# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: voidrat, venomrat, velos, vermin, s400rat

# Note: "Today I'd like to introduce you to VoidRAT. Void-RAT isn't a new RAT, it's more of a fork of QuasarRAT. It's also not new in the sense that it's been in active use for several years. I scraped several hundred from Pastebin alone since 2018." -- https://twitter.com/pmelson/status/1249375189638344707

# Note: "This is, in fact, the source of the poorly implemented crypto I've been working on the last few days. VoidRAT uses AES to encrypt its configuration strings, similar to QuasarRAT. In fact, the static Salt is identical to Quasar, just stored as a decimal array instead of hex." -- https://twitter.com/pmelson/status/1249375191114764290

# Note: "VenomRAT - new, hackforums grade, reincarnation of QuasarRAT" -- https://blog.malwarelab.pl/posts/venom/

# Reference: https://twitter.com/DynamicAnalysis/status/1034828121126723584
# Reference: https://twitter.com/James_inthe_box/status/1034829960647593984
# Reference: https://pastebin.com/MgAd0CzR

syscore.duckdns.org
watchdogdns.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1044187140626796545

nhatquang.club

# Reference: https://twitter.com/Racco42/status/1050763535888867328

lagos042.ddns.net
manuel3.publicvm.com

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-menupass-quasarrat-backdoor.html

195.54.163.74:443

# Reference: https://twitter.com/silascutler/status/1154137754051239936
# Reference: https://pastebin.com/s6pkzu0z
# Reference: https://otx.alienvault.com/pulse/5d39d3634b2ef4d157a1f8ae

hostzsz.ddns.net
rkr003.ddns.net
131454.ddns.net
609574.ddns.net
928hafa7.ddns.net
abcdhacked.ddns.net
acidos-44965.portmap.host
adiwax.duckdns.org
afdafadfdfdfaa.ddns.net
agoraadn.ddns.net
akaimpk.ddns.net
alexrobin.hopto.org
alibabajob.duckdns.org
allurbase.warzonedns.com
alphamission.ooguy.com
altsyst3m.servegame.com
aminaqi-32028.portmap.io
androidshegaon.ddns.net
apina123.duckdns.org
apo.myddns.me
argoogle.ddns.net
asdasdjla.ddns.net
ausliandns.ddns.net
auw8duii3j5.gotdns.ch
aziziyehack.duckdns.org
babagee.ddns.net
bebe228855.hopto.org
bigpouley.ddns.net
blacklji.ddns.net
blackslight29.duckdns.org
bonsaichiled.freedynamicdns.org
boooing.hotpo.org
broly.mywire.org
bugido.ddns.net
carbonhdspeed.ddns.net
carelesspineapple.ddns.net
cerberus1980.hopto.org
chad3eboz.ddns.net
chrome.fagdns.com
ckleins.ddns.net
colinmdu78.freemyip.com
cryptoeverwin.ddns.net
cryptoslayer22.ddns.net
csphagah.servegame.com
dancen.ddns.net
dankmemes.ddns.net
darkhorse777.ddns.net
darkkutjood.ddns.net
darkslazz9988.ddns.net
dcgame.ddns.net
ddsess.ddns.net
deaznam.ddns.net
dertanion.ddns.net
dexter1234.duckdns.org
dfssdfds3422344.ddns.net
dnsinass.hopto.org
dracia321.no-ip.biz
dragonslayer22.ddns.net
drdep.ddns.net
drhack.hopto.org
drkcmtt.duckdns.org
dschndr.ddns.net
dupal13.ddns.net
dzchackteam.duckdns.org
ededwdwdwd.hopto.org
eduardorouter.ddns.net
eznecum.duckdns.org
faded.hopto.org
fahd2010.ddns.net
fahd20101.ddns.net
fgeha777.ddns.net
fluffyunicornsftw.sytes.net
forst5ns3a45gpnz.onion.ws
fortnitelol.kozow.com
fromnvpns.theworkpc.com
galacto17.hopto.org
galrov2.ddns.net
gargamel.duckdns.org
ghostisreal.ddns.net
gingles.ddns.net
google64.sytes.net
googlead3321.ddns.net
googleisp.ddns.net
googlessh1.ddns.net
grundle.ddns.net
gsmboxupdates.ddns.net
guccigangyesxddddddd.duckdns.org
gud.ddns.net
hackmee.ddns.net
hackportals.ddns.net
hackprova.ddnsking.com
havocplays.duckdns.org
haxerjack.ddns.net
helloworldhere.ddns.net
hellsharion.myftp.org
henripizio.ddns.net
henripizzio.ddns.net
heros108.ddns.net
holydns.warzonedns.com
host420.ddns.net
hostestreitr.ddns.net
hostvertice.hopto.org
icecreem.hopto.org
icmsecurity.ddns.net
ignuxas64.ddns.net
ilsk-56205.portmap.io
imjustdoingmyjob.ddns.net
internimus.ddns.net
ipointer1604.sytes.net
ivaiva.ddns.net
jacobjones965895-53801.portmap.io
javaupd.ddns.net
javvaa.accesscam.org
jercky.ddns.net
jonreg.ddns.net
justdoitfast.myvnc.com
k1nngurr.myftp.org
kanat26.duckdns.org
katrol1.ddns.net
kekhaxim.duckdns.org
keremabi.duckdns.org
kleur4.ddns.net
kurban187.duckdns.org
lab-wired-kvvgzjkkdr.dynamic-m.com
lancelord88.ddns.net
larofagol-50266.portmap.io
leghost.ddns.net
lekee.duckdns.org
letmeinpls.ddns.net
levinx.duckdns.org
lfjdslkjfslkjf.bounceme.net
m1ngs1.ddns.net
marcirat.ddns.net
marjoserver.ddns.net
martinou.ddns.net
maximazorreguieta.ddns.net
maximazorreguieta.no-ip.info
maxwilly4142-45474.portmap.io
mecanic.freeddns.org
mehack.ddns.net
mertens.mynetgear.com
miseri.duckdns.org
mlks.ddns.net
morokko.duckdns.org
mumbai.webhop.me
myhostdown.ddns.net
myportnotblock.001www.com
nanorat.ddns.net
naskopv.hopto.org
nattawut.ddns.net
neg4tif.duckdns.org
negatifrat.duckdns.org
nemesis423.ddns.net
neoxyne.myvnc.com
new.windowsupdate.live
nezaki-backups.ddns.net
nhk123.ddns.net
nicereverse.ooguy.com
niggerlovers69.hopto.org
nmahnsk1.dynu.net
noipkrutoy.ddns.net
okapia99.ddns.net
omikronium.ddns.net
omka11.duckdns.org
omniserver.redirectme.net
oofed.ddns.net
oofed.sytes.net
oogboog.ddns.net
opstatun.sytes.net
orcabot.ddns.net
p6solutions.hopto.org
paintedwolf.ddns.net
pass2233.ddns.net
pass2233.dzuboks.fun
perdunelo.ddns.net
pigeon143.ddns.net
pingvinic1998.dynu.net
plasty-48256.portmap.host
ppupsekovich.hldns.ru
ptpftp.mypi.co
pusheax.asuscomm.com
q196vbd21.dynu.net
qq529879477.mynetgear.com
quasarandroid.ddns.net
quasarcengo.duckdns.org
quasarez331.duckdns.org
quasarrat.ddns.net
quasarsaiiut.ddns.net
quasartest1.warzonedns.com
qwerty1.ddns.net
qwertyasd.hopto.org
randomhost.ownip.net
rat.bcn-pool.us
rat555.duckdns.org
rat80.ddns.net
rdexter01-50242.portmap.host
recel.duckdns.org
ref12dert6789hty.ddns.net
remoteadmintool.webhop.me
ricardobola.duckdns.org
rizacomet.duckdns.org
russiansecurity.ddns.net
sandshoe.duckdns.org
sclrtlol.gotdns.ch
sezzer93.dynu.net
shadowfriend.ddns.net
shtumichael-40213.portmap.host
simoalal.nerdpol.ovh
sissnemomdesiss.ddns.net
skills.sytes.net
skullman.duckdns.org
skywalker12.ddns.net
soc123.ddns.net
soulnomad.ddns.net
srw-1.noip.me
stealer123.ddns.net
stickygreen666.ddns.net
suckmydick.urown.cloud
suus.ddns.net
svchostddns.ddns.net
tannmistann-31237.portmap.host
test.killwaf.com
testerhousing.ddns.net
testinghouse.ddns.net
testocertificazione.ddns.net
testtesta1.ddns.net
thefatrat23.ddns.net
theprohd-59801.portmap.io
thewayofthemagic.ddns.net
tivict.duckdns.org
tomwahl.duckdns.org
tvariamxuy8.hopto.org
umutgokmn.duckdns.org
unknowhost.ddns.net
urx.myvnc.com
usermata-64665.portmap.host
wareztech.ddns.net
welmer2018.ddns.net
windowsbrowser.ddns.net
windowshabitat.serveirc.com
windowsupdate.asuscomm.com
windowsupdatereap.ddns.net
wsad1122.dynu.net
wuenx1.duckdns.org
wuenx2.duckdns.org
xcorpitx.ddns.net
xeroxhaxor18.duckdns.org
xtremepwned.dynu.net
xtrhost.sytes.net
xylem.duckdns.org
y33tmasters.ddns.net
yaplonkod.duckdns.org
yawani.ddns.net
yesdatpls.duckdns.org
yesps.myvnc.com
youdontknow.ddns.net
youknow.duckdns.org
zeroherecompany-64861.portmap.host
zotrix.ddns.net

# Reference: https://twitter.com/Arkbird_SOLG/status/1157319751238131717

195.12.50.172:46405

# Reference: https://twitter.com/JayTHL/status/1188498558653206528

82.146.51.150:1604

# Reference: https://twitter.com/JayTHL/status/1194671413304672256

206.189.182.212:9999

# Reference: https://www.virustotal.com/gui/file/3af74379234601c1d9cda4e8b20b901b604d6892ecd1e42802303756fba6980c/detection

185.217.1.186:8320
faxjohn01.twilightparadox.com

# Reference: https://twitter.com/killamjr/status/1198459182112006144
# Reference: https://app.any.run/tasks/c0af3b26-4d68-461e-b84b-281f2ee2bea2/

mybaby.hopto.org

# Reference: https://www.virustotal.com/gui/file/3cff40b8cf70ab8685d591e9b7de92e231e86510ea2480b53f24ea25e8aff450/detection

79.134.225.90:4782

# Reference: https://any.run/malware-trends/quasar (Note: as seen on 2019-12-04)

kanat26.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io
aras008-48301.portmap.io
utku01-35105.portmap.io
magicme-54389.portmap.io
gmxvpn-51019.portmap.io
SayNigger123-51458.portmap.host
tkmremi-31995.portmap.io
james871-47359.portmap.host
anonymoushosting-60450.portmap.io
baroud-44589.portmap.io
MORFEY888-55156.portmap.host

# Reference: https://www.virustotal.com/gui/file/8359bc60e9b5bb6c84e0ecd851ead7e4d947482ef0f4997fd1cae2788de842ef/detection

193.161.193.99:33874
meol3555-33874.portmap.host

# Reference: https://www.virustotal.com/gui/file/bb4857b0afa4733905f6f411dcba41ab1e20fe80822d16419fdbf297d10650a9/detection

193.161.193.99:41317
virritast27-41317.portmap.io

# Reference: https://www.virustotal.com/gui/file/4f1de211a439c69076f3c1177ea8135f02a7d6826f6435d93fa2f25b2f035aed/detection

193.161.193.99:30980

# Reference: https://www.virustotal.com/gui/file/01bcba7c8d15fcb97a8c3923dc430f822bb3955dd17611b65008a081679f6910/detection

micalter-62870.portmap.host

# Reference: https://www.virustotal.com/gui/file/5abd187ef6fd30ccfa247191af0dff8b453a7c2815195b93c817e071b1c42451/detection

193.161.193.99:59558
bigbant-30187.portmap.host

# Reference: https://www.virustotal.com/gui/file/0af78e5236f8e26e209545f5b7341b73e8374e26accec827919d9cf3d545a785/detection

befogtad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2bbb5b2eb692d744cf979b786323ee6f515b19617d0c73e1b2c6b45897a04352/detection

193.161.193.99:31776
koyo-31776.portmap.io

# Reference: https://www.virustotal.com/gui/file/ef0e082c1eefe8964366beead5630765d9d8e989ae7671cc9ef0551db75c5198/detection

193.161.193.99:41102

# Reference: https://www.virustotal.com/gui/file/82e73cb494a04a9d6e650149dfb2d5d21acf02ccce57bd2b24f968a4b71988ed/detection

160.177.210.162:5552
41.142.190.236:5552
41.143.142.227:5552

# Reference: https://www.virustotal.com/gui/file/ecf2a706e3aae74d76a4f73e050db6ce5011b1dfd60bdf5e3a9a7b77b3b2aaed/detection
# Reference: https://www.virustotal.com/gui/file/281cf2c4904de81661138240b7ea7a0880402db4083eab697d22d0d5e42cf942/detection

162.200.139.146:1704

# Reference: https://www.virustotal.com/gui/file/b9c1be88add17379ff4ba452a13aa52712680103f0b9e15901b7e80deaeb4716/detection

galrov.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/2cfb5b5d106c732b344e440ff88901100055894c8f1a952ce75afa257c7857b5/detection

18.188.14.65:17825
3.19.3.150:17825

# Reference: https://www.virustotal.com/gui/file/6f86faf12c9b933bb4c13ba4661b9b0f2f2f72eb1a188b6be94f3ac66d2f8ecf/detection

windataservice.club

# Reference: https://www.virustotal.com/gui/file/7a28dcfb7b1b0cfe9178ff1f360f6ca474165f2cb5925c5b5b90697d6a4f491f/detection

104.244.75.220:1101
185.101.94.172:1101

# Reference: https://www.virustotal.com/gui/file/6ae4f8fed85928e981dd91aa512b638ac5c61fe8402382b4cb1c12aaf2bf19bf/detection

79.134.225.112:7799
3five.duckdns.org

# Reference: https://www.virustotal.com/gui/file/be41a7e13a1df3d6ec6009d441a29e262975bbe8d7ea9c819eee79e7dad769ac/detection

193.56.28.161:1608

# Reference: https://www.virustotal.com/gui/file/fce1edbce9398f13a72369d7e00f472c39732ccd25d2c83b04ad32c55b2e0bad/detection

repmodz11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f219c99bae7d406ee40d9528179a93a2eed7c2c942ccda12916177159de6ce92/detection

193.56.28.161:4782

# Reference: https://www.virustotal.com/gui/file/adab3e5e3a61dd1440d0aa3e471a18055cb8e650cb045698e178ef8470f320d5/detection

reversengineerin.duckdns.org

# Reference: https://www.virustotal.com/gui/file/540b5c539846ab341645216dca0f63c78d35cd238b1267058ea7a08bb403f6b1/detection

91.233.116.105:4782
testtest22.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1217031480226041856

magicshavingpowder.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d52a899580dd8a6504a0aab527618a276dec3a615485afb1b8e59b5c7ae6aef6/detection

185.140.53.131:9003
79.134.225.96:1972
tracyll.ddns.net

# Reference: https://www.virustotal.com/gui/file/0400cef226621ad00d51b8880025664e3a916c0c3c3207f3525b8423af52a5f6/detection

197.211.58.227:9003

# Reference: https://app.any.run/tasks/26a07c7f-e8b1-4972-8b76-d29be2feb278/

157.230.125.208:8008

# Reference: https://app.any.run/tasks/909ed8a8-970b-46ec-9699-a389c8fdef88/

157.230.125.208:2002

# Reference: https://app.any.run/tasks/2b12feaa-cbc8-478f-8443-44d88558766e/

194.88.106.61:9798

# Reference: https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html (# Win.Packed.Passwordstealera-7544289-0)

apina123.duckdns.org
backtofuture.zapto.org
chrome.giize.com
danek56.ddns.net
dhayan.ddns.net
dike.duckdns.org
gingles.ddns.net
holaholahola.hopto.org
mlks.ddns.net
nerdicon.ddns.net
niroshimax.zapto.org
nirovitch.zapto.org
nume123.hopto.org
pilnaspuodas.ddns.net
sanchosec.ddns.net
scammer.chickenkiller.com
swez111.ddns.net
update1337.duckdns.org
windows13467.ddns.net

# Reference: https://www.virustotal.com/gui/file/e0c2007dd615b777b51667e051b5e625d5e4e706565d1ffe396e432400809749/detection

83.170.70.102:36728

# Reference: https://www.virustotal.com/gui/file/ce9d32d1a31a172bf44c84c465b9f6cf47cbe5085be7bc942aa1e57f78f48d0c/detection

5.2.64.188:36728

# Reference: https://www.virustotal.com/gui/file/4858fcd2879bc6f88623a42e9b27330e80effd746eaaf8432dbf80b4749dca72/detection

80.107.25.98:1608

# Reference: https://www.virustotal.com/gui/file/d32ce01eb6472fbff22a31be6ee6137cf5da45208a828a5b54e6d8b6338d1934/detection

80.107.22.74:1608
80.107.25.98:1608

# Reference: https://www.virustotal.com/gui/file/ef656532743be59237b9bb8ec1b222621c0fd01d25deabdf01a0bd93f17321ce/detection

80.107.17.18:1608

# Reference: https://www.virustotal.com/gui/file/1075b35bba735e0fe5f7c7d5c5995e6681d18f3952ca77dd99f5c3e2d6f57a9e/detection

45.63.29.78:1879

# Reference: https://www.virustotal.com/gui/file/2e429e3b4d385902980aa13fd5acb9d717d2fb2724192a3a6529e619fec2119d/detection

45.63.29.78:1589

# Reference: https://www.virustotal.com/gui/file/71e5d3cfbd16d268791fb02e30393faea48adb43566be455ca7c4796fcf9b270/detection

103.136.43.131:1589

# Reference: https://app.any.run/tasks/93ebca66-fcb7-4610-bf01-25959423c1bf/

176.226.160.199:6522

# Reference: https://app.any.run/tasks/db854e6d-e88a-42c3-b3e2-afcf199852fc/

45.67.231.213:2012

# Reference: https://twitter.com/PhishingAi/status/1117780609688952832
# Reference: https://www.virustotal.com/gui/file/c8273b246205d369ce1c04f0a8f6c5df448bc752cd8159f8ec5f32828d0675ab/behavior/
# Reference: https://www.virustotal.com/gui/ip-address/185.247.228.228/relations

185.247.228.228:45201
pv8stresser.xyz

# Reference: https://app.any.run/tasks/6481821d-12a3-49f4-8f8b-e318b3ec363f/

178.62.47.13:4567

# Reference: https://app.any.run/tasks/8baef533-d6d9-41f8-8686-b4020072b5a6/

178.62.78.66:1222

# Reference: https://app.any.run/tasks/23b322c4-ede2-4fc1-b9cd-744cca6a1a8d/

193.161.193.99:62470

# Reference: https://app.any.run/tasks/c30976d1-5351-49b2-8dc7-bbf271e038b0/

193.161.193.99:57073

# Reference: https://app.any.run/tasks/35022f3b-864d-4160-a752-c366373fba73/

185.17.26.75:3363
69.61.84.233:3364

# Reference: https://app.any.run/tasks/fc23f074-83b3-4ea6-863a-5585a2b5d9ec/

157.230.125.208:4782

# Reference: https://app.any.run/tasks/498ee56f-da90-4443-a828-f8a0e8fb7fc6/

134.209.192.40:6732

# Reference: https://app.any.run/tasks/f73633e5-867d-430b-9c4e-43faab9cc2dd/

196.75.176.4:1188
amerkad199.ddns.net

# Reference: https://app.any.run/tasks/d4fe7165-3760-4566-a4ca-596036d34626/

82.202.167.203:4444

# Reference: https://app.any.run/tasks/41b6d9fb-7ae4-4cff-9117-261d969672f8/

194.5.97.31:5490

# Reference: https://app.any.run/tasks/c40f4844-fa9d-4cc1-9919-c62c669741eb/

35.188.120.120:3741

# Reference: https://app.any.run/tasks/69f634a0-5fea-4e4d-8949-f75c613a3628/

45.153.228.70:2012

# Reference: https://app.any.run/tasks/14c90c72-2003-4780-bc3e-dc0a375ae2ef/

194.9.70.179:1616
216.38.7.246:1616

# Reference: https://www.virustotal.com/gui/domain/r3m0te.65cdn.com/relations
# Reference: https://app.any.run/tasks/0d25dc42-8f63-4fb7-84bf-532eb1b93475/
# Reference: https://www.virustotal.com/gui/file/550389172e36dbd5efab3a49bc68d0130fc565110d25a2b1ae87227bfe0d8db6/detection

207.246.103.61:53
45.32.230.221:53
80.240.22.198:53
r3m0te.65cdn.com

# Reference: https://app.any.run/tasks/82087fda-173c-4c7a-9df1-1bcf1610ff1a/

nlggnjggmlggniggidggngggmjgg.iknlbkgp.traveroyce.com

# Reference: https://app.any.run/tasks/6be6fbb6-09c9-4996-9f28-50b13e2d475c/

91.218.65.24:4782

# Reference: https://app.any.run/tasks/7abafd85-87b4-42b0-9eb4-4ab625303308/

141.136.172.55:4782

# Reference: https://app.any.run/tasks/2ae1c72c-a989-4b0a-a7e2-51cdc8ad7991/

185.217.1.170:56098

# Reference: https://app.any.run/tasks/68bd09b4-809e-4e0e-a0af-79bec46b23f1/

199.66.93.168:4782
al3nzi1.ddns.net

# Reference: https://app.any.run/tasks/cd354138-433e-42b5-b868-036b73500898/

141.255.150.253:4782

# Reference: https://www.virustotal.com/gui/file/1c6c46bfc7c297cab5f790298ef7f92b5dfe1d4e2c3d441521379fd71f03ca7f/detection

210.16.120.250:1616
78.156.87.166:1616

# Reference: https://www.virustotal.com/gui/file/07cbca8fcb06a73a9a9d5855d69b0dc2953ece735f9dd43385695fa15f26cae7/detection

143.225.142.37:5147
79.2.172.253:5147

# Reference: https://app.any.run/tasks/e214a846-50f8-4cac-beff-434bd1bc3cf1/

141.98.212.23:28194

# Reference: https://app.any.run/tasks/75fcf8c1-b3af-4f18-bf62-ded0d217ae0f/

178.238.8.229:1608

# Reference: https://twitter.com/casual_malware/status/1242607122187198466
# Reference: https://app.any.run/tasks/ae6b0ed9-f16f-440a-ba69-e277ebd68b04/
# Reference: https://app.any.run/tasks/4571e5c5-70ce-4157-b7a1-edccdebec208/

192.169.69.25:4782
ikorodu.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1242880176469524480
# Reference: https://twitter.com/James_inthe_box/status/1242892393424142336

193.161.193.99:23030
DarkHate-23030.portmap.io

# Reference: https://app.any.run/tasks/829ab7e1-52d5-4672-91cb-08214558cbf6/

185.165.153.8:13291
cloudpassreset.ga
goodattack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9f9140490ea952c92ebe705bcb64437ed3bc91ddcc7d600869b8bc992dabefc4/detection

185.165.153.227:13291

# Reference: https://www.virustotal.com/gui/file/953861b541ece75e7fc471743cd2e87a843f94238857d5c189dcb434fb455bb3/detection

91.218.65.24:4782

# Reference: https://www.virustotal.com/gui/file/d295784b5991ef0b57bad469889a98881540ae22d105b7324e23e82298c3c498/detection

220.126.22.233:5553

# Reference: https://app.any.run/tasks/048dbdda-7252-4c72-9a48-771faf3ffa47/

157.230.125.208:3333

# Reference: https://www.virustotal.com/gui/file/8feb0cce61bfa25331fe2f2f861b7e5a03332605635770a5924e2b71ab156416/detection

dnessss2.o-r.kr

# Reference: https://www.virustotal.com/gui/file/ad5d7d539088c0b57c8871d097bf8853da8039ffd65d6acdeda7cb7f28685232/detection

192.253.246.140:3360

# Reference: https://www.virustotal.com/gui/file/5605cf4460e58cc1c1f41baaf78400ff034efbad4e19367a2b53021ef824e7bc/detection

95.213.195.71:5052

# Reference: https://twitter.com/pmelson/status/1249375191114764290
# Reference: https://twitter.com/ScumBots/status/1249380937391013889

64.69.43.237:12259
free.idcfengye.com

# Reference: https://twitter.com/ScumBots/status/1249379530126565377

171.48.121.83:4782
dliker.myq-see.com

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/cdcf02ebd69dbb38874a456358732b66d8bd75897f6d7f49923360006ca3b0be/detection
# Reference: https://www.virustotal.com/gui/file/c2f70806a9fddb3ff61f045c92c48a19a0f889b839f68a2acd0e71e6c091499c/detection

23.105.131.162:4281
leetlauncher64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e9c623f9afbf6529763899c99d7a93911c645d803e9756a01295a4a6577c27df/detection

79.134.225.33:7974

# Reference: https://www.virustotal.com/gui/file/7c3a759d9812dae0e9c2851b2ccc5418a8c3b929854efcbfc142d3b70384605c/detection

192.169.69.25:41102

# Reference: https://www.virustotal.com/gui/file/a8133852a9c83ea7e383d84ef30c991d87fcda65e2dadf39b2f6e5791d5aa4ae/detection

25.68.8.40:1604

# Reference: https://www.virustotal.com/gui/file/df2198d1b9defab192c1d34157c9add7a0f732330b16d85dfbc70519113c0e0e/detection

80.189.158.57:25565

# Reference: https://www.virustotal.com/gui/file/cf729c46717f95052092cc40b03b455f6c4f7b31f0720d5b79f80dc963a10b35/detection

98.30.237.66:8080
visualstudionet.ddns.net

# Reference: https://www.virustotal.com/gui/file/631c1218c9f7b208afd95a341f92e6436f4e894bc4cd34f4f07ee68682db9e49/detection

159.89.214.31:25687

# Reference: https://twitter.com/ScumBots/status/1249398486702882823
# Reference: https://www.virustotal.com/gui/file/d24a38c9c8ba49b16d835617bf0f382d692547eb77961d99e2147e0570785f43/detection

192.169.69.25:3389
scario.duckdns.org

# Reference: https://www.virustotal.com/gui/file/87522a1f67d1b1ea11ff1d414e6e41a4bbd9df394b7502ddd9685671f47e2831/detection

82.205.35.252:7974
hip.webhop.net

# Reference: https://twitter.com/ScumBots/status/1249398095214981132

109.234.37.166:4782

# Reference: https://twitter.com/ScumBots/status/1249398020900294658
# Reference: https://www.virustotal.com/gui/file/156e94878f5dc982ce0b3ffe381146edff4d5978cc324325e34ae6fec961c5c7/detection

141.255.155.141:4782
deputa.hopto.org

# Reference: https://www.virustotal.com/gui/file/39cbc35bb2110405e66a3818df4dcdecc19482f724ef7e38b075183e573d6dbf/detection

88.114.20.111:5552
apina22.ddns.net

# Reference: https://www.virustotal.com/gui/file/14d93dc9869abecb9db83fa0ee2e6062def5c413ea1270b504ac9df27860bb64/detection

onedollarr.ddns.net

# Reference: https://www.virustotal.com/gui/file/f76006828a7e23845ae8488e6a5397607c54eb6de1465e9b16f8dffc2212e401/detection

intelserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/de6f87a6111a389d05b3fac7d3c266296416e323f13f1695dd6f5f2b7835779e/detection

84.117.133.163:1177
mog.servegame.com

# Reference: https://twitter.com/ScumBots/status/1249396818535907330

149.28.201.253:4782

# Reference: https://www.virustotal.com/gui/file/f0eb82f2828d2819d3003b7efdef6139af4387fad9a20c5f8b2ca21ea28937eb/detection

193.161.193.99:43045
hibro-43045.portmap.io

# Reference: https://www.virustotal.com/gui/file/379b77231e552f1c56637d6b373aee287be8127bc8b55484e8ddd344c7029ae4/detection

94.79.235.91:477
localcv.hopto.org

# Reference: https://www.virustotal.com/gui/file/6d1540821c19e4074e619511ec783c898ef759873bada62e4234cd05042baad1/detection

178.124.140.147:54984

# Reference: https://twitter.com/ScumBots/status/1249396132293345281

65.184.25.147:5552

# Reference: https://twitter.com/ScumBots/status/1249376293717708805

178.63.148.235:2988

# Reference: https://twitter.com/ScumBots/status/1249395982208569350

193.161.193.99:42900
bykertix-42900.portmap.io

# Reference: https://www.virustotal.com/gui/file/095b484575676d4b31e84d6165d6d1e9e52840958800c7ea8c56dc823e331b12/detection

171.96.98.86:5000
hellofuizz.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249395757758795779

77.46.232.248:2323

# Reference: https://www.virustotal.com/gui/file/e3fe2223aad351226dcdc7ed6eba64a698e42cd70520f3acab75300794715feb/detection

archimed07.ddns.net

# Reference: https://www.virustotal.com/gui/file/c54e060c2466ff870ba2d728c2e32dbd2126c70b27c6ae6580ebee2aab3d6360/detection

84.51.52.166:4782

# Reference: https://twitter.com/ScumBots/status/1249395372453224450

77.83.174.51:4782

# Reference: https://twitter.com/ScumBots/status/1249395297601626114

207.154.213.157:5425

# Reference: https://twitter.com/ScumBots/status/1249394685380001795

207.154.213.157:9595

# Reference: https://twitter.com/ScumBots/status/1249394610423595008

185.231.69.80:4782

# Reference: https://twitter.com/ScumBots/status/1249394458568916998

177.40.135.97:4782

# Reference: https://twitter.com/ScumBots/status/1249394294609383429

54.90.225.37:4545

# Reference: https://www.virustotal.com/gui/file/3c7744b3236b34b32adf0b3a3d5b7874533878c34d200d2c07fe0e0e37cb16f6/detection

176.133.189.113:2411
nasjshome.myqnapcloud.com

# Reference: https://www.virustotal.com/gui/file/728a78f654264825676f43579a8f00ad48433d0a2e7a9c11f61966eb755fac7a/detection

46.246.27.131:5050
gusanitogusanito.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9b339df38ba31476a4c85344cf03837578485a54035445bd692d791867b9facc/detection

193.161.193.99:62544
edal-62544.portmap.io

# Reference: https://www.virustotal.com/gui/file/57372f78f979ab331a3ce1ebd9154c6eb4674db4de60c5c6b521934d7b9463ac/detection

78.224.10.150:1630

# Reference: https://www.virustotal.com/gui/file/e7053e90884cde9416d3993d4e1b5f72d6e9d39f14be489447a17eee23ef6b96/detection

crulol.ddns.net

# Reference: https://www.virustotal.com/gui/file/630b83f1ea85ac9bfb828ecbbf1cb7841ac1cccf962a92b555164d862ff55440/detection

impawn.ddns.net

# Reference: https://www.virustotal.com/gui/file/d77afe27777032a8ecc348894dbd9e25b7586a6995484b39739ae196f963bfaf/detection

78.83.123.253:4782
kosinker.casacam.net

# Reference: https://twitter.com/ScumBots/status/1249393006169460737

2.82.185.236:4782

# Reference: https://www.virustotal.com/gui/file/6837ebeda99e2bf8df13092d6d7a3a82b491cd79f8ba88d4be22cc05bae80d64/detection

93.202.202.155:99
aldsajdodsdasd12.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1249392543101583361

58.236.228.50:25252

# Reference: https://www.virustotal.com/gui/file/090f9aa6fe88fd3cf6750ef8f09a8713520c13a9c2b207c907fa6022428ab1a0/detection

sumer.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249392315141160961

151.16.225.247:4782

# Reference: https://twitter.com/ScumBots/status/1249392240499228672

207.154.213.157:4465

# Reference: https://www.virustotal.com/gui/file/04d8bdc0c8d10cac881526b8c8f43f791544a9e84d9535bcd1386c4f424b5b7b/detection

192.169.69.25:3360
fx123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/935ab05c65e0de5114d5b4d997fbb907f3699a859dcb3cde07afee8595f366db/detection

3.17.117.250:10923

# Reference: https://www.virustotal.com/gui/file/35826857f7763122fb380c1392f2d0fb820ec28c1f16e858b3846b9f681525af/detection

193.161.193.99:34655
gameranil88-34655.portmap.io

# Reference: https://twitter.com/ScumBots/status/1249391506902974465

207.154.213.157:7766

# Reference: https://twitter.com/ScumBots/status/1249391270809788418

185.17.26.75:3782

# Reference: https://www.virustotal.com/gui/file/c7482af7971b3fef8b458eb284f0f3de177ae3fbe6fc7b7fb4e91f8f84d0152d/detection

ninjakiller1.ddns.net

# Reference: https://www.virustotal.com/gui/file/8826d9cdb01c714426e9f93b9c22fff72a5ea547d8f2df6469556c07ae659d42/detection

charlesrat.ddns.net

# Reference: https://www.virustotal.com/gui/file/a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5/detection

92.63.110.250:9999

# Reference: https://www.virustotal.com/gui/file/bf64c22f0698dc97db127d88456d4d155f2dc96b6e8327a4753bf8747adfae1b/detection

89.245.196.17:5052
zero1.ddns.net

# Reference: https://www.virustotal.com/gui/file/abcc40b928a54fa98a175106dce553d3a19d5fcc5adcf0e163a6d6da2d8bba4a/detection

188.25.202.178:4445
revellboosting.serveblog.net

# Reference: https://www.virustotal.com/gui/file/3acd4e7cf3c0f690581ede29a8fc05a17c6ce65280008f203da54631df06f730/detection

199.16.158.190:1337

# Reference: https://twitter.com/ScumBots/status/1249390024677896206

211.215.89.102:6522
dhhdtestserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/f18d7b47f79f5d93513670417c438ec4b75a7faf0b6c634f6453004b93db901b/detection

192.169.69.25:4061
chromeconnection.duckdns.org

# Reference: https://www.virustotal.com/gui/file/94e10458cf1a57ead9ae551e05094e3ce540a7441701cab391008685d3e00222/detection

193.161.193.99:43045
hibro-43045.portmap.io

# Reference: https://www.virustotal.com/gui/file/0a78b1618c225808ef645280b48fda51923b811fdc38cf210c34672fb80ba6df/detection

luko.dynu.com

# Reference: https://www.virustotal.com/gui/file/d547eaf8f5fb791372d2793d5833f31d9c33f08e0ff3d7d4c892748d8d0ca489/detection

193.161.193.99:42443
noyon007-42443.portmap.host

# Reference: https://www.virustotal.com/gui/file/425eecf3bdd7c9fc731f263283260bacbc1c505c9104f68ae291b4cf78ec5af7/detection

193.161.193.99:43597
deneme12-47909.portmap.host

# Reference: https://www.virustotal.com/gui/file/0af78e5236f8e26e209545f5b7341b73e8374e26accec827919d9cf3d545a785/detection

193.161.193.99:41102

# Reference: https://twitter.com/ScumBots/status/1249388944455761922

159.203.16.166:8383

# Reference: https://twitter.com/ScumBots/status/1249388831238995969

193.161.193.99:26063

# Reference: https://www.virustotal.com/gui/file/1c4787902baff1a8e51b1a9b80eefe7e7928b237edff80d3387454bcac643dfd/detection

78.13.63.66:1604
trolled.ddns.net

# Reference: https://www.virustotal.com/gui/file/e60fed1dfce5f593fae643d02900ee65168aeaeaaedd626a064b71d1da842887/detection

192.169.69.25:1604

# Reference: https://twitter.com/ScumBots/status/1249388601865101312

185.12.45.79:53841

# Reference: https://twitter.com/ScumBots/status/1249388451620950023

217.120.237.39:4567

# Reference: https://www.virustotal.com/gui/file/59a3b394925765cc2773f1b1ef1dd5d8020715366f2978ad3a2cd064bdc11211/detection

193.161.193.99:62870
micalter-62870.portmap.host

# Reference: https://www.virustotal.com/gui/file/87b17a191a1098f5ff1aa7f5dac344cf00ddacafe4589018e692d9a0d540ac70/detection

213.249.194.103:4782
ytp.nsupdate.info

# Reference: https://twitter.com/ScumBots/status/1249388226118324227

88.243.116.39:30

# Reference: https://twitter.com/ScumBots/status/1249388075752587265

159.89.11.68:7900

# Reference: https://www.virustotal.com/gui/file/47686cbf6524d558337f479bf7ce69eeaeedc1178c30dc03a282418ba6f95690/detection

174.58.56.234:1177
aesthetic.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249387757216161792
# Reference: https://www.virustotal.com/gui/file/55742eb250243df64778bf60e910012d8cb5891049613726776a218cb2cfad0a/detection

197.200.44.30:6666
microsoftss.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1249387682607894529

182.191.90.92:4782

# Reference: https://www.virustotal.com/gui/file/09277fda08860febda2652dc57b28a7b34618d7fccf12b02433403a6d490fb62/detection

41.102.37.199:2001
ra2luxe16.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1249385384921960451

89.65.90.37:4782

# Reference: https://www.virustotal.com/gui/file/1d494495056a9adb45449af2c3e724242e339d82acf55496288d04da3fc7e76b/detection

havochacks.duckdns.org

# Reference: https://www.virustotal.com/gui/file/56acdc05a2fbdc0415e9d30af716323dc54cd955a2893515318108780a608c12/detection

israelrules.ddns.net

# Reference: https://www.virustotal.com/gui/file/4496d69d4b0ebe706d4829324165b6aebc501a9903496018bcfeb36120759f5a/detection

193.161.193.99:55061
zyrus-55061.portmap.io

# Reference: https://www.virustotal.com/gui/file/1559baccaadca011a4ad0207c966079e8fa632f6a00499b5d752b30986492215/detection

191.47.71.116:6522
mumojuw.ddns.net

# Reference: https://www.virustotal.com/gui/file/20c0b5be94cb8392f6b02403fadeeea73d83358d1ed66bda69c62e2d7f640df0/detection

79.134.225.122:10150
raje01.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249384071974785026

156.198.85.159:5555

# Reference: https://www.virustotal.com/gui/file/9bbb7384378ccedd3cd9780a95e170d0080a0b30d9bd218b0afead760adfd909/detection

jonathan.d.leet.pw

# Reference: https://twitter.com/ScumBots/status/1249383614686642176

95.154.199.21:60372

# Reference: https://twitter.com/ScumBots/status/1249383535435231233

185.130.104.186:1010

# Reference: https://twitter.com/ScumBots/status/1249383307965579269

79.137.121.218:4444

# Reference: https://www.virustotal.com/gui/file/2b766f8b807b2b39b6f347983ebe042f14eae2c8ddb3dfd3a2c9a3c096048d95/detection

messervices.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1249382046402777090

207.154.213.157:10123

# Reference: https://www.virustotal.com/gui/file/71a5f2d9aa531adae8bbc3ac60ca3444d8b610865c45040a921ec054f431432c/detection

24.131.141.50:54984

# Reference: https://www.virustotal.com/gui/file/00fd890f5850727bd58f0c5ce8522c7b4bbead9310d54511befe9e185c569012/detection

188.134.75.116:4782

# Reference: https://twitter.com/ScumBots/status/1249381578050023426

185.161.209.66:4782

# Reference: https://www.virustotal.com/gui/file/24891cd836c6e0a7154a4e1b11daf173b6c7c1214587b7fee5a41e586d86c657/detection

193.161.193.99:56636
hardpr0x0r-56636.portmap.host

# Reference: https://twitter.com/ScumBots/status/1249381334197379074
# Reference: https://www.virustotal.com/gui/file/885953234e2e1a4643aff0dd7fdab0024beab9751bbcbd7d5707fea103893f2c/detection

wales10.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249381012884402176

78.129.32.187:4782

# Reference: https://twitter.com/ScumBots/status/1249380787683803137

173.212.216.217:6666

# Reference: https://twitter.com/ScumBots/status/1249380711573925888

209.250.236.170:4782

# Reference: https://www.virustotal.com/gui/file/745d65c0a358cdd6083928055b2d675006534184931f0b8118d83736334fb089/detection

193.161.193.99:35617
xXKamilloXx-37712.portmap.host

# Reference: https://www.virustotal.com/gui/file/e9917a58f2227cf0a184e35fee72c9890a3e0f24d813623c5c32d9f02e1a46d1/detection

79.134.225.96:1313
nybenlord.dynu.net

# Reference: https://www.virustotal.com/gui/file/284ffcf3e1cbe3a03e2406ca3fa07b7376aca0a136961ed642beb24213352942/detection

corpse666.ddns.net

# Reference: https://twitter.com/ScumBots/status/1249376523553046533

176.123.10.227:4782

# Reference: https://twitter.com/ScumBots/status/1249376447581622275

88.136.26.45:6598

# Reference: https://twitter.com/ScumBots/status/1249376142072713218

159.65.32.133:9898

# Reference: https://www.virustotal.com/gui/file/ffe6eaa089817fd83aa4d7c61ff27cd77a11882ea21cd1ca743a851595c4f3c7/detection

192.169.69.25:2458
212.47.247.76:2458
viralcfdnshost.duckdns.org

# Reference: https://app.any.run/tasks/171ebc29-01cd-42b3-8878-70a1bb78bf18/

194.127.178.200:4782
domainshit.cf

# Reference: https://app.any.run/tasks/e8a9b353-b67c-4257-b90e-cffb24a3e515/

76.16.201.143:29457
rxtpredz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257440289884643331

91.109.188.2:3030
crsiedem7.ddns.net

# Reference: https://www.virustotal.com/gui/file/0f44b13d72a71e094884853649d5dfbe64b2d92b44c3b8d5fa63583bdae9a034/detection

141.255.158.137:3030

# Reference: https://www.virustotal.com/gui/file/33149db8184ed445510259b12f84a57654d7876a4ef1102475f1e867bec95418/detection

188.146.134.101:3030

# Reference: https://www.virustotal.com/gui/file/c3febfb1b5d672cfb0b5a8e307ce3c39d4fabb4277cef0f6ead498dfd105f2d8/detection

141.255.144.233:3030

# Reference: https://twitter.com/ScumBots/status/1257439302444814338

193.161.193.99:48059
JanFinas-48059.portmap.io

# Reference: https://app.any.run/tasks/ecccff06-360c-4eb6-b91a-542c69a8598f/

109.228.225.8:1604
eceda.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257981518556860416

222.238.154.10:4782
qua.kro.kr

# Reference: https://www.virustotal.com/gui/file/e3703b0fe905cdbde58b03ff78c482ea766df2a30d30b7b4dc3a18187ecfdfc3/detection

185.140.53.106:4782

# Reference: https://www.virustotal.com/gui/domain/tartarus124578.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/8c64f15363ae3a35a492c35e310d12842e61fbee6a0efb82e7b89a739aa78b7e/detection

2.87.45.151:1601
79.130.204.204:1601
79.130.251.240:1601
79.130.255.148:1601
79.131.50.186:1601
94.71.151.99:1601
tartarus124578.ddns.net

# Reference: https://www.virustotal.com/gui/file/d400059cf7e07897e19dc5ee052c0f7bdc6b85dda05cf4ed37a6f96456b69b71/detection

185.140.53.43:4782

# Reference: https://www.virustotal.com/gui/file/bc3a0af7b5ca896fd305204459f6647a5d22169cb9776969a6b7e972b59738c6/detection

kenya1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ab0c370e055d72438a8ba9d1e4bd7b16d50e5f6b7cc39bc0fa90e28ecd3a1b29/detection

212.125.26.57:1601
cenk3431.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1261874049870897161

74.91.115.145:4782

# Reference: https://twitter.com/JayTHL/status/1262217942655291393

94.104.170.10:1605
czhost.ddns.net

# Reference: https://twitter.com/ScumBots/status/1263236145015664653

46.196.45.35:1604

# Reference: https://www.virustotal.com/gui/file/27fd728bc657ee7c2d0ec4fe4715e890225c6d12690080b854e61cb33b995ddb/detection

185.140.53.247:8280
duarte83.bounceme.net

# Reference: https://twitter.com/ScumBots/status/1268902232281550848

141.255.144.120:4782
werfgjsbzhnw.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b7df1cfc092eb55c3f7135666ed916e283f21b8ddf9f97d8f683638504762bc/detection

148.103.183.5:4444

# Reference: https://www.virustotal.com/gui/file/6732e6b2fee87b2d544613938533273983b71fb13180aed4c0cee06dbfe59410/detection

94.60.172.123:5353

# Reference: https://app.any.run/tasks/06c7cc02-0955-4435-8589-6250b8b5b737/

ayewhatsgoodbrolmao.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1271937224070791169

85.25.210.57:4782
dns0676398717.myftp.org

# Reference: https://app.any.run/tasks/a5badbb9-ac6a-468b-9048-29144a6042c7/

128.90.105.57:3468
128.90.105.57:9093
cepeda.linkpc.net
migracion.linkpc.net

# Reference: https://www.virustotal.com/gui/file/8f262a933be275930b09e0f01eacd7931ac20be063a9d4306439be095f9ce588/detection

39.41.16.61:1997

# Reference: https://www.virustotal.com/gui/file/504e075b3107cd1019b85cd8abb2f23fccc6d66419625357046c78d4383a326e/detection

et10.ddns.net

# Reference: https://www.virustotal.com/gui/file/2df82d12b3e4627ffb2f7c0e6c8371f23c4beabb935f93b2c88389953fc07027/detection

reversetcp.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1275354027845398530
# Reference: https://app.any.run/tasks/7f242d3e-8ea6-423e-9add-a82d5e4980a8/
# Reference: https://app.any.run/tasks/765b8842-7850-4923-abcb-780f402841dd/

payloads-poison.000webhostapp.com

# Reference: https://twitter.com/ScumBots/status/1277093703199477761

34.75.102.183:1604

# Reference: https://app.any.run/tasks/28cd2661-3ddc-4f3d-b6a5-bae37987392d/

86.144.71.246:4782
bungleboo.ddns.net

# Reference: https://app.any.run/tasks/9dfcfbd8-a7c7-49ba-8ed1-7dfb5be53c2b/

141.98.252.168:16248
quasimodo.onthewifi.com

# Reference: https://www.virustotal.com/gui/file/29d48bc1e21fb275d4801c5f326937d71543c2d8cf57220086702c1c74bce0b2/detection

159.89.214.31:4782

# Reference: https://app.any.run/tasks/9ab92853-b7eb-45da-8053-4875963d9797/

37.223.208.94:1604
hatenigger.ddns.net

# Reference: https://twitter.com/ScumBots/status/1284507557588082691

51.161.105.101:4782

# Reference: https://www.virustotal.com/gui/file/893eb1609e54fe685e7bf26400b6ae37776cb4749748a60172aa3cb4e8e7156e/detection

145.249.55.249:1177

# Reference: https://twitter.com/James_inthe_box/status/1285294414475087872
# Reference: https://app.any.run/tasks/42fe73c9-d488-4893-a201-f40337b56456/

129.205.124.8:444
bak505.duckdns.org

# Reference: https://app.any.run/tasks/2ed9777d-8227-4bb7-a142-face7c1c4421
# Reference: https://app.any.run/tasks/e4f346c5-87ba-47e7-ab93-fabc01252c70
# Reference: https://app.any.run/tasks/26e4b9c2-7e1a-4f28-89be-445ce6315d37
# Reference: https://www.virustotal.com/gui/ip-address/185.153.222.198/relations

185.153.222.198:2404
185.153.222.198:3189
185.153.222.198:5147
185.153.222.198:5552
185.153.222.198:5579
185.153.222.198:5677
185.153.222.198:5912
185.153.222.198:6666
185.153.222.198:7371
185.153.222.198:20000
academy.3utilities.com

# Reference: https://www.virustotal.com/gui/file/a20c73149b150bbb7bb8069abcbe2c6366ddf712a9d3e5907daa2b44c783d371/detection

193.161.193.99:54017
sanu99-54017.portmap.host

# Reference: https://www.virustotal.com/gui/file/20f049ed4778e06ebcb53b8335a7441666c1b5b12c8106cb183fcffc3e1b0f1c/detection

185.174.102.105:5991

# Reference: https://www.virustotal.com/gui/file/f0c1b7c0322a3d940b5b3388c391dcfd6ca736a975248650a4d8ead0e3569506/detection

84.127.74.183:4782
quasar123.ddns.net

# Reference: https://www.virustotal.com/gui/file/900012c0fcd4c9adae1001b7f32965f2d39629f807bb7bc2c57ce88d043e246f/detection

retard.myddns.me

# Reference: https://www.virustotal.com/gui/file/e46f9d5725828b9ba18e8e5934836b82dc1cdcf67100290c47d673674bcc43f1/detection

141.136.135.118:1337

# Reference: https://twitter.com/_re_fox/status/1293368339423780866
# Reference: https://app.any.run/tasks/63b38da6-63d6-44d2-824a-53d07352b020/

216.38.2.214:1148
sept2019.serveftp.com

# Reference: https://twitter.com/iamwinstonm/status/1294761707445854209 (# VenomRAT, Velos)
# Reference: https://blog.malwarelab.pl/posts/venom/
# Reference: https://github.com/MalwareLab-pl/ioc/blob/master/venom/c2s.txt

http://91.134.207.16
payloads-poison.000webhostapp.com
1.197.16.130:9999
103.121.78.249:4782
109.104.215.139:4782
115.78.135.163:6666
116.203.207.137:4782
123.123.123.123:4782
13.66.218.91:60554
136.244.79.165:4782
139.99.167.153:4782
177.45.83.138:34012
185.16.160.204:4782
186.123.32.82:81
186.137.129.110:7770
188.165.165.18:4782
193.161.193.99:1194
193.161.193.99:36267
193.178.169.191:4782
217.114.218.29:4782
3.20.98.123:13935
3.20.98.123:14700
3.20.98.123:18375
35.196.132.85:4782
35.237.4.214:4782
45.77.243.161:7182
5.181.151.210:4782
51.38.29.129:2222
51.38.29.129:4444
51.68.250.107:6361
51.81.105.226:4782
77.140.68.143:1505
80.85.157.34:4782
81.109.117.136:4096
81.109.117.136:6606
82.37.243.209:6606
85.214.90.252:81
90.131.33.170:4782
93.25.186.160:26656
95.181.157.143:3380
95.181.157.143:4448
95.181.157.143:4449
BOSSIX-41718.portmap.host
blackjackk.ddns.net
casadomoticaelle.duckdns.org
chadseybert-52742.portmap.io
dontreachme3.ddns.net
dontreachme4.ddns.net
eceda.duckdns.org
filepony.ddns.net
fivemmods222.ddns.net
leagueoflegends001.publicvm.com
loler123.ddns.net
metin2white.sytes.net
microsoftsecurity.systes.net
nigger69.ddns.net
rays.kro.kr
slicetortoise.ddns.net
steamguard.ddns.net
support-apple.publicvm.com
testt1234.ddns.net
tiago123.ddns.net
van0m.ddns.net
vegaspoofer.ddns.net
venomghost.hopto.org
viperfuck.ddns.net
zbeubzbeub.ddns.net

# Reference: https://www.virustotal.com/gui/file/78b4e6a4b4fa0483b0cfc85e882e3808a8b5d5979ff993ea55a844525d5bf8c6/detection

141.255.144.113:4782
mhmod123.ddns.net

# Reference: https://www.virustotal.com/gui/file/221ec23c0034263020977725da21010e22ef265969d445d2eacf941383a8f38f/detection
# Reference: https://www.virustotal.com/gui/file/3f808ee9391ef2e282b963f23db9442cb04722691fe6f0594c408bb05667df4e/detection
# Reference: https://www.virustotal.com/gui/file/4251d8525baad5ef02878f7eb9b93ce1a1ed1ba9f24faeba9c85a2c490321640/detection
# Reference: https://www.virustotal.com/gui/file/34e34ba6836866ef6f49402f89def0c54fa3252d12c5d88964be4c39ada45860/detection

156.223.185.50:4782
156.223.77.244:4782
156.223.82.185:4782
156.223.94.98:4782
41.233.216.227:4782
lapoire3.hopto.org

# Reference: https://www.virustotal.com/gui/file/ec2e9c8c110756ec3bfcab551b53397221310769db8d7713a88367c43c94ca09/detection

193.161.193.99:38904
scarphed-38904.portmap.host

# Reference: https://www.virustotal.com/gui/file/c6d64d67db1ea314041569ff38363af43157cb40d4ae03a6bfb9c25f82649b50/detection

193.161.193.99:52505
hoptoorger-52505.portmap.host

# Reference: https://www.virustotal.com/gui/file/6a222d7ef754ad21afaffb596fadc1b4f82953c6325e3924d67c68706eeb5289/detection

193.161.193.99:35837
spam-35837.portmap.host

# Reference: https://www.virustotal.com/gui/file/720146e3b059cbafacee69ae0c65dd58cb255383dc7cf16eb71d69cbb05aa393/detection

193.161.193.99:49521
microsoft2020copyrights-49521.portmap.host

# Reference: https://www.virustotal.com/gui/file/3a2c4d045bfb0210a7b0e238a1005a18a6820564d458c1501b723a9f5c5bf90d/detection

193.161.193.99:42038
microsoft2020copyrights-42038.portmap.io

# Reference: https://www.virustotal.com/gui/file/b2c169e3d67e48f2e79e33d7b97ad4da38f8cd9e150bd9f8b408f1a43c946010/detection

193.161.193.99:29492
hwkeyez-29492.portmap.host

# Reference: https://www.virustotal.com/gui/file/7d92373cd202cf3ce22b187976387f566d8969b46d95000f0d4878f6a4bdf2d3/detection

193.161.193.99:42282
apogaming-42282.portmap.host

# Reference: https://www.virustotal.com/gui/file/5d3e2f59f490de57916dc30ca2a33698938717ef6682acf524c272a513db988a/detection

193.161.193.99:27716
pycurrocax-5207-27116.portmap.host

# Reference: https://www.virustotal.com/gui/file/97c3137afaf8fcceded845fd106bbe8d9d8aac1cdef6c0907866be9f7040939e/detection

193.161.193.99:45651
WindowsRCL-45651.portmap.host

# Reference: https://www.virustotal.com/gui/file/6e0526c525c996ca8f3d54bab54a3d575dd9a8416df41dbb8a149c0b4cd52065/detection

85.215.81.202:2303

# Reference: https://www.virustotal.com/gui/file/298bf9f8f1007903eca07d19e00a6754d50791eaf07b34086d97bc8c323f0aed/detection

156.223.102.92:3030
firstcompanyrechner.duckdns.org

# Reference: https://app.any.run/tasks/e3456ecc-2912-454a-a116-01f3cf7bd35e/

177.255.88.109:3876
alfonsoalferez1967.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c2d61b92e92bb73c180b4aba67051650fa728aa19e069b181c0b3f7970c8e443/detection

175.37.36.152:1877
zakelakes.ddns.net

# Reference: https://www.virustotal.com/gui/file/71db5cdfd9e27d2bbb7d43979ce0d9637a1a190549c2c8e978cb1cf5b509087a/detection
# Reference: https://www.virustotal.com/gui/file/1c2b38e7f929c96563e9599eb527f7a27354a34b4d70b4ce8322db8d6b077b90/detection
# Reference: https://www.virustotal.com/gui/file/83200d64a920af3351f315a0c51b854e287917b94579eb4d455c7c1ab945ab0e/detection

194.9.70.179:11061
49.2.123.56:11061
92.53.66.44:11061
niogem117.soon.it

# Reference: https://www.virustotal.com/gui/file/8117dbf1179628d105c6297150e4f18c1ddf952d66e19de9faf93008dffa74db/detection

41.233.248.164:3030

# Reference: https://app.any.run/tasks/e29eeb34-1f1f-4891-94ac-7631364de315/

89.38.99.64:222

# Reference: https://www.virustotal.com/gui/file/baa8fed19ef5ee68817c2ee77807d7e002114eb7402d72023a25f6f9ceae7e11/detection

3.22.15.135:11075

# Reference: https://www.virustotal.com/gui/file/2801e23864a2d65490e0ef7663d0d0e4292242f84d8368f0cdeefa868c375521/detection

18.218.177.181:7112

# Reference: https://app.any.run/tasks/3b577865-731d-4c32-9772-87125c4429d7/

109.236.88.17:5552

# Reference: https://www.virustotal.com/gui/file/0a1a060933d914d898f655fc01130aae36b7d9ee33f98e3c9f01513cad9274ee/detection

185.140.53.135:1111

# Reference: https://app.any.run/tasks/ccdc9825-ae21-4abc-aaaa-e26913013552/

xxxzxxx.ddns.net

# Reference: https://app.any.run/tasks/ca528cfc-8a3c-48bc-a6d2-2e52cfde9e58/

193.161.193.99:29077
z2020-29077.portmap.host

# Reference: https://app.any.run/tasks/553ac7ce-3322-4890-be49-4de1953ff3b1/

193.161.193.99:26273
ZXCVASDF-26273.portmap.host

# Reference: https://www.virustotal.com/gui/file/03ba76ed11ea5c691cba39d4937c3dd18a200911f91b8f741e0f9a5cb27292e1/detection
# Reference: https://www.virustotal.com/gui/file/01ea5b9d22efc873c8e8b1e6f8c7d0f749af0689c19ea9545bd266b66cc11441/detection
# Reference: https://www.virustotal.com/gui/file/937d573d7c4cf550f28ecf87a0cd495bfdd9521e66400bc8d1fe996e27fdc140/detection
# Reference: https://www.virustotal.com/gui/file/1aa0bbffa2da1f6adbe887effd2fe5b85cf6910e48a7ff9233e34d6a2fb103e7/detection
# Reference: https://www.virustotal.com/gui/file/814b70e078c672595023c580716e80ea44cf692d313b6e60d72b5c33e1b9c937/detection

139.162.113.21:10044
windowsup.microsoftupa.com

# Reference: https://www.virustotal.com/gui/file/87ae5ccfeb79d40cc9f4a8fd6a86fb34233a55e8b2de2cbfee3958f2f4dc0a04/detection

104.18.44.248:4782

# Reference: https://www.virustotal.com/gui/file/aacfd54183f4afdf0982230069833b23e78a64d0e7748a4a07afa039d8741290/detection

95.234.164.252:4782
desdemone.ddns.net

# Reference: https://www.virustotal.com/gui/file/bcc61b17a7237aa62e3d4ee4dba06bb53b033ecd4628200ff7c33544b3855b48/detection

51.195.200.153:1177
nazoplay.ddns.net

# Reference: https://twitter.com/wwp96/status/1327896383333019650
# Reference: https://app.any.run/tasks/4f82c810-38b5-4af9-accc-5a8ddf906890/

94.242.224.249:222

# Reference: https://app.any.run/tasks/5d51ce75-0740-4235-b508-47971cf23fa1/

185.244.26.221:4782
devils.shacknet.us

# Reference: https://www.virustotal.com/gui/file/d41310d33dccb0343373261b7c5468f89329095556eede577686b4864446e8d0/detection

194.5.97.88:4770
brightgee1.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/9d913ac92ef644aa22656ee6cb54e4590729477be7d65e5980fe9b2b272d9078/detection

124.62.162.230:9600
korea12.co19.kr

# Reference: https://www.virustotal.com/gui/file/a6cb60fb9e287fd0f8aca77c1cde66dff1e879822f80a797bf635313ab9cae96/detection

ddns170.airdns.org

# Reference: https://otx.alienvault.com/pulse/5fcb77747ed85445c567eef4

mail.hsjinteriordeco.com

# Reference: https://www.virustotal.com/gui/file/9599df844bcb3e0be8cb99e96114b3f36b8ba5e34144ac667ed6af14993c2b67/detection
# Reference: https://www.virustotal.com/gui/file/7786900a5f08e4c090d1a4b3507afe271aff4891af740abf8212be79d9e231b6/detection

5.8.88.191:443
5.8.88.191:8080
sockartek.icu

# Reference: https://app.any.run/tasks/7d2ac8cc-2aaa-4466-9780-921ee5891a63/

45.13.58.25:9999
mynmds.myq-see.com

# Reference: https://www.virustotal.com/gui/file/f0e8b7f7e23ca59f8913b7507c420abe3f81bbfd48a0b78531ff28ecb78a916f/detection

193.161.193.99:34240
zezoro321-34240.portmap.host

# Reference: https://www.virustotal.com/gui/file/03d4ed1373cdce6391f36f37b184013f9da419af50eacbb174a1cfab2bd35fca/detection
# Reference: https://www.virustotal.com/gui/file/4db8e6a74e70cae2842e96711c617f4c8c6654ac9c487dd90a728f4a8d558bfe/detection
# Reference: https://www.virustotal.com/gui/file/3b3a0f30ba6beee60ff78b8762673cd547f3aa32371feb4c6ad082a7ad4711e9/detection

178.124.140.134:1970
185.157.162.81:1970
185.86.106.226:1970
xyz.videomarket.eu

# Reference: https://www.virustotal.com/gui/file/82c614670064affc788ff48a0474c782d9d4f91b6f0ed191a5bbd71f7c5f4d1c/detection

88.24.171.143:4782
hackblood.bounceme.net

# Reference: https://www.virustotal.com/gui/file/80c46f4aff799888e97a25b7c75580d7d5235f8bbc91f3090ba8e840018b81ce/detection
# Reference: https://www.virustotal.com/gui/file/0cc6df9a0a29276120d4552a6a64a110b571e6f223c93678f78c3f6dd054f255/detection

pashalol.ddns.net

# Reference: https://www.virustotal.com/gui/file/c4c8e6d34090b2d68aad28fc0ae0d8630c4a8ee58169b0f30600b9f50713d5e6/detection

193.161.193.99:43971
password0-43971.portmap.host

# Reference: https://www.virustotal.com/gui/file/903f547b462548cc2b4d19d9195b2301ce624e3de48e18941364c17954f76a0e/detection
# Reference: https://www.virustotal.com/gui/file/ab4d2429d0d15b5999ebf2f312b187ff4ef67d6a3500816cb6140b03fed0bcf2/detection

105.154.186.111:4444
105.155.90.11:4444
cd5e527fb8.hopto.org

# Reference: https://www.virustotal.com/gui/file/0813c443788eaaa34194d78a1d9e9cad94f18c54d75f68d6ca1a306f410db934/detection
# Reference: https://www.virustotal.com/gui/file/c86f7c8a5ba61582390b76266b9bd3d5b0b324f9b17736d8fe9731464a240229/detection
# Reference: https://www.virustotal.com/gui/file/75528a32a51ed0f5bbec33eec6fc6bce72f505a3be5de97c54d56e11f3668f11/detection
# Reference: https://www.virustotal.com/gui/file/318c45bb26241801c1ed0819289b9b49d2aef61934344892c39c67dab936e1d8/detection
# Reference: https://www.virustotal.com/gui/file/34e1c4149be373470b23ae9b0ca7613c77afa228dbe9ff38c6bb2f87cf28b3d8/detection
# Reference: https://www.virustotal.com/gui/file/5ec7e5c7793093fe1d1bb7f98cdc388613da7df767cbdf40fae19b93b1965147/detection
# Reference: https://www.virustotal.com/gui/file/bb9a1578f59d63b185023ada6c485e8b5cf9336e4b6bd3cad139d234b4f03c6d/detection

54.39.152.114:21
54.39.152.114:55132
54.39.152.114:55646
54.39.152.114:57182
54.39.152.114:58039
54.39.152.114:58275
54.39.152.114:60671
54.39.152.114:60792

# Reference: https://www.virustotal.com/gui/file/0294e192621b21d5c8f2288496930fe5e947fd66cdff1a119ca2f8bbdd8a537e/detection

193.161.193.99:36284
stremtyyt-36284.portmap.host

# Reference: https://twitter.com/mstoned7/status/1346240500576047104
# Reference: https://asec.ahnlab.com/ko/19439/ (Korean)

103.125.216.106:8080

# Reference: https://app.any.run/tasks/12ddb9d3-9e26-4506-993e-91e1d8a6c865/

185.157.162.81:1972
yz.videomarket.eu

# Reference: https://app.any.run/tasks/9b940d78-781a-41f7-8c83-6bb53a772eff/

193.161.193.99:48089
vusal0219-48089.portmap.host

# Reference: https://app.any.run/tasks/3136a32d-f462-4a63-91ad-ed6fc5128ac7/

167.172.160.108:8008

# Reference: https://www.virustotal.com/gui/file/587fd4af21f5b7843bfb58ba965bd8a7f245aa11eaea82ecd649019b27596e06/detection

trashddns.hopto.org

# Reference: https://www.virustotal.com/gui/file/dab6379a2915bfe18c4734d0ba081673b1275a566cf6b0ef722fe49442cec9c8/detection
# Reference: https://www.virustotal.com/gui/file/1b3a5d67420261d445d7cb30709db5f35b565a572c715e69fb44ee886a9886d8/detection
# Reference: https://www.virustotal.com/gui/file/832ae6fdde4e6c0c5e3dd0cb14c8626310f9f2c4e6ff19b6da9227f03d800d62/detection

212.102.50.120:3088
3.34.248.52:3082
3.34.248.52:3088
winupdates.myftp.biz

# Reference: https://otx.alienvault.com/pulse/600184f66ce603ae4330b79a

dakesse-21018.portmap.host

# Reference: https://www.virustotal.com/gui/file/196a12b406480570e64fd78166249d694b67ecdfebdd94f648d38d3d3c1b6af8/detection

viper.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/a2af5a2dcb355de6beab587bbb594eca70c35ef0eaacb1db2772997fae62da9d/detection

elixr.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/f234480632c908053869cfec4f31a2077dc2bf92df6ccebfbbd1e25c38924996/detection

neji.w0rld.ga

# Reference: https://www.virustotal.com/gui/file/68b1e631965fd0f1c53a69fd2611aaf5776df3f7480c5666628d42af9fa71eee/detection

105.108.195.156:82
kakobik.linkpc.net

# Reference: https://www.virustotal.com/gui/file/0b51b8480d05467c4d535fa4c3e73d0bcec79b573d45a121708863d97c14853c/detection

haha.servehttp.com

# Reference: https://www.virustotal.com/gui/file/707189ddb2b7df88888e5ad95e275bca6d4a75e6b1b6f5957ad37cbd66cc9cb5/detection

stp.servehttp.com

# Reference: https://www.virustotal.com/gui/file/a48d0e87dfd7dfec35ccb85e395a866bd9ca5fee6a64503ca26e166d09d21ccc/detection

204.95.99.109:82
tms.servehttp.com

# Reference: https://app.any.run/tasks/13054168-9eb0-4561-bfa8-cab61ee66cb6/

185.244.43.60:4782
185.244.43.60:5552

# Reference: https://www.virustotal.com/gui/file/a073f05706d7f6668b10e93de3057846addf282d827eb77597eb975ed75022dd/detection

87.66.106.20:7642

# Reference: https://www.virustotal.com/gui/file/1cfc9cc516bee497baa6533fdd061e21179263f80cb1777a2632b140e5ef3eb4/detection

87.66.106.20:4782

# Reference: https://www.virustotal.com/gui/file/f48edae04aded0b2c5bd17ef1b0bd478c2439c60e5d489d50354f1c1a086c4ae/detection
# Reference: https://www.virustotal.com/gui/file/9216307e273a047bfc8576e0cd020f1aa99c7deae432a9c0e4cd6970b9a0d8be/detection
# Reference: https://www.virustotal.com/gui/file/888cd3e0c9046fc3b5e2441b7bada003552c0bd346f9bc284307e786c0705b12/detection
# Reference: https://www.virustotal.com/gui/file/98f9c04c6d4a44e2e04440b4816932a383f4725fced77d4fd61eea2301a9d1ee/detection
# Reference: https://www.virustotal.com/gui/file/c6d27d7c4b643205bbfb6b42d02e70865dcfcace603fd0bf588f60d4deba7674/detection
# Reference: https://www.virustotal.com/gui/file/a4a9d8e54b6cdc1f0743eb9d42bb55a7d5f81517f1391dc1e1786847e6ff6c8c/detection
# Reference: https://www.virustotal.com/gui/file/83e8bf52029e0d61ff9f07b02d52e1a32deb46d7258f4212ba018c3f9c4eb305/detection
# Reference: https://www.virustotal.com/gui/file/239b5f0f4ace74ca154c49814e30670f94f7008baaf6a3a978f4c8fceaf776e4/detection
# Reference: https://www.virustotal.com/gui/file/846e619b72311320846057131325e3197c5e317446f72d34787686646a61af04/detection
# Reference: https://www.virustotal.com/gui/file/63407b80d92c77e4ecc5a953b9ffd0b88768bed58e7c9789348cf57cdb4fe04c/detection
# Reference: https://www.virustotal.com/gui/file/7b87ddbee7b40b901a60f10a6944099378311563a9c367ebb46b79c7b49f747b/detection
# Reference: https://www.virustotal.com/gui/file/8921811046b0174d2372fc6abc359f3dfa04033f9c8b9c70a055836c3c7a1aad/detection
# Reference: https://www.virustotal.com/gui/file/5d22085aec8646c9c4615ed5babd765eeeada5e7b54d960aad9cfa9ef50e851a/detection
# Reference: https://www.virustotal.com/gui/file/13c12d4e10d3b446e5056bc710fdfd9883c55f5269207b39970814265c176ba6/detection

102.52.0.42:2514
105.155.221.57:17935
141.101.168.56:2514
141.101.168.62:17935
141.101.168.75:2514
172.94.62.102:2514
188.72.101.107:2514
188.72.101.141:2514
188.72.101.149:2514
188.72.101.150:2514
188.72.101.151:2514
196.71.79.159:17935
41.143.164.21:2514
41.143.204.82:1425
wxcvbn2.ddns.net

# Reference: https://app.any.run/tasks/53ef1cb6-bf18-426d-b10b-ef70edb4019e/

193.161.193.99:33409
jebacdisaskurwysyna-33409.portmap.io

# Reference: https://www.virustotal.com/gui/file/19ea4f8d6f36b7a8d5b8ade979f2d2ca56b21075e7100700c6dca6a4731c0322/detection

microsoftns.dynamic-dns.net
microsoftns.system-ns.net
supportwin.dyndns.pro

# Reference: https://app.any.run/tasks/d6c127ea-47c9-43fa-a188-77924207f648/

cupastore.ro/zook/

# Reference: https://app.any.run/tasks/6588ffdc-9204-46eb-a999-21c08c3db64b/

2.56.152.93:1604
2.56.152.93:54984

# Reference: https://app.any.run/tasks/ec9d6cce-66b7-46c1-a057-f24019974d42/

193.161.193.99:42884
paul994i3-42884.portmap.io

# Reference: https://www.virustotal.com/gui/file/7cae26824336e46214fe0635d3c73073dfffbe38909896a6a586f939d39e091f/detection
# Reference: https://www.virustotal.com/gui/file/c04b1facc631a33e22799f2ba896ed90e485b9e3e1dc26f83b660cadf98ddf36/detection

82.202.167.227:4445
82.202.167.229:4444
mnl485.hopto.org

# Reference: https://app.any.run/tasks/72e3f753-c529-4b64-8319-e25fcdba2e58/

172.104.63.12:4782
blackfriends.ddns.net

# Reference: https://www.virustotal.com/gui/file/a3fa75a72b8e74f8907911061f06378d5eb56762c204019d5a61ff63c9b31ce3/detection
# Reference: https://www.virustotal.com/gui/file/3c2520e74f1afbd199c2f3722f7d29ea5bbcc743fac84ef35c7126a72ba995e0/detection
# Reference: https://www.virustotal.com/gui/file/88175cfd23cf4f14077a7de848eda87fd603b59a1c4b47d69e589deb91ce87e5/detection

178.187.178.66:25055
178.187.186.145:25055
178.187.233.124:25055
scandalize.bounceme.net

# Reference: https://www.virustotal.com/gui/file/baf003124429c4fe49b8b6c5f55762a54378d3c2e12c44ba2a5c8e8d5c33cf08/detection

177.205.152.182:4782

# Reference: https://www.virustotal.com/gui/file/8484a7a2ead6abc20fae7bb2db2714fa0e9f5544dd1484e2774a472d4bae35e7/detection

95.165.5.79:1338

# Reference: https://www.virustotal.com/gui/file/c1223b7097737efe776fee604cb4557e6e8668ef29b435ab42e053621a1e923d/detection

95.165.5.79:1339

# Reference: https://www.virustotal.com/gui/file/7bd59fd11300f587bc2830fc3543e89dbdfb71f2095e4154447720aa35791efb/detection

31.220.4.216:4782
baggard443.ddns.net

# Reference: https://www.virustotal.com/gui/file/dbf987aa1a9f886c3e9c4a7a2efa26a33fb63ae5cad5f1b06dc0a85bb2d5c6e1/detection

82.29.120.193:4782

# Reference: https://www.virustotal.com/gui/file/ab127e608e37fb20be0e23c048cb5b35a3dcdfec1abfda80ea971914b18a18f5/detection
# Reference: https://www.virustotal.com/gui/file/0417a72247b87e34735206c56f625477cf5a93ff1adcf7e6cdcc2c72ed636235/detection

65.21.19.42:6969

# Reference: https://www.virustotal.com/gui/file/81457d43d3d1fbef9a4f102aa64d267166f193ba9886817ff56ecb8f12ae85b6/detection

172.111.154.46:5555

# Reference: https://www.virustotal.com/gui/file/9406e240514471d7af9f2ad55985fd3b34b9636924a392686316b4e23b0bb543/detection

164.68.122.235:5559

# Reference: https://www.virustotal.com/gui/file/8c087fe6a295dcb398447069e0a7f7ade16291acdc959751337fb9d650097814/detection

50.34.62.208:4444
certalaw.ddns.net

# Reference: https://twitter.com/pmmkowalczyk/status/1374061231934484482
# Reference: https://www.virustotal.com/gui/file/eadcb3875456a7061f5ada0bb2d90b0489970fb6fa92ae276af4ddbb65575dc8/detection

176.31.8.233:4782

# Reference: https://otx.alienvault.com/pulse/605f1f7b0b6771231bc9b3e9

ketamin.jednoduse.cz
niggerballs.funsite.cz

# Reference: https://www.virustotal.com/gui/file/4851f56184e0254f14ae9f3351f32a16e5761892375d7baa685a8a7096675f55/detection

193.161.193.99:54721
193.161.193.99:8420
voxxx-54721.portmap.host

# Reference: https://www.virustotal.com/gui/file/fc4d7f21116c0f5d9629490536a4932a6acdf53dda5a6a86f232d7fc283c9675/detection

185.204.1.236:1528
pisulka228.ddns.net

# Reference: https://www.virustotal.com/gui/file/e62d5d03c66c9d4bfef592850e8e0589d3fe4bf81b582627d53fd9666eab4499/detection

85.25.93.141:82
monlolo.publicvm.com

# Reference: https://www.virustotal.com/gui/file/ed63e1665ccf622e7db42689fac31491ccdad75a37c328e2bcffef958e2b0a85/detection

81.225.131.230:4782

# Reference: https://www.virustotal.com/gui/file/e3b7a3f309ac6b5dacb02cf23af104f79ac16b537be3a71b03eafe034e3e66f3/detection

104.220.155.240:139
flyhighontop.ddns.net

# Reference: https://www.virustotal.com/gui/file/fba17f739e49a3d2971b3240a0f151a38d362b54ea91d465131e35d487407e62/detection

46.101.249.24:59863

# Reference: https://www.virustotal.com/gui/file/a64ad0ace6bcedb3d6b6fe281696e1e9f608f0dfb448ec15d99b82403d259ea3/detection

noamkennane.ddns.net

# Reference: https://www.virustotal.com/gui/file/3db8dffa572ff7fb2cabcae80f33f58305d2ef01b8cc59e97a032ae1634ce43a/detection

178.194.244.97:9081
rrnns.ddns.net

# Reference: https://www.virustotal.com/gui/file/1b23264d466775652ab9a55156a66d6b6ee4f494ca435856d9236aa47449459e/detection

89.160.26.37:1807

# Reference: https://www.virustotal.com/gui/file/78047575407c55f45b582f01ce6112136fa06200e9c98ed714833a4bba56cbeb/detection

151.115.36.90:48716
war2.playit.gg

# Reference: https://www.virustotal.com/gui/file/ac6cb34e13a090e1704b0b37057d0d71447c153fe01203f9c034ca6d9649d1b7/detection

134.122.66.170:54882
amazing-locket.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/feed59f571e1e7e9c4a6a308debe76ec5e6c1ec8ee6f587e80fb36100a85c176/detection

134.209.194.210:56966
awesome-street.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/034b2dcff6b90ed402439cc9406f951264df4f884219ba9c6c06f40c9b5f88e3/detection

134.209.194.210:55383
whimsical-sleep.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1c508e1680871ca36b601eec6c8404eb4d0580bc9c40535a562b0c0a98efbbac/detection

46.101.249.24:52838
fnk2.playit.gg
whole-range.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/17ab3138b8d663151506c9781e1d7185ec5162ba50f914905d3b2015e7a8c4e8/detection

134.209.194.210:59559
mighty-ear.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/43ed3800cf12ce5e5cb4014c776404de2b8758b1c4e9a0f720c3372e0c8492c5/detection

134.122.66.170:58810
ad-business.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/eba893dcdd2eca6dc2c73edb2bc55caa72ec0181e385fd53091809535761fd35/detection

134.209.194.210:59313
striped-page.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/17619c62a9481d0df457e78676427cae921a6c893340e00b31dc848ad51d52b0/detection

46.101.249.24:55732
spotted-feeling.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/fb41b76f7b9eff1425e2ebe84c2717abaf3510c0447f92f3371305a571596d7f/detection
# Reference: https://www.virustotal.com/gui/file/718b6ff7898ca5c0d3365bfcbf3075927d2d82d09c4339cd4e2b50fb635cd4bb/detection

134.122.66.170:43533
151.115.36.90:43533
straight-anger.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/9c31ff69fc51ca8009806734f71391cbfc0c193f36d0721f009679e2ff87e462/detection

46.101.249.24:41798
narrow-ink.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/f700dbb00b021ec7aae45730deae300139cc3e644d6375d7d9d2a6d2330bb0d6/detection

46.101.249.24:41705
extra-large-step.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/8b991be4706455f00586b345e836f27f8bc7c739a5e74090f425267f7e23230b/detection

134.209.194.210:43523
brawny-seat.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/4f659f6cf574a8904cf22199060ba624ce9da8d1bc8109144737915ec014987e/detection

151.115.36.90:46094
gorgeous-leaf.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/abec58e458a1fa4f7ccc6e973b92fbf66c514be260c898418e1f841d2494f009/detection

151.115.36.90:57331
changeable-giants.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1ce8680acc2835396aaedc6a25fdfe5f5c870558462bd303de540425f671b499/detection

46.101.249.24:55340
complete-payment.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/19e244532cd6ad24727c86f56b5cdff2602293c66851696e3ee2214b6f8bd3b9/detection
# Reference: https://www.virustotal.com/gui/file/48177e1ead1bdd70f6ebdb8c4441e78ad669103e8d4d26fee4b37a1f823832c3/detection
# Reference: https://www.virustotal.com/gui/file/690426e7d8467c818fe9ee7235480722898ddff21a880f28a1beca78afcefad7/detection

134.122.66.170:58810
134.209.194.210:56579
46.101.249.24:56403
ad-business.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/91168324a09faafa887ef10df274041fe4d08f61ae1ff46c289d5f9980d488c0/detection

151.115.36.90:47956
possible-fang.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/d9bfb7c59b057e74b499903db445403bd52f7749c7769861839d6180ad3bb287/detection

134.209.194.210:47610
curved-pickle.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/96a48b55c3778439dc40d26ad0253d75e706187d08a1144e4fa0367ba81fb93b/detection

134.122.66.170:51717
normal-head.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/c53aac525970eab5237d076ed8d546bba4a5392ba7b5853ec1aae924f56f9551/detection

151.115.36.90:59217
151.115.36.90:59218
flimsy-punishment.auto.playit.gg
solid-daughter.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/837b9a497f114cab46d6d2048b3b7fee8d05acd1a4d41611bb49516e99a38f2f/detection

46.101.249.24:59842
46.101.249.24:8182
89.70.105.138:6801
89.70.105.138:8182
true-blood.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/66318276cb8c1d91f6c5a18150894ad855291a56ad5827fd72517c9e2bde3be9/detection

151.115.36.90:58708
46.101.249.24:59863
dazzling-appliance.auto.playit.gg
lamentable-rail.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/3b84dafeea7371a64717b2923acc1846bc95dad25593aa62835479320700eb7c/detection

193.161.193.99:2222
193.161.193.99:35036

# Reference: https://www.virustotal.com/gui/file/8408d1f093d32f89a3ce5ba353e9c3040ddfb5404666fde3dd66816df9927496/detection

46.101.249.24:52841
thundering-grade.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/1a2afe47a8f33065790e4db59e44e6df8c1ed94ce539e602a3c4c96f23c6f7c5/detection

151.115.36.90:53960
adamant-ear.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/2914cdab27d016c72c57f394b65bf0e58123ca7beac43abf77954d3e5a519e3e/detection

peaceful-woman.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/78047575407c55f45b582f01ce6112136fa06200e9c98ed714833a4bba56cbeb/detection

151.115.36.90:48716
astonishing-cent.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/5f4f3656295faa101f83c611df9d1842773d27d8fe52a63317dd527c9433abd7/detection

134.209.194.210:51952
roasted-flag.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/67d44cc5b685c7b4155145afd1bc4a1e1f052f94af56e9de8efc1ce097fad4d6/detection

134.209.194.210:49473
witty-apple.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/404b9b48521597b0c740cd0f945c0c2050ff9c4b1c1e98164ea9bc89e854f9d6/detection
# Reference: https://www.virustotal.com/gui/file/9627bda879a554b285be5321a6e3c206c88d86c0040782d49679f89a92ab3fe1/detection

134.122.66.170:45908
134.122.66.170:59566
miniature-road.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/ca98d71d7440f5b6c680c99824931c10fb5f0055a710ee059fb1978455cc9596/detection

46.101.249.24:58736
steady-cows.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/fbebdf6e8fa43a2458cd66a14dfa5b7127727c55b93a67f40f400e8c48b6a92f/detection

134.122.66.170:40020
abrupt-zinc.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/061fa898d76a5b1abb5fc77ecc6fa935bdd0476f8973b8494617d01c81ef8005/detection

134.209.194.210:42533
wide-party.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/93f9dc469e9aa67e641e2f0773a1362eddf91ee6b8e3cf42680dd8f55f1327db/detection

mrmonopol.de/Download-Status/Menu-Status.json
mrmonopol.de/GetLoginCount.php

# Reference: https://www.virustotal.com/gui/file/e2ba0150a208eab7dc9a705540cfaa5687e2f70081d5cd87032beb08b4556d68/detection

135.181.170.169:111

# Reference: https://app.any.run/tasks/65b32213-989e-4e3c-8239-412e0bf8110e/

77.29.72.108:1900

# Reference: https://www.virustotal.com/gui/file/bea681346030b94a93aa5e888c60cbcff238835fe066e2f518ba27a116c0dc40/detection

24.101.234.141:4782
bigass33.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c04b1facc631a33e22799f2ba896ed90e485b9e3e1dc26f83b660cadf98ddf36/detection

82.202.167.227:4445

# Reference: https://www.virustotal.com/gui/file/c13f62c823eaa3253a15824288e526c454bb311a1c7d51547f777495cd115b19/detection
# Reference: https://www.virustotal.com/gui/file/f31a7aa81569e5f9cb7cfd42e617c9d7e9564727edbd58666368c98e41ab9a84/detection

185.63.190.102:4445
185.63.190.190:4445

# Reference: https://www.virustotal.com/gui/file/09b554ac2170b876c7a602d616782b3ee93a22aebed13ce4ef6eb56ee04ea457/detection

95.111.241.233:786
jayshreeram.cf
/windows/fghdcfrtxcgfvhgdfvhdhtgjdsgvhtgt1b.txt
/fghdcfrtxcgfvhgdfvhdhtgjdsgvhtgt1b.txt

# Reference: https://www.virustotal.com/gui/file/a55a037feda593917f9c302f51159ee9835e4ac1fc3320cae36ead2202658f02/detection

104.243.252.61:4782
managementlover.hopto.org

# Reference: https://otx.alienvault.com/pulse/60c745f853687724fee52779

crnjari.myftp.org
titine555.ddns.net

# Reference: https://www.virustotal.com/gui/file/b01426ea91c9a88de2248a505a2307936e11ab06e1f84516e308ee69bf7f0407/detection

zeroplan.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/30e775618deea4b49973f84a4b97a6e8ad42edd6cc3f6d629b9245efae186b4e/detection

176.49.167.65:4782
erbaevbann5.ddns.net

# Reference: https://www.virustotal.com/gui/file/ddb20b3961c7efca1d3bd6a5e7ca0ecec2c4e03df46f22fa83f72d0416f8fbb3/detection

94.78.243.127:8882

# Reference: https://www.virustotal.com/gui/file/fe8da12b49bb4840abd7def92daad0f69cc9caded24f9a508723c43fd449fb85/detection

176.49.43.50:3332

# Reference: https://www.virustotal.com/gui/file/c0eee6869cb1d1b6c8309151b45795b8866f7171b365dc29f7610cf385264239/detection
# Reference: https://www.virustotal.com/gui/file/e42b7deb2e234a6a5a1e3d152ce111e1a529428c494119fc46f3edc8495a5997/detection

104.21.13.168:5480
91.109.178.4:5480
societyf500.ddns.net

# Reference: https://otx.alienvault.com/pulse/610e76f9ad6c0f66cafac828
# Reference: https://www.virustotal.com/gui/file/a725bb8800499239e18eb3973b4c4371214e8da4efb12108ac42957a3819572b/detection
# Reference: https://www.virustotal.com/gui/file/4c4e3338698163228a0956b7ac502339f0e6e489bffc99355b6ec761adec2bd2/detection

166.62.33.218:6624
79.134.225.109:7894
gfhtytydj.xyz

# Reference: https://www.virustotal.com/gui/file/000ae7a6d1910aa7e076a5c9be84edb45edcb642c8299d9e94121653d838f548/detection

172.93.187.248:6767
greathop.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/bd8d5510731334889a329ee2312a9e2fb5cbe69f24e9c79f36bf1c96ee1e3cf9/behavior/C2AE

193.161.193.99:60692
windowsupdate-60692.portmap.host

# Reference: https://www.virustotal.com/gui/file/880cf669488f32e9a063753d945bc76603e60c2595186eb865db28781dbd5926/behavior/C2AE

111.68.98.167:5525
chanvick.ddns.net

# Reference: https://www.virustotal.com/gui/file/b732551af8559cc4cdae7bc6e7ef72e8d262ccb20e2cf6852a712dcbe454840b/behavior/C2AE

188.26.26.28:4444
ifuckedyou.ddns.net

# Reference: https://www.virustotal.com/gui/file/a7233919091d3e986cbd6083ad66b40c233330b75244c8fa621cb0e5c0b77c29/behavior/C2AE

176.216.222.56:1604
darkerzm.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2ed34002c15c4a5c51ab7092f93c2e528da978c4f526a9260b7b327b6b96ccd9/behavior/C2AE

201.113.64.208:4748
facebookmovil.ddns.net

# Reference: https://www.virustotal.com/gui/file/21be527bf9faf1d1b299303567e311b8af41ca147f59c969ba3a1cb7ab89fb55/behavior/C2AE

191.95.50.114:4444
otave.ddns.net

# Reference: https://www.virustotal.com/gui/file/27e86a7ce0bb3a2059ce5bbe9bf4fc785b9fab069b23e19c33f023ec1aeba992/behavior/VirusTotal%20Jujubox

43.248.201.133:22179
a473308269.e1.luyouxia.net

# Reference: https://www.virustotal.com/gui/file/8283431468392c588fe58acf4f8fae3d6340ab8f670eb98e74712c60fc469c72/detection

194.29.101.219:8808
microsoftcorp.ddns.net

# Reference: https://www.virustotal.com/gui/file/ca43e0d13b3be91ccf4f970a32c3baaf4d860f88b5291d09d93eebf18f35e851

91.109.188.11:5556
91.109.188.15:5556
wade442.ddns.net

# Reference: https://www.virustotal.com/gui/file/c918aa776b530cb53328b1737f542f9d5df3ee52f6499e83e1cad95a04448946

kalukalia.bounceme.net

# Reference: https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
# Reference: https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/649/original/network_iocs_for_detection.txt

http://62.171.157.185
af-gov.ml
afghancdn.world
brkle.tk
vmi1795198.contaboserver.net
vmi649360.contaboserver.net
vmi596205.contaboserver.net
vmi387094.contaboserver.net
vmi479022.contaboserver.net
vmi356403.contaboserver.net

# Reference: https://twitter.com/pr0xylife/status/1465745543821504521

37.0.10.5:8021

# Reference: https://www.virustotal.com/gui/file/069a8947620cd2bf8dc94a23c3526099126d5050e149002fa0c82f00a1654ee3/detection

68.119.12.79:4545
money14.ddns.net

# Reference: https://twitter.com/pmmkowalczyk/status/1466722279820337162

89.64.38.50:4782

# Reference: https://www.virustotal.com/gui/file/9ab9f18dcd72590c539f4fab5653e80a42a3236c093db5ea465c008972db0ad8/detection

149.56.200.165:4782

# Reference: https://www.virustotal.com/gui/file/6f194457591e38ef91c704ee2e78d676158721b7123c5d6f1f7ab893525c1d0f/detection

5.36.102.135:4782

# Reference: https://www.virustotal.com/gui/file/ebd2a856d7839f3e9439d2932cf9667d5a93669e82a14ea07928a214912909ef/detection

193.161.193.99:20983
193.161.193.99:21462
193.161.193.99:28588
193.161.193.99:46831
193.161.193.99:53748
193.161.193.99:58369
baguito81-20983.portmap.io
guinobatan710-58369.portmap.host
kurama98-28588.portmap.host
minokawa386-21101.portmap.host
orationseas7145-59097.portmap.host
oyashiroen83-53748.portmap.io
shenron481-46831.portmap.io
vestigiallorde041-21462.portmap.io

# Reference: https://www.virustotal.com/gui/file/f058237a17377f527e5328787b632bac3d231216ebdf7b543ce2b09538284db0/detection

86.211.116.251:10134

# Reference: https://www.virustotal.com/gui/file/3f7221f4ced4281ddbbc86481b8e47f23726fddc593d339cc59d07584516ecc9/detection

23.227.199.106:111

# Reference: https://www.virustotal.com/gui/file/3c915591d124d4ba2a7cf4c520f35e072f2867b7565b79720f706d46e8212922/detection

70.69.200.38:2004
70.69.200.38:2912
karmakoin.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/64ef17ace9a8106442a5982791116fcec1d77f3affe177e4a02ee1d5c9446580/detection
# Reference: https://www.virustotal.com/gui/file/113550041ffe36f04838584d21680a5c21e33723e0eee88a81223216901dc627/detection

92.15.9.84:5025
92.18.56.180:5025

# Reference: https://app.any.run/tasks/f8d58093-9db3-422e-a162-e6cc1885b411/

92.9.26.75:5000

# Reference: https://otx.alienvault.com/pulse/61d97dff8f93b99c434c27b4
# Reference: https://www.virustotal.com/gui/file/e1792c836a45863c38eee83a446874828f54c1d3bdad3f1d79c83c360d40c647/detection

18.158.58.205:17874
3.67.62.142:17874

# Reference: https://www.virustotal.com/gui/file/d2f8a802257bfd775207a7dfe678bab09df35585b08e804cc5f400c9563d5c75/detection

90.113.134.137:4782
lahuisshamilton.ddns.net

# Reference: https://www.virustotal.com/gui/file/6ec6403a556329054228ec1382db4b840a0febc58e8c2d800bcd59b9ec39deb4/detection

3.13.191.225:11555
3.17.7.232:11555

# Reference: https://www.virustotal.com/gui/file/a4a782953e6a2b1366e842125b9671e097d0eb1e132b7e861cb7de2085fa3f88/detection

79.134.225.79:4782
nv1quasar.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1479767752885874688
# Reference: https://twitter.com/malwrhunterteam/status/1479855377642569730
# Reference: https://twitter.com/malwrhunterteam/status/1479859667471896581
# Reference: https://www.virustotal.com/gui/file/70ad9112a3f0af66db30ebc1ab3278296d7dc36e8f6070317765e54210d06074/detection

107.191.42.179:4782
149.28.28.241:4782
black-crystal.net
inject1byte.com

# Reference: https://www.virustotal.com/gui/file/2ba92b46b189663bb5cd8c1b865bf514a390e7e81e74e7a7fa0829bebff827e6/detection

3.236.172.182:4782

# Reference: https://www.virustotal.com/gui/file/3b2255cb175608da1c8d79e3d2225121e905a296a4d1c8ea7023f48b1af3d5a5/detection

195.214.133.99:1604
enayiqwe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7d2e8483a08d518c6fc8024de0e59f559bd3aa7608d89f9e3f9d5e2f323a6098/detection

51.15.19.32:4755
vhosts.linkpc.net

# Reference: https://www.virustotal.com/gui/file/021d05f5b032f1335021652d3b1243a6413039eed56ef8012420a79a9c9cd768/detection

86.81.129.56:4782
happythepeppie.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f0fa158a064d54287a050472af25d509efbd0fcb13bbeb12d0b2437e50d5e81/detection

ronisbon.ddns.net

# Reference: https://otx.alienvault.com/pulse/61eaa17a2c74b1810990d4c5
# Reference: https://www.virustotal.com/gui/file/c698e97adc80f1c848dc6cb5786337679579eb09879423a2667b94f5e740c4f4/detection
# Reference: https://www.virustotal.com/gui/file/56e17524d7094f21b736888208ec3b7e427f60c3bc53a184bcda5a656a8f1976/detection

176.27.117.213:7763
82.27.178.185:4782

# Reference: https://www.virustotal.com/gui/file/1a3c5e1a2a52a3796116eaf838e36a23bc6428b42bd1c5c5a17aa73ab8974e46/detection

212.192.246.239:1488

# Reference: https://twitter.com/0xrb/status/1488731693624467458
# Reference: https://www.virustotal.com/gui/file/e217101735da4d01fca4b7b8a0ed676c9b41497e612a3185edb732dbb9f4e893/detection
# Reference: https://www.virustotal.com/gui/file/0b40fee2e4acd420e61d90ec27e1779c3e947fa514ea31dc8efa90883bd01d42/detection

41.233.92.230:1338
41.234.46.29:1338
anubisgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/00f18e101bb64d3f88a17ca042f2906eb66322fb43aa1e131979dea24395f5b8/detection

141.255.144.69:4782
45.164.102.183:4782
192.3.118.147:4782
111234cdt.ddns.net
warzonecdt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c3b2f3123f6eb080c81b10f7d5cff547514b9c66e5f5aa273190a9ee6ebd262c/detection

15.235.13.122:3043

# Reference: https://www.virustotal.com/gui/file/da6a34bce3465d3cedf6d1f2a4b2861fb17442c5e66b69791c3f9fc2f3909cb0/detection

limanlimanlawyers.com

# Reference: https://twitter.com/James_inthe_box/status/1494023486896939011
# Reference: https://app.any.run/tasks/70e72460-7a24-4004-b404-91c9346aa7e4/

195.62.52.147:222

# Reference: https://www.virustotal.com/gui/file/4c15ba67e0ecccf9d3349f77dbaacb5d54328d59709eee91973699f463a5ca02/detection

141.255.158.240:1177
testintru.ddns.net

# Reference: https://app.any.run/tasks/11802417-6001-412c-a9c7-19c5c51da909/

77.243.191.246:1604

# Reference: https://otx.alienvault.com/pulse/621b68f83ceb36e568fc2606
# Reference: https://www.virustotal.com/gui/file/1c29392ce620c075397f10b33feba9314da6c354cb4b5d005786a6bee759d14c/detection

86.100.178.31:4782
getratted47.ddns.net

# Reference: https://www.virustotal.com/gui/file/04152d9b7dc4f535a86bfefa95b6d8b210b1f4b277c2ea2dab511692e906a120/detection

107.189.13.175:4782
gonpdaorgkwkphn4.ddns.net

# Reference: https://www.virustotal.com/gui/file/9adada1eea936515bebe468ee4c1bc040d58ef4f1e4cc09e03c569a4d117e47b/detection

40.71.25.32:4782

# Reference: https://www.virustotal.com/gui/file/98a1b7684f5f24409ab531b79e1e6964f0143d6ef69cc2c177142d2b6e9fa7f7/detection

51.77.78.41:4782

# Reference: https://www.virustotal.com/gui/file/6c2333bfe08608f84e4088de6313ea668378076ef5caccec6f8bf72a08afad2f/detection

178.183.86.253:1223
quasarisking.ddns.net

# Reference: https://www.virustotal.com/gui/file/e31a1f48f047cec3c0930ad4799c07f4d37896fe6db7efc78aea2b18a3585cfb/behavior/C2AE

telo1928.ddns.net

# Reference: https://www.virustotal.com/gui/file/f07b79a4702ebbe6bcd7db0dff1a9e803f0fcaf2893ec8148d45ff36aad1284e/behavior/Microsoft%20Sysinternals

83.226.174.10:4782
sigmahq.asuscomm.com

# Reference: https://www.virustotal.com/gui/file/8b83cd673984ad7ef6c1c54c75e0c511625d66ca58a7bcf0f63ba7a3bb900600/behavior/Zenbox

nullmeta-46673.portmap.io

# Reference: https://www.virustotal.com/gui/file/27a41b7363b04ba21e8d60bfe711d5afbf41649ed09d9eadb413228e4ce695f1/behavior/Zenbox

5.45.84.220:5552

# Reference: https://www.virustotal.com/gui/file/f4d3dd9889b6b38650c7595cea792bcb7ac9567a91dfe2c3937424679e9251bd/behavior/Zenbox

152.69.230.196:25575
103.19.2.56:30700
frp.freefrp.net
jp.cdjxt.net

# Reference: https://www.virustotal.com/gui/file/1cc2a06106328b2795423289396d061132c6dfa606089f3bccb5b31cc3076a3f/behavior/Zenbox

atomic-nt.ddns.net

# Reference: https://www.virustotal.com/gui/file/53cc1b9d26b50fb7f2aed41661629de08be45fa6fbbfadd7a860919d2183ec6f/behavior/Microsoft%20Sysinternals

137.184.106.160:1609
savedavid899.ddns.net

# Reference: https://www.virustotal.com/gui/file/b9f98fdd38a1b512c4efdae5469061d6427e5956d26c73874eb631247860055b/behavior/Zenbox

seuq-40577.portmap.host

# Reference: https://twitter.com/pmelson/status/1113099808485642242
# Reference: https://www.virustotal.com/gui/file/367edd938062646374f9fe5f101181ec51602c13d885cbfaff113e35cd0a7e38/detection

piwebserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/86bace047ff817520aef555193c6ea42a96fe65e2546b0ae1254072f4c9523a3/detection

178.26.177.127:4782
quasi1212.ddns.net

# Reference: https://www.virustotal.com/gui/file/f09425c4cb30ba3a380b92b3bd6bcf2f56e0c146dbd907e211df861ac13e2eab/detection

cookiehub.ddns.net

# Reference: https://www.virustotal.com/gui/file/ea6b5f72b61df130d8f4e58752e97f5c88a59067b7dc2b5a1aec9fc4ffcbf663/detection

216.250.97.121:1447
decodedenied.duckdns.org
terminalstack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8491fa9f72ee8a693ebd5397e86acbead5c1ecffeeeb78a430bedcaa414acde1/detection

150.129.234.203:4782

# Reference: https://www.virustotal.com/gui/file/cf34c3f4a55300effbe908be4642b8a0b6a0317e6beaa885e0cff0f70ab830e2/detection

taisunwin.club

# Reference: https://twitter.com/h2jazi/status/1500859722475442178
# Reference: https://twitter.com/BitsOfBinary/status/1503414495548428296
# Reference: https://twitter.com/BitsOfBinary/status/1503414588582289413
# Reference: https://www.virustotal.com/gui/file/d374e125e7c44d898d3e679d3d428dbfbd9c6af246544f1edf0a46a37a6564b7/detection

b29.bet
choigo88.us
playgo88.fun
web.sunvn.net
web.sunwinvn.vip

# Reference: https://www.virustotal.com/gui/file/010a37b27832617f514bd1269406a7790fcf2464a8cb894e10c03cd34d299df2/detection

185.162.41.52:5431

# Reference: https://www.virustotal.com/gui/file/d0ef4dca82793b28b195630226cb3ccdf9d257b91c0d6f2f60641dde0b1427ec/detection

45.77.71.50:8082

# Reference: https://www.virustotal.com/gui/file/72873e81f5b42d04e6576f46d9032f01a98529fe5ea2f3d65fd58e6367b3d9d3/detection

92.240.245.41:69

# Reference: https://www.virustotal.com/gui/file/026344fc96db577e228afc3a99367872c53e5d83cc8dfd93fbc274272961be97/detection

24.67.58.197:4782

# Reference: https://www.virustotal.com/gui/file/b932926b0935ff35573487d23de29f01253a51cb9aac214b61d463942c9ff0c8/detection

194.33.45.23:1188
puredgb.duckdns.org

# Reference: https://twitter.com/BitsOfBinary/status/1506558985884905479
# Reference: https://twitter.com/BitsOfBinary/status/1506559083524104192

go88.gold
go88c.net
go88code.com
go88vn.vin
sunvn.vin
sunwinvn.vip
play.go88vn.vin

# Reference: https://twitter.com/h2jazi/status/1524012184010997760
# Reference: https://www.virustotal.com/gui/file/d9e15030ccb843d7869f808e3fa2e1962c95caba4e8c84331df171d94f5ecfbd/detection

go88.live
tai.go88.live
/EW4KQN3GTWST.html

# Reference: https://twitter.com/BitsOfBinary/status/1506559228680544260

thesieutoc.net
/wp-admin/pE8xYY3x6p

# Reference: https://twitter.com/souiten/status/1508707816722210822
# Reference: https://otx.alienvault.com/pulse/624467133751159cb76936f7
# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
# Reference: https://www.virustotal.com/gui/file/b19af42ff8cf0f68e520a88f40ffd76f53a27dffa33b313fe22192813d383e1e/detection
# Reference: https://www.virustotal.com/gui/file/38f2b578a9da463f555614e9ca9036337dad0af4e03d89faf09b4227f035db20/detection

digital-ministry.ru
wallpaper.skin
/GtkjdsjkyLkjhsTYhdsd/exploit.html
/GtkjdsjkyLkjhsTYhdsd/

# Reference: https://www.virustotal.com/gui/file/1464e7d26d44d7a83f057056954155a3bec0ee3dfebde5bea8e36945e735c79c/detection

binatones.gq

# Reference: https://www.virustotal.com/gui/file/000a82405a057d0c893eea42241e4a13a088c9323155d1c3efd1072c639a05d0/detection

18.189.106.45:17365
3.141.177.1:17365

# Reference: https://www.virustotal.com/gui/file/a6cf306779e3d40aad5afe4690357ecba8447ef325683848ecf10531eeaa8311/detection

104.238.221.246:7002

# Reference: https://www.virustotal.com/gui/file/4bf237f0bca40a3cb4db6d764c053834267d6d69f9f5bb719bc7714884108d27/detection

195.133.40.110:9281
boauzbjqc.ratkings.net
milcnzkaghjp.ratkings.net

# Reference: https://www.virustotal.com/gui/file/5e118482e9bece1a30b00fd304f745894768a50e70572c3ea63e4925a1a8dee0/detection
# Reference: https://www.virustotal.com/gui/file/d6832f52d4ca9135366c91cb614e562dfe5ea70d1880d2721912e6de9d8ba051/detection
# Reference: https://www.virustotal.com/gui/file/61057b45b0e7f6a3dceffbeab6fe70c1cd23d0757a9b91462911bd07401d79d9/detection

203.159.80.136:9164
payygnwixvapfuev.ratkings.net

# Reference: https://www.virustotal.com/gui/file/919c3ac16cfb309d464a667538fa4747bb714150c7b7178db5d266d1391c2305/detection
# Reference: https://www.virustotal.com/gui/file/919c3ac16cfb309d464a667538fa4747bb714150c7b7178db5d266d1391c2305/detection
# Reference: https://www.virustotal.com/gui/file/898216543dfbe03ead8ae9e2963d972b1963da5e00addab93702a9ec1a4b216a/detection
# Reference: https://www.virustotal.com/gui/file/3e42b7042e49eb4cc68fd8b74134090409c8321714fb2dfd2cf7d651b36002a8/detection
# Reference: https://www.virustotal.com/gui/file/004604c4b53089c333f87fb67e4ca87a0d30395656b8d1760b38a5f91535bbac/detection

195.133.40.84:9521
nwocbautemxpq.ratkings.net

# Reference: https://www.virustotal.com/gui/file/d6989e78c8426490d04abd3bc6b54f024082dd501aaf6f7ddd850aa70d06e7b2/detection

2.56.59.95:9425
owryqmzprba.ratkings.net

# Reference: https://www.virustotal.com/gui/file/f9a3361dfac60a4230222e12e75fb1252e8d7ca9d99056509750826939f632ac/detection

88.241.115.137:4784
94.182.110.170:8080
deli.mywire.org
kral.linkpc.net

# Reference: https://otx.alienvault.com/pulse/6252c7ef5988485ad5c95e25
# Reference: https://www.virustotal.com/gui/file/778237b400877a786777628b39dca1c1ae0fe6f44f312523179775d4d51b4729/detection

185.215.113.62:4782

# Reference: https://www.virustotal.com/gui/file/6f69b9f462a1259d0a98b50465313aa21d280dd5ff71bff8ad2259e3f466dc6a/detection

152.67.214.67:16706
3ccbb2.gq
c12123.top

# Reference: https://otx.alienvault.com/pulse/6256bc76512ff0aa00c84c39
# Reference: https://www.virustotal.com/gui/file/13cce0103de2c7f5ab8d3703e468a60e171cfa1597d0b3b7f712418bd9d7bb41/detection

abook-29729.portmap.io

# Reference: https://www.virustotal.com/gui/file/f5edbd082c285f6a6bdfaa059105b70730a3f568fadb55ba766f2170b1d6181d/detection

64.188.13.46:13373

# Reference: https://www.virustotal.com/gui/file/2f45acc826d020443c1a92e7e970f969e8eee6cec4f2f9a524a11d5dcffa6ee5/detection

45.61.136.244:2404
45.61.136.244:7070
45.61.136.244:7777

# Reference: https://www.virustotal.com/gui/file/30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668/detection

letmerat.xyz
selfdestructdns.xyz
whereami3.xyz

# Reference: https://www.virustotal.com/gui/file/a16d5e943be3ac61b273bc52c1e7ec7f130a322d427835c75db2838fc162710f/detection

91.174.27.217:4782
ipfix.ddns.net

# Reference: https://twitter.com/h2jazi/status/1524408606363471873
# Reference: https://www.virustotal.com/gui/file/fe86697bd0cba7c7a55b3bf1f75034be5dc689f3428a0a465f5d473350354383/detection
# Reference: https://www.virustotal.com/gui/file/e66e57a7cf24c9c2fc4b874bb68f95e7d1b5d1c8b47cc59a0360145bd7497103/detection

taisunwin.club
/JXDKam/n8NUgjqV9EDcz/
/JXDKam/
/n8NUgjqV9EDcz/
/MIHREE3J9PTE.html

# Reference: https://www.virustotal.com/gui/file/faa38595a083c174ccca2b3be0089dc049b429e9d94a77cc1ed862d395372f2e/detection
# Reference: https://www.virustotal.com/gui/file/0db1d14dc510cf6310e63b3dba2f2168b35dde1066abfa279881b9752b45d49a/detection

181.61.105.211:5965
94.242.225.215:5965
gu3rr4.duckdns.org

# Reference: https://www.virustotal.com/gui/file/61971106dc557667f92a06730da04bc115e62409ca866c4dcee85cc4a9779e9b/detection

222.117.71.35:4782
kupool.ddns.net

# Reference: https://www.virustotal.com/gui/file/d699a445a2c895e19f2177f62633cc47d78fbfec82dfa0231d97915ac43f311f/detection

94.213.15.133:4782
joopman.ddns.net

# Reference: https://www.virustotal.com/gui/file/c14373e35343444055b6ec261909e4318f586076dc8edcff68e24abdd4d92176/detection

209.85.220.41:4782

# Reference: https://otx.alienvault.com/pulse/628f6cef22692a090514d2c0
# Reference: https://www.virustotal.com/gui/file/fe17c2862811d1e06f1ae641d8bdbf22d43ac41ce4b5f2379cc3a9c44cbce827/detection
# Reference: https://www.virustotal.com/gui/file/6a05b061654529b497f2a9d2fba073a0014bf39357c9532640a65eb9f0427892/detection

18.156.13.209:18496
18.197.239.5:18496

# Reference: https://twitter.com/malwrhunterteam/status/1529834806275710977
# Reference: https://twitter.com/1ZRR4H/status/1529838492330647553
# Reference: https://www.virustotal.com/gui/file/6b779ab528a62630fd4fc463bf239e419a165ce208a795e3d2080b7e11d869fc/detection
# Reference: https://www.virustotal.com/gui/file/b8731f50a3521c8a0fe4d8adf418a7fe0e82509863ada12a058744a239b31115/detection

191.102.246.151:4782
carlossosrepete.servecounterstrike.com

# Reference: https://www.fortinet.com/blog/threat-research/threat-actors-prey-on-eager-travelers

opensea-user-reward.serveusers.com

# Reference: https://otx.alienvault.com/pulse/62a09071847b18abceb0ff17
# Reference: https://www.virustotal.com/gui/file/f2f31deba0b7d9454ea559f9d2aac3f950ed67b50832238b5bdc23a46d506ad6/detection

172.105.103.207:8000

# Reference: https://otx.alienvault.com/pulse/62a09071847b18abceb0ff17
# Reference: https://www.virustotal.com/gui/file/c95b837396a5ea55ba9011f2c5a0bc96b304c4b7ed53d9dbfcacf0d3eb67df95/detection

101.35.197.186:1212

# Reference: https://otx.alienvault.com/pulse/62a09071847b18abceb0ff17
# Reference: https://www.virustotal.com/gui/file/3e73d57c7b4b65585caee8e51dac168e2cc81c8adccc17a0defbfdaa90b33e15/detection

62.197.136.18:5150
issymoss.sytes.net

# Reference: https://otx.alienvault.com/pulse/62b06270bc7002209219a66f
# Reference: https://www.virustotal.com/gui/file/c3330bca19b166680e89ec530b6cf61ff68094151c9e9c29c8b65d8b861c3341/detection

113.90.168.53:4782
hkr.sbgarity.tk

# Reference: https://otx.alienvault.com/pulse/62b3057488a075374982aee8
# Reference: https://www.virustotal.com/gui/file/c57eccb8cdaf519a21b68d69e5da20b87fa104f71760b4292bf1a4e33d486cc6/detection

86.213.165.219:4782
oqhuduhzqd.ddns.net

# Reference: https://otx.alienvault.com/pulse/62b3057488a075374982aee8
# Reference: https://www.virustotal.com/gui/file/ae85e9a1f56566c5077b455278fe69c6e6d3c554f2e9820144a5a92ca58be237/detection

193.161.193.99:27414
criss23-27414.portmap.io

# Reference: https://otx.alienvault.com/pulse/62b3057488a075374982aee8
# Reference: https://www.virustotal.com/gui/file/4a3a8abd7f6d5fd9adfb51703085e839781cffc341705123be40b0c146dcf0a9/detection

67.241.61.219:4782

# Reference: https://www.virustotal.com/gui/file/6ca5972971cc19ab4972106dada32ac6b1e0579fe375f96d53cdb8d4c2605514/detection
# Reference: https://www.virustotal.com/gui/file/797e33c7a7b5cc7fbb20100d22bfd7f9c8b8d53cc6a43ff439d70e2c8b6e12af/detection

147.185.221.224:8080
sent-adoption.at.playit.gg
sent-adoption.gb.at.playit.gg

# Reference: https://www.virustotal.com/gui/file/c816c5aa37d63a02d404015f121a80b32240a38185096bd38816ede5c140f6e2/detection

147.185.221.224:8081

# Reference: https://www.virustotal.com/gui/file/baf8acb11b30c5226d6c4e45dfb425bb7c54b2b9b93be5d8b8dbe1c1570ab98b/detection

181.131.218.47:1010
lup1ngreen.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ccfd2a3404d129cd951d34b31da0a4192f3a7ef8567ba6cca4a6e865d6499670/detection

193.37.215.168:81
lols.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/eb9f9715d52a62ee8337f5fd19c370b927c266ae1166eb571117e85f66216343/detection

95.168.191.10:1980
manecraft.giize.com

# Reference: https://www.virustotal.com/gui/file/09d8451dc6facfe27b63b3daf89f47d9f70820a87a68bd630188958b40edf928/detection

94.244.79.91:1674
gewagg.hopto.org

# Reference: https://www.virustotal.com/gui/file/287860ac8293b8e6161ccd7c5eb1fe2187e7593567690dfefb4e73e6a24eaa63/detection

securitychecker1.ddns.net

# Reference: https://twitter.com/r3dbU7z/status/1562698817170178048
# Reference: https://www.virustotal.com/gui/file/953eea5757d78536aa654da079a8f04e87874043d848b938cce9fc9aa85ee83d/detection

179.43.176.64:3124
firecho.cc
pesho.firecho.cc

# Reference: https://www.virustotal.com/gui/file/b62c93ed31a858baa4f55a4178f9f135721f6085ed283dd927416c4a7799242b/detection

139.9.164.7:4782

# Reference: https://twitter.com/1ZRR4H/status/1567012014018420736

venomcontrol.com

# Reference: https://twitter.com/__0XYC__/status/1567524546848395264
# Reference: https://twitter.com/mal_analysis136/status/1567794340944117760
# Reference: https://www.virustotal.com/gui/file/081ff426ca94307aee5afaf02e76e908b8d63cb58c7c8b9df41ac66114612c29/detection
# Reference: https://www.virustotal.com/gui/file/9f216c4205e5ff1b09bc89977794aba855002f1018738b9067ce381ff1e1aee2/detection

mailflix.live
o.mailflix.live
r.mailflix.live

# Reference: https://www.virustotal.com/gui/file/aac2a46338d7fc35f813863709d2622e53fa1a66facefd6133fa69f4d74e1b3b/detection

138.197.189.80:4782
blackid-4782.portmap.io

# Reference: https://twitter.com/r3dbU7z/status/1574428719489368064
# Reference: https://www.virustotal.com/gui/file/cfba9dab9282455d194d30dad7eac6cfc5c8e5d6caf94d631ed2b01a86e3a97f/detection

80.213.5.74:13370
fsociety-router.asuscomm.com

# Reference: https://twitter.com/h2jazi/status/1576735632558153729
# Reference: https://www.virustotal.com/gui/file/a4d6b3bb1e1db59d58bc7369aaf1aa66b281dcf092fb3acdc9c1456fe2a2259a/detection
# Reference: https://www.virustotal.com/gui/file/bfc9ceb09f9b08c934337036b1e3eb2eef6bfe093e0b9818a53a7c071ee5086b/detection

sun.to
sunwin.poker
sunwin.tel

# Reference: https://www.virustotal.com/gui/file/04ab651d6b7fc0b609f40e11556a6283943d5e6e4fe2c92703618820f8973d85/detection

previous-page.mooo.com
pzpr.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5128e6afa475716fd7797663d9bf59058de6bc0196a806b7ef01f7a4ced68c09/detection

193.161.193.99:24143
greenzye-24143.portmap.host

# Reference: https://www.virustotal.com/gui/file/bb6cd5c6e872e027bbc4c9cec7ae10a13b96d9c378b35a4bcb8ff48175b25ce8/detection

193.161.193.99:23825
muzi667-23825.portmap.host

# Reference: https://www.virustotal.com/gui/file/31196e7bbb312d2b7fd27ac5500b1c5fed21337ea27cb09eff008d46d8e2fada/detection

bupinbupin.ddns.net

# Reference: https://tria.ge/221010-t251tacee7/behavioral1

64.44.167.136:54780
qsars.duckdns.org

# Reference: https://www.joesandbox.com/analysis/719000/0/html

45.82.179.76:4499
45.82.179.76:49705

# Reference: https://tria.ge/221022-zw6caaehbp

107.172.206.108:54782
quazar.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3060b7b9ff15cc03cc0bfe11d26f54575064f33792517d2888d0927ed675197d/detection

103.73.161.4:4785

# Reference: https://twitter.com/0xToxin/status/1590640258810454016
# Reference: https://tria.ge/221110-k4kyzsged8/behavioral1

185.216.71.78:64594
dnuocc.com

# Reference: https://twitter.com/r3dbU7z/status/1591569830628712449

81.161.229.133:888

# Reference: https://twitter.com/r3dbU7z/status/1592062685163786240
# Reference: https://twitter.com/silentpush/status/1592226662300946432

95.214.24.140:2022
lilth.duckdns.org
xamlaz.cc

# Reference: https://www.virustotal.com/gui/file/6a01a4470f0290e76bc5c5b9d97a739aa4ca3b3856015f4a852e7b4beb7da05c/detection

158.247.232.56:4444
bofphosalf.net
freemaple.net
bot.freemaple.net
/Crypted_Loader_Zpfdzyxb.png
/Eiybe_Gmmcibip.bmp
/Ifdnxbsr_Saddmwbs.jpg

# Reference: https://threatfox.abuse.ch/browse.php?search=tag%3Aquasarrat

101.43.238.170:60001
103.136.199.131:4782
103.146.23.112:1571
103.146.23.112:2001
103.207.36.123:4782
103.239.247.113:33279
107.150.23.186:8808
107.173.219.111:4782
109.206.241.81:4782
114.132.232.148:4782
121.62.17.105:8848
124.120.53.223:4782
129.232.17.6:4782
13.233.24.14:812
139.99.244.21:4782
14.32.99.105:443
14.32.99.105:808
142.44.252.26:4782
144.126.133.48:4782
15.204.13.245:5000
150.253.77.7:6520
151.80.238.28:6606
154.12.250.38:4782
157.90.51.195:6980
159.69.234.4:4782
160.20.145.136:3392
161.97.148.204:1604
162.19.131.197:4782
173.225.115.99:7702
173.234.155.109:4782
176.159.113.196:4782
179.43.187.19:2326
182.186.84.121:6904
185.112.83.206:4782
185.141.63.211:4782
185.156.172.149:2271
185.165.169.235:8080
185.176.220.169:4782
185.193.127.228:5893
185.241.208.134:7331
185.241.208.134:7332
185.246.221.7:4782
188.255.114.14:4782
193.149.176.156:8080
193.161.193.99:23636
193.161.193.99:28132
193.161.193.99:48452
193.161.193.99:52307
193.161.193.99:53370
193.164.17.129:443
193.47.61.249:1024
195.133.95.3:2874
198.23.212.148:4782
2.133.130.23:443
20.218.120.153:4782
20.223.155.39:8808
207.244.235.47:4782
209.126.2.34:4782
211.118.205.243:443
212.192.241.35:3360
212.252.198.21:1337
213.152.161.240:12482
23.105.131.196:9970
27.72.56.186:9782
3.83.129.253:4747
31.7.63.14:8957
34.125.93.181:8080
35.157.111.131:17136
35.177.17.33:4782
35.79.36.216:812
37.0.11.118:5423
37.0.14.205:4783
37.120.206.86:1738
37.120.210.219:9771
37.48.117.136:4782
39.107.242.96:47820
40.117.196.252:4782
41.102.117.114:500
41.232.207.130:1338
41.234.44.38:1338
41.79.11.214:61032
45.131.109.121:8080
45.133.174.122:4782
45.138.16.148:5050
45.138.16.40:4782
45.138.99.3:3796
45.14.13.20:4499
45.14.50.120:8808
45.242.183.154:5
45.242.237.245:5
45.242.93.241:5
45.61.184.36:5050
46.196.26.192:4784
5.181.166.139:4782
50.54.215.55:4444
51.178.13.102:8324
52.221.201.97:4444
54.37.125.37:1111
54.84.208.91:58466
59.26.93.6:443
59.26.93.6:808
65.0.50.125:22247
67.191.63.138:4781
68.196.160.138:55552
70.70.19.220:4753
74.201.73.122:10600
75.136.204.139:4782
77.136.120.46:4783
77.34.128.25:8080
77.83.242.206:4782
78.142.29.103:7332
80.76.51.137:4782
81.161.229.127:4444
81.68.193.9:4782
84.140.101.75:4782
85.202.169.69:4573
85.202.169.69:5352
87.90.86.173:4782
89.117.21.144:4782
89.117.77.193:4782
89.160.134.202:4782
91.109.176.4:5490
91.109.176.5:5490
91.109.178.7:5490
91.109.180.10:5490
91.109.180.4:2002
91.109.188.2:4782
91.109.188.6:5490
91.109.190.12:5490
91.109.190.2:5490
91.109.190.5:2002
91.121.214.19:1605
91.178.236.90:8808
91.192.100.36:8084
91.209.226.129:4477
92.118.36.201:4782
92.99.178.55:1444
93.177.135.66:4782
96.8.112.20:3355
98.238.116.145:30815

# Reference: https://www.virustotal.com/gui/file/19a5b4f70b2ee4703aa7f74ce9d77bf25456619e21b249c97b07fc04c1b01ed0/detection

15.204.170.24:4782

# Reference: https://www.virustotal.com/gui/file/ddfd3f006ee9fd5bcc433fdf824b444cfabdc9c452ec629bba87e4df69b1d4c4/detection

188.33.191.33:4782
12233332f.sytes.net
12341.ddns.net
sdgfdgfasdgafs.ddns.net

# Reference: https://otx.alienvault.com/pulse/63aadf7d37e91773ab1032f8
# Reference: https://www.virustotal.com/gui/file/facaa2df3532a287e115e7e2c8198f9213d96f241df1a6121be54fab72d0384b/detection
# Reference: https://www.virustotal.com/gui/file/c698e97adc80f1c848dc6cb5786337679579eb09879423a2667b94f5e740c4f4/detection
# Reference: https://www.virustotal.com/gui/file/1336d3b40762f05abf6ef438251a838a5979e062bfb8d36f883dfbaaf1ca402c/detection

176.199.27.160:1337
213.238.177.169:30303
bruno2002.hopto.org
xmarvel.ddns.net

# Reference: https://twitter.com/MalwarePotato/status/1607797904093184000
# Reference: https://www.virustotal.com/gui/file/01e901f17153b749ab6ab8ef54a3581a4553f5d8717006937f9518bdcfc9ba01/detection

194.49.94.75:7272

# Reference: https://www.virustotal.com/gui/file/f5fa16ad33bbe14aff9ae7365956f27a763f129bf48b1d01dad512e37d7b4306/detection
# Reference: https://www.virustotal.com/gui/file/8b699d2973999fe632f268459e4ffb8f44a50971c8645878290260c389fed481/detection
# Reference: https://www.virustotal.com/gui/file/6e27179c94098b1c87ba3bceda8383149a7c40ea77996fd167e3b6a8aa2ba9ee/detection

123123456.hopto.org

# Reference: https://www.virustotal.com/gui/file/0a73126eb4dc9b6be4f17d481259d18ef2ab50c9e45a1fca2ac58c9170b826f8/detection

123minecraftez.hopto.org

# Reference: https://www.virustotal.com/gui/file/e5c50650165f374f9859dfeea8fe51e116391588a62c6f3b4998d5d7e17d9f6f/detection

1337qwert.hopto.org

# Reference: https://twitter.com/binlmmhc/status/1554288021490782211
# Reference: https://www.virustotal.com/gui/file/1ff521308231e8ed13552056b2b7e8a6dd55dda1ea05e9e030562c9b5569b8df/detection

176.223.134.12:55777
fbr-notice.com
secure-domain.link
update.secure-domain.link

# Reference: https://twitter.com/binlmmhc/status/1550414413697798145
# Reference: https://www.virustotal.com/gui/file/0a218fdb059f60327f520e174af1c2567364e4d18d71f9c5be235f981ca828b9/detection
# Reference: https://www.virustotal.com/gui/file/0eeeeb23573a7efd3eb3e7fbd02d88658c46978885357551be3c232b954876cb/detection
# Reference: https://www.virustotal.com/gui/file/54e2ecf7b3cbe0b1dea1dff5557c3f32d7b79696470cfe6240714a679eadd0ff/detection

103.152.255.55:35444
103.152.255.55:40666
176.223.135.130:35444
176.223.135.130:40666
mofa-kpi-update.link
sslupdate.online
updateserver.cloud
cloud.mofa-kpi-update.link
mofa.updateserver.cloud
secure.sslupdate.online

# Reference: https://www.virustotal.com/gui/file/bc0829b6ad1fb678dd6970021587fe3a6d82749e232b533a801d38efa88ededc/detection

000888.ddns.net

# Reference: https://www.virustotal.com/gui/file/fb4183e440ccccf253d31c9a0d3a749f1a86eeb0b40b69da01c868e59935bfb8/detection

109.206.243.198:4782

# Reference: https://www.virustotal.com/gui/file/dac7beb9685a7290e75c0502c97d8819eb7130390729cb4b7c008c1be68a6114/detection

185.163.124.151:4782
direct-trojan.com

# Reference: https://www.virustotal.com/gui/file/d472c72c1c20d8e039a21cb5fcb4bdd7b24cc698bdfd4dc6dfafd735c726fd18/detection
# Reference: https://www.virustotal.com/gui/file/5c8dd9d7ca2cef4d892164f338a1e5500bbd131ff66594719edadd7a21422cc2/detection

141.95.84.40:3047
15.235.53.10:3047
161.129.66.224:3047
38.79.142.66:3047
67.214.175.69:3047

# Reference: https://twitter.com/xorJosh/status/1617549902757642244
# Reference: https://www.virustotal.com/gui/file/0c108995489e9a40512a0ea00f562eae5e2ebc0a484eceb1116daec26b7c47a4/detection
# Reference: https://www.virustotal.com/gui/file/de87a9bc4bdeef0fcd47a0b236e3b5db026ef0d8bf7d54c86d8c1438b0b77d57/detection
# Reference: https://www.virustotal.com/gui/file/df98aaf76671380bfdd88ff302dbf5cbcb3498fcd9ad9b7c393efeaafcccf06b/detection

34.211.199.148:310
senddarkserver.cloudns.nz

# Reference: https://www.virustotal.com/gui/file/9d186a9a96f030f51c55cbf6a43043c26818191bad4ff9cd06f8e3d63a56a561/detection

157.90.51.195:4782
tapwater.ddns.net
tapwater.ftp.sh

# Reference: https://www.virustotal.com/gui/file/1a5d1da64c9b85d4da8804dc0f2561a735a816d75158a3b7c931c04098c69e8b/detection

185.254.96.226:4782
nohosst.ddns.net

# Reference: https://www.virustotal.com/gui/file/d852fc95294c086d341629021e7ea5e750956610b13115e5c5e55987dc6c0ab3/detection

95.216.102.32:4782
ghcc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e664da9f04b865436ed35f2aeb9f5349ea4cec9f48146c3f733d57ab96f34190/detection

192.99.180.181:6574

# Reference: https://www.virustotal.com/gui/file/b40ce6e124b9442dddc5dbc2ad4736054680c71d8a65b4338893279acdf35e8f/detection

20.195.202.119:4782

# Reference: https://www.virustotal.com/gui/file/4245bb44ce88dce8c77ed44dba40629ac6e489767b46521a45cf7f52554ed1ca/detection
# Reference: https://www.virustotal.com/gui/file/d0298b630deda48afe5853031e2459bc7d27bdcc0c383a1a591a4a578b8a747a/detection
# Reference: https://www.virustotal.com/gui/file/7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b/detection

154.12.234.207:4782
207.244.236.205:4782
quasharr.ddns.net
quasharr21.ddns.net

# Reference: https://www.virustotal.com/gui/domain/manbaco2023.duckdns.org/relations
# Reference: https://www.virustotal.com/gui/file/aff9dae78f13a7e13244cf022de01470272b00e4f6961a40a61c9e9c9b8ca7ed/detection

178.73.192.3:1029
188.126.90.20:1029
46.246.14.16:1029
46.246.4.13:1029
46.246.6.21:1029
46.246.6.8:1029
46.246.80.26:1029
46.246.80.7:1029
46.246.82.16:1029
46.246.84.11:1029
46.246.84.4:1029
46.246.86.4:1029
manbaco2023.duckdns.org

# Reference: https://twitter.com/souiten/status/1635568417918042112
# Reference: https://www.virustotal.com/gui/file/e8475fe3ac277d2eda466aaa4d42044d7230ac650b62dde38bf9727514c3ad69/detection

1.234.41.14:2158
115.21.139.222:2158
121.160.252.1:2158

# Reference: https://twitter.com/ScumBots/status/1637923803941556225
# Reference: https://www.virustotal.com/gui/file/54346a7a040be3f21373bf39fd0ed63b9cf06ebd666d6b182de45eeec8a8c08f/detection

148.255.9.59:4782
myhost88.ddns.net

# Reference: https://twitter.com/ScumBots/status/1638538354705694720
# Reference: https://www.virustotal.com/gui/file/f548d4d3dd4866eac8b73b912b2ec15abd29afd8377dbec57094689e306b196f/detection

185.70.104.42:5710
yolo23.line.pm

# Reference: https://twitter.com/peterkruse/status/1638843454330490880

asnyc2020.ddns.net
dart23.ddns.net
dartkom22.ddns.net
qassar22.ddns.net
qassar23.ddns.net

# Reference: https://twitter.com/suyog41/status/1638810812717342723
# Reference: https://www.virustotal.com/gui/file/8a9fdfd577337a30ecb6828922d85096357982f072191e7080fbc346bf69cf4c/detection
# Reference: https://www.virustotal.com/gui/file/b4cf260b4fec0aaf93e8f195b38057da04ca14c74bfbc14a48f1b31287bb8364/detection

142.250.184.110:1234
4.227.0.183:1234
tugastealer.ddns.net

# Reference: https://www.virustotal.com/gui/file/59917b4b4d1a67912f5896bfd274350cb4253cc2bf3c522781fda75ec72debf4/detection

186.6.57.58:4782

# Reference: https://www.virustotal.com/gui/file/947b7652ee3eab63fbf18856d957122fb166ecde863a6ce63d2d72f876929773/detection

http://182.43.124.6
185.238.3.205:5556
/fzyujing/?parameter=
/fzyujing/

# Reference: https://www.virustotal.com/gui/file/8dddf22e96a6a22b5ed6ddcab093052a7f2e5419a8e3edc25eee6fc4a90076f3/detection

185.70.104.58:6440

# Reference: https://twitter.com/r3dbU7z/status/1640106189617766401
# Reference: https://www.joesandbox.com/analysis/1202193

103.123.242.104:8080

# Reference: https://twitter.com/sicehice/status/1638330650733207555
# Reference: https://www.virustotal.com/gui/file/f73ee54fe59edc4ccface49203fe231446ff7cf51cd92c619c22c55817c83802/detection

178.186.181.247:4545
89.23.100.240:8888
ms17server.duckdns.org

# Reference: https://www.virustotal.com/gui/file/117d00bd7a0e08602f499e30151b999d6c13e7d3247769a5041d1cfd27fc7f5c/detection

yourass1.ddns.net
yourass1.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/f865eaf36d15356e81f043a8c94ea116aba70e9912f81679cc70a5b53bb595b0/detection

91.193.75.153:26133
95.214.27.180:26133

# Reference: https://www.virustotal.com/gui/file/593d5422f60594c17ba8e5759f7317b95733315a152c309b14ae8a5c681c867f/detection

104.219.234.167:5552

# Reference: https://www.virustotal.com/gui/file/787f69a34ec652837445cddee0610b367bfc9595514256d56627972db15c9d70/detection
# Reference: https://www.virustotal.com/gui/file/5c07f81e07ae16422f358a0623e921fe653b3d19ae763780478b7b47a44562db/detection

77.84.182.39:54984
0ogama.ddns.net
ogama.ddns.net

# Reference: https://www.virustotal.com/gui/file/406547f8776aa23f90eab4e061c314de753e82d50384612b471b6bbb3c01e52e/detection

213.152.162.79:7176

# Reference: https://www.virustotal.com/gui/file/50e7ddd4d1fd4d6f57e5a39f9e31f20ea967a032ab60458af63bb43c0996b67b/detection
# Reference: https://www.virustotal.com/gui/file/8705d26a491c2be89c1aeb98a7407f6cf71128208fea3f491e579f78282bfad8/detection

176.97.70.164:1111
176.97.70.164:1122
yourmom1.o-r.kr
sexy.yourmom1.o-r.kr

# Reference: https://twitter.com/r3dbU7z/status/1657835312146522112
# Reference: https://www.virustotal.com/gui/file/c8277e88b37878917b46d509324a57846d58e285c3e06720a282e7bb34fd9bc0/detection

5.161.113.202:555
asyfguas.con-ip.com

# Reference: https://www.virustotal.com/gui/file/d969fc2e15743d6d44f477907368f2ebc96cefba20a232861fc7337bfa938d75/detection

45.141.27.208:4780

# Reference: https://www.virustotal.com/gui/file/a465dc617b7717232fc1b455362c992ec0383b6b1fc692ee0c07008acf7e54fa/detection
# Reference: https://www.virustotal.com/gui/file/7943f6f2d61c7740064444908a89dcf669544f043b5451ca70b7ff5ba1b706ad/detection
# Reference: https://www.virustotal.com/gui/file/6c87a7f056d1d58c866403dcbacf41b7ff0d50d0d8b5730b124fb3bd37ba826a/detection
# Reference: https://www.virustotal.com/gui/file/6233466a0b7c4e4875e74699942385e0caae248d6a38c49c6f40036cb07fe560/detection

213.114.67.80:4343
213.185.43.105:4343
213.41.67.10:4343
79.110.49.27:4343
213.114.67.80:5757
213.185.43.105:5757
213.41.67.10:5757
79.110.49.27:5757
frontbrockmepronto.ddns.net
frontbrockmepronto.sytes.net

# Reference: https://twitter.com/Kostastsale/status/1670196417586167809
# Reference: https://tria.ge/230617-16r33sch4z/behavioral2

5.2.68.84:4782
smplt210smlprt.com

# Reference: https://www.virustotal.com/gui/file/1c300da55b692124f8efeda5305d86d4e280bbb785ea87cff49239dc026a7c55/detection

194.147.140.137:7171
indigo22.ddns.net

# Reference: https://twitter.com/StopMalvertisin/status/1678307398250004480
# Reference: https://www.virustotal.com/gui/file/2b2c926a0d587f409f3c7453d3d9018642cdc51abce1752eb2bf395728619576/detection

116.10.184.211:25089
frp-bar.top

# Reference: https://www.virustotal.com/gui/file/d5e6260ad66a6493ac6ea963a765f15e773e8d848261024628e6b9e753b4f603/detection

2.59.222.127:4782

# Reference: https://www.virustotal.com/gui/file/adf16ab5af4f98c0b9ff8f8855f822134620123d6fac197301726821d42e389a/detection
# Reference: https://www.virustotal.com/gui/file/70ad9ebd57e6faeb29e337bf2e9cc0b782aca4be2484f6d9cf97c2f80ae8a1d6/detection
# Reference: https://www.virustotal.com/gui/file/1f639934a5e343014e9b0b0648ac54dff754f1b3426544d8d08f332a9dde3c60/detection

2.59.222.127:6699

# Reference: https://twitter.com/1ZRR4H/status/1681168522494328835
# Reference: https://www.virustotal.com/gui/file/20633717b608c0d4b45f5d3f3bb670d0de9bec4ec346175deaded094acf0eba9/detection

http://45.134.173.182
51.77.167.52:6060

# Reference: https://www.virustotal.com/gui/ip-address/191.89.247.6/relations
# Reference: https://www.virustotal.com/gui/file/038c37cbf6050e8371b9e4ea76498b6297ef4645262fbf14cb25198f0f42b51e/detection

191.89.247.6:3232
dosremdos.duckdns.org
ftlamto.duckdns.org
newnewnewx.duckdns.org
procesojudicial.duckdns.org

# Reference: https://app.any.run/tasks/e08da6bd-7036-4b6d-9734-cb2ba2c5b3af/

174.44.108.32:4782
brorats32932.ddns.net

# Reference: https://twitter.com/sicehice/status/1674057027704836097
# Reference: https://app.any.run/tasks/7af98d54-6d0b-4b66-b870-570cab074a17/

213.181.206.70:4782
45.128.234.78:4000

# Reference: https://www.virustotal.com/gui/file/9c884e2891fd5f783cc0b06f9405b3c2b31a89e2e6ad4a816c93f8e15df200dd/detection

proxmoxfox.xyz

# Reference: https://www.virustotal.com/gui/file/76a7490d3f1b0685f60a417d1c9cf96927b473825a914221f092f82ea112b571/detection

158.247.227.231:4782

# Reference: https://threatfox.abuse.ch/ioc/1149037/

62.171.159.243:9000

# Reference: https://www.virustotal.com/gui/file/8be4c83e8b2dfc0c98e9789d9b230601a953b2ea7159249600eb7a30a02d69fa/detection
# Reference: https://www.virustotal.com/gui/file/58b20a28c808631021a89efa35c9d3fef3b894ff261dfea2659b73138f631444/detection

86.252.133.190:4782
92.170.137.253:4782
hahalol.ddns.net

# Reference: https://www.virustotal.com/gui/file/f0a143ffef3fc4041bf000ea933cfdb565fd5aef8b20a862300c568b4e2aa049/detection

100.42.74.199:10215

# Reference: https://www.virustotal.com/gui/file/0494c152c9f43e1e468d75b5e20d9c6ca2d3ae1f43203557aae0165dc77fadcf/detection

104.220.158.189:4782
wflyhigh.ddns.net

# Reference: https://twitter.com/sicehice/status/1689858299837980672

172.104.142.200:8000
linode.bratbg.eu

# Reference: https://www.virustotal.com/gui/file/777894a1cb29d3cc1b4030000a5fb1d6f63c1af15a3daaddff1faeb142827c7d/detection

177.255.88.161:4782
nanoinformcor1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/182140c6c6f883a3c81a37aa94635d5820dc903c30611c6eeb98ffe01f265198/detection
# Reference: https://www.virustotal.com/gui/file/a338c03483149a3d571177520213e5772d99dac1c53cc026aa848b98c3faf631/detection

37.139.129.231:4782

# Reference: https://www.virustotal.com/gui/file/4b4d40c1dfe7d17bd8350d1e8e23c107495df13be32a19b48eb2ec99c88c2bcb/detection

94.156.6.110:1414
94.156.6.110:6767
greightcethebui.sytes.net
wreightcethebui.sytes.net

# Reference: https://www.virustotal.com/gui/file/d11798f905c57c9067f0a419ccdd7ce2224d666593c8a27932fb31b9d7db9927/detection

139.99.170.18:4444
2121quasar.ddns.net

# Reference: https://www.virustotal.com/gui/file/91dcf38077fc1f6e2f8069bff2a26d3a18a1137a67f6bc7f6893daffd4324436/detection

103.212.81.154:5050
woahimsorich.ddns.net

# Reference: https://twitter.com/Gi7w0rm/status/1693604866185117912
# Reference: https://tria.ge/230821-prkjxacg64/behavioral1

139.99.32.95:8888

# Reference: https://www.virustotal.com/gui/file/1b88154b9cbc3fd6a2b74ebe40e20dca46443133787322ec18eef48508ea491b/detection
# Reference: https://www.virustotal.com/gui/file/4cf4fd4813d8ee148fb1d6f5205f85f5382cbdd6eaafc57d922e881313db800e/detection

45.133.181.50:5558
yankee.m-x.cfd

# Reference: https://threatfox.abuse.ch/ioc/1151967/

83.143.112.45:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-08-29)

193.142.146.212:4782
37.139.129.145:5512
51.79.169.103:9099
8.210.13.235:17099

# Reference: https://twitter.com/fr0s7_/status/1696193596653711509
# Reference: https://www.virustotal.com/gui/file/e8fcddca33d734dc65ce4737193e9f2e9598d7d4d42b85dea91b21435d165860/detection

198.50.218.165:4782

# Reference: https://www.virustotal.com/gui/file/00c63fc205bcb68aa91380c002d862341aaf44c764fced0675efc5dc92beb1e4/detection

192.121.247.8:2000

# Reference: https://twitter.com/Jane_0sint/status/1697249874251813038
# Reference: https://app.any.run/tasks/17924791-8ac4-4b5f-bb07-aa86c369f92d/

185.238.3.205:6669

# Reference: https://www.virustotal.com/gui/file/45386645c84c5dcbd8f889a87cd070d5dc1f7c69a1b6f6f5e62e7fa0a14ab471/detection

46.246.86.18:9887
obtener19.duckdns.org
qsar9887.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1155333/

167.86.88.89:4782

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/DDGroup/historical_C2_Domains.txt

quasharr22.ddns.net
quasharr33.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1155840/

23.94.171.142:4782

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/QuasarRAT/quasar_rat_c2s_found_2020_to_2023.txt

http://176.27.117.213
http://2.56.213.169
http://212.114.52.251
http://52.188.208.85
http://52.188.6.118
http://67.61.188.107
http://99.233.209.178
100.26.221.183:4782
101.99.92.134:4782
102.22.83.110:22649
103.146.23.112:4807
103.20.221.33:4782
103.28.149.74:1604
103.82.249.78:4782
104.129.26.162:4782
104.143.14.52:824
104.158.167.45:4782
104.238.149.39:8080
104.248.133.59:5424
106.12.192.231:4782
106.52.168.175:4782
107.150.23.186:6265
107.150.23.186:6606
107.172.176.138:5556
107.173.219.125:1714
108.46.243.186:666
109.197.195.118:9805
109.205.181.190:232
109.230.215.181:4782
112.154.0.240:3783
112.154.0.240:4784
112.154.0.240:5784
115.186.136.237:4000
118.208.43.110:10000
118.208.43.110:9000
118.208.43.110:9991
118.208.43.110:9992
118.208.43.110:9993
118.208.43.110:9994
118.208.43.110:9995
118.217.52.98:4783
121.254.204.13:4782
124.148.202.22:4782
125.177.149.250:4782
129.146.123.64:4782
13.53.42.228:3389
13.58.157.220:13969
13.69.9.10:5555
13.88.187.244:6241
130.61.179.221:1111
130.61.179.221:6969
134.209.192.40:4782
134.255.220.204:4782
135.181.241.49:111
135.181.241.49:2590
135.181.242.186:111
136.243.111.71:4782
136.244.94.164:3232
138.201.82.113:3615
139.129.54.18:4782
139.99.114.150:4782
141.195.132.52:478
141.255.145.175:1177
146.56.36.222:4782
147.135.106.246:4782
147.135.165.27:4782
147.185.221.180:5050
147.189.170.61:6666
148.251.16.2:4782
149.248.2.160:1488
15.235.109.170:4782
151.60.129.97:6241
154.16.137.62:4782
154.91.228.193:4784
156.226.21.194:2222
156.227.24.184:4783
157.90.253.169:6868
158.247.227.231:4788
158.69.104.33:4782
159.203.168.89:4782
159.223.62.230:4782
161.97.160.48:6241
161.97.160.48:7009
161.97.255.73:4782
162.206.16.208:4782
165.22.3.91:4444
167.71.56.116:22218
167.99.143.40:4782
167.99.143.40:7483
167.99.187.240:2323
167.99.251.51:3693
172.104.148.228:6543
172.193.161.155:8080
172.81.131.113:4744
172.81.131.113:4782
173.162.117.22:4782
173.254.223.66:1111
173.46.85.227:1337
174.139.46.13:4782
176.186.13.236:1337
176.205.43.31:4782
176.27.117.213:7765
176.31.88.156:60001
178.26.157.122:4782
178.33.23.183:60000
178.80.145.59:4782
179.43.140.175:4782
179.43.163.246:4111
179.67.150.63:4782
181.215.176.73:59955
184.105.238.80:4782
184.89.110.95:1776
185.102.170.133:4782
185.136.169.200:2541
185.140.53.137:4449
185.142.55.243:4782
185.153.222.198:7845
185.156.46.173:56156
185.158.139.148:1337
185.163.127.20:61110
185.165.153.138:4781
185.172.131.112:442
185.174.172.24:222
185.177.125.198:222
185.183.35.122:4782
185.183.35.38:4000
185.195.237.203:19068
185.204.1.236:4521
185.213.155.160:57361
185.213.155.161:57361
185.213.155.162:57361
185.213.155.163:57361
185.213.155.164:57361
185.213.155.165:57361
185.213.155.166:57361
185.213.155.167:57361
185.213.155.168:57361
185.213.155.169:57361
185.213.155.170:57361
185.219.134.245:4782
185.222.58.150:4449
185.229.243.34:6241
185.233.92.7:6241
185.236.78.58:4782
185.238.171.234:5552
185.239.242.185:4782
185.239.242.210:4782
185.239.242.241:1738
185.241.208.43:4782
185.241.55.88:4782
185.244.217.92:4782
185.244.36.245:1240
185.246.220.65:5000
185.248.100.84:111
185.250.205.156:4782
185.38.142.185:3138
185.41.187.220:5874
185.62.243.53:6241
185.65.134.175:55498
185.70.185.89:4782
185.81.157.174:4554
185.81.157.202:2001
185.81.157.20:5720
185.81.157.212:62024
185.81.157.41:5050
185.81.157.41:9000
185.81.158.102:2026
186.145.80.169:6666
188.119.45.143:9896
188.227.107.49:8808
188.233.89.107:65001
188.60.70.87:4785
190.2.137.34:222
190.213.54.56:5001
190.213.72.103:5001
190.213.78.26:5001
191.233.198.81:4782
191.96.249.27:4412
191.96.249.69:4412
192.227.223.11:7707
192.228.105.13:8080
192.253.245.243:7812
192.3.213.200:7080
192.3.255.150:5557
192.95.57.120:4782
193.106.214.204:7230
193.107.8.94:2222
193.142.146.212:7777
193.142.146.213:4782
193.142.59.30:4261
193.161.193.99:23029
193.161.193.99:25334
193.161.193.99:36295
193.161.193.99:4782
193.161.193.99:58546
193.161.193.99:64006
193.179.48.98:21
193.218.118.190:2266
193.239.147.158:4782
193.239.147.40:4444
194.39.126.82:4782
194.49.94.22:3306
194.5.98.18:4782
194.5.98.23:4001
194.5.99.16:3049
194.55.224.38:16145
194.60.201.88:4782
194.87.151.87:3332
194.87.197.78:9200
195.154.242.51:4782
195.181.163.32:4782
195.242.219.21:23564
196.74.39.169:4444
198.23.209.187:1604
198.245.116.112:4782
198.46.235.194:1417
198.98.54.161:1616
198.98.54.161:6666
2.136.215.141:6241
2.229.90.226:6241
2.32.188.135:6241
2.56.165.151:4782
2.56.245.127:7707
2.58.56.188:4782
2.59.255.71:64594
20.216.177.36:4782
20.223.161.175:4782
20.52.129.170:5552
20.82.128.5:4444
20.86.129.162:8080
20.86.129.162:9121
202.2.12.13:4782
202.62.53.116:2022
204.152.219.117:1337
205.185.123.144:666
205.185.126.148:666
206.189.92.41:1888
209.126.85.216:9632
210.187.193.230:4040
210.247.245.87:4782
211.101.233.234:1026
212.114.52.171:1605
212.114.52.251:443
212.154.101.132:3000
213.146.188.157:2222
213.166.70.161:4382
213.221.12.222:4782
216.170.119.147:4782
216.172.99.151:8080
216.250.250.94:4788
217.196.96.37:5678
217.23.14.81:4782
217.64.31.3:8848
220.235.40.8:25565
23.105.131.178:7812
23.105.131.186:7812
23.105.131.221:9000
23.105.131.241:9000
23.249.161.211:1714
24.152.37.45:4782
24.152.39.240:5555
3.131.190.22:21630
3.131.190.22:4444
3.133.207.110:10183
3.14.113.26:21630
3.14.113.26:4444
3.141.160.179:21630
3.141.160.179:4444
3.142.169.125:21630
3.142.169.125:4444
3.16.211.183:21630
3.16.211.183:4444
3.17.60.254:5354
3.36.121.136:4782
3.83.242.140:8686
31.210.20.167:5959
31.210.21.106:5553
31.27.54.82:6241
31.37.199.237:6241
31.44.3.55:8808
32.208.85.1:6606
34.141.231.83:812
34.159.18.8:812
34.210.89.142:3333
34.95.169.39:9000
35.139.129.139:6241
35.232.191.196:4782
35.246.76.97:812
37.120.141.165:13832
37.120.206.108:1738
37.123.102.103:1337
37.139.128.94:5000
37.19.210.35:57736
37.201.79.39:4782
37.252.15.153:4782
37.46.150.197:4449
37.72.168.166:4782
37.77.167.230:6241
38.242.128.85:5559
40.71.226.219:1604
40.89.136.80:4782
41.185.97.216:4782
42.194.162.142:6677
45.11.19.156:2222
45.12.253.64:4782
45.130.136.10:4782
45.137.155.118:6678
45.138.16.230:8808
45.140.190.110:25565
45.140.190.110:4782
45.146.254.225:4782
45.146.254.75:444
45.147.229.231:4
45.61.184.125:666
45.74.53.124:4782
45.77.103.131:4782
45.77.20.114:1604
45.77.32.251:6241
45.8.145.254:5984
45.83.122.111:5557
45.83.89.153:50146
46.135.37.166:4782
46.212.113.82:1604
46.249.59.99:111
46.55.218.169:8080
46.65.125.215:4782
46.69.66.108:4782
5.165.98.151:4782
5.180.180.66:4782
5.181.7.60:4516
5.249.163.32:4782
5.255.94.117:5353
5.45.67.165:2874
5.45.76.7:5550
5.61.58.196:4782
5.61.59.192:5552
5.61.61.202:2222
5.61.62.193:5552
5.78.110.192:6050
5.9.226.161:8080
51.12.244.74:3788
51.79.116.37:500
51.79.141.119:10110
51.79.143.7:10110
51.79.197.196:4449
51.83.153.85:5000
51.89.157.248:4782
52.14.81.142:21630
52.14.81.142:4444
52.187.50.165:5552
52.188.202.106:8888
54.188.236.78:22
54.237.208.95:4444
54.237.250.208:5553
54.38.124.51:3760
54.39.198.245:4782
54.39.249.59:4782
64.52.80.152:4782
65.1.228.201:812
65.21.118.113:111
66.135.0.161:5890
66.191.218.42:6606
66.30.2.43:4782
66.60.1.236:4782
66.63.167.164:55640
66.63.167.167:55640
67.213.221.18:7812
67.82.36.97:2404
68.106.199.207:4782
68.114.150.185:6241
68.81.183.145:4867
68.89.69.83:4782
68.94.252.162:4782
69.30.242.214:4782
69.65.7.131:4281
70.70.19.220:4770
70.70.19.220:4782
73.208.109.252:4782
75.127.254.214:4782
75.176.178.56:4782
76.87.74.54:4782
76.95.73.74:2404
76.95.73.74:4782
77.21.216.101:4665
77.241.13.90:6241
78.111.89.20:4782
78.140.241.23:4444
78.140.241.23:7878
78.173.187.50:4782
78.174.118.185:4782
79.134.225.115:5456
79.134.225.15:4449
79.134.225.22:7898
79.134.225.54:4545
79.134.225.69:4782
79.134.225.77:1973
79.58.243.41:6241
79.61.133.217:6241
80.14.190.2:6241
80.3.189.149:25565
80.66.87.55:4782
81.1.158.128:25565
81.68.120.79:4000
82.146.49.191:5544
82.153.167.249:4782
82.202.167.203:5555
82.208.16.140:5893
82.65.150.176:72
83.128.119.37:4782
83.139.245.62:6241
84.234.96.141:1717
84.51.52.166:1976
85.208.139.62:7070
85.215.222.129:65535
85.215.230.159:4700
86.126.172.252:36295
86.126.172.252:4782
86.93.121.149:1783
87.106.127.109:3001
87.121.52.241:4000
87.123.245.14:6241
87.16.77.254:6241
87.180.165.249:4444
87.21.66.231:7777
87.27.183.51:6241
88.103.237.113:4782
88.136.6.160:6598
88.218.17.195:4449
88.230.51.165:9999
89.203.249.64:5893
89.248.163.79:4787
89.46.100.217:7777
89.46.114.24:55442
89.46.114.25:55442
89.46.114.26:55442
89.46.114.27:55442
91.109.178.8:7070
91.193.75.58:5050
91.193.75.72:2024
91.211.251.108:4782
92.115.115.14:4444
92.119.159.23:5000
92.45.199.157:4545
93.114.128.184:4501
93.35.198.71:4782
93.67.13.190:6241
93.83.35.2:4782
94.131.105.161:12344
94.54.179.75:1604
94.62.38.122:3456
94.62.38.122:4782
94.62.38.122:5678
94.76.127.105:88
95.106.44.244:4782
95.156.227.151:4747
95.179.163.245:3152
95.214.24.37:6967
95.214.27.90:8080
95.216.56.1:4782
95.217.102.123:111
95.217.102.123:2404
95.217.140.35:1307
95.24.224.241:4782
95.87.224.123:4782
98.230.131.105:4782
1oxcv1.duckdns.org
2348fh3fhu23289r8932r82f923f9239.dolaprime.cf
2cool4school.ddns.net
2y9ea4pnl01jyr7.xyz
44334333-31579.portmap.io
44334333-37569.portmap.io
75372712.duckdns.org
76t7hh-51153.portmap.host
81747174.duckdns.org
92875782.duckdns.org
aare.linkpc.net
aayush160-34939.portmap.io
across-trap.at.ply.gg
adequatelicensing.at
adobe.mypsx.net
aeronaut-25032.portmap.io
alexdaprophet-48452.portmap.host
alexthedns.com
allahoyunda.duckdns.org
alltogether.hopto.org
amine94522.zapto.org
amiramir8565-20409.portmap.host
amiramir8565-21667.portmap.host
among-publication.at.ply.gg
androidapk.ovh
animeserverarchives.serveminecraft.net
anoverflowtest.duckdns.org
apenasumcarasozinho.hopto.org
api.flawcra.cc
araplarversion9.myddns.me
around-mud.at.ply.gg
asscend-41247.portmap.host
authgg-37696.portmap.host
azee12x-21531.portmap.host
backgb.itmenagerie.tech
baguvix918-26613.portmap.io
bartu1337.duckdns.org
bckp.llcdn.eu
benito77.ddns.net
bettergg.ddns.net
bideo.duckdns.org
billpham2001.hopto.org
billythesailor.ddns.net
blablashitspreading.ddns.net
blackid-30073.portmap.host
blinken-47096.portmap.host
blue-fog-95386.pktriot.net
borat.ddns.net
botnetps.ddns.net
bravo20-38305.portmap.host
buihieu.ddns.net
cable-cp.at.playit.gg
cahe.microsofts.org
camesurvelizerditis.sytes.net
camgreetgroop.sytes.net
camo23-28132.portmap.host
captain1.zapto.org
careeem.duckdns.org
carolina-electro.at.ply.gg
cars-sys.at.ply.gg
ceeloblack.xyz
chasetrades.life
checkme12.freeddns.org
chrome.ath.cx
chromeservers.ddns.net
cloud014.cisconode.com
cloudserv.ddns.net
cochonita.ddns.net
colpatvalidacionnuevo.xyz
connorb839-25244.portmap.host
consider-brochure.at.ply.gg
constantinedev.ddns.info
copresamvom.freedynamicdns.net
cordonhomeservices.com
craciton.duckdns.org
craft.ooguy.com
craftip.gize.com
crafts.mywire.org
craftup.giize.com
craftupdate.mysynology.net
crazysocket.ddns.net
crimify-41189.portmap.host
crossfire17.ddns.net
cryptersandtools.ddns.com.br
cypher-tech.ca
damnbeow.duckdns.org
dark-001.darknethn.com
dark-crystal.at.ply.gg
darkpass3nger.sytes.net
darwin22.ddns.net
dashmicrosoft.duckdns.org
dawideqgames-50634.portmap.io
dedi001.dynip.online
deepfred420.ddns.net
dejvicek-46680.portmap.host
delikral.mywire.org
demasox.ddns.net
devilkahika-35580.portmap.host
dfgfdsaghewedfg-36753.portmap.host
discordid-55700.portmap.host
dixip52.ml
dj8soidh901dsa.sytes.net
djetdixipleshacker.ddns.net
dmmd.ddns.net
dns3.iujoaqstqiywertgpu.club
dolaprime.cf
don567678.ddns.net
donbo13.ddns.net
dopeillusions.hopto.org
drec123-39864.portmap.host
eazyrape.ddns.net
ebkdoagbg.ddns.net
eggsbenedict.onthewifi.com
ehotemnoty.ddns.net
elegant-sky-11289.pktriot.net
elpepemanca.ddns.net
emusteven-50898.portmap.host
erbaevbann3.ddns.net
escanorsan12345-43147.portmap.io
etoneratnik.ddns.net
even-lat.at.ply.gg
executer.duckdns.org
existing-ultimate.at.ply.gg
existing-ya.at.ply.gg
faithovercome.myftp.biz
fdpfdpfdpfdpfdp.duckdns.org
fe9vap4vhlmkuaee.ddnsfree.com
female-boost.at.ply.gg
filipmntz-49636.portmap.host
filmguard.co
firewall.trustedvpnservices.com
fit.microgent.ru
five-frequency.at.ply.gg
fivemilliondollars.duckdns.org
flashy-rake.auto.playit.gg
flawcra.cc
flawgfx-25466.portmap.io
forex.4cloud.click
francaparroz21.hopto.org
france20202.casacam.net
fronadeatcam.publicvm.com
fronadeatcam.sytes.net
fronpeatcam.publicvm.com
froxybuzi.ddns.net
fruitingsuccess.ignorelist.com
fuckdudeifarted.ddns.net
gabrielloginek-33939.portmap.host
gamingserver0001-32952.portmap.io
gamisi.ddns.net
garden-makers.at.ply.gg
getrattedlol.inner574.kro.kr
getrektscrub.hopto.org
gh0008888.ddns.net
glare.hadaw.ml
glitchbuds-22803.portmap.host
googlehostroute.zapto.org
goose1.ddns.net
gregjoe-40894.portmap.host
grivenop.duckdns.org
gyanbu.duckdns.org
gyhbujikmkbu.zapto.org
h6ttr.duckdns.org
hachess-24356.portmap.host
hack4money.myftp.org
hacker.548848.xyz
hadaw.ml
hailrussia.ddns.net
happy-lake-71709.pktriot.net
hasamu.duckdns.org
hermes0.duckdns.org
higradevpn.xyz
hoba7be.ddns.net
holl4-64003.portmap.host
hostmeta.duckdns.org
howmanytimes3.xyz
ickfredkople.ignorelist.com
ihateniggers5544.ddns.net
ildriendfrirotoi.zapto.org
images1.c9z.in
images2.c9z.in
imgay69.ddns.net
international-berry.gl.at.ply.gg
internetip.ddns.net
ipaf3.sytes.net
ipaf4.sytes.net
ipaixincungduoc.hopto.org
ipaixincungok.hopto.org
ipdafds.ddnsking.com
iplytieulong666.hopto.org
iplytieulong777.hopto.org
ippie2.ddns.net
isosex.duckdns.org
j3vahjkvzinaqax.xyz
jereshost.ddns.net
johnprot-42263.portmap.host
jokerbaba-55552.portmap.io
jovydr-30307.portmap.host
joyyatlast.duckdns.org
k-essex.at.ply.gg
kanna917-29754.portmap.host
kas22.kro.kr
kenya6.duckdns.org
kenzo.ddns.net
kf99gkdfk1m2.ddns.net
king10-24873.portmap.io
king34spy.linkpc.net
kolptyubeatcam.sytes.net
krazey-62470.portmap.host
krejzolek-36859.portmap.host
ktsa-62303.portmap.host
kurganec228.ddns.net
labeokunta.dynnds.org
lafeuilee.duckdns.org 
latticino.hopto.org
lenixx.ddns.net
lenystylexd.ddns.net
levinizm.duckdns.org
libermanbrice.freemyip.com
license-boolean.at.ply.gg
life-chase.at.ply.gg
likeboostingsrebulity.ru
littlehf.ddns.net
lively-voice-43447.pktriot.net
localpc.ddns.net
lolmaster91-58005.portmap.host
lolog.hopto.org
lucid-cherry-14510.pktriot.net
mala.malatifs.com
mamitox.duckdns.org
manlap.linkpc.net
manoftheyear-58512.portmap.io
mapleauto77.ddns.net
markphoto.casacam.net
max-cleaner.at.ply.gg
me.hansang.me
mellowfishy-24901.portmap.host
metav.bumbleshrimp.com
mewhenjoj-46726.portmap.host
microhost.hopto.org
microsing.duckdns.org
microsoftbackup.duckdns.org
microsoftdiagnosis.camdvr.org
microsoftedge-57498.portmap.host
microsoftstolewindows.duckdns.org
microsoftteams.ddns.net
microsoftupdatehost.ddns.net
microsotf.ddns.net
microsotf.sytes.net
mictobozo.duckdns.org
midnightt.ddns.net
mill.hopto.org
minecraftgaming009-61323.portmap.io
minecraftpelx.serveminecraft.net
mingrelian.ddns.net
mingrelian.duckdns.org
misor85829-59050.portmap.host
misov.asuscomm.com
misov.kro.kr
mjj.xinbiquge.net
mommerishere.sytes.net
moneypack1101.ddns.net
ms-insider.net
mscompany.dynu.com
mydreambaphomet777.anondns.net
myowndomain394863467.com
myownvm.anondns.net
nadehzdakr.duckdns.org
narereti-40382.portmap.host
natural-sugar.auto.playit.gg
nazimaster123.duckdns.org
nettero.duckdns.org
newqs.ddns.net
news.nerdpol.ovh
niggahunter92-23962.portmap.io
niggeridiot-21095.portmap.host
nortonsys.sytes.net
ntdetect.ddns.net
office365wdswwq.dynu.net
office396.site
oiemaldriendfri.sytes.net
okbro2.zapto.org
onemilliondollars.duckdns.org
oooooojijantejijantes-51415.portmap.host
openvpnservers.duckdns.org
optimization.camdvr.org
p2x4y.xyz
pangrowman.myddns.me
pax.mentality.cloud
perpetual-scale.auto.playit.gg
piko.ddns.net
pimveldhof-60417.portmap.host
plsno.chickenkiller.com
pool-bernard.at.ply.gg
poppinbottles-35305.portmap.host
prem131bn-32385.portmap.io
prem131bn-42895.portmap.io
probka.ddns.net
products-behalf.at.ply.gg
promlag.ddns.net
promlag.hopto.org
prophetab-51441.portmap.io
psotre.dynuddns.com
pubgm.ddns.net
purepanel.duckdns.org
pwhfatal.ddns.net
q.ub3r.in
q1q1qa.ddns.net
qasa.dynamic-dns.net
qassar1122.ddns.net
qrss.duckdns.org
qs.mngbfdghsdfa.xyz
qsar1928.duckdns.org
qsr-4782-cnnctor.software-updates.pro
quaqua.shipnotifica.com
quasar1805.ddns.net
rares14023-51676.portmap.host
rat.softups.info
rat25565.ddns.net
ratpog.ddns.net
rattherattyrat.dynamic-dns.net
ratting-42498.portmap.host
raxterlmao-25631.portmap.host
raxterlmao-44943.portmap.host
reallyweirdshowcase.duckdns.org/
region-madison.at.ply.gg
region-remarks.at.ply.gg
regular-childrens.at.ply.gg
rely.no-ip.biz
requiredhome.ru
retorickjeremiah-25604.portmap.host
revolutionhacker-58546.portmap.io
romapro28937723-49554.portmap.io
router.negro.systems
runtimebroker.ddns.net
rv0day47.ddns.net
ryluniverse.zapto.org
s3.z100.vip
s33s4wqsr-31933.portmap.host
sadasdasd.re
sadax2s.duckdns.org
sadsadsada23.duckdns.org
sakshamgaming-21105.portmap.host
say-development.at.ply.gg
screenrx.ddns.net
scru.bz
scvhosts.duckdns.org
sense-null.at.ply.gg
server1.trustedvpnservices.com
sex55.duckdns.org
sharaga.ddns.net
sherlock457-40088.portmap.io
silktoupinarina.sytes.net
siltoncurl.de
simolife.ddnsfree.com
simplyrat.ddns.net
slowboi123-45036.portmap.host
smtp.yassine-bolard.nl
sommerishere.sytes.net
sparkling-desk.auto.playit.gg
spm.llcdn.eu
spm.llcdn.in
spoofer.sytes.net
staff-defines.at.ply.gg
stoic-dust-35219.pktriot.net
stopman.ooguy.com
studentesting.duckdns.org
studentestingrim.sytes.net
stuhowe.ddns.net
supsup23223-28150.portmap.io
suspicious-morning-30221.pktriot.net
system32.camdvr.org
t3ems3c-23636.portmap.host
tech.blog.net
techandro.duckdns.org
telebit.cloud
testert3.duckdns.org
thanksfam.xyz
thedarkly.linkpc.net
thedroidomania.ddns.net
therealbigbig-58273.portmap.host
thesekidsmans.ddns.net
this.speedfastmaking.com
thisisfakeih2d.ddns.net
thomasfunte.zapto.org
tornoob.me
totalfree.myqnapcloud.com
traffic.hadaw.ml
tumamaesgay.ddns.net
u863495.dynu.net
umcarasozinho.giize.com
undone.sytes.net
unknown2131-55332.portmap.io
updatesvfirefox.hopto.org
updateyahoo.duckdns.org
us-east-63815.packetriot.net
useittoday.ddns.net
user3574com-28920.portmap.host
uzgrode.hopto.org
venomia.ddns.net
vhf.sytes.net
via-introduction.at.ply.gg
vilvaraj-32652.portmap.io
vipeek1990-25013.portmap.host
vlad.myddns.me
vorphdns.ddns.net
vpngoogle.duckdns.org
vpnnid.hopto.org
wallpaperengineu11.ddns.net
war-committee.at.ply.gg
wc-ltc.ddns.net
wh-access.ddns.net
whynobtwlol228.ddns.net
wikidp888.ddns.net
williamkilghore.duckdns.org
windowsdefenderinc.duckdns.org
windowstap.duckdns.org
winserver.anticriminalonline.ru
workday2022.hopto.org
worldwide567678.zapto.org
wrz.ddns.net
x5-7.duckdns.org
xegefi6666-30878.portmap.host
xhidden.ddns.net
xianxe.duckdns.org
xmrstak.ddns.net
xnxx199.dynu.net
xrejat.hopto.org
xsaz3412.duckdns.org
xtestx.ddns.net
xuanhiepip.ddns.net
y33tmaster.ddns.net
yawn593921-38020.portmap.io
yeet.3utilities.com
yerrionminutes.freedynamicdns.org
yitvpfqrobw.duckdns.org
yncesucesss.chickenkiller.com
yohavoc.duckdns.org
youhackernetpaingodxd.duckdns.org
zaidtheboii-50153.portmap.host
zayprostofyrim.zapto.org
zickfreddickople.freedynamicdns.net
zilhd.giize.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-09-15)

147.185.221.16:45918
147.185.221.16:46473
released-caribbean.gl.at.ply.gg

# Reference: https://twitter.com/SarlackLab/status/1703484033743597968

46.1.55.35:4782

# Reference: https://www.virustotal.com/gui/file/79ebe0bdd4a59c52b377ddffa03a8ff2a470eef6304b97c1cb4df65294796cc3/detection

84.54.50.42:1337

# Reference: https://www.virustotal.com/gui/file/eb4f98a7aadc4eb5feceab64bd93b1d9c077510dd3cdb0efb6c733acd45b6e41/detection

141.255.150.209:4782
microsoft-virtualpc.duckdns.org

# Reference: https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
# Reference: https://raw.githubusercontent.com/pan-unit42/iocs/master/venomrat_iocs.csv
# Reference: https://www.virustotal.com/gui/file/c2a2678f6bb0ff5805f0c3d95514ac6eeaeacd8a4b62bcc32a716639f7e62cc4/detection
# Reference: https://www.virustotal.com/gui/file/b77e4af833185c72590d344fd8f555b95de97ae7ca5c6ff5109a2d204a0d2b8e/detection
# Reference: https://www.virustotal.com/gui/file/2a9b2dbd1319db27f844bfef1f23f748cdde7acdada01fa132fab2620e616432/detection

http://67.213.221.18
100.2.131.22:4449
101.99.90.110:4449
103.133.109.108:4449
103.143.249.203:4449
103.155.82.74:4449
103.39.109.47:4449
103.39.109.73:5205
103.45.232.168:4449
103.45.232.168:8001
103.74.174.160:4449
103.8.215.226:4449
104.205.188.45:7772
109.123.237.143:2247
109.123.237.143:4449
109.206.242.138:5353
111.242.191.104:4449
116.8.105.33:4449
119.29.243.12:4449
121.127.233.181:4449
121.175.209.128:4449
121.175.209.128:7000
121.175.209.128:8000
124.222.202.170:4449
125.182.30.132:10
129.226.175.203:7771
141.95.71.203:4449
142.93.137.173:4446
142.93.137.173:4447
142.93.137.173:4449
143.92.56.77:4449
144.138.71.99:6066
146.70.102.14:46146
146.70.50.106:3222
146.70.83.154:4449
146.90.154.118:4449
147.185.221.16:24582
147.185.221.16:32320
147.185.221.212:20487
147.185.221.212:8080
149.102.249.116:4449
151.236.17.83:1111
154.12.82.59:7771
154.37.51.77:9528
154.9.30.146:4449
154.91.85.75:4449
157.143.34.217:4449
157.230.85.119:4449
16.16.29.185:13562
16.170.222.231:13044
164.155.252.71:4449
168.182.176.153:4449
168.182.176.153:8080
173.212.192.72:3434
173.212.192.72:3435
174.126.118.156:4449
177.102.219.156:4449
179.174.51.167:4449
179.174.51.167:5052
18.133.225.113:32431
18.198.77.177:17487
18.198.77.177:4824
185.149.146.79:4449
185.221.67.43:4449
185.223.77.170:4444
185.223.77.170:4449
185.236.228.68:4449
185.24.9.195:555
186.166.246.159:2742
186.166.246.159:4449
187.84.121.138:9556
188.74.83.10:4449
192.71.249.141:1999
192.71.249.141:4444
192.71.249.141:4556
193.109.85.128:4449
193.149.185.42:4545
193.149.185.42:4646
193.161.193.99:21359
193.161.193.99:24224
193.161.193.99:25460
193.161.193.99:27573
193.161.193.99:29332
193.161.193.99:31780
193.161.193.99:33360
193.161.193.99:33913
193.161.193.99:4449
193.161.193.99:4567
193.161.193.99:47758
193.161.193.99:505
193.161.193.99:5251
193.161.193.99:58618
193.161.193.99:61948
193.161.193.99:64084
193.161.193.99:8000
194.147.140.177:45992
194.26.135.222:4449
194.58.33.98:4449
196.115.8.54:1288
196.117.149.187:1177
196.117.149.187:4449
196.127.115.30:4449
2.224.144.191:7771
2.59.255.190:3389
2.59.255.190:4449
20.195.166.5:30120
20.206.160.43:7771
20.231.13.19:4449
200.153.238.94:4449
206.188.197.37:4449
206.189.80.59:22317
206.238.115.213:8888
209.25.140.181:46769
209.25.140.181:50794
209.25.140.194:4444
209.25.140.194:54203
209.25.140.211:21055
209.25.140.211:42417
209.25.140.211:43278
209.25.140.211:5050
209.25.141.181:2309
209.25.141.181:23640
209.25.141.181:29667
209.25.141.181:30093
209.25.141.181:37566
212.102.53.23:37076
212.118.42.249:4449
213.52.130.95:1337
213.52.130.95:9200
216.173.116.182:4449
216.173.116.182:8888
223.165.6.30:3333
24.241.229.173:3389
24.241.229.173:4449
25.48.43.42:4449
27.3.194.101:4449
3.126.37.18:18642
3.126.37.18:4824
3.66.38.117:9512
3.69.157.220:14418
3.69.157.220:4449
31.201.66.248:3032
31.210.55.103:33770
31.210.55.103:42811
31.210.55.103:4449
31.210.55.103:7775
34.118.105.198:1337
36.73.32.123:4449
37.222.178.27:3305
37.222.178.27:3306
37.222.178.27:4449
38.242.147.248:4449
43.138.166.76:6593
43.156.44.109:2345
43.205.210.118:4449
45.123.56.33:4449
45.80.158.189:4449
45.84.199.148:8080
46.153.131.183:6666
47.98.159.180:4449
5.230.54.132:4449
5.83.190.86:4444
65.0.50.125:22796
65.109.58.182:4449
65.2.185.165:4449
67.213.221.18:4449
67.213.221.18:8080
68.219.242.195:4449
68.219.242.195:7000
75.72.252.34:4449
77.123.31.10:7666
77.123.31.10:7777
77.73.69.3:5785
79.110.49.132:4449
79.134.225.8:1234
80.170.28.14:4449
80.26.19.8:4449
80.26.19.8:60238
81.0.246.141:4449
81.0.246.141:8089
82.180.147.87:4446
82.180.147.87:4447
82.180.147.87:4449
85.192.40.255:8080
85.203.34.34:4449
85.209.176.47:4449
85.237.227.56:4449
87.121.221.16:4449
87.132.210.154:4449
88.10.43.57:4449
89.208.103.42:1335
89.208.103.42:4449
89.23.96.35:4449
90.105.113.79:4449
90.132.25.80:4449
91.134.187.22:4449
91.137.64.248:19102
91.223.169.39:1111
94.156.253.109:4449
92.158.105.84:4449
93.114.61.173:4449
94.46.175.132:45807
95.214.26.61:4488
95.214.26.78:5556
95.214.26.97:4449
95.214.26.97:5566
checkblacklistwords.eu
lcf.icu
tym.pw
123zhang123.e1.luyouxia.net
7706d61f16.zicp.fun
baiwu123.e2.luyouxia.net
binzai.e3.luyouxia.net
bj-1.lcf.icu
bomba1.ddns.net
s1567749.e1.luyouxia.net
wnindi9-24224.portmap.host
yk.tym.pw

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-09-25)

104.37.215.1:4782
37.139.129.145:5505
45.66.230.22:4782
46.13.89.41:9999
94.156.6.246:4782
buy-positioning.at.ply.gg
casino-within.at.ply.gg
donbaguette-43001.portmap.io
eain-63347.portmap.io
go-bean.at.ply.gg
supply-dressing.gl.at.ply.gg

# Reference: https://threatfox.abuse.ch/ioc/1167850/
# Reference: https://www.virustotal.com/gui/file/1b539938fa3f6c57bbeb64943b8b3f5d0c5069439081fdda40ef7a12f030874e/detection

103.241.72.56:3650
103.241.72.56:7788

# Reference: https://twitter.com/ScumBots/status/1709543723380379685
# Reference: https://www.virustotal.com/gui/file/8bbf013e1a095f5841b572e0aadc6c3929533b2332620fa470fe5e744b828b91/detection

2.59.254.111:3000

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-11)

http://47.99.65.37
103.136.199.131:4783
104.37.215.1:443
106.14.153.130:4782
107.148.0.61:33389
107.150.23.167:7771
118.163.164.39:11211
139.159.245.157:9816
14.225.204.247:6060
14.225.211.123:22222
14.225.254.32:9090
14.32.78.98:1297
14.32.78.98:1298
141.11.21.40:443
145.239.2.154:4782
146.70.111.19:23140
150.107.2.105:8880
150.107.2.176:8089
150.107.2.177:8089
150.107.2.178:8089
150.107.2.179:8089
150.107.2.180:8089
152.44.217.5:18473
154.116.255.91:4782
154.204.32.72:8089
158.69.133.72:993
159.223.52.78:9898
159.223.52.78:9981
164.68.124.135:8080
167.160.93.196:4782
168.75.105.185:4782
175.16.184.111:8089
180.235.137.45:9443
181.161.3.56:8080
185.186.66.8:443
185.211.160.112:4782
185.81.157.129:8808
188.153.77.109:4781
188.173.86.162:4873
194.180.48.239:2096
194.195.90.102:8080
194.26.192.144:6666
195.154.54.52:4959
197.225.107.178:10000
197.225.107.178:1194
197.225.107.178:18333
197.225.107.178:20122
197.225.107.178:20421
197.225.107.178:2086
197.225.107.178:2096
197.225.107.178:21148
197.225.107.178:21902
197.225.107.178:2376
197.225.107.178:26449
197.225.107.178:29070
197.225.107.178:30005
197.225.107.178:37600
197.225.107.178:38512
197.225.107.178:40590
197.225.107.178:42202
197.225.107.178:44662
197.225.107.178:45734
197.225.107.178:4583
197.225.107.178:46162
197.225.107.178:4687
197.225.107.178:48438
197.225.107.178:48810
197.225.107.178:50001
197.225.107.178:54270
197.225.107.178:54388
197.225.107.178:54563
197.225.107.178:57548
197.225.107.178:58603
197.225.107.178:6006
197.225.107.178:631
197.225.107.178:63131
197.225.107.178:64211
197.225.107.178:7425
197.225.107.178:8010
197.225.107.178:8090
197.225.107.178:8668
197.225.107.178:888
198.167.207.26:19132
198.27.97.83:4782
2.59.132.140:2585
20.49.52.110:1337
202.79.165.140:22336
202.79.165.142:22336
202.79.165.152:22336
202.79.165.153:22336
202.79.165.154:22336
202.95.14.202:7777
202.95.8.26:7777
202.95.8.64:7777
202.95.8.78:7777
212.23.222.42:7331
212.23.222.42:7332
222.187.254.8:53779
222.253.182.185:9090
222.253.182.185:9091
223.155.16.108:23333
223.155.16.110:23333
223.155.16.112:23333
223.155.16.124:23333
223.155.16.126:23333
223.155.16.130:23333
223.155.16.23:23333
223.155.16.37:23333
223.155.16.62:23333
223.155.16.74:23333
223.155.16.91:23333
27.124.4.200:7777
3.6.115.64:11536
3.94.91.208:587
34.146.234.67:5563
35.201.216.249:443
42.51.42.232:5885
43.134.191.126:443
43.139.242.9:56789
43.198.100.247:9443
43.248.185.248:53779
45.40.96.155:5000
45.77.112.196:8080
45.81.39.183:8084
46.105.31.161:8888
47.242.201.16:12199
5.102.157.70:4782
5.43.196.245:35
51.79.169.103:8888
51.79.197.146:23456
54.36.226.168:4444
72.18.130.237:7321
72.18.130.238:7321
72.18.130.48:7321
73.100.102.44:4445
73.198.68.21:4782
74.234.79.25:8080
74.91.117.229:4783
79.110.48.153:4448
8.129.179.142:22
8.210.13.235:12099
8.210.13.235:14099
8.210.13.235:15048
8.210.13.235:15099
8.210.13.235:16099
8.210.82.139:12099
8.210.82.139:14099
8.210.82.139:15099
8.210.82.139:16099
81.230.10.189:8080
86.17.224.159:1604
87.207.183.69:7531
95.179.171.234:4228
etapi.ydzh.ltd
etcs.ydzh.ltd
nebularemote.ydzh.ltd

# Reference: https://twitter.com/abuse_ch/status/1712458006833594589
# Reference: https://www.virustotal.com/gui/file/b9dc56e8f15327270b75cd4499049a19988d681f17691713d1ebd085831aa2a4/detection
# Reference: https://www.virustotal.com/gui/file/ae8c4f72c13b4103e0e977bbf2939a4b97860d1c279994d1b0bd27e00cbf8c2f/detection

185.196.8.30:22
dhlmissed.com
frankmullers.duckdns.org
hta4lyfeohyea.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-12)

150.107.2.104:8880
18.134.53.58:502
185.17.0.246:1419
50.114.32.155:4782
50.47.187.192:4444
51.79.247.142:10000
77.105.147.71:10000
77.78.31.79:9000
89.231.229.174:4782
usacupid.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-13)

150.107.2.102:8880
150.107.2.103:8880
150.107.2.106:8880
163.5.215.216:4788
164.68.124.135:8090
194.26.192.15:4400
87.163.178.244:13832

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-16)

109.205.213.42:4444
122.106.91.202:8888
134.255.254.225:5058
147.185.221.181:22242
193.109.85.197:443
209.25.140.181:22242
209.25.141.181:22242
209.25.143.181:22242
221.151.105.222:8888
23.133.216.181:22242
45.76.215.118:8080
72.140.185.189:8082
80.92.205.4:4782
82.76.223.18:7000
92.96.200.253:993

# Reference: https://www.virustotal.com/gui/file/0aa2b99b072736a522905c80505e8bfb45f545ee4d4f5a2fc02fb8f163b44225/detection

179.13.0.48:9820
berlinqua.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c430f8a55f610a2e7f4e5d68666dddfa69de6631397e8ba352399f8f45601e76/detection

197.202.140.193:4782
61.254.225.112:4782
bgxhost.servegame.com
eliminatorhost.servegame.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-19)

http://194.180.48.114
107.148.73.100:8880
107.191.62.170:8080
139.180.143.130:8080
143.198.143.66:443
148.252.73.49:6606
185.189.12.147:2323
191.82.202.123:2000
193.104.222.171:443
193.104.222.97:443
193.161.193.99:63447
193.164.5.70:4782
193.181.46.162:443
206.237.2.202:13014
223.155.16.127:23333
223.155.16.148:23333
223.155.16.89:23333
24.68.49.45:8080
27.124.4.202:7777
27.124.4.206:7777
31.40.4.149:4444
37.120.137.230:1433
45.152.70.133:2096
50.60.169.138:1337
51.20.181.222:587
51.79.247.142:12345
52.186.179.225:8848
81.0.21.60:5500
85.209.176.202:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/

http://154.39.152.134
http://195.14.123.15
http://34.154.103.104
http://62.234.175.104
103.140.251.156:4449
103.155.82.74:5000
103.42.30.83:4449
103.45.104.76:4449
103.74.102.181:3612
103.74.102.181:4449
107.148.8.5:4783
110.40.229.65:5050
111.180.204.133:4449
115.79.234.191:4449
116.102.233.195:8000
118.70.46.160:8080
121.37.250.168:1990
129.159.101.93:4444
141.98.10.132:4444
147.189.169.29:8890
149.88.73.111:4449
149.88.73.123:4449
149.88.73.37:4449
154.12.84.88:4449
156.254.126.133:4444
171.235.43.31:8000
171.235.43.31:9999
172.252.236.200:30120
172.93.100.82:2565
176.29.69.108:8000
18.194.136.156:4449
185.16.38.41:4449
185.202.173.103:4449
185.221.67.40:4449
185.221.67.40:8000
185.221.67.40:8001
190.28.134.15:4444
190.28.161.89:4444
193.161.193.99:59460
193.34.212.163:4449
193.42.33.190:25
193.42.33.190:4449
194.33.191.171:4449
194.33.191.245:4449
198.44.167.103:4449
198.44.167.106:4449
198.44.167.151:4449
198.44.167.157:4449
198.44.167.193:4449
198.44.167.209:4449
198.44.167.36:4449
198.44.167.3:4449
198.44.167.50:4449
198.44.167.72:4449
198.44.167.7:4449
198.44.167.85:4449
198.44.167.86:4449
198.44.185.105:4449
198.44.185.106:4449
198.44.185.118:4449
198.44.185.13:4449
198.44.185.19:4449
198.44.185.66:4449
198.44.186.111:4449
198.44.186.128:4449
198.44.186.185:4449
198.44.186.216:4449
198.44.186.230:4449
198.44.186.234:4449
198.44.186.245:4449
198.44.186.4:4449
198.44.186.58:4449
198.44.186.71:4449
198.44.186.80:4449
198.44.186.92:4449
198.44.187.42:4449
198.44.187.65:4449
198.44.187.98:4449
202.79.169.84:4449
202.79.169.89:4449
202.79.169.99:4449
203.20.113.225:1433
223.155.16.145:23333
23.26.76.142:2004
27.74.166.36:8000
27.74.166.36:9999
31.214.240.67:4449
37.120.158.245:25045
38.181.35.233:4449
38.181.35.91:4449
4.227.142.4:443
40.67.150.126:2000
43.139.166.120:4449
45.145.230.107:4449
45.145.230.129:4449
45.145.230.130:4449
45.145.230.137:4449
45.145.230.173:4449
45.145.230.209:4449
45.145.230.249:4449
45.145.230.31:4449
45.145.231.135:4449
45.145.231.141:4449
45.145.231.152:4449
45.145.231.185:4449
45.145.231.207:4449
45.145.231.216:4449
45.15.157.71:7777
45.88.180.13:6666
51.195.145.76:8808
64.227.106.181:443
64.40.154.127:8888
79.110.48.153:4449
85.209.176.48:5000
85.239.33.132:4449
86.204.232.82:9090
87.237.54.174:4447
95.214.25.75:4444
95.217.202.238:7777
96.45.174.196:4449
99.103.131.181:2222

# Reference: https://twitter.com/JAMESWT_MHT/status/1717093728525983846
# Reference: https://app.any.run/tasks/50894cc8-5473-4374-bf36-483d4ab05e86/

41.251.117.93:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-10-30)

103.71.154.60:4782
107.148.238.82:4783
120.25.239.25:59823
135.181.235.186:2424
156.206.138.228:5552
172.234.16.71:4444
173.249.3.15:8443
182.92.222.213:7453
185.161.209.202:29185
186.222.176.105:4782
188.134.71.71:5559
191.82.214.147:2000
191.82.223.103:2000
197.61.171.237:5552
211.62.168.220:8080
34.118.240.134:4782
37.216.22.195:888
37.216.22.195:8888
45.76.251.189:4782
45.77.3.60:82
85.215.194.162:8080
87.138.218.214:47000
90.255.152.189:4782
90.255.152.189:8080
servet.site
cameraunitsdtock.sytes.net
cherrywoods-29890.portmap.host
contacto25.stafsolutions.com
filter-ranked.at.ply.gg
msi.servet.site
nancyagoatron.sytes.net
neko10.tplinkdns.com
overheaven.ddns.net
prnt.dedyn.io
prtsc.kozow.com
puryx-64788.portmap.host
qpurrybeatmecamtest.ddns.net
si.servet.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-01)

http://154.12.254.216
http://86.130.196.77
108.165.101.16:4449
109.147.149.255:4782
128.90.108.113:4433
138.59.198.231:5900
149.56.244.237:4782
156.224.27.244:4449
163.5.215.177:4782
172.232.134.145:443
191.254.169.139:5000
191.82.252.100:2000
192.3.86.10:8089
193.149.190.168:4782
209.203.54.177:8000
223.155.16.135:23333
223.155.16.149:23333
223.155.16.150:23333
223.155.16.151:23333
223.155.16.152:23333
223.155.16.153:23333
27.158.214.241:52516
3.129.208.252:587
51.161.107.9:4782
64.176.81.70:9090
64.52.80.114:4782
77.78.31.79:6000
77.91.73.70:1488
81.205.110.65:4783
93.85.85.86:4782
94.156.68.178:4448
makaa.work.gd

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-11-02)

http://18.166.249.66
http://185.62.58.77
http://5.255.117.112
101.43.141.31:4782
103.53.126.17:443
105.111.84.84:288
106.52.95.146:8880
110.92.64.176:4449
115.74.32.60:8000
115.74.32.60:9999
115.74.37.140:8000
124.29.223.193:4443
128.90.108.62:4433
139.99.80.193:8888
141.98.10.132:4449
154.204.181.104:4449
154.204.181.141:4449
154.204.181.146:4449
154.204.181.148:4449
154.204.181.170:4449
154.204.181.200:4449
154.204.181.212:4449
154.204.181.214:4449
154.204.181.225:4449
154.204.181.230:4449
154.204.181.244:4449
154.204.181.246:4449
154.204.181.27:4449
154.204.181.29:4449
154.204.181.5:4449
154.204.181.82:4449
156.224.27.100:4449
156.224.27.103:4449
156.224.27.106:4449
156.224.27.111:4449
156.224.27.114:4449
156.224.27.115:4449
156.224.27.116:4449
156.224.27.117:4449
156.224.27.118:4449
156.224.27.119:4449
156.224.27.121:4449
156.224.27.123:4449
156.224.27.126:4449
156.224.27.129:4449
156.224.27.130:4449
156.224.27.131:4449
156.224.27.132:4449
156.224.27.136:4449
156.224.27.138:4449
156.224.27.140:4449
156.224.27.144:4449
156.224.27.145:4449
156.224.27.148:4449
156.224.27.151:4449
156.224.27.157:4449
156.224.27.161:4449
156.224.27.163:4449
156.224.27.174:4449
156.224.27.182:4449
156.224.27.184:4449
156.224.27.185:4449
156.224.27.186:4449
156.224.27.193:4449
156.224.27.195:4449
156.224.27.197:4449
156.224.27.204:4449
156.224.27.207:4449
156.224.27.208:4449
156.224.27.209:4449
156.224.27.20:4449
156.224.27.210:4449
156.224.27.216:4449
156.224.27.217:4449
156.224.27.218:4449
156.224.27.225:4449
156.224.27.231:4449
156.224.27.232:4449
156.224.27.236:4449
156.224.27.238:4449
156.224.27.241:4449
156.224.27.242:4449
156.224.27.243:4449
156.224.27.245:4449
156.224.27.246:4449
156.224.27.248:4449
156.224.27.24:4449
156.224.27.252:4449
156.224.27.254:4449
156.224.27.36:4449
156.224.27.43:4449
156.224.27.50:4449
156.224.27.54:4449
156.224.27.55:4449
156.224.27.56:4449
156.224.27.57:4449
156.224.27.65:4449
156.224.27.67:4449
156.224.27.68:4449
156.224.27.71:4449
156.224.27.74:4449
156.224.27.75:4449
156.224.27.82:4449
156.224.27.86:4449
156.224.27.87:4449
156.224.27.89:4449
156.224.27.90:4449
156.224.27.92:4449
156.224.27.93:4449
156.224.27.95:4449
156.251.17.118:8880
159.100.22.58:9999
161.129.40.95:4449
171.250.185.235:8000
171.250.185.235:9999
171.250.188.34:8000
172.162.233.190:8081
172.171.254.153:5000
18.166.249.66:443
18.166.249.66:8443
199.127.60.151:4449
20.237.228.234:8000
206.72.202.109:1604
208.64.33.115:4449
212.118.40.208:1200
213.65.233.25:4782
43.128.4.110:8888
43.239.251.54:4449
43.249.193.131:4782
52.188.84.174:3000
64.253.87.233:4433
64.40.154.127:4449
65.108.26.147:25
81.28.6.148:9090
93.123.85.34:4444
93.123.85.37:5060
94.156.68.178:4449
95.214.26.67:7788
95.214.26.88:7788
95.216.249.152:4449
chromewebkit.com
xbhdabss.org

# Reference: https://www.virustotal.com/gui/file/f97675217ef1956a5a089517d69e4285fd2e1b71e049801ec68a459558eef74a/detection

182.30.57.19:4782
lordhades.ddns.net

# Reference: https://twitter.com/suyog41/status/1721402450509226446
# Reference: https://www.virustotal.com/gui/file/244b142725520624d3670e6a229e881ef3bffae6a2978c4bdea58e7d1b412188/detection

209.25.141.229:58369
st-patrol.at.ply.gg

# Reference: https://threatfox.abuse.ch/ioc/1199705/

nathwood23.mysynology.net

# Reference: https://www.virustotal.com/gui/file/303c9b9194ee78feed58a6ba788498a6c8d58d603ab7dacdda550ae8b67fe54a/detection

76.115.134.129:4782
sashok.ddns.net
truely.ddns.net

# Reference: https://app.validin.com/axon?find=91.92.241.80&type=ip
# Reference: https://www.virustotal.com/gui/file/bea1f3abe5f8cacae97c4cd7855465d2878c42d5ee8b2ac99392379792188266/detection

o7lab.me
panel.o7lab.me
puredns.o7lab.me
purepanel.o7lab.me

# Reference: https://twitter.com/JustWantToQ1/status/1725066269664084426
# Reference: https://www.virustotal.com/gui/file/1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a/detection
# Reference: https://www.virustotal.com/gui/file/5fd5a293e7320d340dda0457da801157129c138d09cc359d1edf187b375f8ed7/detection

http://101.34.70.230
http://106.12.126.136
103.30.76.56:8000
45.32.119.154:4782

# Reference: https://www.virustotal.com/gui/file/ef678ca84f44f94d68ed6025669da9990c2590a5bdb8188afa7ed56903bc145f/detection
# Reference: https://www.virustotal.com/gui/file/b42a304941cb1301ddc4429fe3a0b5804460deb1b6571c5827df4134e311c2e0/detection

37.67.159.50:4782
guttshost.ddns.net

# Reference: https://www.virustotal.com/gui/file/7d8f6f1d10938d4cad3743b7b9e50d8283e59a45f0b6096ec1fe8e42c1adad1d/detection

193.161.193.99:40520
ryanpsn-40520.portmap.host

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-20)

108.160.136.232:8088
109.99.113.208:4782
167.71.56.116:22112
178.254.32.61:4782
192.160.0.65:5040
193.42.33.210:4444
201.79.229.55:1000
37.1.207.27:222
43.135.4.224:4789
45.148.244.83:7752
45.61.128.77:5552
54.94.248.37:16018
8.134.72.167:8808
alex123123123141-56619.portmap.host
alibabash.ddns.net
allah420.ddns.net
awoware.ddns.net
bitra12.duckdns.org
boogerbreath-59460.portmap.host
com-overhead.gl.at.ply.gg
dance-civilization.gl.at.ply.gg
dng.dns05.com
dng05vpn.v4.softether.net
douzi.my-wan.de
everyone-substantially.gl.at.ply.gg
fragrant-pine-29547.pktriot.net
frosty-wind-77851.pktriot.net
frp.deitie.asia
johndoenut-37242.portmap.host
memet.ddns.net
mercurial6969-64808.portmap.host
okaa0-35095.portmap.host
rxalp.direct.quickconnect.to
scambaiting2022.ddns.net
schools-softball.gl.at.ply.gg
serverlolxd.ddns.net
short-shortly.gl.at.ply.gg
throbbing-mountain-09011.pktriot.net
tsxrkj.synology.me
visoxd-63447.portmap.host
voicia-net.ddns.net
without-sure.gl.at.ply.gg
youtubevideos.duckdns.org
zeroski.ink

# Reference: https://www.virustotal.com/gui/file/92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7/detection

20.205.140.63:1024

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-21)

http://136.50.194.181
http://194.55.224.24
http://85.98.162.136
136.50.194.181:4782
154.9.253.177:4782
163.5.169.28:8080
180.195.205.155:4782
193.161.193.99:58530
194.55.224.24:9030
195.133.197.3:4782
45.61.174.20:5552
87.159.4.210:4782
88.209.197.253:4782
cock.holyshithowmanydomainandproxycanigettorunmyserver.info
download.adaklab.ir
goldbolbein.chickenkiller.com
goldgoblein.sytes.net
holyshithowmanydomainandproxycanigettorunmyserver.info
infallible-water-17742.pktriot.net
laraloveu-44526.portmap.host
malhost.loca.lt
points-deep.gl.at.ply.gg
quasardeez.ddns.net
riprealworld-55179.portmap.host
rough-night-92806.pktriot.net
sero.definitivlegit.xyz
shipperd69.strangled.net
statics.kozow.com
testrun.ddns.net
topportas.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-11-22)

103.127.80.52:4782
107.148.58.234:4783
107.148.58.236:4783
109.193.93.28:4782
110.148.223.254:4444
139.99.80.193:9999
156.96.154.217:4444
191.205.93.92:5000
191.82.199.36:2000
191.82.205.52:2000
191.82.208.212:2000
191.82.220.234:2000
193.149.176.5:4443
193.161.193.99:27212
194.195.90.102:587
194.33.191.141:8080
194.49.94.45:4789
20.198.253.168:1337
202.79.175.110:7777
223.155.16.118:23333
223.155.16.120:23333
223.155.16.128:23333
223.155.16.139:23333
223.155.16.140:23333
40.81.26.134:8443
43.154.232.190:8441
66.85.157.78:443
77.232.132.25:4999
82.147.85.227:443
85.209.176.33:1337
91.92.246.130:8080
93.177.167.240:4782
95.214.25.72:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-11-22)

103.241.66.73:1604
103.245.236.118:4449
103.82.26.41:4444
115.74.20.156:8000
115.79.230.192:8000
115.79.230.192:9999
115.79.234.191:8000
115.79.234.191:9999
123.99.200.184:2139
134.195.90.8:8890
154.204.181.114:4449
154.204.181.116:4449
154.204.181.137:4449
154.204.181.15:4449
154.204.181.188:4449
154.204.181.197:4449
154.204.181.208:4449
154.204.181.228:4449
154.204.181.22:4449
154.204.181.33:4449
154.204.181.53:4449
154.204.181.71:4449
154.204.181.88:4449
154.204.181.93:4449
154.204.181.94:4449
154.39.250.214:4449
154.39.250.229:4449
154.39.250.234:4449
154.39.250.38:4449
154.39.250.52:4449
154.39.250.85:4449
154.39.251.113:4449
154.39.251.210:4449
154.39.251.246:4449
154.39.251.32:4449
154.39.251.52:4449
154.39.254.105:4449
154.39.254.124:4449
154.39.254.70:4449
154.39.255.109:4449
154.39.255.111:4449
154.39.255.141:4449
154.39.255.152:4449
154.39.255.156:4449
154.39.255.191:4449
154.39.255.199:4449
154.39.255.210:4449
154.39.255.211:4449
154.39.255.54:4449
154.39.255.81:4449
154.39.255.89:4449
154.39.255.94:4449
154.39.255.95:4449
156.253.13.217:4848
158.220.89.102:8940
171.232.3.175:9999
172.93.110.114:4449
176.96.136.233:443
185.239.87.136:4449
188.119.113.105:2323
189.152.202.202:16714
189.152.202.202:222
189.152.202.202:31193
189.152.202.202:49152
189.152.202.202:81
189.152.202.202:8880
193.124.205.20:4449
193.169.245.86:4449
194.9.172.60:4444
206.233.132.110:4449
206.233.132.208:4449
206.233.132.250:4449
206.233.132.27:4449
206.233.132.41:4449
206.233.132.67:4449
206.233.132.84:4449
206.233.132.92:4449
23.133.216.212:54696
3.6.115.64:12480
34.154.103.104:80
45.207.27.4:4449
45.88.180.23:6000
85.209.176.113:4449
85.209.176.184:4449
85.209.176.79:4449
88.99.214.187:4449
91.92.241.80:5000
91.92.248.121:5902
91.92.248.152:6606
91.92.249.88:5000
91.92.251.28:4444
95.214.25.144:4444

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2023-12-04)

http://195.189.98.5
http://20.106.201.109
http://45.147.231.88
http://59.14.118.202
http://8.217.83.74
1.117.42.60:4782
103.13.209.45:4782
103.161.171.127:4782
103.168.19.82:4782
103.71.154.48:4782
103.99.186.113:4782
104.218.54.245:1604
105.106.223.78:9999
106.160.59.123:5468
107.150.23.151:31337
107.172.76.140:8080
107.175.243.138:4782
108.216.43.217:4782
111.90.143.37:1888
116.97.240.228:9981
118.195.235.103:4782
118.69.101.91:38353
121.4.103.222:4782
121.41.5.68:4782
13.127.185.18:4783
138.197.189.80:64191
139.159.221.73:8443
139.224.36.193:8088
139.99.23.9:12024
14.0.24.177:7004
14.224.174.212:4782
14.225.210.209:23456
14.225.210.97:12024
14.225.210.98:12024
141.98.102.227:24482
141.98.112.145:1604
143.92.61.241:7777
143.92.61.243:7777
143.92.61.248:7777
149.28.201.102:82
150.107.2.176:8880
150.107.2.177:8880
150.107.2.178:8880
154.12.30.94:8880
154.7.177.155:9999
154.9.227.45:6774
154.9.254.21:8080
154.9.255.235:8080
159.223.52.78:9783
164.152.19.24:4782
172.232.148.85:443
175.16.147.232:8089
175.16.183.116:8089
178.20.47.103:9090
181.162.142.77:8080
181.162.155.84:8080
181.173.5.64:443
181.173.9.167:443
181.215.229.195:4782
181.41.200.232:3000
185.209.22.155:4782
185.81.157.103:9090
185.81.157.119:1020
187.101.166.245:5000
187.59.65.160:4782
188.240.121.104:4444
188.52.168.200:1337
191.17.127.135:5000
191.17.127.227:5000
191.17.4.199:5000
191.19.176.126:5000
191.82.193.90:2000
191.82.196.250:2000
191.82.201.157:2000
191.82.204.28:2000
191.82.205.177:2000
191.82.235.60:2000
191.82.240.73:2000
191.82.255.52:2000
192.121.102.21:443
192.36.57.216:4782
192.71.172.159:443
192.99.168.172:8082
193.161.193.99:38655
193.233.255.34:4848
194.147.140.134:8081
195.214.251.131:4444
195.3.220.71:1337
196.65.209.44:4444
202.79.175.51:7777
202.79.175.67:7777
206.123.135.125:2008
209.145.59.89:443
211.62.168.220:587
216.164.253.125:3334
216.219.83.227:4443
217.122.155.51:4783
217.208.240.203:25565
218.200.147.248:4782
221.194.78.221:4782
222.211.73.134:5566
222.211.73.134:5666
222.211.73.134:5766
222.253.182.185:4782
223.155.16.102:23333
223.155.16.109:23333
223.155.16.114:23333
223.155.16.115:23333
223.155.16.119:23333
223.155.16.121:23333
223.155.16.95:23333
24.75.175.47:4782
27.124.6.248:7777
27.124.6.249:7777
27.124.6.253:7777
3.129.208.252:443
3.236.102.180:4782
31.220.97.187:443
34.124.177.146:443
35.189.151.174:443
36.134.54.228:8088
37.120.137.230:3333
37.220.121.42:4782
37.59.174.109:4782
38.54.93.184:9999
43.136.181.103:4782
45.133.181.42:4444
45.141.27.187:4782
45.88.186.145:4782
5.161.225.245:8008
5.196.243.97:4782
5.206.224.18:443
50.60.8.72:1337
51.178.91.192:4782
51.20.164.68:4782
51.79.247.142:12000
51.81.105.237:4782
51.81.170.216:4782
54.39.132.191:4782
61.136.187.248:4782
64.176.65.152:443
64.52.80.98:4782
65.108.111.159:4782
65.20.67.1:4782
66.85.157.78:8443
72.140.185.189:8092
73.161.248.136:4782
73.72.200.242:8081
74.234.34.236:1337
77.21.10.243:29041
77.91.122.22:4782
79.245.246.193:13832
8.210.77.104:9443
8.212.132.182:5001
80.232.245.48:4782
82.27.71.69:4444
82.64.82.74:1604
84.247.161.111:443
85.209.176.247:2096
85.215.230.244:4782
85.239.53.165:443
89.117.79.31:2
89.221.224.197:443
91.109.176.8:4782
91.109.188.4:4782
91.161.14.130:5555
91.92.240.98:17444
91.92.246.130:3333
91.92.252.111:37156
91.92.252.152:8084
91.92.252.64:4782
91.92.254.40:4782
92.118.235.253:4545
94.12.43.18:49947
94.131.101.86:4782
94.156.66.76:6969
94.249.3.0:6565
95.46.107.25:23731
96.32.172.60:1194
obsidia.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-12-04)

http://162.33.178.82
http://91.219.148.77
113.207.49.54:9803
115.74.20.156:9999
115.74.22.203:5000
115.74.22.203:8000
115.74.22.203:9999
116.203.221.205:8890
123.99.198.130:14363
124.248.69.97:9999
141.255.150.200:888
141.255.159.128:4444
141.255.159.128:9999
154.39.251.85:4449
154.91.230.40:4449
154.91.230.50:4449
163.5.169.22:1194
171.232.3.175:4449
171.232.3.175:5000
171.232.3.175:8000
185.216.117.91:6666
185.81.157.213:4444
223.155.16.133:23333
45.141.215.178:61240
5.189.175.70:587
5.189.175.70:8080
51.195.251.9:4449
66.135.26.66:10010
74.199.99.167:4783
84.17.34.8:4782
84.32.5.135:8888
91.92.242.235:12330
91.92.248.239:4449
91.92.250.79:8080
91.92.250.80:8080
91.92.251.84:587
94.228.169.198:3000
95.214.26.66:7788

# Reference: https://www.virustotal.com/gui/file/404af34493708c09b1559146696d563013ef2017a2659a2a3b33b3d357d8e3cb/detection

207.32.218.138:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2023-12-07)

http://103.82.26.41
http://154.92.16.100
http://167.88.168.158
http://176.107.190.41
http://176.107.190.42
http://176.107.190.44
http://176.128.134.182
http://176.40.9.245
http://176.96.136.233
http://206.166.251.107
http://4.228.56.58
http://8.218.80.239
http://91.229.76.199
103.142.9.155:6688
103.145.253.245:4449
103.145.87.4:4449
103.164.62.9:6666
103.234.72.81:4449
103.42.30.19:4449
103.42.30.21:4449
103.42.30.30:4449
103.42.30.39:4449
103.42.30.42:4449
103.42.30.58:4449
103.74.106.117:4449
103.82.26.41:4447
103.82.26.41:4449
103.97.177.62:8888
104.161.50.230:1900
104.194.11.45:4449
104.244.72.108:9999
105.75.30.83:1080
105.75.30.83:18029
105.75.30.83:25050
105.75.30.83:48106
105.75.30.83:502
105.75.30.83:62491
105.75.30.83:6362
105.75.30.83:63889
106.119.249.59:14782
107.151.240.126:4449
108.160.140.12:443
111.92.241.2:4449
113.207.105.200:5501
113.207.105.229:4002
113.207.49.39:4001
113.207.49.50:16804
113.207.49.50:4004
113.207.49.53:4002
118.107.41.120:30360
118.195.164.90:4449
124.70.154.188:4449
142.202.242.196:4449
150.158.169.143:4449
154.19.84.98:4449
154.61.77.210:2323
154.91.64.183:7800
161.97.178.199:3435
161.97.178.199:3436
161.97.178.199:3437
161.97.178.201:3435
161.97.178.201:3436
161.97.178.201:3437
161.97.178.207:3435
161.97.178.207:3436
161.97.178.207:3437
162.19.192.193:1555
172.233.153.107:4449
172.233.153.107:5000
172.233.153.107:6000
172.247.132.3:4449
173.212.192.72:3436
173.212.192.72:3437
173.212.219.45:3435
173.212.219.45:3436
173.212.219.45:3437
173.212.224.186:3435
173.212.224.186:3436
173.212.224.186:3437
176.107.190.41:8888
176.107.190.42:8888
176.107.190.44:8888
176.40.9.245:10070
176.40.9.245:1026
176.40.9.245:1080
176.40.9.245:110
176.40.9.245:11778
176.40.9.245:11933
176.40.9.245:1200
176.40.9.245:1231
176.40.9.245:12445
176.40.9.245:1311
176.40.9.245:14120
176.40.9.245:1433
176.40.9.245:15825
176.40.9.245:179
176.40.9.245:1883
176.40.9.245:20000
176.40.9.245:2004
176.40.9.245:20201
176.40.9.245:2079
176.40.9.245:2080
176.40.9.245:21
176.40.9.245:22081
176.40.9.245:2222
176.40.9.245:23515
176.40.9.245:23630
176.40.9.245:2375
176.40.9.245:2376
176.40.9.245:23803
176.40.9.245:24233
176.40.9.245:25
176.40.9.245:26589
176.40.9.245:26808
176.40.9.245:27017
176.40.9.245:27585
176.40.9.245:2761
176.40.9.245:28080
176.40.9.245:28389
176.40.9.245:30617
176.40.9.245:3306
176.40.9.245:33389
176.40.9.245:33416
176.40.9.245:33742
176.40.9.245:33913
176.40.9.245:36401
176.40.9.245:37262
176.40.9.245:4087
176.40.9.245:44369
176.40.9.245:4444
176.40.9.245:44467
176.40.9.245:44861
176.40.9.245:44886
176.40.9.245:46571
176.40.9.245:48742
176.40.9.245:49502
176.40.9.245:51091
176.40.9.245:51178
176.40.9.245:51783
176.40.9.245:52435
176.40.9.245:53346
176.40.9.245:53782
176.40.9.245:54252
176.40.9.245:56323
176.40.9.245:57002
176.40.9.245:57287
176.40.9.245:587
176.40.9.245:5903
176.40.9.245:6000
176.40.9.245:60000
176.40.9.245:6001
176.40.9.245:6003
176.40.9.245:6006
176.40.9.245:60143
176.40.9.245:60402
176.40.9.245:60845
176.40.9.245:61105
176.40.9.245:62577
176.40.9.245:631
176.40.9.245:63523
176.40.9.245:6379
176.40.9.245:6697
176.40.9.245:6918
176.40.9.245:7375
176.40.9.245:8000
176.40.9.245:8010
176.40.9.245:8085
176.40.9.245:81
176.40.9.245:833
176.40.9.245:9205
176.40.9.245:9543
179.14.8.10:5000
181.173.21.240:443
185.16.38.93:4449
185.16.39.245:4449
185.181.10.240:443
185.196.8.237:4449
185.220.204.33:4444
185.36.81.57:4444
190.123.44.233:4444
191.82.212.175:2000
193.34.212.163:4545
193.34.212.163:7777
194.147.140.154:8889
197.146.76.15:11029
197.146.76.15:20086
197.146.76.15:2990
197.146.76.15:37747
197.146.76.15:52224
197.146.76.15:52407
197.146.76.15:54488
197.146.76.15:54564
197.146.76.15:5902
197.146.76.15:7474
197.146.76.15:7801
197.146.76.15:8159
20.188.113.132:9099
20.201.112.166:5522
20.201.119.163:1025
20.213.246.160:8080
20.6.33.42:9099
206.238.199.163:2022
206.238.199.163:4449
207.32.217.107:4449
207.32.217.117:4449
222.186.56.59:10000
27.124.2.230:4449
27.74.166.158:8000
27.74.166.158:9999
34.70.203.199:4449
37.1.208.55:4449
38.165.8.185:4449
4.227.176.184:8080
4.228.56.58:1024
41.216.183.22:4782
43.140.194.203:2233
43.153.109.213:4449
43.156.51.101:4449
43.248.100.54:9881
43.248.140.96:4520
45.131.111.98:7000
45.155.249.230:4449
45.235.49.52:4449
45.74.34.32:1993
45.77.2.11:443
45.88.9.100:4444
47.96.68.247:4449
5.182.87.154:4449
51.38.57.226:4449
51.79.196.122:5000
54.37.237.170:4444
62.234.175.104:45678
62.68.75.236:1602
64.156.192.19:8888
77.105.132.88:9999
8.130.84.209:4449
8.212.49.198:9827
8.218.80.239:8443
83.220.164.105:4449
83.220.164.114:4449
83.220.164.11:4449
83.220.164.2:4449
85.209.176.158:4449
90.255.118.25:9999
91.229.76.199:8888
91.92.241.170:4449
91.92.241.23:4449
91.92.241.65:8080
91.92.242.184:4444
91.92.246.52:4449
91.92.248.39:4444
91.92.251.81:5001
91.92.252.194:4444
91.92.253.13:4449
91.92.253.13:8080
91.92.253.14:8080
91.92.254.174:4444
parlimenmalaysia.myftp.org

# Reference: https://twitter.com/V3n0mStrike/status/1734057776861655431
# Reference: https://www.virustotal.com/gui/file/007e4f5ae18d5c2f0ef3dddeedaaab82ae3cdcefd98943a6b039cd3a7ab596ac/detection

http://45.40.96.164
45.40.96.164:5552

# Reference: https://www.virustotal.com/gui/file/207c4ebe49833b09d5bbf7d05e50851891a29b04b2b413106092e739ce0dcab3/detection

176.131.238.95:4782
jlrat.ddns.net

# Reference: https://www.virustotal.com/gui/file/5629dac4ae6bcdb1d9e9401d338b7af892009a056c8f74ffc2f657341c5df4e3/detection

46.246.4.6:2636
shop27.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b8919fe0360c97ac26161f11d4903450ab3333bf0ae4aaed0223f14562d5d022/detection

42.51.37.132:4782

# Reference: https://www.virustotal.com/gui/file/0d852de86784800a9e7ae5c7f484c9218015bce59dc541a9d38743a0cfe3d29e/detection

178.255.168.49:4782
sfxn.ddns.net

# Reference: https://www.virustotal.com/gui/file/de8bc458f91a587c571d91aa578b1f6dded34aae730e5e38e4bfcf2d9f8e79eb/detection

79.107.199.218:6666
ratsakis.ddns.net

# Reference: https://www.virustotal.com/gui/file/a5d2600ca75a5e5f74209cca81c154b6a4c1d862701107f08f8260479ff6510f/detection

59.92.91.175:2000
allan123.ddns.net

# Reference: https://www.virustotal.com/gui/file/c9c3add3e6318415f298edbc85cded2dc3c232624e53ea9cca7f10a8633e0cc0/detection
# Reference: https://www.virustotal.com/gui/file/7f8e64ce3699ccf9de01c007e6a3692261c9abdbc275b6195f46ba3f0a22eeb1/detection
# Reference: https://www.virustotal.com/gui/file/60c01572944d3605ab9d72e2053fcc6f90cbd54c94cd8b8decff62b12a231b05/detection

90.255.118.25:9999
antilag.ddns.net

# Reference: https://www.virustotal.com/gui/file/3cc84e3c93493e0d6e636db209aedd2f9b1a6f12c30c501adcc8929306917700/detection

23.19.58.161:1982
59.24.3.174:1982
gamestramar.4cloud.click

# Reference: https://twitter.com/noexceptcpp/status/1744349230196523062
# Reference: https://app.any.run/tasks/ccab90e4-7e74-4189-a12c-bbd30a989c42/

91.92.249.238:4789
hts.guru

# Reference: https://www.virustotal.com/gui/file/c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4/detection

49.36.144.228:4782
myhost567098.ddns.net

# Reference: https://www.virustotal.com/gui/file/32aa4355cbed96bc5f95b9e18425fcfa9e3191007e13e2e6764eb8355f276c8d/detection

103.163.182.164:4782
1800hacker.ddns.net

# Reference: https://twitter.com/smica83/status/1744648066563453017
# Reference: https://www.virustotal.com/gui/file/cd0f465d5aafd57b4ec1c13d042b5eaa4643fa46a6143091b8fc61c2650c4484/detection
# Reference: https://www.virustotal.com/gui/file/26a281534bcbf467b36882cb224d95e6f93e6307bd4b6c82cfe16f1c4b30bc32/detection

147.185.221.17:60702

# Reference: https://twitter.com/smica83/status/1744345751314923526

109.55.109.94:4782
91.92.251.28:4782
94.130.171.180:4782

# Reference: https://www.virustotal.com/gui/file/21fcc1fb15a66fc37d5964cfdb02752a84ca15c6625418ad7c6bb06e50b04522/detection

91.92.246.52:4789

# Reference: https://www.virustotal.com/gui/file/ff9e47820f576d830fa635e46f98aab57f8612b7505983c34ff4073e409b947a/detection

23.237.25.134:2557
mylicolalrotloacl.cloudns.nz

# Reference: https://www.virustotal.com/gui/file/c3ea4515299f94d6074da256513ec0270345622a29e6e2b2acface25bf58977e/detection

catlol.ddns.net

# Reference: https://www.virustotal.com/gui/file/e617b795597c13a3447b2070b0e8bc990ce35e52092287daf7ed5053e0e21ec5/detection

194.33.191.246:4782

# Reference: https://www.virustotal.com/gui/file/b50219d19ed3045ea1e40b9d9e01e689db0e9ae90da91f8cf67001e52db74854/detection

185.70.104.90:5080
vmwareupdate.sytes.net

# Reference: https://www.virustotal.com/gui/file/c6b13f981432120bb9800951d77193b16ed90a410c34624cfd8f20d74624b8ae/detection
# Reference: https://www.virustotal.com/gui/file/c64ebcf3cccf0017d6e2cfdedb40b02a833f96bc0cc5c8ebbb56093a0e24531b/detection

nkxingxh.top
xshost.co
cdn.nkxingxh.top
one.nkxingxh.top
cdn.xshost.co
cdn8833.cdn.xshost.co

# Reference: https://www.virustotal.com/gui/file/ddadf75173b62b863d7160b1c61b07978d30fd9033f0ed5a050b03ed945f04f0/detection

94.156.68.145:7639

# Reference: https://www.virustotal.com/gui/file/9e6fa1f280864e2933528e17984bf2d448b003bda842145f34e63cc8a4b337ef/detection
# Reference: https://www.virustotal.com/gui/file/85f3d6263a9c1f9946c68d62217cb0eca348a34ff4b48090f527fd7d438396e6/detection

147.185.221.17:63027
147.185.221.17:63042
szczurson1337.freemyip.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-02-03)

http://47.93.42.113
http://52.81.76.168
125.130.86.64:4782
176.105.230.74:2404
181.162.151.66:8080
181.162.169.153:8080
191.82.204.88:2000
191.82.244.204:2000
194.147.140.138:3320
197.225.117.157:10000
197.225.117.157:102
197.225.117.157:10258
197.225.117.157:104
197.225.117.157:10443
197.225.117.157:1080
197.225.117.157:110
197.225.117.157:11467
197.225.117.157:1200
197.225.117.157:12078
197.225.117.157:1521
197.225.117.157:16196
197.225.117.157:16993
197.225.117.157:18029
197.225.117.157:18049
197.225.117.157:18084
197.225.117.157:2004
197.225.117.157:20547
197.225.117.157:2078
197.225.117.157:2079
197.225.117.157:2095
197.225.117.157:2096
197.225.117.157:2222
197.225.117.157:2323
197.225.117.157:2380
197.225.117.157:24663
197.225.117.157:2701
197.225.117.157:27017
197.225.117.157:27199
197.225.117.157:2761
197.225.117.157:2762
197.225.117.157:28139
197.225.117.157:31763
197.225.117.157:3390
197.225.117.157:33920
197.225.117.157:36043
197.225.117.157:37215
197.225.117.157:40000
197.225.117.157:40329
197.225.117.157:40846
197.225.117.157:43014
197.225.117.157:4369
197.225.117.157:443
197.225.117.157:44332
197.225.117.157:45118
197.225.117.157:45910
197.225.117.157:46207
197.225.117.157:465
197.225.117.157:48148
197.225.117.157:4840
197.225.117.157:4887
197.225.117.157:49451
197.225.117.157:50001
197.225.117.157:50580
197.225.117.157:50956
197.225.117.157:51376
197.225.117.157:5220
197.225.117.157:52200
197.225.117.157:52219
197.225.117.157:5307
197.225.117.157:5432
197.225.117.157:5672
197.225.117.157:57983
197.225.117.157:58603
197.225.117.157:5900
197.225.117.157:5902
197.225.117.157:5903
197.225.117.157:6000
197.225.117.157:60000
197.225.117.157:6001
197.225.117.157:6002
197.225.117.157:6004
197.225.117.157:6006
197.225.117.157:6008
197.225.117.157:61616
197.225.117.157:6362
197.225.117.157:63842
197.225.117.157:64374
197.225.117.157:64611
197.225.117.157:6513
197.225.117.157:6597
197.225.117.157:6667
197.225.117.157:6697
197.225.117.157:6699
197.225.117.157:7170
197.225.117.157:8000
197.225.117.157:8010
197.225.117.157:8080
197.225.117.157:8081
197.225.117.157:8389
197.225.117.157:8443
197.225.117.157:9000
197.225.117.157:9042
197.225.117.157:995
216.238.78.129:8888
35.189.151.174:5563
46.4.80.247:4782
62.234.61.157:6000
64.231.120.66:8080
70.34.252.163:8888
91.92.247.180:57420
94.103.188.123:1111
LaraLoveU-44526.portmap.host

# Reference: https://www.virustotal.com/gui/file/882f7cd8be3aa3c10e8ebec979432cc7e1eeca70578af17a0989aaa8b18dd9e5/detection

74.91.116.12:4784
yaniqueque.sytes.net

# Reference: https://www.virustotal.com/gui/file/60398c306948c297487363d89ca453a9c26de6a209da104f83625c4945a387d6/detection

45.140.146.156:2012

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-02-14)

102.117.152.61:104
102.117.152.61:12920
102.117.152.61:18925
102.117.152.61:222
102.117.152.61:2375
102.117.152.61:2376
102.117.152.61:24828
102.117.152.61:28015
102.117.152.61:4242
102.117.152.61:4444
102.117.152.61:4781
102.117.152.61:5671
102.117.152.61:57963
102.117.152.61:5903
102.117.152.61:6009
102.117.152.61:64741
102.117.152.61:832
102.117.152.61:9036
103.120.201.75:2222
110.139.46.105:36969
114.104.183.54:4782
14.225.210.222:12024
140.82.48.210:2404
142.202.191.144:443
154.61.74.84:4782
159.100.13.218:1606
167.86.86.15:1010
177.138.248.251:5000
181.161.3.29:8080
181.161.6.87:8080
185.16.39.253:8888
185.81.157.203:9090
185.81.157.211:9191
191.82.252.2:2000
193.161.193.99:30650
194.147.140.234:82
204.44.124.8:4782
41.216.183.126:3741
45.195.198.204:443
51.120.7.94:1337
73.186.83.59:4782
79.109.104.58:2222
8.222.144.134:443
82.102.23.170:8081
90.15.154.112:4789
94.156.69.73:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-02-12)

http://5.206.224.7
103.243.180.11:5588
103.243.180.16:5588
103.243.180.7:5588
109.107.182.205:25
147.50.240.224:4444
157.254.165.110:8888
172.233.240.86:8080
178.33.57.149:4444
178.33.57.149:5000
185.238.171.42:4449
194.33.191.239:4449
194.48.251.10:4449
194.48.251.11:4449
194.48.251.120:4449
194.48.251.189:4449
194.48.251.220:4449
195.62.47.154:8890
45.112.205.126:5588
47.92.123.66:1311
85.105.91.170:4449
93.177.100.138:8080

# Reference: https://www.virustotal.com/gui/file/d1f0a56e337a88c174c9ba1fb791fa4b7695c154b0b5720194958e01fc7f9875/detection

179.13.2.154:7720
46.246.12.2:3669
rverde.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d13a25f8c9dcf0cd27369a3889e37cfa00801ccaf9ac0a5da9e68d6b9cade24b/detection

5.181.159.31:3000

# Reference: https://www.virustotal.com/gui/file/705da998431176a202f1f9600344b39cc26b64f1a07bb8e6ca801104f5a79b5c/detection
# Reference: https://www.virustotal.com/gui/file/0b5e901d7b6bf73a49de04a246299490f217793a465e85daf449e1eac3d2902f/detection

147.45.45.6:4782
77.239.90.215:4782
myhostter.ddns.net

# Reference: https://www.virustotal.com/gui/file/02477657cae4d96972360345c7490ed65c7267d1dac1998300ca0d6b0dd1c1c3/detection

45.154.98.24:5008

# Reference: https://twitter.com/IronNetTR/status/1767991209065115925

107.148.237.29:8088

# Reference: https://www.virustotal.com/gui/file/d7ca9ee174e7dc24f37dd3a2a40b8407016db60ff39b637ec994b126c86d69d8/detection

110.164.146.49:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-03-24)

http://83.242.63.186
http://91.92.250.110
103.74.172.161:4444
103.82.24.193:443
104.209.128.50:4444
110.41.44.130:8888
115.74.30.127:4449
115.74.30.127:8000
115.74.30.127:9999
115.79.233.243:8000
115.79.233.243:9999
128.90.108.211:4433
128.90.115.54:4433
136.0.3.250:4444
138.201.82.227:4444
142.202.240.134:5555
147.124.223.16:5903
147.189.161.48:4444
154.23.141.66:4449
172.86.66.57:8080
178.168.70.101:443
181.215.4.52:6000
185.16.39.117:4449
185.229.237.51:2000
192.121.102.205:8888
192.71.172.113:8888
193.222.96.13:4449
193.222.96.14:4449
193.222.96.20:4449
193.222.96.41:4449
193.222.96.86:4449
193.222.96.95:4449
193.222.96.96:4449
193.233.161.246:443
20.169.80.43:4449
202.134.56.2:443
37.114.37.177:4444
37.120.141.144:5903
45.148.4.18:8888
45.148.4.19:8888
45.148.4.76:8888
45.15.157.90:3000
77.91.124.37:3001
82.115.223.46:7777
87.241.217.87:4444
91.151.88.209:4449
91.92.250.116:25
95.216.117.33:8088

# Reference: https://www.virustotal.com/gui/file/e0e633cb04164184e6a203995b73055fc92ffb95d5c816dc98b00150ef6b7394/detection

185.196.10.233:4782

# Reference: https://www.virustotal.com/gui/file/f4f212325a9c4f063b753139e08534a97338d141d088872acefb1be1864d2a49/detection

193.26.115.138:4782
genss.wi-fi.rip

# Reference: https://www.virustotal.com/gui/file/a841a1fe8b81516cb7d07d1bf57d663a26ce360e61f2f90c9dc046e9280bd318/detection

91.92.247.69:3634
94.156.66.151:3634

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-03-31)

http://3.99.102.8
http://94.156.66.151
1.9.177.252:9876
102.117.113.205:1024
102.117.113.205:13946
102.117.113.205:17393
102.117.113.205:18080
102.117.113.205:18084
102.117.113.205:1883
102.117.113.205:2004
102.117.113.205:2053
102.117.113.205:21
102.117.113.205:2380
102.117.113.205:2404
102.117.113.205:2455
102.117.113.205:25516
102.117.113.205:26238
102.117.113.205:26641
102.117.113.205:27049
102.117.113.205:27646
102.117.113.205:29975
102.117.113.205:36249
102.117.113.205:36945
102.117.113.205:389
102.117.113.205:40022
102.117.113.205:40240
102.117.113.205:40961
102.117.113.205:41489
102.117.113.205:4433
102.117.113.205:4444
102.117.113.205:4572
102.117.113.205:465
102.117.113.205:48087
102.117.113.205:5060
102.117.113.205:50995
102.117.113.205:51005
102.117.113.205:53311
102.117.113.205:56597
102.117.113.205:56832
102.117.113.205:57609
102.117.113.205:58603
102.117.113.205:631
102.117.113.205:63696
102.117.113.205:65245
102.117.113.205:7077
102.117.113.205:8082
102.117.113.205:8088
102.117.113.205:8418
102.117.113.205:9142
102.117.113.205:9653
103.200.29.109:1364
103.211.56.154:14782
111.90.143.125:8921
115.134.90.74:9876
124.13.185.107:9876
124.223.48.86:4285
14.225.210.222:12345
143.110.191.139:8080
161.97.162.173:4782
162.222.206.193:4782
166.88.132.139:8443
167.172.87.109:8080
167.86.115.184:443
172.111.148.62:19933
172.111.148.69:19933
172.111.148.93:19933
175.42.16.2:4784
175.42.18.7:4784
177.103.63.67:5000
181.161.15.137:8080
181.161.23.232:8080
181.161.4.80:8080
181.162.129.236:8080
181.162.133.144:8080
181.162.154.20:8080
181.162.168.165:8080
184.107.123.217:1990
185.196.8.93:4782
187.35.7.19:5000
187.59.70.10:4782
189.78.187.139:5000
190.205.241.70:443
191.82.209.29:2000
191.82.215.55:2000
191.82.221.165:2000
191.82.223.234:2000
192.151.244.144:14782
193.161.193.99:41985
194.68.32.11:443
194.87.252.184:4782
195.214.254.161:4444
198.167.201.212:19132
2.58.56.142:4782
20.42.80.234:8080
206.188.197.213:443
209.182.234.69:5000
217.63.234.90:1313
217.63.234.90:4444
220.78.13.217:8080
223.155.16.116:23333
223.155.16.52:23333
223.155.16.58:23333
35.137.73.119:22222
46.39.224.38:9876
47.243.49.209:8443
47.97.41.73:6000
5.102.157.70:4872
5.144.177.67:6090
51.178.185.143:443
69.53.121.162:4782
77.105.219.98:443
8.218.71.187:8443
90.62.10.177:2222
91.134.187.25:3336
91.150.120.14:25565
94.156.66.151:39001
94.156.69.145:7539
94.156.8.44:4787
95.214.53.95:57896
95.216.117.153:4782
liceback.online
the.networkguru.com

# Reference: https://www.virustotal.com/gui/file/f28b2786c5703701a9079db2856dcb018a126039fd605c61ea4a952a50a4c656/detection

186.169.60.158:4782
newrecaerga1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d0cea17545da44187702d901a236a2d8a65bd2b00f176c8092cbc07ff55cdacd/detection

186.169.56.42:4782

# Reference: https://twitter.com/ULTRAFRAUD/status/1776591638640443676

212.192.31.211:4782
37.1.200.46:8081

# Reference: https://twitter.com/karol_paciorek/status/1777391702040351120
# Reference: https://www.virustotal.com/gui/file/b09096b5dc0e3fa723403e1410fc419448e50da1ba8cd26ff16b8d2ea2318c84/detection

45.11.57.24:8888
microsoft-cloud.sytes.net

# Reference: https://www.virustotal.com/gui/file/0277739966e1e3e6af04e7c717f1b49419a682b804668e4db5771ca60d1ac76a/detection

93.123.39.28:8890
venomken.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6d206f1c2b3017e47119f4ba875c155bfd9315d9f89e48e9b1c06eac92838a2d/detection

194.147.140.150:64598
194.147.140.180:64598
194.147.140.218:64598
noerewtionet.chickenkiller.com
rlauseystzits.jumpingcrab.com

# Reference: https://www.virustotal.com/gui/file/0ff056d3958a58c61eeb03b4da7ca452ec168eaafa3a6e1d66f86603cc4eb08e/detection

194.147.140.214:4782
igboat.com
nazi.igboat.com

# Reference: https://www.virustotal.com/gui/file/5b01febfead4b89d06ea792c89fedf765728f39e14c58335b0c173b4859c9a6c/detection

147.78.103.173:4001
94.156.79.26:4001
ppprosyl.con-ip.com

# Reference: https://www.virustotal.com/gui/file/0170695628a300a03e01da6352aa80d75dac69694a65d5962aaf1bdb89191095/detection

94.156.69.145:7310
peurnick24.bumbleshrimp.com

# Reference: https://twitter.com/banthisguy9349/status/1782448247551688808

http://67.191.63.138

# Reference: https://www.virustotal.com/gui/file/7fb40b33056e478db6faa2faa2dcc47d200a8cd2f4a5a3e2c82af84e47f92a87/detection

157.20.182.46:4782

# Reference: https://www.virustotal.com/gui/file/451f300d14014ed0d89f00dde44295272d1672507a449a6106dc450493baa52e/detection

proxybreve.duckdns.org

# Reference: https://twitter.com/suyog41/status/1787452543687336087
# Reference: https://www.virustotal.com/gui/file/1203184ceedf34816263b2ac5b7f4d8360194e93dd5e7d1e10138c1b19e397a8/detection

65.20.67.1:4782

# Reference: https://www.virustotal.com/gui/file/c5758433ef16949fe40b872e9456eed40aa65c0d9c11d78b3a71046781485aee/detection

94.156.67.11:7000
crazydns.bumbleshrimp.com

# Reference: https://x.com/johnk3r/status/1792639637153878106
# Reference: https://www.joesandbox.com/analysis/1444545/0/html
# Reference: https://www.virustotal.com/gui/file/14f9d6d20222a1b9824dd22e6173731b934dfbf1670f8228f740a8a2e3b824f0/detection

outsell.shop
sup-docul.life
samorai-3e912-default-rtdb.firebaseio.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-05-28)

http://1.53.31.3
http://206.237.6.174
1.180.161.186:5000
1.53.107.135:9000
101.237.34.239:4449
102.165.56.50:4449
103.155.93.148:8080
103.74.102.181:2981
106.53.162.128:8080
111.173.116.170:1235
111.173.116.29:8541
111.173.116.82:2312
115.74.21.108:8000
115.74.21.108:9999
118.68.145.50:9000
120.156.150.101:8085
13.77.123.222:4444
139.180.171.110:22841
14.5.161.232:5001
144.202.40.66:7771
149.88.75.162:80
154.62.175.113:8080
156.253.8.166:4444
157.254.223.10:8085
162.238.154.3:8080
171.232.6.144:4449
171.232.6.144:8000
171.232.6.144:9999
171.249.233.153:4449
171.249.233.153:8000
171.249.233.153:9999
171.249.235.149:9999
171.250.188.12:4449
171.250.188.12:9999
171.250.191.217:4449
171.250.191.217:5000
171.250.191.217:5001
171.250.191.217:8000
171.250.191.217:9999
173.248.141.247:8080
173.249.52.60:6000
178.33.57.150:443
179.100.74.227:1024
185.216.70.75:7771
185.224.135.175:4449
185.234.75.77:6666
193.187.175.70:8080
193.222.96.114:4449
193.222.96.114:7287
193.222.96.128:4449
193.222.96.143:4449
193.222.96.143:7287
193.222.96.234:4449
193.222.96.41:7287
194.48.251.169:4449
194.48.251.169:7287
197.82.164.175:8080
222.239.35.173:4449
3.141.40.232:8443
3.21.170.65:4444
37.221.93.29:4444
42.118.144.192:9000
42.119.107.175:9000
45.145.43.183:9955
45.15.156.173:8080
45.152.243.228:9090
45.94.170.223:2000
45.94.170.223:4449
47.76.113.146:8888
5.42.96.86:4449
51.89.158.68:7777
54.224.170.33:443
58.186.236.71:9000
65.191.34.123:6000
82.153.64.23:9999
86.106.87.158:2222
89.88.69.115:8080
91.219.62.14:7777
91.92.244.76:4449
91.92.245.225:1024
91.92.247.34:6667
91.92.250.96:6667
91.92.251.136:4443
91.92.251.153:4443
91.92.251.179:4443
91.92.251.245:4443
91.92.254.21:4443
91.92.255.16:4443
91.92.255.79:4443
94.156.128.246:3323
94.156.64.193:10110
94.156.64.5:4443
94.156.64.90:4443
94.156.65.172:4449
94.156.68.82:4449
94.156.69.161:4443
94.156.69.163:4443
94.156.69.164:4443
94.156.69.166:4443
95.164.3.243:4449

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-05-28)

http://116.204.42.20
http://2.56.245.124
http://216.9.225.194
101.201.150.204:8888
103.143.15.58:8080
103.200.124.194:4782
103.200.124.195:4782
103.200.124.197:4782
103.200.124.198:4782
103.244.226.133:8086
108.46.243.201:8000
111.173.106.171:53779
114.116.244.244:4495
114.132.87.123:4782
117.18.7.76:3782
118.161.124.220:17814
118.161.124.220:34820
118.161.124.220:49078
118.161.124.220:6004
120.26.136.167:8088
121.184.1.234:443
128.199.66.119:18982
13.43.245.50:3306
14.225.208.152:9999
14.225.219.33:9999
141.11.250.181:443
143.92.56.46:4782
143.92.56.50:4782
143.92.56.60:4782
144.217.189.92:3000
147.45.189.30:8080
150.158.139.196:6666
158.247.236.255:443
162.55.134.240:9001
175.137.217.128:9876
175.137.217.143:9876
176.241.64.239:1080
176.241.64.239:15443
176.241.64.239:22206
176.241.64.239:23142
176.241.64.239:25616
176.241.64.239:2762
176.241.64.239:28888
176.241.64.239:30827
176.241.64.239:33786
176.241.64.239:38519
176.241.64.239:44770
176.241.64.239:45835
176.241.64.239:49501
176.241.64.239:5000
176.241.64.239:50995
176.241.64.239:51200
176.241.64.239:51269
176.241.64.239:51601
176.241.64.239:52200
176.241.64.239:5222
176.241.64.239:58603
176.241.64.239:6007
176.241.64.239:6540
176.241.64.239:6697
176.241.64.239:8081
176.241.64.239:8159
176.241.64.239:831
176.241.64.239:8545
176.241.64.239:8636
176.241.64.239:88
176.241.64.239:939
177.102.67.107:5000
177.102.67.47:5000
177.60.122.85:5000
177.60.18.92:5000
177.68.45.3:5000
179.97.173.22:5000
181.162.141.33:8080
181.162.143.146:8080
181.162.156.123:8080
181.162.159.238:8080
181.162.177.31:8080
181.162.177.83:8080
181.162.187.238:8080
184.145.64.157:4444
184.190.169.22:3389
185.174.101.93:6546
185.245.183.74:2
187.35.7.95:5000
189.110.0.220:6653
190.203.52.245:443
191.82.192.124:2000
191.82.201.30:2000
191.82.203.72:2000
191.82.205.54:2000
191.82.213.14:2000
191.82.222.55:2000
191.82.231.105:2000
191.82.238.74:2000
191.82.251.201:2000
192.121.102.103:19933
192.121.102.3:19933
192.144.128.196:1994
193.161.193.99:33547
194.48.251.116:4782
202.188.41.179:9876
202.188.41.26:9876
206.233.128.64:8080
222.108.86.185:8888
223.26.61.23:5121
24.14.83.31:8081
38.15.51.3:4444
45.125.44.78:4782
45.144.30.147:4747
45.88.186.209:4782
47.120.35.45:4782
5.189.159.115:8080
5.44.196.220:9999
50.34.35.222:4444
51.178.195.149:443
51.223.58.16:2404
51.79.171.174:1337
54.193.220.196:4782
54.39.249.55:81
62.60.130.8:10000
8.130.34.199:443
82.69.26.196:5000
83.143.112.27:25565
84.247.179.77:443
84.247.179.77:587
84.247.179.77:8080
86.242.42.233:1194
89.121.228.226:25565
91.206.178.85:9000
91.92.242.80:4782
91.92.251.216:7000
91.92.254.190:8084
92.44.20.216:9733
93.123.85.108:4782
94.102.59.173:58943
94.156.10.119:4782
94.156.66.54:7310

# Reference: https://x.com/RacWatchin8872/status/1798686001587720409
# Reference: https://www.virustotal.com/gui/ip-address/216.238.78.129/relations
# Reference: https://www.virustotal.com/gui/file/d8538711014fff7a8fbe116e2ed843f03497976641d52e949b1c922496f5f52f/detection

http://216.238.78.129
configurationappfnb.myddns.me
totallylegit.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5d9c02ab6658662d0f49974cb9bfbe0728447122402bf9590e96836506a4555c/detection

193.161.193.99:49246
ramzishiabna-49246.portmap.host

# Reference: https://x.com/banthisguy9349/status/1798772817040703722
# Reference: https://www.virustotal.com/gui/file/a86032d9a2f6a503cdfde7062e97c627cd975897a073473fdf84786c2ffbce90/detection

http://20.197.248.195
193.187.174.93:1389
20.197.248.195:4782

# Reference: https://x.com/V3n0mStrike/status/1799590093868380634
# Reference: https://www.virustotal.com/gui/file/d5647dd8dbd73ac01bad18aefafab4b7848861c12eaff129b37f65cfc940575d/detection
# Reference: https://www.virustotal.com/gui/file/187892400b7506d72a75d516ad1afb001478bb29e631553a688f4d181285bf0a/detection

64.42.179.59:62604
mediafire.zip
roblox.airdns.org

# Reference: https://x.com/ValidinLLC/status/1800490293516746806

154.91.230.183:443
154.91.230.197:443
154.91.230.204:443
185.234.72.39:443
191.243.146.124:443
201.210.67.172:443
201.211.212.62:443
92.118.151.64:443
rodiina.online
ip149.ip-51-178-195.eu

# Reference: https://x.com/karol_paciorek/status/1803028724671000850
# Reference: https://www.virustotal.com/gui/file/164e19d48c8d3ed423d4d4c68dff47899f375b6ef4f2a27005562e16b3a8d33f/detection

94.228.166.40:4782

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-06-22)

http://149.88.75.162
http://2.58.84.229
103.102.228.188:4449
107.175.101.155:4449
115.74.42.106:4449
115.74.42.106:5000
115.74.42.106:5001
115.74.42.106:5002
115.74.42.106:8000
115.74.42.106:9999
119.59.98.116:7812
128.90.108.187:4433
13.60.33.38:4449
146.19.213.22:9090
147.78.103.60:2525
148.113.165.11:82
149.0.1.32:4444
172.203.104.154:4444
176.218.133.216:4444
178.20.42.245:4449
192.227.228.34:4782
194.55.186.49:2424
207.154.230.90:4782
212.23.222.48:8888
3.125.209.94:19605
3.68.171.119:11492
38.180.9.93:4782
5.180.155.40:4782
58.87.70.252:4449
87.248.157.236:8080
91.92.246.193:4444
93.123.39.16:4443
94.156.68.38:4444
94.156.8.15:4443

# Reference: https://www.virustotal.com/gui/file/02b24fe75d4bc7d81f50400d38d49358f698c986fa15b417c9b8fcb5d6196d19/detection

91.92.120.127:7702

# Reference: https://x.com/1ZRR4H/status/1804861971944378840
# Reference: https://x.com/V3n0mStrike/status/1804881776201888154

http://181.162.183.41
103.50.33.63:8080
103.50.33.90:8080
158.220.78.17:8080
158.220.78.45:8080
177.54.151.190:8080
181.161.18.110:8080
181.161.30.223:8080
181.161.31.121:8080
181.161.4.220:8080
181.161.9.149:8080
181.162.129.192:8080
181.162.129.89:8080
181.162.132.121:8080
181.162.132.39:8080
181.162.137.174:8080
181.162.143.39:8080
181.162.144.66:8080
181.162.146.165:8080
181.162.147.213:8080
181.162.149.26:8080
181.162.150.167:8080
181.162.151.240:8080
181.162.152.143:8080
181.162.152.196:8080
181.162.154.235:8080
181.162.159.201:8080
181.162.161.66:8080
181.162.165.161:8080
181.162.165.195:8080
181.162.168.131:8080
181.162.170.67:8080
181.162.170.89:8080
181.162.171.121:8080
181.162.172.141:8080
181.162.173.228:8080
181.162.177.53:8080
181.162.180.241:8080
181.162.181.30:8080
181.162.181.48:8080
181.162.183.41:8080
181.162.188.222:8080
185.153.176.89:8080
185.216.73.171:8080
186.11.102.136:8080
201.219.233.115:8080
201.219.233.50:8080
85.190.229.74:8080
85.190.229.79:8080

# Reference: https://x.com/karol_paciorek/status/1806025566229066016
# Reference: https://www.virustotal.com/gui/file/07fc41a684f289e5b0675570db4d99dbd14d19ddc72fe047ba431d356440d020/detection

http://134.122.3.3
134.122.3.3:8888
usps-test-new.codeanyapp.com

# Reference: https://x.com/1ZRR4H/status/1808612777453629461
# Reference: https://www.virustotal.com/gui/ip-address/181.162.170.67/relations

http://181.162.170.67
dragon4.freedynamicdns.org

# Reference: https://x.com/Gi7w0rm/status/1808856821928431812

91.92.253.215:4782

# Reference: https://www.virustotal.com/gui/file/0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1/detection

64.112.85.3:4449

# Reference: https://x.com/johnk3r/status/1812923002692248002
# Reference: https://www.virustotal.com/gui/file/f1f7a98c79875b189193c82da59aa40ce7412e5fdd67d56f9816de437e47908f/detection

http://18.231.251.59
argentina-e4162-default-rtdb.firebaseio.com

# Reference: https://x.com/malwrhunterteam/status/1813812043562004780
# Reference: https://www.virustotal.com/gui/file/307d1fc0c524e69ce8c8fe8aa41d0b5d314fd9553f0138fdf370efacaa2e0c67/detection

5.206.224.223:36920
ainvestinternational.com
/wp_doors/img-files/louzy.db
/wp_doors/img-files/Obbuq.db
/wp_doors/img-files/

# Reference: https://x.com/RacWatchin8872/status/1815072969422508265
# Reference: https://tria.ge/240721-vn9mhswblc/behavioral1

45.66.231.154:4782

# Reference: https://x.com/malwrhunterteam/status/1815666793194643468
# Reference: https://www.virustotal.com/gui/file/e1f7046e743c59807a55926e177b3d2c552b02565582cbb3c19e0710ab49d03a/detection
# Reference: https://www.virustotal.com/gui/file/ace5504608d43d701becbb246abe3c7b0483fd3904c13a5677084e6f98ef0271/detection

http://15.235.61.212
15.235.61.212:5552

# Reference: https://www.virustotal.com/gui/file/587e7b53aa25dc0a426c5e385a275e366b9bc203f7a0027a82dbd7a702909468/detection

workserver.ddns.net

# Reference: https://www.virustotal.com/gui/file/10360cc5cb54e067dd7384b9d3fd96d0359a91fba804a8a88c5d298a0139df85/detection

85.28.47.123:4782

# Reference: https://www.virustotal.com/gui/file/bb6c313c94a7ba44d0712ad96047cec2e63ee5fe9238a08262ef6977f78ce420/detection

94.156.71.212:7000

# Reference: https://www.virustotal.com/gui/file/9ef2a78f139360ed0f31bcdf06e189291e8fae8a9aecef700c6eff0fd085151c/detection

91.92.243.120:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-08-03)

http://5.206.224.223
103.74.101.154:4443
103.97.178.205:2000
104.238.23.4:4449
13.50.4.180:7854
146.19.9.48:4449
147.185.221.20:63331
157.20.182.172:4449
171.232.6.89:4449
171.232.6.89:5000
171.232.6.89:5001
171.232.6.89:5002
171.232.6.89:6000
171.232.6.89:8000
171.232.6.89:9999
171.235.46.230:4449
171.235.46.230:5000
171.235.46.230:5001
171.235.46.230:5002
171.235.46.230:6000
171.235.46.230:8000
171.235.46.230:9999
193.222.96.24:4449
194.55.186.187:4443
194.55.186.188:4443
198.12.66.100:4443
38.181.25.40:8899
39.101.122.168:9000
45.66.231.182:7777
5.206.224.154:4449
5.206.224.223:4449
64.190.113.27:8081
78.142.29.49:4443
79.110.49.25:4449
80.253.246.53:2000
89.213.56.62:3306
91.92.247.147:8080
91.92.250.148:7777
94.156.79.190:4449
95.142.46.3:7000
95.65.165.151:4444

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-03)

117.18.7.76:4044
121.62.23.208:4999
143.92.49.122:4545
154.221.25.6:443
185.208.158.208:5012
191.82.218.149:2000
193.29.13.46:5850
193.42.11.9:4329
202.103.157.162:4999
203.23.128.30:5353
43.135.119.209:8443
45.77.45.120:443
91.92.249.238:443
94.156.64.24:443

# Reference: https://x.com/P4nd3m1cb0y/status/1820508693001052396
# Reference: https://www.virustotal.com/gui/file/deebb3404de726f330e122ea377c38a79970788de0205b3ccfca1b8b99cf0291/detection

103.252.123.135:2424

# Reference: https://x.com/Huntio/status/1820061868515549464
# Reference: https://x.com/ValidinLLC/status/1820777327069913191
# Reference: https://x.com/ValidinLLC/status/1820804580935979186
# Reference: https://app.validin.com/detail?type=ip&find=118.193.68.175#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=118.193.69.19#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/8575051c6515732e6262e9c00b665e0e81736bdeab2253276d4180d89b520f04/detection
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.banner_hashes%3D%22sha256%3Af11f35599c1d42a756a23a544a97d2d1be001f660ba481c41bfc52211a3f8b0c%22

172.86.106.218:443
172.86.106.218:587
172.86.106.218:8080
androidsersdos.cfd
bmfketsd2dvfghe3fvsgfhbefhut4fgsgew2dvfger.cfd
d2hfjvd3fkejghe3dkvmfbnrhdgwh3fbkglrihd3dkvmfh4dje.cfd
dfewu3vidjfkwio2bkfieo48vhdfbbkfie83dbf.cyou
dfkei2vkjfkeio23ifjvdfmgjrugioerk4vjdfje.cfd
djeu2fejwvndfj3gewobkdfmwej3jdfhbmne.cfd
fonmgesdr.top
gafasgkop.online
gafasgkop.shop
gafasgkop.site
gafasgkop.website
gbasolo.online
gbasolo.shop
gbasolo.site
gdrivnam.click
gdrivnam.rest
gdrivnam.shop
gdrivnam.site
gghoimi.hair
gghoimi.site
gghoimi.website
gjomopop.online
gkolpo.store
gmbolkol.online
gmlouop.online
gmlouop.rest
gmlouop.site
gmpamak.click
gmpamak.online
gmpamak.rest
gmpamak.shop
gmpamak.site
gnasdoin.online
gnasdoin.rest
gnasdoin.site
gnjoiup.online
gnjoiup.shop
gnjoiup.site
goloplop.store
gskoplp.site
gtoresdom.online
gtrasdoi.site
gversnads.bond
gversnads.cyou
gversnads.homes
gversnads.shop
hbssdaswfq.top
hjeuv2idfvkfdlej3gkeibjdfnem3dfhvbgh3hfdvbfd3dfv.cfd
jieurfh2vlfrji3vkfglhrifo3fdlvk4kld.cfd
kge3vjweovifj4gjerbmfgjri3fjdje.cfd
kjbfue2sdjvndfheg3sdfjejvnsdkgjeriu3kfjvierjfhuh3df.cfd
kjewivoifgjeflsdkvnfj3fjdfjgbvjbnfe2dvfd.cfd
kjfue2vjhfejdjs3jvnrhwje3jvdhef.click
nafimalo.online
nafimalo.site
nagolm.online
nagolm.rest
nagolm.shop
nagolm.site
namsoiep.quest
namsoiep.shop
namsoiep.site
naqwicudte2cifke8dvkro.cfd
njhdue2uv847vdjfueigjehvsdvmer8acd.cfd
qvkdei2foep3vdfelgop2dvdfe.cyou
suw2vndjwivkdfw3sjvnfh4dhvwoifjvmfke2sjnvhfje.cfd
vbfgeiosdghe12fvnfhrjeddfyet2vndfjeufgisdoew2dfefggerw.cfd
vbhwy2sdlvkfie3djfheubdfmej3sdlvkfiro.cfd
vjhuiefvsdfiowekg2vjdfkei3vhdfejfg.fun
w2kvfje3fieogjsvnfhwjdsvjfhru3kvjdfhe3vmdnfeh2dvd.cfd
wivodfje2jbhfjr30vr84hbfkrjguer3gvnbmfgjhrhse.cfd
wjgve2djvde3vkdfejvhd3ifur7fhvdf3.cfd

# Reference: https://app.validin.com/detail?type=ip&find=101.36.114.110#tab=resolutions

gnherovdfersfe.cfd
gnjdfhesckdfe.cfd
gsoiejbhfnehjsf.cfd
gwuivovfjeacv.cfd
naginmio.cyou
namvejnmrkl.site
nbdjhswx.skin
nboprndejiodf.cfd
ncmkieobmxksdfg.mom
nfoikoelvod.cfd
ngheufgagwdvd.cfd
nhgeidfjehegsew.cfd
nioivklos.fun
nioskioem.pics
njduviekjgjskvbdem.cfd
njfebmdjieubhdfe.pics
njhdueivbdheloscv.cfd
njhfeuvmbfiej.cyou
njueifjvdfewlbkfieo.site
nkieokbdwlogkje.cfd
nkieovldfkgjeihsd.click
nklscdfoie.online
nmjiowvlo.cfd
nmxznjsw.homes
nuiweovskeifsw.cfd

# Reference: https://app.validin.com/detail?find=118.194.249.29&type=ip4&ref_id=c66b4b875fb#tab=resolutions

whefulsnfheg.cloud
imap.whefulsnfheg.cloud
mail.whefulsnfheg.cloud
pop.whefulsnfheg.cloud
smtp.whefulsnfheg.cloud

# Reference: https://app.validin.com/detail?type=ip&find=118.194.248.30#tab=resolutions

ndioweighswivmdfg.cfd
ngoiesvldoiegdbde.cyou
nhjdegjuieosv.cfd
nhjexsjijfkerge.click
njhuiehfjsdgekd.cfd
nkfieovbsheufie.cyou

# Reference: https://app.validin.com/detail?type=ip&find=152.32.243.250#tab=resolutions

naraesdoera.cfd
ndioieruwgsda.cfd
nfioeslbkfjei.cfd
njhuegjeuisw.cfd
nnhdywuvgfeiso.cfd
nuieofpoieudf.cfd

# Reference: https://x.com/malwrhunterteam/status/1821801130269040785
# Reference: https://www.virustotal.com/gui/file/fa384a11792270eb9d8599aa1c72e504f2c6552683cd4fe919c0160188f10fa9/detection

liaron.com
ttasstsat.tech

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-10)

http://172.207.72.220
http://45.94.31.65
102.117.113.205:13999
102.117.113.205:1492
102.117.113.205:39109
102.117.113.205:4125
102.117.113.205:4721
102.117.113.205:47800
102.117.113.205:49502
102.117.113.205:8080
103.136.199.168:4783
106.54.209.24:4782
107.172.159.50:6000
109.199.104.52:4782
123.113.8.123:4285
124.222.109.145:4782
124.71.225.72:4782
14.225.208.152:8888
14.225.210.222:20242
14.35.42.91:8888
141.134.11.187:4782
146.190.103.72:8080
147.45.44.138:4782
149.28.201.31:82
152.136.159.133:5168
154.92.17.171:443
159.223.52.78:9782
172.86.110.12:8080
177.138.248.85:5000
179.181.103.213:4782
18.134.234.207:3306
181.161.13.84:8080
181.161.2.204:8080
181.161.30.246:8080
181.162.178.142:8080
189.38.106.100:443
190.9.208.167:8081
191.17.96.243:5000
191.82.250.214:2000
192.121.102.70:443
193.107.109.76:54664
193.124.33.125:4782
193.124.33.141:4782
193.142.59.109:6546
193.181.41.109:443
193.233.113.77:2323
194.147.140.176:2222
194.163.171.74:443
198.27.97.88:919
209.126.7.24:4444
213.176.29.29:10000
27.124.46.142:8080
27.124.46.227:8080
27.124.46.236:8080
37.97.36.121:25565
38.242.236.116:443
40.81.17.50:8080
45.84.198.9:30120
45.85.250.180:4782
5.189.175.70:443
5.44.252.181:4782
50.34.48.26:4444
51.103.213.60:8080
8.210.77.104:4086
81.68.190.186:4782
82.157.51.56:4782
83.229.69.9:8080
84.247.179.77:25
88.184.9.216:4444
91.225.219.120:4782
94.156.66.50:82
94.156.69.145:7000
94.156.69.158:57420
172-232-134-145.ip.linodeusercontent.com
174.151.189.35.bc.googleusercontent.com
applereports.ddns.net
ec2-3-129-208-252.us-east-2.compute.amazonaws.com
goofy-satoshi.142-202-191-144.plesk.page
vistc.com
vmi1501059.contaboserver.net
vmi1502954.contaboserver.net
vmi1502970.contaboserver.net
vmi1528797.contaboserver.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-08-10)

http://51.161.12.215
http://91.238.103.153
103.176.169.120:4449
116.102.238.236:5000
116.102.238.236:5001
116.102.238.236:5002
116.102.238.236:6000
116.102.238.236:8000
116.102.238.236:9999
157.20.182.167:4449
157.20.182.226:4449
34.45.30.242:443
45.66.231.202:5000
5.9.101.133:22
51.161.12.215:443
87.19.18.186:1927
91.92.244.207:2025
91.92.244.207:4449
watermellon.site
gho0kgklj.watermellon.site

# Reference: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

anachyyyyy.duckdns.org
drvenomjh.duckdns.org
xoowill56.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-18)

121.169.59.210:443
121.169.59.210:808
14.225.219.33:8888
141.95.84.40:35
147.45.45.65:2323
149.28.156.134:25
157.254.223.251:1337
166.88.61.138:22255
172.103.135.112:8888
172.86.112.30:8081
177.172.52.195:5000
181.161.11.94:8080
181.162.184.197:8080
184.145.64.242:4444
191.82.218.55:2000
193.161.193.99:34180
194.26.192.177:4782
204.12.245.100:8443
210.1.226.236:443
223.155.16.187:23333
223.155.16.190:23333
24.11.130.108:25565
31.220.101.25:8000
45.147.228.196:4782
47.236.182.237:4782
59.14.118.202:443
62.234.21.225:443

# Reference: https://x.com/marsomx_/status/1825537918087385185
# Reference: https://www.virustotal.com/gui/ip-address/15.228.186.93/relations
# Reference: https://www.virustotal.com/gui/file/ef3673c6ad613b1b14d2f7e72c43977008534d8e085aafe22a7c8cfcb3b83b6c/detection
# Reference: https://www.virustotal.com/gui/file/4c1d62f8473f64aa7d0b6fb86b972c58cae5d242d0ee048f41604f1f23a2196d/detection
# Reference: https://www.virustotal.com/gui/file/0ec987a8cf5a6359a641bff9018fcfe1944309ac0037a1bfdfbb5fc3a5b7ce0b/detection

http://15.228.186.93
agicltursement.ink
cfestlolequiep.store
gastronomleo.lat
mercantokiko.xyz
noticiasnovidads.xyz
varjolatijolos.space
coletasegura.ddns.net
notificacao.noticiasnovidads.xyz

# Reference: https://x.com/ShanHolo/status/1826917813379846419
# Reference: https://app.validin.com/detail?type=ip&find=45.45.238.213#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/df1a4fc766fde3ad56195e192c5f0e33bd0ef088128cca6c95f10e3135669963/detection
# Reference: https://www.virustotal.com/gui/file/76e762cc7073a3bdee1117c79fd7ab7fcaf8bf1e393d25e165f59ca30ebd2dbf/detection
# Reference: https://www.virustotal.com/gui/file/6e2060f5ac86d80be2d3b4f66a229dd3f1114cd3c0b232e8653335dfcf5a75a3/detection

45.45.238.213:2052
45.45.238.213:4782
funpass.services
nigger.zone
niggerdns.cloud
packets.fun
mail.nigger.zone
play.funpass.services

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-08-25)

http://146.70.113.183
104.237.252.41:7310
177.172.85.227:5000
177.201.54.142:831
181.162.135.102:8080
181.162.185.79:8080
222.253.182.185:4783
223.155.16.113:23333
223.155.16.159:23333
223.155.16.161:23333
223.155.16.165:23333
223.155.16.167:23333
223.155.16.168:23333
223.155.16.170:23333
223.155.16.173:23333
223.155.16.174:23333
223.155.16.176:23333
223.155.16.177:23333
223.155.16.180:23333
223.155.16.181:23333
223.155.16.182:23333
223.155.16.183:23333
223.155.16.184:23333
223.155.16.185:23333
223.155.16.186:23333
223.155.16.188:23333
223.155.16.189:23333
223.155.16.191:23333
223.155.16.192:23333
223.155.16.194:23333
223.155.16.195:23333
223.155.16.196:23333
45.138.16.215:4782
45.63.16.30:8088
88.174.225.208:16385
92.40.112.165:4444
93.109.60.3:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-08-25)

http://124.223.40.253
103.191.241.8:4449
103.65.234.126:4444
104.238.189.204:4449
111.90.151.197:8080
171.233.26.60:5000
171.233.26.60:6000
171.233.26.60:8000
171.233.26.60:9999
185.162.75.19:4449
195.201.76.21:8890
202.95.19.142:8888
34.67.75.224:1080
37.1.220.7:1605
45.66.231.241:5000
45.87.173.129:4449
77.83.196.126:4449
85.190.243.242:8888
85.208.110.83:4449
s7.canada.wiretun.com

# Reference: https://www.virustotal.com/gui/file/2450bc33607f6c985ec171ba34940dcdc57c95b1add77bd98675e54a431d5fab/detection

89.47.113.60:4449

# Reference: https://www.virustotal.com/gui/file/00b02d486e044d9513a7a737074e56a0cada1518ffee821cbf8e27a77a9f8b5a/detection

148.113.165.11:82

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-09-08)

http://139.64.37.72
http://143.92.163.215
http://2.59.135.162
104.245.247.85:57896
108.253.252.20:8888
119.196.227.203:8888
139.64.37.72:10000
139.64.37.72:11211
139.64.37.72:11300
139.64.37.72:13145
139.64.37.72:135
139.64.37.72:13562
139.64.37.72:1433
139.64.37.72:18398
139.64.37.72:2000
139.64.37.72:20000
139.64.37.72:20547
139.64.37.72:20650
139.64.37.72:2086
139.64.37.72:21
139.64.37.72:21577
139.64.37.72:25206
139.64.37.72:32870
139.64.37.72:3623
139.64.37.72:39513
139.64.37.72:40396
139.64.37.72:41869
139.64.37.72:43918
139.64.37.72:49152
139.64.37.72:49501
139.64.37.72:51200
139.64.37.72:5366
139.64.37.72:54164
139.64.37.72:5432
139.64.37.72:54739
139.64.37.72:58000
139.64.37.72:58297
139.64.37.72:60000
139.64.37.72:60130
139.64.37.72:65405
139.64.37.72:8013
139.64.37.72:8089
139.64.37.72:8090
139.64.37.72:83
139.64.37.72:9876
139.64.37.72:990
139.64.37.72:993
143.92.163.215:10000
143.92.163.215:1080
143.92.163.215:12220
143.92.163.215:13012
143.92.163.215:14265
143.92.163.215:1687
143.92.163.215:16993
143.92.163.215:18809
143.92.163.215:1962
143.92.163.215:2000
143.92.163.215:2004
143.92.163.215:20594
143.92.163.215:20888
143.92.163.215:234
143.92.163.215:27256
143.92.163.215:28820
143.92.163.215:28906
143.92.163.215:28994
143.92.163.215:29457
143.92.163.215:30005
143.92.163.215:31990
143.92.163.215:3260
143.92.163.215:3390
143.92.163.215:37215
143.92.163.215:38171
143.92.163.215:41036
143.92.163.215:43
143.92.163.215:43996
143.92.163.215:4433
143.92.163.215:44418
143.92.163.215:4443
143.92.163.215:4444
143.92.163.215:445
143.92.163.215:44772
143.92.163.215:45081
143.92.163.215:45436
143.92.163.215:49501
143.92.163.215:49509
143.92.163.215:49837
143.92.163.215:5060
143.92.163.215:50805
143.92.163.215:5191
143.92.163.215:5357
143.92.163.215:5366
143.92.163.215:54515
143.92.163.215:54964
143.92.163.215:565
143.92.163.215:56600
143.92.163.215:58603
143.92.163.215:5900
143.92.163.215:5903
143.92.163.215:6003
143.92.163.215:6379
143.92.163.215:64566
143.92.163.215:6700
143.92.163.215:7002
143.92.163.215:8000
143.92.163.215:8008
143.92.163.215:8089
143.92.163.215:83
143.92.163.215:8389
143.92.163.215:8545
143.92.163.215:9000
152.44.219.243:18473
174.70.151.61:2404
177.60.19.211:5000
178.215.236.82:8008
179.13.0.19:2000
179.14.10.24:2004
181.161.12.107:8080
181.161.9.125:8080
181.162.166.32:8080
181.162.173.152:8080
185.245.183.74:7
188.173.90.67:4873
192.227.228.34:5555
193.183.217.32:443
193.233.74.94:1414
198.167.199.172:19132
198.167.199.181:19132
198.167.199.225:19132
198.167.199.249:19132
203.23.128.30:443
213.159.74.80:9792
217.194.133.95:1372
223.155.16.132:23333
223.155.16.134:23333
223.155.16.137:23333
223.155.16.13:23333
223.155.16.154:23333
223.155.16.160:23333
223.155.16.166:23333
223.155.16.171:23333
223.155.16.178:23333
223.155.16.201:23333
223.155.16.22:23333
223.155.16.26:23333
223.155.16.34:23333
223.155.16.39:23333
223.155.16.73:23333
223.155.16.96:23333
23.158.232.33:2003
31.49.244.152:9300
49.13.11.125:2137
5.189.175.70:25
65.108.9.243:3389
8.134.166.134:85
87.248.130.16:443
93.177.167.223:4782
87-89-82-13.abo.bbox.fr
8msv-27569.portmap.host
i15-lef01-t2-87-89-82-13.ft.lns.abo.bbox.fr
juankaa123516-42965.portmap.host
unimeduberlandia.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-09-08)

http://103.114.104.48
103.114.104.48:443
149.88.85.23:4444
154.216.17.138:4444
157.20.182.193:888
171.233.26.60:5001
171.233.26.60:5002
171.233.26.60:6001
172.94.18.237:4444
176.218.141.64:4444
185.243.181.125:4444
202.95.15.107:8880
45.155.124.230:4449
94.156.67.40:4449
95.179.140.46:4443

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-09-09)

139.64.37.72:10443
139.64.37.72:10839
139.64.37.72:1200
139.64.37.72:12587
139.64.37.72:12922
139.64.37.72:13570
139.64.37.72:13998
139.64.37.72:14063
139.64.37.72:16633
139.64.37.72:17778
139.64.37.72:18245
139.64.37.72:1883
139.64.37.72:19960
139.64.37.72:2004
139.64.37.72:20256
139.64.37.72:20620
139.64.37.72:2375
139.64.37.72:28167
139.64.37.72:3390
139.64.37.72:35874
139.64.37.72:37089
139.64.37.72:37787
139.64.37.72:38231
139.64.37.72:40628
139.64.37.72:4242
139.64.37.72:45615
139.64.37.72:4567
139.64.37.72:46773
139.64.37.72:47001
139.64.37.72:4730
139.64.37.72:5061
139.64.37.72:52628
139.64.37.72:55016
139.64.37.72:57555
139.64.37.72:58415
139.64.37.72:587
139.64.37.72:5902
139.64.37.72:59510
139.64.37.72:6009
139.64.37.72:60378
139.64.37.72:6362
139.64.37.72:832
139.64.37.72:8636
139.64.37.72:9201
139.64.37.72:9300
139.64.37.72:9865
172.94.13.207:4444
176.124.203.97:25565
181.162.183.79:8080
181.22.146.11:4444
185.49.126.16:4788
198.167.199.195:19132

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-09-22)

119.196.227.210:8888
122.243.128.71:10001
123.113.10.246:4285
141.11.95.183:1606
160.124.255.25:4782
177.172.85.234:5000
181.162.138.13:8080
181.162.163.60:8080
181.162.182.194:8080
181.22.146.21:4444
181.22.159.53:4444
185.241.208.234:8080
191.19.129.250:5000
191.82.222.121:2000
193.161.193.99:34101
198.167.199.145:19132
198.167.199.167:19132
198.167.199.196:19132
198.167.199.197:19132
198.167.199.237:19132
198.167.199.242:19132
198.167.199.251:19132
198.167.199.252:19132
199.180.113.10:4285
20.241.63.211:4782
223.155.16.100:23333
223.155.16.125:23333
223.155.16.141:23333
223.155.16.156:23333
223.155.16.162:23333
223.155.16.172:23333
223.155.16.19:23333
223.155.16.60:23333
223.155.16.90:23333
223.155.16.9:23333
34.72.83.57:4444
4.248.59.179:8080
45.138.16.146:8888
45.138.16.90:8888
45.81.243.209:443
46.43.91.253:66
47.76.177.218:9443
47.99.65.37:8043
91.92.241.122:6969
94.156.67.52:8080
94.156.67.52:8082
146-70-113-183.cprapid.com
185-47-174-89.cloud-xip.com
ec2-3-99-102-8.ca-central-1.compute.amazonaws.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-09-22)

103.211.201.109:6000
108.61.177.169:4449
114.132.232.233:4449
15.235.155.2:1080
158.69.41.120:8000
171.249.228.3:5000
171.249.228.3:5001
171.249.228.3:6000
171.249.228.3:6001
171.249.228.3:8000
171.249.228.3:9999
195.85.207.33:2000
45.66.231.150:4449
5.161.231.57:4449
74.249.113.208:6000
88.80.150.190:443
94.156.64.6:8080
242.30.45.34.bc.googleusercontent.com
ns570052.ip-51-161-12.net

# Reference: https://www.virustotal.com/gui/file/ada0631dc37f95d59ee0f77998d576c5668e339aeb9f3a8cbb0dde772e7df8bb/detection

45.120.178.138:5173

# Reference: https://x.com/DaveLikesMalwre/status/1840473495941128388
# Reference: https://www.virustotal.com/gui/file/9be0c0d484d2b5c1aca1cb9e6247adf908f4cdd14ec0cfdf5378898180860124/detection

157.20.182.63:4449
157.20.182.63:8080

# Reference: https://x.com/g0njxa/status/1841778804420731355
# Reference: https://app.validin.com/detail?find=45.80.158.76&type=ip4&ref_id=0d66beea4d3#tab=resolutions
# Reference: https://app.any.run/tasks/af8d9cb6-ae17-40e1-badd-0afbddaeeb5a

154.216.20.132:6969
azure-securewin.com
azure-winsecure.com
whyareyouherewho.ru

# Reference: https://x.com/malwrhunterteam/status/1847537464216346802
# Reference: https://www.virustotal.com/gui/file/d1a6da3bb5b455c45056ff4b7e29270c29728e6e1add468a9a3e8ff88d6c3afb/detection
# Reference: https://www.virustotal.com/gui/file/7543e6925701f6fde75accb15f483991596b55260b720ba7dbc84cc48eeb27aa/detection
# Reference: https://www.virustotal.com/gui/file/1f788a79d0a95bd4957d5a9c3314a80aaf9acdd3bccaff916c4483a8c28a0485/detection

154.216.20.47:8080
179.43.180.122:56001
179.43.180.122:58001
walkout.ddnsgeek.com

# Reference: https://x.com/malwrhunterteam/status/1847580356737659095
# Reference: https://www.virustotal.com/gui/file/4ea27acbddd03299e97e18e117ff553ac516ca7e60144b3cd39cb2ffe9ac6fa5/detection

193.161.193.99:28434
anonam39-28434.portmap.io

# Reference: https://x.com/karol_paciorek/status/1851172752150978895
# Reference: https://www.virustotal.com/gui/file/13b8a3e0d5053c1937d890ae102f7477bc8f0f8e262d2ea1843d4790c7611643/detection

5.42.80.2:4782
anonsim.pw
filmbazi.lol
admin.jplws.ir
adminstrator.filmbazi.lol

# Reference: https://x.com/suyog41/status/1851202308065157368
# Reference: https://www.virustotal.com/gui/file/d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1/detection
# Reference: https://www.virustotal.com/gui/file/672ff26695a8675bdf14c971881759933f74dc4375f3b32e18199c1bbb18084b/detection

87.120.116.115:61510
90.20.116.115:61511
onadeatcamsides.sytes.net

# Reference: https://www.virustotal.com/gui/file/4cdb2481a64294dca81faf8fc38dde097cbea4367271da1710e5533f637a7aba/detection

191.96.78.152:5552

# Reference: https://threatfox.abuse.ch/browse/malware/win.venom/ (# 2024-11-10)

http://185.208.156.253
128.199.62.182:4449
149.0.234.158:4444
154.201.68.2:8888
154.22.5.68:7080
154.37.219.145:443
154.37.220.109:443
156.224.26.180:5555
157.20.182.169:4449
157.20.182.230:4449
157.20.182.73:4449
157.245.202.88:443
171.235.43.116:5000
171.235.43.116:6000
171.235.43.116:8000
171.249.225.34:5000
171.249.225.34:5001
171.249.225.34:6000
171.249.225.34:6001
171.249.225.34:8000
171.249.225.34:9999
171.250.186.108:5000
171.250.186.108:5001
171.250.186.108:5002
171.250.186.108:6000
171.250.186.108:6001
171.250.186.108:8000
171.250.186.108:9999
175.178.170.90:8080
185.208.156.253:22
193.41.226.233:4444
194.31.59.20:8080
196.244.72.26:443
196.244.72.27:443
196.244.72.28:443
196.244.72.29:443
196.244.72.30:443
2.59.134.243:2222
20.199.83.63:8080
217.69.4.86:4449
23.227.199.46:443
31.13.224.34:5000
38.12.33.186:8888
38.240.50.125:22
38.255.33.227:22
45.146.253.140:9999
45.207.55.197:8080
45.66.231.76:5000
45.94.31.169:4449
5.161.251.122:7000
5.206.227.225:4444
5.34.176.117:443
51.161.12.215:3128
66.63.187.79:443
74.222.12.210:8081
81.161.238.252:5000
87.120.112.158:2025
87.120.127.172:20000
93.123.39.47:5000
94.103.125.186:8000
95.250.141.214:1927
23-227-199-46.static.hvvc.us
aye2mar280502016.ddns.net
ec2-18-166-249-66.ap-east-1.compute.amazonaws.com
systemcoreupdate.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2024-11-10)

http://52.30.31.54
101.99.93.167:443
103.200.124.234:4782
103.200.124.235:4782
103.200.124.236:4782
103.200.124.237:4782
103.200.124.238:4782
117.72.103.17:8888
121.62.17.8:4999
139.180.202.227:4782
144.76.9.134:222
146.70.113.191:443
149.28.160.145:7443
154.216.20.132:7000
160.124.255.58:4782
164.90.236.65:5520
165.22.194.189:5613
173.214.167.207:4782
173.54.18.39:4782
174.104.8.127:8080
176.126.62.31:9481
177.144.166.190:5000
177.172.52.150:5000
177.172.85.44:5000
177.70.19.203:6000
179.100.49.94:5000
181.161.18.123:8080
181.161.21.41:8080
181.162.141.162:8080
181.162.143.114:8080
181.162.144.84:8080
181.162.170.22:8080
181.162.173.17:8080
181.162.179.165:8080
181.162.181.153:8080
181.162.182.19:8080
181.162.187.211:8080
183.146.224.116:10001
183.146.226.37:10001
185.177.125.198:223
185.208.159.193:7001
187.35.7.84:5000
188.28.21.112:4444
189.69.196.19:5000
191.82.199.12:2000
191.82.222.192:2000
191.82.232.202:2000
193.107.109.49:9090
193.107.109.49:9999
193.124.205.71:5228
193.149.187.135:8080
193.181.35.27:443
193.181.46.88:443
193.183.217.121:443
193.183.217.16:443
193.3.23.89:4782
194.156.103.208:8080
198.167.199.133:19132
198.167.199.142:19132
198.167.199.144:19132
198.167.199.148:19132
198.167.199.152:19132
198.167.199.154:19132
198.167.199.155:19132
198.167.199.156:19132
198.167.199.159:19132
198.167.199.164:19132
198.167.199.170:19132
198.167.199.173:19132
198.167.199.191:19132
198.167.199.204:19132
198.167.199.205:19132
198.167.199.207:19132
198.167.199.221:19132
198.167.199.223:19132
198.167.199.226:19132
198.167.199.227:19132
198.167.199.233:19132
198.167.199.234:19132
198.167.199.235:19132
198.167.199.241:19132
198.167.199.244:19132
198.167.199.253:19132
198.27.97.85:919
198.98.58.93:4333
199.127.60.26:8080
199.167.138.132:7001
20.163.30.93:22
20.191.119.21:4782
20.82.98.38:1606
201.249.28.30:443
212.224.88.147:8080
217.208.240.208:25565
217.215.195.238:25565
223.155.16.104:23333
223.155.16.142:23333
223.155.16.163:23333
223.155.16.164:23333
223.155.16.197:23333
223.155.16.203:23333
223.155.16.205:23333
223.155.16.206:23333
223.155.16.209:23333
223.155.16.211:23333
223.155.16.33:23333
223.155.16.3:23333
223.155.16.40:23333
223.155.16.41:23333
223.155.16.42:23333
223.155.16.63:23333
223.155.16.75:23333
223.155.16.86:23333
223.155.16.92:23333
31.13.224.12:61512
31.13.224.13:61513
36.24.21.199:2000
39.102.36.209:4782
45.10.243.34:1999
45.137.212.9:222
45.152.161.204:4782
45.153.242.178:8080
45.157.233.117:4782
45.200.148.128:9000
45.200.148.197:8080
45.95.214.119:1604
47.76.214.226:9443
51.79.73.224:5555
60.182.87.13:10001
62.60.204.220:10000
64.176.199.40:8088
64.49.14.13:8080
65.108.205.106:22
66.63.169.17:1979
67.217.228.254:8085
73.149.116.135:8443
76.71.94.235:443
77.132.88.57:4444
77.245.2.142:4782
77.33.24.43:9999
77.73.131.97:443
78.70.235.238:5000
79.110.49.113:4782
79.110.49.167:8888
79.110.49.79:5829
79.250.140.211:9215
80-253-246-234.cprapid.com
80.253.246.234:443
80.76.51.73:3306
80.78.28.83:1337
81.161.238.73:443
83.168.110.87:4782
86.234.237.85:4782
87.120.115.120:8088
87.120.115.120:8089
87.120.115.35:47822
89.39.105.176:222
91.92.241.154:8080
92.40.114.224:4444
92.41.156.65:4444
93.123.109.187:443
93.123.109.97:443
93.190.8.131:1453
autopatch.org
cortanava.duckdns.org
crissnda5.ddns.net
gitlabstand.com
index-login.gl.at.ply.gg
jarredsteven-56944.portmap.host
mx5.deitie.asia
natural-processor.gl.at.ply.gg
pst-pierre.gl.at.ply.gg
vmi1471627.contaboserver.net

# Reference: https://www.virustotal.com/gui/file/f40e852135ec82312fe2c282f36875e72b6b09ce35e512307dc14d22ea43932f/detection

219.248.40.33:4782
andyreal0.ddns.net

# Reference: https://www.virustotal.com/gui/file/e947e561623884388e2d3c811c092abec3557c60d3a017c206003b627bd0d366/detection

blank-dfek3.in
blank-ecttr.in

# Reference: https://x.com/suyog41/status/1967500646728568930
# Reference: https://x.com/suyog41/status/1967898753849081973
# Reference: https://www.virustotal.com/gui/file/5263b3d57c0733ab9c78a1bdda7de9636ee2a30dce014c72809f18cb321a1390/detection

555555cnd.b-cdn.net

# Reference: https://x.com/dyingbreeds_/status/1861701265186558229
# Reference: https://app.validin.com/detail?find=118.193.69.40&type=ip4&ref_id=d17094f4da7#tab=resolutions

ncjdiwuebmfkr.shop
nhnjduwijcsdwba.fun
njkuwifjvnbde.shop

# Reference: https://x.com/dyingbreeds_/status/1861701265186558229
# Reference: https://app.validin.com/detail?type=ip&find=152.32.138.245#tab=resolutions

aviue2vkdgrkvd83dvkfdjrusl.cfd
bdwiovlapsdlvkjrjglsdfv.cfd
bhsjcnsdbhfjwieufahvghdsf.cfd
bjfieosivhhd38dhhrhwe837bdlkrs.lol
bkfjeiuc78364vwoive87hhhde.cfd
bkidohakvlfjeihgsdv.cfd
bkjfdmwuviosfksldobjerjhhsvg.cfd
bmsdwlopief3lkfe.cfd
bneu2c3vgdbmfjeiovbwbswpbkd.cfd
bneuisodjcqibdfoe19vlfoepvsewml.cfd
bnfehdw2vlfkerio.cfd
bnfje02cjfhlo909eslk.cfd
bnmkfleicjsdkvkfjdiehsvbbhfawwwkivodvdfe.cfd
cbdgwh2sdkbvmfjeh3sh.cfd
cbhsuwjsklmvieioascvde.cfd
cklsovflsploeifjsdhfvdfw.cfd
cmvkde238vm0ser.site
csdgopelbmdjops.cfd
dhv2sdjvndheiofhw.cfd
dhwfjei2vkfgj3idfhe.cfd
djw2seubwoglek.cfd
dkbwo2ivkdj48vhd3bmf83fegvndj39chd.cfd
ewvbdfn2sdkvmfje2djvnrowi.cfd
fhget2dghvsdbwjf2kdsfjew.cfd
fhgw2kvldfehloper.shop
fhw2vmjfdkeiwdfj.cfd
fj2kfjeivnd3djshvndhf32lsdkej3jfkejsdf.fun
fjei389vkdfigoek38bvlodej298vrh.quest
fjueisj2jdfuhh4f93hfdhf2jvjdfjkdfj2jfjdfjejvfw.cfd
ghjehd2jsdhvmbnfh3jdfhsj2kdfje.shop
ghwyudw2hjnbkfjieu.cfd
gqucvidfeh2fkejrufeir3fjdfhvdfh3fjfguefh3fjdhe2vjsdfheh.cfd
gwvj3fekgieori3dfbmfjek.cfd
h2sdkvjdhe2shvndhewudsf3dhehvs.cfd
hbgdwy2vkdfjehbndfe.cfd
hdue29vibfrhu38bdhfbmfkei390bevjndheu389vmwki.cfd
hdwuei2okjrhww.cyou
heu2vndhwpoblfk3jsfhew.cfd
hf2dhvgdfjebmfjek2ksdj.shop
hfgw2snvbhfgeisdo2djnvh4jdfhe2jsdb.fun
hgd2vnbhwpashf3dfkejvnfh.shop
hgue2kdiesdmvj2lk.cfd
hju2dvbdfhe1vkfr.cfd
hjwh1jvkdkfehsd.cfd
hueihvndfheja2wd.sbs
hyw2vjdfhegnmfdjek2ksdjv.cfd
ijudhsbmjsiusefs.cfd
iwuv28vurigjb389bvjfhrynmfdkeogheg.cfd
jeu2cvner3gkbjfue2mvke.cfd
juiuwehfgerbmkfrl.cfd
jvksjfjehnkdflivosdjgh.cfd
kajwmbvsdivoleojsdfpg.cfd
kidofllkdfkvieoasdva.cfd
kiweo2sdjvndhes.cfd
kji2jfduewi2kdfjei.cfd
klopsdkwlvmasd.cfd
ksicojdjfkiobjdfhsdf.cfd
lisxvd2sdfjenvhd.cfd
lkoidhvhawlvodfephsvg.cfd
mjdw2jdieoi3kfglrw.cyou
mjfuegs23ovkdfjesdvhderk.cfd
mjsdhw2sdwjvndsje.cfd
mkdiuoadsvnjdasd.cfd
mkfe2jdfheh3lvkdfje.cfd
mkosdkwlvasd.cfd
mksieo2cjdheb8fgdevm3avde.cfd
mnswikvsdflasdkg.cfd
nbdhwe2jdhjvflr.cfd
nkioimaioie.yachts
nmdkvieo.yachts
ocplvjwbmslvopeicjsdkfk.cfd
oid2dhsjvs2gkejh4sdvmdfjehwj3dfkgjrh3sdvdf.cfd
ovciewhasjdkvidfhewg.cfd
qivoe38ivrwplbor19cokdblfkra2f3fs.cfd
qkvje3djeivosdue.cfd
scvjeibofkldbmeioakhfjmvakcmfjr.cfd
ufhye3jvhfge3kfjei.cfd
uyd2vjdnwhfu3dijgueif3hfjnvsdge2kfjvme.cfd
vbsdhwuhvajkliehhcfgs.cfd
veikfks298fhvfjrieo982vhd389dhvher.beauty
vejdwu287vfnmglkrop29ovpd.homes
vjdfk38937vvhdhf237v8efhbkeri.cfd
vjdfueihasdvkdl.cfd
vjdhey2sdnvhfbgetsdw2sjdhfue.cfd
vjdwi2vjfu338vhd20jevjdiehsj.cfd
vkdie93vodlglwj083.fun
vkdjeusd872lod983sl.shop
vkdleokkgisdfhevnfj38vkdfieh0odjfe.cfd
vlsdlkfjgjsafdjvmsdf.cfd
vmkdsiwjlopwj.cfd
vnbdh2hsdgvjdfen.shop
vndfh2sdjweiofj3kvjdfhe3kfjei2cnvjdes.shop
vndfju2fjfkewvsdbeh2sc.cfd
vndfwh2shdveobvldke2o.cfd
vnhd2swopofkepbf.cfd
vwh2uchdg3oblfkei3vdkgjeios3volfdgke39vhdhej3blfkrio3.cfd
wghvn3fjeksdhgloer.cfd
whvudy2fkeish2vkdfje.sbs
wivobmj2jduwi039bhehvdkwelgieo.cfd
wivu3svmfjhsdeg3fjvkdfhe32sdvnfjerh.cfd
wjihe32lbkfrj.cfd
wjvepo2vd36vdelgope2vkdjeh6bldkeio3.cfd
xkdiehkbmdklopds.cfd
xkw29fieo039fbmfjriov29fopvke39vkfirow.cfd

# Reference: https://www.virustotal.com/gui/file/90c42c9245470e9590a8b545ce02966ee6f67f70bd0acf3c13bcb3c65ae69a9b/detection

31.220.90.137:4782

# Reference: https://cert.orange.pl/aktualnosci/quasar-rat-pkobp-analiza/
# Reference: https://www.virustotal.com/gui/file/ffa58ebc168e4a19c311097b97645a5d8801db2326f4e8784b634c3e2e2de991/detection
# Reference: https://www.virustotal.com/gui/file/e04686529fa855d477b540e88f66d90835dfe1f491fea795a5b933af831bb8c5/detection

155.94.209.8:6298
69.174.98.113:6542
aboushagor.ydns.eu

# Reference: https://www.virustotal.com/gui/file/1e6f526f7a315ea1c2f1c04f8a06c133c5edf51ad10a6272d1601bab4611aa32/detection

172.94.24.50:4782
hlearn.mywire.org

# Reference: https://x.com/smica83/status/1866948911727890481
# Reference: https://www.virustotal.com/gui/file/a6b44600a77997e6e46bda3f0aa10986127380de91be9ca5aa0713eab42717f0/detection

103.187.5.183:4449

# Reference: https://x.com/JAMESWT_MHT/status/1869708734181842996
# Reference: https://app.any.run/tasks/370028d7-369d-4627-9e11-e384700be134

51.15.17.193:4782

# Reference: https://x.com/suyog41/status/1875103053973708892
# Reference: https://www.virustotal.com/gui/file/4e4e30b6aa045b33d58cd9635e6da45dc689fb449143b105abc5ecf755d1da88/detection

176.96.131.55:1604

# Reference: https://socket.dev/blog/quasar-rat-disguised-as-an-npm-package
# Reference: https://app.validin.com/detail?type=dom&find=jujuju.lat#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/9c3d53c7723bfdd037df85de4c26efcd5e6f4ad58cc24f7a38a774bf22de3876/detection
# Reference: https://www.virustotal.com/gui/file/13744b282a3927a53d5ced963a61604c98de1e3f4718e1cdae87ddd1d8de14fa/detection
# Reference: https://www.virustotal.com/gui/file/6949177ca08001b0f3f514acf7130a1c05869349f104980f139ec2f1a79315d8/detection
# Reference: https://www.virustotal.com/gui/file/96abe1a5bc4e91b3ba34ce34703fc5c17fe82f01076c4b613d7c6fa37e8bd039/detection
# Reference: https://www.virustotal.com/gui/file/fd65a1f7d5b7ebe4baa38e42a072380acffa4ba08fb297e84fcc73351a9d4b90/detection

154.216.17.47:7000
45.200.148.197:8080
captchacdn.com
jujuju.lat
microsoft-visualstudiocode.com
visualextensions.com

# Reference: https://x.com/ShanHolo/status/1887093033302184191
# Reference: https://www.virustotal.com/gui/file/129dbf173e38d9d37f8c66513290a30bc0790e9fdcdb5c9043a399ee6c889493/detection

http://13.48.129.198
13.48.129.198:7777

# Reference: https://www.team-cymru.com/post/tracing-the-path-from-smartapesg-to-netsupport-rat
# Reference: https://www.virustotal.com/gui/file/aeccab1773577c5fb78ad9334f3c4f8dfe00cb3b00c03701f3cd0b82ebfe1b0e/detection

193.107.109.76:1488
193.107.109.76:54663
193.107.109.76:54664

# Reference: https://x.com/James_inthe_box/status/1887869799314993176

176.65.142.172:4449

# Reference: https://x.com/JAMESWT_MHT/status/1891548272243687483
# Reference: https://www.virustotal.com/gui/file/17a5b702138df859036f24077ca1d4e531af488b8ddc39432fe228fa16c04bed/detection

31.177.109.243:5000
31.177.109.243:5001

# Reference: https://x.com/malwrhunterteam/status/1893370855427653994
# Reference: https://www.virustotal.com/gui/file/ff4f3993fcad178cea962ac58f709762502d37fbebce2f2d5cfe4da5d09f97c0/detection

149.50.97.147:4782

# Reference: https://x.com/skocherhan/status/1894836306607263846
# Reference: https://x.com/skocherhan/status/1894840678816862705
# Reference: https://x.com/skocherhan/status/1951998006686839018
# Reference: https://www.virustotal.com/gui/file/e881baf221022ea7409a107b061d67b3cef26bfb9cc1389b65aef83e3165fdae/detection
# Reference: https://www.virustotal.com/gui/file/05f975e0fdf4faf66450f31b569b3af6051d870ee4178a81ec621eafb43138b4/detection
# Reference: https://www.virustotal.com/gui/file/8765db62e84c2f5e8e126ec3922b6acdaabbc6e68c6678c5f47fac278e853ae6/detection
# Reference: https://www.virustotal.com/gui/file/2383b97ef686b72097c44f7b83f4f0ed27e97fb378c3bcab610fc7ca1e9100b6/detection
# Reference: https://www.virustotal.com/gui/file/0afbc411e015c06b01d688dd6d5c6abbf2df21233298d0c3a0f4e8578dab58f5/detection
# Reference: https://www.virustotal.com/gui/file/01de053d9560d419f0b6c35dbddb1175eb1fd7a21450989332024b812d39c4c2/detection

http://196.251.71.142
193.34.212.17:5829
212.23.222.222:5829
45.144.214.107:4213
hirosavva-cn.com
annathompson.ydns.eu
bich23.ydns.eu
bin12.ydns.eu
che.ydns.eu
cindy.ydns.eu
dr16899.ydns.eu
hoffmann3.ydns.eu
kamsi.ydns.eu
malone.ydns.eu
officialtrmmy.ydns.eu
opy.ydns.eu
zyg.ydns.eu

# Reference: https://x.com/malwrhunterteam/status/1895393028115997140
# Reference: https://www.virustotal.com/gui/file/c9aa237a2a30b901d52d0074731b5ac57f70322f1fde81f6794588c17d6bb268/detection

86.54.42.120:4782

# Reference: https://x.com/CreateFileInt_/status/1895493296698650967
# Reference: https://www.virustotal.com/gui/file/4fc36aba1cadc2744fc2a61dcfc10cd6e78684412784c8fd115bda30e99440ac/detection
# Reference: https://www.virustotal.com/gui/file/0b5209d43ec213a66e2044c0efc6bca166afd99ca5b73ee7b3623092491d7430/detection

88.119.175.52:4000
88.119.175.52:5000
88.119.175.52:5001

# Reference: https://x.com/malwrhunterteam/status/1895876161261224136
# Reference: https://www.virustotal.com/gui/file/da3bab528f4f82ec90aac791a60962b6cca60d172939821874c78b0cf71d7d09/detection

80.76.49.2:4782
80.76.49.2:4783

# Reference: https://x.com/malwrhunterteam/status/1896664042443624472
# Reference: https://www.virustotal.com/gui/file/ef25bc1a287ab5fd018fd62f89d52ceb429b107de449afd9c8fe1eb77c23907a/detection

196.251.83.99:6969

# Reference: https://www.virustotal.com/gui/file/0347ba0f1449fb8baa55d9a100412d16605c7a5e2fff21107a50e9ccebbbbfd9/detection

45.154.98.15:4782

# Reference: https://x.com/malwrhunterteam/status/1896870412279337314
# Reference: https://www.virustotal.com/gui/file/405b93693e1ecba14ef9b9087ae3b69b5222a5307330df350092938578f4900d/detection

217.114.43.24:4782

# Reference: https://x.com/malwrhunterteam/status/1896852520707973307
# Reference: https://www.virustotal.com/gui/file/6f9d8640168fb34aff3b829d7f08246eb772228c37bcb0f5b2621260704df159/detection

138.199.162.81:6974
gcceqm4pr.localto.net

# Reference: https://x.com/skocherhan/status/1897162867927081141
# Reference: https://www.virustotal.com/gui/file/fdd845f48a16b8fae9a1c3933fa1ab97fe0339166c3f7c0d986d0c11d40c18df/detection

217.195.197.132:1604

# Reference: https://x.com/malwrhunterteam/status/1897348511785779318
# Reference: https://www.virustotal.com/gui/file/ebbc5cf4a95138250e0578763570c2bb8c0a2429d79ef98a8f28669a4aaa8c95/detection

185.234.72.186:4782
dashing-cassata-b94dd5.netlify.app

# Reference: https://x.com/malwrhunterteam/status/1897259764729720839
# Reference: https://www.virustotal.com/gui/file/efc09d4380483145573ac4f1a2b4fe308e9bd4378bffbc44efd00739d2e055a7/detection

185.234.72.2:4782

# Reference: https://x.com/malwrhunterteam/status/1899928036952175074
# Reference: https://www.virustotal.com/gui/file/27998eb575368e2214e296f9d7cc21013109638ffc854dcc3257b1f1749e1669/detection
# Reference: https://www.virustotal.com/gui/file/8eb8e5b3a4bf25bf69e36157bbf2c79824e9c8b7c541b938574ac7c13e21158a/detection

196.251.69.62:4782

# Reference: https://github.com/hagezi/dns-blocklists/issues/5542
# Reference: https://app.any.run/tasks/258d16e0-0df9-4578-a089-9afa298d7bfc
# Reference: https://www.virustotal.com/gui/file/7ac644fc3b59f9ae6995a9cc57c39aee97ac89b3d25652c29c9a3269a02db2d2/detection

89.23.99.13:5000
getxi.store

# Reference: https://x.com/skocherhan/status/1901771898674909542
# Reference: https://www.virustotal.com/gui/file/8346e3320f99f521a8eaa1e16a2f99895c543b418701a929a7ca6c39d87f2665/detection

136.244.70.249:4782
54.197.33.33:4782
66.42.92.46:4782
95.179.194.63:4782

# ReferencE: https://x.com/Cyberteam008/status/1755920191362400447
# Reference: https://x.com/Thisism23567356/status/1901903152112157103
# Reference: https://www.virustotal.com/gui/file/dc4048ae389c1e8c0717575b19ce53d3218bb8e298f4547af47be26e52734f5d/detection

89.117.79.31:3
89.117.79.31:5
89.117.79.31:7
mvps-remote.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2421394f62d3e79f46138130a67033b7cba3895298e1b0627e9f143adfec7009/detection

45.141.215.22:4782

# Reference: https://x.com/skocherhan/status/1903647926276305014
# Reference: https://www.virustotal.com/gui/file/dfa6c74531d060a84393334b29411f7cf32c47c2aa3fc2f58b0acc533788c4db/detection
# Reference: https://www.virustotal.com/gui/file/00693395d1d95037162463c75a70905ac278da861a1a9c29e81fc1de77b6b0f6/detection

109.248.151.166:61539
109.248.151.166:61540
fortyfive5.ydns.eu
fortyfivev.crabdance.com
seventyfive75.ydns.eu
tentyfive5.ydns.eu
thirtyfive335.crabdance.com
thirtyfive5.ydns.eu
twentyfive25.ydns.eu
twentyfivev.crabdance.com

# Reference: https://x.com/skocherhan/status/1903655306481020965
# Reference: https://www.virustotal.com/gui/file/9299998972a169cd4a6bae58983980400d54fdaffd8a7d827ca0c07cf7159318/detection

185.140.53.251:7654

# Reference: https://www.virustotal.com/gui/file/f1d0dc52fe626c992361233304cca5a0e62eec2875f9cb4b091f88ed39a30255/detection
# Reference: https://www.virustotal.com/gui/file/baeeda78640f45dc8f75a7152bc8af751d6501fec5e2164d5280bbbf6cd15a42/detection
# Reference: https://www.virustotal.com/gui/file/9ab2581704619611117ce45b353f0fc46af2f6843b4e6c82c7f2cffd5cad0fda/detection
# Reference: https://www.virustotal.com/gui/file/72157acbb76515e2eb904d29afbf86a81a780525b177b0940d2ce26ad89df62f/detection
# Reference: https://www.virustotal.com/gui/file/6f517e25a372527d8d6a197af6a051feb6786be4789589fdcacd13863333749b/detection

191.95.38.232:4041
191.95.38.232:4853
69.167.11.58:4892
69.167.7.92:4892
69.167.9.56:4892
perfect10.ddns.net

# Reference: https://x.com/smica83/status/1903775524339487205
# Reference: https://www.virustotal.com/gui/file/0b53efd19eba5ce1cab903cb05139a09d29cc376399cf0b4051e8702ccd67894/detection

193.161.193.99:29929
senoc43726-29929.portmap.host

# Reference: https://x.com/dyingbreeds_/status/1904818759828746415
# Reference: https://app.validin.com/detail?find=Venom%20Software%20-%20Remote%20Administration%20Tools&type=raw&ref_id=39ee0ced665#tab=host_pairs (# 2025-03-26)

http://194.62.248.134
194.62.248.134:443
6070vapinreclaimenty.dynip.online
60e0vapirenclaimenty.ddnss.eu
app.crystalconsultings.com
bizclothing.ydns.eu
chasderes.dns05.com
chasefirg.ns01.info
chaseifes4.ns01.info
chasxesjs.ns01.info
consent.tel
crystalconsultings.com
serviosio.ns01.info
suiopa.ns01.info
suvrichas.ns01.info
venom.venomcontrol.com
venomcontrol.com
venomrat.com
venomrat.online

# Reference: https://x.com/skocherhan/status/1906499175300112693
# Reference: https://www.virustotal.com/gui/file/ce03d3486789287c16c6d90894cda02de4a6f9afcab2a4e408ef65dd2324ff4f/detection

94.28.145.107:7000
bbrus.duckdns.org

# Reference: https://www.virustotal.com/gui/file/426b6e77a4d2e72edf8cd6177578a732ca05510b56cb58d938d6e25820dc2458/detection

176.160.157.96:5000
goku92ad.zapto.org

# Reference: https://x.com/marsomx_/status/1910581221928685778
# Reference: https://www.virustotal.com/gui/file/82ff88aa79fe54dd88419c265d2e5b15e8cf378b7b5c041c2f36069de0938e73/detection

196.251.85.97:4449
xssdotis.hopto.org

# Reference: https://x.com/skocherhan/status/1911238083225284714
# Reference: https://www.virustotal.com/gui/file/0fa55a32cc86794eb0975b4165437c1233875483d92d326788f31709d0e8f1e8/detection

128.90.108.193:9057
labina.work.gd

# Reference: https://x.com/skocherhan/status/1911498592897871958
# Reference: https://www.virustotal.com/gui/file/647ff6bb02da699db96622985a50a95f20ee726de30547177a05aed8b3585be7/detection

wohowoho.com
dakar.wohowoho.com
t_an.wohowoho.com

# Reference: https://www.virustotal.com/gui/file/19a610efdf9693350e5b9eea2959b328c74dda894c87ee55955a3a1a4967c0fb/detection

212.23.222.222:4050
sdremm.ydns.eu
win32.ydns.eu

# Reference: https://x.com/skocherhan/status/1913109554499314004
# Reference: https://www.virustotal.com/gui/file/9c2ae6de49a57584466471cd3f0c4ed2d816751b9899a50c059f66a196e95b2d/detection

185.39.17.228:2222

# Reference: https://x.com/naumovax/status/1913230954379759678
# Reference: https://x.com/dcTavvy/status/1913314233389109347
# Reference: https://tria.ge/250408-xpqxxaynv7/behavioral1
# Reference: https://tria.ge/250408-xkkkbsyxcv/behavioral1

193.161.193.99:29235
ilovecatgirlsowo-29235.portmap.io

# Reference: https://x.com/James_inthe_box/status/1914325285891395793
# Reference: https://www.virustotal.com/gui/file/4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61/detection

109.248.144.175:4449

# Reference: https://x.com/naumovax/status/1915381317501436075
# Reference: https://x.com/naumovax/status/1915381320139538818
# Reference: https://tria.ge/250417-wbm4esyny9/behavioral2
# Reference: https://www.virustotal.com/gui/file/cb4e81092ab7236f8431129254b5f1bf94a9037ee6410215e24db647c09c93c8/detection
# Reference: https://www.virustotal.com/gui/file/3bcd09a71232c9b16448adfddd070014df4383363d3f2355e97868381aaaa19e/detection

147.185.221.27:41879
package-hiv.gl.at.ply.gg
prev-ibm.gl.at.ply.gg
they-mailed.gl.at.ply.gg

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2025-05-04)

http://185.148.3.216
http://8.134.74.227
1.119.13.214:9005
101.17.215.85:14782
101.183.154.58:60000
101.99.75.151:4487
102.117.83.166:12439
102.117.83.166:44817
102.117.83.166:83
102.184.234.181:8081
102.44.179.138:5505
103.123.4.233:27697
103.162.208.5:2095
103.20.102.21:4782
103.7.55.181:8085
104.234.114.151:6921
104.245.240.37:443
104.245.241.191:2424
105.69.240.227:8080
106.241.55.218:4782
107.148.49.57:36218
107.148.49.58:36218
107.189.19.211:4782
108.213.32.144:4782
108.77.173.66:1194
108.77.173.66:4758
109.207.172.177:5555
109.248.151.166:61537
109.69.110.192:4782
11.58.176.111:4782
111.227.97.43:14782
111.231.57.250:9600
112.134.23.228:4782
113.44.50.33:4782
114.240.69.64:4782
114.55.252.159:14782
114.96.88.155:50050
116.104.55.150:8888
116.104.55.159:8888
116.104.55.173:8888
116.104.55.175:8888
116.104.55.198:8888
116.203.56.216:2222
116.212.185.242:8081
118.195.162.44:443
12.75.114.52:4782
120.26.68.165:14782
121.120.28.188:443
121.189.208.94:443
121.36.102.48:1111
121.89.184.234:4782
123.113.9.65:4285
124.170.69.79:4782
125.143.10.145:8080
125.25.56.200:4782
128.0.118.53:1989
129.208.135.168:1337
129.208.139.65:1337
129.208.156.15:1337
129.208.7.60:1337
13.60.192.44:4782
137.184.183.22:4782
138.199.162.81:2086
139.180.146.92:443
14.35.42.91:9999
141.11.109.176:1337
141.98.102.243:21587
144.123.101.10:60001
146.190.110.91:13000
146.190.110.91:34527
146.70.50.186:4000
147.185.221.17:44915
147.185.221.20:15912
147.185.221.20:35825
147.185.221.22:58400
147.185.221.25:3066
147.185.221.25:57259
147.185.221.25:57276
147.185.221.26:16078
147.189.170.105:7000
147.45.44.184:4782
147.45.44.68:4782
147.79.20.219:8000
148.113.214.176:4782
149.248.76.120:4782
15.204.236.25:8084
15.229.188.194:20545
150.158.45.167:14782
152.250.38.80:5000
154.21.201.53:6002
154.216.19.144:7000
154.216.19.77:7000
154.216.20.177:6000
154.30.3.134:31415
154.53.50.145:5
154.61.76.233:8080
154.83.13.33:443
154.90.63.65:4782
156.238.237.180:4782
156.245.11.123:4782
156.245.11.143:4782
156.245.11.148:4782
157.97.11.134:9119
158.247.206.215:443
159.196.23.241:2021
159.253.19.237:8443
161.129.37.116:65535
162.230.48.189:9050
162.250.124.62:8080
163.5.112.232:443
165.232.168.233:49342
171.22.26.36:10000
171.224.210.244:8888
172.137.39.15:4782
172.221.202.55:2222
172.221.202.55:6672
172.65.249.80:1111
172.86.109.207:6546
172.86.110.183:8080
172.86.64.138:8090
172.86.81.57:443
172.86.93.192:4000
176.144.206.234:4782
176.45.212.87:1337
176.65.140.209:8080
176.9.123.109:4782
176.97.71.35:443
177.103.18.221:5000
177.144.167.191:5000
177.71.130.31:20545
178.193.59.33:4782
178.239.151.59:10000
178.248.101.230:4444
178.83.80.11:4782
179.100.48.53:5000
179.100.49.224:5000
179.13.10.232:8082
179.13.2.158:8082
179.13.3.202:8082
179.43.180.114:4050
179.43.180.115:4050
18.198.77.177:12951
18.230.165.72:20545
181.161.12.137:8080
181.161.13.66:8080
181.162.128.59:8080
181.162.131.25:8080
181.162.131.55:8080
181.162.141.120:8080
181.162.143.10:8080
181.162.145.85:8080
181.162.147.248:8080
181.162.149.118:8080
181.162.149.15:8080
181.162.152.83:8080
181.162.155.36:8080
181.162.155.66:8080
181.162.162.122:8080
181.162.162.136:8080
181.162.166.147:8080
181.162.169.84:8080
181.162.178.164:8080
181.162.178.29:8080
181.162.179.163:8080
181.162.184.19:8080
181.162.184.208:8080
181.162.190.243:8080
181.235.4.255:1312
183.101.23.154:443
185.122.185.121:65511
185.141.119.157:4782
185.147.124.146:4782
185.147.124.90:10000
185.147.125.77:4782
185.148.3.216:4000
185.196.11.179:443
185.196.9.203:4782
185.208.159.150:7070
185.223.31.253:4782
185.231.252.213:4782
185.241.208.51:4782
185.246.113.135:1604
185.249.198.173:2
185.81.157.216:5555
186.249.218.142:50000
187.101.165.217:5000
187.101.165.234:5000
187.209.210.95:4782
187.209.92.216:4782
187.56.238.128:5000
188.129.10.205:443
188.248.160.177:2404
188.248.160.177:37215
188.248.160.177:47428
188.248.160.177:7000
188.50.4.2:1337
188.50.9.48:1337
188.55.202.22:1337
188.55.210.211:1337
189.14.46.162:1182
189.155.247.138:4782
189.155.254.54:4782
189.46.38.89:5000
189.69.197.92:5000
189.78.187.96:5000
190.102.40.205:5552
190.203.34.71:443
190.205.233.105:443
190.247.133.30:7676
191.17.127.79:5000
191.17.93.118:5000
191.17.93.14:5000
191.19.117.14:5000
191.19.117.170:5000
191.19.117.87:5000
192.153.57.203:8080
192.71.172.2:443
193.105.234.195:10000
193.124.205.56:350
193.143.1.121:9669
193.161.193.99:25772
193.161.193.99:31740
193.161.193.99:35024
193.161.193.99:41287
193.161.193.99:4785
193.161.193.99:49919
193.161.193.99:60241
193.26.115.190:443
193.31.28.181:4004
193.31.28.181:4782
194.164.96.168:4782
194.187.251.163:23140
194.219.181.40:4447
194.26.192.167:2768
194.59.31.106:4782
195.177.94.58:4782
195.177.94.58:7000
195.177.95.106:2689
195.177.95.160:3819
195.211.190.227:2484
195.211.191.164:4783
195.211.191.174:5938
195.26.240.251:4782
195.88.218.126:4782
196.130.183.240:8081
196.221.48.72:8081
196.251.112.196:443
196.251.70.130:7777
196.251.72.201:7007
196.251.73.248:443
196.251.73.58:80
196.251.80.231:9001
196.251.85.13:4782
196.251.85.45:4782
196.251.87.73:443
196.251.87.82:443
197.133.104.107:8081
197.133.196.255:8081
197.133.215.44:8081
197.133.22.251:8081
197.133.27.126:8081
198.167.199.130:19132
198.167.199.139:19132
198.167.199.149:19132
198.167.199.163:19132
198.167.199.169:19132
198.167.199.177:19132
198.167.199.178:19132
198.167.199.183:19132
198.167.199.189:19132
198.167.199.190:19132
198.167.199.206:19132
198.167.199.218:19132
198.167.199.224:19132
198.167.199.239:19132
198.167.199.250:19132
198.244.227.72:443
1puohi7iyi.loclx.io
1yk3.ydns.eu
2.83.126.58:4782
200.109.24.238:443
201.0.101.103:5000
201.210.95.133:443
204.210.111.84:4782
205.234.193.208:4782
206.206.76.75:443
206.206.76.75:80
207.180.213.75:4782
207.32.218.133:499
211.149.227.147:4782
212.102.63.147:4782
212.56.35.232:101
213.209.150.101:443
213.209.150.112:4782
213.209.150.170:9841
213.238.177.46:1604
213.238.177.50:1604
216.164.152.116:3334
217.195.197.121:1604
217.195.197.192:1604
217.211.13.227:25565
217.254.98.158:4782
222.106.222.152:443
222.127.52.61:4782
222.186.34.117:9999
23.158.232.33:3924
26.160.231.118:4782
26.20.187.152:4782
26.45.181.53:4782
29.108.204.55:4782
3.124.67.191:13249
3.249.255.190:4567
31.166.106.12:10463
31.166.106.12:123
31.166.106.12:12805
31.166.106.12:12840
31.166.106.12:1311
31.166.106.12:1701
31.166.106.12:1723
31.166.106.12:18004
31.166.106.12:18162
31.166.106.12:18333
31.166.106.12:1962
31.166.106.12:2000
31.166.106.12:20768
31.166.106.12:2233
31.166.106.12:23
31.166.106.12:26611
31.166.106.12:2762
31.166.106.12:28677
31.166.106.12:29543
31.166.106.12:33014
31.166.106.12:3306
31.166.106.12:35220
31.166.106.12:37437
31.166.106.12:38281
31.166.106.12:39919
31.166.106.12:43398
31.166.106.12:443
31.166.106.12:4567
31.166.106.12:47001
31.166.106.12:4730
31.166.106.12:4839
31.166.106.12:4840
31.166.106.12:49979
31.166.106.12:5001
31.166.106.12:50138
31.166.106.12:54792
31.166.106.12:55121
31.166.106.12:554
31.166.106.12:55553
31.166.106.12:55696
31.166.106.12:5671
31.166.106.12:5672
31.166.106.12:58603
31.166.106.12:5915
31.166.106.12:59472
31.166.106.12:59936
31.166.106.12:6007
31.166.106.12:60676
31.166.106.12:63942
31.166.106.12:6443
31.166.106.12:6699
31.166.106.12:6881
31.166.106.12:7070
31.166.106.12:7425
31.166.106.12:7681
31.166.106.12:80
31.166.106.12:8080
31.166.106.12:8081
31.166.106.12:8085
31.166.106.12:8088
31.166.106.12:8090
31.58.158.92:80
34.93.33.26:8080
36.50.233.24:60002
37.114.63.40:4782
37.114.63.40:8000
37.139.130.66:4782
37.5.240.161:4782
37.65.34.2:4782
37.66.195.181:4782
39.105.31.193:50050
40.76.113.240:443
40.81.26.134:6699
41.200.100.183:4444
41.216.183.179:3742
42.116.59.138:8080
42.118.180.168:8888
42.118.180.174:8888
42.118.180.182:8888
43.156.249.97:6000
43.225.157.168:443
45.11.57.153:4782
45.11.57.220:4782
45.12.134.181:8080
45.12.141.149:81
45.131.108.110:4782
45.136.14.68:6666
45.136.51.217:5173
45.137.201.24:8000
45.138.16.206:53
45.145.41.216:4782
45.146.254.58:4782
45.149.241.16:1337
45.149.241.16:443
45.151.153.17:8888
45.154.98.175:4782
45.155.76.210:4444
45.158.8.240:5552
45.164.125.139:7171
45.202.32.36:1111
45.32.124.13:4782
45.61.140.75:7812
45.74.8.132:4782
45.83.244.141:4782
45.87.154.103:4782
45.87.154.103:5552
45.88.186.152:4782
45.88.91.227:3000
46.183.220.18:42228
46.74.133.208:3510
46.74.204.117:3510
47.121.120.18:4782
47.17.64.199:5555
47.76.214.226:8443
49.12.206.241:6000
5.178.111.227:1604
5.188.206.134:5850
5.252.74.51:1337
5.253.18.67:3618
5.253.246.44:4782
5.45.86.13:5173
51.81.46.71:4782
51.89.204.80:4782
54.179.92.3:443
54.232.181.172:20545
57.128.134.229:4782
58.186.113.138:8888
58.186.113.141:8888
58.186.168.187:8888
61.128.248.118:9050
62.109.58.86:3306
62.60.153.191:5555
62.60.226.176:443
62.60.226.176:80
64.176.207.86:4782
64.44.167.120:4444
64.52.80.12:25565
64.95.11.214:4782
65.108.200.214:4
65.109.133.207:2555
66.135.12.255:50050
66.70.238.102:8080
66.70.250.120:22
68.129.122.43:7000
68.235.46.116:4782
69.117.111.109:4782
69.166.65.136:4480
71.19.210.150:8080
73.237.81.57:8080
75.134.200.134:9898
75.139.55.97:4782
75.49.120.132:32419
77.20.0.8:4782
77.255.231.15:8080
77.255.38.44:4444
77.79.6.57:4782
77.95.201.55:5000
78.51.140.123:4782
78.80.66.68:4782
79.185.109.198:4782
79.198.171.227:4785
79.250.134.50:9215
79.32.224.230:8484
8.134.74.227:443
80.76.49.162:1000
81.161.238.80:4444
81.226.66.92:25565
81.230.52.105:25565
82.26.74.124:8000
82.28.215.154:4445
82.65.242.204:5000
82.8.90.170:6606
83.106.157.111:4782
83.147.53.67:8808
83.196.195.34:2408
84.234.19.36:4782
84.247.189.255:4782
84.56.253.202:4444
84.67.89.127:4782
85.192.29.60:222
85.192.29.60:2222
85.192.29.60:5173
85.192.29.60:5850
85.240.64.119:4782
86.124.24.8:10084
86.124.24.8:10258
86.124.24.8:11829
86.124.24.8:1194
86.124.24.8:13013
86.124.24.8:14036
86.124.24.8:1433
86.124.24.8:1491
86.124.24.8:15745
86.124.24.8:16
86.124.24.8:18245
86.124.24.8:18604
86.124.24.8:19599
86.124.24.8:2078
86.124.24.8:21
86.124.24.8:2706
86.124.24.8:2762
86.124.24.8:28147
86.124.24.8:29632
86.124.24.8:32400
86.124.24.8:32671
86.124.24.8:3299
86.124.24.8:3390
86.124.24.8:34668
86.124.24.8:36682
86.124.24.8:39052
86.124.24.8:39132
86.124.24.8:4072
86.124.24.8:42286
86.124.24.8:43656
86.124.24.8:443
86.124.24.8:49152
86.124.24.8:500
86.124.24.8:5000
86.124.24.8:5006
86.124.24.8:50995
86.124.24.8:51200
86.124.24.8:53189
86.124.24.8:56454
86.124.24.8:5671
86.124.24.8:60000
86.124.24.8:6009
86.124.24.8:627
86.124.24.8:6362
86.124.24.8:64149
86.124.24.8:6544
86.124.24.8:80
86.124.24.8:82
86.124.24.8:8443
86.124.24.8:8545
86.124.24.8:9201
86.124.24.8:995
86.124.25.159:10894
86.124.25.159:1311
86.124.25.159:16433
86.124.25.159:43220
86.124.25.159:54750
86.124.25.159:6697
86.124.25.159:8888
86.124.25.57:10000
86.124.25.57:10250
86.124.25.57:10911
86.124.25.57:119
86.124.25.57:12938
86.124.25.57:13014
86.124.25.57:15443
86.124.25.57:16858
86.124.25.57:16993
86.124.25.57:1723
86.124.25.57:17309
86.124.25.57:17512
86.124.25.57:20256
86.124.25.57:2079
86.124.25.57:21012
86.124.25.57:2404
86.124.25.57:24181
86.124.25.57:25309
86.124.25.57:25569
86.124.25.57:26257
86.124.25.57:28658
86.124.25.57:30005
86.124.25.57:3001
86.124.25.57:32048
86.124.25.57:33585
86.124.25.57:33849
86.124.25.57:3389
86.124.25.57:37777
86.124.25.57:40000
86.124.25.57:40529
86.124.25.57:41112
86.124.25.57:42494
86.124.25.57:46529
86.124.25.57:50001
86.124.25.57:5001
86.124.25.57:5060
86.124.25.57:52200
86.124.25.57:53863
86.124.25.57:55325
86.124.25.57:55553
86.124.25.57:58899
86.124.25.57:5900
86.124.25.57:5986
86.124.25.57:60567
86.124.25.57:6443
86.124.25.57:7071
86.124.25.57:7473
86.124.25.57:7548
86.124.25.57:80
86.124.25.57:8010
86.124.25.57:8089
86.124.25.57:8099
86.124.25.57:8139
86.124.25.57:8140
86.124.25.57:830
86.124.25.57:831
86.124.25.57:833
86.124.25.57:8389
86.124.25.57:8443
86.124.25.57:8877
86.124.25.57:8880
86.124.25.57:9001
86.124.25.57:9020
86.124.25.57:9091
86.124.25.57:9142
86.124.25.57:9398
86.124.25.57:9443
86.124.25.57:9898
86.124.26.185:1024
86.124.26.185:17932
86.124.26.185:48454
86.124.26.185:8834
86.124.26.62:1244
86.124.26.62:25565
86.124.29.154:14265
86.124.29.154:1961
86.124.29.154:2
86.124.29.154:2083
86.124.29.154:2443
86.124.29.154:45879
86.124.29.154:5
86.124.29.154:502
86.124.29.154:55187
86.124.29.154:8020
86.124.29.154:8389
86.124.29.154:8880
86.124.29.154:9200
86.252.134.168:4782
86.38.225.82:4782
86.92.48.225:4782
87.228.57.81:4782
88.165.128.145:20000
88.169.103.131:4782
88.214.57.220:4782
88.243.27.9:5000
88.80.148.30:1604
89.23.99.112:4782
89.39.121.77:7777
90.116.79.184:4782
90.243.213.4:4782
91.148.239.59:4782
91.160.181.237:4782
91.163.205.232:4782
91.169.117.54:1604
91.228.168.105:8000
91.51.36.12:4847
91.51.36.43:4847
91.51.36.44:4847
91.51.36.45:4847
91.51.36.46:4847
91.51.36.47:4847
91.51.36.48:4847
91.51.36.54:4847
91.51.36.56:4847
91.51.36.65:4847
91.51.36.68:4847
91.51.36.76:4847
91.51.45.139:4782
91.51.46.90:4844
92.108.91.121:8808
92.43.74.96:4782
93.177.102.208:1337
94.154.35.78:7256
94.156.177.117:9792
94.156.177.171:4782
94.156.227.193:1351
94.156.227.210:8443
94.156.227.243:2525
94.247.42.205:3577
94.31.108.129:52427
95.163.84.250:8080
95.164.119.129:4782
95.28.241.155:25565
96.9.77.180:4782
97.120.177.38:8090
97.182.206.140:7331
98.218.3.74:4782
98.218.3.74:4800
98.66.234.157:8080
98.7.107.133:4782
abc248597df-25592.portmap.host
activities-hierarchy.gl.at.ply.gg
adidya354-21806.portmap.host
and-src.gl.at.ply.gg
anthonyngati.ddns.net
armorrat.ddns.net
arthurus36.duckdns.org
b.strongest.network
bayotam991-51100.portmap.host
bibusiowoifajowo-22225.portmap
blackhattr.ddnsfree.com
bots-30719.portmap.host
bricker33-42218.portmap.host
brolyx95.duckdns.org
butterflybourne.ddns.net
bz-fnd3.ydns.eu
bz-frnd1.ydns.eu
bz-mz.ydns.eu
cachedump.cachnetdotcom.com
can-jane.gl.at.ply.gg
case-drag.gl.at.ply.gg
cenawo2092-33838.portmap.host
chaarlie-44115.portmap.host
cheezeyballs.zapto.org
choose-inserted.gl.at.ply.gg
chris1212-43098.portmap.host
chris1212242-26290.portmap.io
code1.ydns.eu
coluich1220.duckdns.org
con00.duckdns.org
court-accept.gl.at.ply.gg
creditagricole.zapto.org
dragonbornwashere-43022.portmap.host
drkasdfhjvusdfau-62900.portmap.io
dsadasdsw-35353.portmap.host
ducksro.duckdns.org
dyno15-41078.portmap.host
ec2-13-52-115-166.us-west-1.compute.amazonaws.com
ef3243fsert34.ddns.net
epotiz-56104.portmap.host
everything-records.gl.at.ply.gg
fact-sole.gl.at.ply.gg
faggotry.ddns.net
fall-alberta.gl.at.ply.gg
federal-leon.gl.at.ply.gg
fenaaaas-53239.portmap.host
fishy4z-23483.portmap.io
folz1.duckdns.org
folz2.duckdns.org
folz3.duckdns.org
folz4.duckdns.org
folz5.duckdns.org
fonotib645-32542.portmap.host
fotisdouk-31684.portmap.io
free.svipss.top
freehosts.duckdns.org
friendly-cloud-33778.pktriot.net
friends-virginia.gl.at.ply.gg
games-travel.gl.at.ply.gg
gamingzone90-25909.portmap.io
ghostofleet-26978.portmap.host
ghostopbr2-31034.portmap.host
ghostx1337-37668.portmap.host
go-dramatically.gl.at.ply.gg
griskid-49933.portmap.host
hackcyf.eicp.net
hai1723.duckdns.org
hamditebz-51107.portmap.io
hapansystem.hopto.org
hellboydtc.ddnsfree.com
heyhey.camdvr.org
hiimbob.ddnsking.com
hojex31104-23437.portmap.host
hunterjohnson1282ks-58507.portmap.io
hxp7-48924.portmap.host
hydraware-54836.portmap.host
ilovecrack124-23286.portmap.host
image-nissan.gl.at.ply.gg
including-briefly.gl.at.ply.gg
ip72.ip-198-244-227.eu
itsbluebird-46411.portmap.host
itsbluebird-46672.portmap.host
janedoe.ydns.eu
jdidjnfjdjdmainbilandingviewse.ydns.eu
jogojo-51013.portmap.host
jordiek1d.ddns.net
journal-promotions.gl.at.ply.gg
jubilesystem.ddnsking.com
judicial.con-ip.com
juicewrldd-45011.portmap.host
jungsystem.zapto.org
jw447lzoe3-62995.portmap.host
kakamakasaka.duckdns.org
kazeku.ddns.net
kazeku.duckdns.org
kazeku.linkpc.net
kaziahlds-23371.portmap.io
kerlndawg-31838.portmap.host
lapah50300-21883.portmap.host
learning-exceptional.gl.at.ply.gg
lesillygoober-23934.portmap.host
letokik616-48803.portmap.io
levangiang2004-60241.portmap.io
lnk1man.pages.dev
looking-circus.gl.at.ply.gg
lorafic327-24080.portmap.host
loving-frost-51300.pktriot.net
mainplangndngrotobinpulseving.ydns.eu
manseurange-47473.portmap.io
marcellosdns.duckdns.org
marvint-21474.portmap.host
may-biol.gl.at.ply.gg
meming-28826.portmap.host
michiko.linkpc.net
mightyowl-40338.portmap.host
mike-reasoning.gl.at.ply.gg
mikeykarby-41864.portmap.host
minecraft.frslink.com
mmdrza.ddns.net
morelogs.thruhere.net
mosayjanobo-38048.portmap.host
movies-concerning.gl.at.ply.gg
ms-cdn-update.ru
must-directed.gl.at.ply.gg
nazyxz-53051.portmap.host
niggahunter-28633.portmap.io
notthesigma-40903.portmap.host
nukedrust-59850.portmap.host
o0p2e195m0-34052.portmap.host
obscureduser-22226.portmap.host
octothl.ddnsfree.com
officer-nec.gl.at.ply.gg
ogallah-38436.portmap.io
oj42315j346ng2134.myvnc.com
operates-vampire.with.playit.plus
orders-mins.gl.at.ply.gg
oxx.hopto.org
oz.waw.pl
p2link.483n.com
p8stolo-29468.portmap.host
page.jcarterdev.com
pawela827-35962.portmap.host
pepegajus-33332.portmap.host
physical-assessing.gl.at.ply.gg
plan-starsmerchant.gl.at.ply.gg
pluhohio-58857.portmap.host
plzuh242-27515.portmap.host
private123.duckdns.org
proxy-23784689475645.com
proxychain.3utilities.com
prxprodquasar.zapto.org
pumpcommunity.us
putix.ddns.net
qjas.duckdns.org
qrar.duckdns.org
quassar53-35543.portmap.host
quassar53-43603.portmap.host
rayanneaa-47070.portmap.host
rconn.ddns.net
rdtgtdrgfd-56277.portmap.host
recoxxx.work.gd
rency.ydns.eu
retardgotfucked-61176.portmap.host
rigoc45241-20031.portmap.host
rnyim-54-151-198-235.a.free.pinggy.link
sabaf-38910.portmap.host
salesmanpaypals-52908.portmap.io
scriptdagoat-42745.portmap.io
seller-bali.gl.at.ply.gg
service.bentleyalumni.com
sigmaboi22-33711.portmap.host
sigmaboy12.duckdns.org
sigmadm420-46661.portmap.host
sigmagyattohio69420-30849.portmap.host
silversot-56628.portmap.host
sixtyfivevsb.ydns.eu
skidderonthewaytoskid243-26149.portmap.host
smxcked-61833.portmap.host
smxckedem-46042.portmap.host
sohit13140-34151.portmap.host
sso.ms51sr63.ru
stains-38249.portmap.host
stains-57509.portmap.host
systcisd.ddnsking.com
thelightpower.info
things-therapist.gl.at.ply.gg
thirtyfive35.ydns.eu
thirtyfivev.crabdance.com
thirtyfivevs.crabdance.com
thought-moral.gl.at.ply.gg
three-comparative.gl.at.ply.gg
tickets-36440.portmap.host
tobixhere-32449.portmap.io
told-rain.gl.at.ply.gg
toolsbox.ydns.eu
tredwqasdgghnbvgtredsw.ydns.eu
two-counseling.gl.at.ply.gg
ubxn6j9dc.localto.net
usa-east.raptoreum.zone
ux9s-52414.portmap.host
vamshin-44474.portmap.host
vewifow477-24147.portmap.host
vonaxol8813-29999.portmap.host
wariti-61318.portmap.host
webidir878-46130.portmap.io
weeks-ranger.gl.at.ply.gg
wexodi1642-33696.portmap.host
wexos47815-61484.portmap.host
windwosenjoyer12-23053.portmap.host
wlukyy-30879.portmap.io
wlukyy-44469.portmap.host
wqo9.firewall-gateway.de
x75tjpwatl2uyunijiq6jwqhlar3j5fkpi5optv7tfreijbpylwnnbqd.onion
xakili2300-55564.portmap.host
xeidaniyeu-37344.portmap.host
xtriankasizion.ydns.eu
yellow-parts.gl.at.ply.gg
yeniceri99-24578.portmap.io
yivowas-34885.portmap.host
yuba.ydns.eu
zakariabenkirane.ddns.net
zirushsteal-25920.portmap.host

# Reference: https://x.com/skocherhan/status/1921668731521905030
# Reference: https://www.virustotal.com/gui/file/23f5ba640e741406c8ebd15566bb50ed4b7496b6d58f6ff261ad825680cb5033/detection

193.161.193.99:45166
193.161.193.99:51499
197.1.23.241:4782
asasc-45166.portmap.io
f0ghaail-51499.portmap.io
opfsys.ddns.net

# Reference: https://x.com/smica83/status/1922336959063601173
# Referencve: https://tria.ge/250513-vhej7axrw4/behavioral1

176.63.22.93:4782

# Reference: https://x.com/skocherhan/status/1922417392451297539
# Reference: https://www.virustotal.com/gui/file/0c28eb7a5971ae39142885fb30f006faca49e481c93c91fed37ea82faa0e07a8/detection

51.89.207.171:4782

# Reference: https://www.virustotal.com/gui/file/d934161f2d2f4ae2e57f1184229a9a67d4a1292b4a16f245778720ff9fea7381/detection
# Reference: https://www.virustotal.com/gui/file/97ee92d59c6dc0cd4ad87149ce5bb8e1f9c94640747feff3aa66925dc5a22f8e/detection
# Reference: https://www.virustotal.com/gui/file/78e4ef886190359e5dc1f29aa83ed6c99dd06f8f972f740d9884be524b3cd126/detection
# Reference: https://www.virustotal.com/gui/file/3ea76c45c861b37d86d28048ddcb18746461dff38dec3186a51e5e2df011b41f/detection
# Reference: https://www.virustotal.com/gui/file/132382d5fbc9a2e2361fe1154c71e78dfaf75063ca650a7c12955ac77a9bf63e/detection

128.90.108.136:9098
128.90.108.155:9098
128.90.108.7:9098
128.90.115.106:9098
128.90.115.131:9098
128.90.115.166:9098
141.101.168.68:9098
141.101.168.72:9098
192.121.245.181:9098
192.121.245.8:9098
46.243.249.68:9098
46.243.249.69:9098
ladrillos.linkpc.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2025-05-22)

http://143.244.39.10
http://160.178.210.175
http://194.110.13.85
http://41.143.171.44
http://45.88.91.182
http://91.228.186.56
105.156.224.14:10000
105.156.224.14:10250
105.156.224.14:103
105.156.224.14:10443
105.156.224.14:10761
105.156.224.14:10911
105.156.224.14:11300
105.156.224.14:12509
105.156.224.14:12746
105.156.224.14:1337
105.156.224.14:14591
105.156.224.14:1534
105.156.224.14:15443
105.156.224.14:16993
105.156.224.14:19161
105.156.224.14:1926
105.156.224.14:2
105.156.224.14:20183
105.156.224.14:2080
105.156.224.14:2083
105.156.224.14:2087
105.156.224.14:2116
105.156.224.14:2125
105.156.224.14:22054
105.156.224.14:22560
105.156.224.14:23037
105.156.224.14:2376
105.156.224.14:25255
105.156.224.14:26002
105.156.224.14:29885
105.156.224.14:3000
105.156.224.14:3001
105.156.224.14:30165
105.156.224.14:311
105.156.224.14:31337
105.156.224.14:31879
105.156.224.14:3260
105.156.224.14:32938
105.156.224.14:3494
105.156.224.14:36433
105.156.224.14:37781
105.156.224.14:3780
105.156.224.14:4064
105.156.224.14:43942
105.156.224.14:443
105.156.224.14:4433
105.156.224.14:444
105.156.224.14:4443
105.156.224.14:4444
105.156.224.14:47594
105.156.224.14:47662
105.156.224.14:47824
105.156.224.14:47990
105.156.224.14:47999
105.156.224.14:50001
105.156.224.14:5001
105.156.224.14:5006
105.156.224.14:51094
105.156.224.14:53226
105.156.224.14:5386
105.156.224.14:55396
105.156.224.14:55443
105.156.224.14:55553
105.156.224.14:55556
105.156.224.14:5628
105.156.224.14:56988
105.156.224.14:57916
105.156.224.14:58175
105.156.224.14:5980
105.156.224.14:5986
105.156.224.14:6001
105.156.224.14:60902
105.156.224.14:623
105.156.224.14:62732
105.156.224.14:63524
105.156.224.14:636
105.156.224.14:64101
105.156.224.14:6443
105.156.224.14:6697
105.156.224.14:7071
105.156.224.14:7443
105.156.224.14:752
105.156.224.14:7548
105.156.224.14:8009
105.156.224.14:8081
105.156.224.14:8083
105.156.224.14:8085
105.156.224.14:8089
105.156.224.14:8099
105.156.224.14:8139
105.156.224.14:8140
105.156.224.14:8181
105.156.224.14:8834
105.156.224.14:8880
105.156.224.14:8889
105.156.224.14:9000
105.156.224.14:9001
105.156.224.14:9002
105.156.224.14:9042
105.156.224.14:9091
105.156.224.14:9095
105.156.224.14:9201
105.156.224.14:9398
105.156.224.14:9443
105.156.224.14:9898
105.156.224.14:9943
105.158.173.211:10000
105.158.173.211:10259
105.158.173.211:10261
105.158.173.211:104
105.158.173.211:1099
105.158.173.211:110
105.158.173.211:113
105.158.173.211:1224
105.158.173.211:135
105.158.173.211:13587
105.158.173.211:14727
105.158.173.211:14919
105.158.173.211:16005
105.158.173.211:179
105.158.173.211:1801
105.158.173.211:18246
105.158.173.211:18333
105.158.173.211:18969
105.158.173.211:1913
105.158.173.211:1962
105.158.173.211:20001
105.158.173.211:20546
105.158.173.211:2079
105.158.173.211:2181
105.158.173.211:22222
105.158.173.211:2454
105.158.173.211:25665
105.158.173.211:2701
105.158.173.211:27017
105.158.173.211:27330
105.158.173.211:2762
105.158.173.211:29314
105.158.173.211:30001
105.158.173.211:32443
105.158.173.211:3306
105.158.173.211:33856
105.158.173.211:34028
105.158.173.211:35768
105.158.173.211:36281
105.158.173.211:37505
105.158.173.211:42594
105.158.173.211:427
105.158.173.211:43
105.158.173.211:43282
105.158.173.211:4433
105.158.173.211:4443
105.158.173.211:445
105.158.173.211:44691
105.158.173.211:44817
105.158.173.211:44818
105.158.173.211:45446
105.158.173.211:45459
105.158.173.211:465
105.158.173.211:46557
105.158.173.211:46853
105.158.173.211:47581
105.158.173.211:48414
105.158.173.211:49501
105.158.173.211:49629
105.158.173.211:50001
105.158.173.211:501
105.158.173.211:5061
105.158.173.211:50995
105.158.173.211:5136
105.158.173.211:5275
105.158.173.211:54308
105.158.173.211:55371
105.158.173.211:56326
105.158.173.211:56655
105.158.173.211:5672
105.158.173.211:56794
105.158.173.211:56998
105.158.173.211:57103
105.158.173.211:57415
105.158.173.211:58102
105.158.173.211:58603
105.158.173.211:5986
105.158.173.211:6005
105.158.173.211:6007
105.158.173.211:6008
105.158.173.211:60357
105.158.173.211:61616
105.158.173.211:623
105.158.173.211:62767
105.158.173.211:7000
105.158.173.211:7030
105.158.173.211:7170
105.158.173.211:7612
105.158.173.211:7897
105.158.173.211:8008
105.158.173.211:8020
105.158.173.211:8089
105.158.173.211:8443
105.158.173.211:8545
105.158.173.211:88
105.158.173.211:888
105.158.173.211:9201
105.158.173.211:9414
105.158.173.211:9601
107.150.0.72:9792
107.189.18.122:8080
109.120.137.57:4782
110.231.239.196:14782
123.21.32.1:9999
124.29.197.52:4782
13.60.236.237:7001
139.60.161.161:223
139.99.66.103:4782
142.147.97.184:1000
143.92.43.153:4786
147.185.221.28:26297
149.50.97.147:7855
150.241.93.127:4782
154.30.4.194:4782
159.75.73.180:4782
160.178.210.175:10000
160.178.210.175:10022
160.178.210.175:10258
160.178.210.175:10260
160.178.210.175:103
160.178.210.175:113
160.178.210.175:11412
160.178.210.175:1200
160.178.210.175:1292
160.178.210.175:13010
160.178.210.175:1311
160.178.210.175:14000
160.178.210.175:14128
160.178.210.175:16993
160.178.210.175:17069
160.178.210.175:17432
160.178.210.175:18245
160.178.210.175:18538
160.178.210.175:20001
160.178.210.175:2096
160.178.210.175:2403
160.178.210.175:24564
160.178.210.175:24926
160.178.210.175:27872
160.178.210.175:29257
160.178.210.175:30592
160.178.210.175:31977
160.178.210.175:32106
160.178.210.175:33083
160.178.210.175:33179
160.178.210.175:35681
160.178.210.175:37400
160.178.210.175:389
160.178.210.175:40842
160.178.210.175:41522
160.178.210.175:44212
160.178.210.175:4443
160.178.210.175:4444
160.178.210.175:44490
160.178.210.175:4527
160.178.210.175:45394
160.178.210.175:47187
160.178.210.175:4841
160.178.210.175:49586
160.178.210.175:49765
160.178.210.175:50203
160.178.210.175:50381
160.178.210.175:50614
160.178.210.175:5222
160.178.210.175:52338
160.178.210.175:52425
160.178.210.175:52555
160.178.210.175:53282
160.178.210.175:5334
160.178.210.175:56699
160.178.210.175:57016
160.178.210.175:57445
160.178.210.175:58000
160.178.210.175:58640
160.178.210.175:5986
160.178.210.175:6008
160.178.210.175:60639
160.178.210.175:6070
160.178.210.175:61450
160.178.210.175:63078
160.178.210.175:6369
160.178.210.175:7001
160.178.210.175:709
160.178.210.175:7173
160.178.210.175:8000
160.178.210.175:8013
160.178.210.175:8085
160.178.210.175:8088
160.178.210.175:8263
160.178.210.175:888
160.178.210.175:9200
160.178.210.175:9943
160.178.56.90:10649
160.178.56.90:1080
160.178.56.90:1098
160.178.56.90:110
160.178.56.90:11101
160.178.56.90:11211
160.178.56.90:11337
160.178.56.90:11461
160.178.56.90:1201
160.178.56.90:143
160.178.56.90:14649
160.178.56.90:16992
160.178.56.90:17281
160.178.56.90:18084
160.178.56.90:18244
160.178.56.90:18246
160.178.56.90:19200
160.178.56.90:20001
160.178.56.90:20256
160.178.56.90:2095
160.178.56.90:22000
160.178.56.90:2323
160.178.56.90:24929
160.178.56.90:28069
160.178.56.90:3000
160.178.56.90:3260
160.178.56.90:3299
160.178.56.90:36124
160.178.56.90:36197
160.178.56.90:4242
160.178.56.90:4343
160.178.56.90:44093
160.178.56.90:44819
160.178.56.90:46376
160.178.56.90:4730
160.178.56.90:4779
160.178.56.90:48678
160.178.56.90:49013
160.178.56.90:50995
160.178.56.90:51200
160.178.56.90:52200
160.178.56.90:5222
160.178.56.90:52489
160.178.56.90:52702
160.178.56.90:53700
160.178.56.90:56413
160.178.56.90:57421
160.178.56.90:5900
160.178.56.90:5901
160.178.56.90:5985
160.178.56.90:5993
160.178.56.90:60036
160.178.56.90:61616
160.178.56.90:62999
160.178.56.90:64429
160.178.56.90:64759
160.178.56.90:7001
160.178.56.90:7170
160.178.56.90:8081
160.178.56.90:8085
160.178.56.90:8089
160.178.56.90:82
160.178.56.90:83
160.178.56.90:8443
160.178.56.90:8752
160.178.56.90:8888
160.178.56.90:9300
160.178.56.90:9601
160.178.56.90:9731
160.179.165.39:10443
160.179.165.39:12468
160.179.165.39:1883
160.179.165.39:19729
160.179.165.39:2394
160.179.165.39:30628
160.179.165.39:41918
160.179.165.39:43746
160.179.165.39:47476
160.179.165.39:4841
160.179.165.39:50143
160.179.165.39:62635
160.179.165.39:9599
161.35.58.111:4782
171.22.28.66:443
174.61.118.194:4872
176.100.37.167:5164
176.100.37.167:6215
176.100.39.212:1111
176.126.103.171:4782
176.65.141.168:4782
176.65.142.44:7812
176.65.143.168:3535
177.103.63.129:5000
181.162.142.255:8080
185.209.223.87:8080
185.211.5.243:443
185.239.237.78:40120
185.248.12.79:9999
188.55.203.226:1337
192.121.246.166:443
192.121.246.220:443
193.151.108.40:7676
193.161.193.99:38594
193.41.226.231:4782
194.110.13.85:4782
194.59.30.50:4782
195.177.94.161:4782
195.177.94.65:4782
195.211.191.63:5938
196.206.67.187:10493
196.206.67.187:10585
196.206.67.187:11101
196.206.67.187:12000
196.206.67.187:14000
196.206.67.187:143
196.206.67.187:14887
196.206.67.187:15316
196.206.67.187:1671
196.206.67.187:16719
196.206.67.187:17297
196.206.67.187:17981
196.206.67.187:1826
196.206.67.187:1843
196.206.67.187:1962
196.206.67.187:2
196.206.67.187:20000
196.206.67.187:2003
196.206.67.187:20733
196.206.67.187:2077
196.206.67.187:2078
196.206.67.187:20947
196.206.67.187:2095
196.206.67.187:21
196.206.67.187:22254
196.206.67.187:2281
196.206.67.187:25322
196.206.67.187:25565
196.206.67.187:25642
196.206.67.187:28539
196.206.67.187:29130
196.206.67.187:29485
196.206.67.187:30005
196.206.67.187:32024
196.206.67.187:32920
196.206.67.187:33389
196.206.67.187:3389
196.206.67.187:34175
196.206.67.187:37345
196.206.67.187:37777
196.206.67.187:38751
196.206.67.187:39215
196.206.67.187:40221
196.206.67.187:40422
196.206.67.187:4064
196.206.67.187:40949
196.206.67.187:41362
196.206.67.187:41643
196.206.67.187:42400
196.206.67.187:42878
196.206.67.187:45620
196.206.67.187:45894
196.206.67.187:4730
196.206.67.187:47432
196.206.67.187:47981
196.206.67.187:4841
196.206.67.187:48547
196.206.67.187:4874
196.206.67.187:49339
196.206.67.187:49501
196.206.67.187:49502
196.206.67.187:501
196.206.67.187:51193
196.206.67.187:52878
196.206.67.187:53016
196.206.67.187:5351
196.206.67.187:5523
196.206.67.187:55913
196.206.67.187:5672
196.206.67.187:57175
196.206.67.187:58000
196.206.67.187:5900
196.206.67.187:5984
196.206.67.187:6002
196.206.67.187:63577
196.206.67.187:6362
196.206.67.187:64568
196.206.67.187:64693
196.206.67.187:64722
196.206.67.187:65217
196.206.67.187:6573
196.206.67.187:6667
196.206.67.187:6725
196.206.67.187:6861
196.206.67.187:7000
196.206.67.187:788
196.206.67.187:8517
196.206.67.187:9135
196.206.67.187:9200
196.206.67.187:9201
196.206.67.187:9242
196.206.67.187:9509
196.206.67.187:9516
196.206.67.187:9599
196.206.67.187:9600
196.251.80.135:443
196.64.213.21:10260
196.64.213.21:10748
196.64.213.21:15212
196.64.213.21:21162
196.64.213.21:2222
196.64.213.21:2423
196.64.213.21:29326
196.64.213.21:30576
196.64.213.21:32871
196.64.213.21:33245
196.64.213.21:37155
196.64.213.21:37904
196.64.213.21:39438
196.64.213.21:43940
196.64.213.21:4433
196.64.213.21:46590
196.64.213.21:49589
196.64.213.21:51168
196.64.213.21:53423
196.64.213.21:53612
196.64.213.21:5364
196.64.213.21:55717
196.64.213.21:61771
196.64.213.21:636
196.64.213.21:64675
196.64.213.21:790
196.64.213.21:8081
196.64.213.21:830
196.64.213.21:9142
196.64.215.136:10000
196.64.215.136:10250
196.64.215.136:10443
196.64.215.136:10649
196.64.215.136:10911
196.64.215.136:11573
196.64.215.136:1337
196.64.215.136:16993
196.64.215.136:17218
196.64.215.136:19062
196.64.215.136:1926
196.64.215.136:20593
196.64.215.136:20841
196.64.215.136:2087
196.64.215.136:23
196.64.215.136:2323
196.64.215.136:23522
196.64.215.136:33110
196.64.215.136:3790
196.64.215.136:4064
196.64.215.136:4433
196.64.215.136:4434
196.64.215.136:4443
196.64.215.136:45160
196.64.215.136:4612
196.64.215.136:47745
196.64.215.136:47990
196.64.215.136:5001
196.64.215.136:5006
196.64.215.136:51125
196.64.215.136:52563
196.64.215.136:55553
196.64.215.136:6001
196.64.215.136:62138
196.64.215.136:62602
196.64.215.136:63453
196.64.215.136:6362
196.64.215.136:6443
196.64.215.136:64477
196.64.215.136:7001
196.64.215.136:7548
196.64.215.136:7658
196.64.215.136:8080
196.64.215.136:8099
196.64.215.136:8443
196.64.215.136:8834
196.64.215.136:8880
196.64.215.136:8889
196.64.215.136:9000
196.64.215.136:9091
196.64.215.136:9443
198.55.98.119:8580
202.95.8.193:4782
202.95.8.202:4782
202.95.8.204:4782
206.119.179.44:443
212.53.231.176:4782
212.56.35.232:102
212.56.35.232:4
213.134.190.18:4782
213.152.161.162:28113
213.209.150.210:8883
23.94.99.5:5555
24.205.128.150:2005
24.96.73.177:8080
26.214.10.127:1604
26.214.10.127:4782
37.19.200.5:4782
38.222.25.194:777
41.143.171.44:10414
41.143.171.44:119
41.143.171.44:14265
41.143.171.44:1433
41.143.171.44:15814
41.143.171.44:16993
41.143.171.44:18082
41.143.171.44:18244
41.143.171.44:1911
41.143.171.44:19999
41.143.171.44:20001
41.143.171.44:20201
41.143.171.44:2087
41.143.171.44:21482
41.143.171.44:231
41.143.171.44:2404
41.143.171.44:2455
41.143.171.44:24813
41.143.171.44:25565
41.143.171.44:2761
41.143.171.44:28640
41.143.171.44:31842
41.143.171.44:32287
41.143.171.44:32965
41.143.171.44:33228
41.143.171.44:35055
41.143.171.44:37341
41.143.171.44:37681
41.143.171.44:37872
41.143.171.44:38504
41.143.171.44:40736
41.143.171.44:4101
41.143.171.44:41795
41.143.171.44:4242
41.143.171.44:427
41.143.171.44:44819
41.143.171.44:46993
41.143.171.44:4730
41.143.171.44:4839
41.143.171.44:4840
41.143.171.44:4841
41.143.171.44:49013
41.143.171.44:49152
41.143.171.44:49294
41.143.171.44:49502
41.143.171.44:49626
41.143.171.44:50580
41.143.171.44:50805
41.143.171.44:58440
41.143.171.44:58603
41.143.171.44:587
41.143.171.44:59006
41.143.171.44:591
41.143.171.44:5986
41.143.171.44:6001
41.143.171.44:6061
41.143.171.44:623
41.143.171.44:6443
41.143.171.44:6667
41.143.171.44:7001
41.143.171.44:7547
41.143.171.44:771
41.143.171.44:8000
41.143.171.44:8082
41.143.171.44:8085
41.143.171.44:81
41.143.171.44:830
41.143.171.44:832
41.143.171.44:833
41.143.171.44:8636
41.143.171.44:9042
41.143.171.44:990
41.143.197.85:10000
41.143.197.85:10244
41.143.197.85:10258
41.143.197.85:10656
41.143.197.85:1080
41.143.197.85:110
41.143.197.85:12065
41.143.197.85:13012
41.143.197.85:14081
41.143.197.85:17069
41.143.197.85:17777
41.143.197.85:1911
41.143.197.85:1913
41.143.197.85:19315
41.143.197.85:19959
41.143.197.85:2004
41.143.197.85:20547
41.143.197.85:2083
41.143.197.85:20870
41.143.197.85:2095
41.143.197.85:2096
41.143.197.85:21316
41.143.197.85:21449
41.143.197.85:21546
41.143.197.85:22475
41.143.197.85:2266
41.143.197.85:22908
41.143.197.85:2404
41.143.197.85:2443
41.143.197.85:2454
41.143.197.85:25
41.143.197.85:25806
41.143.197.85:29448
41.143.197.85:29652
41.143.197.85:29702
41.143.197.85:31819
41.143.197.85:3461
41.143.197.85:35494
41.143.197.85:38629
41.143.197.85:39673
41.143.197.85:42197
41.143.197.85:427
41.143.197.85:46864
41.143.197.85:4730
41.143.197.85:50001
41.143.197.85:50580
41.143.197.85:51005
41.143.197.85:54038
41.143.197.85:54642
41.143.197.85:554
41.143.197.85:57198
41.143.197.85:57311
41.143.197.85:57420
41.143.197.85:57660
41.143.197.85:58000
41.143.197.85:58459
41.143.197.85:587
41.143.197.85:59431
41.143.197.85:59879
41.143.197.85:6001
41.143.197.85:6003
41.143.197.85:62397
41.143.197.85:63629
41.143.197.85:64460
41.143.197.85:64657
41.143.197.85:6577
41.143.197.85:7748
41.143.197.85:8013
41.143.197.85:8159
41.143.197.85:88
41.143.197.85:9042
41.143.197.85:907
41.143.197.85:993
41.143.197.85:9999
41.143.200.243:10443
41.143.200.243:10909
41.143.200.243:11055
41.143.200.243:119
41.143.200.243:1201
41.143.200.243:12608
41.143.200.243:12984
41.143.200.243:14701
41.143.200.243:16360
41.143.200.243:16993
41.143.200.243:17238
41.143.200.243:18310
41.143.200.243:18811
41.143.200.243:1926
41.143.200.243:2
41.143.200.243:20080
41.143.200.243:2087
41.143.200.243:21556
41.143.200.243:22954
41.143.200.243:24400
41.143.200.243:25565
41.143.200.243:27153
41.143.200.243:28434
41.143.200.243:31225
41.143.200.243:3128
41.143.200.243:32941
41.143.200.243:33095
41.143.200.243:33840
41.143.200.243:3389
41.143.200.243:3390
41.143.200.243:34492
41.143.200.243:36153
41.143.200.243:38788
41.143.200.243:39313
41.143.200.243:39634
41.143.200.243:40000
41.143.200.243:40615
41.143.200.243:43204
41.143.200.243:43645
41.143.200.243:4434
41.143.200.243:44657
41.143.200.243:44819
41.143.200.243:46202
41.143.200.243:46259
41.143.200.243:46704
41.143.200.243:46857
41.143.200.243:47228
41.143.200.243:47990
41.143.200.243:48213
41.143.200.243:4839
41.143.200.243:4841
41.143.200.243:5000
41.143.200.243:5001
41.143.200.243:5006
41.143.200.243:50621
41.143.200.243:50995
41.143.200.243:51776
41.143.200.243:53747
41.143.200.243:5556
41.143.200.243:58083
41.143.200.243:5903
41.143.200.243:5985
41.143.200.243:5986
41.143.200.243:6000
41.143.200.243:60000
41.143.200.243:62658
41.143.200.243:63612
41.143.200.243:6443
41.143.200.243:65524
41.143.200.243:7443
41.143.200.243:7548
41.143.200.243:8122
41.143.200.243:8139
41.143.200.243:8443
41.143.200.243:8636
41.143.200.243:8883
41.143.200.243:9002
41.143.200.243:9091
41.143.200.243:9095
41.143.200.243:929
41.143.200.243:9443
41.143.200.243:9898
45.144.212.170:5938
45.207.58.126:443
45.61.165.249:4782
45.61.169.197:30
45.80.158.239:5939
45.94.31.17:4782
45.94.4.239:1338
46.247.109.117:22
46.247.109.117:25565
47.119.157.245:9999
47.76.241.49:4782
47.92.222.219:33251
48.210.87.192:4782
51.89.115.254:443
51.91.251.234:4782
62.146.224.126:443
62.60.245.177:4782
74.128.84.83:4782
78.194.228.18:4782
79.110.49.229:7001
80.76.49.30:3535
82.29.100.144:39003
82.29.100.144:4782
86.38.247.78:8080
87.78.131.89:13832
88.198.50.169:7201
93.127.134.96:4782
94.26.90.81:8883
95.104.60.98:4782
1234123412341234-22246.portmap.io
agents-frequencies.gl.at.ply.gg
alexnikolov-51855.portmap.io
api.e2ee.tel
baby-mentor.gl.at.ply.gg
badass3456-45555.portmap.host
care-concentrations.gl.at.ply.gg
dagodnox.ddns.net
darwin151-20572.portmap.io
ddffg-44531.portmap.io
e60ec1657863c38b65e813d3e5822d46.serveo.net
egirlcam.com
elhombre3176-56154.portmap.io
features-pray.gl.at.ply.gg
football987654321-55635.portmap.io
frankusd.ydns.eu
gentlehack.ddns.net
gold-camcorder.gl.at.ply.gg
gregory1231-38890.portmap.io
gregorynigaa-26480.portmap.io
harbingerofdeath-46635.portmap.io
haroborobo971-30110.portmap.host
hellowashere253-53654.portmap.io
huy1612-24727.portmap.io
huy1612-37436.portmap.io
impala701-47727.portmap.host
imthecoolestboy123-49236.portmap.io
irc.xinxin.cam
jocofaw961-45340.portmap.host
linda991.mywire.org
link-from.gl.at.ply.gg
mark-kay.gl.at.ply.gg
mjoatboating.ydns.eu
mongrel38-43817.portmap.host
niggerkiller69.duckdns.org
offered-poland.gl.at.ply.gg
oratik.ddns.net
pearlharbor953-54421.portmap.host
possible-cables.gl.at.ply.gg
qasar1993.ddns.net
qrpn9be.localto.net
rajaroos817.mooo.com
rawcostura80-56041.portmap.io
richieetzx-58247.portmap.io
ripgodda6262-38685.portmap.io
samrat4-56907.portmap.io
schoollibrary321.ddns.net
seems-temperatures.gl.at.ply.gg
shirosensei2486-37140.portmap.host
skid2424-64687.portmap.io
slotmode1234567-24753.portmap.io
snezze-61950.portmap.io
songs-acid.gl.at.ply.gg
soundcloudxyinialol14881.duckdns.org
specific-ibm.gl.at.ply.gg
st-victor.gl.at.ply.gg
start-semi.gl.at.ply.gg
student-priorities.gl.at.ply.gg
thread-arena.gl.at.ply.gg
training-disease.gl.at.ply.gg
uckpfgn7dl-45126.portmap.io
views-processed.gl.at.ply.gg
xenqxd-42269.portmap.host
xinxin.cam
yhhhh111-28295.portmap.io
yingding24-44441.portmap.io
zerkbtw12-42777.portmap.io
zuckkyrabi198-60433.portmap.io
zyra-53534.portmap.io
zzzttv.ydns.eu

# Reference: https://x.com/suyog41/status/1926867873424646540
# Reference: https://www.virustotal.com/gui/file/35cad4ea0ccbc07de133969e571050d60727835f65bab3a67c68f66a0095a7a5/detection

192.169.69.26:34782
196.251.116.250:34782

# Reference: https://dti.domaintools.com/venomrat/
# Reference: https://github.com/DomainTools/SecuritySnacks/blob/main/2025/VenomRAT-Malware-Campaign.csv

15.228.248.225:5552
157.20.182.72:4449
172.93.222.102:4449
185.208.159.121:6000
67.217.228.160:4449
94.141.123.234:4449
95.216.115.242:9090

# Reference: https://x.com/skocherhan/status/1927898744843895061
# Reference: https://www.virustotal.com/gui/file/89e198f7ac4732fbe563b1e3a395163e8e1e335aa6229948814dbd19b2244174/detection

31.57.156.104:4782
/hiwihqihiqihqwihweiqhiq/urban-couscous/
/hiwihqihiqihqwihweiqhiq/

# Reference: https://x.com/skocherhan/status/1930824634301067405
# Reference: https://www.virustotal.com/gui/file/f879f50e21830b34b77fd94a33b6c395b9837bb701a7f5e4dad2e9d287af9e72/detection
# Reference: https://www.virustotal.com/gui/file/b1de863b88a90542dc5352832ecde96c2af778c51ad914bb2665543c2287d7a9/detection
# Reference: https://www.virustotal.com/gui/file/140ca577ddcd48bcab17496629b86adf0024a7846f17e93bc26909f093fc90c1/detection
# Reference: https://www.virustotal.com/gui/file/08dca58df8cf985e61d3209cbfc99b8723d631b9259540d33a0d02e6e0956577/detection

76.105.113.103:4782
gigs.ddns.net

# Reference: https://x.com/skocherhan/status/1934736223953629483
# Reference: https://www.virustotal.com/gui/file/31ed63173b016ba429828d9d7a300e54facf1067139adcb93a7fd7671cacea35/detection
# Reference: https://www.virustotal.com/gui/file/693cd619e3343027e22a1f0362421d00dcce7465f75fc0697a9031b5f806009b/detection

193.104.222.3:4782
adobereader.ydns.eu
caleta.ydns.eu
framehost.ydns.eu
netframework.ydns.eu
numiotech.ddns.net
serviceshost.ydns.eu
stjlitek13.softether.net

# Reference: https://www.virustotal.com/gui/file/a9f3639f81e60ffed9a832a8aabc413a622cc7c3933e56e089b3e65382559fbc/detection

181.71.216.106:2020
quazarht.duckdns.org

# Reference: https://x.com/skocherhan/status/1935643003638477036

212.87.212.179:1985
bonaresupp.ddnsguru.com
craftmoold.ddnsguru.com
craftsgamer.4cloud.click
craftwor.mysynology.net
craftworld.dynuddns.net
dragons.4cloud.click
enterpriseup.ddnsguru.com
stremars.4cloud.click
strimarsgam.dynuddns.com
woriarcraft.4cloud.click

# Reference: https://www.virustotal.com/gui/file/c13187198fa1d97c158fdcff3ae443cd1d5692da1191beefd94ccce7ed15a9d4/detection

104.207.138.98:4782

# Reference: https://x.com/smica83/status/1941998036198007285
# Reference: https://www.virustotal.com/gui/file/41f058f6975d5ad2e79c319cda04ff47eb21a01802122971a7b947572e300edd/detection

91.151.89.158:4783
nobackmen.free.nf
/arquivo_11de16b0e89f49168e1ba4775bb2461b.txt

# Reference: https://x.com/blackorbird/status/1943536808438173973
# Reference: https://mp.weixin.qq.com/s/xn313WWNi7rln-WfwFgE5w

38.146.28.17:1005
38.146.27.237:1005

# Reference: https://threatfox.abuse.ch/browse/malware/win.quasar_rat/ (# 2025-07-13)

http://138.199.29.24
http://141.98.11.117
http://160.178.214.144
http://170.205.30.120
http://46.8.21.161
http://67.217.228.252
http://79.117.113.26
101.99.94.46:4782
102.182.124.151:8078
102.219.208.58:8090
102.219.208.80:8090
102.219.208.81:8090
102.219.208.82:8090
102.219.208.83:8090
102.219.210.196:8090
102.219.210.197:8090
102.219.210.198:8090
102.219.210.199:8090
102.219.210.200:8090
102.219.210.201:8090
102.219.210.203:8090
103.82.21.119:4782
104.223.102.61:4782
107.175.34.68:3370
107.220.107.200:4782
108.52.156.15:4782
109.120.139.248:4782
109.207.171.238:7000
109.71.252.10:4782
109.71.252.10:7777
110.54.136.143:4782
111.180.190.199:19198
118.174.212.139:8888
124.198.132.196:4782
124.220.63.47:4782
13.251.236.197:5000
132.232.234.223:4782
137.184.144.245:4782
138.199.28.251:4782
138.199.29.24:4782
138.68.79.95:8000
141.164.56.54:443
146.120.163.132:1194
146.70.215.60:4444
147.185.221.25:57181
147.185.221.27:57377
147.185.221.28:48622
147.185.221.28:51710
147.185.221.28:57096
147.185.221.28:57153
147.185.221.29:16901
147.185.221.29:18762
147.185.221.29:19627
147.185.221.29:21198
147.185.221.29:30983
147.185.221.29:33736
147.189.173.39:4782
149.22.227.64:1111
15.235.173.226:4781
150.241.68.93:4782
150.241.89.17:4782
151.177.61.79:4782
151.242.63.190:7000
151.242.63.239:3535
154.194.35.243:2004
154.222.24.62:1919
154.223.21.216:4782
154.29.148.19:443
155.138.226.4:2404
16.16.164.0:7003
160.178.214.144:10001
160.178.214.144:1024
160.178.214.144:11101
160.178.214.144:119
160.178.214.144:1200
160.178.214.144:1201
160.178.214.144:12912
160.178.214.144:1311
160.178.214.144:1390
160.178.214.144:1723
160.178.214.144:17967
160.178.214.144:17995
160.178.214.144:20000
160.178.214.144:20547
160.178.214.144:20625
160.178.214.144:20741
160.178.214.144:2082
160.178.214.144:21
160.178.214.144:21583
160.178.214.144:222
160.178.214.144:2222
160.178.214.144:23769
160.178.214.144:2404
160.178.214.144:25683
160.178.214.144:2585
160.178.214.144:33837
160.178.214.144:35456
160.178.214.144:40000
160.178.214.144:41535
160.178.214.144:41553
160.178.214.144:4388
160.178.214.144:44818
160.178.214.144:46773
160.178.214.144:47001
160.178.214.144:48481
160.178.214.144:49152
160.178.214.144:49501
160.178.214.144:49502
160.178.214.144:5006
160.178.214.144:5222
160.178.214.144:52432
160.178.214.144:54415
160.178.214.144:56249
160.178.214.144:5671
160.178.214.144:5672
160.178.214.144:57455
160.178.214.144:587
160.178.214.144:5900
160.178.214.144:59470
160.178.214.144:6009
160.178.214.144:636
160.178.214.144:6379
160.178.214.144:6674
160.178.214.144:6697
160.178.214.144:789
160.178.214.144:790
160.178.214.144:8010
160.178.214.144:808
160.178.214.144:8088
160.178.214.144:8140
160.178.214.144:830
160.178.214.144:8315
160.178.214.144:8443
160.178.214.144:88
160.202.133.143:5232
160.202.133.143:5713
160.202.133.143:6343
160.22.106.113:65430
160.22.106.114:65430
160.22.106.74:65430
160.25.73.199:2404
162.120.186.101:8888
167.235.213.2:44783
167.99.187.240:1111
170.205.30.146:4885
171.1.1.1:6066
171.244.20.19:65430
172.111.131.226:4443
172.111.131.226:4785
172.111.131.227:4443
172.111.131.227:4785
172.111.131.228:4443
172.111.131.229:4443
172.86.75.181:4443
172.86.92.73:30
174.17.228.250:1606
176.160.157.96:8888
176.65.134.55:4780
176.65.134.55:4782
176.65.142.99:5052
177.60.19.72:5000
179.100.49.116:5000
179.61.132.213:8080
18.230.194.208:8080
181.162.129.226:8080
181.162.148.17:8080
181.162.155.7:8080
181.162.161.175:8080
181.162.165.34:8080
181.162.167.246:8080
181.162.174.69:8080
182.253.58.75:4782
185.121.233.71:4782
185.13.234.80:4782
185.165.242.29:4787
185.174.101.137:4782
185.19.85.183:4449
185.204.168.16:4782
185.241.208.96:4449
185.254.96.157:4782
185.254.97.125:4221
185.55.240.111:4782
185.72.199.101:1717
185.72.199.103:1717
185.72.199.108:1717
185.72.199.115:1717
185.72.199.116:1717
185.72.199.68:1717
185.72.199.72:1717
185.72.199.77:1717
185.72.199.80:1717
185.72.199.83:1717
185.72.199.90:1717
185.81.158.14:50000
186.84.246.201:4782
188.93.233.232:4444
189.159.169.216:4782
189.177.111.253:1099
189.177.111.253:4444
189.177.111.253:4465
189.177.111.253:790
189.177.111.253:808
189.177.111.253:990
190.164.101.227:25565
190.206.72.74:443
191.19.128.190:5000
191.193.183.204:5000
191.254.169.97:5000
192.110.13.85:4782
192.159.99.145:4782
193.161.193.99:47221
193.161.193.99:47228
193.161.193.99:48532
193.161.193.99:53895
193.161.193.99:60594
193.161.193.99:61980
193.23.216.36:9999
193.242.208.53:443
193.26.115.21:6969
193.56.28.121:5431
194.146.38.48:4782
194.26.192.145:4782
194.26.192.233:4781
194.37.81.104:4782
194.59.31.208:8080
194.59.31.36:2232
194.87.31.200:29285
195.177.94.101:4782
195.177.94.244:7001
195.177.97.101:4782
196.251.116.252:4449
196.251.118.120:4787
196.251.118.72:4444
196.251.69.127:4783
196.251.69.82:4782
196.251.69.82:4784
196.251.80.125:4782
196.251.83.245:4847
196.251.86.58:4782
196.64.212.113:101
196.64.212.113:10259
196.64.212.113:10307
196.64.212.113:11102
196.64.212.113:11103
196.64.212.113:1201
196.64.212.113:1224
196.64.212.113:12631
196.64.212.113:14639
196.64.212.113:16146
196.64.212.113:16342
196.64.212.113:16381
196.64.212.113:16993
196.64.212.113:18132
196.64.212.113:18246
196.64.212.113:1911
196.64.212.113:19411
196.64.212.113:1962
196.64.212.113:1963
196.64.212.113:1965
196.64.212.113:19999
196.64.212.113:2
196.64.212.113:2159
196.64.212.113:22043
196.64.212.113:2222
196.64.212.113:2454
196.64.212.113:25143
196.64.212.113:26697
196.64.212.113:2771
196.64.212.113:29452
196.64.212.113:29837
196.64.212.113:30396
196.64.212.113:30835
196.64.212.113:30909
196.64.212.113:3128
196.64.212.113:32588
196.64.212.113:3299
196.64.212.113:33693
196.64.212.113:34324
196.64.212.113:37501
196.64.212.113:39010
196.64.212.113:40272
196.64.212.113:41308
196.64.212.113:41610
196.64.212.113:42569
196.64.212.113:427
196.64.212.113:43503
196.64.212.113:43514
196.64.212.113:43748
196.64.212.113:443
196.64.212.113:44817
196.64.212.113:46013
196.64.212.113:465
196.64.212.113:4658
196.64.212.113:47581
196.64.212.113:47889
196.64.212.113:4839
196.64.212.113:4840
196.64.212.113:49502
196.64.212.113:5000
196.64.212.113:5060
196.64.212.113:50953
196.64.212.113:51678
196.64.212.113:51811
196.64.212.113:51889
196.64.212.113:52577
196.64.212.113:53291
196.64.212.113:58226
196.64.212.113:58582
196.64.212.113:58584
196.64.212.113:59146
196.64.212.113:5986
196.64.212.113:60177
196.64.212.113:631
196.64.212.113:63281
196.64.212.113:64197
196.64.212.113:64283
196.64.212.113:6443
196.64.212.113:64805
196.64.212.113:6513
196.64.212.113:65220
196.64.212.113:6697
196.64.212.113:7071
196.64.212.113:8000
196.64.212.113:8080
196.64.212.113:8081
196.64.212.113:82
196.64.212.113:8234
196.64.212.113:8538
196.64.212.113:9042
196.64.212.113:9201
196.64.212.113:9599
196.64.212.113:9601
196.64.212.113:993
196.64.212.113:995
2.58.56.128:6969
20.107.53.25:25535
200.44.202.153:443
203.159.90.98:3330
205.234.144.127:4040
208.91.189.7:5000
212.114.25.99:4782
212.56.54.233:4782
213.14.173.165:9999
213.142.157.63:1604
213.209.150.188:2106
213.21.237.96:4455
216.247.92.149:4782
217.154.27.75:8000
221.165.219.73:8888
222.253.153.168:4783
3.74.27.83:19275
3.80.189.98:8080
31.13.208.124:3333
31.208.113.6:8844
31.57.219.11:5938
31.57.219.133:5938
31.57.219.16:5938
31.57.219.20:5938
31.57.219.27:5938
31.57.219.29:5938
31.57.219.32:5938
31.57.219.36:5938
31.57.219.46:5938
31.57.219.48:5938
31.57.219.5:5938
31.57.38.63:1533
36.50.226.15:51712
37.167.131.118:4782
37.205.113.215:4782
37.205.114.99:4782
37.37.4.79:2222
41.143.203.137:10000
41.143.203.137:10261
41.143.203.137:10911
41.143.203.137:10967
41.143.203.137:1099
41.143.203.137:11000
41.143.203.137:11300
41.143.203.137:119
41.143.203.137:13110
41.143.203.137:1337
41.143.203.137:14086
41.143.203.137:14265
41.143.203.137:15103
41.143.203.137:15626
41.143.203.137:15697
41.143.203.137:17427
41.143.203.137:1746
41.143.203.137:17823
41.143.203.137:17944
41.143.203.137:18244
41.143.203.137:1926
41.143.203.137:1961
41.143.203.137:2079
41.143.203.137:2376
41.143.203.137:24463
41.143.203.137:2454
41.143.203.137:2455
41.143.203.137:25424
41.143.203.137:2557
41.143.203.137:27017
41.143.203.137:28080
41.143.203.137:29117
41.143.203.137:30291
41.143.203.137:30779
41.143.203.137:311
41.143.203.137:3128
41.143.203.137:31394
41.143.203.137:31903
41.143.203.137:32287
41.143.203.137:32659
41.143.203.137:33114
41.143.203.137:34176
41.143.203.137:34598
41.143.203.137:36167
41.143.203.137:37215
41.143.203.137:3790
41.143.203.137:38061
41.143.203.137:38888
41.143.203.137:40154
41.143.203.137:43565
41.143.203.137:43694
41.143.203.137:44094
41.143.203.137:44310
41.143.203.137:4433
41.143.203.137:4434
41.143.203.137:4443
41.143.203.137:4444
41.143.203.137:445
41.143.203.137:44818
41.143.203.137:45754
41.143.203.137:46106
41.143.203.137:46551
41.143.203.137:47375
41.143.203.137:47990
41.143.203.137:48752
41.143.203.137:48862
41.143.203.137:5006
41.143.203.137:50647
41.143.203.137:51144
41.143.203.137:51945
41.143.203.137:52215
41.143.203.137:53282
41.143.203.137:55553
41.143.203.137:57873
41.143.203.137:5938
41.143.203.137:5985
41.143.203.137:5986
41.143.203.137:60000
41.143.203.137:60236
41.143.203.137:6073
41.143.203.137:64139
41.143.203.137:64221
41.143.203.137:64345
41.143.203.137:6697
41.143.203.137:6796
41.143.203.137:7001
41.143.203.137:7071
41.143.203.137:725
41.143.203.137:7434
41.143.203.137:7443
41.143.203.137:7548
41.143.203.137:7867
41.143.203.137:8009
41.143.203.137:8085
41.143.203.137:8089
41.143.203.137:8099
41.143.203.137:8139
41.143.203.137:8140
41.143.203.137:8181
41.143.203.137:8443
41.143.203.137:88
41.143.203.137:8834
41.143.203.137:8883
41.143.203.137:9000
41.143.203.137:9001
41.143.203.137:9002
41.143.203.137:9090
41.143.203.137:9091
41.143.203.137:9443
41.143.203.137:9605
41.143.203.137:9898
41.143.203.137:993
41.143.203.137:9943
41.143.203.137:995
41.143.206.243:101
41.143.206.243:1024
41.143.206.243:103
41.143.206.243:10443
41.143.206.243:12029
41.143.206.243:12526
41.143.206.243:135
41.143.206.243:13845
41.143.206.243:14000
41.143.206.243:14189
41.143.206.243:1433
41.143.206.243:15274
41.143.206.243:16250
41.143.206.243:16992
41.143.206.243:176
41.143.206.243:18246
41.143.206.243:18286
41.143.206.243:1962
41.143.206.243:2004
41.143.206.243:20276
41.143.206.243:20546
41.143.206.243:20973
41.143.206.243:211
41.143.206.243:21387
41.143.206.243:23832
41.143.206.243:2405
41.143.206.243:26257
41.143.206.243:27245
41.143.206.243:30005
41.143.206.243:31881
41.143.206.243:3299
41.143.206.243:34169
41.143.206.243:34512
41.143.206.243:34813
41.143.206.243:37215
41.143.206.243:3881
41.143.206.243:43
41.143.206.243:43684
41.143.206.243:44819
41.143.206.243:44995
41.143.206.243:47291
41.143.206.243:48019
41.143.206.243:4839
41.143.206.243:4840
41.143.206.243:4841
41.143.206.243:49501
41.143.206.243:50805
41.143.206.243:51200
41.143.206.243:51866
41.143.206.243:52112
41.143.206.243:52200
41.143.206.243:5222
41.143.206.243:54053
41.143.206.243:56753
41.143.206.243:57364
41.143.206.243:57862
41.143.206.243:58305
41.143.206.243:58603
41.143.206.243:5901
41.143.206.243:5985
41.143.206.243:6004
41.143.206.243:6006
41.143.206.243:61841
41.143.206.243:631
41.143.206.243:636
41.143.206.243:64240
41.143.206.243:64361
41.143.206.243:64833
41.143.206.243:6513
41.143.206.243:6643
41.143.206.243:6774
41.143.206.243:7001
41.143.206.243:7184
41.143.206.243:7443
41.143.206.243:789
41.143.206.243:8080
41.143.206.243:8085
41.143.206.243:81
41.143.206.243:8379
41.143.206.243:888
41.143.206.243:8880
41.143.206.243:9200
41.143.207.121:10002
41.143.207.121:101
41.143.207.121:10261
41.143.207.121:11102
41.143.207.121:119
41.143.207.121:1200
41.143.207.121:12353
41.143.207.121:14541
41.143.207.121:1521
41.143.207.121:15539
41.143.207.121:18244
41.143.207.121:18246
41.143.207.121:20170
41.143.207.121:22503
41.143.207.121:2403
41.143.207.121:2405
41.143.207.121:2456
41.143.207.121:2628
41.143.207.121:26642
41.143.207.121:29132
41.143.207.121:2965
41.143.207.121:3000
41.143.207.121:30453
41.143.207.121:32754
41.143.207.121:39754
41.143.207.121:40701
41.143.207.121:41598
41.143.207.121:427
41.143.207.121:4443
41.143.207.121:45167
41.143.207.121:46725
41.143.207.121:4841
41.143.207.121:49382
41.143.207.121:50308
41.143.207.121:50600
41.143.207.121:52773
41.143.207.121:56103
41.143.207.121:57150
41.143.207.121:57469
41.143.207.121:58743
41.143.207.121:5985
41.143.207.121:5986
41.143.207.121:6177
41.143.207.121:63815
41.143.207.121:6513
41.143.207.121:6672
41.143.207.121:6697
41.143.207.121:6854
41.143.207.121:7001
41.143.207.121:8081
41.143.207.121:839
41.143.207.121:8689
41.143.207.121:8880
41.143.208.137:8181
41.143.208.137:8880
41.143.213.119:10000
41.143.213.119:10250
41.143.213.119:10261
41.143.213.119:103
41.143.213.119:10443
41.143.213.119:1080
41.143.213.119:10911
41.143.213.119:1099
41.143.213.119:1125
41.143.213.119:1244
41.143.213.119:14265
41.143.213.119:16992
41.143.213.119:1723
41.143.213.119:17777
41.143.213.119:1801
41.143.213.119:18385
41.143.213.119:1911
41.143.213.119:1913
41.143.213.119:19980
41.143.213.119:19999
41.143.213.119:2
41.143.213.119:20000
41.143.213.119:20546
41.143.213.119:20547
41.143.213.119:2096
41.143.213.119:21965
41.143.213.119:22
41.143.213.119:2375
41.143.213.119:2380
41.143.213.119:25565
41.143.213.119:26600
41.143.213.119:3001
41.143.213.119:30617
41.143.213.119:30871
41.143.213.119:31752
41.143.213.119:31770
41.143.213.119:3260
41.143.213.119:3299
41.143.213.119:33389
41.143.213.119:33923
41.143.213.119:36409
41.143.213.119:43933
41.143.213.119:4434
41.143.213.119:4443
41.143.213.119:4444
41.143.213.119:44817
41.143.213.119:44818
41.143.213.119:4567
41.143.213.119:45908
41.143.213.119:47167
41.143.213.119:49502
41.143.213.119:50539
41.143.213.119:5060
41.143.213.119:50995
41.143.213.119:53325
41.143.213.119:54451
41.143.213.119:55454
41.143.213.119:555
41.143.213.119:55553
41.143.213.119:58000
41.143.213.119:59073
41.143.213.119:60000
41.143.213.119:6001
41.143.213.119:6005
41.143.213.119:6007
41.143.213.119:60241
41.143.213.119:61059
41.143.213.119:6379
41.143.213.119:6443
41.143.213.119:64528
41.143.213.119:701
41.143.213.119:7434
41.143.213.119:7443
41.143.213.119:8009
41.143.213.119:8099
41.143.213.119:8159
41.143.213.119:8834
41.143.213.119:8889
41.143.213.119:9000
41.143.213.119:9091
41.143.213.119:9095
41.143.213.119:9301
41.143.213.119:9398
41.143.213.119:9477
41.143.213.119:9601
41.143.213.119:9943
41.143.213.119:9999
41.216.188.233:4782
41.216.188.71:3741
41.36.84.42:1339
43.155.26.33:10086
45.138.16.192:4782
45.138.16.34:4782
45.141.151.174:1604
45.141.215.237:443
45.153.22.11:2424
45.194.37.132:4782
45.77.58.225:4733
46.208.61.117:8000
46.247.108.161:5135
47.122.121.164:51712
5.252.153.200:54780
5.252.153.200:57480
5.252.155.119:4780
5.253.247.131:4782
5.42.65.97:4449
5.8.11.119:4782
51.194.138.115:4782
51.89.33.176:47842
65.108.47.113:4782
65.38.120.27:443
66.228.58.244:18950
66.63.187.164:8596
66.63.187.216:2222
67.205.154.243:35184
68.183.135.158:1660
68.183.135.158:2048
69.58.93.96:4782
71.175.176.100:4782
73.234.3.3:25565
73.62.14.5:4782
74.82.63.205:4782
77.110.117.36:8080
77.221.141.213:17300
77.3.245.210:4782
77.93.152.4:9548
78.108.216.225:4785
78.128.113.98:5850
78.70.235.238:4782
79.110.49.174:4782
79.133.57.108:4782
79.142.181.33:4782
8.153.205.30:1234
8.153.205.30:1919
8.156.68.94:29996
81.0.248.127:59741
81.254.145.114:4782
82.115.223.101:4782
83.10.59.195:4782
83.147.255.201:15900
83.233.39.201:8844
83.44.152.166:4782
85.215.194.143:4800
86.131.107.165:4782
86.82.149.162:4782
87.120.186.37:57480
87.120.84.39:54780
87.121.105.130:4782
89.10.178.51:4782
89.105.219.152:4444
89.39.121.31:55500
90.133.225.228:4782
90.197.151.188:4782
90.8.85.90:4785
91.220.163.103:443
91.99.142.220:25565
93.127.134.37:10020
94.143.231.171:4782
94.143.231.199:4782
94.156.114.219:55575
94.156.114.219:57480
94.156.115.95:4782
94.156.189.233:443
94.21.25.164:4782
94.31.68.162:4782
96.45.244.194:5129
1ms0rry-35873.portmap.io
63tefarz8.localto.net
accommodation-specialist.gl.at.ply.gg
actually-packets.gl.at.ply.gg
africa-manufacturing.gl.at.ply.gg
ajazvr01-46912.portmap.io
ak54.ru
alexkasa-53195.portmap.io
am164aa.kro.kr
ameh123-25268.portmap.io
anonam39-41248.portmap.io
anyukov-43802.portmap.io
app.youroboter.com
armorratdns.ddns.net
artists-drew.gl.at.ply.gg
as-hotmail.gl.at.ply.gg
asasas44-58548.portmap.io
asdasd23-23269.portmap.io
associated-bk.gl.at.ply.gg
aug-drain.gl.at.ply.gg
b-proper.gl.at.ply.gg
band-floppy.gl.at.ply.gg
beenpaidwoo-20559.portmap.host
bensassiperson.ddns.net
bhgvhhbscc-29573.portmap.io
big-expressed.gl.at.ply.gg
biseo-48321.portmap.host
body-hey.gl.at.ply.gg
brave.webredirect.org
brostoplookingformyc2-21003.portmap.io
care-reports.gl.at.ply.gg
catherinekey1965-28715.portmap.io
catherinekey1965-40831.portmap.io
ckfejrnet.airdns.org
clairos-34961.portmap.io
clairoz-57631.portmap.io
cloud.youroboter.com
college-directors.gl.at.ply.gg
commercial-phrase.gl.at.ply.gg
commercial-textiles.gl.at.ply.gg
compare-jennifer.gl.at.ply.gg
connectdadad.ddns.net
coolseagull-56786.portmap.io
darkarmteam-41484.portmap.io
de5.localto.net
degene000-47221.portmap.io
dewaw64518-23532.portmap.io
dez3452-33187.portmap.host
diddy1234-40020.portmap.io
dilin2345-47228.portmap.io
directly-bar.gl.at.ply.gg
done-gather.gl.at.ply.gg
downloadtech.duckdns.org
dugites-44896.portmap.io
enans-33358.portmap.io
engineering-ebay.gl.at.ply.gg
espinyskibidi-40205.portmap.host
ever-transparent.gl.at.ply.gg
evilc6604-54395.portmap.io
fall-islam.gl.at.ply.gg
faq-licence.gl.at.ply.gg
far-marine.gl.at.ply.gg
feed-option.gl.at.ply.gg
filelist.zapto.org
filter-load.gl.at.ply.gg
fkjnjujauha02.zapto.org
fully-expensive.gl.at.ply.gg
gazaru-21459.portmap.io
githubrdp-22467.portmap.io
goatdjdj-59021.portmap.io
gta5rppppp-61894.portmap.io
hall-semester.gl.at.ply.gg
hallo2222-49080.portmap.host
harunet.airdns.org
hawkloader.ddns.net
his-varied.gl.at.ply.gg
ideas-ks.gl.at.ply.gg
if-definition.gl.at.ply.gg
ilikefemboys1234-38334.portmap.io
iliketacos12341-30048.portmap.io
imhimlmai-61691.portmap.io
includes-whose.gl.at.ply.gg
jakkarin-53390.portmap.io
jamierose-42682.portmap.io
jefati5198-31022.portmap.io
jjk1241255325324523.duckdns.org
johncollins55-29335.portmap.io
joshdhenigg4-39140.portmap.host
joshuasmith-59211.portmap.io
kimsoylak.ddns.net
kind-bay.gl.at.ply.gg
kingso.ydns.eu
lemonybug-28505.portmap.io
let12345-61544.portmap.io
letsqooo-62766.portmap.host
liberator247.pagekite.me
lififi8273-50238.portmap.io
lines-flags.gl.at.ply.gg
long-importantly.gl.at.ply.gg
lulu06-51302.portmap.io
matrixshell-63771.portmap.io
maxim228hacker-58676.portmap.io
mega123232-51023.portmap.io
mexico-shopper.gl.at.ply.gg
microsoftdatacenter-57447.portmap.io
microsoftsys.ddns.net
mountsys.ddnsking.com
mouse.at.remote.it
mugu3.ydns.eu
multi-laid.gl.at.ply.gg
myhost5.ddns.net
netroxxx-60649.portmap.io
nickiwhickii-50455.portmap.io
niggazilla-64936.portmap.io
nisamann-52528.portmap.io
nulltraces-38627.portmap.io
nulltraces-62756.portmap.io
nyzzrat-64271.portmap.io
pablijm-25996.portmap.io
pablijm-38554.portmap.io
pablijm-38655.portmap.io
pacific-astronomy.gl.at.ply.gg
page-prostores.gl.at.ply.gg
party-murder.gl.at.ply.gg
pawsteam-48635.portmap.io
pbensoauptfouresdopsopsseead.ydns.eu
person-files.gl.at.ply.gg
population-wn.gl.at.ply.gg
port1.gleeze.com
port3.gleeze.com
port6.gleeze.com
portport.gleeze.com
pulsa2ndrdplogs.duckdns.org
pulsa2ndrdpview.duckdns.org
pulsar-tcp.at.remote.it
pulsaratlog.duckdns.org
pulsaratlogs.duckdns.org
qquasar.lnpntkd9vth0tup2.rest
qzrhost.webredirect.org
r.aartzz.pp.ua
ramsadaye-38594.portmap.io
ratforme.ddns.net
rating-vincent.gl.at.ply.gg
ratit.ddns.net
reader-chicken.gl.at.ply.gg
repair-oscar.gl.at.ply.gg
request-poems.gl.at.ply.gg
reserved-hp.gl.at.ply.gg
results-sand.gl.at.ply.gg
rockyqsr-22793.portmap.io
rockyx22.duckdns.org
rrfasdsa-27990.portmap.io
rule-covers.gl.at.ply.gg
s0ftw4r3-36752.portmap.io
s4ntiselac0m3-44679.portmap.io
sander123321-63281.portmap.io
selectbackup.ddns.net
sergei123323-34602.portmap.io
short-returning.gl.at.ply.gg
siembonik-44853.portmap.host
single-wordpress.gl.at.ply.gg
skeelo-26003.portmap.io
snezze-27701.portmap.io
spardra-59711.portmap.host
specter699-31351.portmap.io
starwors.bumbleshrimp.com
stores-replace.gl.at.ply.gg
subpulsaratlog.duckdns.org
svhost.mine.nu
syqkar3wt.localto.net
talktuahthehand-42154.portmap.io
talktuahthehand-51875.portmap.io
testing19892026-54453.portmap.io
testingworld.zapto.org
topgooner-21032.portmap.io
topgooner-56596.portmap.io
tpinauskas-54803.portmap.host
twobyoneset.ydns.eu
uid2024-24182.portmap.io
uid2024-24218.portmap.io
uid2024-28522.portmap.io
uid2024-48532.portmap.io
uid2024-49856.portmap.io
usr-smithsonian.gl.at.ply.gg
valeasy-25091.portmap.io
vaykhon.ddns.net
wd11.zapto.org
websiteorgek.duckdns.org
werdusj-35271.portmap.io
whosfart.zapto.org
wisedreams-53895.portmap.io
wizwormskiddoleakexpose-22797.portmap.io
xeilodaa-38185.portmap.io
xikhudog2.duckdns.org
yzs-42879.portmap.host
zzylos.ddns.net

# Reference: https://www.virustotal.com/gui/file/ac7ea415b31bc3335c2e80b3836e3064641632ccdd13221e27e245df385c9909/detection
# Reference: https://www.virustotal.com/gui/file/370d1bbc344a06420a84969a2ab9943e60a94b1bfc96053bf4fc6606773e670a/detection
# Reference: https://www.virustotal.com/gui/file/35f30c71911120ac4fcf58e8cda1d6b373b2978d8c7cb38ce82a37544b1c20ff/detection

134.255.234.40:4782

# Reference: https://x.com/BlinkzSec/status/1944990596478763252
# Reference: https://www.virustotal.com/gui/file/d0d45748b2c23a07885a6e0d225495e6800f9bc005a7dd60261881cae8b91583/detection

http://46.105.34.222
46.105.34.222:445
46.105.34.222:4781

# Reference: https://www.virustotal.com/gui/file/29cb81333a68014750ad292c9620b6242cb0cce51d2a9e8e64e6894e25bbcb54/detection

109.71.252.10:5050
parental-control.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c66c439cecc85c1c339f113fdd01c628bbb5342fc6e8e094c4f67144926b9695/detection

104.207.148.168:4646

# Reference: https://x.com/skocherhan/status/1950254961801220235
# Reference: https://www.virustotal.com/gui/file/eb2d4f06f70c03c8030d7af356761d129cda52bac9c097e5cd1e42eb30256a03/detection

88.214.58.8:4782

# Reference: https://x.com/smica83/status/1954436010378481851
# Reference: https://tria.ge/250810-hlk5xsslw2/behavioral1

217.156.123.93:4783
lovetoday.xo.je

# Reference: https://x.com/smica83/status/1954809516878434724
# Reference: https://tria.ge/250811-jaxj9ahm7s/behavioral1
# Reference: https://www.virustotal.com/gui/file/401228957d3c13eaacfdf3154bb0c1f146b59c3615cd40848a54a211a7e14f72/detection

smoke.infinityfree.me

# Reference: https://www.virustotal.com/gui/file/8ed4a5cdefbda5e0e0e41f1b5eac781f719eb68d8f2740da1bd9d79ecc418542/detection

88.232.52.237:81
88.232.61.24:81
lavern123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cd729aec172b3cc278f2610d9a0b9b3912d2cf72f6537a9c7529c7e9748f7b42/detection
# Reference: https://www.virustotal.com/gui/file/2b0ecb7c9c9e611d8ca58dcca226c2056d9dcc300e5c6ac78f9b09a1846459cc/detection

196.251.71.124:65420

# Reference: https://www.virustotal.com/gui/file/4be4ff1b1106e83da151f8929966bbf6bf225df4382baa0cf3b1d1fedcfe1dcb/detection

206.123.145.172:65420

# Reference: https://www.virustotal.com/gui/file/8d546ad096868b87ad9ae330ff7ae9ef8a6a031c62aa733139502d45a4ff97ef/detection

2.56.246.175:7688

# Reference: https://x.com/BlinkzSec/status/1968351293799567604
# Reference: https://tria.ge/250917-tmj5ssgm7v

185.208.158.56:4782

# Reference: https://www.virustotal.com/gui/file/6947dc1c5a2bc28eb7dc2ef49f3ee0b3565a22a9f4b4d5f1c6ce5e63387cf63d/detection

178.16.53.106:4449

# Reference: https://x.com/BlinkzSec/status/1970499648696786952
# Reference: https://www.virustotal.com/gui/file/dacfe9ed3965587d004295316b4f2f6834a917f06ae7cf3e0e94460502c6f537/detection

http://172.161.147.220
172.161.147.220:1605

# Reference: https://x.com/smica83/status/1972952506125996380
# Reference: https://x.com/skocherhan/status/1972993052785746077
# Reference: https://www.virustotal.com/gui/file/0efa757428b6626b689c005e472ca0f9faff67f070081de17ac3527ade3832b6/detection
# Reference: https://www.virustotal.com/gui/file/81cb30705e5091ab44795a12bb5c0cee8febab52bfdffd7ec1548bca8ee255a9/detection

2.59.132.228:4782
weednight.eu
node.weednight.eu
panel.weednight.eu

# Reference: https://x.com/BlinkzSec/status/1973069240505631225
# Reference: https://www.virustotal.com/gui/file/032937d641384a9ba29a750eae23157efdcc05ce1e4b43403b8787a72611f8dd/detection

http://45.81.113.220
45.81.113.220:1605
45.81.113.220:443

# Reference: https://www.virustotal.com/gui/file/8e4c4435a5262a614a2fd4297f44933de12628e958311a99c8befb3165663e60/detection

45.131.65.126:8090

# Reference: https://x.com/silascutler/status/1975546664526966791
# TITLE-IP=Login | RAT C2

13.60.9.53:8888
150.40.119.46:8000
150.40.119.46:8001
150.40.119.46:8081
172.94.95.46:8000
172.94.95.46:8001
172.94.95.46:8081
185.208.159.161:8000
185.208.159.161:8080
185.208.159.161:8081

# Generic

/venom_rat_seller
