2404
193.142.59.106:5832
193.142.59.240:5151
193.161.193.99:60921
194.147.140.212:1999
2.59.254.111:3346
221.12.129.226:2404
37.217.2.176:7777
5.61.53.75:8007
59.110.239.147:2404
69.24.199.30:1800
80.66.75.51:37481
91.92.241.117:8787
91.92.246.64:34771
91.92.247.146:3348
94.156.65.197:2404
94.156.66.37:45944
94.156.66.37:49539
95.214.27.6:3366
95.214.27.83:2404
apples.con-ip.com
blackrockxp.dyndns.org
danielitopt.con-ip.com
donpapii.duckdns.org
dsojvhocnvlkvokcvond.con-ip.com
filwelreg.pw
gfkodssnvosdjvlksnvldkj.con-ip.com
grantadistciaret.com
haroldmoscotelora09.con-ip.com
kashrteletts.giize.com
lestfuckinggoon.broke-it.net
miradores.con-ip.com
rdpown.ydns.eu
secure.cloudproxyserv.com
sheddy1122.ddns.net
somto.ydns.eu
sxvcddhcbdjcbixg.con-ip.com
whitecat.space

# Reference: https://www.virustotal.com/gui/file/3cb93d166196c1400e069fd437153d956df26d587c969c2c1a525874633a1e99/detection

103.212.81.150:6524
103.212.81.157:6524
212.100.79.161:6524

# Reference: https://www.virustotal.com/gui/file/4c97e1a48c3b25929a7a628c74e44eadfa4c26d00bba70a9803a3db7b37b06e9/detection

37.139.129.43:3212
85.195.105.97:3212
85.195.105.97:3223

# Reference: https://www.virustotal.com/gui/file/0dea44c7280c4a6134fd2831b6b7c4aa87584f71d4b563d6e006534ccd1c5fac/detection

46.183.221.100:3212

# Reference: https://www.virustotal.com/gui/file/1cac61de4ea72de9a6bf94d9cac661e29a147ac63b1e0ec9fa167b6e9fddb822/detection

172.111.167.99:9595

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-11-07)

139.84.229.159:2665
142.202.190.140:2404
194.147.140.145:1997
198.55.113.202:2404
20.252.43.59:4403
59.110.239.147:14344
91.92.242.184:2404
91.92.242.184:2602
91.92.244.149:2404
91.92.255.12:25050
94.156.69.95:2404
95.214.27.6:3348

# Reference: https://www.virustotal.com/gui/file/d51fab7aeed3c057ca6f99ea8bc3c277ccde4e99bc667a774f9e89b13e7d7b16/detection

81.161.229.136:4820
aganaku4ghana.bounceme.net

# Reference: https://cert.gov.ua/article/6276351 (# UAC-0050)
# Reference: https://app.validin.com/axon?find=195.133.199.230&type=ip
# Reference: https://app.validin.com/axon?find=45.10.245.245&type=ip

http://111.90.147.157
http://111.90.147.188
http://111.90.147.21
http://111.90.147.78
http://111.90.147.98
111.90.147.133:465
111.90.147.133:4899
111.90.147.133:8080
111.90.147.133:81
111.90.147.190:8080
111.90.147.216:8080
davincigroup.online
groupdavinci.online
ns1.davincigroup.online
ns1.groupdavinci.online
ns2.davincigroup.online
ns2.groupdavinci.online

# Reference: https://www.virustotal.com/gui/file/5eee291b4252b66880c0e2dc3bb62bd3e6f1813320b839016f07ab2374a640f2/detection
# Reference: https://www.virustotal.com/gui/file/4202789483158024de2ce0a94a904d61c916923212237263d4d3d478a8d8fb5b/detection

156.96.151.132:35602
199.249.230.42:18118
199.249.230.42:35602
94.156.66.16:35602
jourando199resti.duckdns.org
septnet.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-11-14)

103.212.81.158:3050
192.3.101.8:45671
192.3.101.8:55677

# Reference: https://twitter.com/Tac_Mangusta/status/1724725241820205428
# Reference: # Reference: https://cert-agid.gov.it/wp-content/uploads/2023/11/systembc_remcos_agenzia-entrate_16-11-2023.json
# Reference: https://www.virustotal.com/gui/ip-address/62.173.145.211/relations
# Reference: https://www.virustotal.com/gui/file/17d3c73c2e512a9e42144343edb790be0ecbfe65952db4109752378ad8054f79/detection

http://62.173.141.116
62.173.141.116:445
62.173.145.211:3839
62.173.145.211:4050
62.173.145.211:7020
listpoints.click
listpoints.online
retghrtgwtrgtg.bounceme.net

# Reference: https://www.virustotal.com/gui/file/0df9680d38ed0bc71156bef32ba93ac711a58a47dfbfc087bd4e55230b1a3f40/detection

196.217.76.129:3009
serviceinfo.freeddns.org

# Reference: https://www.virustotal.com/gui/file/0e2d052e8ae4c77d2a3ead51349a642a7fbda47ff26c63bd433cdf6fb659420f/detection

pissings.nerdpol.ovh

# Reference: https://app.validin.com/axon?find=185.81.157.16/29&type=ip4
# Reference: https://www.virustotal.com/gui/ip-address/185.81.157.20/relations

remcoddlr.xyz
remcsslinfo.xyz
remsslinf4.xyz
remsslinf5.xyz

# Reference: https://www.virustotal.com/gui/file/0387dd2156aaaf5a1f7339b454c42702748f07712c4a0572668dfb88b039e50f/detection

aikbig.duckdns.org

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/11/remcos_agenzia-entrate_20-11-2023.json

http://62.173.141.118
62.173.141.118:445
center.onthewifi.com
datastream.myvnc.com
gservicese.com
vckkbkxu.page.link

# Reference: https://twitter.com/James_inthe_box/status/1726617679266795780
# Reference: https://www.virustotal.com/gui/file/9ef9b4a8ab8366ea77b049febf61fd2003aa90b9b38f5c301bff8a60a0feef24/detection

103.212.81.158:6524
103.212.81.161:6524

# Reference: https://twitter.com/JAMESWT_MHT/status/1726588073323135194
# Reference: https://app.any.run/tasks/ede94e83-44c4-4a8e-b045-f269cc21cda7/

http://142.250.72.174

# Reference: https://twitter.com/JAMESWT_MHT/status/1726617631686533352
# Reference: https://app.any.run/tasks/6266a21e-171c-4835-9fa3-c4b3592261fc/

91.215.85.63:2718
91.215.85.63:3839
91.215.85.63:5225
91.215.85.63:7020
91.215.85.63:8118

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-11-20)

103.212.81.160:6609
104.129.27.19:2404
107.150.18.101:1604
107.150.18.214:2404
109.236.82.82:5001
149.56.240.44:2404
149.56.240.44:2405
149.56.240.44:2406
149.56.240.44:2407
149.56.240.44:2408
149.56.240.44:3398
149.56.240.44:9987
172.174.245.21:5400
172.81.62.183:2404
172.93.187.227:2404
172.93.217.218:2404
185.156.174.155:9992
185.189.112.11:9625
185.202.173.178:2404
185.29.8.29:4039
198.27.121.194:2712
2.59.254.160:8500
209.127.186.232:4765
45.66.230.229:8753
5.61.55.210:8004
5.61.55.210:8006
64.237.177.189:1800
80.66.75.86:2404
91.92.242.85:4285
91.92.243.110:3734
91.92.254.87:1606
94.142.138.155:2580
bad.con-ip.com
cocacabanaclubsdownt.com
comercio.con-ip.com
dxxxxza.dynamic-dns.net
gig24.sytes.net
idofjodjvodjvojvojfojooiodijnj.con-ip.com
ima.con-ip.com
large-sox.gl.at.ply.gg
millon777.con-ip.com
rem0323.duckdns.org
sdhisdviudsibdsibedas.con-ip.com
sdvsiudhvisdhvodshv.con-ip.com
sembe.duckdns.org
sonia777.con-ip.com
virtuallogoprepaidmaxspippline.onedumb.com

# Reference: https://twitter.com/peterkruse/status/1726866287379263580
# Reference: https://www.virustotal.com/gui/ip-address/103.212.81.155/relations
# Reference: https://www.virustotal.com/gui/file/22224f65c07515b2f61e29f7f1a14005d0de54378aa925d9e017bb2ac26b5395/detection

103.212.81.157:58001
doytupodkifopffbiu.ddns.net
eopgupgdpopopfuupi.ddns.net
exynosuzak.duckdns.org
hahbdu.kozow.com
igborem.duckdns.org
mattwems36.ddns.net
nybenstaycalm.ddns.net

# Reference: https://www.virustotal.com/gui/file/07890acb79a77d4e64fb47e98a752e2564fc722ec4094b8d0bb2abdb27405899/detection

citii.bar
atu.hopto.org

# Reference: https://www.virustotal.com/gui/file/0f780d643f6238b1146973d35535fc59342a8d5eed18f75a68496d521484d23c/detection
# Reference: https://www.virustotal.com/gui/file/39b0fffc0abc5ab93b925561969c238305497eb0af47dbcd21c340b66e74d51a/detection

185.244.30.76:3036
23.105.131.206:3036
arttronova12.duckdns.org

# Reference: https://twitter.com/v0lundr_/status/1729409817578455234
# Reference: https://www.virustotal.com/gui/ip-address/46.246.12.11/relations

46.246.12.11:9999
serviciostransitoant.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3eac3c0c1cca36b1db0d04b5ea74cd06600123febf2063d6eb05c01d90029fa6/detection

172.94.14.24:2103
cosrem.ddns.net
cosrem.ddnsgeek.com
cosrem.dyndns.org

# Reference: https://twitter.com/v0lundr_/status/1729897758427942930
# Reference: https://www.virustotal.com/gui/file/f71847450b386b8c7fd34717cd934f1c2286b39a2ce95bbeaf8c34d17dfd4b0f/detection
# Reference: https://www.virustotal.com/gui/file/9412a14100e466c918334a2fa6d74e28bb5580c30287afa8a3e8d55a2b72c94d/detection
# Reference: https://www.virustotal.com/gui/file/8fe98ae573432ec9f94b3ad6ed10bef5f3a5308751842c3a5f8f4fcd1786028b/detection
# Reference: https://www.virustotal.com/gui/file/29508c77800bd693998af91f8c0e3c0e62f848c4b44865a4928b817bcce58cf7/detection

91.92.252.158:2090

# Reference: https://www.virustotal.com/gui/file/071c44bd1144e0a1f0cf5f61bc8336b774dc3ffce0d358d32d809b8e468a78e3/detection

104.250.186.63:9596
money001.duckdns.org

# Reference: https://cert.gov.ua/article/6276567 (# UAC-0050)
# Reference: https://www.virustotal.com/gui/ip-address/95.214.26.199/relations
# Reference: https://www.virustotal.com/gui/file/a7aca87179f51e229aa9a2f13bb8ab76750c8092579cc7b4d0cbc40235cdde27/detection
# Reference: https://www.virustotal.com/gui/file/ff0a84220d028052a841312cd81baa525d19f7e4b0ce94dbbaf6634a776d3814/detection

http://101.99.92.102
http://101.99.92.19
http://101.99.92.218
http://185.65.105.190
http://185.65.105.191
http://185.65.105.192
http://185.65.105.193
http://185.65.105.196
http://185.65.105.197
http://95.214.26.18
http://95.214.26.190
http://95.214.26.199
http://95.214.26.25
http://95.214.26.60
http://95.214.26.79
http://95.214.26.90
http://95.214.26.99
101.99.92.101:465
101.99.92.102:465
101.99.92.102:8080
101.99.92.103:465
101.99.92.19:465
101.99.92.19:8080
101.99.92.212:8080
101.99.92.218:8080
142.202.189.215:2404
185.157.162.241:1303
185.65.105.15:465
185.65.105.193:8080
185.65.105.194:8080
185.65.105.195:8080
185.65.105.196:8080
185.65.105.197:465
185.65.105.198:465
185.65.105.199:465
194.147.140.212:2025
195.201.79.232:2026
198.27.121.194:2024
213.152.187.200:8185
5.2.68.80:600
59.110.239.147:1800
85.209.176.69:57484
91.92.249.176:4285
91.92.250.65:2404
94.156.67.170:6657
94.156.67.247:2402
95.214.26.140:2404
95.214.26.199:21
95.214.26.199:465
95.214.26.199:8080

# Reference: https://twitter.com/JAMESWT_MHT/status/1729036763711312316
# Reference: https://twitter.com/JAMESWT_MHT/status/1730143302723252328
# Reference: https://www.virustotal.com/gui/ip-address/62.173.146.192/relations
# Reference: https://www.virustotal.com/gui/file/04e5b2ca6f0ed2eb8a36deaef7ec8a5ba5780aa07e133153eac2e120ffe41672/detection

gamecente.com
pressfacto.com
tecnologiesline.com
agenzia.servebeer.com
modulo.servegame.com
onlines.3utilities.com

# Reference: https://www.virustotal.com/gui/file/883fcbc771e319fd3774a956a97d2ce58aa9d60748030908642e2d5663268b36/detection

179.13.11.55:2001
fajardo1.con-ip.com

# Reference: https://www.virustotal.com/gui/file/07d08fec6ba5f329093359752f754bebd370e8a03a19e51dec789ce4ca410d47/detection

ceorcs.duckdns.org

# Reference: https://www.virustotal.com/gui/file/087437b32c1e997dab7d3174c11b810c64aa6e693e0964f11927e143db2664d9/detection

179.13.1.242:2121
stage3.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4f927f878aed924b1835a7e7e6567cd48acf0109df583d37be588bee6e9f7229/detection

proxi2018.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3a9d70341e3650b9f6b2713c388aceb90ffc6e7aaa75fc4d88fba3f2eb604cfc/detection

186.85.86.96:2123
restorebackup.duckdns.org
servidor2019.duckdns.org
tardesdeverano.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a1ebbca305d169f324f500bbca39a0274fcfffb14af20077d2f8d5e70f5f853c/detection

181.71.216.115:1014
chicagodnre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/998902d20d96b0ceb5b27007e2cfb4c8a23fe8714ed39f0e86b409e673849209/detection
# Reference: https://www.virustotal.com/gui/file/48a782c5e9655220f464a42099557fbb17b2a2230e2e9f81dc6e6af0572c6fa5/detection

181.131.217.138:1012
salonsocialdnre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/53d04de9d551f1f52d871849a0303016dffee30155d7ab4b0e442c565cdce8ac/detection

181.131.217.138:1014
sergiofajardodndure.duckdns.org

# Reference: https://www.virustotal.com/gui/file/77d20c7a8b7bd53e099dc0bc93fe6ebd77af2888903659359bb275aa732885ea/detection

46.246.6.15:8079
jackcopias.duckdns.org

# Reference: https://www.virustotal.com/gui/file/18f2864a63bb2c31d17f93fb41eb527d35cbdbf0fa63d41a60d6fcde4125d044/detection

http://66.228.43.8
194.187.251.115:14645

# Reference: https://cert.gov.ua/article/6276652

http://101.99.92.100
http://101.99.92.101
http://101.99.92.103
http://101.99.92.104
http://101.99.92.105
http://101.99.92.106
http://101.99.92.107
http://101.99.92.108
101.99.75.140:8080
101.99.75.142:8080
101.99.75.145:465
101.99.75.145:8080
101.99.75.147:465
101.99.75.148:8080
101.99.75.156:465
101.99.75.159:465
101.99.75.233:465
101.99.75.233:8080
101.99.92.100:8080
101.99.92.104:8080
101.99.92.108:8080
101.99.92.110:8080
101.99.92.230:8080
101.99.92.252:8080
217.76.59.48:24251
79.137.205.201:15666
remccoss2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4abdfcd240b09c5e1d8cd90d780c3db8f4f3d892be71d7b307d44051e0c15670/detection

46.246.14.15:8079
pradera.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d1f114be8bca0a0ba4a77c505872422ea8eaa94ca640e959bfe05888cc4d50cb/detection
# Reference: https://www.virustotal.com/gui/file/a50f293605d6559b67ef90900ff2a8e0217b18ba8a03e8059e3240096be04721/detection
# Reference: https://www.virustotal.com/gui/file/6fc627420119f7038451c054214d0b912175c039907cd06dd71fd7f2efa0cf09/detection
# Reference: https://www.virustotal.com/gui/file/457228e0ca8403e469fcc929729d0ed6475cfa2c8e9c88f3ad682acdb78db698/detection

178.73.218.7:24251
181.54.74.23:24251
46.246.12.12:24251
46.246.14.7:24251
46.246.4.13:24251
toxica.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a4b821d0cadc92c344c8b60f5290a5e5520fd1fb3813b88c529c48d285b72c63/detection

46.246.12.13:8080
46.246.12.3:8080
46.246.84.18:8080

# Reference: https://www.virustotal.com/gui/file/d49a6a93ff42f203e7fdb1ac967a8e371d98b8fea7b0fa017bb53209c2638991/detection

178.73.192.2:2525
yumaguoc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0b4a03d6f1cafe6b33b43863f07b71984d6cad56d4feed763504f766cc0b5188/detection

46.246.26.10:2404
46.246.4.6:2404

# Reference: https://www.virustotal.com/gui/file/4abdfcd240b09c5e1d8cd90d780c3db8f4f3d892be71d7b307d44051e0c15670/detection

46.246.12.11:8079
46.246.14.15:8079
46.246.4.17:8079
46.246.4.6:8079
46.246.84.11:8079

# Reference: https://www.virustotal.com/gui/domain/peces.duckdns.org/relations
# Reference: https://www.virustotal.com/gui/file/ad4dfd22e897fcd8ba3f53f9cf70ceaec8dfae22b76c0bff2264bbbe8bf6d2e4/detection

178.73.192.15:8090
188.126.90.22:8090
188.126.90.5:8090
46.246.4.13:8090
46.246.82.18:8090
46.246.86.5:8090
peces.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0e299c0d7197a76c0257e2def3474dab4bedd366fb8ead4350e0c5a52cf79f57/detection

46.246.84.13:2424
46.246.84.13:415

# Reference: https://www.virustotal.com/gui/file/107e7bffd42b07556b846f3eb79e39765400299770d01d2445feff1605c65ffd/detection

178.18.254.199:2323
46.246.6.18:2323
bogota200.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-12-17)

109.248.151.72:2179
109.248.151.72:7770
109.248.151.76:1974
141.98.102.187:11274
142.202.191.238:2404
172.245.208.30:45070
172.245.208.30:52707
172.93.164.62:2404
192.161.184.21:24053
193.142.59.211:7257
194.147.140.186:4040
194.147.140.205:4040
194.147.140.222:2025
20.84.117.57:2347
45.137.22.136:8087
5.181.80.139:2404
51.89.208.8:2404
64.237.181.19:1800
89.163.146.42:5000
astucia77.con-ip.com
comercio223.con-ip.com
delamanodedios777.con-ip.com
dfghgfrdsdcvgtrdxcvplkopsdsdsz.con-ip.com
eterno.con-ip.com
eweo9264gtuiort.duckdns.org
fdvijkrfdsojnlmrfsdojnlmfrdvcj.con-ip.com
felipito24.con-ip.com
gfojhvousdovisovosjoisdovn.con-ip.com
gggb2.dvrdns.org
gospel.con-ip.com
horsesnje.net
luci2023.duckdns.org
mesa12.con-ip.com
mxzaa.duckdns.org
mybabygirl.duckdns.org
nazareno77.con-ip.com
novbillions.myddns.me
playman0101.duckdns.org
satura.con-ip.com
suntit.ddns.net
svdjvhinvosdhfojsdfdffhdoflsnj.con-ip.com
tesoro.con-ip.com
tincaanii.duckdns.org
tmsuccess.duckdns.org
wealthalways.duckdns.org
wealthy2023.ddns.net
wealthyman.freemyip.com

# Reference: https://twitter.com/1ZRR4H/status/1736734016789688485

coffeebeanscrusher.com
coolwavecloud.com
mikroservicelogs.com

# Reference: https://twitter.com/smica83/status/1737890435450753489
# Reference: https://tria.ge/231221-vx44dsbcej/behavioral1

91.92.252.201:2404

# Reference: https://twitter.com/Cyber0verload/status/1721982506327589225
# Reference: https://www.virustotal.com/gui/ip-address/194.31.109.82/relations
# Reference: https://www.virustotal.com/gui/file/b802c9fee74a5915eae2186b83885477ba8130d284729bf2b3c60ece4742c8bb/detection
# Reference: https://www.virustotal.com/gui/file/44e593c98acaf52aee91c09fe00fa196668351783fc8a623fc1da5325635130f/detection
# Reference: https://www.virustotal.com/gui/file/3f4321110b3e20a56971194eed40057340fb301e71e8dd8b24d8a5c17ea9f2e5/detection
# Reference: https://www.virustotal.com/gui/file/a7aca87179f51e229aa9a2f13bb8ab76750c8092579cc7b4d0cbc40235cdde27/detection

http://89.23.98.22
89.23.98.22:137
89.23.98.22:139
89.23.98.22:445
npddocs.com

# Reference: https://cert.gov.ua/article/6276824 (# UAC-0050)

http://101.99.75.145
http://101.99.75.16
http://45.87.154.153
http://94.131.102.115
http://94.131.102.117
http://94.131.102.119
http://94.131.102.122
http://94.131.102.124
101.99.75.145:8081
101.99.75.147:8081
101.99.75.14:8081
101.99.75.16:465
101.99.75.16:54550
101.99.75.16:8080
101.99.75.16:8081
45.87.154.153:8080
45.87.155.41:465
45.87.155.41:54550
45.87.155.41:8080
45.87.155.41:8081
94.131.102.115:54550
95.164.35.143:8081
95.164.35.174:54550
95.164.35.174:8081
95.164.35.234:8081

# Reference: https://twitter.com/1ZRR4H/status/1740423278181617962
# Reference: https://www.virustotal.com/gui/file/4cfb8f8f8a4c4f884c01b1ff708568f486144c689dab28aa3dcd2e84e6b0d95d/detection

194.87.31.229:6438

# Reference: https://www.virustotal.com/gui/file/10cae0676fcf60dbbb56266448fff13a2ed236753243fea28d41f3902863e053/detection

15.235.3.1:2000
15.235.3.1:2001
15.235.3.1:443

# Reference: https://www.virustotal.com/gui/file/827aef6c24af890a50222194f62185665ff6bf80bab8fc0c7c0f4222f4e4bc66/detection
# Reference: https://www.virustotal.com/gui/file/0cf6caf94751847e6cbefe0084ed61626045c19412955869feb4e30cfe61e856/detection
# Reference: https://www.virustotal.com/gui/file/f35b3a3ed4f9525f6093f500488c6b28e022f354a12786a2b66bee5197665069/detection
# Reference: https://www.virustotal.com/gui/file/dacc274a2d0eff3a875bdfdc3800f22bb63a7eaef19be29272ab5d28b9d193f7/detection

http://107.175.113.207
85.195.105.66:7010
85.195.105.85:7027
kennyremcosbelintourismedleonline.gleeze.com
/kennyremcosbelintourismedleonlinesssss..txt
/kennyremcosbelintourismedleonlinesssss.txt
/remcoskelivnlinexxxxxxxxxxxxonline.txt
/remcoslandnewbuildertobest.txt

# Reference: https://www.virustotal.com/gui/file/d68810f29a58f09db1f036393cfc52c6b0934e7089077bc90a38fdece78489d9/detection

178.33.57.159:8899
185.196.8.237:4449
194.87.31.181:9587

# Reference: https://www.virustotal.com/gui/file/1a0fbc4bb35eac3cb5a7ce95abc1b4eee36628194326ad3894d0da3e66a98dab/detection

181.131.217.212:1213
maresos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6825089ed1af52418880ec0d831498ab19088676081a2c5c674b5b5e03c7cd7f/detection

179.14.170.49:1213
chupetines39999.duckdns.org
jairsos.duckdns.org
palmita2022.duckdns.org

# Reference: https://twitter.com/Cyber0verload/status/1754953038324785605
# Reference: https://cert.gov.ua/article/6277063 (# UAC-0050)
# Reference: https://scpc.gov.ua/api/files/ca8167d3-fb54-41f3-a531-699845247dcf

http://77.105.132.124
77.105.132.124:2404
77.105.132.124:81
77.105.132.70:2404

# Reference: https://twitter.com/Tac_Mangusta/status/1747042307503698360
# Reference: https://app.any.run/tasks/a006c2e9-2eec-45f2-9dcd-313736bd41c4/

107.172.31.178:14645
remcosmonitor.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3f1bb67aa98c351a393af7d622253dc665254a2eade0dd2e7e08354e935a8e0e/detection

alwehda5050.hopto.org

# Reference: https://www.virustotal.com/gui/file/e929c35d863e401fc1485f99febbc0c15eca608fc8220a4c9da2f72a365422aa/detection

46.246.12.4:8079
46.246.14.5:8079
46.246.80.10:8079

# Reference: https://www.virustotal.com/gui/file/7eb6163c64d8a76a6ae68356a2bf76639603dff973c334ef6ef1064850e9fd9e/detection
# Reference: https://www.virustotal.com/gui/file/5e7737b52af57557cae41a5c592019b693a1aef166dbe57dc55481ca1b0e0152/detection
# Reference: https://www.virustotal.com/gui/file/4ed7b20aba7daa1ecf923869f49593bcf1a1b0141dd8a99a8addd23d4e1583d7/detection

213.152.161.165:37830
213.152.161.165:8347
213.152.186.168:37830
213.152.186.168:8347
213.152.161.244:37830
213.152.161.244:8347
wenevergoing2abuse.xyz
top.wenevergoing2abuse.xyz
deadyh2849ijest.duckdns.org
highestlotto.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/213.152.186.168/relations

jakesjackett.duckdns.org
jakesradarr.duckdns.org
johncena141.eu.org
namelessdot.kozow.com
roadf.duckdns.org
zilla2.airdns.org

# Reference: https://twitter.com/Dkavalanche/status/1747672939212718116
# Reference: https://twitter.com/1ZRR4H/status/1747755216210944179
# Reference: https://www.virustotal.com/gui/file/27d5953995df9205a0450564a57b22a45ed9985231d793d26f3a2427fc712a9e/detection

191.88.251.13:7770
sexoanal777.con-ip.com

# Reference: https://www.virustotal.com/gui/file/4effb7493819e25c61af5e224d8a774652957b99ec1faca19e1c84bd0c9ff840/detection
# Reference: https://www.virustotal.com/gui/file/db818294e50a757b1511cb2ac06b678e829c5328e920c5105ec30985e585b2c0/detection

http://185.70.104.90
http://77.105.132.70
185.70.104.90:2404
185.70.104.90:465
185.70.104.90:8080

# Reference: https://twitter.com/Tac_Mangusta/status/1749763630847987861
# Reference: https://app.any.run/tasks/c6adf0f3-8207-4605-ae70-0ed04c3070d7/
# Reference: https://www.virustotal.com/gui/file/0cb44c4f8273750fa40497fca81e850f73927e70b13c8f80cdcfee9d1478e6f3/detection
# Reference: https://www.virustotal.com/gui/file/746eec0fdae9a2c542baaa19aaf0ea70d3b96cfc36c15ac1eea7ae444d90fc58/detection

140.228.29.110:5500
vnc2024.gleeze.com
vnvariant2024.ddnsfree.com

# Reference: https://twitter.com/gothburz/status/1749772029270642884
# Reference: https://app.any.run/tasks/c56661ed-55ca-4580-ad28-e76474552388/

http://107.174.212.74
2024remcmon.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-01-23)

107.174.142.70:10090
122.176.133.66:2404
122.176.133.66:2667
149.56.240.44:2409
162.218.122.24:5707
163.5.64.15:57844
181.131.217.74:1998
185.189.112.27:2529
193.222.96.21:29871
23.155.8.220:14344
44.31.248.7:1800
44.31.248.7:2404
45.95.169.102:2404
49.12.86.61:2404
64.188.20.177:1053

# Reference: https://www.virustotal.com/gui/file/318ed6c3c58cdc5ba824bcdf401e7f7f613442e252239b641a294fafade1806e/detection

213.152.162.165:3241
213.152.162.165:3650
kingdom2019.homedns.org
maelus.mine.nu
remcos.dyndns.biz

# Reference: https://www.virustotal.com/gui/file/05df7a0c57ddb53db47daa1e23462221b9dcadf8ed43341a6722b16f4e5b9216/detection

54.94.248.37:21412

# Reference: https://www.virustotal.com/gui/file/5872cad57194202b403ee89adc743a2a6c4fddcf74b0f92115143d2b70876e51/detection

147.124.215.172:2424

# Reference: https://www.virustotal.com/gui/file/aebd61e3f2fd8cd993e843e28b39440b5f0c1a127e110a2926a55a6f1617c9f1/detection
# Reference: https://www.virustotal.com/gui/file/6e6a096ae62624f1e6d03d63d0bbeea75193b919dcde9b380d0d5d20967a00ac/detection
# Reference: https://www.virustotal.com/gui/file/25d3e09d8870acae1772f501d6f86e7da48bf2c78fd942052db49cf4ca305e09/detection

91.92.254.198:2090

# Reference: https://www.virustotal.com/gui/file/770c9005bd4ff01294d09e8aab9852791ec27751dfbae1b4fdad3d36042dabb2/detection

103.114.163.134:2404

# Reference: https://www.virustotal.com/gui/file/2e0cf356012de3636858096f1966ca0c68a9a60f22f575d5035fdb953b90e909/detection

http://95.214.24.37
185.225.74.112:2404

# Reference: https://www.virustotal.com/gui/file/08f99aa27cbedd18401cfae07c7dd2e79966c6f63777fb95bc7a73c5cad5a537/detection

45.81.39.190:30890

# Reference: https://www.virustotal.com/gui/file/2893876f26c73d7dce1828babf03dfd9551c3d36a7b8de144daef87d7e1e102c/detection

45.81.39.190:30890

# Reference: https://www.virustotal.com/gui/file/107a9d29c7ff748aec36940674dbf6be004aad0f70acb725e7f06f34f5e9a546/detection

91.92.252.36:2090

# Reference: https://www.virustotal.com/gui/file/6e6a096ae62624f1e6d03d63d0bbeea75193b919dcde9b380d0d5d20967a00ac/detection

91.92.254.198:2090
91.92.255.165:2090

# Reference: https://www.virustotal.com/gui/file/65c3dce03d8a78cd9ad2c634fdafb71036aa8ba025e8a818c67cab9ca2894d14/detection

91.92.255.22:2090
deviltelegram.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/4d63da19dcd26f061f8d68c63ac1f2bbda04042fd07424242d8813b1bf11abd4/detection

91.92.255.87:2424

# Reference: https://twitter.com/doc_guard/status/1752343177896317394
# Reference: https://www.virustotal.com/gui/file/346d471bd9f585ac6a4a6b6e11a12004edffdccf92680d701935a7e653fb2b0d/detection
# Reference: https://www.virustotal.com/gui/file/f8cbeec0ed28a8828e727c4059fe0d3bf3b34abb3978cdaf112bc36eec83983e/detection

23.95.60.87:8823

# Reference: https://www.virustotal.com/gui/file/e568039b89b31c048803401ee0f8f3b1d521d30518e214a50cf0c9dcb022c8ed/detection

185.174.101.104:8889
jgm.kozow.com

# Reference: https://www.virustotal.com/gui/file/e88fe7b93cad3649ec872f78fbd781d686da10df0a9edfdd006f41d09aae26a0/detection
# Reference: https://www.virustotal.com/gui/file/a356b0460dbf9bf47d9b0901d031222238ef86edef49fd39eb32d191b01831d4/detection
# Reference: https://www.virustotal.com/gui/file/9f41ac11c9c83ca7914c656210a5331a2b5e84192fa40dfbcf3dabdb8721a6bc/detection
# Reference: https://www.virustotal.com/gui/file/50fe957b824b5281935a348299b20b888ff1fb0e954fedfbefcf72ba3216d50d/detection
# Reference: https://www.virustotal.com/gui/file/3e2d85e28e433727f9e127271dcbf0ac833c160de97097f8ecb19bb74b77389f/detection

149.202.127.103:5550
185.174.101.114:5550
ooop.casacam.net

# Reference: https://twitter.com/malwrhunterteam/status/1752677381091762280
# Reference: https://twitter.com/1ZRR4H/status/1752739473245237278
# Reference: https://www.virustotal.com/gui/file/1afa97a4a2c1d6bae74b4b76298b85de076a084bcee539b9503a3d4bd1d13016/detection

104.243.242.194:39841
brodbeckconsulting.com
blessingjumarou1ubk01.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1a5fef4a3bbce0a3e77343c3794484a88a4cbe42a466e09749aba58ea081bd8d/detection

203.159.80.101:6553

# Reference: https://www.virustotal.com/gui/file/5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b/detection

185.102.170.122:4145
spapertyy.duckdns.org

# Reference: https://twitter.com/k3yp0d/status/1754380225792577647
# Reference: https://www.virustotal.com/gui/file/e59274d207874f12c6d07fa5b51a9dfeaa317e62ecf2d9649c23ea0b0a90c8a7/detection
# Reference: https://www.virustotal.com/gui/file/28e6753f8f47db2a1336c0879ddfe54a7c9c38c14512d918bee4f573e531c7ad/detection

46.246.98.161:32546

# Reference: https://www.virustotal.com/gui/file/40fa3f0245a23b91aa7e566354a293cf3274c36f3fe2a5b5218396c9424ef14a/detection

94.156.64.228:3039
inforsaservice.africa

# Reference: https://www.virustotal.com/gui/file/2b40c1d597121cc34d742525a17ba6b1debfd07d7564e1ee73aa33a1cfae291a/detection

94.156.64.228:9035
express104.duckdns.org

# Reference: https://twitter.com/smica83/status/1757513596014117203
# Reference: https://www.virustotal.com/gui/file/b6797391d325130f1f9eec9e9c3fce701de47e21ef0f3a24ccd46a6933156171/detection
# Reference: https://www.virustotal.com/gui/file/70b4a41e1eabeccdb8bfe9f88afccc0e4565e082df34392376e6c18779c7ea56/detection

http://172.206.61.17
http://70.34.220.238
172.206.61.17:55642
mamsc2.ru.com

# Reference: https://www.virustotal.com/gui/file/07a2b2929840caf05d6e56ef54825e994dc7bce4ed5756a4a73ecd7461c2e7f6/detection

5.39.43.50:2875
5.39.43.50:5552

# Reference: https://www.virustotal.com/gui/file/1d90a454b56c8addb0d28cea148a10a6a10b380fc246985f596f7ebf5e717820/detection

186.169.36.241:1010
186.169.60.26:1010
186.169.80.244:1010
krater1.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.249.218/relations
# Reference: https://www.virustotal.com/gui/file/f4925558b595d236a2855ec39ef7ac33f7d708e5b516ba2594bf11cdc3d5ee32/detection
# Reference: https://www.virustotal.com/gui/file/7011e943cedb2fceabf6e1c4af34ada670b497a6bb62391f86e1a46988c43d86/detection
# Reference: https://www.virustotal.com/gui/file/11dd7ec0b0e2b3ab66eb6a9898b2913cb65bd825d18ad0a3b69dd3da446f0283/detection
# Reference: https://www.virustotal.com/gui/file/04dc94bdbdf01a1847d5ca096802054030da166a33579b38cf32c53eac80c10f/detection

191.88.249.218:1777
191.88.249.218:7770
cholin777.con-ip.com
elgigante.con-ip.com
elgrande.con-ip.com
gomelo.con-ip.com
hebreo.con-ip.com
jerusalen.con-ip.com
mazaltov.con-ip.com

# Reference: https://www.virustotal.com/gui/file/b51400c9b5e55cf635f8b65346ec30c32d6a0195b033fbf73747c00564991d17/detection
# Reference: https://www.virustotal.com/gui/file/a2f35efbce3c610c6fe4da5d568af9a060cda5d2959c27e81874a4afc78f5c0a/detection

191.88.250.230:1998
deusdsfduhfdjisjdfasaxc.con-ip.com
sssssssdhhdiodhuhdisdisgi.con-ip.com

# Reference: https://www.virustotal.com/gui/file/948aeed2454ef21d5484ff1f1f838190c3ac06eaeefa666d2503a00be6cfe7a8/detection

graciasdiosito.con-ip.com

# Reference: https://www.virustotal.com/gui/file/13d4f10bfea71cb0047b449cdc892bfb660c1457234db1caecc6c88237d2931d/detection

matusalen77.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.250.230/relations

anhelo.con-ip.com
bendecidos.con-ip.com
dsfkdsvnlsnvklvdsnvodv.con-ip.com
edden.con-ip.com
enticonfio.con-ip.com
ergdsbsicshdfsijfsiudhf.con-ip.com
galaxia.con-ip.com
memorias.con-ip.com
nuevocomienzo777.con-ip.com
ostentar.con-ip.com
persistencia.con-ip.com
salomon77.con-ip.com
sion.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.249.200/relations

191.88.249.200:1998
191.88.249.200:7770

# Reference: https://www.virustotal.com/gui/file/4ab2455d35d3b218b13a212d8cb262904a390008f3647a5a727f7b3adb5c7cc5/detection

181.131.218.222:7770
farsante9.con-ip.com

# Reference: https://www.virustotal.com/gui/file/ac161b5d27f0cadeccd1174771eaa47ee88167df0a2f8f8d3139a9fdba7766fc/detection

191.88.250.230:7770
anguila.con-ip.com
jireh.con-ip.com

# Reference: https://www.virustotal.com/gui/file/8bc109418958f77b0dae770f503660da9dd09a844d52a75fb2dbb2e2274610d4/detection

sieteninas.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.218.222/relations

abundancia777.con-ip.com
caramelo.con-ip.com
gamin.con-ip.com
redentor.con-ip.com
salud77.con-ip.com
yahweh.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.218.118/relations

181.131.218.118:1998
181.131.218.118:7770
lesbiano.con-ip.com
ruby.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.217.136/relations

181.131.217.136:1998
181.131.217.136:7770

# Reference: https://www.virustotal.com/gui/file/1838aa30d4a9346eadef17376e9f57a05cd4e325b1e6c1e3b57fe1eaa5253191/detection

181.142.162.155:4576

# Reference: https://www.virustotal.com/gui/file/5b935616f3d93c9168f3af28c4aa108118607afcb98e9843325ee6fabdb58dde/detection

103.68.85.205:35890

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-02-24)

http://65.20.81.37
http://77.105.132.92
103.186.117.105:1970
103.186.117.181:1775
103.186.117.186:2404
103.186.117.232:1985
103.186.117.238:1941
103.186.117.77:1760
103.186.117.77:1761
103.67.196.125:4505
103.69.96.162:4502
103.77.243.159:4042
107.173.4.16:8787
107.174.138.159:1900
109.248.151.96:52048
139.28.36.84:2404
172.245.208.5:2060
172.86.69.21:4042
172.94.12.73:1979
172.96.14.30:6871
172.96.14.33:6789
172.96.14.67:9785
173.211.106.128:7785
178.33.57.148:7634
185.222.57.87:4505
185.222.58.252:1992
185.222.58.40:1990
185.236.228.203:2024
188.116.23.142:23033
192.177.111.126:2404
194.147.140.132:9231
213.152.162.89:9702
23.106.121.133:1177
23.155.8.220:1800
23.155.8.220:2404
45.156.21.39:3443
46.183.220.203:35966
46.183.223.29:2404
62.102.148.185:9771
64.188.20.186:5050
64.237.213.102:1800
65.108.24.114:2404
65.21.212.85:2404
72.11.158.94:1604
77.105.132.92:21
77.105.132.92:2404
77.105.132.92:463
77.105.132.92:465
77.105.132.92:4899
77.105.132.92:60989
77.105.132.92:81
83.137.157.54:9231
84.38.132.126:61445
89.249.73.162:2479
91.223.3.151:4508
91.92.242.176:51480
91.92.250.122:2404
91.92.252.26:7766
93.177.75.98:56816
allsmt.cam
callii.ydns.eu
jnchina.ydns.eu
mfreshbnrem.ddns.net
wiund98272sb01jshbq.con-ip.com

# Reference: https://www.virustotal.com/gui/file/d6c4e74a2a9ccdbe06290419c73185b032757f9d595b42029e8c245406a5731e/detection

103.239.67.36:4546
payday27.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f51637225f10b37a9dde2d4c6cd64e7aae92713e53acdf5421d628b8d9009397/detection

fressos.jumpingcrab.com

# Reference: https://www.virustotal.com/gui/file/32c38d159ca596fc6f8696c7462299312a8b243dd4ea75086946494f5c5cd801/detection

194.49.94.62:3542

# Reference: https://www.virustotal.com/gui/file/e96aed97b899d7cfc37b229f045f6b87623f9abd97b15256fa6322685cb2c5f0/detection

109.206.243.117:3542

# Reference: https://www.virustotal.com/gui/file/6f156a6c661f4b68eb1be00e5a1be53fb80f05af516ef4dcdd7d3e937a1db580/detection

85.31.45.55:3542

# Reference: https://www.virustotal.com/gui/file/6c0f5a9bf9bfd84be91f3d84335b63ac95ac2b227fedc5de439971577328ac30/detection

194.49.94.62:3542

# Reference: https://www.virustotal.com/gui/file/fef21a629ada2ecd6ebdaa88757c3d22ab39e3b253be3d6d2881401dcbe56c9e/detection

51.38.94.188:3542

# Reference: https://www.virustotal.com/gui/file/eda41d23c7bc84ea300f808dfe9e8e8fafbaa391e83a86a2f0e5386e4687de3b/detection

45.155.165.172:3542

# Reference: https://www.virustotal.com/gui/file/f6286150f55733d8d1d98902d0037675c909e22db24ac5775582b940d4c443ee/detection

85.208.136.233:3270
lapokims.ddns.net

# Reference: https://www.virustotal.com/gui/file/ca34c0e11484d4b311aafcd3de089a5e0e71fb83685a0fe2e1b0d60b53bb7aa2/detection

91.92.243.163:3241
chukwuonye.duckdns.org

# Reference: https://any.run/malware-trends/remcos

aljob24.3utilities.com
bedende.duckdns.org
buike0147.duckdns.org
conected.gotdns.ch
dgfgsdggfssdwdew.con-ip.com
enero2024.con-ip.com
fenvijsdfidfisdiodwhfuew.con-ip.com
gonzaloescobarlora09.con-ip.com
i0fjgegoergijerjgoej.con-ip.com
marzo5.con-ip.com
marzo6.con-ip.com
novomrcos.duckdns.org
patillal1.con-ip.com
sdfsdjhswdbjhd.con-ip.com
teamadmin.duckdns.org

# Reference: https://twitter.com/Cyber0verload/status/1770450767708577984
# Reference: https://www.virustotal.com/gui/file/629ddfa5ec4865204854218e457e9b89091f8e62a1c1149726d521a00a0c2f38/detection
# Reference: https://www.virustotal.com/gui/file/e8c709806823eb45fda01c05d8f93fd616b39dd7ca817c4b444c957b9f7230b8/detection

94.156.69.149:2445
newerra.duckdns.org

# Reference: https://www.virustotal.com/gui/file/95669357d566e842f080358e9b1cdcfdea9419a49f252d05ea3b3566f4f22eec/detection

185.161.208.123:6655

# Reference: https://www.virustotal.com/gui/file/f5760b1ca60bdaf8f4b6f28838fbf2009df3405f8023bd544042ab415de8617a/detection

104.223.119.206:45682
46.226.164.175:1234
softwareupdatexkwre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e1cb41543e7c1f4fb4809f85e8c2e95b8e8cfdfe1c10cabdfdf66d0f6833d24b/detection

66.63.162.155:1608

# Reference: https://www.virustotal.com/gui/file/44f329aab838c260ec6eb949069db14abc1c7719dbd3101f8dae1e3af83180f9/detection

185.174.101.104:5030

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-03-24)

http://147.78.103.250
103.186.117.243:1947
103.186.117.66:1906
103.198.26.210:1902
103.67.163.213:9462
103.77.243.215:2404
107.172.31.178:2404
107.172.31.19:8823
107.175.113.194:2404
107.175.113.196:2404
109.248.150.210:50270
139.64.172.17:2404
172.245.208.13:4445
172.93.160.2:2404
172.94.54.167:2404
176.31.196.206:2024
179.15.14.181:9091
185.255.114.104:2404
185.255.114.127:2404
186.169.60.250:1987
192.210.201.57:52499
192.210.201.57:52748
192.210.201.57:62289
192.3.109.132:4445
192.3.216.131:1808
192.3.216.140:16519
192.3.216.140:52498
194.147.140.146:6609
195.54.170.36:22033
20.121.128.235:4674
20.121.128.235:4834
20.121.128.235:4845
20.121.128.235:4876
37.120.235.114:2269
64.237.212.192:1800
83.137.157.61:9231
91.92.241.203:37942
91.92.251.30:2025

# Reference: https://twitter.com/naumovax/status/1772304102078218701
# Reference: https://www.virustotal.com/gui/file/93946883de3d4074ac4baed60abcc3f2d0c57c8ef6e41ceaedbc5ca0de55dc30/detection

http://147.185.243.107
103.195.103.144:14645

# Reference: https://www.virustotal.com/gui/file/1d4e2459d8bee6025192c3d3e51adbc9b3845c6ae3b2ef463a4c308067a129a6/detection

91.192.100.22:8100
remco8100.duckdns.org

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/surfing-the-tidal-waves-of-hr-themed-spam-emails/
# Reference: https://otx.alienvault.com/pulse/65a98c8e9a48c29463a4edc1

ujuandjule.ru
twwhvw.ujuandjule.ru
bafybeidobzpdgxhc4eotu5kbojpfltyd4sjsn5gxqbp35k32ymhtibeucy.ipfs.dweb.link
pub-d6a35764152345299e690fcaba91066e.r2.dev

# Reference: https://www.virustotal.com/gui/file/12f70c8a78288b74dbe4975aaad95a83aa9b32c61a7897f25af6dd743b9554bf/detection

195.3.220.212:9191
rotamotusir.su

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-03-31)

107.150.18.202:2404
194.147.140.180:1987
66.50.11.141:1800
91.92.247.97:2505
covid19help.top

# Reference: https://www.virustotal.com/gui/file/98aef3b7d82c35811b70cc727baffc0e456bcd8b0f3db3f3053fa53fbd6c05f2/detection

213.152.162.154:48483
shelly456.duckdns.org

# Reference: https://www.virustotal.com/gui/file/857d262fb83c22ea5a0f194c93aaeb4f8a614906ea6e5dc0f2584b8a32a944e6/detection
# Reference: https://www.virustotal.com/gui/file/5e4d84732f87ab574ed37f76467b451bb3ed392132ac850e79860d453fbbfe98/detection

149.154.161.221:32491
185.161.209.202:36745
185.174.101.134:21352
213.152.162.154:32491
marianna.hopto.org
myshara.ddns.net
mysharing.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.157.162.141/relations

sinzu1.ddns.net
sinzu2.ddns.net
sinzu3.ddns.net
sinzu4.ddns.net
sinzu5.ddns.net

# Reference: https://www.virustotal.com/gui/file/7c3ee63168ad6a482c01546202c85ab10c7b2196672bd42876b760f15ea96e05/detection

jaztc.duckdns.org

# Reference: https://twitter.com/johnk3r/status/1775646168489267515
# Reference: https://www.virustotal.com/gui/file/90aeca3777576bf0d4928c488d1f60752a81cd8fb6050dbb69697116003a5ba5/detection

191.88.250.15:1880
josealdogamarralora09.con-ip.com

# Reference: https://twitter.com/Cyber0verload/status/1775915149901049925
# Reference: https://twitter.com/Cyber0verload/status/1775921483673391398
# Reference: https://twitter.com/Cyber0verload/status/1775933494029431294
# Reference: https://twitter.com/Cyber0verload/status/1778888227186737325
# Reference: https://twitter.com/ShanHolo/status/1775981408592294283
# Reference: https://cert.gov.ua/article/6278521 (# UAC-0184)
# Reference: https://www.virustotal.com/gui/ip-address/185.196.11.194/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.61/relations
# Reference: https://www.virustotal.com/gui/file/2e7aa640b2da6d9350afba1b8ad0b65bc85ac335dde42f08cd540da8580e2a78/detection
# Reference: https://www.virustotal.com/gui/file/e72f17d6111a1a7b814f0b10a708b7e5edadb990f19b6dc95014b65a8dd2d144/detection
# Reference: https://www.virustotal.com/gui/file/d8c2df12fea48c073ee89e11bfb7900dcb683cbf1b637a68a0ff0be6141cdec9/detection
# Reference: https://www.virustotal.com/gui/file/8dc1d26c3868ff1b7168304ff5a58d19e442073fdbd8f8e4ac276fef1c6715f3/detection
# Reference: https://www.virustotal.com/gui/file/47cfe61bccad89c5224246133274d8d2bdc77c1f8a93db51917a428ab33f2e03/detection
# Reference: https://www.virustotal.com/gui/file/46cb4538eef46a475ceda72b082d94e3e9fefba0e8e493a590ad2f1c281cca08/detection
# Reference: https://www.virustotal.com/gui/file/632bcce7ac08303c8f7d9784035ae4b044bc9fccca9bc11db94fc532e6939704/detection

http://51.38.145.47
178.33.57.148:443
178.33.57.149:443
51.38.145.47:8080
88.151.192.14:443
94.156.66.107:9000
51.38.145.47.sslip.io
biches-yeah.co.ua
i-like-hokku.co.ua
one-more-chance.co.ua
owly-hoh-and-hop.biz.ua
specter.co.ua
the-new-age.co.ua
we-are-happy-here.biz.ua
yeah-biches.kyiv.ua
/hooks/adolf?id=
/hooks/hitler?id=
/hooks/hoh?id=
/hooks/stalin?id=
/hooks/virustotalsuckmycock?id=
/virustotalsuckmycock?id=

# Reference: https://www.virustotal.com/gui/file/0bcb0e09cea6aee6519b897b38137ed629f03286f45e5af05cc26d2ca7547cb3/detection

186.169.80.244:1214
newnjazules1.duckdns.org
ver4-81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a84679de0066291002f90b6fda1792c1efaf701dcf8ba46a016e2cebb8bc7220/detection

194.147.140.150:3838
remdec.duckdns.org

# Reference: https://www.virustotal.com/gui/file/13d86de442fd832c83a9fcdd7e3b25729818cc4d6fc395d015a34d07d8a461f8/detection

18.228.115.60:12185
18.229.146.63:12185
18.229.248.167:12185
18.231.93.153:12185

# Reference: https://www.virustotal.com/gui/file/eb80567949112f500d2ad5a7a1cd7a743d452fa3dfd8ef7f117cec26633f90c2/detection
# Reference: https://www.virustotal.com/gui/file/1c9562e4fa4f2e47a340161fcd08b6ad549ff329a81d125aaf87ce67554eaa76/detection

179.13.0.175:1988
informes8520.duckdns.org

# Reference: https://www.virustotal.com/gui/file/33ecb8873ad1eaeedbefb22aad4bfda2ef1535496038a0f5cb8f766c6cc268c7/detection

179.13.0.24:7089

# Reference: https://www.virustotal.com/gui/file/f9cf48429302e6d13375316cdec3ea2a4c76fc0b303f791093ef738b4dc8aa75/detection
# Reference: https://www.virustotal.com/gui/file/1a5e416c52c05aa813b4baaeddf2a13945fc20d667c13fbafe4e52d73ce17292/detection

134.19.179.195:9702
213.152.187.230:9702
trfsgysu28opask01.duckdns.org
trfsgysu28opask02.duckdns.org

# Reference: https://x.com/karol_paciorek/status/1793596358819274815
# Reference: https://www.virustotal.com/gui/file/6778fea0bea7bd311fbda7b2f6257a7826733a664199d8073c878e401ba20a33/detection
# Reference: https://www.virustotal.com/gui/file/622ba1289dd4dfffa369ed39129e5b5e4ea17a4764cc2da4c72620719548cfde/detection

144.126.131.93:2404
149.102.132.238:8080
185.174.101.90:2404
bbhmeetre1ms.freeddns.org
meetre1ms.freeddns.org
mysmeetr.ddns.net
mysweeterbk.ddns.net
myumysmeetr.ddns.net

# Reference: https://twitter.com/naumovax/status/1784224878293319902
# Reference: https://tria.ge/240403-cl89vsch6y/behavioral1
# Reference: https://www.virustotal.com/gui/file/7efd9de26a438503b6d0bc112ed76e29db45c3341b4b82ad81556c6218ca37cd/detection

216.218.135.118:45000

# Reference: https://www.virustotal.com/gui/file/bf9ad6d5ab052e617886367c51000ec1cca0e540649ceeb77ff9ea4f7b70b8dc/detection

174.127.99.167:8970
185.174.100.34:8970
185.244.30.12:8970
duckkill.sytes.net
kingkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/110680ceaaa3ef42c7f4c89579adedaa3c6703c4bab543ca29c35ed183f3a754/detection

ubasinachi2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/d7debe5620f6e49a6a08c61c8b76c29aaac9311e140364474bf9016b901b1093/detection
# Reference: https://www.virustotal.com/gui/file/8a2f3206cbe0c4829ab419e14169b4df759d9f265d571ddd776f1cca00187b12/detection

gracewaki2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/2b87f312cf2c6528b50e25f4122d4433c2d7ca49e51f2e179565b7fb68ae74f4/detection

185.19.85.139:5505
37.4.252.98:5505
siojfhaolkisjfoajfo.ddns.net

# Reference: https://www.virustotal.com/gui/file/f32a97f563252bff61946e173b7450e55fefcaa016e7d805fb7b27bb89e44bde/detection
# Reference: https://www.virustotal.com/gui/file/d7a883e46da3c5969be0f5eb66a79fc1fd07d7fa942e40f8e1c66deb77891b24/detection
# Reference: https://www.virustotal.com/gui/file/52c8758531cefdc3e47582d7247f2c2bbcd9176dfc3263f32b8e5d56c448171b/detection

185.244.30.9:3535
78.182.1.79:3535
pranti.ddns.net

# Reference: https://twitter.com/ScumBots/status/1784625972894998577
# Reference: https://www.virustotal.com/gui/file/4c28b6d5329d067a5887a65dd287ddd2bbdfe3e30cfea5cd023ff3971938e9ef/detection

103.224.182.242:8889
sendfiletiahforem.ducdns.org
sendfiletiahforem.duckdns.org

# Reference: https://www.virustotal.com/gui/file/932eba9528131b4579b904b174641a3ee5430cbd521e96497a9c1827ef6b1973/detection

185.161.209.155:2444
jsjs.giize.com

# Reference: https://www.virustotal.com/gui/file/ad3dc7a0c6ce33a7e45775b3452343eb748fab8823311df58d4599d6a203ff80/detection

23.249.165.210:2424

# Reference: https://www.virustotal.com/gui/file/11825db772e53bbaa461c8c4350bae0cffd8d1dff823bd504339e3bb23e517a4/detection

94.156.69.232:22891
94.156.71.108:22891
94.156.79.125:22891
ready4u.ddns.net

# Reference: https://www.virustotal.com/gui/file/91e4bb8408db1e54d407d1859cbdde5c9df1a70c755474b5c7542ad661e30d00/detection

185.206.225.59:52182
dave17.bumbleshrimp.com

# Reference: https://twitter.com/ShanHolo/status/1788512597660033228
# Reference: https://www.virustotal.com/gui/file/7e6ba6f340da6ec5121f2c910b376fe4a23adeed64ab239a295864c136eb40b1/detection

http://107.173.4.16
107.173.4.16:2560

# Reference: https://x.com/banthisguy9349/status/1791867832071757869
# Reference: https://urlhaus.abuse.ch/host/94.156.68.227/
# Reference: https://www.virustotal.com/gui/ip-address/94.156.68.227/relations

http://94.156.68.227
seaview.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/92c36cb8d0ab070bb2fa32857c4e8a21fb4f41977fbd06a1c3b6d195a9a42d0a/detection

102.218.89.31:7658
2.59.254.111:7658
albuckar.duckdns.org
bigfish.zapto.org
buckar.ddns.net

# Reference: https://x.com/karol_paciorek/status/1793201205050499327

185.196.11.223:1998
185.196.11.252:1998
85.239.241.136:1998
91.92.249.94:1998
94.156.64.207:1998
94.156.69.136:1998
94.156.69.226:1998

# Reference: https://www.virustotal.com/gui/file/9e66832c750261b33f6357cf7043836a6e3fc44abbb2d3ecca268c66e12f18e3/detection

rencosmayo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8152e6c6b226a3c11b6d0a358f611ac3f23630fc497f7875f2406041fe0f804e/detection

46.246.84.17:9078

# Reference: https://www.virustotal.com/gui/file/e072cb74d516f3e768ccccde32c9bfe62fb5748a900e3e9cec6b32315a963584/detection

179.14.9.158:8899
181.52.102.110:8899
191.88.248.162:8899
191.88.251.248:8899
keys2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/814c772578aa45400ad6b80ec10ba54b222cf8f7f8369f054b01e5dde8531073/detection
# Reference: https://www.virustotal.com/gui/file/4815ea5836d7caa023355795b41170b08f9fbdfb0d326a32649918248d1b768f/detection

181.141.40.28:1213
191.88.248.162:1213
sost2024ene.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4c25904caad0e4c31bf2285e99433b9a4cb1901d49968d26b704a9e1ce7db4f9/detection

181.141.0.88:1012
centroremcentro.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f6f0b9b8b7a2ee0a64f33c5df868a2ae646d9c5ca161b7031994db881ec2b11b/detection

179.13.3.249:1011
181.131.216.115:1011
cuarentaynueverem.duckdns.org
cuarentayochorem.duckdns.org
cuarentayseisrem.duckdns.org
nuevamandadaahorasi.con-ip.com
octavoserdns.duckdns.org
sesentarem.duckdns.org
sesentaydosrem.duckdns.org
sesentayunorem.duckdns.org
videollamadaconipservicios.con-ip.com
zunildavergaradns.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/179.13.4.178/relations
# Reference: https://www.virustotal.com/gui/file/9c6be56b2bb73d2340ef1fb3588ac4504f4d4aa373673d13e3aeb3f44a1e1b8b/detection

179.13.4.178:4040
sebastianferreirodns.con-ip.com

# Reference: https://www.virustotal.com/gui/file/5798d9ac4b8c65ad1b2e592ddced6d93a44a7973575b8a9c7f38e7f4e053b95d/detection
# Reference: https://www.virustotal.com/gui/file/b52deff2531a031eb44ddf692dabf3ee414b4a5702319a78df23f9894d28b9b5/detection
# Reference: https://www.virustotal.com/gui/file/d26905886a1f3e12a5af7e473ef805a346b8c89f68a2855128745b26212f78d6/detection
# Reference: https://www.virustotal.com/gui/file/4482d14ed386eae07d5c6495adc13902139be57ca49a06bf3e54f4c2beaadadf/detection

181.141.0.135:5023
181.141.40.74:5023
181.141.42.4:5023
191.88.248.74:5023
29idjidpoiic903jnu92cvvvew.con-ip.com
73uhd7893hn23cvshdscw.con-ip.com
7g378gd2udx98d23d.con-ip.com
angulojaider87.con-ip.com
komiviecni3812.con-ip.com

# Reference: https://www.virustotal.com/gui/file/aecea027823501894725b21789c9da56992213e00e007c6b4e0f8839237faf71/detection

http://91.92.254.152
109.248.151.170:2404
109.248.151.170:6565
gggb2.dvrdns.org
bnfjdbhgo.duckdns.org
ghuytyh45.duckdns.org
sahjwevhjrsan.duckdns.org
mkknew.oss-cn-beijing.aliyuncs.com
mmkknn.oss-cn-beijing.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/cce955a091518aefb9693ba4e103cdc31afc138c9eb9503984bf08f5f70eff46/detection

185.29.11.23:10521
embargogo237.duckdns.org
embargogo2378.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5716ca13a390d744b1276a1ca83f837f55f797a53b68fa1c738939c94f19f52d/detection

45.74.19.121:7927
45.74.39.51:7927
elmauz.freemyip.com

# Reference: https://x.com/1ZRR4H/status/1798735303286685905
# Reference: https://www.virustotal.com/gui/file/e029f20edff24955bbfc954ba9b6408afe55e0f8c52ee7dbdd46e5ca22da70a4/detection
# Reference: https://www.virustotal.com/gui/file/d9ffb32f33d1f16ca20346890449d410edb025a631f40b277c692474ba0c0318/detection
# Reference: https://www.virustotal.com/gui/file/1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2/detection
# Reference: https://www.virustotal.com/gui/file/ffd9f2e324d3baff97628f057532ff8fbd553a22b3d6fb375ca89879f42d956b/detection
# Reference: https://www.virustotal.com/gui/file/3afc8ef18d02bf8c40ba4fb029058c1f7d4bfb10f05d0dd281db6695091100ae/detection
# Reference: https://www.virustotal.com/gui/file/345c76d39f1b71665c9ad3c4dbef1aee57e25d0b181c19c6e5d0116fce6e86ef/detection

104.243.242.137:7035
46.183.222.46:5111
77.221.151.22:7070
77.91.77.107:7070
deytrycooldown.duckdns.org
newlink.duckdns.org
pattreon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b70e59a589cca565eb07ae8489590f19bf28a6176e38c2d117d41ed4d58578cb/detection

178.215.236.100:1486
gymacademie.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc8d3ca124b39f73a8517c8edaf52732dc7766f405dda194114e58f8f841778b/detection

82.102.27.171:43833

# Reference: https://x.com/banthisguy9349/status/1799482287752651227
# Reference: https://www.virustotal.com/gui/file/635afa4851ab707d7527325d132caabb0387cb5a3ae3eccee23b3c8891fff4d5/detection
# Reference: https://www.virustotal.com/gui/file/6453ff4a1251fd031693f652a2e446c2c5119170758b7b5e71895bfd4b38f6a8/detection

185.140.53.144:8691
megabytemantom.com/file_d/
megabytemantom.com/luck/

# Reference: https://www.virustotal.com/gui/file/0ff5577cfd7a88944989af7cca1d21a7ee820521fc3d283808b0824770979f53/detection

46.246.6.210:8079
aseguroremcos.duckdns.org
fade2288.ddns.net

# Reference: https://www.virustotal.com/gui/file/c43279eb52c1a6cde692ce0f4b1b6f30f2b346e9fa2faaff00b7bcacb53c5d13/detection
# Reference: https://www.virustotal.com/gui/file/174f4f8590436762a9557ccecbefc30b685ac5c4623c7f275203bcfbe8dd6f4b/detection

185.244.213.31:6006
185.29.8.44:6006
187.58.168.116:6006
31.220.7.204:6006
remcos.ddns.net

# Reference: https://www.virustotal.com/gui/file/a92cea8bd1038d53e05f5a8b9c01a2980e9f9b092cb2b21dbe4d4fd347b769d3/detection

159.89.203.110:6587
159.89.203.110:7612
167.86.109.16:7612
207.250.29.219:6587
207.250.29.219:7612
207.250.29.221:6587
207.250.29.221:7612
46.105.127.143:6587
46.105.127.143:7612
5.226.168.130:6587
5.226.168.130:7612
51.15.219.33:7612
remcos.punkdns.top
remcos2.punkdns.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-06-22)

103.198.26.130:45645
103.198.26.130:56765
107.175.229.139:8823
144.208.127.241:1717
192.253.251.227:57484
45.61.132.128:1952
94.156.68.54:87
96.47.235.152:2024
bossnacarpet.com
hjnourt38haoust1.duckdns.org
iwarsut775laudrye2.duckdns.org
iwarsut775laudrye3.duckdns.org
janbours92harbu01.duckdns.org
janbours92harbu02.duckdns.org
janbours92harbu03.duckdns.org
megacitta190004.duckdns.org
oriondedjdissd.con-ip.com
remcoss2024feb.duckdns.org

# Reference: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
# Reference: https://www.virustotal.com/gui/file/13646fefa24c414888f2ca78de605a063c41dbd4945dee1ebb00e8cbae65085d/detection

http://96.126.101.128
94.156.66.67:2409
belgom.duckdns.org
fordede.duckdns.org
logili.duckdns.org
newsat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a49d38cf698e0acad8cc028c3f0b3a7e0d7de2f5c345439ccae413d3e10c29c4/detection

103.212.220.14:5675
185.108.105.241:5675
41.76.192.17:5675
41.76.195.228:5675
45.74.39.78:5675
45.74.44.36:5675
45.74.46.124:5675
45.74.46.207:5675
45.74.46.230:5675
45.74.46.241:5675
45.74.46.73:5675
mroffice.hopto.org

# Reference: https://www.virustotal.com/gui/file/086252671c0dcf22ef7f0ceca33375d47bbeab0c985963552f8f528498775678/detection
# Reference: https://www.virustotal.com/gui/file/fcdbde9d610f443bbfea15d925e9fcb72b7075d6156d281c627b105086a46746/detection

178.215.236.110:3050
45.88.90.110:3050
ricohltd.top
vauxhall.top
jgbours284hawara01.duckdns.org
jgbours284hawara02.duckdns.org
jgbours284hawara03.duckdns.org

# Reference: https://pastebin.com/raw/EPCBAKGJ

103.77.243.159:2404
104.243.32.42:2404
107.173.4.16:2404
118.31.63.89:2404
145.239.230.233:2404
147.124.210.13:2404
158.220.98.130:2404
167.88.166.237:2404
172.111.139.125:2404
172.111.186.144:2404
177.255.84.124:2404
181.141.41.63:2404
181.41.200.209:2404
185.157.162.103:2404
185.157.162.126:2404
185.174.101.15:2404
185.214.10.55:2404
185.241.208.66:2404
185.255.114.122:2404
191.252.153.239:2404
192.210.214.9:2404
192.3.101.18:2404
193.111.249.133:2404
193.142.146.101:2404
193.142.146.21:2404
194.59.30.46:2404
195.201.87.182:2404
198.23.227.212:2404
20.161.82.217:2404
204.10.160.132:2404
204.9.187.48:2404
213.238.177.144:2404
213.252.247.119:2404
217.76.56.205:2404
23.227.183.122:2404
24.152.36.221:2404
45.133.174.54:2404
45.156.86.26:2404
45.156.86.27:2404
45.40.96.164:2404
45.74.37.70:2404
45.74.37.97:2404
45.77.115.93:2404
46.246.4.212:2404
5.206.224.223:2404
5.230.75.50:2404
5.34.182.173:2404
64.188.22.11:2404
65.21.134.79:2404
78.142.18.109:2404
78.142.18.110:2404
78.142.18.111:2404
78.142.18.221:2404
8.213.216.15:2404
83.147.37.144:2404
86.104.73.215:2404
88.119.170.153:2404
91.92.247.170:2404
91.92.249.174:2404
92.204.171.198:2404
92.53.65.66:2404
94.130.249.123:2404
94.156.67.171:2404
94.156.67.174:2404
94.156.68.216:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-07-06)
# Reference: https://www.virustotal.com/gui/file/09ea9e11557019340fd2f3f2bb6f3e6be02780d7da597e0148e5b96d933706f2/detection
# Reference: https://www.virustotal.com/gui/file/35cc50dfa2e5b9183e125df2cac72ea68e76d15af151b32737e32f5866dda091/detection

103.212.81.159:5207
103.237.87.156:1993
103.237.87.159:9462
103.237.87.161:1993
103.237.87.32:1999
103.237.87.40:1993
107.173.4.18:2556
107.173.62.181:17120
138.201.150.244:3984
157.254.236.96:2404
172.93.218.178:44555
173.255.204.62:2556
181.134.154.236:1664
181.134.154.236:7770
191.101.130.177:6903
192.3.64.149:2888
206.123.148.194:3980
206.123.148.196:3980
212.162.149.42:7118
5.78.82.186:2405
66.85.26.234:7888
80.85.154.121:1980
94.156.68.105:7256
94.156.68.221:2424
94.156.69.93:2973
abril24.con-ip.com
abril25.con-ip.com
arannsasaaransasaturituri2024.duckdns.org
bayerns342.duckdns.org
bendito.con-ip.com
benjaminavendanolora09.con-ip.com
cachabfeb.duckdns.org
cachafeb.duckdns.org
cada1224.con-ip.com
ccerrado10.con-ip.com
chichonexpress.con-ip.com
comidafood.con-ip.com
dgfrnvkdjnrljfre.con-ip.com
didiersarmientolora09.duckdns.org
dominiogeneral20240202402024.duckdns.org
dominioseternosgraciasadios20230230230.duckdns.org
dominoduck2055.duckdns.org
dpm-sael.com
dvefwfdddaa.con-ip.com
envijunio.duckdns.org
ergfdsvhiebviured.con-ip.com
ergfergnownfiejrf.con-ip.com
fabiansambuesalora09.duckdns.org
fdvdfvflknvonfnf.con-ip.com
ferfnekfkjerfjre.con-ip.com
fiujrkefdosdlfosdjfjdf.con-ip.com
gukguygugv.con-ip.com
herherregerterger.con-ip.com
idfofjvoevjoejvoerjovjri.con-ip.com
inverterrem.duckdns.org
jairodomingueslora09.duckdns.org
jhigyjkgfjkfkfku.con-ip.com
josesalomonlora09.duckdns.org
juderule.africa
junio04.con-ip.com
junio06.con-ip.com
junio17.con-ip.com
junio19.con-ip.com
junio21.con-ip.com
junio24.con-ip.com
junio25.con-ip.com
junio26.con-ip.com
juniorvalemonda.con-ip.com
kdhviusdhiuduidhn.con-ip.com
kiolok.duckdns.org
lorenagamarralora09.duckdns.org
marioyepeslora09.duckdns.org
mayo006.con-ip.com
mayo07.con-ip.com
mayo292024.con-ip.com
mayoelmesdelamosca202422024.duckdns.org
milciadestorreslora09.duckdns.org
milotedaenerdia.con-ip.com
mou3543.duckdns.org
oro.con-ip.com
panel2.con-ip.com
pasarasaberquecuenta.con-ip.com
pr1275995.con-ip.com
rfdslnfiwdfjnwlcnwonjjs.con-ip.com
rfglnlsdknflsdnfldsns.con-ip.com
sdfgdjghiudsifh.con-ip.com
sdfvskdjcnsdkcmowdijfei.con-ip.com
sdvfsdjfijfirbfe.con-ip.com
sgddvjcmvkdmvdmod.con-ip.com
skbfsjbfhsdbfhbdsbfsbifbis.con-ip.com
sos2021rico.duckdns.org
tydyjtdfjhtf.con-ip.com
vegetachcnc.com
wrfegvfdsefme.con-ip.com

# Reference: https://www.virustotal.com/gui/file/e90338e3426444f725cbed7873c7c3edeadaaf9bc289bdaa18ff7ebca8c916c6/detection

181.131.219.106:1992
sodfhsiuhdvishvisdhivgh.con-ip.com

# Reference: https://www.virustotal.com/gui/file/c6437ea43449b6cb763714ba5034c406dfb66485c1a2d76ac4b9f1a4314240a6/detection

191.88.248.148:1992
uribe07.con-ip.com

# Reference: https://www.virustotal.com/gui/file/2a432a4c49955323930cf55b7ed264acc5d07a6a3837718901b8a9d1de3df36b/detection

191.88.248.148:1880
alfonsolozanolora09.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.248.148/relations

djifhidjfvndfvn.con-ip.com
jhonatanbedollalora09.con-ip.com
mariagarcialora09.con-ip.com
mariapenalora09.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.217.74/relations

defdwsccs.con-ip.com
sfgreoughifjgnlkdhfe.con-ip.com
tele12.con-ip.com

# Reference: https://www.virustotal.com/gui/file/db1c03a38ddda7f85b4d812e7aa84f11464b02719cb621d21289464fd7e14fa0/detection

181.131.217.156:9403

# Reference: https://www.virustotal.com/gui/file/b7fc2c96f3385d388315dfbb4c06bec55adf81dad51fc5116b90270541a198c2/detection

179.14.171.7:9597
181.131.217.156:9597
191.88.249.118:9597

# Reference: https://www.virustotal.com/gui/file/81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92/detection

181.131.217.156:2093
181.141.8.110:2093
186.85.86.226:2093

# Reference: https://www.virustotal.com/gui/file/30365c2a08495f1a3e13f086a12f20119152df943b74b2c55e100886283d820e/detection

181.131.217.81:1990
cristianbarreralora09.duckdns.org
cristianlozanolora09.duckdns.org
didiersarmientolora09.duckdns.org
fabiansambuesalora09.duckdns.org
fabricioromerolora09.duckdns.org
falconrodrigueslora09.duckdns.org
felipepelaezlora09.duckdns.org
fernadosernalora09.duckdns.org
fernasantoslora09.duckdns.org
jairodomingueslora09.duckdns.org
josesalasarlora09.duckdns.org
josesalomonlora09.duckdns.org
lorenagamarralora09.duckdns.org
lucianopradolora09.duckdns.org
luciocastanolora09.duckdns.org
luiscarlospetrolora09.duckdns.org
manberoioliveralora09.duckdns.org
manologonsaleslora09.duckdns.org
mariomendeslora09.duckdns.org
marioyepeslora09.duckdns.org
marlonpiedraitalora09.duckdns.org
marlonrangerlora09.duckdns.org
mauriciobelenolora09.duckdns.org
maurorodrigueslora09.duckdns.org
milciadestorreslora09.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1810305014088282568
# Reference: https://www.virustotal.com/gui/file/23355e6bb3fb1b0e389e7ec95bacf5f205cfb4e1be6f427aabd9fcba0f603a59/detection

45.95.232.100:9000
45.95.232.221:4434

# Reference: https://www.virustotal.com/gui/file/47b12bc3756bf1c2339578eef98a12eb68f142f601ebee25eacca7d6ef6dc349/detection

157.20.182.38:4443

# Reference: https://www.virustotal.com/gui/file/ffac703f236c11563dec94b9d9dcc0f1bb37a814f98400e62512a2df5e596ec6/detection

81.19.139.76:4343

# Reference: https://www.virustotal.com/gui/file/fbc8bed8f5a9b1c73a165119d5f1735f5f06562b787f50f343b04e1bc8f0b2d4/detection

http://45.95.232.221

# Reference: https://www.virustotal.com/gui/file/e314b233b41a5688a4e43f876ccb10718351d3f396b4df623b4ebb0a093be7e0/detection

http://45.95.232.82
45.95.232.82:4434

# Reference: https://www.virustotal.com/gui/file/d938cb8accbc51046158350155f1af9248fc8459ef2b92be752b93dae77504a6/detection

http://81.19.139.14
81.19.139.4:434

# Reference: https://x.com/k3yp0d/status/1812896923906375859
# Reference: https://www.virustotal.com/gui/file/93d62921b098eb238d3398dfbe70c0e764b2b0bd73e7abed9b5fe0e2a2b6262b/detection

http://45.95.232.235

# Reference: https://x.com/k3yp0d/status/1813137156333834580

http://194.87.71.46
http://88.151.192.40

# Reference: https://x.com/k3yp0d/status/1813577767956668497
# Reference: https://www.virustotal.com/gui/file/f9006cde13a4687743768e5abacb4c4be0d0f40ce80dabd4e236720e7f567b41/detection
# Reference: https://www.virustotal.com/gui/file/b2c949c04039bdb0248021a6c73389f27f82b3a3ca94c651bd58002076621f72/detection
# Reference: https://www.virustotal.com/gui/file/94b18630ceb9c0e7a108c0700684650d80554eb612e43c9cad763c8b6eeb946b/detection
# Reference: https://www.virustotal.com/gui/file/98acb5d3ae106853227b89091f146beb21859fbe9e941711cd13799d5139e416/detection

http://45.95.232.215
miwrt3szxozwhyqdyyznin.hooks.webhookrelay.com

# Reference: https://x.com/k3yp0d/status/1813602107486044417

http://45.95.232.52
http://77.83.246.105

# Reference: https://x.com/ShanHolo/status/1813824489073131771
# Reference: https://www.virustotal.com/gui/file/c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8/detection

http://107.173.143.46
107.173.4.18:2556
173.255.204.62:2556
bossnacarpet.com
vegetachcnc.com

# Reference: https://x.com/g0njxa/status/1814564408846147830
# Reference: https://app.any.run/tasks/be61420d-8456-458d-b230-ce2b19af4f68/

213.5.130.55:443
213.5.130.58:443
compranoautorizada.com
medinetuix.com
miguellozanocolloto.com
portalintranetgrupobbva.com
rollbit.casino
bancamarch.compranoautorizada.com
bbva.compranoautorizada.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://103.85.25.182
http://162.251.146.190
http://172.94.25.38
101.99.94.105:9999
103.186.116.111:7788
103.186.116.224:8080
103.186.116.30:2404
103.186.116.80:2404
103.186.64.142:443
103.237.87.161:2404
103.237.87.32:2404
103.237.87.40:2404
103.253.17.222:6426
103.77.243.159:5009
104.238.220.231:4872
104.243.242.229:1692
104.243.38.89:2404
104.243.42.74:2404
104.37.184.140:2404
107.172.148.221:8080
107.175.31.172:2525
107.175.34.66:2025
109.248.144.232:8081
109.248.150.178:2404
111.90.143.125:4101
12.221.146.138:8000
134.255.217.251:8000
134.255.217.251:8100
134.255.252.75:443
136.243.151.110:2404
136.243.151.110:443
141.98.101.133:20990
142.11.201.122:5121
142.11.201.122:6123
142.11.201.122:6124
142.11.201.123:5121
142.11.201.123:6121
142.11.201.123:6124
142.11.201.124:5121
142.11.201.124:6122
142.11.201.124:6123
142.11.201.124:6124
142.11.201.125:6121
142.11.201.125:6122
142.11.201.125:6123
142.11.201.125:6124
142.11.201.126:5121
142.11.201.126:6121
142.11.201.126:6122
142.11.201.126:6124
145.239.230.233:443
147.78.103.153:9090
152.201.163.76:2000
152.201.191.104:2000
152.202.253.94:2000
157.20.182.138:443
158.220.124.192:1012
158.51.121.150:2404
162.251.122.115:2404
162.251.146.190:3306
162.251.146.190:443
162.251.146.190:53
162.251.146.190:8080
172.111.137.131:4040
172.111.186.112:1919
172.111.186.112:1921
172.111.186.112:2020
172.111.186.112:2021
172.111.186.144:2021
172.111.186.144:2222
172.174.173.151:2404
172.245.123.14:2404
172.81.63.157:5200
172.93.222.185:2404
172.93.222.208:2404
172.93.222.25:2404
172.94.25.38:1921
172.94.25.38:2020
172.94.25.38:2021
172.94.25.38:2024
172.94.25.38:2025
172.94.25.38:2125
172.94.25.38:2402
172.94.25.38:2404
173.212.199.134:4433
173.234.107.81:2404
176.9.23.50:1697
176.9.23.50:3677
176.9.23.50:4483
176.9.23.50:6119
176.9.23.50:6397
176.9.23.50:6591
176.9.23.50:7083
176.9.23.50:7273
176.9.23.50:7329
176.9.23.50:7539
176.9.23.55:5394
178.215.236.129:1781
178.73.192.19:2404
178.73.192.19:8888
178.73.192.4:2404
178.73.218.4:2404
179.13.4.37:8080
179.15.133.126:2404
179.15.149.222:1667
179.15.149.222:2404
180.214.236.46:4288
181.131.217.222:5220
181.215.79.222:51269
181.236.120.75:2000
181.49.85.74:5506
181.49.85.74:5508
185.156.72.28:2403
185.157.162.103:443
185.158.113.101:2404
185.161.209.117:41955
185.161.210.49:21352
185.161.210.49:32491
185.169.54.165:2404
185.196.10.111:2404
185.196.10.111:7777
185.196.9.78:24041
185.222.58.41:5938
185.222.58.47:2404
185.239.236.234:443
185.29.11.56:4200
185.29.9.6:6699
185.38.142.127:443
185.41.248.110:31337
185.56.80.120:5590
185.56.83.208:6969
188.126.90.7:8888
188.93.233.246:2404
191.252.153.239:2405
192.3.64.185:8080
193.142.146.101:2401
193.142.146.173:2404
193.26.115.139:2404
194.169.175.190:2404
194.55.186.241:2404
194.59.30.201:17527
194.59.30.76:57846
194.87.45.90:8080
195.211.98.128:8081
195.26.242.179:2404
198.13.35.20:36082
2.58.56.179:4444
2.58.56.84:4444
204.10.160.139:2404
205.234.200.175:14645
207.244.237.106:7276
208.64.33.148:25
208.64.33.148:5000
208.64.33.148:8080
208.64.33.62:8080
209.90.234.13:2404
212.162.149.80:2404
213.252.247.119:2222
213.5.130.59:443
23.134.94.5:5470
23.134.94.5:5471
23.227.193.34:1024
23.254.224.59:2404
24.152.36.36:2404
3.110.151.234:5060
3.130.209.29:28191
38.114.123.24:2404
38.181.2.139:2404
38.181.2.56:2404
38.181.2.77:2404
38.255.54.17:31832
38.255.55.171:2404
45.137.116.128:443
45.156.86.29:9032
45.156.86.52:9032
45.230.254.43:8000
45.66.231.190:2489
45.66.231.47:2404
45.74.19.149:2022
45.74.19.43:6699
45.74.37.70:2444
45.74.37.70:3999
45.74.37.70:8090
45.74.37.97:888
45.77.115.225:2003
45.88.186.15:2404
45.89.247.46:2404
45.95.169.135:2404
45.95.169.139:2404
45.95.232.171:4343
45.95.232.171:443
45.95.232.215:443
45.95.232.21:4343
45.95.232.21:443
45.95.232.229:4343
45.95.232.229:443
45.95.232.237:4343
45.95.232.237:443
45.95.232.249:443
45.95.232.52:443
45.95.232.89:443
46.183.222.46:5000
46.183.223.84:7070
46.246.12.3:2404
46.246.12.3:8888
46.246.12.4:2404
46.246.14.12:2404
46.246.4.17:2404
46.246.4.17:8888
46.246.80.11:9090
46.246.82.22:9090
46.246.82.3:9090
46.246.84.28:9090
46.246.86.16:2404
46.246.86.16:8884
46.246.86.16:8888
46.246.86.16:8889
46.246.86.20:2404
5.252.53.134:2404
5.253.86.233:2404
5.61.36.74:54311
5.8.11.93:4040
57.128.155.22:4056
65.108.129.220:8088
66.248.206.187:2404
67.203.7.232:2404
75.127.7.188:2404
77.83.246.105:443
77.83.246.46:443
77.83.246.55:443
77.83.246.60:443
78.142.18.110:2401
78.142.18.110:2405
78.142.18.110:2406
78.142.18.111:2401
78.142.18.111:2405
78.142.18.111:2406
78.142.18.112:2401
78.142.18.112:2404
78.142.18.112:2405
78.142.18.112:2406
78.142.18.221:2401
78.159.112.29:1911
78.159.112.29:8008
78.159.112.29:8080
8.210.234.19:2404
8.218.28.159:8683
80.66.75.238:3388
80.79.7.197:2404
80.94.92.120:2404
83.147.38.162:8888
83.147.38.162:9999
83.147.53.80:2404
84.247.169.247:2404
84.38.134.104:8080
85.209.11.113:123
85.209.11.113:2053
85.209.11.113:5000
85.209.11.113:8443
86.104.72.183:2701
86.104.72.183:2706
86.104.72.183:2707
88.119.170.153:2444
88.119.170.153:8090
89.117.23.25:57832
91.92.240.153:2080
91.92.242.91:2404
91.92.245.43:2404
91.92.246.111:2404
91.92.246.148:2404
91.92.246.66:2404
91.92.249.86:8201
91.92.255.54:2404
92.204.171.198:888
94.130.131.169:3122
94.156.65.138:2404
94.156.66.230:35889
94.156.67.58:2404
94.156.79.89:2404
95.214.54.179:2404

# Reference: https://www.virustotal.com/gui/file/f893c6fd241a58065f77bfe56db7e7cf060224be0b3f38e352312e05ab35f7fe/detection
# Reference: https://www.virustotal.com/gui/file/5080e38aaf9a00af84a5baf06d1eeb1881dd24a389ff719add6b7b650d1ddaea/detection

http://91.134.103.134

# Reference: https://x.com/malwrhunterteam/status/1816861171409940564
# Reference: https://www.virustotal.com/gui/file/a115bd24258d2fa68c60a051026c9736e99d6bca72ca33c74b92e2965efbb71a/detection
# Reference: https://www.virustotal.com/gui/file/7b82dbf6f4e480cd2b805b8c23d3f0d864b1de7242f04adf6a9078ca6e8930ef/detection
# Reference: https://www.virustotal.com/gui/file/6d93a42c2bffbf94f703b3bbe6e0e9026d76bfb501367bbeb1c2531e28ac6cab/detection

http://81.19.139.74
81.19.139.74:4343
/fhtp934657hgjdkldjnblcvpgg.zip
/fhtp934657hgjdkldjnblcvracs/brt_1_0147.doc
/fhtp934657hgjdkldjnblcvracs/oshad_88.docx
/fhtp934657hgjdkldjnblcvracs/rv_luti_2024_roku.xlsx
/fhtp934657hgjdkldjnblcvracs/

# Reference: https://www.virustotal.com/gui/ip-address/192.3.101.142/relations
# Reference: https://www.virustotal.com/gui/file/cf8e318a25edc46fe366195ca9efd3de290db535c42d4565987b2de7eeecffc9/detection
# Reference: https://www.virustotal.com/gui/file/1b7645def29702c924a9cff0a5234b8a697f6d89be75593a725cf8f7da8c7288/detection

http://192.3.101.142
192.3.101.142:18576
forxlamfile.duckdns.org
fridayyyyvert.3utilities.com
hiddenrmcnew.duckdns.org
maveing.duckdns.org
mercurimanangere.ddnsking.com
mondaynoip.ddnsking.com

# Reference: https://www.virustotal.com/gui/ip-address/179.15.149.222/relations
# Reference: https://www.virustotal.com/gui/file/f31f939d16c6b493080ecd189296153bfdb0a22d89e7dbc22d87bab21dbfe75b/detection
# Reference: https://www.virustotal.com/gui/file/ed0686ca469ef0c6d231b50b13a8e9c940c1864b1cdb6d1bd49aff3bab7664c3/detection
# Reference: https://www.virustotal.com/gui/file/d3ae0198e42c1f207bd4ba866ad9f634cddb1b3f15757db7b417a74bfc20116e/detection
# Reference: https://www.virustotal.com/gui/file/90bbc186938b8bf66f288b9376a9ee09e3ea004231d79e29eac556060cd7f6a3/detection
# Reference: https://www.virustotal.com/gui/file/5e865150c02b6687a220b59762459744c0467ec451b48be1569b8b92326c2e25/detection

179.15.149.222:1663
179.15.133.126:1664
179.15.149.222:1665
179.15.149.222:1667
179.15.149.222:1668
bbuseruploads.s3.amazonaws.com
card25.con-ip.com
estrillajuju.con-ip.com
hgfghdfdhgfhjfgukugf.con-ip.com
muchodinerohoy.con-ip.com
renovar.con-ip.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

103.67.163.218:2298
104.238.220.25:2404
104.243.242.233:1692
144.76.198.145:2020
144.76.198.145:8090
144.76.198.145:9090
147.45.45.187:443
154.216.19.153:8090
154.216.19.153:9090
157.254.236.188:25
167.0.242.66:2000
172.93.222.225:2404
172.94.36.43:4444
172.94.89.130:1781
172.94.89.133:18711
176.9.23.50:3591
176.9.23.50:6489
176.9.23.50:9839
178.215.236.246:4591
179.13.1.246:2404
185.196.220.29:18711
188.126.90.3:2404
193.142.146.101:2403
195.10.205.95:443
198.46.178.150:2404
2.58.56.84:2404
213.190.4.203:51268
217.12.201.39:2404
217.12.201.39:888
217.76.57.196:2425
23.95.60.70:2404
45.59.120.222:8080
45.66.231.70:2404
45.80.158.56:2404
45.89.48.132:2404
46.246.12.3:8884
46.246.12.3:8889
46.246.12.7:9090
46.246.80.4:2404
46.246.82.7:2404
54.193.66.5:2404
62.169.29.134:2404
91.92.240.75:2404
91.92.243.195:4190
91.92.244.29:1109
92.118.57.244:2404
94.130.131.169:7730
94.130.249.123:2639
94.130.249.123:3128
94.130.249.123:3474
94.130.249.123:4139
94.130.249.123:4493
94.130.249.123:4583
94.130.249.123:4893
94.130.249.123:4917
94.130.249.123:4963
94.130.249.123:5897
94.130.249.123:5967
94.130.249.123:6397
94.130.249.123:6916
94.130.249.123:6987
94.130.249.123:7367
94.130.249.123:7394

# Reference: https://www.virustotal.com/gui/file/de4ed9c858ba08046e51aaa6c2ef12636836597d85a79319870e241bb8c408b1/detection
# Reference: https://www.virustotal.com/gui/file/8fbc4642276d9a4a7d9bd8403ad877f6924ca453390df838e032b3f89d376d18/detection

http://176.223.130.167
91.92.243.78:2404
shenron19862.duckdns.org

# Reference: https://x.com/karol_paciorek/status/1820442575339188265

http://45.138.183.226
216.9.224.58:5555
45.138.183.226:8973
45.138.183.226:8974
45.90.89.252:8973
45.90.89.252:8974
enargy.co
bxi.giize.com

# Reference: https://x.com/JAMESWT_MHT/status/1820762213667275177
# Reference: https://www.virustotal.com/gui/ip-address/172.93.222.33/relations
# Reference: https://app.any.run/tasks/309b558d-a7ad-4d1f-8f4a-dde5353fe158/
# Reference: https://www.virustotal.com/gui/file/0215613cd0d68cb74ec1ac781faff5e41d8ddaf32dc281c5ea847a4d3c1040bb/detection

172.93.222.33:35550
supersmsblow.live
megafusion.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f45cff43d3cc69afda28e08941242d4e82d20d1adc642e96a73caac2aa5d5900/detection
# Reference: https://www.virustotal.com/gui/file/6edc26583499cc66f14c2e362182a31546d1965792343fba41ce1fa494ed03bf/detection

pythonsleep.online

# Reference: https://x.com/Cyberteam008/status/1821374578066702672
# Reference: https://pastebin.com/Vm62bRXS

http://146.70.161.48
http://179.43.185.237
http://23.28.149.187
http://46.19.137.165
http://77.105.161.52
101.99.92.147:4433
103.186.116.111:4440
103.237.87.159:2404
103.30.10.32:7000
104.243.242.171:8580
104.243.242.228:4040
104.243.38.89:5008
12.221.146.138:9090
128.127.104.25:888
134.255.252.75:22
137.74.188.193:2404
142.11.201.123:6123
142.11.201.126:6123
147.78.103.153:8090
152.202.240.123:2000
152.89.198.197:443
172.111.186.112:2022
172.94.108.143:8091
176.9.23.50:6998
176.9.23.50:7081
178.33.57.155:443
179.13.6.213:2016
179.43.185.237:443
179.43.185.237:53
181.235.132.27:8888
185.234.216.107:5000
185.234.216.107:5001
185.234.216.107:5003
185.53.209.178:53
185.53.209.178:8080
186.112.207.223:2023
186.169.58.119:2404
188.215.229.132:5001
191.93.113.10:2000
193.239.160.78:8080
193.26.115.41:443
194.59.31.129:3191
195.201.87.182:443
198.12.81.159:2560
198.23.227.135:5590
204.10.160.151:2404
204.10.160.179:2404
208.87.206.171:443
212.32.249.39:1194
213.109.202.33:5000
213.252.247.119:1111
216.173.116.240:9595
216.9.224.18:9943
37.1.208.225:8081
41.216.183.71:5000
45.141.215.89:2404
45.146.253.227:443
45.154.98.228:443
45.157.233.63:2404
45.61.132.128:2404
45.61.166.165:9019
45.74.37.70:5050
45.77.115.225:2006
45.77.73.71:2121
45.95.169.134:443
45.95.232.235:4343
45.95.232.242:4343
46.183.222.78:8081
46.19.137.165:443
46.19.137.165:53
46.246.12.20:9080
46.246.14.10:9080
46.246.14.9:9080
46.246.14.9:9090
46.246.6.20:9090
46.246.80.20:8888
46.246.80.8:8079
46.246.82.12:6665
46.246.82.20:9080
46.246.82.21:8888
46.246.84.10:8888
46.246.86.20:9078
46.4.224.203:443
5.8.11.120:7070
62.204.41.246:5000
62.204.41.246:5001
62.204.41.246:9000
64.176.43.119:7007
64.188.16.157:9001
64.23.156.103:443
65.21.134.79:8090
66.150.198.176:10050
66.150.198.176:25
67.217.228.230:443
77.105.161.52:8080
77.105.161.52:8888
77.91.77.55:5252
78.159.112.29:7077
80.253.239.170:443
83.147.37.166:8888
83.147.37.166:9999
85.206.161.93:888
85.209.11.113:5001
85.209.11.113:8001
85.209.11.113:8445
91.227.77.101:443
91.231.182.193:8080
91.92.241.189:9080
91.92.249.142:9898
91.92.254.202:2404
92.52.217.56:8080
94.130.131.169:8513
94.156.69.173:2404
94.156.79.25:8090
94.158.245.104:8090

# Reference: https://www.virustotal.com/gui/ip-address/177.191.139.145/relations
# Reference: https://www.virustotal.com/gui/ip-address/187.72.79.111/relations
# Reference: https://www.virustotal.com/gui/file/0714671314754f5830bd40aba2f7f238796f18dc3c8dcd571ca4413e2ec2b124/detection
# Reference: https://www.virustotal.com/gui/file/cea295ccfe6d772a40cdfa8e31e42c3433f7f9b672f9f8ecf5905a4a78fd49ce/detection

162.251.122.70:45889
45.66.231.62:2487
alfapacs.ddns.net
gigololo.duckdns.org
mappe.ddns.net
servidorwindows.ddns.com.br
windowsssjunedd.duckdns.org

# Reference: https://tria.ge/240807-hpsn6stgjk/behavioral2

192.3.176.174:26734
wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro
host.wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro

# Reference: https://www.virustotal.com/gui/file/2390cf47d9412574ff2590506a066f8a18d9b5775a55fea1b0121ebe7fe49c6f/detection

212.92.242.121:2404

# Reference: https://www.virustotal.com/gui/file/aa3588b284988846e7b49e3aa32ec48ed95677e381c5cefe742841b58531c78f/detection

sandshoe.ignorelist.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-08-10)

http://34.151.206.189
http://65.21.245.7
103.186.116.14:2404
103.186.116.90:67
103.186.116.90:70
103.198.26.25:96
103.74.101.242:2404
104.243.242.231:1692
104.243.242.234:1692
108.181.191.159:2404
122.175.43.125:2404
138.201.150.245:6589
146.70.137.90:3343
147.124.212.130:2405
147.124.212.217:22330
147.185.221.18:52136
148.113.165.11:3030
149.28.83.171:2404
152.201.163.76:2001
154.216.18.89:2404
154.216.19.153:333
155.254.25.33:10050
172.111.232.174:2404
172.93.218.178:45667
172.94.89.132:18711
173.215.153.107:1800
178.23.190.118:52499
181.134.102.135:2404
181.235.135.17:2404
185.17.26.109:45682
185.196.220.194:2404
185.196.220.195:2404
185.196.9.6:2404
185.29.9.110:2404
188.165.120.122:6622
192.3.95.204:8787
193.239.160.78:18080
193.26.115.21:7009
194.59.30.104:2404
195.10.205.113:443
198.23.227.212:32583
204.10.160.158:53604
212.86.115.26:2404
213.152.161.249:11274
213.152.187.220:30311
217.76.50.73:3256
23.227.202.48:2404
23.227.203.18:44577
31.43.185.8:2202
38.170.239.50:6192
45.204.3.1:2404
45.66.231.157:2404
45.66.231.163:2404
45.66.231.197:2404
45.66.231.198:2404
45.66.231.218:4259
45.80.158.32:61009
46.175.167.116:2404
46.183.223.70:4047
46.246.14.10:2404
46.246.14.10:8888
46.246.4.8:2404
46.246.6.9:2404
46.246.82.2:8888
46.28.236.222:2404
62.102.148.156:9771
65.21.245.7:81
77.105.161.144:2404
77.105.161.144:4899
77.105.161.144:8081
77.105.161.52:2404
77.105.161.52:4899
77.91.77.55:32024
84.38.133.48:2404
85.209.133.95:1961
91.92.246.78:2404
91.92.248.42:2404
94.156.65.182:31051
94.156.69.174:7459
95.214.54.179:2301
ab9001.ddns.net
anyone-blogging.gl.at.ply.gg
areaseguras.con-ip.com
eadzagba1.duckdns.org
jesusgabrielahumadalora09.con-ip.com
latestgrace2024.duckdns.org
luky00921.ddns.net
method890.ddns.net
newskingdomz.live
officerem.duckdns.org
peleinufele.kozow.com
serverupdatemarch353.duckdns.org
taysour6lakut1.duckdns.org
taysour6lakut2.duckdns.org
unifrieghtmovers.com
windowsserverfebarch.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1822918414446297409
# Reference: https://www.virustotal.com/gui/file/5bb6c4fd0757c706f61538fac3e6697dc8ad2b1061682c079c2869dcba2ebc86/detection
# Reference: https://www.virustotal.com/gui/file/52daf73ade9a604dee09d39a62636d33ff50f6e08de58a96e012f8f3141b54ae/detection

185.225.74.254:6655
65.109.15.146:7666
paialspailas.duckdns.org
paialspailas22.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2f1f66a7d7f0058db7f854e5ed21829fcbc075a6a94590b16a1509267a477511/detection

94.156.175.95:21
94.156.175.95:39967
siaemic.cam
server.siaemic.cam

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

103.14.225.137:6425
103.186.64.146:2404
103.67.162.246:2404
103.67.162.248:2404
104.243.242.227:1692
104.243.242.232:1692
104.250.175.237:1871
107.137.89.241:2404
111.90.147.110:3390
111.90.147.110:81
141.95.84.40:39
152.204.251.167:2404
152.204.251.167:8888
154.127.53.157:2404
154.216.20.177:2404
154.216.20.252:32024
154.216.20.51:443
162.251.122.90:2404
167.0.250.58:2000
167.0.254.30:2000
172.111.139.167:2404
172.86.70.236:7070
172.94.89.141:1781
173.249.194.100:2404
176.31.92.202:36745
178.73.192.14:2404
178.73.192.14:8888
179.43.182.85:2222
179.43.182.85:2404
179.61.237.4:443
181.235.158.214:2404
185.208.158.171:8922
185.208.158.205:2404
185.208.158.212:443
185.29.10.35:2404
185.38.142.127:2404
191.88.255.116:2404
192.3.243.155:2404
193.142.58.10:8300
194.190.152.246:8080
194.59.30.123:2404
194.61.28.213:57108
195.211.98.63:8081
195.26.87.40:2404
198.46.243.123:5938
204.10.160.158:54604
206.123.148.197:2404
208.70.254.150:2404
23.227.202.100:10110
23.95.206.163:26000
34.34.97.238:8888
43.226.229.234:2404
45.133.74.183:2404
45.137.22.106:2404
45.156.86.29:1847
45.66.231.228:2080
45.66.231.75:2404
45.95.169.110:2404
45.95.169.137:2404
46.174.55.144:2404
46.174.55.144:443
46.183.223.11:2404
46.246.80.15:2404
46.246.82.12:2404
46.246.82.20:2404
46.246.84.10:2404
46.246.84.12:2404
46.246.84.19:2404
46.246.84.19:8888
46.246.84.2:2404
5.161.181.2:2404
5.253.86.247:2404
64.188.18.85:2404
67.203.0.132:2404
67.203.7.218:2404
69.197.174.209:2404
8.130.29.217:2404
80.94.95.119:2404
83.149.72.49:2404
84.38.129.51:9999
84.38.133.170:9999
84.38.133.53:2404
89.149.197.177:2404
91.92.244.161:2404
94.156.69.213:2404
94.46.246.60:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-08-18)

103.186.117.57:2404
103.67.162.233:9462
111.90.147.110:465
111.90.147.110:8090
154.216.18.14:7070
154.216.19.222:7088
172.86.70.236:4242
181.235.9.111:2404
192.129.178.60:5121
192.210.150.26:8787
23.95.235.18:2557
45.156.86.52:1847
45.95.169.139:2403
65.21.66.222:9821
agosto14.con-ip.com
method8888.ddns.net
sungito2.ddns.net
tochisglobal.ddns.net

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://101.99.75.219
http://111.90.148.123
http://154.216.20.51
101.99.75.219:2404
101.99.75.219:8080
103.186.117.159:13924
104.243.242.230:1692
104.250.175.232:1871
104.250.175.236:1871
111.90.148.123:2404
111.90.148.123:8080
152.202.226.171:2000
152.204.248.116:2404
152.204.248.116:8888
154.216.17.14:2404
154.216.18.157:2404
154.216.18.214:2404
154.216.18.216:2404
154.216.18.232:9090
172.111.131.34:46167
185.208.158.82:2404
189.38.106.100:3004
189.38.106.100:8080
192.129.178.58:5121
192.129.178.59:5121
192.129.178.61:5121
192.129.178.62:5121
192.3.101.172:2404
195.211.98.63:8090
208.77.22.212:17527
23.27.244.39:2404
45.148.17.50:57155
45.62.170.171:2404
45.66.231.251:2404
45.88.186.251:443
45.94.31.35:4444
45.95.169.175:2404
46.246.6.15:2404
46.246.6.15:9090
46.246.6.4:8888
46.246.80.11:2404
46.246.84.12:9090
46.29.238.104:2404
57.128.155.22:4054
57.128.155.22:4057
65.108.24.88:2404
78.142.18.110:2407
78.142.18.111:2407
78.142.18.112:2407
78.142.18.221:2407
79.110.49.142:9999
84.38.132.103:7001
91.234.199.40:2404
91.234.199.40:443
91.92.241.131:2404
91.92.242.128:2404
91.92.242.143:2404
91.92.249.210:4395
94.156.65.246:2404
96.47.232.195:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-08-25)

http://101.99.75.178
101.99.75.178:2404
101.99.75.178:4899
101.99.75.178:8080
103.161.133.243:2404
104.238.220.231:4871
111.90.148.123:5651
118.163.177.120:2404
154.216.18.232:8090
172.111.137.132:57484
172.111.186.124:7777
192.3.101.172:9674
192.3.64.152:2559
194.169.175.109:2404
43.226.229.227:57484
45.66.231.73:22891
46.183.223.84:9898
46.246.6.4:8884
46.246.6.4:8889
89.32.41.177:2404
91.92.241.171:89
94.154.37.219:3942
abomenaa.duckdns.org
acheminement-assistance.com
alvaritox.con-ip.com
dhlseguimiento.com
eager-northcutt.45-95-232-237.plesk.page
freak4u.duckdns.org
gray-mouse-10079.zap.cloud
great-poitras.45-95-232-237.plesk.page
hgbourst28lasor2.duckdns.org
infovitale-secuameli.site
lluxurioesessparesort.com
mon-suivi-info.com
newsletter208.home-webserver.de
ppizzavonrom.com
schokoladenzauber.com
strange-sinoussi.45-95-232-237.plesk.page
suivi-colis-info.com
turkishlotteryoffate.com.tr
ups-infotracking.com
vps-zap1037826-7.zap-srv.com

# Reference: https://x.com/malwrhunterteam/status/1828157748900700247
# Reference: https://www.virustotal.com/gui/file/a7048b5c7ad209fc0748b6aeae5261aaad7d358bcd899f91bd1294780e9c266a/detection
# Reference: https://www.virustotal.com/gui/file/8c0281e7890b713ecc149fa3f4280ec8f9b349d9d442e673aaa720c96c07dc5f/detection
# Reference: https://www.virustotal.com/gui/file/576700e02475a3b2dc014167c5167b69598ec5801fe5256a808285c2055fd23f/detection

94.156.69.53:3400
access-companys.con-ip.com

# Reference: https://www.virustotal.com/gui/file/1a20454e463f4642d58f0e531e16dc4b9b6f6ef17766decdb02c12dbc820ba36/detection

148.113.165.11:127

# Reference: https://www.virustotal.com/gui/file/03c3d8e55815807839b5a6c33d9ff6be07a3a19e3c1488a0fa4d89c14ee6a75e/detection

148.113.165.11:3030

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt

206.123.148.197:3980

# Reference: https://x.com/JAMESWT_MHT/status/1829422189528973774
# Reference: https://app.any.run/tasks/66d8c99a-5671-4dec-9bb8-fff3cd359106

63.141.237.145:5642
63.141.237.145:5757
remcosco222.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1829466806391656787
# Reference: https://www.virustotal.com/gui/file/df7d2e54b67a7788dd7c326a6c2a1c5b935b94288622fb7bbeff3ba336205cd7/detection
# Reference: https://www.virustotal.com/gui/file/ddd94d9d25f4ee02343b209e6d345457ef0b3efebccfd9a16b721e1c59a6cb03/detection
# Reference: https://www.virustotal.com/gui/file/cb43e05491b09d4c7da14d3f42d11a2bb4fa81b0fb47717d44c75426832cdf30/detection
# Reference: https://www.virustotal.com/gui/file/a2bfa5db078137d391b392758fca56b34c8d3c9b0a7e23b1ba9fa9a2edf91000/detection
# Reference: https://www.virustotal.com/gui/file/2ee1e4201c69f361a30b28aef54b3a56cf42a559d5c6101f11f51c38adca8f55/detection

http://83.222.191.201
83.222.191.201:24251

# Reference: https://x.com/StrikeReadyLabs/status/1830420330541703309
# Reference: https://www.virustotal.com/gui/ip-address/94.154.172.166/relations
# Reference: https://www.virustotal.com/gui/file/53c944e2e98e5b68fa43a83b73575775f9c231612f981358686caa29d7e37bf0/detection

uknownabode.duckdns.org
xemdeptrai.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0b6ff11b6bb77a2b5fddd259c021c80096d681e955468e342435ab93d1743cd7/detection

101.99.93.108:2404

# Reference: https://x.com/malwrhunterteam/status/1831738472299688333
# Reference: https://www.virustotal.com/gui/file/18ffe969595851eed2e247ff3e872a488415820e05371531a388276eeccaa250/detection
# Reference: https://www.virustotal.com/gui/file/3e5adec34d0e3567b3eed2c917eaac783ff3eb19c2a1154339ebd1b2497f1e24/detection
# Reference: https://www.virustotal.com/gui/file/68fe63cdae0b90cd1df1d400879135d3c18522c98cf4a9473156b477a71529ce/detection
# Reference: https://www.virustotal.com/gui/file/791e4eed86e4d17301d1f0ba8e75c82d44c4ab2be4b9b9e0c88ad7754948ed82/detection
# Reference: https://www.virustotal.com/gui/file/9549f73133514942aadfcf6f3f38f5d89e573ba7d9b18cde44f29f0a172d7c32/detection

http://5.181.156.117
5.181.156.117:8576

# Reference: https://x.com/malwrhunterteam/status/1832056215356022789
# Reference: https://www.virustotal.com/gui/file/3c911df5b86df9712bf5f14ff49c3beadb62cbde886609139c437bf0a919fc49/detection
# Reference: https://www.virustotal.com/gui/file/1a4380f4a67993c78d73e57335b7972189ea44f768517c2e382ee267cc48ad5f/detection
# Reference: https://www.virustotal.com/gui/file/947ba630b4d2d998525eff4f08a5f9a0f45052b51fab71c7838ffae57ab0e4f5/detection

172.111.244.2:6042
172.111.244.4:6042
172.111.244.7:6042
172.111.244.11:6042
privmerkt.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://111.90.147.146
http://172.111.250.17
http://185.239.236.234
101.99.93.108:1723
101.99.93.108:8080
103.161.133.243:2080
103.186.116.168:2404
103.186.116.193:8080
103.198.26.72:25
103.198.26.72:8080
104.243.242.235:1692
109.110.184.176:2404
111.90.147.146:2404
111.90.147.146:8080
111.90.148.145:1024
111.90.148.145:2404
111.90.148.145:8000
125.227.79.121:2404
139.99.137.193:2404
142.44.173.92:8080
143.92.60.24:2404
143.92.60.26:2404
143.92.60.29:2404
146.70.87.250:2404
149.202.0.252:2404
152.201.188.254:2000
154.216.17.203:2404
154.216.18.235:2404
154.216.19.222:5532
154.216.19.222:6509
154.216.20.211:6902
154.216.20.223:5584
157.20.182.60:2404
162.248.224.13:2404
162.251.122.106:2404
162.252.172.190:443
167.0.225.82:2000
172.111.131.36:17527
172.111.131.44:46167
172.111.139.127:2404
172.111.139.160:2404
172.111.139.88:2404
172.111.186.144:4444
172.111.250.17:2404
172.111.250.17:443
172.94.3.25:8080
172.94.53.165:2404
177.255.88.227:2404
181.235.160.251:2404
181.235.160.251:8888
181.235.222.138:8888
185.146.88.217:2404
185.150.191.117:4609
185.157.162.103:1997
185.174.101.128:2404
185.208.158.171:6042
185.241.208.83:2404
185.38.142.128:8080
192.177.111.22:2404
192.236.237.18:9090
192.3.101.254:9674
192.3.220.30:2080
192.3.23.251:2404
193.142.146.101:2406
193.143.1.11:443
194.28.225.73:443
198.244.236.18:2404
198.46.174.158:2404
204.10.160.206:2404
204.10.160.230:7983
206.123.152.101:2404
213.252.247.119:4444
23.106.238.209:2404
23.95.173.183:2404
31.222.238.188:2404
34.151.206.189:2404
38.153.61.72:2404
45.138.16.248:8081
45.202.35.28:2404
45.202.35.40:2404
45.61.157.44:2404
45.62.170.238:2404
45.66.231.234:2404
45.88.186.161:443
45.89.247.101:2080
45.89.247.112:2404
45.89.247.134:2404
45.89.247.135:2404
45.89.247.45:2404
45.89.247.98:2404
45.89.48.165:2404
45.95.169.104:2404
45.95.169.18:2404
46.246.12.23:2404
46.246.14.24:2404
46.246.6.14:2404
46.246.6.21:2404
46.246.6.21:8884
46.246.82.10:2404
46.246.84.15:8888
46.246.84.17:8888
46.246.84.6:2404
46.246.86.11:2404
47.243.114.61:2323
5.253.247.130:2404
5.253.247.130:443
64.188.12.208:5500
64.188.18.85:4455
65.21.66.217:2404
67.203.7.145:2404
67.203.7.223:2404
67.207.161.204:2404
69.46.15.142:2404
83.147.37.152:2404
85.17.23.154:2404
89.34.99.39:2404
91.92.240.98:2404
91.92.241.132:2404
91.92.255.186:34312
94.156.65.125:2404

# Reference: https://x.com/JAMESWT_MHT/status/1832474715979436302
# Reference: https://app.any.run/tasks/f602ee0f-f9c9-403f-8589-712a7e2b3cb8

192.3.101.17:2404

# Reference: https://www.virustotal.com/gui/file/bf350d8f7fbd4db00e6d87a45558522548b4d816f32ea0cc57ec9342111f4dbc/detection

91.193.75.113:4045
referantsa1.duckdns.org
tergatco777.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6e64f1c66b67d4912394403d99b88da47f28f0a682e17c94af69b8f59221d6be/detection

154.13.163.54:6065
185.244.30.86:6065

# Reference: https://www.virustotal.com/gui/file/c294a3733759e35bc74da2dcd95fab459ca9e2cdb845f3c0d3c2012c6bf7a9d3/detection

181.136.226.14:1998
194.147.140.207:1998

# Reference: https://www.virustotal.com/gui/file/90f99f8659dd04260d1b30b7d139e832ba8e2f2bbbb393f07f7ebcbaef8093c8/detection

45.95.169.162:3321

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-09-09)

103.237.86.135:2021
109.248.151.169:2404
172.111.244.104:3980
198.13.35.20:25723
43.226.229.234:57484
45.138.16.208:2404
45.66.231.182:2404
46.246.80.8:2404
5.20.120.177:2404
80.66.75.98:2404

# Reference: https://x.com/vmray/status/1833180847551160381
# Reference: https://www.vmray.com/analyses/_vt/d534ed1c1ca0/report/network.html
# Reference: https://www.virustotal.com/gui/file/d534ed1c1ca02484710138b6a1517db17c76e799041ba0e908cde3abb93d80bb/detection
# Reference: https://www.virustotal.com/gui/file/668ddbfe96219c2902b46779cb66520f9d5145c0d2c0873d815f10d89bcbe005/detection
# Reference: https://www.virustotal.com/gui/file/4456c86e1e94ea89baefae9a62592e95ae7b49560440d6efe0e80c660bdb8073/detection
# Reference: https://www.virustotal.com/gui/file/325fde6dcba7eacd28df2465028d87d8afb43eb243aa4b4970242e507775570a/detection

5.182.211.249:23101
pushswroller.eu
remwavesw.com
rollerswpush.eu
swpushroller.eu
bas.swpushroller.eu
rem.pushswroller.eu
run.rollerswpush.eu
swre.remwavesw.com
tip.swpushroller.eu
/dovfd/Plksbjdwhd.js
/dovfd/Yherfwjd.js
/Plksbjdwhd.js
/Yherfwjd.js

# Reference: https://x.com/kddx0178318/status/1833492153277792663
# Reference: https://app.any.run/tasks/a423a0f6-0722-4a60-9ca0-b27d49eca7b5
# Reference: https://www.virustotal.com/gui/file/842c000429c7e5787fb9fd0961238758e04b4af6c6b56dc4bb0c4db27af69fce/detection

43.226.229.234:57484
lyshdiopofu.kr
uppsintrtfo.ee
notariusnaydenova.eu/wp-admin/users/Stevets.csv

# Reference: https://x.com/karol_paciorek/status/1833434905587396630
# Reference: https://www.virustotal.com/gui/file/c07e92647c58d22541517b52a7c7af5031deacc9261d5eb45ea7f72d778df49a/detection

onedrive-microsoft.redirectme.net
onedrive.webhop.me

# Reference: https://www.malware-traffic-analysis.net/2024/09/11/index.html
# Reference: https://www.virustotal.com/gui/file/085149beb8dbcf6a2b42cf0de78eb1a82e1860d936c8d46b13029021fee35271/detection
# Reference: https://www.virustotal.com/gui/file/4a79a8b83afd4feb2fd2e130d54f667fa9ee6c61ecf7d61efed3753ab2450775/detection

198.23.201.62:4877
198.46.178.133:4877

# Reference: https://www.virustotal.com/gui/file/ec8b98607e1889c5f170be0021cfb688eb209c33ca3202abd34cfa586edce983/detection

91.151.88.7:2404
mehmetemreural.net

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-15)

http://101.99.93.144
101.99.93.144:2404
101.99.93.144:465
101.99.93.144:50255
107.172.148.221:14645
107.173.229.136:2404
120.79.89.234:2404
131.226.2.26:2404
146.70.24.188:2404
147.124.209.163:2404
172.94.53.168:2404
179.13.2.98:2404
185.157.162.126:1997
185.174.101.120:2404
192.129.178.61:6122
192.210.150.17:2404
208.70.254.147:2404
31.6.50.127:2404
38.132.122.173:2404
41.216.188.178:2404
45.138.16.248:801
45.61.129.21:2404
45.66.231.122:2080
46.246.12.210:9090
46.246.80.10:2404
46.246.80.10:8888
46.246.80.5:8889
46.246.82.8:2404
46.246.82.8:9090
46.8.221.61:443
51.89.208.28:2404
67.207.166.172:2404
80.66.75.98:2000
84.38.132.51:2404
89.117.52.151:2404
91.92.242.74:2080
91.92.255.64:2404
94.156.67.144:2404

# Reference: https://x.com/malwrhunterteam/status/1837393554001240279
# Reference: https://www.virustotal.com/gui/file/b125da74dfb843031eb2ec7eac49792c97e1a1a272a3a47b39a635a8deeec03b/detection

193.142.146.203:2405

# Reference: https://x.com/banthisguy9349/status/1837534484373098604

http://103.182.19.148
http://104.243.38.54
http://107.172.148.248
http://107.175.242.80
http://107.175.243.142
http://149.28.221.9
http://149.28.237.172
http://172.232.189.85
http://172.232.4.203
http://172.236.19.62
http://192.227.173.64
http://192.227.225.173
http://192.3.193.155
http://192.3.223.30
http://192.3.243.166
http://198.12.107.122
http://198.12.81.171
http://198.12.81.228
http://198.23.133.156
http://198.23.188.147
http://198.46.177.156
http://198.46.178.137
http://198.46.178.154
http://198.46.178.181
http://23.94.148.16
http://23.95.235.112
http://45.89.247.102
http://45.90.89.123
http://91.134.98.142
http://99.79.191.228

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-09-22)

http://101.99.93.169
103.161.133.224:5584
103.161.133.245:9898
103.186.117.150:1282
103.186.117.228:2404
103.198.26.22:2404
103.67.162.213:2435
104.243.242.226:1692
116.55.248.235:10443
116.55.248.235:20443
141.95.84.40:37
148.113.165.11:3000
154.216.18.217:5690
154.216.18.217:8967
154.216.20.237:9090
165.154.219.160:39685
172.111.139.93:2404
172.111.163.226:8901
172.111.250.17:2455
172.93.220.148:45682
172.94.9.172:57484
173.249.193.221:2404
173.249.194.122:2404
179.13.2.98:8888
181.236.124.3:2000
184.75.221.171:36441
190.70.119.188:8997
192.129.178.58:6121
192.129.178.58:6122
192.129.178.58:6123
192.129.178.58:6124
192.129.178.59:6120
192.129.178.59:6121
192.129.178.59:6122
192.129.178.59:6123
192.129.178.59:6124
192.129.178.59:6125
192.129.178.60:6120
192.129.178.60:6121
192.129.178.60:6122
192.129.178.60:6123
192.129.178.60:6124
192.129.178.60:6125
192.129.178.61:6120
192.129.178.61:6121
192.129.178.61:6123
192.129.178.61:6124
192.129.178.61:6125
192.129.178.62:6120
192.129.178.62:6121
192.129.178.62:6122
192.129.178.62:6124
192.129.178.62:6125
192.3.101.29:1070
192.3.101.29:14645
192.3.23.251:1070
193.142.146.101:2405
193.142.146.203:2406
194.59.31.104:2404
195.246.231.197:606
198.13.35.20:2404
198.135.48.32:7067
198.23.197.108:7010
198.37.105.222:8080
209.250.252.99:2525
212.162.149.163:2404
23.106.127.123:91
23.106.127.79:5679
23.95.60.82:1070
45.126.209.252:443
45.139.104.150:8080
45.143.200.21:3389
45.66.231.111:2404
45.89.247.127:2404
45.90.89.98:8243
46.246.6.11:2404
46.246.6.21:8889
46.246.82.8:8888
46.246.84.15:2404
46.246.84.15:8884
46.246.84.4:2404
46.246.84.4:9090
51.222.121.200:2404
67.203.7.162:2404
80.66.75.47:55777
84.38.132.40:2404
86.104.72.183:2709
91.92.240.228:2404
91.92.241.132:3000
91.92.244.33:443
91.92.251.188:8080
91.92.251.188:9090
93.67.51.29:2404
94.156.65.202:2404
94.156.67.94:63193
blakaa.duckdns.org
crash.sh
curt.wiz.co
ichika.tw
loip.cc
nnamoo.duckdns.org
strms.ly
ubal.do
udum.work.gd
ufye28738bd3yv23d783.con-ip.com

# Reference: https://www.virustotal.com/gui/file/28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793/detection

64.176.178.205:1988
zakriexports.com

# Reference: https://x.com/Gi7w0rm/status/1838837540054241651
# Reference: https://tria.ge/240925-hqxphsthqe/behavioral3

190.9.223.135:4576
remcos2024fin.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3f17c7c8dd1638141546da3b36d9b64dc7ae4081bc53cd40f0ac135f122921aa/detection

181.131.216.24:1213
holdadmin2024.duckdns.org
rem0324.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1839558287714349487
# Reference: https://www.virustotal.com/gui/file/dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f/detection

37.120.137.198:4422
heavytank21gh.com

# Reference: https://www.virustotal.com/gui/file/14f1be9adf86ae849dc4588e2fe837a0365287c2de485d0ee3df8fd2aa0cf6b2/detection

http://91.202.233.169
89.117.23.25:57840
prehv.duckdns.org
rupz.duckdns.org
wrzn.duckdns.org
zaratanes.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060d6f9c0505a7709281567b10bbc91256a073ecd4fef23e3de47f5ff7aa40de/detection

45.135.232.38:5999
89.117.23.25:5999
91.92.248.248:5999
dxpam.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/89.117.23.25/relations

arwr.duckdns.org
asyx.duckdns.org
dcfast.duckdns.org
hypersh.duckdns.org
keepz.duckdns.org
newsl.duckdns.org
njfast.duckdns.org
prdon.duckdns.org
qfast.duckdns.org
rfast.duckdns.org
rounk.duckdns.org
runp.duckdns.org
rupz.duckdns.org
viscas.duckdns.org
wrzn.duckdns.org

# Generic

/invoice_Qkdxcnmk.bmp
/swlu_Gmgzhmnp.png
/litupin_Kywfvjxv.bmp
/remcos_a_rgzXPLek0.bin
/TT_2021_Remcos%20v2_DDoOoaFhuj99.bin
/Xrllqxvmom.png
/_errorpages/remcoszx.exe
/remcoszx.exe
/newremcos.txt
/newremcos.php
/newremcos.ps1
/newremcos.hta
/newremcos.asp
/newremcos.aspx
/newremcos.py
/newremcos.pyc
/novoremcos.txt
/novoremcos.php
/novoremcos.ps1
/novoremcos.hta
/novoremcos.asp
/novoremcos.aspx
/novoremcos.py
/novoremcos.pyc
