# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: voidrat, venomrat, velos, vermin

# Note: "Today I'd like to introduce you to VoidRAT. Void-RAT isn't a new RAT, it's more of a fork of QuasarRAT. It's also not new in the sense that it's been in active use for several years. I scraped several hundred from Pastebin alone since 2018." -- https://twitter.com/pmelson/status/1249375189638344707

# Note: "This is, in fact, the source of the poorly implemented crypto I've been working on the last few days. VoidRAT uses AES to encrypt its configuration strings, similar to QuasarRAT. In fact, the static Salt is identical to Quasar, just stored as a decimal array instead of hex." -- https://twitter.com/pmelson/status/1249375191114764290

# Note: "VenomRAT - new, hackforums grade, reincarnation of QuasarRAT" -- https://blog.malwarelab.pl/posts/venom/

# Reference: https://twitter.com/DynamicAnalysis/status/1034828121126723584
# Reference: https://twitter.com/James_inthe_box/status/1034829960647593984
# Reference: https://pastebin.com/MgAd0CzR

syscore.duckdns.org
watchdogdns.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1044187140626796545

nhatquang.club

# Reference: https://twitter.com/Racco42/status/1050763535888867328

lagos042.ddns.net
manuel3.publicvm.com

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-menupass-quasarrat-backdoor.html

195.54.163.74:443

# Reference: https://twitter.com/silascutler/status/1154137754051239936
# Reference: https://pastebin.com/s6pkzu0z
# Reference: https://otx.alienvault.com/pulse/5d39d3634b2ef4d157a1f8ae

hostzsz.ddns.net
rkr003.ddns.net
131454.ddns.net
609574.ddns.net
928hafa7.ddns.net
abcdhacked.ddns.net
acidos-44965.portmap.host
adiwax.duckdns.org
afdafadfdfdfaa.ddns.net
agoraadn.ddns.net
akaimpk.ddns.net
alexrobin.hopto.org
alibabajob.duckdns.org
allurbase.warzonedns.com
alphamission.ooguy.com
altsyst3m.servegame.com
aminaqi-32028.portmap.io
androidshegaon.ddns.net
apina123.duckdns.org
apo.myddns.me
argoogle.ddns.net
asdasdjla.ddns.net
ausliandns.ddns.net
auw8duii3j5.gotdns.ch
aziziyehack.duckdns.org
babagee.ddns.net
bebe228855.hopto.org
bigpouley.ddns.net
blacklji.ddns.net
blackslight29.duckdns.org
bonsaichiled.freedynamicdns.org
boooing.hotpo.org
broly.mywire.org
bugido.ddns.net
carbonhdspeed.ddns.net
carelesspineapple.ddns.net
cerberus1980.hopto.org
chad3eboz.ddns.net
chrome.fagdns.com
ckleins.ddns.net
colinmdu78.freemyip.com
cryptoeverwin.ddns.net
cryptoslayer22.ddns.net
csphagah.servegame.com
dancen.ddns.net
dankmemes.ddns.net
darkhorse777.ddns.net
darkkutjood.ddns.net
darkslazz9988.ddns.net
dcgame.ddns.net
ddsess.ddns.net
deaznam.ddns.net
dertanion.ddns.net
dexter1234.duckdns.org
dfssdfds3422344.ddns.net
dnsinass.hopto.org
dracia321.no-ip.biz
dragonslayer22.ddns.net
drdep.ddns.net
drhack.hopto.org
drkcmtt.duckdns.org
dschndr.ddns.net
dupal13.ddns.net
dzchackteam.duckdns.org
ededwdwdwd.hopto.org
eduardorouter.ddns.net
eznecum.duckdns.org
faded.hopto.org
fahd2010.ddns.net
fahd20101.ddns.net
fgeha777.ddns.net
fluffyunicornsftw.sytes.net
forst5ns3a45gpnz.onion.ws
fortnitelol.kozow.com
fromnvpns.theworkpc.com
galacto17.hopto.org
galrov2.ddns.net
gargamel.duckdns.org
ghostisreal.ddns.net
gingles.ddns.net
google64.sytes.net
googlead3321.ddns.net
googleisp.ddns.net
googlessh1.ddns.net
grundle.ddns.net
gsmboxupdates.ddns.net
guccigangyesxddddddd.duckdns.org
gud.ddns.net
hackmee.ddns.net
hackportals.ddns.net
hackprova.ddnsking.com
havocplays.duckdns.org
haxerjack.ddns.net
helloworldhere.ddns.net
hellsharion.myftp.org
henripizio.ddns.net
henripizzio.ddns.net
heros108.ddns.net
holydns.warzonedns.com
host420.ddns.net
hostestreitr.ddns.net
hostvertice.hopto.org
icecreem.hopto.org
icmsecurity.ddns.net
ignuxas64.ddns.net
ilsk-56205.portmap.io
imjustdoingmyjob.ddns.net
internimus.ddns.net
ipointer1604.sytes.net
ivaiva.ddns.net
jacobjones965895-53801.portmap.io
javaupd.ddns.net
javvaa.accesscam.org
jercky.ddns.net
jonreg.ddns.net
justdoitfast.myvnc.com
k1nngurr.myftp.org
kanat26.duckdns.org
katrol1.ddns.net
kekhaxim.duckdns.org
keremabi.duckdns.org
kleur4.ddns.net
kurban187.duckdns.org
lab-wired-kvvgzjkkdr.dynamic-m.com
lancelord88.ddns.net
larofagol-50266.portmap.io
leghost.ddns.net
lekee.duckdns.org
letmeinpls.ddns.net
levinx.duckdns.org
lfjdslkjfslkjf.bounceme.net
m1ngs1.ddns.net
marcirat.ddns.net
marjoserver.ddns.net
martinou.ddns.net
maximazorreguieta.ddns.net
maximazorreguieta.no-ip.info
maxwilly4142-45474.portmap.io
mecanic.freeddns.org
mehack.ddns.net
mertens.mynetgear.com
miseri.duckdns.org
mlks.ddns.net
morokko.duckdns.org
mumbai.webhop.me
myhostdown.ddns.net
myportnotblock.001www.com
nanorat.ddns.net
naskopv.hopto.org
nattawut.ddns.net
neg4tif.duckdns.org
negatifrat.duckdns.org
nemesis423.ddns.net
neoxyne.myvnc.com
new.windowsupdate.live
nezaki-backups.ddns.net
nhk123.ddns.net
nicereverse.ooguy.com
niggerlovers69.hopto.org
nmahnsk1.dynu.net
noipkrutoy.ddns.net
okapia99.ddns.net
omikronium.ddns.net
omka11.duckdns.org
omniserver.redirectme.net
oofed.ddns.net
oofed.sytes.net
oogboog.ddns.net
opstatun.sytes.net
orcabot.ddns.net
p6solutions.hopto.org
paintedwolf.ddns.net
pass2233.ddns.net
pass2233.dzuboks.fun
perdunelo.ddns.net
pigeon143.ddns.net
pingvinic1998.dynu.net
plasty-48256.portmap.host
ppupsekovich.hldns.ru
ptpftp.mypi.co
pusheax.asuscomm.com
q196vbd21.dynu.net
qq529879477.mynetgear.com
quasarandroid.ddns.net
quasarcengo.duckdns.org
quasarez331.duckdns.org
quasarrat.ddns.net
quasarsaiiut.ddns.net
quasartest1.warzonedns.com
qwerty1.ddns.net
qwertyasd.hopto.org
randomhost.ownip.net
rat.bcn-pool.us
rat555.duckdns.org
rat80.ddns.net
rdexter01-50242.portmap.host
recel.duckdns.org
ref12dert6789hty.ddns.net
remoteadmintool.webhop.me
ricardobola.duckdns.org
rizacomet.duckdns.org
russiansecurity.ddns.net
sandshoe.duckdns.org
sclrtlol.gotdns.ch
sezzer93.dynu.net
shadowfriend.ddns.net
shtumichael-40213.portmap.host
simoalal.nerdpol.ovh
sissnemomdesiss.ddns.net
skills.sytes.net
skullman.duckdns.org
skywalker12.ddns.net
soc123.ddns.net
soulnomad.ddns.net
srw-1.noip.me
stealer123.ddns.net
stickygreen666.ddns.net
suckmydick.urown.cloud
suus.ddns.net
svchostddns.ddns.net
tannmistann-31237.portmap.host
test.killwaf.com
testerhousing.ddns.net
testinghouse.ddns.net
testocertificazione.ddns.net
testtesta1.ddns.net
thefatrat23.ddns.net
theprohd-59801.portmap.io
thewayofthemagic.ddns.net
tivict.duckdns.org
tomwahl.duckdns.org
tvariamxuy8.hopto.org
umutgokmn.duckdns.org
unknowhost.ddns.net
urx.myvnc.com
usermata-64665.portmap.host
wareztech.ddns.net
welmer2018.ddns.net
windowsbrowser.ddns.net
windowshabitat.serveirc.com
windowsupdate.asuscomm.com
windowsupdatereap.ddns.net
wsad1122.dynu.net
wuenx1.duckdns.org
wuenx2.duckdns.org
xcorpitx.ddns.net
xeroxhaxor18.duckdns.org
xtremepwned.dynu.net
xtrhost.sytes.net
xylem.duckdns.org
y33tmasters.ddns.net
yaplonkod.duckdns.org
yawani.ddns.net
yesdatpls.duckdns.org
yesps.myvnc.com
youdontknow.ddns.net
youknow.duckdns.org
zeroherecompany-64861.portmap.host
zotrix.ddns.net

# Reference: https://twitter.com/Arkbird_SOLG/status/1157319751238131717

195.12.50.172:46405

# Reference: https://twitter.com/JayTHL/status/1188498558653206528

82.146.51.150:1604

# Reference: https://twitter.com/JayTHL/status/1194671413304672256

206.189.182.212:9999

# Reference: https://www.virustotal.com/gui/file/3af74379234601c1d9cda4e8b20b901b604d6892ecd1e42802303756fba6980c/detection

185.217.1.186:8320
faxjohn01.twilightparadox.com

# Reference: https://twitter.com/killamjr/status/1198459182112006144
# Reference: https://app.any.run/tasks/c0af3b26-4d68-461e-b84b-281f2ee2bea2/

mybaby.hopto.org

# Reference: https://www.virustotal.com/gui/file/3cff40b8cf70ab8685d591e9b7de92e231e86510ea2480b53f24ea25e8aff450/detection

79.134.225.90:4782

# Reference: https://any.run/malware-trends/quasar (Note: as seen on 2019-12-04)

kanat26.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io
aras008-48301.portmap.io
utku01-35105.portmap.io
magicme-54389.portmap.io
gmxvpn-51019.portmap.io
SayNigger123-51458.portmap.host
tkmremi-31995.portmap.io
james871-47359.portmap.host
anonymoushosting-60450.portmap.io
baroud-44589.portmap.io
MORFEY888-55156.portmap.host

# Reference: https://www.virustotal.com/gui/file/8359bc60e9b5bb6c84e0ecd851ead7e4d947482ef0f4997fd1cae2788de842ef/detection

193.161.193.99:33874
meol3555-33874.portmap.host

# Reference: https://www.virustotal.com/gui/file/bb4857b0afa4733905f6f411dcba41ab1e20fe80822d16419fdbf297d10650a9/detection

193.161.193.99:41317
virritast27-41317.portmap.io

# Reference: https://www.virustotal.com/gui/file/4f1de211a439c69076f3c1177ea8135f02a7d6826f6435d93fa2f25b2f035aed/detection

193.161.193.99:30980

# Reference: https://www.virustotal.com/gui/file/01bcba7c8d15fcb97a8c3923dc430f822bb3955dd17611b65008a081679f6910/detection

micalter-62870.portmap.host

# Reference: https://www.virustotal.com/gui/file/5abd187ef6fd30ccfa247191af0dff8b453a7c2815195b93c817e071b1c42451/detection

193.161.193.99:59558
bigbant-30187.portmap.host

# Reference: https://www.virustotal.com/gui/file/0af78e5236f8e26e209545f5b7341b73e8374e26accec827919d9cf3d545a785/detection

befogtad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2bbb5b2eb692d744cf979b786323ee6f515b19617d0c73e1b2c6b45897a04352/detection

193.161.193.99:31776
koyo-31776.portmap.io

# Reference: https://www.virustotal.com/gui/file/ef0e082c1eefe8964366beead5630765d9d8e989ae7671cc9ef0551db75c5198/detection

193.161.193.99:41102

# Reference: https://www.virustotal.com/gui/file/82e73cb494a04a9d6e650149dfb2d5d21acf02ccce57bd2b24f968a4b71988ed/detection

160.177.210.162:5552
41.142.190.236:5552
41.143.142.227:5552

# Reference: https://www.virustotal.com/gui/file/ecf2a706e3aae74d76a4f73e050db6ce5011b1dfd60bdf5e3a9a7b77b3b2aaed/detection
# Reference: https://www.virustotal.com/gui/file/281cf2c4904de81661138240b7ea7a0880402db4083eab697d22d0d5e42cf942/detection

162.200.139.146:1704

# Reference: https://www.virustotal.com/gui/file/b9c1be88add17379ff4ba452a13aa52712680103f0b9e15901b7e80deaeb4716/detection

galrov.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/2cfb5b5d106c732b344e440ff88901100055894c8f1a952ce75afa257c7857b5/detection

18.188.14.65:17825
3.19.3.150:17825

# Reference: https://www.virustotal.com/gui/file/6f86faf12c9b933bb4c13ba4661b9b0f2f2f72eb1a188b6be94f3ac66d2f8ecf/detection

windataservice.club

# Reference: https://www.virustotal.com/gui/file/7a28dcfb7b1b0cfe9178ff1f360f6ca474165f2cb5925c5b5b90697d6a4f491f/detection

104.244.75.220:1101
185.101.94.172:1101

# Reference: https://www.virustotal.com/gui/file/6ae4f8fed85928e981dd91aa512b638ac5c61fe8402382b4cb1c12aaf2bf19bf/detection

79.134.225.112:7799
3five.duckdns.org

# Reference: https://www.virustotal.com/gui/file/be41a7e13a1df3d6ec6009d441a29e262975bbe8d7ea9c819eee79e7dad769ac/detection

193.56.28.161:1608

# Reference: https://www.virustotal.com/gui/file/fce1edbce9398f13a72369d7e00f472c39732ccd25d2c83b04ad32c55b2e0bad/detection

repmodz11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f219c99bae7d406ee40d9528179a93a2eed7c2c942ccda12916177159de6ce92/detection

193.56.28.161:4782

# Reference: https://www.virustotal.com/gui/file/adab3e5e3a61dd1440d0aa3e471a18055cb8e650cb045698e178ef8470f320d5/detection

reversengineerin.duckdns.org

# Reference: https://www.virustotal.com/gui/file/540b5c539846ab341645216dca0f63c78d35cd238b1267058ea7a08bb403f6b1/detection

91.233.116.105:4782
testtest22.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1217031480226041856

magicshavingpowder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d52a899580dd8a6504a0aab527618a276dec3a615485afb1b8e59b5c7ae6aef6/detection

185.140.53.131:9003
79.134.225.96:1972
tracyll.ddns.net

# Reference: https://www.virustotal.com/gui/file/0400cef226621ad00d51b8880025664e3a916c0c3c3207f3525b8423af52a5f6/detection

197.211.58.227:9003

# Reference: https://app.any.run/tasks/26a07c7f-e8b1-4972-8b76-d29be2feb278/

157.230.125.208:8008

# Reference: https://app.any.run/tasks/909ed8a8-970b-46ec-9699-a389c8fdef88/

157.230.125.208:2002

# Reference: https://app.any.run/tasks/2b12feaa-cbc8-478f-8443-44d88558766e/

194.88.106.61:9798

# Reference: https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html (# Win.Packed.Passwordstealera-7544289-0)

apina123.duckdns.org
backtofuture.zapto.org
chrome.giize.com
danek56.ddns.net
dhayan.ddns.net
dike.duckdns.org
gingles.ddns.net
holaholahola.hopto.org
mlks.ddns.net
nerdicon.ddns.net
niroshimax.zapto.org
nirovitch.zapto.org
nume123.hopto.org
pilnaspuodas.ddns.net
sanchosec.ddns.net
scammer.chickenkiller.com
swez111.ddns.net
update1337.duckdns.org
windows13467.ddns.net

# Reference: https://www.virustotal.com/gui/file/e0c2007dd615b777b51667e051b5e625d5e4e706565d1ffe396e432400809749/detection

83.170.70.102:36728

# Reference: https://www.virustotal.com/gui/file/ce9d32d1a31a172bf44c84c465b9f6cf47cbe5085be7bc942aa1e57f78f48d0c/detection

5.2.64.188:36728

# Reference: https://www.virustotal.com/gui/file/4858fcd2879bc6f88623a42e9b27330e80effd746eaaf8432dbf80b4749dca72/detection

80.107.25.98:1608

# Reference: https://www.virustotal.com/gui/file/d32ce01eb6472fbff22a31be6ee6137cf5da45208a828a5b54e6d8b6338d1934/detection

80.107.22.74:1608
80.107.25.98:1608

# Reference: https://www.virustotal.com/gui/file/ef656532743be59237b9bb8ec1b222621c0fd01d25deabdf01a0bd93f17321ce/detection

80.107.17.18:1608

# Reference: https://www.virustotal.com/gui/file/1075b35bba735e0fe5f7c7d5c5995e6681d18f3952ca77dd99f5c3e2d6f57a9e/detection

45.63.29.78:1879

# Reference: https://www.virustotal.com/gui/file/2e429e3b4d385902980aa13fd5acb9d717d2fb2724192a3a6529e619fec2119d/detection

45.63.29.78:1589

# Reference: https://www.virustotal.com/gui/file/71e5d3cfbd16d268791fb02e30393faea48adb43566be455ca7c4796fcf9b270/detection

103.136.43.131:1589

# Reference: https://app.any.run/tasks/93ebca66-fcb7-4610-bf01-25959423c1bf/

176.226.160.199:6522

# Reference: https://app.any.run/tasks/db854e6d-e88a-42c3-b3e2-afcf199852fc/

45.67.231.213:2012

# Reference: https://twitter.com/PhishingAi/status/1117780609688952832
# Reference: https://www.virustotal.com/gui/file/c8273b246205d369ce1c04f0a8f6c5df448bc752cd8159f8ec5f32828d0675ab/behavior/
# Reference: https://www.virustotal.com/gui/ip-address/185.247.228.228/relations

185.247.228.228:45201
pv8stresser.xyz

# Reference: https://app.any.run/tasks/6481821d-12a3-49f4-8f8b-e318b3ec363f/

178.62.47.13:4567

# Reference: https://app.any.run/tasks/8baef533-d6d9-41f8-8686-b4020072b5a6/

178.62.78.66:1222

# Reference: https://app.any.run/tasks/23b322c4-ede2-4fc1-b9cd-744cca6a1a8d/

193.161.193.99:62470

# Reference: https://app.any.run/tasks/c30976d1-5351-49b2-8dc7-bbf271e038b0/

193.161.193.99:57073

# Reference: https://app.any.run/tasks/35022f3b-864d-4160-a752-c366373fba73/

185.17.26.75:3363
69.61.84.233:3364

# Reference: https://app.any.run/tasks/fc23f074-83b3-4ea6-863a-5585a2b5d9ec/

157.230.125.208:4782

# Reference: https://app.any.run/tasks/498ee56f-da90-4443-a828-f8a0e8fb7fc6/

134.209.192.40:6732

# Reference: https://app.any.run/tasks/f73633e5-867d-430b-9c4e-43faab9cc2dd/

196.75.176.4:1188
amerkad199.ddns.net

# Reference: https://app.any.run/tasks/d4fe7165-3760-4566-a4ca-596036d34626/

82.202.167.203:4444

# Reference: https://app.any.run/tasks/41b6d9fb-7ae4-4cff-9117-261d969672f8/

194.5.97.31:5490

# Reference: https://app.any.run/tasks/c40f4844-fa9d-4cc1-9919-c62c669741eb/

35.188.120.120:3741

# Reference: https://app.any.run/tasks/69f634a0-5fea-4e4d-8949-f75c613a3628/

45.153.228.70:2012

# Reference: https://app.any.run/tasks/14c90c72-2003-4780-bc3e-dc0a375ae2ef/

194.9.70.179:1616
216.38.7.246:1616

# Reference: https://www.virustotal.com/gui/domain/r3m0te.65cdn.com/relations
# Reference: https://app.any.run/tasks/0d25dc42-8f63-4fb7-84bf-532eb1b93475/
# Reference: https://www.virustotal.com/gui/file/550389172e36dbd5efab3a49bc68d0130fc565110d25a2b1ae87227bfe0d8db6/detection

207.246.103.61:53
45.32.230.221:53
80.240.22.198:53
r3m0te.65cdn.com

# Reference: https://app.any.run/tasks/82087fda-173c-4c7a-9df1-1bcf1610ff1a/

nlggnjggmlggniggidggngggmjgg.iknlbkgp.traveroyce.com

# Reference: https://app.any.run/tasks/6be6fbb6-09c9-4996-9f28-50b13e2d475c/

91.218.65.24:4782

# Reference: https://app.any.run/tasks/7abafd85-87b4-42b0-9eb4-4ab625303308/

141.136.172.55:4782

# Reference: https://app.any.run/tasks/2ae1c72c-a989-4b0a-a7e2-51cdc8ad7991/

185.217.1.170:56098

# Reference: https://app.any.run/tasks/68bd09b4-809e-4e0e-a0af-79bec46b23f1/

199.66.93.168:4782
al3nzi1.ddns.net

# Reference: https://app.any.run/tasks/cd354138-433e-42b5-b868-036b73500898/

141.255.150.253:4782

# Reference: https://www.virustotal.com/gui/file/1c6c46bfc7c297cab5f790298ef7f92b5dfe1d4e2c3d441521379fd71f03ca7f/detection

210.16.120.250:1616
78.156.87.166:1616

# Reference: https://www.virustotal.com/gui/file/07cbca8fcb06a73a9a9d5855d69b0dc2953ece735f9dd43385695fa15f26cae7/detection

143.225.142.37:5147
79.2.172.253:5147

# Reference: https://app.any.run/tasks/e214a846-50f8-4cac-beff-434bd1bc3cf1/

141.98.212.23:28194

# Reference: https://app.any.run/tasks/75fcf8c1-b3af-4f18-bf62-ded0d217ae0f/

178.238.8.229:1608

# Reference: https://twitter.com/casual_malware/status/1242607122187198466
# Reference: https://app.any.run/tasks/ae6b0ed9-f16f-440a-ba69-e277ebd68b04/
# Reference: https://app.any.run/tasks/4571e5c5-70ce-4157-b7a1-edccdebec208/

192.169.69.25:4782
ikorodu.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1242880176469524480
# Reference: https://twitter.com/James_inthe_box/status/1242892393424142336

193.161.193.99:23030
DarkHate-23030.portmap.io

# Reference: https://app.any.run/tasks/829ab7e1-52d5-4672-91cb-08214558cbf6/

185.165.153.8:13291
cloudpassreset.ga
goodattack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9f9140490ea952c92ebe705bcb64437ed3bc91ddcc7d600869b8bc992dabefc4/detection

185.165.153.227:13291

# Reference: https://www.virustotal.com/gui/file/953861b541ece75e7fc471743cd2e87a843f94238857d5c189dcb434fb455bb3/detection

91.218.65.24:4782

# Reference: https://www.virustotal.com/gui/file/d295784b5991ef0b57bad469889a98881540ae22d105b7324e23e82298c3c498/detection

220.126.22.233:5553

# Reference: https://app.any.run/tasks/048dbdda-7252-4c72-9a48-771faf3ffa47/

157.230.125.208:3333

# Reference: https://www.virustotal.com/gui/file/8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416/detection

dnessss2.o-r.kr

# Reference: https://www.virustotal.com/gui/file/ad5d7d539088c0b57c8871d097bf8853da8039ffd65d6acdeda7cb7f28685232/detection

192.253.246.140:3360

# Reference: https://www.virustotal.com/gui/file/5605cf4460e58cc1c1f41baaf78400ff034efbad4e19367a2b53021ef824e7bc/detection

95.213.195.71:5052

# Reference: https://twitter.com/pmelson/status/1249375191114764290
# Reference: https://twitter.com/ScumBots/status/1249380937391013889

64.69.43.237:12259
free.idcfengye.com

# Reference: https://twitter.com/ScumBots/status/1249379530126565377

171.48.121.83:4782
dliker.myq-see.com

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/cdcf02ebd69dbb38874a456358732b66d8bd75897f6d7f49923360006ca3b0be/detection
# Reference: https://www.virustotal.com/gui/file/c2f70806a9fddb3ff61f045c92c48a19a0f889b839f68a2acd0e71e6c091499c/detection

23.105.131.162:4281
leetlauncher64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e9c623f9afbf6529763899c99d7a93911c645d803e9756a01295a4a6577c27df/detection

79.134.225.33:7974

# Reference: https://www.virustotal.com/gui/file/7c3a759d9812dae0e9c2851b2ccc5418a8c3b929854efcbfc142d3b70384605c/detection

192.169.69.25:41102

# Reference: https://www.virustotal.com/gui/file/a8133852a9c83ea7e383d84ef30c991d87fcda65e2dadf39b2f6e5791d5aa4ae/detection

25.68.8.40:1604

# Reference: https://www.virustotal.com/gui/file/df2198d1b9defab192c1d34157c9add7a0f732330b16d85dfbc70519113c0e0e/detection

80.189.158.57:25565

# Reference: https://www.virustotal.com/gui/file/cf729c46717f95052092cc40b03b455f6c4f7b31f0720d5b79f80dc963a10b35/detection

98.30.237.66:8080
visualstudionet.ddns.net

# Reference: https://www.virustotal.com/gui/file/631c1218c9f7b208afd95a341f92e6436f4e894bc4cd34f4f07ee68682db9e49/detection

159.89.214.31:25687

# Reference: https://twitter.com/ScumBots/status/1249398486702882823
# Reference: https://www.virustotal.com/gui/file/d24a38c9c8ba49b16d835617bf0f382d692547eb77961d99e2147e0570785f43/detection

192.169.69.25:3389
scario.duckdns.org

# Reference: https://www.virustotal.com/gui/file/87522a1f67d1b1ea11ff1d414e6e41a4bbd9df394b7502ddd9685671f47e2831/detection

82.205.35.252:7974
hip.webhop.net

# Reference: https://twitter.com/ScumBots/status/1249398095214981132

109.234.37.166:4782

# Reference: https://twitter.com/ScumBots/status/1249398020900294658
# Reference: https://www.virustotal.com/gui/file/156e94878f5dc982ce0b3ffe381146edff4d5978cc324325e34ae6fec961c5c7/detection

141.255.155.141:4782
deputa.hopto.org

# Reference: https://www.virustotal.com/gui/file/39cbc35bb2110405e66a3818df4dcdecc19482f724ef7e38b075183e573d6dbf/detection

88.114.20.111:5552
apina22.ddns.net

# Reference: https://www.virustotal.com/gui/file/14d93dc9869abecb9db83fa0ee2e6062def5c413ea1270b504ac9df27860bb64/detection

onedollarr.ddns.net

# Reference: https://www.virustotal.com/gui/file/f76006828a7e23845ae8488e6a5397607c54eb6de1465e9b16f8dffc2212e401/detection

intelserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/de6f87a6111a389d05b3fac7d3c266296416e323f13f1695dd6f5f2b7835779e/detection

84.117.133.163:1177
mog.servegame.com

# Reference: https://twitter.com/ScumBots/status/1249396818535907330

149.28.201.253:4782

# Reference: https://www.virustotal.com/gui/file/f0eb82f2828d2819d3003b7efdef6139af4387fad9a20c5f8b2ca21ea28937eb/detection

193.161.193.99:43045
hibro-43045.portmap.io

# Reference: https://www.virustotal.com/gui/file/379b77231e552f1c56637d6b373aee287be8127bc8b55484e8ddd344c7029ae4/detection

94.79.235.91:477
localcv.hopto.org

# Reference: https://www.virustotal.com/gui/file/6d1540821c19e4074e619511ec783c898ef759873bada62e4234cd05042baad1/detection

178.124.140.147:54984

# Reference: https://twitter.com/ScumBots/status/1249396132293345281

65.184.25.147:5552

# Reference: https://twitter.com/ScumBots/status/1249376293717708805

178.63.148.235:2988

# Reference: https://twitter.com/ScumBots/status/1249395982208569350

193.161.193.99:42900
bykertix-42900.portmap.io

# Reference: https://www.virustotal.com/gui/file/095b484575676d4b31e84d6165d6d1e9e52840958800c7ea8c56dc823e331b12/detection

171.96.98.86:5000
hellofuizz.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249395757758795779

77.46.232.248:2323

# Reference: https://www.virustotal.com/gui/file/e3fe2223aad351226dcdc7ed6eba64a698e42cd70520f3acab75300794715feb/detection

archimed07.ddns.net

# Reference: https://www.virustotal.com/gui/file/c54e060c2466ff870ba2d728c2e32dbd2126c70b27c6ae6580ebee2aab3d6360/detection

84.51.52.166:4782

# Reference: https://twitter.com/ScumBots/status/1249395372453224450

77.83.174.51:4782

# Reference: https://twitter.com/ScumBots/status/1249395297601626114

207.154.213.157:5425

# Reference: https://twitter.com/ScumBots/status/1249394685380001795

207.154.213.157:9595

# Reference: https://twitter.com/ScumBots/status/1249394610423595008

185.231.69.80:4782

# Reference: https://twitter.com/ScumBots/status/1249394458568916998

177.40.135.97:4782

# Reference: https://twitter.com/ScumBots/status/1249394294609383429

54.90.225.37:4545

# Reference: https://www.virustotal.com/gui/file/3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6/detection

176.133.189.113:2411
nasjshome.myqnapcloud.com

# Reference: https://www.virustotal.com/gui/file/728a78f654264825676f43579a8f00ad48433d0a2e7a9c11f61966eb755fac7a/detection

46.246.27.131:5050
gusanitogusanito.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9b339df38ba31476a4c85344cf03837578485a54035445bd692d791867b9facc/detection

193.161.193.99:62544
edal-62544.portmap.io

# Reference: https://www.virustotal.com/gui/file/57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac/detection

78.224.10.150:1630

# Reference: https://www.virustotal.com/gui/file/e7053e90884cde9416d3993d4e1b5f72d6e9d39f14be489447a17eee23ef6b96/detection

crulol.ddns.net

# Reference: https://www.virustotal.com/gui/file/630b83f1ea85ac9bfb828ecbbf1cb7841ac1cccf962a92b555164d862ff55440/detection

impawn.ddns.net

# Reference: https://www.virustotal.com/gui/file/d77afe27777032a8ecc348894dbd9e25b7586a6995484b39739ae196f963bfaf/detection

78.83.123.253:4782
kosinker.casacam.net

# Reference: https://twitter.com/ScumBots/status/1249393006169460737

2.82.185.236:4782

# Reference: https://www.virustotal.com/gui/file/6837ebeda99e2bf8df13092d6d7a3a82b491cd79f8ba88d4be22cc05bae80d64/detection

93.202.202.155:99
aldsajdodsdasd12.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1249392543101583361

58.236.228.50:25252

# Reference: https://www.virustotal.com/gui/file/090f9aa6fe88fd3cf6750ef8f09a8713520c13a9c2b207c907fa6022428ab1a0/detection

sumer.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249392315141160961

151.16.225.247:4782

# Reference: https://twitter.com/ScumBots/status/1249392240499228672

207.154.213.157:4465

# Reference: https://www.virustotal.com/gui/file/04d8bdc0c8d10cac881526b8c8f43f791544a9e84d9535bcd1386c4f424b5b7b/detection

192.169.69.25:3360
fx123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/935ab05c65e0de5114d5b4d997fbb907f3699a859dcb3cde07afee8595f366db/detection

3.17.117.250:10923

# Reference: https://www.virustotal.com/gui/file/35826857f7763122fb380c1392f2d0fb820ec28c1f16e858b3846b9f681525af/detection

193.161.193.99:34655
gameranil88-34655.portmap.io

# Reference: https://twitter.com/ScumBots/status/1249391506902974465

207.154.213.157:7766

# Reference: https://twitter.com/ScumBots/status/1249391270809788418

185.17.26.75:3782

# Reference: https://www.virustotal.com/gui/file/c7482af7971b3fef8b458eb284f0f3de177ae3fbe6fc7b7fb4e91f8f84d0152d/detection

ninjakiller1.ddns.net

# Reference: https://www.virustotal.com/gui/file/8826d9cdb01c714426e9f93b9c22fff72a5ea547d8f2df6469556c07ae659d42/detection

charlesrat.ddns.net

# Reference: https://www.virustotal.com/gui/file/a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5/detection

92.63.110.250:9999

# Reference: https://www.virustotal.com/gui/file/bf64c22f0698dc97db127d88456d4d155f2dc96b6e8327a4753bf8747adfae1b/detection

89.245.196.17:5052
zero1.ddns.net

# Reference: https://www.virustotal.com/gui/file/abcc40b928a54fa98a175106dce553d3a19d5fcc5adcf0e163a6d6da2d8bba4a/detection

188.25.202.178:4445
revellboosting.serveblog.net

# Reference: https://www.virustotal.com/gui/file/3acd4e7cf3c0f690581ede29a8fc05a17c6ce65280008f203da54631df06f730/detection

199.16.158.190:1337

# Reference: https://twitter.com/ScumBots/status/1249390024677896206

211.215.89.102:6522
dhhdtestserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/f18d7b47f79f5d93513670417c438ec4b75a7faf0b6c634f6453004b93db901b/detection

192.169.69.25:4061
chromeconnection.duckdns.org

# Reference: https://www.virustotal.com/gui/file/94e10458cf1a57ead9ae551e05094e3ce540a7441701cab391008685d3e00222/detection

193.161.193.99:43045
hibro-43045.portmap.io

# Reference: https://www.virustotal.com/gui/file/0a78b1618c225808ef645280b48fda51923b811fdc38cf210c34672fb80ba6df/detection

luko.dynu.com

# Reference: https://www.virustotal.com/gui/file/d547eaf8f5fb791372d2793d5833f31d9c33f08e0ff3d7d4c892748d8d0ca489/detection

193.161.193.99:42443
noyon007-42443.portmap.host

# Reference: https://www.virustotal.com/gui/file/425eecf3bdd7c9fc731f263283260bacbc1c505c9104f68ae291b4cf78ec5af7/detection

193.161.193.99:43597
deneme12-47909.portmap.host

# Reference: https://www.virustotal.com/gui/file/0af78e5236f8e26e209545f5b7341b73e8374e26accec827919d9cf3d545a785/detection

193.161.193.99:41102

# Reference: https://twitter.com/ScumBots/status/1249388944455761922

159.203.16.166:8383

# Reference: https://twitter.com/ScumBots/status/1249388831238995969

193.161.193.99:26063

# Reference: https://www.virustotal.com/gui/file/1c4787902baff1a8e51b1a9b80eefe7e7928b237edff80d3387454bcac643dfd/detection

78.13.63.66:1604
trolled.ddns.net

# Reference: https://www.virustotal.com/gui/file/e60fed1dfce5f593fae643d02900ee65168aeaeaaedd626a064b71d1da842887/detection

192.169.69.25:1604

# Reference: https://twitter.com/ScumBots/status/1249388601865101312

185.12.45.79:53841

# Reference: https://twitter.com/ScumBots/status/1249388451620950023

217.120.237.39:4567

# Reference: https://www.virustotal.com/gui/file/59a3b394925765cc2773f1b1ef1dd5d8020715366f2978ad3a2cd064bdc11211/detection

193.161.193.99:62870
micalter-62870.portmap.host

# Reference: https://www.virustotal.com/gui/file/87b17a191a1098f5ff1aa7f5dac344cf00ddacafe4589018e692d9a0d540ac70/detection

213.249.194.103:4782
ytp.nsupdate.info

# Reference: https://twitter.com/ScumBots/status/1249388226118324227

88.243.116.39:30

# Reference: https://twitter.com/ScumBots/status/1249388075752587265

159.89.11.68:7900

# Reference: https://www.virustotal.com/gui/file/47686cbf6524d558337f479bf7ce69eeaeedc1178c30dc03a282418ba6f95690/detection

174.58.56.234:1177
aesthetic.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249387757216161792
# Reference: https://www.virustotal.com/gui/file/55742eb250243df64778bf60e910012d8cb5891049613726776a218cb2cfad0a/detection

197.200.44.30:6666
microsoftss.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1249387682607894529

182.191.90.92:4782

# Reference: https://www.virustotal.com/gui/file/09277fda08860febda2652dc57b28a7b34618d7fccf12b02433403a6d490fb62/detection

41.102.37.199:2001
ra2luxe16.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1249385384921960451

89.65.90.37:4782

# Reference: https://www.virustotal.com/gui/file/1d494495056a9adb45449af2c3e724242e339d82acf55496288d04da3fc7e76b/detection

havochacks.duckdns.org

# Reference: https://www.virustotal.com/gui/file/56acdc05a2fbdc0415e9d30af716323dc54cd955a2893515318108780a608c12/detection

israelrules.ddns.net

# Reference: https://www.virustotal.com/gui/file/4496d69d4b0ebe706d4829324165b6aebc501a9903496018bcfeb36120759f5a/detection

193.161.193.99:55061
zyrus-55061.portmap.io

# Reference: https://www.virustotal.com/gui/file/1559baccaadca011a4ad0207c966079e8fa632f6a00499b5d752b30986492215/detection

191.47.71.116:6522
mumojuw.ddns.net

# Reference: https://www.virustotal.com/gui/file/20c0b5be94cb8392f6b02403fadeeea73d83358d1ed66bda69c62e2d7f640df0/detection

79.134.225.122:10150
raje01.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249384071974785026

156.198.85.159:5555

# Reference: https://www.virustotal.com/gui/file/9bbb7384378ccedd3cd9780a95e170d0080a0b30d9bd218b0afead760adfd909/detection

jonathan.d.leet.pw

# Reference: https://twitter.com/ScumBots/status/1249383614686642176

95.154.199.21:60372

# Reference: https://twitter.com/ScumBots/status/1249383535435231233

185.130.104.186:1010

# Reference: https://twitter.com/ScumBots/status/1249383307965579269

79.137.121.218:4444

# Reference: https://www.virustotal.com/gui/file/2b766f8b807b2b39b6f347983ebe042f14eae2c8ddb3dfd3a2c9a3c096048d95/detection

messervices.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1249382046402777090

207.154.213.157:10123

# Reference: https://www.virustotal.com/gui/file/71a5f2d9aa531adae8bbc3ac60ca3444d8b610865c45040a921ec054f431432c/detection

24.131.141.50:54984

# Reference: https://www.virustotal.com/gui/file/00fd890f5850727bd58f0c5ce8522c7b4bbead9310d54511befe9e185c569012/detection

188.134.75.116:4782

# Reference: https://twitter.com/ScumBots/status/1249381578050023426

185.161.209.66:4782

# Reference: https://www.virustotal.com/gui/file/24891cd836c6e0a7154a4e1b11daf173b6c7c1214587b7fee5a41e586d86c657/detection

193.161.193.99:56636
hardpr0x0r-56636.portmap.host

# Reference: https://twitter.com/ScumBots/status/1249381334197379074
# Reference: https://www.virustotal.com/gui/file/885953234e2e1a4643aff0dd7fdab0024beab9751bbcbd7d5707fea103893f2c/detection

wales10.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249381012884402176

78.129.32.187:4782

# Reference: https://twitter.com/ScumBots/status/1249380787683803137

173.212.216.217:6666

# Reference: https://twitter.com/ScumBots/status/1249380711573925888

209.250.236.170:4782

# Reference: https://www.virustotal.com/gui/file/745d65c0a358cdd6083928055b2d675006534184931f0b8118d83736334fb089/detection

193.161.193.99:35617
xXKamilloXx-37712.portmap.host

# Reference: https://www.virustotal.com/gui/file/e9917a58f2227cf0a184e35fee72c9890a3e0f24d813623c5c32d9f02e1a46d1/detection

79.134.225.96:1313
nybenlord.dynu.net

# Reference: https://www.virustotal.com/gui/file/284ffcf3e1cbe3a03e2406ca3fa07b7376aca0a136961ed642beb24213352942/detection

corpse666.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249376523553046533

176.123.10.227:4782

# Reference: https://twitter.com/ScumBots/status/1249376447581622275

88.136.26.45:6598

# Reference: https://twitter.com/ScumBots/status/1249376142072713218

159.65.32.133:9898

# Reference: https://www.virustotal.com/gui/file/ffe6eaa089817fd83aa4d7c61ff27cd77a11882ea21cd1ca743a851595c4f3c7/detection

192.169.69.25:2458
212.47.247.76:2458
viralcfdnshost.duckdns.org

# Reference: https://app.any.run/tasks/171ebc29-01cd-42b3-8878-70a1bb78bf18/

194.127.178.200:4782
domainshit.cf

# Reference: https://app.any.run/tasks/e8a9b353-b67c-4257-b90e-cffb24a3e515/

76.16.201.143:29457
rxtpredz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257440289884643331

91.109.188.2:3030
crsiedem7.ddns.net

# Reference: https://www.virustotal.com/gui/file/0f44b13d72a71e094884853649d5dfbe64b2d92b44c3b8d5fa63583bdae9a034/detection

141.255.158.137:3030

# Reference: https://www.virustotal.com/gui/file/33149db8184ed445510259b12f84a57654d7876a4ef1102475f1e867bec95418/detection

188.146.134.101:3030

# Reference: https://www.virustotal.com/gui/file/c3febfb1b5d672cfb0b5a8e307ce3c39d4fabb4277cef0f6ead498dfd105f2d8/detection

141.255.144.233:3030

# Reference: https://twitter.com/ScumBots/status/1257439302444814338

193.161.193.99:48059
JanFinas-48059.portmap.io

# Reference: https://app.any.run/tasks/ecccff06-360c-4eb6-b91a-542c69a8598f/

109.228.225.8:1604
eceda.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257981518556860416

222.238.154.10:4782
qua.kro.kr

# Reference: https://www.virustotal.com/gui/file/e3703b0fe905cdbde58b03ff78c482ea766df2a30d30b7b4dc3a18187ecfdfc3/detection

185.140.53.106:4782

# Reference: https://www.virustotal.com/gui/domain/tartarus124578.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/8c64f15363ae3a35a492c35e310d12842e61fbee6a0efb82e7b89a739aa78b7e/detection

2.87.45.151:1601
79.130.204.204:1601
79.130.251.240:1601
79.130.255.148:1601
79.131.50.186:1601
94.71.151.99:1601
tartarus124578.ddns.net

# Reference: https://www.virustotal.com/gui/file/d400059cf7e07897e19dc5ee052c0f7bdc6b85dda05cf4ed37a6f96456b69b71/detection

185.140.53.43:4782

# Reference: https://www.virustotal.com/gui/file/bc3a0af7b5ca896fd305204459f6647a5d22169cb9776969a6b7e972b59738c6/detection

kenya1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ab0c370e055d72438a8ba9d1e4bd7b16d50e5f6b7cc39bc0fa90e28ecd3a1b29/detection

212.125.26.57:1601
cenk3431.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1261874049870897161

74.91.115.145:4782

# Reference: https://twitter.com/JayTHL/status/1262217942655291393

94.104.170.10:1605
czhost.ddns.net

# Reference: https://twitter.com/ScumBots/status/1263236145015664653

46.196.45.35:1604

# Reference: https://www.virustotal.com/gui/file/27fd728bc657ee7c2d0ec4fe4715e890225c6d12690080b854e61cb33b995ddb/detection

185.140.53.247:8280
duarte83.bounceme.net

# Reference: https://twitter.com/ScumBots/status/1268902232281550848

141.255.144.120:4782
werfgjsbzhnw.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b7df1cfc092eb55c3f7135666ed916e283f21b8ddf9f97d8f683638504762bc/detection

148.103.183.5:4444

# Reference: https://www.virustotal.com/gui/file/6732e6b2fee87b2d544613938533273983b71fb13180aed4c0cee06dbfe59410/detection

94.60.172.123:5353

# Reference: https://app.any.run/tasks/06c7cc02-0955-4435-8589-6250b8b5b737/

ayewhatsgoodbrolmao.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1271937224070791169

85.25.210.57:4782
dns0676398717.myftp.org

# Reference: https://app.any.run/tasks/a5badbb9-ac6a-468b-9048-29144a6042c7/

128.90.105.57:3468
128.90.105.57:9093
cepeda.linkpc.net
migracion.linkpc.net

# Reference: https://www.virustotal.com/gui/file/8f262a933be275930b09e0f01eacd7931ac20be063a9d4306439be095f9ce588/detection

39.41.16.61:1997

# Reference: https://www.virustotal.com/gui/file/504e075b3107cd1019b85cd8abb2f23fccc6d66419625357046c78d4383a326e/detection

et10.ddns.net

# Reference: https://www.virustotal.com/gui/file/2df82d12b3e4627ffb2f7c0e6c8371f23c4beabb935f93b2c88389953fc07027/detection

reversetcp.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1275354027845398530
# Reference: https://app.any.run/tasks/7f242d3e-8ea6-423e-9add-a82d5e4980a8/
# Reference: https://app.any.run/tasks/765b8842-7850-4923-abcb-780f402841dd/

payloads-poison.000webhostapp.com

# Reference: https://twitter.com/ScumBots/status/1277093703199477761

34.75.102.183:1604

# Reference: https://app.any.run/tasks/28cd2661-3ddc-4f3d-b6a5-bae37987392d/

86.144.71.246:4782
bungleboo.ddns.net

# Reference: https://app.any.run/tasks/9dfcfbd8-a7c7-49ba-8ed1-7dfb5be53c2b/

141.98.252.168:16248
quasimodo.onthewifi.com

# Reference: https://www.virustotal.com/gui/file/29d48bc1e21fb275d4801c5f326937d71543c2d8cf57220086702c1c74bce0b2/detection

159.89.214.31:4782

# Reference: https://app.any.run/tasks/9ab92853-b7eb-45da-8053-4875963d9797/

37.223.208.94:1604
hatenigger.ddns.net

# Reference: https://twitter.com/ScumBots/status/1284507557588082691

51.161.105.101:4782

# Reference: https://www.virustotal.com/gui/file/893eb1609e54fe685e7bf26400b6ae37776cb4749748a60172aa3cb4e8e7156e/detection

145.249.55.249:1177

# Reference: https://twitter.com/James_inthe_box/status/1285294414475087872
# Reference: https://app.any.run/tasks/42fe73c9-d488-4893-a201-f40337b56456/

129.205.124.8:444
bak505.duckdns.org

# Reference: https://app.any.run/tasks/2ed9777d-8227-4bb7-a142-face7c1c4421
# Reference: https://app.any.run/tasks/e4f346c5-87ba-47e7-ab93-fabc01252c70
# Reference: https://app.any.run/tasks/26e4b9c2-7e1a-4f28-89be-445ce6315d37
# Reference: https://www.virustotal.com/gui/ip-address/185.153.222.198/relations

185.153.222.198:2404
185.153.222.198:3189
185.153.222.198:5147
185.153.222.198:5552
185.153.222.198:5579
185.153.222.198:5677
185.153.222.198:5912
185.153.222.198:6666
185.153.222.198:7371
185.153.222.198:20000
academy.3utilities.com

# Reference: https://www.virustotal.com/gui/file/a20c73149b150bbb7bb8069abcbe2c6366ddf712a9d3e5907daa2b44c783d371/detection

193.161.193.99:54017
sanu99-54017.portmap.host

# Reference: https://www.virustotal.com/gui/file/20f049ed4778e06ebcb53b8335a7441666c1b5b12c8106cb183fcffc3e1b0f1c/detection

185.174.102.105:5991

# Reference: https://www.virustotal.com/gui/file/f0c1b7c0322a3d940b5b3388c391dcfd6ca736a975248650a4d8ead0e3569506/detection

84.127.74.183:4782
quasar123.ddns.net

# Reference: https://www.virustotal.com/gui/file/900012c0fcd4c9adae1001b7f32965f2d39629f807bb7bc2c57ce88d043e246f/detection

retard.myddns.me

# Reference: https://www.virustotal.com/gui/file/e46f9d5725828b9ba18e8e5934836b82dc1cdcf67100290c47d673674bcc43f1/detection

141.136.135.118:1337

# Reference: https://twitter.com/_re_fox/status/1293368339423780866
# Reference: https://app.any.run/tasks/63b38da6-63d6-44d2-824a-53d07352b020/

216.38.2.214:1148
sept2019.serveftp.com

# Reference: https://twitter.com/iamwinstonm/status/1294761707445854209 (# VenomRAT, Velos)
# Reference: https://blog.malwarelab.pl/posts/venom/
# Reference: https://github.com/MalwareLab-pl/ioc/blob/master/venom/c2s.txt

http://91.134.207.16
payloads-poison.000webhostapp.com
1.197.16.130:9999
103.121.78.249:4782
109.104.215.139:4782
115.78.135.163:6666
116.203.207.137:4782
123.123.123.123:4782
13.66.218.91:60554
136.244.79.165:4782
139.99.167.153:4782
172.20.10.6:9090
177.45.83.138:34012
185.16.160.204:4782
186.123.32.82:81
186.137.129.110:7770
188.165.165.18:4782
193.161.193.99:1194
193.161.193.99:36267
193.178.169.191:4782
217.114.218.29:4782
3.20.98.123:13935
3.20.98.123:14700
3.20.98.123:18375
35.196.132.85:4782
35.237.4.214:4782
45.77.243.161:7182
5.181.151.210:4782
51.38.29.129:2222
51.38.29.129:4444
51.68.250.107:6361
51.81.105.226:4782
77.140.68.143:1505
80.85.157.34:4782
81.109.117.136:4096
81.109.117.136:6606
82.37.243.209:6606
85.214.90.252:81
90.131.33.170:4782
93.25.186.160:26656
95.181.157.143:3380
95.181.157.143:4448
95.181.157.143:4449
BOSSIX-41718.portmap.host
blackjackk.ddns.net
casadomoticaelle.duckdns.org
chadseybert-52742.portmap.io
dontreachme3.ddns.net
dontreachme4.ddns.net
eceda.duckdns.org
filepony.ddns.net
fivemmods222.ddns.net
leagueoflegends001.publicvm.com
loler123.ddns.net
metin2white.sytes.net
microsoftsecurity.systes.net
nigger69.ddns.net
rays.kro.kr
slicetortoise.ddns.net
steamguard.ddns.net
support-apple.publicvm.com
testt1234.ddns.net
tiago123.ddns.net
van0m.ddns.net
vegaspoofer.ddns.net
venomghost.hopto.org
viperfuck.ddns.net
zbeubzbeub.ddns.net

# Reference: https://www.virustotal.com/gui/file/78b4e6a4b4fa0483b0cfc85e882e3808a8b5d5979ff993ea55a844525d5bf8c6/detection

141.255.144.113:4782
mhmod123.ddns.net

# Reference: https://www.virustotal.com/gui/file/221ec23c0034263020977725da21010e22ef265969d445d2eacf941383a8f38f/detection
# Reference: https://www.virustotal.com/gui/file/3f808ee9391ef2e282b963f23db9442cb04722691fe6f0594c408bb05667df4e/detection
# Reference: https://www.virustotal.com/gui/file/4251d8525baad5ef02878f7eb9b93ce1a1ed1ba9f24faeba9c85a2c490321640/detection
# Reference: https://www.virustotal.com/gui/file/34e34ba6836866ef6f49402f89def0c54fa3252d12c5d88964be4c39ada45860/detection

156.223.185.50:4782
156.223.77.244:4782
156.223.82.185:4782
156.223.94.98:4782
41.233.216.227:4782
lapoire3.hopto.org

# Reference: https://www.virustotal.com/gui/file/ec2e9c8c110756ec3bfcab551b53397221310769db8d7713a88367c43c94ca09/detection

193.161.193.99:38904
scarphed-38904.portmap.host

# Reference: https://www.virustotal.com/gui/file/c6d64d67db1ea314041569ff38363af43157cb40d4ae03a6bfb9c25f82649b50/detection

193.161.193.99:52505
hoptoorger-52505.portmap.host

# Reference: https://www.virustotal.com/gui/file/6a222d7ef754ad21afaffb596fadc1b4f82953c6325e3924d67c68706eeb5289/detection

193.161.193.99:35837
spam-35837.portmap.host

# Reference: https://www.virustotal.com/gui/file/720146e3b059cbafacee69ae0c65dd58cb255383dc7cf16eb71d69cbb05aa393/detection

193.161.193.99:49521
microsoft2020copyrights-49521.portmap.host

# Reference: https://www.virustotal.com/gui/file/3a2c4d045bfb0210a7b0e238a1005a18a6820564d458c1501b723a9f5c5bf90d/detection

193.161.193.99:42038
microsoft2020copyrights-42038.portmap.io

# Reference: https://www.virustotal.com/gui/file/b2c169e3d67e48f2e79e33d7b97ad4da38f8cd9e150bd9f8b408f1a43c946010/detection

193.161.193.99:29492
hwkeyez-29492.portmap.host

# Reference: https://www.virustotal.com/gui/file/7d92373cd202cf3ce22b187976387f566d8969b46d95000f0d4878f6a4bdf2d3/detection

193.161.193.99:42282
apogaming-42282.portmap.host

# Reference: https://www.virustotal.com/gui/file/5d3e2f59f490de57916dc30ca2a33698938717ef6682acf524c272a513db988a/detection

193.161.193.99:27716
pycurrocax-5207-27116.portmap.host

# Reference: https://www.virustotal.com/gui/file/97c3137afaf8fcceded845fd106bbe8d9d8aac1cdef6c0907866be9f7040939e/detection

193.161.193.99:45651
WindowsRCL-45651.portmap.host

# Reference: https://www.virustotal.com/gui/file/6e0526c525c996ca8f3d54bab54a3d575dd9a8416df41dbb8a149c0b4cd52065/detection

85.215.81.202:2303

# Reference: https://www.virustotal.com/gui/file/298bf9f8f1007903eca07d19e00a6754d50791eaf07b34086d97bc8c323f0aed/detection

156.223.102.92:3030
firstcompanyrechner.duckdns.org

# Reference: https://app.any.run/tasks/e3456ecc-2912-454a-a116-01f3cf7bd35e/

177.255.88.109:3876
alfonsoalferez1967.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c2d61b92e92bb73c180b4aba67051650fa728aa19e069b181c0b3f7970c8e443/detection

175.37.36.152:1877
zakelakes.ddns.net

# Reference: https://www.virustotal.com/gui/file/71db5cdfd9e27d2bbb7d43979ce0d9637a1a190549c2c8e978cb1cf5b509087a/detection
# Reference: https://www.virustotal.com/gui/file/1c2b38e7f929c96563e9599eb527f7a27354a34b4d70b4ce8322db8d6b077b90/detection
# Reference: https://www.virustotal.com/gui/file/83200d64a920af3351f315a0c51b854e287917b94579eb4d455c7c1ab945ab0e/detection

194.9.70.179:11061
49.2.123.56:11061
92.53.66.44:11061
niogem117.soon.it

# Reference: https://www.virustotal.com/gui/file/8117dbf1179628d105c6297150e4f18c1ddf952d66e19de9faf93008dffa74db/detection

41.233.248.164:3030

# Reference: https://app.any.run/tasks/e29eeb34-1f1f-4891-94ac-7631364de315/

89.38.99.64:222

# Reference: https://www.virustotal.com/gui/file/baa8fed19ef5ee68817c2ee77807d7e002114eb7402d72023a25f6f9ceae7e11/detection

3.22.15.135:11075

# Reference: https://www.virustotal.com/gui/file/2801e23864a2d65490e0ef7663d0d0e4292242f84d8368f0cdeefa868c375521/detection

18.218.177.181:7112

# Reference: https://app.any.run/tasks/3b577865-731d-4c32-9772-87125c4429d7/

109.236.88.17:5552

# Reference: https://www.virustotal.com/gui/file/0a1a060933d914d898f655fc01130aae36b7d9ee33f98e3c9f01513cad9274ee/detection

185.140.53.135:1111

# Reference: https://app.any.run/tasks/ccdc9825-ae21-4abc-aaaa-e26913013552/

xxxzxxx.ddns.net

# Reference: https://app.any.run/tasks/ca528cfc-8a3c-48bc-a6d2-2e52cfde9e58/

193.161.193.99:29077
z2020-29077.portmap.host

# Reference: https://app.any.run/tasks/553ac7ce-3322-4890-be49-4de1953ff3b1/

193.161.193.99:26273
ZXCVASDF-26273.portmap.host

# Reference: https://www.virustotal.com/gui/file/03ba76ed11ea5c691cba39d4937c3dd18a200911f91b8f741e0f9a5cb27292e1/detection
# Reference: https://www.virustotal.com/gui/file/01ea5b9d22efc873c8e8b1e6f8c7d0f749af0689c19ea9545bd266b66cc11441/detection
# Reference: https://www.virustotal.com/gui/file/937d573d7c4cf550f28ecf87a0cd495bfdd9521e66400bc8d1fe996e27fdc140/detection
# Reference: https://www.virustotal.com/gui/file/1aa0bbffa2da1f6adbe887effd2fe5b85cf6910e48a7ff9233e34d6a2fb103e7/detection
# Reference: https://www.virustotal.com/gui/file/814b70e078c672595023c580716e80ea44cf692d313b6e60d72b5c33e1b9c937/detection

139.162.113.21:10044
windowsup.microsoftupa.com

# Reference: https://www.virustotal.com/gui/file/87ae5ccfeb79d40cc9f4a8fd6a86fb34233a55e8b2de2cbfee3958f2f4dc0a04/detection

104.18.44.248:4782

# Reference: https://www.virustotal.com/gui/file/aacfd54183f4afdf0982230069833b23e78a64d0e7748a4a07afa039d8741290/detection

95.234.164.252:4782
desdemone.ddns.net

# Reference: https://www.virustotal.com/gui/file/bcc61b17a7237aa62e3d4ee4dba06bb53b033ecd4628200ff7c33544b3855b48/detection

51.195.200.153:1177
nazoplay.ddns.net

# Reference: https://twitter.com/wwp96/status/1327896383333019650
# Reference: https://app.any.run/tasks/4f82c810-38b5-4af9-accc-5a8ddf906890/

94.242.224.249:222

# Reference: https://app.any.run/tasks/5d51ce75-0740-4235-b508-47971cf23fa1/

185.244.26.221:4782
devils.shacknet.us

# Reference: https://www.virustotal.com/gui/file/d41310d33dccb0343373261b7c5468f89329095556eede577686b4864446e8d0/detection

194.5.97.88:4770
brightgee1.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/9d913ac92ef644aa22656ee6cb54e4590729477be7d65e5980fe9b2b272d9078/detection

124.62.162.230:9600
korea12.co19.kr

# Reference: https://www.virustotal.com/gui/file/a6cb60fb9e287fd0f8aca77c1cde66dff1e879822f80a797bf635313ab9cae96/detection

ddns170.airdns.org

# Reference: https://otx.alienvault.com/pulse/5fcb77747ed85445c567eef4

mail.hsjinteriordeco.com

# Reference: https://www.virustotal.com/gui/file/9599df844bcb3e0be8cb99e96114b3f36b8ba5e34144ac667ed6af14993c2b67/detection

5.8.88.191:8080
sockartek.icu

# Reference: https://app.any.run/tasks/7d2ac8cc-2aaa-4466-9780-921ee5891a63/

45.13.58.25:9999
mynmds.myq-see.com

# Reference: https://www.virustotal.com/gui/file/f0e8b7f7e23ca59f8913b7507c420abe3f81bbfd48a0b78531ff28ecb78a916f/detection

193.161.193.99:34240
zezoro321-34240.portmap.host

# Reference: https://www.virustotal.com/gui/file/03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca/detection
# Reference: https://www.virustotal.com/gui/file/4db8e6a74e70cae2842e96711c617f4c8c6654ac9c487dd90a728f4a8d558bfe/detection
# Reference: https://www.virustotal.com/gui/file/3b3a0f30ba6beee60ff78b8762673cd547f3aa32371feb4c6ad082a7ad4711e9/detection

178.124.140.134:1970
185.157.162.81:1970
185.86.106.226:1970
xyz.videomarket.eu

# Reference: https://www.virustotal.com/gui/file/82c614670064affc788ff48a0474c782d9d4f91b6f0ed191a5bbd71f7c5f4d1c/detection

88.24.171.143:4782
hackblood.bounceme.net

# Reference: https://www.virustotal.com/gui/file/80c46f4aff799888e97a25b7c75580d7d5235f8bbc91f3090ba8e840018b81ce/detection
# Reference: https://www.virustotal.com/gui/file/0cc6df9a0a29276120d4552a6a64a110b571e6f223c93678f78c3f6dd054f255/detection

pashalol.ddns.net

# Reference: https://www.virustotal.com/gui/file/c4c8e6d34090b2d68aad28fc0ae0d8630c4a8ee58169b0f30600b9f50713d5e6/detection

193.161.193.99:43971
password0-43971.portmap.host

# Reference: https://www.virustotal.com/gui/file/903f547b462548cc2b4d19d9195b2301ce624e3de48e18941364c17954f76a0e/detection
# Reference: https://www.virustotal.com/gui/file/ab4d2429d0d15b5999ebf2f312b187ff4ef67d6a3500816cb6140b03fed0bcf2/detection

105.154.186.111:4444
105.155.90.11:4444
cd5e527fb8.hopto.org

# Reference: https://www.virustotal.com/gui/file/0813c443788eaaa34194d78a1d9e9cad94f18c54d75f68d6ca1a306f410db934/detection
# Reference: https://www.virustotal.com/gui/file/c86f7c8a5ba61582390b76266b9bd3d5b0b324f9b17736d8fe9731464a240229/detection
# Reference: https://www.virustotal.com/gui/file/75528a32a51ed0f5bbec33eec6fc6bce72f505a3be5de97c54d56e11f3668f11/detection
# Reference: https://www.virustotal.com/gui/file/318c45bb26241801c1ed0819289b9b49d2aef61934344892c39c67dab936e1d8/detection
# Reference: https://www.virustotal.com/gui/file/34e1c4149be373470b23ae9b0ca7613c77afa228dbe9ff38c6bb2f87cf28b3d8/detection
# Reference: https://www.virustotal.com/gui/file/5ec7e5c7793093fe1d1bb7f98cdc388613da7df767cbdf40fae19b93b1965147/detection
# Reference: https://www.virustotal.com/gui/file/bb9a1578f59d63b185023ada6c485e8b5cf9336e4b6bd3cad139d234b4f03c6d/detection

54.39.152.114:21
54.39.152.114:55132
54.39.152.114:55646
54.39.152.114:57182
54.39.152.114:58039
54.39.152.114:58275
54.39.152.114:60671
54.39.152.114:60792

# Reference: https://www.virustotal.com/gui/file/0294e192621b21d5c8f2288496930fe5e947fd66cdff1a119ca2f8bbdd8a537e/detection

193.161.193.99:36284
stremtyyt-36284.portmap.host

# Reference: https://twitter.com/mstoned7/status/1346240500576047104
# Reference: https://asec.ahnlab.com/ko/19439/ (Korean)

103.125.216.106:8080

# Reference: https://app.any.run/tasks/12ddb9d3-9e26-4506-993e-91e1d8a6c865/

185.157.162.81:1972
yz.videomarket.eu

# Reference: https://app.any.run/tasks/9b940d78-781a-41f7-8c83-6bb53a772eff/

193.161.193.99:48089
vusal0219-48089.portmap.host

# Reference: https://app.any.run/tasks/3136a32d-f462-4a63-91ad-ed6fc5128ac7/

167.172.160.108:8008

# Reference: https://www.virustotal.com/gui/file/587fd4af21f5b7843bfb58ba965bd8a7f245aa11eaea82ecd649019b27596e06/detection

trashddns.hopto.org

# Reference: https://www.virustotal.com/gui/file/dab6379a2915bfe18c4734d0ba081673b1275a566cf6b0ef722fe49442cec9c8/detection
# Reference: https://www.virustotal.com/gui/file/1b3a5d67420261d445d7cb30709db5f35b565a572c715e69fb44ee886a9886d8/detection
# Reference: https://www.virustotal.com/gui/file/832ae6fdde4e6c0c5e3dd0cb14c8626310f9f2c4e6ff19b6da9227f03d800d62/detection

212.102.50.120:3088
3.34.248.52:3082
3.34.248.52:3088
winupdates.myftp.biz

# Reference: https://otx.alienvault.com/pulse/600184f66ce603ae4330b79a

dakesse-21018.portmap.host

# Reference: https://www.virustotal.com/gui/file/196a12b406480570e64fd78166249d694b67ecdfebdd94f648d38d3d3c1b6af8/detection

viper.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/a2af5a2dcb355de6beab587bbb594eca70c35ef0eaacb1db2772997fae62da9d/detection

elixr.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/f234480632c908053869cfec4f31a2077dc2bf92df6ccebfbbd1e25c38924996/detection

neji.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/68b1e631965fd0f1c53a69fd2611aaf5776df3f7480c5666628d42af9fa71eee/detection

105.108.195.156:82
kakobik.linkpc.net

# Reference: https://www.virustotal.com/gui/file/0b51b8480d05467c4d535fa4c3e73d0bcec79b573d45a121708863d97c14853c/detection

haha.servehttp.com

# Reference: https://www.virustotal.com/gui/file/707189ddb2b7df88888e5ad95e275bca6d4a75e6b1b6f5957ad37cbd66cc9cb5/detection

stp.servehttp.com

# Reference: https://www.virustotal.com/gui/file/a48d0e87dfd7dfec35ccb85e395a866bd9ca5fee6a64503ca26e166d09d21ccc/detection

204.95.99.109:82
tms.servehttp.com

# Reference: https://app.any.run/tasks/13054168-9eb0-4561-bfa8-cab61ee66cb6/

185.244.43.60:4782
185.244.43.60:5552

# Reference: https://www.virustotal.com/gui/file/a073f05706d7f6668b10e93de3057846addf282d827eb77597eb975ed75022dd/detection

87.66.106.20:7642

# Reference: https://www.virustotal.com/gui/file/1cfc9cc516bee497baa6533fdd061e21179263f80cb1777a2632b140e5ef3eb4/detection

87.66.106.20:4782

# Reference: https://www.virustotal.com/gui/file/f48edae04aded0b2c5bd17ef1b0bd478c2439c60e5d489d50354f1c1a086c4ae/detection
# Reference: https://www.virustotal.com/gui/file/9216307e273a047bfc8576e0cd020f1aa99c7deae432a9c0e4cd6970b9a0d8be/detection
# Reference: https://www.virustotal.com/gui/file/888cd3e0c9046fc3b5e2441b7bada003552c0bd346f9bc284307e786c0705b12/detection
# Reference: https://www.virustotal.com/gui/file/98f9c04c6d4a44e2e04440b4816932a383f4725fced77d4fd61eea2301a9d1ee/detection
# Reference: https://www.virustotal.com/gui/file/c6d27d7c4b643205bbfb6b42d02e70865dcfcace603fd0bf588f60d4deba7674/detection
# Reference: https://www.virustotal.com/gui/file/a4a9d8e54b6cdc1f0743eb9d42bb55a7d5f81517f1391dc1e1786847e6ff6c8c/detection
# Reference: https://www.virustotal.com/gui/file/83e8bf52029e0d61ff9f07b02d52e1a32deb46d7258f4212ba018c3f9c4eb305/detection
# Reference: https://www.virustotal.com/gui/file/239b5f0f4ace74ca154c49814e30670f94f7008baaf6a3a978f4c8fceaf776e4/detection
# Reference: https://www.virustotal.com/gui/file/846e619b72311320846057131325e3197c5e317446f72d34787686646a61af04/detection
# Reference: https://www.virustotal.com/gui/file/63407b80d92c77e4ecc5a953b9ffd0b88768bed58e7c9789348cf57cdb4fe04c/detection
# Reference: https://www.virustotal.com/gui/file/7b87ddbee7b40b901a60f10a6944099378311563a9c367ebb46b79c7b49f747b/detection
# Reference: https://www.virustotal.com/gui/file/8921811046b0174d2372fc6abc359f3dfa04033f9c8b9c70a055836c3c7a1aad/detection
# Reference: https://www.virustotal.com/gui/file/5d22085aec8646c9c4615ed5babd765eeeada5e7b54d960aad9cfa9ef50e851a/detection
# Reference: https://www.virustotal.com/gui/file/13c12d4e10d3b446e5056bc710fdfd9883c55f5269207b39970814265c176ba6/detection

102.52.0.42:2514
105.155.221.57:17935
141.101.168.56:2514
141.101.168.62:17935
141.101.168.75:2514
172.94.62.102:2514
188.72.101.107:2514
188.72.101.141:2514
188.72.101.149:2514
188.72.101.150:2514
188.72.101.151:2514
196.71.79.159:17935
41.143.164.21:2514
41.143.204.82:1425
wxcvbn2.ddns.net

# Reference: https://app.any.run/tasks/53ef1cb6-bf18-426d-b10b-ef70edb4019e/

193.161.193.99:33409
jebacdisaskurwysyna-33409.portmap.io

# Reference: https://www.virustotal.com/gui/file/19ea4f8d6f36b7a8d5b8ade979f2d2ca56b21075e7100700c6dca6a4731c0322/detection

microsoftns.dynamic-dns.net
microsoftns.system-ns.net
supportwin.dyndns.pro

# Reference: https://app.any.run/tasks/d6c127ea-47c9-43fa-a188-77924207f648/

cupastore.ro/zook/

# Reference: https://app.any.run/tasks/6588ffdc-9204-46eb-a999-21c08c3db64b/

2.56.152.93:1604
2.56.152.93:54984

# Reference: https://app.any.run/tasks/ec9d6cce-66b7-46c1-a057-f24019974d42/

193.161.193.99:42884
paul994i3-42884.portmap.io

# Reference: https://www.virustotal.com/gui/file/7cae26824336e46214fe0635d3c73073dfffbe38909896a6a586f939d39e091f/detection
# Reference: https://www.virustotal.com/gui/file/c04b1facc631a33e22799f2ba896ed90e485b9e3e1dc26f83b660cadf98ddf36/detection

82.202.167.227:4445
82.202.167.229:4444
mnl485.hopto.org

# Reference: https://app.any.run/tasks/72e3f753-c529-4b64-8319-e25fcdba2e58/

172.104.63.12:4782
blackfriends.ddns.net

# Reference: https://www.virustotal.com/gui/file/a3fa75a72b8e74f8907911061f06378d5eb56762c204019d5a61ff63c9b31ce3/detection
# Reference: https://www.virustotal.com/gui/file/3c2520e74f1afbd199c2f3722f7d29ea5bbcc743fac84ef35c7126a72ba995e0/detection
# Reference: https://www.virustotal.com/gui/file/88175cfd23cf4f14077a7de848eda87fd603b59a1c4b47d69e589deb91ce87e5/detection

178.187.178.66:25055
178.187.186.145:25055
178.187.233.124:25055
scandalize.bounceme.net

# Reference: https://www.virustotal.com/gui/file/baf003124429c4fe49b8b6c5f55762a54378d3c2e12c44ba2a5c8e8d5c33cf08/detection

177.205.152.182:4782

# Reference: https://www.virustotal.com/gui/file/8484a7a2ead6abc20fae7bb2db2714fa0e9f5544dd1484e2774a472d4bae35e7/detection

95.165.5.79:1338

# Reference: https://www.virustotal.com/gui/file/c1223b7097737efe776fee604cb4557e6e8668ef29b435ab42e053621a1e923d/detection

95.165.5.79:1339

# Reference: https://www.virustotal.com/gui/file/7bd59fd11300f587bc2830fc3543e89dbdfb71f2095e4154447720aa35791efb/detection

31.220.4.216:4782
baggard443.ddns.net

# Reference: https://www.virustotal.com/gui/file/dbf987aa1a9f886c3e9c4a7a2efa26a33fb63ae5cad5f1b06dc0a85bb2d5c6e1/detection

82.29.120.193:4782

# Reference: https://www.virustotal.com/gui/file/ab127e608e37fb20be0e23c048cb5b35a3dcdfec1abfda80ea971914b18a18f5/detection
# Reference: https://www.virustotal.com/gui/file/0417a72247b87e34735206c56f625477cf5a93ff1adcf7e6cdcc2c72ed636235/detection

65.21.19.42:6969

# Reference: https://www.virustotal.com/gui/file/81457d43d3d1fbef9a4f102aa64d267166f193ba9886817ff56ecb8f12ae85b6/detection

172.111.154.46:5555

# Reference: https://www.virustotal.com/gui/file/9406e240514471d7af9f2ad55985fd3b34b9636924a392686316b4e23b0bb543/detection

164.68.122.235:5559

# Reference: https://www.virustotal.com/gui/file/8c087fe6a295dcb398447069e0a7f7ade16291acdc959751337fb9d650097814/detection

50.34.62.208:4444
certalaw.ddns.net

# Reference: https://twitter.com/pmmkowalczyk/status/1374061231934484482
# Reference: https://www.virustotal.com/gui/file/eadcb3875456a7061f5ada0bb2d90b0489970fb6fa92ae276af4ddbb65575dc8/detection

176.31.8.233:4782

# Reference: https://otx.alienvault.com/pulse/605f1f7b0b6771231bc9b3e9

ketamin.jednoduse.cz
niggerballs.funsite.cz

# Reference: https://www.virustotal.com/gui/file/4851f56184e0254f14ae9f3351f32a16e5761892375d7baa685a8a7096675f55/detection

193.161.193.99:54721
193.161.193.99:8420
voxxx-54721.portmap.host

# Reference: https://www.virustotal.com/gui/file/fc4d7f21116c0f5d9629490536a4932a6acdf53dda5a6a86f232d7fc283c9675/detection

185.204.1.236:1528
pisulka228.ddns.net

# Reference: https://www.virustotal.com/gui/file/e62d5d03c66c9d4bfef592850e8e0589d3fe4bf81b582627d53fd9666eab4499/detection

85.25.93.141:82
monlolo.publicvm.com

# Reference: https://www.virustotal.com/gui/file/ed63e1665ccf622e7db42689fac31491ccdad75a37c328e2bcffef958e2b0a85/detection

81.225.131.230:4782

# Reference: https://www.virustotal.com/gui/file/e3b7a3f309ac6b5dacb02cf23af104f79ac16b537be3a71b03eafe034e3e66f3/detection

104.220.155.240:139
flyhighontop.ddns.net

# Reference: https://www.virustotal.com/gui/file/fba17f739e49a3d2971b3240a0f151a38d362b54ea91d465131e35d487407e62/detection

46.101.249.24:59863

# Reference: https://www.virustotal.com/gui/file/a64ad0ace6bcedb3d6b6fe281696e1e9f608f0dfb448ec15d99b82403d259ea3/detection

noamkennane.ddns.net

# Reference: https://www.virustotal.com/gui/file/3db8dffa572ff7fb2cabcae80f33f58305d2ef01b8cc59e97a032ae1634ce43a/detection

178.194.244.97:9081
rrnns.ddns.net

# Reference: https://www.virustotal.com/gui/file/1b23264d466775652ab9a55156a66d6b6ee4f494ca435856d9236aa47449459e/detection

89.160.26.37:1807

# Reference: https://www.virustotal.com/gui/file/78047575407c55f45b582f01ce6112136fa06200e9c98ed714833a4bba56cbeb/detection

151.115.36.90:48716
war2.playit.gg

# Reference: https://www.virustotal.com/gui/file/ac6cb34e13a090e1704b0b37057d0d71447c153fe01203f9c034ca6d9649d1b7/detection

134.122.66.170:54882
amazing-locket.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/feed59f571e1e7e9c4a6a308debe76ec5e6c1ec8ee6f587e80fb36100a85c176/detection

134.209.194.210:56966
awesome-street.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/034b2dcff6b90ed402439cc9406f951264df4f884219ba9c6c06f40c9b5f88e3/detection

134.209.194.210:55383
whimsical-sleep.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1c508e1680871ca36b601eec6c8404eb4d0580bc9c40535a562b0c0a98efbbac/detection

46.101.249.24:52838
fnk2.playit.gg
whole-range.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/17ab3138b8d663151506c9781e1d7185ec5162ba50f914905d3b2015e7a8c4e8/detection

134.209.194.210:59559
mighty-ear.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/43ed3800cf12ce5e5cb4014c776404de2b8758b1c4e9a0f720c3372e0c8492c5/detection

134.122.66.170:58810
ad-business.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/eba893dcdd2eca6dc2c73edb2bc55caa72ec0181e385fd53091809535761fd35/detection

134.209.194.210:59313
striped-page.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/17619c62a9481d0df457e78676427cae921a6c893340e00b31dc848ad51d52b0/detection

46.101.249.24:55732
spotted-feeling.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/fb41b76f7b9eff1425e2ebe84c2717abaf3510c0447f92f3371305a571596d7f/detection
# Reference: https://www.virustotal.com/gui/file/718b6ff7898ca5c0d3365bfcbf3075927d2d82d09c4339cd4e2b50fb635cd4bb/detection

134.122.66.170:43533
151.115.36.90:43533
straight-anger.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/9c31ff69fc51ca8009806734f71391cbfc0c193f36d0721f009679e2ff87e462/detection

46.101.249.24:41798
narrow-ink.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/f700dbb00b021ec7aae45730deae300139cc3e644d6375d7d9d2a6d2330bb0d6/detection

46.101.249.24:41705
extra-large-step.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/8b991be4706455f00586b345e836f27f8bc7c739a5e74090f425267f7e23230b/detection

134.209.194.210:43523
brawny-seat.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/4f659f6cf574a8904cf22199060ba624ce9da8d1bc8109144737915ec014987e/detection

151.115.36.90:46094
gorgeous-leaf.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/abec58e458a1fa4f7ccc6e973b92fbf66c514be260c898418e1f841d2494f009/detection

151.115.36.90:57331
changeable-giants.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1ce8680acc2835396aaedc6a25fdfe5f5c870558462bd303de540425f671b499/detection

46.101.249.24:55340
complete-payment.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/19e244532cd6ad24727c86f56b5cdff2602293c66851696e3ee2214b6f8bd3b9/detection
# Reference: https://www.virustotal.com/gui/file/48177e1ead1bdd70f6ebdb8c4441e78ad669103e8d4d26fee4b37a1f823832c3/detection
# Reference: https://www.virustotal.com/gui/file/690426e7d8467c818fe9ee7235480722898ddff21a880f28a1beca78afcefad7/detection

134.122.66.170:58810
134.209.194.210:56579
46.101.249.24:56403
ad-business.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/91168324a09faafa887ef10df274041fe4d08f61ae1ff46c289d5f9980d488c0/detection

151.115.36.90:47956
possible-fang.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/d9bfb7c59b057e74b499903db445403bd52f7749c7769861839d6180ad3bb287/detection

134.209.194.210:47610
curved-pickle.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/96a48b55c3778439dc40d26ad0253d75e706187d08a1144e4fa0367ba81fb93b/detection

134.122.66.170:51717
normal-head.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/c53aac525970eab5237d076ed8d546bba4a5392ba7b5853ec1aae924f56f9551/detection

151.115.36.90:59217
151.115.36.90:59218
flimsy-punishment.auto.playit.gg
solid-daughter.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/837b9a497f114cab46d6d2048b3b7fee8d05acd1a4d41611bb49516e99a38f2f/detection

46.101.249.24:59842
46.101.249.24:8182
89.70.105.138:6801
89.70.105.138:8182
true-blood.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/66318276cb8c1d91f6c5a18150894ad855291a56ad5827fd72517c9e2bde3be9/detection

151.115.36.90:58708
46.101.249.24:59863
dazzling-appliance.auto.playit.gg
lamentable-rail.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/3b84dafeea7371a64717b2923acc1846bc95dad25593aa62835479320700eb7c/detection

193.161.193.99:2222
193.161.193.99:35036

# Reference: https://www.virustotal.com/gui/file/8408d1f093d32f89a3ce5ba353e9c3040ddfb5404666fde3dd66816df9927496/detection

46.101.249.24:52841
thundering-grade.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1a2afe47a8f33065790e4db59e44e6df8c1ed94ce539e602a3c4c96f23c6f7c5/detection

151.115.36.90:53960
adamant-ear.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/2914cdab27d016c72c57f394b65bf0e58123ca7beac43abf77954d3e5a519e3e/detection

peaceful-woman.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/78047575407c55f45b582f01ce6112136fa06200e9c98ed714833a4bba56cbeb/detection

151.115.36.90:48716
astonishing-cent.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/5f4f3656295faa101f83c611df9d1842773d27d8fe52a63317dd527c9433abd7/detection

134.209.194.210:51952
roasted-flag.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/67d44cc5b685c7b4155145afd1bc4a1e1f052f94af56e9de8efc1ce097fad4d6/detection

134.209.194.210:49473
witty-apple.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/404b9b48521597b0c740cd0f945c0c2050ff9c4b1c1e98164ea9bc89e854f9d6/detection
# Reference: https://www.virustotal.com/gui/file/9627bda879a554b285be5321a6e3c206c88d86c0040782d49679f89a92ab3fe1/detection

134.122.66.170:45908
134.122.66.170:59566
miniature-road.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/ca98d71d7440f5b6c680c99824931c10fb5f0055a710ee059fb1978455cc9596/detection

46.101.249.24:58736
steady-cows.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/fbebdf6e8fa43a2458cd66a14dfa5b7127727c55b93a67f40f400e8c48b6a92f/detection

134.122.66.170:40020
abrupt-zinc.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/061fa898d76a5b1abb5fc77ecc6fa935bdd0476f8973b8494617d01c81ef8005/detection

134.209.194.210:42533
wide-party.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/93f9dc469e9aa67e641e2f0773a1362eddf91ee6b8e3cf42680dd8f55f1327db/detection

mrmonopol.de/Download-Status/Menu-Status.json
mrmonopol.de/GetLoginCount.php

# Reference: https://www.virustotal.com/gui/file/e2ba0150a208eab7dc9a705540cfaa5687e2f70081d5cd87032beb08b4556d68/detection

135.181.170.169:111

# Reference: https://app.any.run/tasks/65b32213-989e-4e3c-8239-412e0bf8110e/

77.29.72.108:1900

# Reference: https://www.virustotal.com/gui/file/bea681346030b94a93aa5e888c60cbcff238835fe066e2f518ba27a116c0dc40/detection

24.101.234.141:4782
bigass33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c04b1facc631a33e22799f2ba896ed90e485b9e3e1dc26f83b660cadf98ddf36/detection

82.202.167.227:4445

# Reference: https://www.virustotal.com/gui/file/c13f62c823eaa3253a15824288e526c454bb311a1c7d51547f777495cd115b19/detection
# Reference: https://www.virustotal.com/gui/file/f31a7aa81569e5f9cb7cfd42e617c9d7e9564727edbd58666368c98e41ab9a84/detection

185.63.190.102:4445
185.63.190.190:4445

# Reference: https://www.virustotal.com/gui/file/09b554ac2170b876c7a602d616782b3ee93a22aebed13ce4ef6eb56ee04ea457/detection

95.111.241.233:786
jayshreeram.cf
/windows/fghdcfrtxcgfvhgdfvhdhtgjdsgvhtgt1b.txt
/fghdcfrtxcgfvhgdfvhdhtgjdsgvhtgt1b.txt

# Reference: https://www.virustotal.com/gui/file/a55a037feda593917f9c302f51159ee9835e4ac1fc3320cae36ead2202658f02/detection

104.243.252.61:4782
managementlover.hopto.org

# Reference: https://otx.alienvault.com/pulse/60c745f853687724fee52779

crnjari.myftp.org
titine555.ddns.net

# Reference: https://www.virustotal.com/gui/file/b01426ea91c9a88de2248a505a2307936e11ab06e1f84516e308ee69bf7f0407/detection

zeroplan.no-ip.biz
