# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: korat, lsslogger, remcosrat

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Remcos-G/detailed-analysis.aspx

remcos.legacyrealestateadvisors.net
remcos2.legacyrealestateadvisors.net

# Reference: https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html

dboynyz.pdns.cz
streetz.club
mdformo.ddns.net
mdformo1.ddns.net
vitlop.ddns.net
ns1.madeinserverwick.club
uploadtops.is
prince.jumpingcrab.com
timmason2.com
lenovoscanner.duckdns.org
lenovoscannertwo.duckdns.org
lenovoscannerone.duckdns.org
google.airdns.org
civita2.no-ip.biz
pimmas.com.tr
mervinsaat.com.tr
samurmakina.com.tr
paulocamarao.com
midatacreditoexperian.com.co
lebontour.com
businesslisting.igg.biz
unifscon.com

# Reference: https://twitter.com/MaelSecurity/status/1036551872008605696

test200.dynu.net

# Reference: https://twitter.com/ps66uk/status/1040576968750706689
# Reference: https://www.virustotal.com/#/ip-address/185.163.100.45

gclarke77.gotdns.ch
gclarke7.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1040620171692466176

yvonne.ddns.net

# Reference: https://twitter.com/avman1995/status/1040472512356855808

top.taijh.xyz

# Reference: https://twitter.com/Racco42/status/1040154199592509440

auxlorenagomez.ddns.net

# Reference: https://twitter.com/luc4m/status/1021670673247285248

worldwide.weldwire.top

# Reference: https://twitter.com/luc4m/status/1019948492947709953

gatewayglobal.strangled.net

# Reference: https://twitter.com/James_inthe_box/status/1018792273574678528

http://185.62.190.232

# Reference: https://twitter.com/ps66uk/status/1046900765493739520

menaxe.duckdns.org

# Reference: https://www.cyren.com/blog/articles/fake-invoice-carries-rescoms-malware-targeting-businesses-globally

infocolornido.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1051360120834265088

satan969.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1044204804354957312

ddns.njegidi888.xyz

# Reference: https://twitter.com/Racco42/status/1027883312252108800

2419.damnserver.com
2419.duckdns.org
2419.geekgalaxy.com
2419.health-carereform.com
2419.pgafan.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/James_inthe_box/status/939146342357536768/photo/1

gemalto788.ddns.net

# Reference: https://twitter.com/Racco42/status/1054384363524235264

eskimoz.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1102437794025295872

112.204.228.252:2323

# Reference: https://www.cert-pa.it/notizie/analisi-del-malware-remcos-veicolato-tramite-packer-delphi/

pekniecza.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1108949343074054144
# Reference: https://app.any.run/tasks/5e5404b2-4018-4da4-a6a3-19465fa7cc9c

185.244.29.73:6767

# Reference: https://twitter.com/malwrhunterteam/status/1111352801693782016

castelfable.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1104327117309968384

infosblogwar.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1098553609375993856

194.68.59.41:1956

# Reference: https://twitter.com/pollo290987/status/1083401581670875136

194.5.98.173:7081

# Reference: https://twitter.com/ps66uk/status/1062514051165704192

argonsa.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1060547624418168839

cjmoney.duckdns.org

# Reference: https://twitter.com/ps66uk/status/1049011930411794432

185.148.241.58:2442

# Reference: https://twitter.com/FewAtoms/status/1104355364391305216

196.127.74.118:2402

# Reference: https://twitter.com/Racco42/status/1088469487387664384

utchmann.bounceme.net

# Reference: https://twitter.com/pancak3lullz/status/1075888625261387777

info1.duckdns.org
185.244.30.126:5552

# Reference: https://twitter.com/James_inthe_box/status/1063118942095331328

449ers.ddns.net

# Reference: https://twitter.com/Jan0fficial/status/986580332135829506

remrem.onmypc.net

# Reference: https://twitter.com/Jan0fficial/status/975661898363559937

emilylatta411.servehttp.com

# Reference: https://twitter.com/ViriBack/status/971430374919122944

top.carolp1.xyz
185.62.189.72:1992

# Reference: https://twitter.com/pollo290987/status/963073970542129152

jerryemperror2.punkdns.top

# Reference: https://twitter.com/avman1995/status/960419643704913920

obereagu.ddns.net

# Reference: https://twitter.com/Antelox/status/884773449520095232

178.73.210.233:100

# Reference: https://twitter.com/makflwana/status/1104376804293263360
# Reference: https://app.any.run/tasks/8149d283-b550-4b31-9adf-4b4c85962e7d

juanbouyant.ddns.net

# Reference: https://twitter.com/x42x5a/status/1114133426708340736

prueba00223.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

triggerd.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1121754056517537792

winsec.ddns.net
46.246.86.67:2606

# Reference: https://twitter.com/dvk01uk/status/1123210727483957248
# Reference: https://app.any.run/tasks/0e57a079-57d4-4c2d-8e01-82d316ac2d55

ablegod.hopto.org
79.134.225.6:6691

# Reference: https://github.com/edchavarro/RAT_IoCs

lacoste587.lacoste587.agency
dsquared21.dsquared21.rocks
hugoboss01.hugoboss01.store
luisvuitton.luisvuitton.tech
supreme12.supreme12.recipes
automovil1.peugeot10.cc
comida2.kfc52.club
auto14.wolsvagen7.mobi
telefonia1.telcel75.asia
consola2.nintendo3.life
microsofteup.pdns.cz
lexusempresa.100chickens.me
mojarracompany.pdns.cz
camilo6541.pdns.cz
balvinnew.100chickens.me
mercadolibre.pdns.cz
ebayeup.pdns.cz
antonio6532.pdns.cz
daniel6536.pdns.cz
181.57.221.10:4450
181.57.221.10:4452
181.57.221.10:4851

# Reference: https://twitter.com/pancak3lullz/status/1009524847314194434

185.209.85.75:7921

# Reference: https://twitter.com/suyog41/status/1129322130078916608
# Reference: https://www.virustotal.com/gui/file/817e345ac4e63947b592e28774c71c4a01d7c0f2005324b028871e0dedd7c4ef/detection

bego.hopto.org

# Reference: https://twitter.com/HerbieZimmerman/status/1131977968950099968

185.244.31.137:6666

# Reference: https://twitter.com/James_inthe_box/status/1132292966062518272

manihackz.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1132294012100960257

amanihackz.ddns.net

# Reference: https://twitter.com/ffforward/status/1133631211337912320

mgc2.hopto.org

# Reference: https://twitter.com/dvk01uk/status/1133667461335801857
# Reference: https://app.any.run/tasks/5c919ea0-0f27-481a-af41-42057d090096/

185.244.31.137:6767

# Reference: https://twitter.com/dvk01uk/status/1134014391249252357
# Reference: https://app.any.run/tasks/8d26c7f7-70bc-40c7-bfe2-b664d555054b/

185.244.31.34:6868

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

darlz.freeddns.org
185.62.190.214:1695

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

13.250.1.111:1986
13.250.1.111:1992
194.67.209.128:1992
194.67.209.128:7707
216.38.8.168:1986
216.38.8.168:7707

# Reference: https://twitter.com/James_inthe_box/status/1139839056748011520

xcv87xcv7xc7sd5f67s5dxc67vxdsfwe342.publicvm.com

# Reference: https://twitter.com/James_inthe_box/status/1139881993607380993

stainlessplc.ddns.net
184.75.209.163:6799

# Reference: https://twitter.com/dvk01uk/status/1141314328362176512
# Reference: https://app.any.run/tasks/8f80f415-a02e-451b-9797-96a3d03c793d/

185.247.228.199:6868

# Reference: https://twitter.com/x42x5a/status/1142113259044179968

jaybaba2.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1142187271283548160

91.189.180.203:3480

# Reference: https://twitter.com/x42x5a/status/1142436174755192833

cemileorucs.ddns.net

# Reference: https://twitter.com/DbgShell/status/1143669818652069894

vubhijk.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1144186368483975168
# Reference: https://app.any.run/tasks/e5283183-af56-4628-bff3-b12572b43896/

185.247.228.99:1998
terrymamela.ddns.net

# Reference: https://twitter.com/reecdeep/status/1145646210398773249
# Reference: https://app.any.run/tasks/e89b3c70-50a6-421a-b639-299a918e147c/

jerryo.duckdns.org
185.247.228.236:8815

# Reference: https://pastebin.com/S4ggik78

du4alr0ute.sendsmtp.com

# Reference: https://twitter.com/killamjr/status/1154121304213094401

talkmess.dns-cloud.net

# Reference: https://twitter.com/Racco42/status/1157207083382652928

newrr.duckdns.org

# Reference: https://twitter.com/Racco42/status/1157242080932089856

191.101.150.90:2950

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Remcos-7089920-1)

abeasinf.duckdns.org
remsalvados2019.duckdns.org

# Reference: https://twitter.com/killamjr/status/1161983614197936128

185.244.31.32:2404

# Reference: https://twitter.com/James_inthe_box/status/1148692646942015488
# Reference: https://twitter.com/killamjr/status/1167454907676467201
# Reference: https://app.any.run/tasks/1c8c17b6-2628-4a06-8c2a-deb889e3e010/

185.244.31.96:3090
top.subaroone.waw.pl

# Reference: https://twitter.com/reecdeep/status/1163796233363906560
# Reference: https://app.any.run/tasks/e990631e-57b0-49db-b0b0-750dc33927dc/

185.244.31.26:6265
safer.ddns.net

# Reference: https://twitter.com/wwp96/status/1163788636036501504

evergraced.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1164517058672906241

daya4659.ddns.net

# Reference: https://twitter.com/killamjr/status/1165459331912888320
# Reference: https://app.any.run/tasks/211498a3-95a8-44ee-a87b-25cdac3d8edc/
# Reference: https://www.virustotal.com/gui/file/6b32d6a32540884c3fb1a195b32b02aec9dd06797c464dee1c02bbb6ee97ffd1/detection
# Reference: https://twitter.com/killamjr/status/1168575703656189952
# Reference: https://app.any.run/tasks/346f19a6-7cd8-4da7-b7ba-76651bc540f1/

193.56.28.241:4444
193.56.28.241:8888
23.105.131.202:8888
crackme.hopto.org
noface55.kozow.com

# Reference: https://twitter.com/oguzpamuk/status/1166293812714659841
# Reference: https://app.any.run/tasks/d069fcb1-1c81-4f87-97bc-d4afb40a06e7/
# Reference: https://twitter.com/Racco42/status/1168449724724084737

193.56.28.173:2404
95.216.17.186:2404
23.105.131.169:2404
rownip.3utilities.com
rownip.dyndnss.net
rownip.theworkpc.com

# Reference: https://twitter.com/ps66uk/status/1167016794260946944
# Reference: https://app.any.run/tasks/121e7cd1-6954-44be-a1b4-825c2615c11c/
# Reference: https://www.virustotal.com/gui/file/15b83a6155f1aba3acb68e4ecb475bb742790b82de364d1df4dd918a31f7872e/detection

79.134.225.48:3765
79.134.225.86:3765
79.134.225.87:3765
79.134.225.89:3765
remcoss.onmypc.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

du4alr0ute.sendsmtp.com
helloweenhagga.ddns.net
hhlari.ddns.net
moneybag123.ddns.net
revengerx111.sytes.net

# Reference: https://twitter.com/malware_traffic/status/1169050682386763776

37.19.193.217:2404
37.19.193.217:2405

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

charlesremcos.duckdns.org

# Reference: https://twitter.com/wwp96/status/1170314034564018180

uaeoffice999.warzonedns.com

# Reference: https://twitter.com/wwp96/status/1170332469960331266

66.154.113.142:2404
jkharding2014.myddns.rocks
tomharry.ddns.net

# Reference: https://twitter.com/wwp96/status/1170334923892371459
# Reference: https://app.any.run/tasks/e2340ee4-ba30-44ec-b748-1d625e65db63/

79.134.225.77:2019
gratefulheart.ddns.net

# Reference: https://twitter.com/wwp96/status/1171448440535973888
# Reference: https://app.any.run/tasks/fcbb836f-7ade-44f1-bbeb-9c7d9047fbe1/

185.4.29.140:24009
inf111.ddns.net
inf111.hopto.org

# Reference: https://twitter.com/luc4m/status/1171783171677065217

charstiago6.dynu.net

# Reference: https://twitter.com/DynamicAnalysis/status/1172221575376134144

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl

# Reference: https://twitter.com/dvk01uk/status/1176383495339483136

217.20.114.220:1010
myhousedubem.ddns.net

# Reference: https://twitter.com/VK_Intel/status/1176933671389081601

79.134.225.101:1188
sciano.duckdns.org

# Reference: https://twitter.com/Racco42/status/1179472593927200774
# Reference: https://twitter.com/Racco42/status/1179880257438003200
# Reference: https://www.virustotal.com/gui/ip-address/185.105.236.187/relations

185.105.236.187:5001
cepastr.ddns.net
manafuuh.ddns.net
teryts1802.sytes.net
updatechrome.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1179782506465366020

ulnews.duckdns.org

# Reference: https://twitter.com/Dashowl/status/1179833764651962369
# Reference: https://app.any.run/tasks/e38aa085-4cc2-43e6-befe-0b4d5caeb0b6/

204.152.219.70:5731
abundantgrace1.ddns.net

# Reference: https://app.any.run/tasks/9bfe4193-bfea-4523-be81-68953435e7b7/

181.215.247.18:2404

# Reference: https://twitter.com/MalwareConfig/status/1180886611602612224
# Reference: https://malwareconfig.com/config/daca573a51e9b080e2f3f6303611ee83

160.116.15.149:35364
henryofonyiri.ddns.net

# Reference: https://twitter.com/killamjr/status/1180968029858910209
# Reference: https://app.any.run/tasks/f9985b06-08a9-41dd-b2d4-d051e02f8c08/

137.116.73.45:2404
reneelauto.ddns.net

# Reference: https://twitter.com/teoseller/status/1179318648718188545
# Reference: https://www.virustotal.com/gui/file/550baa07a33c62d24636d672c5a0973dbb1babc8ddc75e434d316ece595296f6/detection

185.81.157.41:2404
santzo.warzonedns.com

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1795

# Reference: https://app.any.run/tasks/7634c4dc-dee9-41e0-a2c0-32b4ef3d1885/

213.184.126.134:1337

# Reference: https://twitter.com/P3pperP0tts/status/1181578274394251264
# Reference: https://www.hybrid-analysis.com/sample/47232b513efbd2c6fcd3dd1778aa00ca018710c8afd597d238ab1c94433747c4/5d9c9ed50288383e19febfe6

185.158.249.88:2404

# Reference: https://twitter.com/killamjr/status/1183421884794204160
# Reference: https://app.any.run/tasks/deed1a67-8d99-4e3c-9e87-5e63c39cb4c6/

top.intelprovidejordan.waw.pl

# Reference: https://github.com/edchavarro/RAT_IoCs/blob/master/README.md (# Remcos section)

181.57.204.130:4452
46.246.82.66:2000
bolso.gucci12.cc
celularmovil.huawei10.digital
consola2.nintendo3.life
consolajuego.nintendowii12.email
telefonia.claromovil1.work
tennis1.adidas3.tech

# Reference: https://any.run/report/613f437f01744740c4e96d84c970c51128929fcdaa1a9d7e31a1ee063bf49f8e/3ae8d7b9-9a47-4ac4-b564-96510dc901d7

185.217.1.173:2404
algheithcompany.duckdns.org

# Reference: https://twitter.com/smica83/status/1186542376355094529

91.189.180.214:7890

# Reference: https://twitter.com/killamjr/status/1188630140076658690
# Reference: https://app.any.run/tasks/a9de27e3-1bdc-43e9-8349-25bbe9c6cd90/

192.169.69.25:8077
redditmercy.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1189251481943363586
# Reference: https://pastebin.com/H5UqcHv1

37.19.193.217:2398
toptoptop2.online
toptoptop2.site
toptoptop3.online
toptoptop3.site

# Reference: https://twitter.com/James_inthe_box/status/1189202165161529344

79.134.225.95:4050
79.134.225.95:6080
mnx.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1189301538142990339
# Reference: https://app.any.run/tasks/a8a4f079-0296-41fa-bcb0-546a54db9e56/

109.202.103.170:8733
213.152.161.40:8733
213.152.162.89:8733
213.152.162.109:8733

# Reference: https://twitter.com/VK_Intel/status/1189602729498464257
# Reference: https://www.virustotal.com/gui/file/9235b1f5f9cc8efbf0ad96e4b48872a4043286fcdd182423746ed2e3700e1559/detection

79.134.225.20:2404
hobbotgy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1190072879242596352
# Reference: https://www.virustotal.com/gui/file/6e366fd065815118100c0a7fe8fa95208e87944b9dd4ce9df556c6d9f31151ec/detection

menaxe.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/d23189d4520692301d6a013f60d59972fb61fd4bc3f011693411b20e9bdbd1e6/detection

185.244.31.85:4050
menaxe212.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ddca5e1a4a9a4afd6663da5c05252d4150c8e271fbe28a81b3ae3af4cbca49c/detection

185.165.153.185:4050

# Reference: https://pastebin.com/29uSdMAk

sub.thebest1jewels.waw.pl

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.29/relations

79.134.225.29:3018
bzsoftwaress.hopto.org
faxjohn01.dyn.ddnss.de
londonchap.duckdns.org
samuelcity.ddns.net
top.citycentrejo.waw.pl
sub.winkcaffe.waw.pl

# Reference: https://twitter.com/killamjr/status/1191192709727506438

79.134.225.73:2404

# Reference: https://app.any.run/tasks/508a6b73-18b4-490e-a1f3-69341ba72512/

79.134.225.80:2404
clintonlog.hopto.org
joseph3m.ddns.net

# Reference: https://app.any.run/tasks/880d03b6-ed40-4688-a1ee-7f27e9873013/

91.189.180.214:7890

# Reference: https://twitter.com/malwrhunterteam/status/1060836685771087873

35.237.81.215:1604
fuckerswashere.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191790897714913281
# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/

91.193.75.51:4343

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/ip-address/179.33.152.127/relations

msipro2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191486608249368581
# Reference: https://app.any.run/tasks/4ca60fe6-eb65-48eb-8f80-eb28e19ecfa4/

79.134.225.11:5198
mpremx.duckdns.org

# Reference: https://twitter.com/wwp96/status/1191443761563353089
# Reference: https://app.any.run/tasks/bd34ac22-9167-4ae5-a91f-e5600e21e72f/

115.133.245.72:3908
115.133.245.72:4101
115.133.245.72:4421
ego9.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189778893298970624
# Reference: https://www.virustotal.com/gui/file/1511d64209925c818d7db8eb1d0229e54debbea0d2a60bba094a05edd8d76a1d/detection
# Reference: https://www.virustotal.com/gui/file/0634fc3acc43e1b3a357a28e4f0e20edac01ea07aa5de6e0373b8eb521bfd150/detection

194.5.97.96:22940
194.5.97.96:7493
lekwahouse.ddns.net
pirorityclient.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189761540251103232

82.112.40.135:1604

# Reference: https://twitter.com/VK_Intel/status/1194260473631428608
# Reference: https://twitter.com/VK_Intel/status/1194338499085778944
# Reference: https://www.virustotal.com/gui/file/73cd4a5fd5d4670ecfa8d3e1d64055b76373e7730e0f7947ae850dbf2ee41549/detection

194.5.97.119:1000
nanoprivv.duckdns.org
zotizieweb1.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196471158054494208
# Reference: https://app.any.run/tasks/66e92f07-3225-4d85-838f-cb3ccdbd90c8/

79.134.225.99:4387
respainc.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196491717572222977
# Reference: https://app.any.run/tasks/594a9510-e48a-4dd5-89ea-73fe6929c225/

185.140.53.168:5980

# Reference: https://www.virustotal.com/gui/file/db21285f8f62e182c6cb217073632a0c878c44e6b9d7dd2cf68df573391aa924/detection

154.16.93.170:8320
185.217.1.186:8320
217.79.184.12:8320
79.134.225.29:8320
faxjohn01.dyn.ddnss.de

# Reference: https://app.any.run/tasks/c735b356-3ad6-47b2-8db9-4b820fba23ce/

pharmalobster.duckdns.org

# Reference: https://app.any.run/tasks/1c7dc445-3d6f-4219-a2e1-afc99d3916a0/

rt.sexsweet.vip

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.105/relations
# Reference: https://www.virustotal.com/gui/file/331003b87d0c8194b40ca96740295c74a3695331e917a9d0511c62e6ffdd7e80/detection

79.134.225.105:3368
sub2.haircaresupertouch.waw.pl
top1.supertouchhaircare.waw.pl

# Reference: https://www.virustotal.com/gui/file/4a43fde440d91d130acd096114cfbe5e965100793f354297657d6595e2a4b941/detection

electroking444.hopto.org

# Reference: https://www.virustotal.com/gui/file/2478c6c90b6c4ecfc0a010b111bde48456898aba2946625784ecc083960f683a/detection

electroking444.ddns.net

# Reference: https://www.virustotal.com/gui/file/10c47670d9b565e7911364006e01fc545ef9b313bf5d230405f067b6a7795b50/detection

79.134.225.89:2501

# Reference: https://www.virustotal.com/gui/file/31022c5eb483f3b105050ab054e45541b206583996aec342b20fad359b1978ce/detection

199.195.250.222:6464
leebase.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/3692d98da1a9c209fe3f7789caa282a374eb39acde6d3b6690297773cd201c2a/detection

79.134.225.89:6464
filebase.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3121062c6478104325d7bdf59a08f9c416c2c8343ee4eb80829775c984a06310/detection

79.134.225.89:3369
fucktoto.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e0d19b6ddfce89c11868bd8afdcfb53fa8d8c7c17623d25d04065aac411b521/detection

79.134.225.89:32002
work1234.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Dropper.Remcos-7395733-0)
# Reference: https://www.virustotal.com/gui/ip-address/186.170.64.85/relations

186.170.64.85:2404
msipro2019.duckdns.org
nashpink2019.duckdns.org
proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

186.170.64.85:6404

# Reference: https://www.virustotal.com/gui/file/c382f97e5303ea6f171e7a1a1d1f305fa228dd368857d57035c70b7c1dbe4c2e/detection

161.18.215.40:6404
179.33.63.205:6404

# Reference: https://www.virustotal.com/gui/file/ec3c174d36d5f8faa784d42a6972406d5ad258b770a308027a0bea1bb04a2fa3/detection

186.170.70.152:3370

# Reference: https://www.virustotal.com/gui/file/a0f495716cd691031cef9c3e92aa0c19f6f97a1179a60518797f1fdb5e1d82f7/detection

79.134.225.90:6553

# Reference: https://www.virustotal.com/gui/file/bb81e35d7d90e9d2a97408c256c4a498d85cfd36568e85b631766d34a9182b57/detection

79.134.225.90:2404
graceofgod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d22fa075c100254780f36d4ece00b40fad5cad6c5be21e15ed929c99680b904/detection

79.134.225.90:24197
registerme.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/646178cbc5b2452e1f3ee34500f039ab15f1f4d81533e1abc7db290fe43a10e7/detection

79.134.225.90:54985
1338099.ddns.net
jaden222.kozow.com

# Reference: https://www.virustotal.com/gui/file/eb712d5bb30e21cac53acdac476e526371534827486ad228c592facad084d220/detection

79.134.225.90:7331
7331.duckdns.org

# Reference: https://www.virustotal.com/gui/file/04393c8b23e1742c3ca20a081739b7bb959274adc61f83158d0ef96ef575779e/detection

79.134.225.90:1720
jack2019.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/5689e69c5f46ab06f7b5b8d4aaaf235210ce6cf014fb3324c6d6c785ccb688c7/detection

79.134.225.90:5656

# Reference: https://www.virustotal.com/gui/file/330e409e8edbecfd1e3146c7dd09670e6d3364fb3f16ff0b2c129aea37b03e2f/detection

79.134.225.90:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/83c8a487ae867ea10107a1a6a93a5c1b6b54744a384338e166317049a53f97ec/detection

79.134.225.90:5355

# Reference: https://www.virustotal.com/gui/file/8bbfa7a830568b039465d6abf3c517422c94d3abfe6455410a1437430a48e2de/detection

64.42.179.59:33089
sdkljsdf89237487428974wrewrwrereerwerw.linkpc.net

# Reference: https://www.virustotal.com/gui/file/747cc60bf20b60daa1441457d74becb38f01564068d56e8eed000a1f9557d344/detection

199.249.230.22:33089

# Reference: https://www.virustotal.com/gui/file/da9f70611fc313108dfd69262954d2b926761528e20acda0593878ba0bd7a0ab/detection

198.203.28.43:33089

# Reference: https://www.virustotal.com/gui/file/60fc1a6f625150ec93ea5eb5cc91252542f15bd91dda6ea27d389b828a383061/detection

192.69.169.25:4864
abeasinf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/97571694c24fc14cfb658d7620d74c69ef42a78e2bad32ca047022b984edf922/detection

186.170.76.206:4864

# Reference: https://www.virustotal.com/gui/file/45f8ba1f2b1456f4192a0ac31b2788c18b957fdec9d94da8f3c3a581cf0e0591/detection

192.69.169.25:1626
wiskiriski15.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1daf168cc60d73346093932e5db44e055166da7e26c06e7fa7453ced43cffd42/detection

192.69.169.25:3864
pichicoyote.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060231c7729f65f39c1cc05fbe097d9c872dabd9391cc20eaf60c8d3c3cb0b5a/detection

79.134.225.80:3360

# Reference: https://www.virustotal.com/gui/file/e8a34e6e1db7c73ffea0618863c3d4ce31f3b32c4a16ec04b11460efb13a195e/detection

79.134.225.99:3360

# Reference: https://www.virustotal.com/gui/file/d96c1dc0ea3859660cd97e0f88b0cb0fab0a974ac0f07c7eadd45f48407a0224/detection

79.134.225.123:3360
79.134.225.125:3360

# Reference: https://www.virustotal.com/gui/file/1f6baac0b57ae8c9a3dfe83c6c4bf14ed0b00c785c333cfd905f3b403c036077/detection

79.134.225.122:3360
79.134.225.124:3360

# Reference: https://www.virustotal.com/gui/file/29bd4d55cb24fd04eabdc27eabcabe11f348ed1fc60b4c066af3be4c5eed869c/detection

185.165.153.113:3360
185.165.153.198:3360

# Reference: https://www.virustotal.com/gui/file/cc0f030f39bfc8c65c10bbcee2ce8679f313687dcce2ea8218e2a8fc8cd5c14d/detection

79.134.225.58:5609
remcus.chickenkiller.com

# Reference: https://any.run/malware-trends/remcos (Note: as seen on 2019-12-04)

ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
slimyuyo.duckdns.org
vemvemserver.duckdns.org
3forall2019.servesarcasm.com
mozillamaintenanceservice.duckdns.org
spenzmarine-56499.portmap.io
fobeno-42652.portmap.io
lololol-54262.portmap.io
Theprohd-59801.portmap.io

# Reference: https://pastebin.com/r5ZV1TCJ

menaxe.nsupdate.info

# Reference: https://twitter.com/wwp96/status/1203002510765707264
# Reference: https://app.any.run/tasks/30aa42c6-1bf5-4eed-84fc-099cc2f69404/

174.127.99.167:8970

# Reference: https://pastebin.com/7Ak2nP2T

reverse.spamassasins.icu
top.multigamingjo.waw.pl

# Reference: https://www.virustotal.com/gui/file/80120be87db5c64640fbd69a55cfd335601de08d5bcff393e66ff6f51c460850/detection

79.134.225.121:22940

# Reference: https://twitter.com/smica83/status/1205000837430468608

top.phonefix1.waw.pl

# Reference: https://twitter.com/Paladin3161/status/1197842954037018625

192.169.69.25:1116
ashawo.duckdns.org
wecollect11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e444ad341b93f3150b1eae401b84c1b8afd73a80345b4b328bd26c9e5dc5d66/detection

185.148.241.48:1115

# Reference: https://www.virustotal.com/gui/file/a22ede52f14be480dd478fa0ec955b807e4b91a14fbe1b5d46c07bbb5cacccbb/detection

185.244.30.116:1116

# Reference: https://www.virustotal.com/gui/file/53a20bb94b5f34076b98b161b786e24a3fe4c1d3ba36892a901f0709461d096e/detection

185.244.30.116:2444
proudsoldier.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf16f2332e28ac589939efd41ce77fafeed6c9f8b20661f55a0e1264c78bebd0/detection

91.193.75.49:1116

# Reference: https://www.virustotal.com/gui/file/efda9ecdddba583c653b76dbc825daaba070e16d4e6be3f6439278c6c023450a/detection

185.165.153.231:2404

# Reference: https://twitter.com/ActorExpose/status/1196103594845593600
# Reference: https://app.any.run/tasks/4be5595d-4651-40ae-b24d-917a47b26fbb/

79.134.225.46:1960
mgc1.duckdns.org

# Reference: https://twitter.com/coderippers/status/1194935759775641600

185.165.153.186:5132
91.193.75.51:3434

# Reference: https://twitter.com/Paladin3161/status/1194813271494148096

192.169.69.25:100
jamesremcos.duckdns.org
savagesquad.ooguy.com

# Reference: https://www.virustotal.com/gui/file/a8c80446c78199908f9187795627a6111e765b7abf20662cd0f1762ba80abaa1/detection

185.165.153.27:100

# Reference: https://app.any.run/tasks/4e587628-821c-42e9-ae52-ad84fd05ba85/
# Reference: https://www.virustotal.com/gui/file/9b4585e342acf00e8d7c0f0b215af2f74ce1a0b428583c30868dbc616d87e1dd/detection

srvc50.turhost.com

# Reference: https://www.virustotal.com/gui/file/1efc346c6761b933adc7a10ab7e6da5e6c65369b5b90f3ddd528ce2bcc3116ab/detection

91.193.75.51:4343

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/

rmagent.biz

# Reference: https://www.virustotal.com/gui/file/8003d7af85e3d328eb0c789e32bba3de456523c109847eca2ace5ae0252c1ee2/detection

185.165.153.22:2211

# Reference: https://www.virustotal.com/gui/file/04455422ee74836e38315b4ac9740470c963e45d5cf61fb3927f02ed9be4d995/detection

185.165.153.22:11011

# Reference: https://www.virustotal.com/gui/file/606aee9e6f0ec6e51dd94cda76b4978392bf5c7f505e049fbd936e7b97928387/detection

185.165.153.22:3330

# Reference: https://www.virustotal.com/gui/file/9fe933614e864926edb99dd6a6c1df31e3db0f74fb8c0d622ef73fd1c6e14104/detection

91.192.100.37:23850

# Reference: https://www.virustotal.com/gui/file/444a412bebf61392e5368bd1464f5773024d1c8758626cd7c5f061ba7688403a/detection

88.172.243.236:23850

# Reference: https://www.virustotal.com/gui/file/d2ddf0997db4b87a354abacba8f0b22f5923eeff7f01bcf3e2bae535160c579a/detection

79.134.225.122:23850
79.134.225.122:3366

# Reference: https://www.virustotal.com/gui/file/bd6220c705c6f321f59d1f45eea1e13c5171f7a2061dec9f907ffa291f3b9ec1/detection

79.134.225.122:2404

# Reference: https://www.virustotal.com/gui/file/c176c510cdc4c587528c7b3fd414ff373f966e669243ade0f76bc674e8053a9f/detection

23.105.131.156:2404

# Reference: https://www.virustotal.com/gui/file/abb4c76901b644cb756fe3727d3933d6a614d0709b62c78c9c54f2dd3ba6aea0/detection

192.253.246.140:23850

# Reference: https://otx.alienvault.com/pulse/5c4543d7fa493a3bac56ae13

jaxboss.publicvm.com

# Reference: https://www.virustotal.com/gui/file/fffb52d51e9688cc08c2a2ad0d818528174eda3e9738c7df8d009301bd127419/detection

173.242.125.75:7241
mysit.space

# Reference: https://www.virustotal.com/gui/file/8e99fca6285e318095ad693fa35b922f88743bf7743a1a8316eb0138fb771e2c/detection

185.82.202.149:7241
uploadtops.is

# Reference: https://www.virustotal.com/gui/file/a0dd3cf4f046432c109448c53687a0cf06cdc1d287fda725c7c15397dab984f0/detection

66.85.185.105:7241

# Reference: https://www.virustotal.com/gui/file/6caecb1c499dfb5b9a00c1eed46b7c6b223893f5a95a10dbb7dc41515a132c7e/detection

66.85.185.105:1427

# Reference: https://twitter.com/DynamicAnalysis/status/1205555781095108608

79.134.225.99:2018

# Reference: https://www.virustotal.com/gui/file/8c49d633a12c6ea14ac72e58de6c9f7ba239403f21cc25c6f1ae867b5df29b36/detection

41.203.78.140:2888
41.203.78.93:2888

# Reference: https://twitter.com/wwp96/status/1210224614149939200

185.140.53.26:2404
michaelking102.hopto.org
michaelking102.loseyourip.com
rennelautos.zapto.org
sunwap878.ddns.net
sunwap878.dynu.net

# Reference: https://app.any.run/tasks/8541d798-8243-46a8-8631-f54e6ed5d19e/

redsocial.instagram21.best

# Reference: https://twitter.com/James_inthe_box/status/1211999781721006081
# Reference: https://www.virustotal.com/gui/file/a05be2b7d477cf006794c746d241b4dad0a392f59d19238f17bc7128418108f2/detection
# Reference: https://www.virustotal.com/gui/file/76b700b072fd5820e296c1fd9a62f2a63c8c6715e778ad32213cdfcae5bae878/detection

108.62.12.134:4922
nolim.duckdns.org

# Reference: https://www.virustotal.com/gui/file/472aa23054d16bcf70e18d254613161d80cb345229aafca5e0b103e0afb65271/detection

aprsgkpc-51401.portmap.host

# Reference: https://www.virustotal.com/gui/file/51ba982bff7c5afbb35f5ce500570bf94aacda560e649e32fa9445155a31994c/detection

193.161.193.99:54120

# Reference: https://www.virustotal.com/gui/file/7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31/detection

tunedd30.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4f477f955ae23cb599858715626e86d3c5a8869d7cfd340af87147e2e7c9818/detection

178.124.140.136:6640

# Reference: https://www.virustotal.com/gui/file/28842367cd70d14f0776b246cb821275ff817051813b3ad4090eb412496d319c/detection

178.124.140.136:1284
dfrannk.hopto.org

# Reference: https://www.virustotal.com/gui/file/63e1f393cbd4bfe5c8e431af3de70b382482ed3e11b967db8caccf4c38ada733/detection

expertyline.mooo.com

# Reference: https://www.virustotal.com/gui/file/4c407408ea383edc394a84baed80b6991581a5df5d9cbcb818f83dfc1c6b4317/detection

ddfranks.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb91f6ed14de853b1d987e199eaede7005c4cf6671321315d22e4626677bfb7c/detection

178.124.140.136:1515

# Reference: https://www.virustotal.com/gui/file/72b74037adf3cf0cf6e9ead907f565d4976b0ed15a8b62e2c8a8cde28a09867b/detection

178.124.140.136:2033
blessederic.ddns.net

# Reference: https://www.virustotal.com/gui/file/978b349faa2c6e8894897bb1cc54d1f92ca9613af0078528fab4f10466c2667b/detection

178.124.140.136:2669
dfranki.ddns.net

# Reference: https://www.virustotal.com/gui/file/b57e631645446ad3744528b05f961ea2c4cb23f426f0a6a6dea8203786c9e528/detection

178.124.140.136:3333
menorte.ddns.net

# Reference: https://www.virustotal.com/gui/file/2bd9dd47981f11b696c2ad7c6b11723da0f091c658210799e2fdd1efd326172a/detection

104.244.75.220:9300

# Reference: https://www.virustotal.com/gui/file/26d109f07bff6ad6142cc1e2c455849a3f641ac43660372686aad7381527fe00/detection

103.136.43.131:7368
104.244.75.220:7368
105.112.99.44:7368
194.5.98.25:7368
sam555.ddns.net

# Reference: https://www.virustotal.com/gui/file/48fafbbccc345ad4f5b9d525107cd139bde73ec2b4eb54432336bf6450943a5f/detection

91.193.75.49:2016
91.193.75.49:3001
proud.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bf76c5ca49445e8aacb161337d1d333cf481c4ea7eaecfd2c2a3170e70a69ce7/detection

91.193.75.49:3111

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985
tools4money1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/254a0ac154ebc83d9838fb52af5dc8118cfc31d81571cfdac3d3bf4f75be5d6a/detection

remcos.got-game.org

# Reference: https://www.virustotal.com/gui/file/f9aae3f8af4a70b5634a9ec9f069ac3458ff6835547107e42955fa12c5a2cf8a/detection

91.193.75.66:3039

# Reference: https://www.virustotal.com/gui/file/223e21cb4169999a2086cbcb4d56013d151b81745a541f300ffbbfd838c1a8f5/detection

79.134.225.72:4564
ebuxxxxx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8889736c0a30eb477236a624f55e66d38f52025db003cf7fe621fd084109db5e/detection

79.134.225.72:7676

# Reference: https://www.virustotal.com/gui/file/166e944c81082a59ffbf8cf5a2ae228913dc8656990d71238ad2db19cd2221b5/detection

top.pubgstores1.waw.pl

# Reference: https://www.virustotal.com/gui/file/5ee090b3c5b98a33e60f2a3eeb6f8429ffabc5ac0ea932e373c6a383cfce5289/detection

smart0147.ddns.net

# Reference: https://www.virustotal.com/gui/file/2170aa91350c123fa9a2319492afbd73c2b5fbe29a84c001efd545980c330856/detection

79.134.225.73:6569
passwrdboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e4538221d4740b28f2aa439fddfba69448a2751a0a4f78b54145ddd7ef7d6992/detection

79.134.225.73:18943
cashoutmoney.ddns.net

# Reference: https://www.virustotal.com/gui/domain/top.fishingjoco.waw.pl/relations

top.fishingjoco.waw.pl

# Reference: https://www.virustotal.com/gui/file/72e6c5ce4b7844eee3a6b293f54aeedd38d572bd5ff7c3609507030da46041fe/detection

185.158.139.238:9334

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

185.140.53.93:9334

# Reference: https://www.virustotal.com/gui/file/38de8ff2bdcad25f923d0d22138c23541991c3f96095a0ee22de5e1849f3f20e/detection

185.140.53.59:9334

# Reference: https://www.virustotal.com/gui/file/ad74423af971f9d55f4fb2ca010f6dc81ef98a6dd36fd18b833c2623d17eb913/detection

185.140.53.192:9334

# Reference: https://www.virustotal.com/gui/file/d99ac8879353bd8cbc3ca502cdc6cf5581652f1a26f7de6337644758d6370e16/detection

185.140.53.107:8787
185.140.53.107:9334

# Reference: https://www.virustotal.com/gui/file/0bca93258e81977fd667e4ceab83f2e3460dd5fa5d5f4e88549bd4bfad20ee12/detection

185.140.53.52:9334

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

185.140.53.26:5200
185.140.53.26:8153
185.140.53.26:8787
185.140.53.26:9334

# Reference: https://www.virustotal.com/gui/file/63f7dcd1893c84eae20fe494fd9d0bda10dd809ead94eb4d2c271d25208fc992/detection

185.140.53.222:5200
185.140.53.222:8153
185.140.53.222:8787
185.140.53.222:9334
185.140.53.52:5200
185.140.53.52:8153
185.140.53.52:8787

# Reference: https://www.virustotal.com/gui/file/8fdf5d5c5cf41f4f80a563d12f07d6f59bdeed91028eaa888a982a45df76bd09/detection

185.140.53.115:9334

# Reference: https://www.virustotal.com/gui/file/44558aeedee27b83942c4e33a0c0f060035f2ef4beaf66af23f719f121934194/detection

185.140.53.94:9334

# Reference: https://www.virustotal.com/gui/file/f5a7efd0ffb5145945fed2f92b2df8a79847085547333ec841e3e0b1fc5e1133/detection

185.140.53.50:5200
185.140.53.50:8153
185.140.53.50:8787
185.140.53.50:9334
185.140.53.149:9334

# Reference: https://www.virustotal.com/gui/file/4d51a099cfcab43ebfdaef8d4bc8bd0560c933c665cb6ca353f63d2d97bb2f18/detection

185.140.53.91:9334

# Reference: https://www.virustotal.com/gui/file/225c850cfd1f040c9b7f3513eb77aa5830a4b37b9cb1a516cd128e7841429537/detection

185.140.53.162:8787
185.140.53.162:9334

# Reference: https://www.virustotal.com/gui/file/49e01999814d095689ceda6247ccaea14bcd21d0267e8705b393de930e883667/detection

185.140.53.114:8787
185.140.53.114:9334

# Reference: https://www.virustotal.com/gui/file/cbe362033ba85e20d7b86bc9108c1d1db1786febfbf0b99258e755ac8b6297b2/detection

185.140.53.194:8787
185.140.53.194:9334

# Reference: https://www.virustotal.com/gui/file/27d2f7b50dc11a146fd7d950a1d3eec3031882b970463b7b685b516849071fe1/detection

185.140.53.232:9334
185.247.228.103:9334

# Reference: https://www.virustotal.com/gui/file/d4487b370ba2645516192a1461cb25ed3d11d02e4d0fdce3025269ca7d63aefa/detection

185.247.228.251:8153
185.247.228.251:8787
185.247.228.251:9334

# Reference: https://www.virustotal.com/gui/file/c68b820b65097d851e33a977e562fd51d12d852613b43caba3b325dd74b0e618/detection

185.140.53.96:8787
185.140.53.96:9334
185.247.228.103:8787
23.105.131.142:8787
23.105.131.142:9334

# Reference: https://www.virustotal.com/gui/file/b4f87be6ab41d1216a36822bf791212e29eb07c469059571d916221f0508ef97/detection

185.140.53.208:5200
185.140.53.208:8153
185.140.53.208:8787
185.140.53.208:9334
79.134.225.10:9334

# Reference: https://www.virustotal.com/gui/file/a246556f34f23f1e8c67a4aadda22bd03324521aadf4526b0db5f696b6761d35/detection

23.105.131.216:9334

# Reference: https://www.virustotal.com/gui/file/eae3e753b4461e78f7f0206f2d3434f9ced9c302ec509e952e69332b2be73ee4/detection

sub.jofishingco.waw.pl

# Reference: https://www.virustotal.com/gui/file/cfc1e1ff16319b95761d4b4b950bd46e7c7b8cab339cbf556b21fa56cc7f069a/detection

23.105.131.216:5200
23.105.131.216:8153
23.105.131.216:8787
173.254.195.173:5200
173.254.195.173:8153
173.254.195.173:8787
173.254.195.173:9334

# Reference: https://www.virustotal.com/gui/file/590fac000e2f4cbe9a27520e6cf3223e045bc3386633c25088e55439679150f7/detection

173.254.223.68:5200
173.254.223.68:8153
173.254.223.68:8787
173.254.223.68:9334
91.193.75.128:8787
91.193.75.128:9334
98.143.144.221:9334
98.143.144.243:5200
98.143.144.243:8153
98.143.144.243:8787
98.143.144.243:9334

# Reference: https://www.virustotal.com/gui/file/9f945ca391310fb2880045f5bd60393d62b2a0c65f06aa57396d9bcb313128a7/detection

173.254.195.172:8152
173.254.195.172:8153
173.254.195.172:9334
173.254.223.121:8152
173.254.223.121:8153
173.254.223.68:8152
173.254.223.74:9334
204.152.219.119:8152
204.152.219.119:8153
204.152.219.119:9334

# Reference: https://www.virustotal.com/gui/file/96158e53f76c37ba6590d80f10bbc5009bdc758d388d456274fb065a5ce8f325/detection

173.254.195.173:8152
173.254.195.173:8153
173.254.195.173:9334
173.254.223.110:8152
173.254.223.110:8153
173.254.223.110:9334
185.140.53.236:8152
185.140.53.236:8153
185.140.53.236:9334
73.0.71.4:8152
73.0.71.4:9334
98.143.144.217:8152
98.143.144.217:8153
98.143.144.217:9334
98.143.144.243:8152
98.203.61.135:8152
98.203.61.135:9334

# Reference: https://www.virustotal.com/gui/file/5cac3d994fcc5eefdaef9ffd6b9fae41dd49f1a699e88746e17fb51a49f73bd2/detection

204.152.219.90:8152
204.152.219.90:8153
204.152.219.90:9334
91.193.75.126:8152
91.193.75.126:8153
91.193.75.126:9334
91.193.75.220:8152
91.193.75.220:8153
91.193.75.220:9334
91.193.75.128:8152
91.193.75.128:8153

# Reference: https://www.virustotal.com/gui/file/a26302049b7fbfa6d107b726717cc1a29c7b1dc04d3ad07b6a2f56fd3ca9cd1d/detection

185.247.228.103:5200
185.247.228.103:8153
173.254.223.110:5200
173.254.223.110:8787
73.0.71.4:8787
98.203.61.135:8787
91.193.75.126:8787

# Reference: https://www.virustotal.com/gui/file/0c92e3f679873eae4f540f6f62d29bd80abd6bdc7267221c5a0ba1f82c9e90f7/detection

185.140.53.213:8152
185.140.53.213:8153
185.140.53.213:9334
91.193.75.232:8152
91.193.75.232:8153
91.193.75.232:9334
91.193.75.238:8152
91.193.75.238:8153
91.193.75.238:9334
91.193.75.97:8152
91.193.75.97:8153
91.193.75.97:9334
98.143.144.211:8153
98.143.144.211:9334

# Reference: https://www.virustotal.com/gui/file/4b5c755f37994c6474cabd023f83ec8d58ff7f875d25fb788ec9770383833af5/detection

173.254.223.124:8152
173.254.223.124:8153
173.254.223.124:9334
204.152.219.93:8152
204.152.219.93:8153
204.152.219.93:9334

# Reference: https://www.virustotal.com/gui/file/1053aed27e83dc8f682739c0d1716060b1fa525d3a8cef7fb066e8103a3fe50b/detection

91.193.75.107:9334

# Reference: https://www.virustotal.com/gui/file/82889980e77fab696835eb230b3d3b04ade235e7a2442f267bfeae32dcb189f0/detection

173.254.223.121:9334
173.254.223.92:8152
173.254.223.92:8153
173.254.223.92:9334
98.143.144.207:8152
98.143.144.207:8153
98.143.144.207:9334

# Reference: https://www.virustotal.com/gui/file/925e39df3d71d49ed7c31790de157fd50e6bfc7eed6d151fa0c89760b059937e/detection

204.152.219.94:8152
204.152.219.94:8153
204.152.219.94:9334

# Reference: https://www.virustotal.com/gui/file/daaa67b875f56060c05fae1fa635f9a30786054b3efb9c3ef82204b30f6dd7fe/detection

185.140.53.137:9334

# Reference: https://twitter.com/wwp96/status/1214559701280722945
# Reference: https://app.any.run/tasks/fa298bab-4c01-4269-93af-1808d94595fd/

jessene.ddns.net
rennelautos.kozow.com

# Reference: https://app.any.run/tasks/ef3a8b4d-0d5b-4f7a-a187-336b1327884c/

successfulghost.duckdns.org
185.244.30.35:2009

# Reference: https://twitter.com/wwp96/status/1214925176632225799
# Reference: https://app.any.run/tasks/1ad4f2da-7513-4d09-bd27-f6cf3327b489/

209.127.18.228:2424
roboscchi.duckdns.org

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://app.any.run/tasks/a58e0909-6db7-4a3e-961d-02dcb6800803/

161.117.86.44:2500
88.198.205.179:2500
devicenet.org
devicenet1.org
devicenet2.org
devicenet3.org
devicenet4.org
devicenet5.org

# Reference: https://www.virustotal.com/gui/file/3bcfb4fec5c49609ce2e1688f24ae874728e9fd53a1769673d2ad3ac0c5554aa/detection

174.127.99.211:9493
vision2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0c2912541176b553f2d4595ea338f88bc8d6110ac43cb892cf86dd06ca49307c/detection

41.242.137.4:9493
41.242.138.53:9493

# Reference: https://www.virustotal.com/gui/file/6e5a7c74c609d6363a56cca712900ec5ab4ffa4e22c0307adf9b30f56b7eb218/detection

185.244.31.31:9493

# Reference: https://www.virustotal.com/gui/file/972cd696927d9d1804566fe6a610a67ca4f9a1bd631769ba7a2d3b06f8413497/detection

79.134.225.104:1871
umc621.myftp.biz

# Reference: https://twitter.com/DynamicAnalysis/status/1217873533310816257
# Reference: https://app.any.run/tasks/a948d44d-9d3b-4675-8c4f-6ec951a9346a/

79.134.225.36:2121
79.134.225.98:2030
srvr1.serverpubg1.pw
srvr2.serverpubg3.pw

# Reference: https://twitter.com/Racco42/status/1221707041615630336
# Reference: https://app.any.run/tasks/ced5f8bb-826d-4ece-9e0b-35408f6e3b90/

91.189.180.199:672
srvr2.callofdutyserver.pw

# Reference: https://twitter.com/Racco42/status/1221721585868058625

80.209.240.101:2030

# Reference: https://twitter.com/wwp96/status/1221878428623872001
# Reference: https://app.any.run/tasks/d41682fc-e350-4a38-a2b2-397fbf22a3d6/

185.244.30.53:2404
lupend.ga
lupendbackup.ga
lupend.duckdns.org
lupendbackup.duckdns.org
rownip.lupends.com
rownip.mailredirect.ooo
rownip.schneidstore.com
rownipbackup.ga
rownipbackup.tk

# Reference: https://pastebin.com/R6JP78G1
# Reference: https://www.virustotal.com/gui/file/5cfda191c0a46c7849afb2014c290dbd57101d20407ef9bfcaacac5886a80814/detection

103.145.255.163:4040
103.145.255.163:6566
vip6654.live

# Reference: https://app.any.run/tasks/8b8041c8-7f80-4bed-944b-1e28edacaf3d/

olavroy.duckdns.org

# Reference: https://app.any.run/tasks/1d360fda-c2a3-48d3-9c0a-5d5911a5574b/

66.154.98.108:24046

# Reference: https://twitter.com/wwp96/status/1222574424450355201
# Reference: https://app.any.run/tasks/75213c65-a28d-4053-b6ce-691a95f2b91b/

91.193.75.248:1005
mohit36241.ddns.net

# Reference: https://twitter.com/Racco42/status/1222614871293845504

178.124.140.136:7894
xyz345.spdns.de

# Reference: https://www.virustotal.com/gui/file/5a0d3279a6a703f809a0526fb425c8f4d2d42a3794b35315d1ae05c9960702e9/detection

185.148.241.50:9727
lawwena.ddns.net

# Reference: https://pastebin.com/SamC9MPD
# Reference: https://www.virustotal.com/gui/file/a309e11a1eb76c83efa58d90a6870234603c819636e7acefea389790b6d83d32/detection

37.1.207.27:5555

# Reference: https://twitter.com/wwp96/status/1224385908394352642
# Reference: https://app.any.run/tasks/092bbf7f-4edc-4073-972b-e98000608a8d/

154.16.93.178:3376

# Reference: https://twitter.com/wwp96/status/1224777426305196038
# Reference: https://app.any.run/tasks/06d959a6-057c-43e2-af0b-41971499e6c2/

chommyflozy.duckdns.org
milky123.casacam.net

# Reference: https://twitter.com/wwp96/status/1225528218209394689
# Reference: https://app.any.run/tasks/255e11a7-fd7f-470a-b0a2-e4c557aeb2d2/

41.242.139.6:8484
legacy2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/0230436c843aff9c00a762954bb2317e6a90c3c8b25d453fe3405805b22020b2/detection

184.75.223.227:56699
213.152.161.20:56699
213.152.162.109:56699

# Reference: https://app.any.run/tasks/45613eaa-cd76-409c-abd6-57d49c3245fb/

104.37.1.38:7902
rolandgeraldinelacotta.mywire.org

# Reference: https://app.any.run/tasks/7839af44-a26a-4b1e-885d-edee4e9aa7ae/

nj2ratt.ddns.net

# Reference: https://twitter.com/wwp96/status/1228361945780232192
# Reference: https://app.any.run/tasks/67e987d3-8e12-495e-a04a-aa965765cc6c/

41.242.138.29:8484
remcos247.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155
# Reference: https://app.any.run/tasks/657b7a80-7a29-4353-9fbb-d73b24100c39/

185.244.31.114:3090
backup1.gam2ng.pw

# Reference: https://twitter.com/wwp96/status/1229495413281054721
# Reference: https://app.any.run/tasks/d5332906-8319-4e81-a1b7-3cf6ee4f54d3/

185.244.30.16:8484

# Reference: https://twitter.com/wwp96/status/1229816791876198403
# Reference: https://app.any.run/tasks/091c477d-f4c1-41ea-a55d-8d6b6a70842a/

216.38.7.245:7279

# Reference: https://twitter.com/wwp96/status/1229810377959116800
# Reference: https://app.any.run/tasks/bff65255-585a-489e-a9a6-b9b31ccf56ca/

79.134.225.77:5151
mygodissogoodtome.ddns.net

# Reference: https://twitter.com/wwp96/status/1229843377711128577
# Reference: https://app.any.run/tasks/a38c2851-2556-4f73-863f-fd895d152cb1/

185.244.30.19:1930

# Reference: https://app.any.run/tasks/48f66baa-9be1-4325-9d78-54da7353f337/

jacksonsmit.ddns.net
185.244.30.16:8484

# Reference: https://twitter.com/yvesago/status/1230414301221019648
# Reference: https://app.any.run/tasks/3211cb34-3ead-4e2f-96d3-30d887c1a208/

79.134.225.52:1994
experience1994.hopto.org

# Reference: https://twitter.com/500mk500/status/1230557502862843904

191.101.22.21:1005

# Reference: https://www.virustotal.com/gui/file/3909a024c17e133fea95cbdc7e54a25d1144a24a78d43af4e84de35e00227b68/detection

79.134.225.38:4000
79.134.225.79:4000
iyamahrem45.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d97f1dc45bb4cc7224ac9fd00306abc925b8af72e0bc0520fd5a072f78318277/detection

79.134.225.38:1989
agshrf.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Generickdz-7586813-0)
# Reference: https://www.virustotal.com/gui/file/dfb75c837ea961311b96c32257c46ebfa53d679834cc6fbd207dae4c2a8297b9/detection

46.105.98.53:4782

# Reference: https://www.virustotal.com/gui/file/74c3a5f44d545c7eb905dced1d5b0ffb4a56a81e5b722c2252d0f60fba627318/detection

185.165.153.29:3636

# Reference: https://www.virustotal.com/gui/file/6a6784d34afba70572cc188f5853e06ee3ea5422fe80fc5e42bf3ff6203b5527/detection

185.140.53.139:3636

# Reference: https://www.virustotal.com/gui/file/7f9d115776d5a404d6b02a64473f3f4b2e36aa13bdd22b2437dc220385b65e09/detection

79.134.225.75:1234
sixteen147.ddns.net

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Ransomware.Remcos-7586925-1)

secure.jagexlaucher.top

# Reference: https://www.virustotal.com/gui/file/c5193ef79fb9a0e616eeb7904bc66b9aeb9b1c42aee393b6829f9617462664b0/detection

186.118.80.105:3201
186.118.93.21:3201
elcamionsr.duckdns.org
impindusltdz.duckdns.org
induspals.duckdns.org
induspalse.duckdns.org
msyswintxl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db12191309c125be008c08d8ba8444cf7a0240ea36b1f54aace2ba46bb3228d8/detection

167.0.102.88:3201
167.0.104.40:3201

# Reference: https://www.virustotal.com/gui/file/a352d00e0322a0e397f167c1164f7667c672935ba14d29c4f4b60f26d0a88f5d/detection

186.116.218.183:9134

# Reference: https://www.virustotal.com/gui/file/963abe7aa94c8b3e12e231e10c62ba00e3f89948edb77e017cb2eb25bc24ca56/detection

179.32.78.10:9134

# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection
# Reference: https://app.any.run/tasks/aab68fdc-ebbb-4416-be92-6469b1145c0c/

149.167.94.36:8754
167.0.101.103:3201
toolpres.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6416daf02055125dd7a513058a8c5a3e1bb97c049ae428ccb5c7600ab576ccb1/detection

94.73.22.187:83
bobbylight.zapto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1231999794035535875

185.140.53.214:1898
mercy01.ddns.net

# Reference: https://twitter.com/killamjr/status/1232457439229820928
# Reference: https://app.any.run/tasks/47b0c22e-98c8-4234-99af-5d23b31c74c3/

79.134.225.102:2030

# Reference: http://benkow.cc/export_rat.php  (Note: as seen on 2020-02-26 - filtered)

agbero.duckdns.org
civita2.no-ip.biz
dixenweb.ddns.net
ejiroprecious.ddns.net
emilylattaa4111.serveftp.com
firstclass197007.hopto.org
ichie.hopto.org
jaxboss.publicvm.com
keypay033.dynu.net
mdformo.ddns.net
microsoft24515062.serveftp.com
opitalia.ddns.net
provafood.ddns.net
semonsemon.zapto.org
vice.hopto.org
wecollect.duckdns.org

# Reference: https://app.any.run/tasks/4ed77208-4026-4fdf-b990-a66732c6e7f8/

jload06.xyz

# Reference: https://twitter.com/wwp96/status/1236003598812753921
# Reference: https://app.any.run/tasks/70206853-5fda-45bb-b99b-387b79dbd42a/

87.101.92.68:1067
servr1.willbeban1fabuses.xyz

# Reference: https://twitter.com/wwp96/status/1235999989685420033

185.140.53.4:5151
goddywin.freedynamicdns.net

# Reference: https://twitter.com/wwp96/status/1236020295225536512
# Reference: https://app.any.run/tasks/77f4fcf4-962a-4552-a70d-6a73b79bb901/

chommyflozy.casacam.net
unitransports.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1236812973156364289
# Reference: https://app.any.run/tasks/00c5eeea-f240-4a69-9e30-b68676cdd2d2/

185.244.30.14:7171
favournwa.ddns.net

# Reference: https://twitter.com/wwp96/status/1237468685415178242
# Reference: https://app.any.run/tasks/ae5b24b1-2e57-4986-ad20-ade9b057f9bf/

u864246.nsupdate.info
u864246.nerdpol.ovh
fs03n2.sendspace.com

# Reference: https://app.any.run/tasks/3b110d0e-15aa-4f3a-b592-fa1da1444a88/

185.208.211.64:2020

# Reference: https://www.virustotal.com/gui/file/d86075425ffb3c196e64ca71bcf7a0846df91444e53987638cf212dae52e5961/detection

79.134.225.112:2404
79.134.225.95:2404
41.190.31.245:2404

# Reference: https://www.virustotal.com/gui/file/da0f330f3e5992eb6c9dd0b38eaa332be093b04153c0fa1852b0b5309543c5a6/detection

79.134.225.74:8906

# Reference: https://www.virustotal.com/gui/file/44c13aa211c5571aec2cdb56f461d2f4309b4070a271dfaca037e8e56db87804/detection

104.37.1.38:7650
79.134.225.74:7650
Nanomoney.entrydns.org

# Reference: https://www.virustotal.com/gui/file/08dcfa6f7dcd4c907f01000ea4890dfaea8a386d9c3fee253127d1c6f6974810/detection

79.134.225.74:7890

# Reference: https://www.virustotal.com/gui/file/66137b5faf49de1ffa5990b57f6f4d8543ddb7b7a19d0e8bce53446dc1ee91d6/detection

79.134.225.87:5001

# Reference: https://www.virustotal.com/gui/file/1f524e469d0ee3bdb24feff5dead9b188f609c74beb90888cbde4c042a1075ca/detection

79.134.225.87:888
primspa1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b3f39059e7f85c0312423abd50a311e6f1df8e04136bf8e4bedb9884229e11a/detection

79.134.225.87:999
ziccusu00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/776eaa3b21ac18c01341a09b6db2dddd6049a70e3c5285de6474da7097049fc3/detection

185.165.153.158:3765

# Reference: https://www.virustotal.com/gui/file/e0f393f5a884cf5d65640260db9aa2b6d68a4be9e4ab8d0a27a911a0b3c876ce/detection

79.134.225.87:2404
lpisback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/39046a68d3a0b89281dd3e8d5713f76ba6cd15497279586cbf016bf6bac5eedb/detection

79.134.225.87:40099

# Reference: https://www.virustotal.com/gui/file/00bf0217afa40f1d254bb60b4885151fc8e7b0d22bbcc64e7c6c88144296cb76/detection

79.134.225.87:5578
osloc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac96d8c75320162a4e4e32760ece2b5ad066899ee5204c99bc2b2b17012fe4a4/detection

79.134.225.87:1630
tmppaparazi.dynu.net

# Reference: https://www.virustotal.com/gui/file/6eefcc4df76863d15eb7dd46148a156465db96d2a7c3a44c77a17c1434d06a86/detection

flasback.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a770498f38ef674902cfc8879eb0ae88d2201d7fb5b61e63541244e10c2de7c8/detection

79.134.225.113:2404

# Reference: https://www.virustotal.com/gui/file/79843b0bc5b7770bf06ab747a069a34ef8933045b3a64c021f67823a602e90cc/detection

79.134.225.113:5355
79.134.225.121:5355
richarddsimps.ddns.net

# Reference: https://www.virustotal.com/gui/file/a13a787fe0a742da7f9d147e80dcb122b9fe8eaf60a78ca506c9a21149f99373/detection

79.134.225.117:666

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

185.244.30.251:1122
shabi1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/545212a4eb881f34fc2d3adb1f2bf62aa4e5ca37e7a1c7a8e4b5fabec0525386/detection

178.124.140.145:8652
pcent4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/db2524104c83282dd3d42a07f0cfe4fad0ed9b7a3e664caefe4b2669b027e083/detection

178.124.140.145:5132

# Reference: https://www.virustotal.com/gui/file/10f04c28ff3663fb84394c007d8d170e0a3b78bfd9c5b5a39c79ca7254037559/detection

178.124.140.145:7272
5.135.67.231:2404
aboki.ignorelist.com

# Reference: https://www.virustotal.com/gui/file/ddc1be7028b2502d6d9fd951e420decfe6346df4d9c5c98cdbbda0ec317e1690/detection

178.124.140.145:5000

# Reference: https://www.virustotal.com/gui/file/c52767fc4b82c893fddbe94767d0c488469ad05332f0216cbb07b7be3aecd62c/detection

178.124.140.145:1994
experience1994.ddns.net

# Reference: https://www.virustotal.com/gui/file/719d66b11a535ce3fc2cde6cd2dbc8de9ba14701ff39ed372fd0bb17e734a6f5/detection

91.193.75.137:1969
papi231.duckdns.org

# Reference: https://twitter.com/MSteve25/status/1240341489101803521

185.244.30.12:8970
remkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/38cf49c1fb4e9090ffaca117d64bb985e1df8d0b88952c2322b3230c76b44538/detection

216.38.8.179:777
newvision.ddns.net

# Reference: https://www.virustotal.com/gui/file/8cb4eb249cb024561fd1949a44f98356b95e60ba14c17f4ae4962fc0234df011/detection

216.38.8.179:1379
airsack.ddns.net

# Reference: https://www.virustotal.com/gui/file/a2e020e6642854a20d9b7523c29bb5e1a7fb730ddafbeccd53f5595ce596d179/detection

185.165.153.228:6868
bukamm.warzonedns.com

# Reference: https://twitter.com/JayTHL/status/1241125967424360458
# Reference: https://www.virustotal.com/gui/file/9a555e49a8804460c067fff544fba3663c8cc0be92a1a0ad92bb6fe1b8f206c6/detection

185.244.30.125:2404
jbarn.sytes.net
kenthomas.giize.com
rex2015.freeddns.org
rex2016.freeddns.org
rex2016.hopto.org
rex2017.freeddns.org
rex2017.hopto.org

# Reference: https://www.virustotal.com/gui/file/3eb378421462244e5ec0a6d50eca01badfe1f88160e0a758a567c7930dfb8290/detection

brhsapir.hopto.org
protopacink.gleeze.com
rex.hopto.org
rex2013.freeddns.org
rex2014.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/a90d204e48d815b3c3376552f5fc5a01ebcf115d6022abb3f97b1b111b079c0d/detection

financeff.hopto.org
jkharding2013.ga
jkharding2014.ga
joyceedwards2013.casacam.net
tylerfreer.ooguy.com
wrtan21.hopto.org

# Reference: https://www.virustotal.com/gui/file/753883fa972dda966abb3adad3cfc94f0a82ca128d1908df58bac3ba93e60bd3/detection

37.47.79.124:132
nocpnv.ddns.net

# Reference: https://twitter.com/w3ndige/status/1242138938501926915
# Reference: https://app.any.run/tasks/aa3e9e89-05d5-474c-a3c8-706699312a72/

91.193.75.7:7171
onyeoma111.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b31dab1a7fa6a0e3bc6f3fe2d856869d16c84f374b64e5ceca1bd73b18ab186/detection

185.19.85.158:7100

# Reference: https://www.virustotal.com/gui/file/02d100b77777705d86a940c8f3142fb4b125fdcb91a3be68797d40f19c6410eb/detection

178.124.140.144:7100

# Reference: https://www.virustotal.com/gui/file/f0dc6049711ee06b8f28bf1e9f596d9fbb3075d0aba1f3a0561127c97091fb9e/detection

178.124.140.148:7100

# Reference: https://twitter.com/baberpervez2/status/1242335218901663747

u864246.tk

# Reference: https://www.virustotal.com/gui/file/5560a23de5ed8b729830c1c515a9f5459e9e29cb6888d119638a4770b79754c1/detection

185.244.30.124:2404

# Reference: https://twitter.com/ScumBots/status/1242425273079017472
# Reference: https://www.virustotal.com/gui/file/abd4e6ee8152822c0545bd27a4f4c5114728873873e227044dfb48ecf1ecb37f/detection

149.248.160.226:7005

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

185.244.30.78:24048
185.244.30.78:34046
54.37.160.139:34049

# Reference: https://www.virustotal.com/gui/file/c23b6f93d8449166426d90a1cf9d468037f62e641bc50e7c1005da6f8be69608/detection

185.165.153.228:2019

# Reference: https://twitter.com/ScumBots/status/1244176813699616769

193.161.193.99:49483
193.161.193.99:50721
193.161.193.99:62254

# Reference: https://www.virustotal.com/gui/file/397f1ec81db07d97dc246c38a16ecf1eb5b7bbf900218a60197d2db446585e32/detection

41.103.10.32:5673

# Reference: https://app.any.run/tasks/e9a9e116-924d-4411-a454-9a841c51c39d/

185.244.30.123:5149
kirtasiye.myq-see.com

# Reference: https://twitter.com/James_inthe_box/status/1245714128695521280
# Reference:  https://app.any.run/tasks/cc60c746-1cf8-4adf-8055-4964111c1c9f/

23.105.131.161:7279

# Reference: https://app.any.run/tasks/d54e08fd-f22a-4beb-9ac1-633ebbe77584/

199.249.230.42:2492

# Reference: https://www.virustotal.com/gui/file/28e8568f488b4573da6b13cd3d8601e6a624098e45d773f37e4aa6f78a4d9fc4/detection

91.170.144.1:16800
themaster3314.ddns.net

# Reference: https://www.virustotal.com/gui/file/284b368d39d240ce2cda28e143d8d48205fc211379ace30e4abbb888402058d4/detection

79.134.225.122:5001

# Reference: https://www.virustotal.com/gui/file/ff66c3616bcc13713378f0b89c7f9a7d754ebdadd027b511a4599b1675b4841a/detection

79.134.225.114:5052
neshoitry.ddns.net

# Reference: https://www.virustotal.com/gui/file/b39a30e55d55c69ad75cd21cebb5be1749325cb10a05dbcc334964ef963f5d65/detection

79.134.225.114:2332
owensmith.linkpc.net

# Reference: https://app.any.run/tasks/0618ea81-3606-4992-be9d-d296c03d679c/

79.134.225.72:3800
vision2020success.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1248696301275025409

162.218.115.147:7070

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html (# Win.Dropper.Remcos-7647550-0)

malu1234.duckdns.org
erunski22.ddns.net
barrywill.hopto.org
chacert.gq
alljobnew.duckdns.org
elintec.site

# Reference: https://www.virustotal.com/gui/file/c3832484e342390c0a3c406da30af7d2536ff2e615714a95ed143f5ecd73be89/detection
# Reference: https://twitter.com/malwrhunterteam/status/1036972726404177921?lang=ca

140.82.57.249:8003
svchost.club

# Reference: https://www.virustotal.com/gui/file/eed983f0eedd7a3f07f49177b8fe0e18d89fa885359e70b02433afd4fb099818/detection

kabiru.ru

# Reference: https://www.virustotal.com/gui/file/b71f954a6371076f9c87b1005208bf5e712806af1f5e037b5eeaa6aadac6d7fb/detection

binexeupload.ru
stubbackup.ru

# Reference: https://www.virustotal.com/gui/file/df560a99f2f4fbd221ddfe1b9f6a9e3bea247677cd4512f74538568160d95126/detection

5.253.114.116:2404
sponsored-ads.co

# Reference: https://www.virustotal.com/gui/file/8f79778cf67b649928a83b3367814f15a2c74119acc90b6ccc819dedc1b83a28/detection

5.253.114.116:2405

# Reference: https://www.virustotal.com/gui/file/f761911e8a45e794bf89a605b14aa7b97785541a186ad593d3ec71e5a1494724/detection

5.253.114.116:2406

# Reference: https://twitter.com/pancak3lullz/status/1250862951185121287
# Reference: https://www.virustotal.com/gui/file/28ac3a50d51131f60e087aace3c06a5a9181f19f1b5830ca5a906074bb7cb449/detection

79.134.225.37:1332
gaming.smartbuyjordan.xyz

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.Remcos-7662156-0)

brockmax2v2.hopto.org
ch31238.tmweb.ru
danishcent.duckdns.org
harri2gud.duckdns.org
hjkgfhsf.ru
menaxe.nsupdate.info
omorem.duckdns.org
onelove03.duckdns.org
sabbbb.ddns.net
securehub.top
snooper113.duckdns.org

# Reference: https://app.any.run/tasks/9cb9db8b-9cb1-4bb0-9f94-8d692ea983c3/

185.140.53.21:2404

# Reference: https://twitter.com/malwrhunterteam/status/1253767947325235200

185.244.30.22:8970
79.134.225.9:8686

# Reference: https://twitter.com/malwrhunterteam/status/1254097817162915843
# Reference: https://twitter.com/James_inthe_box/status/1254102265876508672

185.140.53.9:47580
lachattemouilleee387538783444.duckdns.org

# Reference: https://twitter.com/Racco42/status/1255448660646735875
# Reference: https://app.any.run/tasks/67f663a3-1513-4aa3-9769-3e3cd9bb7ce3/

top.gaminjo1.pw

# Reference: https://twitter.com/Racco42/status/1257561671268208647
# Reference: https://app.any.run/tasks/af0223e5-6920-4b03-9df1-d3e0cc4e9856/

154.16.93.185:672

# Reference: https://www.virustotal.com/gui/file/71ae4c1afb9db6641a4bc94c7d48b83d5b2d0af8507620588e971c9c609c88d7/detection

103.125.217.169:2310
105.112.100.65:2310

# Reference: https://app.any.run/tasks/4914378f-0c6c-4348-944e-f332f7cc88dc/

181.52.103.140:1011
remcquince.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f69fcfb9de5546dc7b98f20d6d4f387f66e4583637f29a494cb664138d441a73/detection

79.134.225.73:7650

# Reference: https://twitter.com/JayTHL/status/1258880410416799746
# Reference: https://www.virustotal.com/gui/file/8ac973617b45c5d0ea2711e9ba025a2cd19a65a97cf82273845472c9ae74f2e9/detection

79.134.225.81:2266
coolta66.gq
coolta67.ga
coolta68.ga
coolta69.ga
coolta70.ga

# Reference: https://www.virustotal.com/gui/file/54c528daf8bbe5f232464f76e3f3ab482486b590009e5b4121896dfbca152ac7/detection

91.193.75.239:2266

# Reference: https://www.virustotal.com/gui/file/7ebf6d9d55089b045426dad354ba80120db475f16dc13dc9401e4ebbd10f647c/detection

79.134.225.105:2266

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html (# Win.Dropper.Remcos-7724400-0)

dolxxrem.hopto.org
goddywin.freedynamicdns.net
godspower19566.hopto.org
khalifa.dynamic-dns.net
mide1.ddns.net
millionaire232.ddns.net
myb22.camdvr.org
remcos.got-game.org
rex2017.hopto.org
rex2018.hopto.org
youngboss23.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f704c20024f02d19c096f82158d891dce7bf7a1b261dcce3226fd6d43b7fc64/detection

104.248.133.59:2403

# Reference: https://www.virustotal.com/gui/file/4b13bb36220d46ab9fa89c4163c8ec571fe0c113af00773d0968fa51c4056bbd/detection
# Reference: https://www.virustotal.com/gui/file/8df9bddf123ffa3fa0f312d56bedde096310a02676e2b023530d8cd6856caa37/detection

185.140.53.18:7082
freenigga.ddns.net

# Reference: https://www.virustotal.com/gui/file/678cbb81b782c58df5e2790b34e9a9a8a4d3af1b0a17fd320bf27111e959bc6d/detection

185.140.53.43:2404
godwin12.warzonedns.com

# Reference: https://news.sophos.com/en-us/2020/05/14/raticate/

cashout2018.ddns.de

# Reference: https://twitter.com/JayTHL/status/1261339604239646723
# Reference: https://www.virustotal.com/gui/file/d76de8b8be89cd4dbe4f861cd4152eae2fafa783bace624cae1b231d8de8da3e/detection

194.5.99.146:1982
testbush.duckdns.org

# Reference: https://twitter.com/dynamicsoaring/status/1261048946438397953
# Reference: https://app.any.run/tasks/3f7e4a16-00dd-4168-9552-db30c5194c05/

185.140.53.69:2404
doc4.ddns.net
doc5.duckdns.org
donald30m.gleeze.com

# Reference: https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html (# Win.Dropper.Remcos-7771461-0)

experience2477.ddns.net
godsfavoured.ddns.net
jbcbeads.myddns.rocks
johnhoff2.hopto.org
lakeside007.awsmppl.com
myb50.myddns.me
nagod.ddns.net
rex2018.myddns.me
rex2020.myddns.me
u863495.awsmppl.com
xxxxza.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/98f031407df4d599b9027f8e672436f1b61876048529a1304bc3118c82d42bd6/detection

185.244.30.247:4045
enmark81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5171603aba08d750c97604eb510f3586245b86eaae0cb08461d734c72258e95/detection

185.165.153.238:9210
mtz11.duckdns.org

# Reference: https://twitter.com/Bl4ng3l/status/1264862595082788866

194.5.99.143:6666

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

79.134.225.98:6996

# Reference: https://www.virustotal.com/gui/file/95e5e81e7413f7c7c5294525ec7e0ed2f1f022d0e2ce02717483d7e3ba438bf9/detection

193.218.118.190:42017
site.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html (# Win.Malware.Remcos-7914589-1)

boot.awsmppl.com
coolcc1.xzy
coolget1.xzy
coolta1.xzy
coolta2.xzy
coolta71.com
dolxxrem.hopto.org
goddywin.freedynamicdns.net
latua.nsupdate.info
newdawn4me.ddns.net
thankyoulord.ddns.net

# Reference: https://www.virustotal.com/gui/file/91842f75fd9b77f4e8d171b6103d26ed7fde38232ef520ee2b066c2ba7381bef/detection

41.111.43.45:1337
sh.sytes.net

# Reference: https://www.virustotal.com/gui/file/0ffdd28e152681a8abca0a9c7f88ba1cd7b945c7ee2df82af6606adf4a426f0f/detection

197.207.171.72:1337

# Reference: https://www.virustotal.com/gui/file/2830a6a923b2d7ff9c4839672db11f64675732aa4d44343b9b7573ca4d6486a1/detection

45.74.35.38:1144

# Reference: https://www.virustotal.com/gui/file/d76483dd726209229a345e0d3856094275e62326ba800cff3b506ba6b7aaca5e/detection

197.207.191.156:1144

# Reference: https://twitter.com/ScumBots/status/1270113968649113604

134.249.160.9:7777

# Reference: https://twitter.com/JAMESWT_MHT/status/1270365125464203264
# Reference: https://app.any.run/tasks/5f6b1ed2-3f06-4a9c-b4f6-b8bc9c757a17/

193.104.197.27:4229
193.234.95.68:4229
newrem.duckdns.org
servr2.plzbanif3abused.xyz

# Reference: https://twitter.com/reecdeep/status/1270747853573537792

185.244.30.113:6996
eastsidebandit.myddns.rocks

# Reference: https://twitter.com/JAMESWT_MHT/status/1270981434703056899
# Reference: https://app.any.run/tasks/821468ce-9c90-48fb-afe5-7df3e1096df4/

194.5.99.132:42017

# Reference: https://twitter.com/MalwareConfig/status/1271561068167512065
# Reference: https://www.virustotal.com/gui/file/d810038d3a2198564a3fe1a23260f4adef32385f265f1d79f77ff1b282f09710/detection

144.217.255.52:10134
phazeonrunescape.ddns.net

# Reference: https://www.virustotal.com/gui/file/09a16ee256f6a7b289e4a65013e3cd9f2c271d14ab1bf44ed89b856aeb13f2c2/detection

36.70.188.129:9798
uqm.ddns.net

# Reference: https://www.virustotal.com/gui/file/48404246cff844b59a4734b2ac30a05b4fa1a6f8750a7eb6ef403db312b7ba42/detection

23.105.131.141:8811
nagod.ddns.net

# Reference: https://www.virustotal.com/gui/file/15d899d86ec22da49666a2e19883acf76c17f8c0fb4cc79f6860de2e687b7061/detection

216.38.7.231:8811

# Reference: https://www.virustotal.com/gui/file/4691e58de9940ece438bdf64bcfd43d3186a1a19c9fe43b5164e6a83d60f5f08/detection
# Reference: https://www.virustotal.com/gui/domain/dns.dunamix.me/relations

185.244.30.82:2048
192.169.69.25:2048
dns.dunamix.me
easter87.duckdns.org
oluchi.ddns.net

# Reference: https://www.virustotal.com/gui/file/a8d761e48b662116fd637b656e6138e3cfb902af76ecdb31e73ddde18f0affa5/detection

216.38.8.168:8787

# Reference: https://www.virustotal.com/gui/file/0b4964c33138a53c916b451fdaec7372f9e238361a9bbcde428cdd941f1d7f11/detection

216.38.8.168:7070

# Reference: https://www.virustotal.com/gui/file/d1649b71e9c38f0dc10838f258998914a966fdb2caccd78f210cc34707420497/detection

23.105.131.154:7070

# Reference: https://www.virustotal.com/gui/file/efe9c3a82e0b98a6b144d86f06ec68e8f6b3d735117de23dacc598ad2ab1dc37/detection

23.105.131.154:5050

# Reference: https://www.virustotal.com/gui/file/e0d227ec8d25b5d6b05b931435fed286895edbfe9990a388c925e0b91911e9d3/detection

185.244.30.82:2048
igbo.hopto.org

# Reference: https://www.virustotal.com/gui/file/063cee4d23dc9351a9805b239fb6ddd531af5d7a4657919b5feeab757f877ec7/detection

185.244.30.17:1965
ifeanyiogbunebe.ddns.net

# Reference: https://www.virustotal.com/gui/file/eefb8c8f6588ed3c764a1384fae0da22874ba64bedac4ba1a7b92fa08878cb8d/detection

91.193.75.27:7070

# Reference: https://www.virustotal.com/gui/file/0cdfbe3c9db21651126b282d338539c625748118f6a1045c3d5c12d5e12f0d3c/detection

91.193.75.27:1990

# Reference: https://www.virustotal.com/gui/file/20c0e5b7620d51b026ce693ce54ccdf0dad76fcda9747913feeba3f8d34f25e8/detection

185.165.153.17:1120

# Reference: https://www.virustotal.com/gui/file/373a778ae1a96ec5470097f7dcda115ac9b48ff1e646f37837a2547c10af2cd3/detection

185.165.153.17:1010

# Reference: https://www.virustotal.com/gui/file/b097d38be9a17b46ba76b5eb4c22b3201af79492bef21a8a765128337a55f57b/detection

91.193.75.5:8678

# Reference: https://www.virustotal.com/gui/file/2003c5fea62a63caca412982a0a5d7288fe7b5a063eebc7c9b84ea7baab539b6/detection

3.126.37.18:10752

# Reference: https://www.virustotal.com/gui/file/14cd5671644e47f0336603c7abfd8868c066e52e2d1411f42b2987d35b00ce2e/detection

18.197.239.5:10752
3.127.138.57:10752

# Reference: https://www.virustotal.com/gui/file/63955e38216c81a4fcee2be6cbb14273bd57abab9e7b2042fbe2100e44aad91b/detection

185.140.53.11:8090
newbackomo.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1272889477430722562
# Reference: https://www.virustotal.com/gui/file/af167bda48f2c529f5c40634b0656e1a200806b7f04fa340c6f2cc649da6cde4/detection
# Reference: https://app.any.run/tasks/f7950d7e-918d-4044-b82e-aca79ba124d7/

http://91.235.143.133
185.244.30.113:6996
twistednerd.mywire.org

# Reference: https://twitter.com/reecdeep/status/1273201836858716166

flambouyantpapi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/414d4369268bd3d1c22d2c295e2b5af0cf11c09a754a99be438c4a14f37f6896/detection

185.140.53.18:7082
baby212.ddns.net

# Reference: https://pastebin.com/eifTii1e
# Reference: https://app.any.run/tasks/cc1f12e5-66d8-4b74-b1e7-904a2c2b3dfa/

194.5.99.29:1400
protondata.myq-see.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1275720358658793474
# Reference: https://app.any.run/tasks/de05898e-058b-4955-a98b-fe7d2e1c5e31/

cobbtownholiness.com/king/search/frontend/host/town/index/crewe/Attack.jpg

# Reference: https://www.virustotal.com/gui/file/fd446f0c654fd5e240c025a49b22c82391e94fcb7d3c6c98cb99137ff665c13d/detection

194.5.98.111:5422
morrishittu.ddns.net

# Reference: https://www.virustotal.com/gui/file/35095733c5364f67a3226c5de81ff2caaf0524a097a3c1c3e06272d5706d00f9/detection

185.125.205.73:5422

# Reference: https://www.virustotal.com/gui/file/7db77a40561aa86261d37b5e5941d5b1bfa3e0d9aeb62abea87bf7e6a26ed71d/detection

185.247.228.165:5422

# Reference: https://www.virustotal.com/gui/file/587a47a6e509433e808a3d6aec6cd7fe4602f331f94c44eb7b35a643852b4bb8/detection

85.203.22.68:1419
95.0.134.226:1419
91.193.75.235:1047
morrishittu.linkpc.net

# Reference: https://www.virustotal.com/gui/file/813643336711b2753845b25bf7ce235e06dceaa4066e32fb9c986cea0b458c83/detection

91.193.75.235:1047
91.193.75.235:1419

# Reference: https://www.virustotal.com/gui/file/8b5f39b1886022b9eb1e343f2c050fa263a5c7f121942b421d27d8548df90a2d/detection

129.205.114.28:5422

# Reference: https://twitter.com/pmelson/status/1280322293965688832

boleto.duckdns.org
camera02.ddns.net
cdtsupremo.duckdns.org
guestbooking.ddnsking.com

# Reference: https://twitter.com/Bl4ng3l/status/1280415293521739778
# Reference: https://www.virustotal.com/gui/file/18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195/detection

194.5.98.23:1965

# Reference: https://twitter.com/iamwinstonm/status/1281715105391140864

fgdjhksdfsdxcbv.ru
karimgoussd.ug
smiothmadara.ug

# Reference: https://inquest.net/flash-alerts/IQ-FA008_Remcos_Maldoc_Utilizing_Macrosheets

47.106.112.106:8032
update.huobibtc.net
update.office365excel.org

# Reference: https://www.virustotal.com/gui/file/30973f3f141356fa1b6f7435575dec35971702185013e246ba7a68a8e51c391c/detection

185.140.53.10:7171
zimchi2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/00475692be68c9b147238676446142bf183700deeb8cd32e143353e77ab09a73/detection

79.134.225.111:20207
magiobi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b718c4fe8e03c60658ddf0a98496c0cfd06bddae6884b28c57d5897c837ad57d/detection
# Reference: https://www.virustotal.com/gui/file/767509d1864123651103929b145e83d3c56d230935ff11a2a1d8b5566aedc7b6/detection

185.165.153.37:9111
194.5.97.125:9111
rem-pounds.zapto.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1285177330508464133
# Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/

185.165.153.90:3949
myfrontmanny.duckdns.org
myfrontmanny.ddnsfree.com
myfrontmanny.ddns.net

# Reference: https://app.any.run/tasks/1bc823c2-5852-41d3-b745-9eb26008de1b/

107.175.32.212:58826
79.134.225.32:8950
babushkaboy.myq-see.com
rapture666.myq-see.com

# Reference: https://www.virustotal.com/gui/file/5b9361351db7c650fa5ebbd9eca3f9601da77d6165f7a02a0f7c3b694ac2872c/detection

95.181.157.6:3333
rem.payeermine.com

# Reference: https://www.virustotal.com/gui/file/43a7ad11c500e6f3338f620a4056ae808ef5b61cd13b621bbf7d2e04122a61ec/detection

51.161.96.106:3001

# Reference: https://www.virustotal.com/gui/file/93241314c69219ff7ad7f7be291a8320a20ea4153898f7c660976812bfb57e0e/detection

194.5.97.15:3871
okamoto.hopto.org

# Reference: https://www.virustotal.com/gui/file/3bfa63455e4936d261be757e92b1acae0b3a03870e7b81b5581a0ef46b954ddc/detection

194.5.97.23:3871

# Reference: https://www.virustotal.com/gui/file/b673fe86224dba05fa6b976aaa6561709b8b3fc370dcef01c798d7f5d3414728/detection

46.38.151.236:3871

# Reference: https://twitter.com/reecdeep/status/1293089692418822145
# Reference: https://app.any.run/tasks/38a328b5-b9f5-4be5-8ece-635692b6893d/

79.134.225.52:6666

# Reference: https://bazaar.abuse.ch/sample/10ec185be9504c09a3c52c97abc34b879f4224459f154a57a56ab15df1829208/

185.244.30.243:46617
79.134.225.32:46617
boyflourish.myq-see.com

# Reference: https://www.virustotal.com/gui/file/52e7edc928a8ebe518c76972d45dec866927a7f7fc672a99f92b0d92a4479826/detection

86.99.25.192:5552
empirepvp.zapto.org

# Reference: https://www.virustotal.com/gui/file/1f38232ff5cc0a22f104f4efff9724183cc4551e7d93047a28df6496ea13a59d/detection

deeminol063.hopto.org

# Reference: https://www.virustotal.com/gui/file/67680350052c8774c2173e716367760200dcdcee362d317e5ee3dd97222ed887/detection

194.5.97.11:2404

# Reference: https://www.virustotal.com/gui/file/9308214d32419cfd7af3203fb1982798b270554888a50679655959dbab1ad957/detection

216.38.2.205:4050

# Reference: https://www.virustotal.com/gui/file/81abcabdc6ec5f22cf55310f31d596bdbbac2fe24adbed126fb5124d74d85800/detection

94.194.4.192:2404

# Reference: https://www.virustotal.com/gui/file/54695494b42242c0b442851febff5eff3ae97b457278323ea32ed70bb9397e36/detection

51.15.22.167:20202
regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/68a42b25fb48d8337952e1dda259ef0c1922817b8bd8eb5c13ad199fb9cca4ce/detection

51.15.22.167:20402

# Reference: https://www.virustotal.com/gui/file/e546566be4ea436e1fa7a62f7ffd531525fddc4484b83e571025984d12a4fe77/detection

216.38.7.231:8811
nagod1.ddns.net

# Reference: https://www.virustotal.com/gui/file/14f58e94b51704d4f0d0540f47cf1a06175e9919aeb9ba58d209adece64a737a/detection
# Reference: https://www.virustotal.com/gui/file/bdfd5e1d7d560ce9656e4b4594ff1bddbb6b44993c8e7d2aa6ae21a10c08a6e0/detection

82.102.211.13:2404
82.205.33.194:2404
googledrive.dynu.net
googledrive.linkpc.net
googledrive.myftp.org

# Reference: https://www.virustotal.com/gui/file/52b9c393d076fe63033126e342e7987e464f016bb70601356365481738042670/detection

centos4u.strangled.net
kellop114.myftp.biz
ostopol.myftp.net
satell990.dyndns.org
wertopol.strangled.net

# Reference: https://www.virustotal.com/gui/file/d5c98032ca72405fef0d8d88380730fa85bc892ea2a38ef42395bb3fca861bdc/detection

spartanrulz-32158.portmap.io

# Reference: https://app.any.run/tasks/e90145d2-b04c-46ee-b58b-708ef4472880/

185.19.85.159:672

# Reference: https://twitter.com/58_158_177_102/status/1302863025121058816
# Reference: https://app.any.run/tasks/9f56a787-bd36-4741-adb6-2ad5e556ae23/

193.218.118.190:42020
style.ptbagasps.co.id

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html (# Win.Trojan.Remcos-9753190-0)

eysk.city
edhrtyujffd.xyz
muhoste.ddnsfree.com
menstyle.duckdns.org
boyflourish.myq-see.com
mysticalsailor.myq-see.com
vikingo1928.duckdns.org
3houturk.casacam.net
foustraje.mywire.org
koustaeik.dynu.net
2houtie.kozow.com
houstus.gleeze.com
keking.myq-see.com

# Reference: https://twitter.com/reecdeep/status/1311252180670742529
# Reference: https://app.any.run/tasks/df3d660c-3bc6-405c-9efd-4cad0b9bf066/

79.134.225.83:8638
incidencias6645.ddns.net

# Reference: https://app.any.run/tasks/f2301ec1-9e5a-488e-a351-dc94c209860f/

103.147.184.53:4042

# Reference: https://www.virustotal.com/gui/file/689dcaa3c134cbccfb0c10d14c668c7b71334da8f7710503e03ed5bc8d714b97/detection
# Reference: https://www.virustotal.com/gui/file/a46df0abf052617a893f0d4093f77021f2c23e7e133f10ba2f222fae03020cd0/detection
# Reference: https://www.virustotal.com/gui/file/575bdd6efa08ed4ec3a18034716e35fd2444f1d37a43de6edaaf4ff0a18c5b60/detection

103.212.228.68:2404
103.212.228.68:7271
45.138.209.39:2404
45.138.209.39:7271
we.fanasp.co.kr
we.fanasp.com
we.oneasiaex.com

# Reference: https://otx.alienvault.com/pulse/5f7c5d703a6e8fae8295a637

doublegrace2020.ddns.net

# Reference: https://twitter.com/InQuest/status/1316097241489301505
# Reference: https://www.virustotal.com/gui/file/c1092cf4a7c2ddf97cc2e18a63fa7b7aae817995e995de5e774c8b141785d18f/detection

185.244.30.243:40619
voodooangel.myq-see.com

# Reference: https://twitter.com/ps66uk/status/1316126806232256514
# Reference: https://app.any.run/tasks/730d0464-45fb-4b4d-823c-db1ef0cc9a07/

79.134.225.48:1011

# Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html (# Win.Dropper.Remcos-9775269-0)

bushuc009.duckdns.org
fuckfuck0.ddns.net
insidelife1.ddns.net
rromaniitalfoodsinc.zapto.org
u875414.ddns.net
zubbymoney4life.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1318087844359974912/
# Reference: https://tria.ge/201019-w9w13727jx/

95.217.144.93:5864

# Reference: https://twitter.com/reecdeep/status/1318469829268000768
# Reference: https://app.any.run/tasks/c05755c4-b1f3-4ddf-a3b1-9e368976d6fc/

115.134.23.40:2910
115.134.23.40:6639
115.134.23.40:7762
194.127.179.245:7762
rromaniitalfoodsinc.zapto.org

# Reference: https://www.virustotal.com/gui/file/4dad95676736402a2fe6368eb4efed088f4898cf85c8f6e2abda6e94efd8e77e/detection

185.19.85.141:8808
21421412515215.ddns.net

# Reference: https://www.virustotal.com/gui/file/d90248d8d9d8fb8bdd69bca18f09acaebfbe2935292bcf54def3b21195e920b4/detection

193.161.193.99:34775
revenge01-34775.portmap.host

# Reference: https://app.any.run/tasks/f9925414-f338-4f5b-8add-f9e34fa9500e/

79.134.225.20:1980
bushremcos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0bedf163c25f8a5728ff01ff7e163eaa6205e05d9811397ce3e8ab0a151d53e1/detection

185.165.153.243:2021
79.134.225.30:2244

# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.166/relations
# Reference: https://www.virustotal.com/gui/file/7845e2797aaa8ebce29c1fee5704578cb15211bc85447cea5b2c7da9010c0ba7/detection

23.105.131.166:2888
gsky.warzonedns.com
ounixpro.duckdns.org

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/1a1924da9d272ea46f8a0a62d7e2ecf01746e9a7621c8b1c36950788c3a3bd8c/detection

u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/62d88acc465626086cf8a5e266f2fbcd2f51bc3c462a236b0c9349e70b5194a9/detection

185.19.85.149:6667
jaffinryu.loseyourip.com

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection

198.23.192.204:41289
jollymorgan.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b71e07e53baaeb13a8f617b56ba6944529401798ef32c55f9fb362f0531983ab/detection

79.134.225.50:42025

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/dbabf85d66c08e57af2a3ffc46b5e915291849b19aa00f1ab9ab61d5b0fe7bfc/detection

185.244.30.226:2267
kay34.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1323941877918388226
# Reference: https://app.any.run/tasks/9de16759-7dfb-4c15-9c2d-26e1951b9fe8/

185.140.53.129:4354
uzbektourism8739.ddns.net

# Reference: https://twitter.com/anyrun_app/status/1326050738607452161
# Reference: https://app.any.run/tasks/bbfccd29-2c3b-4a71-8713-63285f610029/
# Reference: https://www.virustotal.com/gui/domain/indoreisenslovenia.com/detection

indoreisenslovenia.com

# Reference: https://www.virustotal.com/gui/file/75250cab773991fd76bf14b8c397b2f143100cf5b13f3213528167e43409a537/detection

5.2.68.77:2404
hassavanarel22k1.xyz

# Reference: https://www.virustotal.com/gui/file/f21dc0aa7ef43f5799073c250f581c7c8ec1f7a1ec8518fb90b3df4759075472/detection

64.188.18.166:1983
honoexpress.linkpc.net

# Reference: https://app.any.run/tasks/66dadbe4-2d6e-4f7a-8d17-6a833d0a5ce5/
# Reference: https://www.virustotal.com/gui/file/680998e260bbd7b843f923f3ae3c1fcadbd1037fbd795c7da98149876f791e7b/detection

205.185.125.42:3014
cupidwap.com

# Reference: https://www.virustotal.com/gui/file/6ba00445a5c30db7e57de9335d2afc28a63315badef37d97af8b602b9e820aeb/detection

185.140.53.231:5050

# Reference: https://www.virustotal.com/gui/file/a20bf2ab10263ca3dd2ada84854a22d9e6fd9029925ed65cef91765f6347aa66/detection

79.134.225.37:4050

# Reference: https://www.virustotal.com/gui/file/9128e156ef2c0ed95d615729316ff82615354d6509e30a2e931913cb574dd4dc/detection

185.185.3.40:2404

# Reference: https://twitter.com/James_inthe_box/status/1331333639464841219
# Reference: https://www.virustotal.com/gui/file/e18773082c76655f9222fd26198eab9011af2bebea85fb4c7d525e37e3e84024/detection

79.134.225.120:12489
daemontime.myq-see.com

# Reference: https://otx.alienvault.com/pulse/5fbe488fe0a954169992d27e

al-sharqgroup.com
deviatefromnorm.com
sandshoe.myfirewall.org

# Reference: https://www.virustotal.com/gui/file/52e6d14ed04c5d7b44a0966a6357a62c8ab7550cda38c37f3c6c11bc0ff19f60/detection

5.39.11.47:2404
citym.camdvr.org

# Reference: https://app.any.run/tasks/b3ddcec2-f0ee-4a87-9fef-5ae96671dffe/

45.10.88.89:2404

# Reference: https://app.any.run/tasks/f5fde18d-e250-4011-a63a-bb63732935ba/

185.19.85.183:5004
stellionlab.com

# Reference: https://otx.alienvault.com/pulse/5fcf6bf6695f8abeb583b291

agentpapple.ac.ug
agentpurple.ac.ug
agentttt.ac.ug
brice.ac.ug
darkangel.ac.ug
nilemixitupd.biz.pl
taenaia.ac.ug
doublegrace2020.ddns.net
softg.duckdns.org
u875414.ddns.net
u875414.duckdns.org
u875414.nsupdate.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1336585927221768193
# Reference: https://www.virustotal.com/gui/file/e4adc99ec527422ee85c7260633d9e7abe452215f6c68bee28b4d4e8ac48d4db/detection

85.114.134.130:5850
85.114.134.130:5851

# Reference: https://app.any.run/tasks/cd97dd8f-a088-4c78-80c7-66c6b47e297a/

194.5.97.32:959
softgee.duckdns.org

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html (# Win.Dropper.Remcos-9802952-0)
# Reference: https://www.virustotal.com/gui/file/f862eb253778c7b1c35349d798736124d7ee97db446217b2e5962fe2431d1e46/detection

185.140.53.129:3871
waxb.ddns.net

# Reference: https://app.any.run/tasks/d73cc422-8f5d-4d45-9f4d-b58a2ecb5baf/

181.48.139.42:6695
postreg.caserogourmet.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1339442811092013056

mute-saga-0240.lovesick.jp

# Reference: https://app.any.run/tasks/8cf679a2-d1e1-4bd9-be0d-93da9c9fa041/

185.140.53.225:6609
cato.fingusti.club

# Reference: https://www.virustotal.com/gui/file/94ec48d884762cb9f15584b01baa677445daa83d4093ccae7f70f6773b949799/detection

81.136.50.222:1604
hamstro1.hopto.org

# Reference: https://www.virustotal.com/gui/file/5cbed2f8a5fdadbd99816c4c8792bd51a2db7479f80bf70409f0f257f942d0c9/detection
# Reference: https://www.virustotal.com/gui/file/6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275/detection

185.244.30.180:4902
185.140.53.202:4902
4sureme.ddns.net

# Reference: https://www.virustotal.com/gui/file/134a6f4d0867df4570a3c569a0a5be3cca92537e8f27ff169e89c3eefa59fe6b/detection

194.5.97.198:2021

# Reference: https://www.virustotal.com/gui/file/849c170a469dc6f5b1bc190923744b08c51ea0ea593e435f0121b874af58c3ec/detection

185.140.53.221:2404
194.5.98.145:2404

# Reference: https://www.virustotal.com/gui/file/fde81d8213468a66ed189297ca748d5c4f07963d5cf33d622f245cd76135ccc8/detection
# Reference: https://www.virustotal.com/gui/file/80eb23e554c801edb57a51883e0ac40d26fa6aa8f764a2d30d31e451359486cf/detection

109.163.234.141:19109
185.206.225.59:19109
86.105.9.67:19109
sub2.xboxjordan.waw.pl

# Reference: https://www.virustotal.com/gui/file/72afbcd580f1ab2994b13938db2fad12fdd7619961d346a220fc2110d348490f/detection

89.249.74.213:50119
wghavenn.airdns.org

# Reference: https://www.virustotal.com/gui/file/03e055979496752e7f81aed9884a6acbcbeda20148e60f7b5d8eda30852e4e23/detection

2.58.47.203:50119
wghavennn.airdns.org

# Reference: https://www.virustotal.com/gui/file/461aeaa36397feb9322660fb537a2c976f6ef41509d428993c924279ca6c7f56/detection

79.134.225.28:24007
mariasteven1.ddns.net
mariasteven1.hopto.org

# Reference: https://twitter.com/malware_traffic/status/1346947588075868161
# Reference: https://www.malware-traffic-analysis.net/2021/01/06/index.html

79.134.225.92:2889
whatgodcannotdodoestnotexist.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/17/h/cve-2017-0199-new-malware-abuses-powerpoint-slide-show.html

192.166.218.230:3550
5.134.116.146:3550

# Reference: https://app.any.run/tasks/837b76df-3fc8-4b34-8a61-f25d1a32c4b8/

45.137.22.52:8780

# Reference: https://www.virustotal.com/gui/file/15598151d970675376778697c2c6498a104856b88a58fdc2c663a35574892abe/detection

193.161.193.99:31403
35.225.160.245:5762
agaoajz1hrvevre.info
bcbncq393z3hplq.club
cbiq1neygyp1wno.info
cedsxoisslv2nim.club
cwt1u0vv8ic357ov.info
gwty0fig58dcq6f.xyz
maui16azsncpo97.info
mj99puoba6c3gun.info
pgqduoyxvzennam.xyz
pmfiryhhkin98px.xyz
poykoqnl7jkj632.info
se2qwz60l2oxznm.xyz
tu90to3b4q4uqze.info
usd7o88wemlutx5.xyz

# Reference: https://twitter.com/fr0s7_/status/1353668898994999296
# Reference: https://app.any.run/tasks/5e41e266-b135-4604-b58b-9facafe8d0dd/

54.39.198.228:6332
moneyds.ddns.net

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

185.140.53.149:6969

# Reference: https://www.virustotal.com/gui/file/ed33a55395aa0b7061266a9c61b87fdecfb3fd0605ac1ca342751f9deaf25930/detection

185.140.53.12:1170
185.140.53.12:1180
anonfriendz.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b77ee0649ca157f9c5bfa3f1a81425bb8a72d704e7298fff81936843c2714443/detection

185.244.30.3:1170
185.244.30.3:1180

# Reference: https://www.virustotal.com/gui/file/54943c180b2fa915dd676406c3ef2c61597da86b982de4a685d59288e08888dd/detection

185.140.53.138:1170
185.140.53.138:1180
96.47.236.78:1190
tradeworld.duckdns.org

# Reference: https://app.any.run/tasks/ac3857dd-b08b-4dbf-8d37-1e941949eee0/

46.243.248.15:2177
gdyhjjdhbvxgsfe.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/375f949cba028f5722641af5c2b8d62086639d0663796ea01ac18cd1470184d2/detection

13.59.15.185:16391
3.138.45.170:16391
3.22.53.161:16391
3.128.107.74:16391
52.14.18.129:16391

# Reference: https://twitter.com/malwrhunterteam/status/1356889417030500353

datamicrotransfer.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1356909089746530304
# Reference: https://www.virustotal.com/gui/file/df2b517d9777fb1b734d1f25e7eac6f5217988596427086c7821a272f1fd9abb/detection

185.244.128.34:2404

# Reference: https://twitter.com/petrovic082/status/1357010449909350408
# Reference: https://app.any.run/tasks/91c4e993-c6d9-45e4-8863-8c6d6baed913/

79.134.225.114:1814
covid19safety.myftp.org
mercyofgod.myftp.biz
mercyof4god.myftp.biz

# Reference: https://app.any.run/tasks/b0dc1122-9b02-4592-996a-6a27952af5bf/

37.252.11.23:6969

# Reference: https://www.virustotal.com/gui/file/3efd0b10958683468b618a94f3b3888d6879c190b7e1c7425a23fc434f64271d/detection

66.42.107.233:1337

# Reference: https://otx.alienvault.com/pulse/602128ef6c24b8ff3a8da56b
# Reference: https://www.virustotal.com/gui/file/95977953d059ed0e495628fc2906d05c1bfce1d8154adce122db8e19b01ba398/detection

starbuckscoffeeohyea.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a4991196a119e42c7256e986d66df9b2b8f8bf5e43353c195cd495634231103/detection

46.243.230.51:2177

# Reference: https://twitter.com/reecdeep/status/1359110973009899520
# Reference: https://www.virustotal.com/gui/file/1e5a328f760c35f905390fb4bcf0eefa75936c79a43e22ca7557da0e315c72ed/detection
# Reference: https://www.virustotal.com/gui/file/926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff/detection

194.5.98.14:7369
highwayraider2021.ddns.net

# Reference: https://malwargsecurity.com/2021/02/08/remcos-rat-net-unpacking/
# Reference: https://www.virustotal.com/gui/file/3908ede26aad1fc2a1db9d3a26a017549b40ebc7d73d731fcb5691aab82b830f/detection

68.9.207.24:37845
transcendentalistschool.com

# Reference: https://twitter.com/r3dbU7z/status/1359374669921550336
# Reference: https://www.virustotal.com/gui/file/c062b4a790666b338f7955ea792605bf0244a8d36cb1050c602727ff6d654e36/detection

37.120.137.254:30288
remmyma.duckdns.org

# Reference: https://otx.alienvault.com/pulse/6023cbf090368b63de15730a

tanjiim19713.sytes.net
xchilogs.duckdns.org

# Reference: https://app.any.run/tasks/711e1f28-747f-4e74-b634-dd377aa9531d/

186.169.39.242:3202
resener.duckdns.org

# Reference: https://www.virustotal.com/gui/file/52f07520a01a6da3c6bc7545fbc53fc567cd4cdce70f25d849cd32d163474d45/detection

obereagujnr.damnitjim.xyz

# Reference: https://app.any.run/tasks/f1e86c26-0af4-4181-ab13-ed53844fa708/
# Reference: https://app.any.run/tasks/7d1dad7c-6c33-44f4-82be-1cf81a5ae55c/

185.86.106.202:3234
79.134.225.96:5397
gentamakina.com/tt/
marstonstyl247.ddns.net

# Reference: https://twitter.com/reecdeep/status/1361943725354741761
# Reference: https://app.any.run/tasks/02066148-b1e0-4e0c-b503-b468d1929467/

79.134.225.11:2021
talkmyown.kozow.com
talkmyyown.kozow.com

# Reference: https://app.any.run/tasks/bc1c9de5-d4ad-4293-ab89-0336089d0c9c/

78.198.121.158:666
yifflez.ddns.net

# Reference: https://otx.alienvault.com/pulse/602fa97362b6279a63a34907
# Reference: https://www.virustotal.com/gui/file/adda1acb8d885b3725058cf0a26d22b0c98a80673126a7bf7216ac7f6ba86005/detection
# Reference: https://www.virustotal.com/gui/file/d10921fef4f5d706859246d7e4f988f7df830d59e2ba6daab16665fd5637a16c/detection
# Reference: https://www.virustotal.com/gui/file/8a59bb0e1678af1df0b5d32e17ecc543310876b8b27ed18350ffced305ac32bd/detection
# Reference: https://www.virustotal.com/gui/file/71321f5d0edaa1d1bd1a9f4f931233a02cf2bf4919954b4c8337aea75f100feb/detection

103.151.124.64:2243
103.153.76.111:2667
103.89.88.238:4299
160.177.121.69:59
adadwdgfgdfg.ddns.net
sknre.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1363765805314420739
# Reference: https://app.any.run/tasks/e79ebc0c-f8fe-483c-a4df-3419b26895b5/

194.127.178.174:4021

# Reference: https://otx.alienvault.com/pulse/60379278fbce7ab73ca18941

greenfieldsde.duckdns.org
j8.andnolikeandtoo.ru

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html (# Win.Trojan.Remcos-9835338-1)

ghdyuienah123.freedynamicdns.org
ghsgatvxbznmklopwagdhusvxbznxgtewuahjkop.ydns.eu
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu
hjduiebcvzcalpmjdbcnwqadhsiybcnzxswedgap.ydns.eu
hsyuwbvxczbansmloiujdhsbnbcgywqauaghxvz.ydns.eu
mtspsmjeli.sch.id
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu

# Reference: https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html (# Win.Trojan.Remcos-9835542-0)

cwzxas.ddns.net
rem1.camdvr.org

# Reference: https://www.virustotal.com/gui/file/076943b4bde772d9f6c5239dae006557e6ea21a6c72307a98475a422b75b618a/detection

193.161.193.99:50915
artemlok134-50915.portmap.io

# Reference: https://otx.alienvault.com/pulse/6047646f1a9d70bd963228bb

asnrg84tr15e.ddns.net
vpsnnog.ddns.net
kazeni.ru

# Reference: https://www.virustotal.com/gui/file/425125474825c83c556ddb9686d06c0fe3bed8fd1a6a7058b60a26189aec81ca/detection

46.21.147.203:5850
fasdf324v4355642dfssbzsdfv23vasvf12.xyz
w8s.graviimaster.ru

# Reference: https://tria.ge/210315-t7r5mz9tv2

37.48.89.8:4783

# Reference: https://www.virustotal.com/gui/file/1cf604ac116b7d480da4fff508c4ef036ab842df708c8ce0b8e81e4b6f37efd8/detection

79.134.225.46:2405
ogidikasi.hopto.org

# Reference: https://www.virustotal.com/gui/file/84cf1bbee36c2424d48072b0f3cc8083ab37e04b93e72d455f9d545ea3a72c4f/detection

23.83.132.179:1414
bu250653.hopto.org

# Reference: https://www.virustotal.com/gui/file/c38b0ffb44c8586dff8c8ec3546b3bfd332c4e84f9b636fceb322522fe2ed409/detection

164.68.122.235:7775

# Reference: https://www.virustotal.com/gui/file/5e0fe09b76750751f25ee170f4e3f5d3de441614a887316e3a62334d859b769c/detection

176.111.174.72:3139

# Reference: https://www.virustotal.com/gui/file/38e003f280936ad6c0cacd7a57e6864de55b11058f5c0d45f8b3e42313bfdf84/detection

5.172.199.55:3513
dfxczaqwvcutbnmewxvfqwercfgrwzxcdcdfvgws.ydns.eu

# Reference: https://www.virustotal.com/gui/file/ef91414c679b45b0100bac70a53d65eac5c0b280feffe3350c803d215bb7607a/detection
# Reference: https://www.virustotal.com/gui/file/17c742f29afb5c4352f3fb0079fbb0b2d72da1e65cfc59695f9a7259088b4615/detection
# Reference: https://www.virustotal.com/gui/file/d34d907900597c60df794fea4bc35e8ecafe3359f8cc8ef32742ba4e0747afbc/detection

185.140.53.133:4344
23.105.131.132:4344
79.134.225.73:4344
ongod4life.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f0cb02c449739d35bc024bd78983126dbba1b3c78f566184177f8e0206f1b60/detection

159.89.86.174:4810
oberenwa.ddns.net

# Reference: https://www.virustotal.com/gui/file/5adf963b1c92ba79a5003d87943b4cb6c8a72fb9db63d8922c43f6631ad27995/detection

46.243.239.31:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/1b49da172b79de32c6df4e87385e57c0e3768b0b227b84cc38cd746b05200720/detection

172.94.24.120:2177
172.94.110.79:2177
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu

# Reference: https://www.virustotal.com/gui/file/13bde9ef7157ee47c6906c69e6fe0d810b04ce60b8b4f2e74743da33e526dbf2/detection

37.230.130.89:1996
wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu

# Reference: https://www.virustotal.com/gui/file/631c6d3b1c526c8bb366cc72b009da37ec83994c72b210b0132650fef93c147c/detection

sfghfsfjskdjkdfbvndcnfjskaklwrrfw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/f4385738ec4059ccdb1cdc3d0027ea44d002dbbbaebcb300ec8591bc9397e184/detection

104.247.222.46:2404
agdyieyrtghbncmloawghdvbxcvztyijgrtwqbcs.ydns.eu

# Reference: https://www.virustotal.com/gui/file/5a5e322d26a9565ef099e9c62ded4b7430e13cb13303bb97000d720e023f30a2/detection

172.94.16.38:2486
wywtrwbnmhtytrebsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/0905d7304968596830e1a0fc7bdec0954a625fadce64a784b45f8905de7f022e/detection

moep123.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/f1f8906bdbdffe1be2f02db42adeb93dc23bac4dbaba91904fce2d3810223c5d/detection

irukdns.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/d1c41d983e4fd40ab80cc8b393d39bb8290836c2793075b9c8fb41f0ce44238d/detection

niftywar2.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/c9f0e613181a2a984e46341992a601596462e80aa9bdee144b27fa2c76b04b74/detection

bc3.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/178d7aba3b04fb8ae4cd50e7e3f8da86565b93f724e2d38acbf9789411e79395/detection

79.134.225.84:6767
steve200.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/eb7b058c625b1306c70d8a76546af054bd769347ca067f5db5e1b0b1c7306298/detection

185.158.115.38:5000

# Reference: https://www.virustotal.com/gui/file/4922d66a76f44ddb8fef492d8ba36d40c57c9e6fd40e1df87a0c9ca135b76da7/detection

185.158.115.38:5001

# Reference: https://www.virustotal.com/gui/file/b250bb73821f32afff2287989bbb61b5470efdc3d14fa1006bea3602da8b3328/detection

185.158.115.38:5002

# Reference: https://www.joesandbox.com/analysis/373731/0/html

185.158.115.38:5004

# Reference: https://otx.alienvault.com/pulse/605c7c79a457812f750a15cc

0e19yo.grinchim.ru
5sis5z2.grinchim.ru
d.kaunieni.ru
hz.tudara.ru
rgc1.grinchim.ru
ynoil.asubeshi.ru

# Reference: https://www.virustotal.com/gui/file/e5ed9e5b1976279f51d9c47d275ad01143b62e23c83692981c74c367a34e0b25/detection
# Reference: https://www.virustotal.com/gui/file/e058733307afcc2954f7ae1e98d25d6778dee869fdd92355b0117a783648a690/detection

185.140.53.7:2012
185.140.53.7:7171
greatful111.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1efb13491a849b91ae8ddea21fe86f42b725c3f89bd5d4abf57adbaf03c7fee/detection

193.161.193.99:24405
actcoolbro-24405.portmap.host

# Reference: https://app.any.run/tasks/8ec193ba-d31d-4aa6-a3da-aec198ece841/

52.14.18.129:11797

# Reference: https://www.virustotal.com/gui/file/25b789678cb803bcb9ce9f1b7a375846812a83c89d9d4ff8abe1b90a8aa54a47/detection

45.15.143.140:5200
creeping123.ddns.net

# Reference: https://www.virustotal.com/gui/file/85adbdc2d0f35bf0a922251edd55f4a44d6aee52f2945eb71177a73a88a86fef/detection

demco.hopto.org

# Reference: https://twitter.com/Racco42/status/1380048908391448585
# Reference: https://app.any.run/tasks/05c3497d-fee9-4a3c-98ea-0a6dd6d048c0/

79.134.225.118:2405
osisego.ddns.net

# Reference: https://www.virustotal.com/gui/file/9fad68bbaba3bcd69e3b8100eb5c035ea2caf59e0f9115e36667a62b2dce84bb/detection

194.5.97.173:10001
remcosagent.com
1.remcosagent.com

# Reference: https://www.virustotal.com/gui/file/60716f52814e9b88c1c69b16058ed783a6ca59b125b34c7f0af0e87a8e05c546/detection
# Reference: https://www.virustotal.com/gui/file/a52615bd2b0c2fd4d1070030206c07fee192d00b7c307b4bf9babcc53dd38bd4/detection
# Reference: https://www.virustotal.com/gui/file/1bd08a5a9fa260ba34749b97d3a31d9de432f7fe74abc51ddbc7cdeab16ecbd4/detection

194.5.97.173:10004
23.105.131.188:10004
45.90.222.101:10004
1.ispnano.dns-cloud.net

# Reference: https://www.virustotal.com/gui/file/40ce7df3b4b481626b5082a1516631b05530819fb9ba434028103474ad959ab0/detection

185.140.53.9:8905
zubby2468.hopto.org

# Reference: https://otx.alienvault.com/pulse/60855af69ecf01b490310da4

brainy-example.auto.playit.gg
pleasant-ant.auto.playit.gg
tasty-comfort.auto.playit.gg
johanvargas97832.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40043c77c684191274bbf6d72c932ffb34f55b09033f631fdf9abe106349d637/detection

poiarmex247.ddns.net

# Reference: https://www.virustotal.com/gui/file/3253409d3bc8d987a390ca661d46c81e7f4b98636867d1b323de10e3f0e54784/detection
# Reference: https://www.virustotal.com/gui/file/936f3a9ae7a98440c6a63c0efcd91c145dbbc665773c69c7404c56de2495db9e/detection
# Reference: https://www.virustotal.com/gui/file/841c9a9df354e8e904f06a41a3ad5a9fc63213bd0070f9cf2b3f1ed07f036abc/detection

194.5.99.25:9950
197.210.29.184:9950
91.192.100.4:9950
kzi.ddns.net

# Reference: https://www.virustotal.com/gui/file/6d9f887bef0ec963729f0484a302b846d0cb024cf861d16f99f0ea21d02614a7/detection

108.170.13.104:1144
jaxfriend.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7364b6f75f48db8f3a34910e562dc12ad06b1dbed250606383b86d7e1b083293/detection

191.101.22.150:1313
204.11.56.48:1300
youtube.proxy8080.com

# Reference: https://www.virustotal.com/gui/file/a8284b3545fbef308d3c11d3d1d4547521a662e521363f32519a71279946839a/detection

drkao2.publicvm.com

# Reference: https://www.virustotal.com/gui/file/6e889790fc403f49ed9e7537fbf1573d7d835c66a8937c134b1e2d2f58b2d70d/detection
# Reference: https://www.virustotal.com/gui/file/4c9428c3afaec204fde3cd2ae46cc7f4db5501c28dc52ea2d72b64e5f063d1d0/detection
# Reference: https://www.virustotal.com/gui/file/4b3b08c356b54f95bca518bd5c12ec1ec0cd32fbfac860f5a1a1a8e36da66c26/detection
# Reference: https://www.virustotal.com/gui/file/9293ff8bf51a6345a7bf3600fa9a8734b2184ac9c68ec534e382197bcfee2755/detection

107.173.140.145:500
41.102.107.65:500
41.102.126.56:500
41.102.222.13:500
41.103.179.251:100
jessads14.publicvm.com

# Reference: https://www.virustotal.com/gui/file/9af05c1cb783bb50a2f280fd22bdc4a8b5160488afc7093a383e6e60cac4d90e/detection
# Reference: https://www.virustotal.com/gui/file/bbceef2cd8724fc87db474357e3e08d064ae4211ec9d7bc8367720794c867bd6/detection

79.134.225.50:83
nassiru1166.webhop.me
weloveplayinggames.servegame.com

# Reference: https://www.virustotal.com/gui/file/6b0eea8aa1f1b8232bb5be47b581d06030fd457a3e92654f949ca8dd474b4bae/detection

194.5.97.16:3866
blessmegod.ddns.net

# Reference: https://www.virustotal.com/gui/file/57c784d345d5da29536127681d5831917418835f23021ba2797a36c2d970ed22/detection

185.202.175.208:54604
salonirang.duckdns.org

# Reference: https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html (# Win.Dropper.Remcos-9855176-0)

urchamadi.ddns.net

# Reference: https://www.virustotal.com/gui/file/b80bd7a65be99417565de85e074fca3ee71c3d065bdfbce60bd38772883d1c8f/detection
# Reference: https://www.virustotal.com/gui/file/bbf876e3bcfddf50eb4eeb30a318061f8f882cc37f9a3ac0ebca8fde5ac7c8b5/detection

172.111.192.30:5100
172.111.192.30:5101
tangaza.ddns.net

# Reference: https://www.virustotal.com/gui/file/fa42adf2a52de72f3332a57e26d420aa900d4e37cb074defc96b0fb2e91cc8bb/detection

193.176.87.173:5556
sfilm.ddns.net

# Reference: https://www.virustotal.com/gui/file/56fe55a19838b565147a2cb69b67c400d82dcfe628e7945094a85b0ca433cdbd/detection

5.133.11.56:1843
link2.hopto.org

# Reference: https://www.virustotal.com/gui/file/526a55fde827d3e610e4e63553f3aa104debba5c7ab27c209b2c3135a58e0b6e/detection

194.5.98.168:1181
wassimaldo.hopto.org

# Reference: https://www.virustotal.com/gui/file/96e975e9e509e40c6b069f4fe4ef338ddaa76472a30e3115374d5ae3b25c7616/detection

45.137.22.107:5888

# Reference: https://www.virustotal.com/gui/file/4c6f0e6133b1b9d709c39c94d3e51facc2f840c550fbf900ceb2cd2d67d8d0c3/detection
# Reference: https://www.virustotal.com/gui/file/af4c8495dd4f20c61cd4e12e3eba996da63965245c781a06cfb03cc2a6ecf4b9/detection

185.244.30.118:7255
192.169.69.25:7255
money4life.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fe719ecb5f04ed964bd5fdecc2085bdb1518358c65d12462fcddb66a6015740d/detection

23.105.131.201:2021
igatyou.mywire.org

# Reference: https://www.virustotal.com/gui/file/25e031c016e316abfdc7fcd4125a0f1e018864369d56b55429aaca841e2b4e49/detection
# Reference: https://www.virustotal.com/gui/file/77f3963993f7fd03fa8722eddb591e2dd348eaea7f9f04cca095f1cd13ae52d0/detection
# Reference: https://www.virustotal.com/gui/file/576148808d739c615fe9d015588bd767467a504d0272abfb4c7475ab758e9177/detection
# Reference: https://www.virustotal.com/gui/file/1fdbad9bf3d6647702d79ea8d13de188be6c9c290c7b0349a476f218d3f10428/detection

185.140.53.19:5149
185.244.30.87:5149
194.5.98.58:5149
45.156.31.56:5149
noapology.myq-see.com

# Reference: https://www.virustotal.com/gui/file/a17bc1d444f1da0570f4a2eb986b582b13603e8d48c5ff285bc30640e4fed9b8/detection

79.134.225.18:5749
zabdy.myq-see.com

# Reference: https://www.virustotal.com/gui/file/d32d689d49f6978dfb2855d35e42a4fecfb34dce218d6b87ef2752d7a501fddd/detection

89.160.26.37:8811

# Reference: https://www.virustotal.com/gui/file/8d2bdeec509458f3b1734e4f63bc29c679ea66214e42fabc5b4f83453a96bc56/detection

181.141.13.58:1717
gabriel64.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2e81ce0a08b7e6ad6210b1068d6583628d8ebb11d93ce4f1b424fede249a39df/detection

45.144.225.94:4145
brownfilleds.duckdns.org
ghytrty.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c841bc4893813d54a5b6d044bafa4d50bc508a8d0ff0eafa1f395cd1db98ee6e/detection

45.144.225.94:6553
aaeeerbbbeee.duckdns.org
fieldsdegreenf.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60a80e420ee6b40903ac9f67
# Reference: https://www.virustotal.com/gui/file/70a7510210a1e2316407273b03185c5bdf293f37f25d74e72e9efcfbe3730205/detection
# Reference: https://www.virustotal.com/gui/file/ac72c88ac869b33d667fe46ba26647c6faba1629ccd9f4d4b9dc7bbbb05755aa/detection
# Reference: https://www.virustotal.com/gui/file/d8a77ade2160a14931640aa5117db27d70755cb53465a036e03770216d661b90/detection
# Reference: https://www.virustotal.com/gui/file/e0bd17f8c8cc6a994c6b22b21a781d3c52c42e0b5bf5fa39aef843254baab035/detection
# Reference: https://www.virustotal.com/gui/file/7513d01b0a6429c8fa0313ad11d546ecbd7d4ac4ae4c660901bfe113b641c266/detection
# Reference: https://www.virustotal.com/gui/file/73525db851cd3b329df6fc009e0a478f21655947188fccfb0b0f56558a9b56f5/detection
# Reference: https://www.virustotal.com/gui/file/bc2de67edc62f73bc31759317d846a3e3fdc9a74624b52cc51ddbe1008c01a91/detection
# Reference: https://www.virustotal.com/gui/file/219d8dc53843abf0fca983501c395c9dd5a188de9bfd2a4077112f357154b5c8/detection

37.1.206.16:5656
37.1.206.16:5757
37.1.206.16:6161
37.1.206.16:7071
37.1.206.16:7272
37.1.206.16:7474
37.1.206.16:7575
37.1.206.16:7676

# Reference: https://www.virustotal.com/gui/file/9df7d15ccf6f6fa896936b3a1547aa0a862ebc735551cbcd41aa7813efd9a585/detection

142.44.161.51:2065
91.193.75.136:2065
kingmethod.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9c873107151e9c3ef157e81665f402ebeaea2c73638e6d2d66c4ccaf549b6d8c/detection

147.124.219.204:3303

# Reference: https://www.virustotal.com/gui/file/649be52b6b0d362efcfc6f1dd79a6b8fbcf85eb2b68f0138f87b6e1cc7e5a418/detection

31.214.157.40:1312

# Reference: https://otx.alienvault.com/pulse/60b773ef50d74a062977cfbe
# Reference: https://www.virustotal.com/gui/file/a52ef1b90c14bc6cb890c0c7710e3988310fdfe3a0b29887d39bdab8b6f521fb/detection
# Reference: https://www.virustotal.com/gui/file/0bb724b323436b461068d01ef83c6f06e322a8f6543f6f3c752f864ebd651f09/detection
# Reference: https://www.virustotal.com/gui/file/15f2c8def8807cb5391448f40e71f5871f75195dbb46bc0dfbad7c5978212550/detection
# Reference: https://www.virustotal.com/gui/file/9f110e4425fb423e422fae6f90e17f6c3420fb5a94da388204017780c952fc42/detection
# Reference: https://www.virustotal.com/gui/file/424e0801ba42dbae1f4b2e9669c8a628168ceaff00dfe9ef1417093477bea9ac/detection

116.203.140.78:2404
162.246.186.170:8199
177.255.91.0:8199
arangojuancarlos45.duckdns.org
mexch.ddnsking.com

# Reference: https://twitter.com/_CPResearch_/status/1400467814117478404

hncbeyghfsbvcuabgsbncvzgaioiuyegdbhabbbw.ydns.eu

# Reference: https://www.virustotal.com/gui/file/8e8e7ed17c0cc7d20256d8ca0b3288e8c0d9499ec097fb8ebfa9a20c8fcecca1/detection

105.112.38.206:1181
oxbornl211.hopto.org

# Reference: https://twitter.com/phage_nz/status/1404992038030897163
# Reference: https://tria.ge/210616-1sgjg7wrga/

79.134.225.106:2050
collectionsdpt.me
eter101.dvrlists.com

# Reference: https://tria.ge/210615-dswhaekpxn

194.5.98.147:12489
killedifabused1.xyz
top.killedifabused1.xyz

# Reference: https://twitter.com/Circuitous__/status/1407099611030900737
# Reference: https://app.any.run/tasks/20920674-4a35-45bb-a113-9831bce57e28/

185.19.85.134:6666

# Reference: https://twitter.com/petrovic082/status/1407102524478431233
# Reference: https://app.any.run/tasks/995d8193-ec44-468d-b25d-dcfd8d528218/

192.3.146.165:3543

# Reference: https://www.virustotal.com/gui/file/f709da4edb2f6bfbac3267a9b28e58191fd2d47e14efd09819b900670828dbf5/detection

191.88.249.118:9803
dominoduck2116.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1408502242320302086

alonso.luda.ydns.eu

# Reference: https://twitter.com/pmmkowalczyk/status/1412756604362149895
# Reference: https://www.virustotal.com/gui/file/dc06bb2257a6c4b556fb02ea5741c4cf6ddbe47a08d3308f7dd87b5ac23baed7/detection

194.5.98.195:2098
mrplayplay009.ddns.net
mypayday0091.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8578bda62e4c8d883e6a75a13cefa9c465a860f05f1f0c54d95314b44d7e01da/detection
# Reference: https://www.virustotal.com/gui/file/f18df8366f69c337b373482151cf5732c7155b55b88db0f78fdc511ab4992f5f/detection

185.244.29.132:2130
185.244.30.4:2130
194.5.97.26:2130
23.105.131.132:2130
91.193.75.131:2130
cashoutooooh.ddns.net

# Reference: https://www.virustotal.com/gui/file/5c519e625e4132e5806da10504cda9e2fc92dad8d27edb7109ad036965ef4200/detection

181.141.3.23:1616
madryurs22.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d380178c93ba5b323f915df1d3f0ab7953630bdd502b699093874cae4b581d40/detection

191.88.249.118:9804
dominoduck2117.duckdns.org

# Reference: https://blog.malwarebytes.com/threat-analysis/2021/07/remcos-rat-delivered-via-visual-basic/

185.19.85.168:8888
randyphoenix.hopto.org
tippet.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60fd537344fd67bcd96f659f
# Reference: https://www.virustotal.com/gui/file/384ac24ef5f4566364596166c5c90b3cc17b4d55679ee359439d395e51015e54/detection

45.155.173.48:30755
xcrew1991.kozow.com

# Reference: https://otx.alienvault.com/pulse/61029970bf4dd605cb62ec4d

duck50501.hopto.org
fosterpapi.dvrlists.com
plantaincutter1809.ddns.net

# Reference: https://www.virustotal.com/gui/file/0b95c91f6e73b5c87727bba93de2f435e6695ad884b9faa932df5cb3357e0d47/detection
# Reference: https://www.virustotal.com/gui/file/33b1629dc01123f78d568c7638f33ca6619834daad9866f666c00062920b13da/detection
# Reference: https://www.virustotal.com/gui/file/a9fdfe935ff4adda29a2302a61368d2168f534b18a790a48b2bb00212ce65656/detection

141.98.102.243:41078
185.189.112.27:8618
213.152.187.215:41078
twistednerd.dvrlists.com

# Reference: https://twitter.com/petrovic082/status/1422131119542185987

ibotool.com/Kuhfcgvxvdmngzrvwucoqaisbrmnaqvahk.exe

# Reference: https://www.virustotal.com/gui/file/f77ee1da37991ac453867f3ec63c1e0d18f139d6585c5158fc92b78aa4f07b02/detection

79.134.225.95:6060
kashbilly2.ddns.net

# Reference: https://www.virustotal.com/gui/file/239d05f508f2055daa1e4bf62f465f3ccbe7104fcb3c98504630d40d37466e02/detection

79.134.225.95:5050
kashbilly.ddns.net

# Reference: https://www.virustotal.com/gui/file/44e5e569ffc3aaafaa238edb4371abdeb03f449f64b230b6deccb19c2ea56a46/detection

45.137.22.101:5888

# Reference: https://www.virustotal.com/gui/file/e7f428e6ab2a008daad896a354a1544d76993b88587b9ac77cb52df09ee7364a/detection

45.137.22.101:8787

# Reference: https://www.virustotal.com/gui/file/a10a6b45a930f2de06af77ac304a249af70978bb3346bc1bd64ca556d0856bb8/detection

194.5.97.183:8888

# Reference: https://www.virustotal.com/gui/file/28195c5efb0785a7e261e8ea1a3d76ecac4c1639e7df6d9b9309e436437547b8/detection
# Reference: https://www.virustotal.com/gui/file/84638535fc6db5df3d5029b7417810c3d70fa83c6f9a380df0066db5f5955c51/detection
# Reference: https://www.virustotal.com/gui/file/1c33eed32ee64e2abbc1b66486b46f93b5ca61d42e384d3dd49810c73f48147f/detection

185.19.85.133:8231
185.19.85.133:7735
79.134.225.76:8898
typejimbo.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6a3c1c7df2e3310ec079de07f3b5a6d2d1fe95a607ab15405f92a43d26e97cd/detection

135.181.17.47:4783

# Reference: https://twitter.com/Racco42/status/1422922614348165122

194.5.98.7:3759
june248.ddns.net

# Reference: https://www.virustotal.com/gui/file/274f593f9355f88c70b5cfa1514c7f450761e26d2b8cda5c2a5055173be937ac/detection

194.29.101.219:42022

# Reference: https://www.virustotal.com/gui/file/2171810fe0b26c614280e7d94577eb1ffb589b5e0a053b46f014d813fca4baca/detection
# Reference: https://www.virustotal.com/gui/file/7026331983c26573b4f9c17b3aa3f83c6f80256eabe5cdb812499d6c13831286/detection

79.134.225.109:4202
79.134.225.109:6005
damuztech.com

# Reference: https://www.virustotal.com/gui/file/d8fa4fc5f326fb18e73af1a0fff52453eb7244ae53d8e236579fe43e8c11fa2a/detection

51.68.170.39:5551
dd90.phatbois.biz

# Reference: https://www.virustotal.com/gui/file/734d4eb7d217d43cf71f0ab2cb9a9866da75ae3fae5368a94ab74ad32b2e2f87/detection

cicada3310.phatbois.biz

# Reference: https://www.virustotal.com/gui/file/b888c007a3c361a462f736cb14ad487a96d4a0b09b4d7ffce2cb47546810e22f/detection

181.57.221.10:4850 
54.72.130.67:4850
infomevi.100chickens.biz
mundoinc.phatbois.biz
publicidad.100chickens.me
sexyhost.madinson.club
thastk.grupoexito18.online

# Reference: https://www.virustotal.com/gui/file/44db2df3f3bb2525bc7d36ea6d15cc0f457791c4b9d957f6835ce6facbecfffb/detection

79.134.225.109:1759
defias3343.ddns.net

# Reference: https://www.virustotal.com/gui/file/0d2b945884ac6edf81b42d5d74fbaacc95453d05cb4497b70555067cc16834aa/detection

185.140.53.8:6397
ventasmayorista.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1435499213845147648
# Reference: https://tria.ge/210908-g6n7mshbap

204.44.86.179:49151
123qwegus.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1438728921944666113
# Reference: https://www.virustotal.com/gui/file/c865520d5f85982cd38ed5cb6ced866e69b8b133bedf008f2237ca6b7024de6f/detection

204.44.86.179:49151
123qwegus.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1c4626b824597dd40d841d91258029fb26f4075ebd6c4437a209c53426ff4d7/detection

195.133.40.125:2404
nan.ydns.eu

# Reference: https://www.virustotal.com/gui/file/18e7778ca7011e78b0c8bcf8e4c72d7c7ee26bbe4ea30d4003c799cb5740fa40/detection
# Reference: https://www.virustotal.com/gui/file/2a51f81fe3b66e5d065e15fccc4c0e767a01ceafcee23d8ab66c04c48b9bc8f9/detection

185.140.53.130:6642
185.244.30.19:6642
manneedmoney.ddns.net

# Reference: https://twitter.com/peterkruse/status/1440593007376416774

sonofgrace.ddns.net

# Reference: https://twitter.com/Racco42/status/1446163693507579916
# Reference: https://tria.ge/210907-lwm9taccf3

212.192.246.191:2310
Officialsw.chickenkiller.com
hurricane.ydns.eu
official.ydns.eu

# Reference: https://www.virustotal.com/gui/file/be6a62531303bf8b02db40d9e0215cab0bce1f27e8468384656df2d765353f25/detection

194.5.97.16:4479
wealthgod456.ddns.net

# Reference: https://www.virustotal.com/gui/file/f0cb4cbb5ee6badf310de6b82b7d5b469e2d5126bc417dc0791f74f502e70c92/detection
# Reference: https://www.virustotal.com/gui/file/b60594a558a504fe8cfdb49b563ba69a4b055a5a3bbd30d108f39865becf53d6/detection

103.1.184.108:3365
103.1.184.108:46594
45.61.49.107:46594
ndu.testfood.ml

# Reference: https://www.virustotal.com/gui/file/c9fad97fbc7d306ae0a8b6ba457d295786934e6580b279e40ab2ca7ad5bd818c/detection

194.147.140.17:6041
mirroronthewall.hopto.org

# Reference: https://www.virustotal.com/gui/file/5a9a65eda5013bb8b73ac76236ce34bef1e5f3a78efb328abeb452c131b93fc1/detection

markaug.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f9a0a3e221a74f1829eb643c472c3cc81ddf2dc0bed6eb2795b4f5c0d444bc9/detection

185.244.26.201:2405
mychi.hopto.org

# Reference: https://blog.talosintelligence.com/2021/08/threat-roundup-0813-0820.html (# Win.Dropper.Remcos-9885489-0)

freelife.hopto.org
freelife1.hopto.org
freelife2.hopto.org
freelife01.hopto.org
freelife3.hopto.org
freelife4.hopto.org
freelife5.hopto.org
pentester01.duckdns.org
sinzu1.camdvr.org
thankyoulord4real.ddns.net

# Reference: https://www.virustotal.com/gui/file/2435ea27d49ac33d5edffc4cffdc9a91bfaa21fcffc9e695ba13ff4158a5c502/detection

mmiri1.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a1308e82ca707444939e3c946b0830859ff63b08c0fa3a5c37e8c5481c71fb9/detection

37.0.11.231:6932
kingsley1124.bounceme.net

# Reference: https://www.virustotal.com/gui/file/5bf0ade6b571ef4341d48d1e795daebce85d24969ca082e9a7b0d45c863bc787/detection

185.19.85.139:24007
cfo11.camdvr.org
cfo11.dynu.net
gpaul9178.ddns.net
gpaul9178.hopto.org

# Reference: https://www.virustotal.com/gui/file/7ca71e9c5e42d6cf04d0d14011e6c94147628d4bbbe758c241a8d7279cf59bd3/detection
# Reference: https://www.virustotal.com/gui/file/fa66310d09441ef074ebec4df91a8210a710a44c5ddb7d7040a1aabce1679f59/detection
# Reference: https://www.virustotal.com/gui/file/8bec6a9b8df3b417e9e9857a7989722b7aadd5db806ee428e3b772185605a9dd/detection

104.243.251.163:1707
172.94.103.58:1707
45.74.35.194:1707
45.74.35.61:1707
mrbigs.hopto.org

# Reference: https://twitter.com/pr0xylife/status/1468228012269355015
# Reference: https://www.virustotal.com/gui/file/1814342a47e6ea264ef34d80e36d9363a83d4a2d09a6eaf8fb2759f59697dd74/detection
# Reference: https://www.virustotal.com/gui/file/ef6a74a99e6f3945eda8bd082a0adbcc2df584aff03838ed1b5face974a4a6b7/detection
# Reference: https://www.virustotal.com/gui/file/60532512eccc2ead7f39fa3eed5d22e10375f1a3177ddf3bcdc1db06740146b9/detection

185.157.161.174:1975
185.157.161.174:53030
185.157.161.174:9090
hotmarzz.eu

# Reference: https://otx.alienvault.com/pulse/61b4940461d3f7f1b900cf62
# Reference: https://www.virustotal.com/gui/file/791f5d4b43f59f51f06c67ae979f371c15d302125d2211528e9b7c2926e1b431/detection

178.238.8.177:32095
kent0mushinec0n3t.casacam.net

# Reference: https://twitter.com/pr0xylife/status/1447556826451611649
# Reference: https://www.virustotal.com/gui/file/bf6251175fb2a5ae101238d7dc36f284235d68d64384a65c385956b183985a70/detection

184.75.221.171:5119
185.103.96.143:5119
185.104.184.43:5119
199.249.230.27:5119
213.152.162.181:5119

# Reference: https://www.virustotal.com/gui/file/39539756528b3c4add76725c5b686460fb936cc890a76f60603e81a78219a0ec/detection

scream.ddns.net

# Reference: https://www.virustotal.com/gui/file/7e9b81278965632f7c3dca8877fc074fb8747cce3468ffdb5cc5bfe056c9336b/detection

http://194.85.248.219
216.250.97.121:1025
divinecryn2021.nerdpol.ovh
/token_gn65gy.txt

# Reference: https://otx.alienvault.com/pulse/61d1950b8eab0b4e59ac29a7
# Reference: https://www.virustotal.com/gui/file/dd05f19aebc70bca6d6acd3f4018a8b7da6fdca6b6fe88d76e633ec228080a1d/detection
# Reference: https://www.virustotal.com/gui/file/bc4fa81780292b761443a2d5aeb14975fe3f5b713310e5e38867b5e2741cb044/detection
# Reference: https://www.virustotal.com/gui/file/53e5013bf8fb9f6958aceefd4a542f15a25c02d185d1a0964068e88ed3853bfc/detection

152.89.162.59:2404
193.161.193.99:24403
20.106.94.110:2404
20.110.185.77:2404
dynasty1.ddns.net
dynasty2.ddns.net
dynasty3.ddns.net
gene.ddnsgeek.com
generem.hopto.org
generem1.hopto.org
henderson.camdvr.org
henderson1.camdvr.org
hendersonk.hopto.org
hendersonk1.hopto.org
xotic69-24403.portmap.host

https://otx.alienvault.com/pulse/61d0437832aa76dcc2167235
# Reference: https://www.virustotal.com/gui/file/5ea1922e49e15289a0cf38d03742ca50da001d40df0dd0df8ff745453b1fd51d/detection
# Reference: https://www.virustotal.com/gui/file/99dd413a8dd8cabbc22b5ddf6c1bc057a1bb2957ea7e9b952a68f198f2d06e99/detection
# Reference: https://www.virustotal.com/gui/file/edbb7af2f834817e6abc370701371e360567fd46d4a63a23f138212432a2d401/detection

176.186.212.241:2404
199.195.253.181:48656
2.56.56.2:2404

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html (# Win.Dropper.Remcos-9892963-1)

mgc001.hopto.org
mgc0147.hopto.org
mgc007.ddns.net

# Reference: https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html (# Win.Dropper.Remcos-9894274-0)

obinwa.ddns.net

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/8bd0820c812a195244553470e5ca299bfb863244040852981e2e937bb78dedbf/detection

trapboijiggy.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/80b5832b3cfb5142bfa2d3a34c0c8e5b77ec519aee7d6e0361b750df17057d7c/detection

79.134.225.119:2404

# Reference: https://www.virustotal.com/gui/file/fe47a56654e3bf83e05578c422202548ec194af30edee1338d1a3d1f4c7bb7a1/detection

185.244.29.216:4050

# Reference: https://www.virustotal.com/gui/file/8dcebb614aab265875408dd5226c8b6cfdf5d68caba830744d827fda81529c16/detection

185.140.53.37:1900

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html (# Win.Dropper.Remcos-9903276-0)

hwzpgovt.nsupdate.info
remman1.ddns.net
remman2.ddns.net

# Reference: https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html (# Win.Dropper.Remcos-9903810-0)

fdsfsga.ru
fdsdfgdfgdf.ru
okugbawaha.icu
nickdns123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/86c58706bb8e8602ea034ca99b3835a7d82f10714e270c2c3c0972ce567e0293/detection

103.167.85.148:1012
2.56.57.112:1012
xp18.ddns.net

# Reference: https://www.virustotal.com/gui/file/a6d7f2c76e49ea8e18f7768aeec228514a2e346a843a0a454e799014018acbb7/detection

2.56.57.112:1996
xp19.ddns.net

# Reference: https://otx.alienvault.com/pulse/61d97dfc3437895ce4479b58

lot0s.ddns.net
shiestynerd.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/4d5e431a79433ce5d8a7ace14564c4e645888fd821007c041793e7b3f8deb953/detection

217.131.82.22:35890
emedoo.ddns.net

# Reference: https://www.virustotal.com/gui/file/d9dba72f5ed7e52ea12d6c30826cd468a4285058c8cd6e87af1ec36c6ad24b3a/detection

rattim.ddnsking.com
rempower45.warzonedns.com
securefbi.ddns.net

# Reference: https://blog.talosintelligence.com/2021/11/threat-roundup-1112-1119.html (# Win.Trojan.Remcos-9909797-0)

hdgavzxcniopkjhsvcbnxmnzvqaswyiokdseacbu.ydns.eu
rhbavzcmkopdhunbsgwtfcvzcxgjhyegvbcnmgte.ydns.eu

# Reference: https://www.virustotal.com/gui/file/85648195f2224ec1ad0531e85ae3128ef57d59b408edbfb5a3c817812960429a/detection

79.134.225.77:3457
mateking3888.linkpc.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1481146363496865793
# Reference: https://www.virustotal.com/gui/file/04bb50786dcd75cc530486e6e306d6d9f982d2f0519a7c62c7c544b6fb9967c0/detection

91.193.75.224:2142

# Reference: https://www.virustotal.com/gui/file/a3a67c8e9cea416eac9ff526588d49b8d52e2d69b3e601190e572dfe2c0b3483/detection

13.77.222.211:7828
20.196.222.122:7828
wz303811.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9c0b6dd76212644b551d5b8ea745b3f14f6c92365e767836382a4c8ea54906b/detection

tochmini.mooo.com

# Reference: https://www.virustotal.com/gui/file/d407be0656a3b89dd4d6789df741efceeaaf7b756e10e7be13d2c5efb1dce9e9/detection

doggydoc.mooo.com

# Reference: https://www.virustotal.com/gui/file/856abd55c2d6a761dc2e335ab73e44853653c5a5403034291e8bb463d1b0133e/detection

leavemylinkpls.mooo.com

# Reference: https://twitter.com/petrovic082/status/1483798599238656003
# Reference: https://app.any.run/tasks/138451ce-f933-4045-b8da-4c39a6ac826e/

193.161.193.99:35767
193.161.193.99:36189
193.161.193.99:45369
193.161.193.99:50443
cloverbeats-35767.portmap.io
DarkVader94-36189.portmap.host
lanzopunch-45369.portmap.host
ZeldorisPiety-50433.portmap.host

# Reference: https://twitter.com/petrovic082/status/1484252860879618057
# Reference: https://app.any.run/tasks/ade09391-8ece-4e8b-bfff-bbf554f907e3/

103.231.91.59:39207
saptransmissions.dvrlists.com

# Reference: https://twitter.com/milannshrestga/status/1489299227381727232
# Reference: https://twitter.com/ffforward/status/1489515500363259905
# Reference: https://www.virustotal.com/gui/ip-address/185.212.130.218/relations

avalaunch-app.com
diviprojects.com
pancakeswaps.fund

# Reference: https://twitter.com/milannshrestga/status/1489510860049752067

server-storage-dwl.com

# Reference: https://twitter.com/ffforward/status/1489522013454671876
# Reference: https://tria.ge/220204-kcm92afhcr/behavioral1

157.90.1.54:4783

# Reference: https://twitter.com/dubstard/status/1489527460458811392

sushi-v3.app

# Reference: https://twitter.com/ffforward/status/1491120270866006017
# Reference: https://www.virustotal.com/gui/ip-address/64.42.179.67/relations

nobullshyt1.xyz
nobullshyt2.xyz
sub.nobullshyt2.xyz
top.nobullshyt1.xyz

# Reference: https://www.virustotal.com/gui/file/3de5e117f449ed7422118dd4325d8ed9a75eb928f15d4f66f54d03b491125be2/detection

134.19.179.179:13293
198.12.105.44:48242
198.12.105.44:48243

# Reference: https://twitter.com/reecdeep/status/1491738743723733000

79.134.225.121:1200

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-10%20Remcos%20IOCs

194.5.98.156:10174

# Reference: https://www.virustotal.com/gui/file/843e4aea82147be3450a58c9ccbd518a89b33f1687e2544d3f2c39be4e48e358/detection

167.71.56.116:22494

# Reference: https://www.virustotal.com/gui/file/eaea1ea1cae4ddbf919993f52eb7646b11146769cc3d4965477ab668f3be46f2/detection

206.189.80.59:22380

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Remcos%20IOCs

91.92.120.140:4973
govdouglas.ydns.eu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs

194.5.98.207:691
freightmgmt.duckdns.org

# Reference: https://app.any.run/tasks/d4a9cdfa-6961-4622-aaa9-418c9d4c2c10/

62.102.148.152:8618
twistednerd.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-12%20Remcos%20IOCs

lplazadtemins.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-04%20Remcos%20IOCs

23.105.131.222:2040
moneyrem.cc.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-06%20Remcos%20IOCs

185.19.85.155:119
following.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-15%20Remcos%20IOCs

104.254.90.235:54614

# Reference:https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-16%20Remcos%20RAT%20IOCs

104.254.90.251:54614

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-05%20Remcos%20IOCs

79.134.225.79:10174

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-12%20Remcos%20IOCs

185.19.85.169:2050

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20Remcos%20IOCs

194.5.98.156:47893
gherbo.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%202%20IOCs

191.101.130.129:2050
eter103.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-01%20Remcos%20IOCs

2.58.47.203:39207
saptransmissions.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f5fd0bf12d34abb670da1d115e7c842932874f366b22d7f7016a1b56847e8562/detection

199.195.253.181:30040
dextority.ddns.net

# Reference: https://tria.ge/220211-n56hvscfb9/static1

69.174.98.123:49505

# Reference: https://www.virustotal.com/gui/file/d39304eea7c64cacd19e7a86a539d248b620e8e3a169a7ced02b6f54fc9c1fdf/detection
# Reference: https://www.virustotal.com/gui/file/c2e2791ef2c1021d84648d57975dc4cb28c1f0be1f8d46859394ef31340eba56/detection
# Reference: https://www.virustotal.com/gui/file/b61bcb861e27356973e4b41c0e430753ad753fcd898c3375422ec38f7a837b69/detection
# Reference: https://www.virustotal.com/gui/file/600b2251ae4efebfc6e8c882a546ec7f6d86ebebe1e359c88793a83dc778fe01/detection
# Reference: https://www.virustotal.com/gui/file/1549aea6b4b91525d4f3b776335e448b9f8080f300150b31e1f6f7bff634f571/detection

159.148.186.15:3927
159.148.186.19:3927
159.148.186.28:3927
159.148.186.32:3927
46.183.220.203:3927
destinyrem.kozow.com

# Reference: https://www.virustotal.com/gui/file/fa9feaa6941e0f79585ebce2bfff5d59b88df8b22a7d0a90d85ad1d6754048ef/detection

142.11.215.106:2404
secured1.hopto.org
secured2.hopto.org
secured3.hopto.org
sumag.hopto.org
sumav1.hopto.org
sumav2.hopto.org

# Reference: https://www.virustotal.com/gui/file/e53122230df3df822e7e4476d12fe580f5b6a18e793b42703e00fb58e9f2547b/detection

u876134.nsupdate.info
u876135.nsupdate.info
u876136.nsupdate.info
u876137.nsupdate.info

# Reference: https://www.virustotal.com/gui/file/01bbb9d854552376059f89a143d487e714665432c104cdaf9b3f79b5262ace65/detection

217.64.149.78:2404
salford1.ddns.net
salford2.ddns.net
salford3.ddns.net

# Reference: https://www.virustotal.com/gui/file/0042c5d32b87ea97030b99df29c04c179d8ec29be9110eeb7246683bea97694b/detection

37.120.138.222:2404
rem1.camdvr.org
rem16.camdvr.org
rem16.hopto.org
rem166.hopto.org
rem1666.hopto.org
remmusic.freeddns.org
sunwap1.ddns.net

# Reference: https://www.virustotal.com/gui/file/280a8b23bac630e32859fccdeb3dd2eb98990ae94de255d97113aadc6150a693/detection

79.134.225.118:2405
ogidi.ddns.net

# Reference: https://www.virustotal.com/gui/file/128de1f0afc928bcbbcd321202a1704aa25db3950cbaff7da96c5ebfe59620c2/detection

194.5.98.11:691
hawman.cc.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/226d0ea20dccb9f0b091d02ccacaec73b537fc9b61157eff759b74d742d48b00/detection

23.105.131.220:3956
edwardjamie.duckdns.org

# Reference: https://www.virustotal.com/gui/file/164a1de7f4395ede6d18bc0f4a597cb5864897c42d9d5245ab6a79ade67050be/detection

185.86.106.246:9090
palmetto22.ddns.net

# Reference: https://www.virustotal.com/gui/file/29dd2b13f081a0c7f8312c4b4c433ccdcc3b3a83b91a16a88393370dda44f60b/detection

23.94.54.231:3050
eter102.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f2b2d82456c636e2198b4f59c5fdec27bb86299e1582c872a1a1d92fed6feddc/detection

194.5.98.213:2405
23.105.131.236:2405
79.134.225.118:2405
79.134.225.95:2405
disabel.hopto.org

# Reference: https://otx.alienvault.com/pulse/620e39f7e76aa32ed2070f90

amlls.servegame.com
chujcidodupy1.ddns.net

# Reference: https://tria.ge/220218-j5f6radbep/behavioral1

193.56.29.242:4783

# Reference: https://isc.sans.edu/diary/28354
# Reference: https://www.virustotal.com/gui/file/d710708424046250ccef3424c9c758d1750e4a7a2b18f49862501a06d3febff5/detection

176.218.11.210:4376
176.218.11.210:5267
185.140.53.67:4376
185.140.53.67:5267
194.5.98.127:4376
194.5.98.127:5267
91.193.75.249:4376
91.193.75.249:5267
notme.linkpc.net

# Reference: http://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html (# Win.Dropper.Remcos-9938935-0)

febbit1.ddns.net
generem2022.hopto.org
private0091113.duckdns.org
xxxanonymous147.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fb1dddc298eb8e049c053ebc2e1585d7338769af53d60a635c296ad47d559dff/detection

2.56.59.252:1338

# Reference: https://www.virustotal.com/gui/file/3a579576db5f3660a4683f356ff06b3820661c656ed0fa81ee449fdfbd7187b5/detection

2.58.149.114:1338

# Reference: https://www.virustotal.com/gui/file/9adada1eea936515bebe468ee4c1bc040d58ef4f1e4cc09e03c569a4d117e47b/detection

40.71.25.32:1337

# Reference: https://github.com/pr0xylife/RemcosRAT/blob/main/RemcosRAT_07.03.2022.txt
# Reference: https://www.virustotal.com/gui/file/44d963269f8d6e5ec5c15354be28c9078f58eea78943d39eb78c6485dea5065d/detection

79.134.225.9:7838
91.193.75.132:7838
boysgoblow.hopto.org

# Reference: https://www.virustotal.com/gui/file/874bbdc6aaa2bd45e2249e5f728e29055b3c83cd4e91c58d31e685a8a8ee1970/detection

31.167.60.221:5552
mjrm2022.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-03-08%20Remcos_2%20IOCs

79.134.225.48:10174

# Reference: https://www.virustotal.com/gui/file/e72f87a66620c131f1f53fab099f2c8e40ced0a7d314570e5a813e326c43ea64/detection

103.73.64.115:1025
rem2021.nerdpol.ovh

# Reference: https://www.virustotal.com/gui/file/9e4d3c31e6cb0e034025bed1ea265d53c843dfe255129760d907f4718bc79882/detection

185.105.37.136:2404
dofusexploit.sytes.net

# Reference: https://www.virustotal.com/gui/file/a2a55a376e4bcf3772a0311f1063d0398a8f374f95a5ae7d50627fd1185e6f8b/detection

104.215.112.107:2404
hobbyhrs.zapto.org
hobbyhrs1.zapto.org
hobbyhrs2.zapto.org



# Reference: https://www.virustotal.com/gui/file/9395c1e6ca8f59400a742d292ba944d420396fec84d0dcbec9f2e4f0aeff02b0/detection

91.243.44.22:5621

# Reference: https://www.virustotal.com/gui/file/fc91425305ce4217b675c66b6cafa440960bbcc5cbb466d529e1c9b9303cc699/detection

91.243.44.22:5533

# Reference: https://www.virustotal.com/gui/file/e4e72188c2ac639908bc523023366f3b6b9022a800ad399d7c9c66c25264df4c/detection

91.243.44.22:4201

# Reference: https://www.virustotal.com/gui/file/c7abab8ec67577eb3aabc2591c7c284c34fcc1eb0491058220dfe9d4c3c7e9a0/detection

91.243.44.22:3048

# Reference: https://www.virustotal.com/gui/file/c635c1c96ad08183eab3a1515feed9c796c7cbfc0074bc0c5f2bd631ac05403c/detection

91.243.44.22:2954

# Reference: https://www.virustotal.com/gui/file/c41e2f6660e2ac81d7eada76784c03f2a7eeda5abe6a8ccb1dd00013ef1bc5bf/detection

91.243.44.22:2596

# Reference: https://www.virustotal.com/gui/file/b4102aeaa1b388e05f418f6a1d84d972b9079ba8fe68b5eab35359c5abb97d7b/detection

91.243.44.22:3612

# Reference: https://www.virustotal.com/gui/file/b2e4a9f5900fa31bd7daee73fbad3b1e44fa35a75adc768a6f2236d1a8fa400d/detection

91.243.44.22:3628

# Reference: https://www.virustotal.com/gui/file/91715312cd2c862bc26eb9192a03dd061bbfba4f1668030377b99dfb13400a85/detection

91.243.44.22:3785

# Reference: https://www.virustotal.com/gui/file/6c886424408b30c171b78d2b9bfc8b34942a37b4d55f6cc9e89f1697a0c09ebb/detection

91.243.44.22:4128

# Reference: https://www.virustotal.com/gui/file/5634fe55d27efc9de13da86394d7c187d1d3096c79d3e1549daabf9fb4dfc88a/detection

91.243.44.22:4009

# Reference: https://www.virustotal.com/gui/file/5404b2dd7e94c3a0eab6f4712d85651e172d1b984c46bdbbf5aa2ec83c74d9ab/detection

91.243.44.22:4045

# Reference: https://www.virustotal.com/gui/file/53f28e88e0ff9ce047d46ebd3718ceaf4d27e7bb76aa21baef3491a52bff40e9/detection

91.243.44.22:3523

# Reference: https://www.virustotal.com/gui/file/4bca1b86326dc0a328a3d4e65a77dec11d1006351624052e3cb2fe207bfbe74b/detection

91.243.44.22:4041

# Reference: https://www.virustotal.com/gui/file/116b263706dadd499131e81478ab369076fb40f14d0f20d0cbc72045b6971c74/detection

91.243.44.22:3831

# Reference: https://www.virustotal.com/gui/file/006008640cd22a03d8702bfb2a65d2974f5c719e3d05fcd5bf381c12d2537ac7/detection

91.243.44.22:3215
91.243.44.22:3354
91.243.44.22:3521
91.243.44.22:3621
91.243.44.22:3852
91.243.44.22:3921

# Reference: https://twitter.com/James_inthe_box/status/1504843053730738179
# Reference: https://twitter.com/James_inthe_box/status/1504843176846131201
# Reference: https://www.virustotal.com/gui/file/f1a61a31c172f4b21d34d099ecf544609dfc528a981ff8572e7b4c393bef84a8/detection

185.19.85.155:162
breakingsecurity.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/e2be1e3ac94168c1090867610af82e77a9ea318ea5042f4a962f9e7e58044b61/detection

185.19.85.155:50708
alilockincadmin.ddns.net
olashostadmin.ddns.net

# Reference: https://www.virustotal.com/gui/file/fc4b62bf81d0ab27f687255c8e95188e01524b8f7d425b77f244efa0d0c8a9c7/detection

185.19.85.155:1619

# Reference: https://www.virustotal.com/gui/file/c9543baa2ba0d7d8b670213c02ba258041823cf79f558a3c7e4c9ad7923b2bc3/detection

hayhaytv.biz

# Reference: https://www.virustotal.com/gui/file/f400d36892785b2f2bd25e3b8797b8626bd3985dddd3760920ae5c96e3858dfe/detection
# Reference: https://www.virustotal.com/gui/file/a6ccb6bb7e81ed05f95e23d941f491d182ffff03809c8f639149d8a32f2fd3ce/detection

104.215.84.159:2404
harveyautos110.ddns.net

# Reference: https://www.virustotal.com/gui/file/8ec9d95f0e4a49043f69017eefba8f73b29484cbc15bc614510052e834a21a64/detection

81.110.133.241:4782
wallass.ddns.net

# Reference: https://www.virustotal.com/gui/file/e9c4316b6ada458ce1d7cab0cf31449631f33a24a314ea19fd68afd7d92c9e39/detection

212.193.30.96:3535
sungito3.ddns.net

# Reference: https://www.virustotal.com/gui/file/42720ffc4a7f017d0ca760fc2288d462cacb64f11bfad6910519571d631a6f75/detection

194.5.98.46:5050
remcoss12.ddns.net

# Reference: https://www.virustotal.com/gui/file/0741ed5681e40443d25c89040297c1bb4f943b43ff88a8a218b4cd26cfb5c604/detection

157.90.152.72:5202

# Reference: https://twitter.com/malwrhunterteam/status/1509578549535064065
# Reference: https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
# Reference: https://www.virustotal.com/gui/file/f40b0b7ba6036c4d53d9572c1aa00d4014ba40a66eb16abab0d75f48ab8057bd/detection

185.19.85.174:119
freshdirect.dvrlists.com
gotovacoil.com
kingspalmhomes.com
dreamwatchevent.com/wsalptza/
dreamwatchevent.com/zp-user/
fisintegrateds.com/zp-admin/

# Reference: https://www.virustotal.com/gui/file/f31dace8463709ef3916f3e2b51168c06ca78e9df379ce98bd112556e2634d41/detection

79.134.225.76:2311
achimumuazi.hopto.org

# Reference: https://www.virustotal.com/gui/file/08a4e96444eab85c7d841f25fcbce6f9f77cceeed3206bb51e0f82f6b275dad4/detection

212.192.241.50:1010

# Reference: https://www.virustotal.com/gui/file/0605c2c0504437a3e2dff8452001a6b547919525594fa84dd5d713022e8395ba/detection

20.225.154.34:2404
xoftmanrem001.camdvr.org

# Reference: https://www.virustotal.com/gui/file/4ce893ef0bd7abeb769c3c3e57863700f41882befbee770733f0da86e015e7cb/detection

20.110.197.26:2404
flexyval01.hopto.org
flexyval02.hopto.org
flexyval03.hopto.org
flexyval04.hopto.org
flexyval05.hopto.org
flexyval06.hopto.org
flexyval07.hopto.org

# Reference: https://www.virustotal.com/gui/file/56ac1555cc21d3400c4168a52da00cab97bfb205f0b43ab417fbaa85e02def9c/detection

20.106.76.138:7782
pandemic4u.awsmppl.com
pandemic4u0.awsmppl.com
pandemic4u1.nerdpol.ovh
pandemic4u2.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/68a0057f18e9c4b63ba1247db4b21a83cc3a2adebac3dacff282a4577b35dc06/detection

31.210.20.25:2030
davidwongwarzone.zapto.org

# Reference: https://www.virustotal.com/gui/file/a6ccc05556ccbb60a723a57a8a584cc150e2f4819ef7b11c76e947e84dff0e10/detection

104.214.103.50:2404
amalar.camdvr.org
moroga.camdvr.org
stopeet.camdvr.org
stopeet1.camdvr.org
stopeet2.camdvr.org
stopeet3.camdvr.org

# Reference: https://www.virustotal.com/gui/file/f216501f3a4213b738c07cc290e3b5eceb2f35ea410b2ae1b1b188e27ebddc7d/detection

31.210.20.130:2828
vkllaw.com

# Reference: https://www.virustotal.com/gui/file/c96d9d1cd9a19f89a578b97b7f0e7b426f90916239d63c39f0381b02e91c7c50/detection
# Reference: https://www.virustotal.com/gui/file/6daadbef2fe61209a6bb5d9a938c0978890af2ec274064bdec966b71a353765a/detection
# Reference: https://www.virustotal.com/gui/file/251c1a1c793a99db5db99d80d4ffce0ffe63be7316c8da165b7e54b8ad276a7a/detection

203.159.80.136:4981
viabouhm.ratkings.net

# Reference: https://twitter.com/peterkruse/status/1510929891944022017

1harvey205.camdvr.org
1harvey206.casacam.net
1harvey207.accesscam.org
1harveyautos111.hopto.org
1harveyautos112.ddns.net
harvey205.camdvr.org
harvey206.casacam.net
harvey207.accesscam.org
harveyautos110.ddns.net
harveyautos111.hopto.org
harveyautos112.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc3406cfa902a5245fc7fa8bd110f02c236d04d1a80c312ebc43dd208f3a0adb/detection
# Reference: https://www.virustotal.com/gui/file/c4c6dc73fd49a18f2070e68d5de3503961ee5754164b231db5e0cc6f5a799611/detection
# Reference: https://www.virustotal.com/gui/file/3e9ccff518cd3800a268847b9e66cdda1b2ee9d1969607069c3c1e3e9427b9c8/detection

105.112.122.238:8181
88.235.51.237:4923
91.193.75.132:4923
remcoss11.ddns.net

# Reference: https://www.virustotal.com/gui/file/eabe284e5c499c80125043b351693551e84b94276a0bed00345af8613cf3491e/detection

91.193.75.132:1199
recmcozjan22.ddns.net

# Reference: https://www.virustotal.com/gui/file/632dd54f1fc0c1d3fcb5de2710648265fa48ef67c94696e0f81c0ec1049546dd/detection
# Reference: https://www.virustotal.com/gui/file/2666bb71e611ddf80450eedc51f64210ea0cd8a190f84b7384fdc55af6269dac/detection

79.134.225.75:3370
91.193.75.132:2882
richyigboks.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a5d2d4c2feb0080390e1e6b8ebac4487ebbcd14e9bf183415b862112dbbb6369/detection

82.222.99.2:5050
zoonm.ddns.net

# Reference: https://www.virustotal.com/gui/file/a3d08a4bcf30bc1eb141643c55025dd2d03550262e21b04624baf368b18f653e/detection
# Reference: https://www.virustotal.com/gui/file/a3d08a4bcf30bc1eb141643c55025dd2d03550262e21b04624baf368b18f653e/detection

91.193.75.132:45901
menz.ddns.net

# Reference: https://www.virustotal.com/gui/file/87e1f0731c3fda7489b0c2f71261182d4f510a79bca666d6c0379863d5298d8b/detection

91.243.44.85:2404

# Reference: https://www.virustotal.com/gui/file/fdc5cd9307d2298bc150b68203dd71982f4d88de40f838d0eb91ec26569caed4/detection
# Reference: https://www.virustotal.com/gui/file/8ae7581b43a54b58ceb0b9f5b75762d3befdb584008cf734785aa32b71eb8f81/detection

194.5.98.213:1942
mimi44.ddns.net
rbfoods.us

# Reference: https://www.virustotal.com/gui/file/8ae7581b43a54b58ceb0b9f5b75762d3befdb584008cf734785aa32b71eb8f81/detection

194.5.98.213:1987

# Reference: https://www.virustotal.com/gui/file/e6de286b094197f95411d10400f85549dc619254190c6664615cc3ac3c64a8f3/detection

37.120.212.230:2404
xhangzhi.duckdns.org

# Reference: https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing

23.226.128.197:2404

# Reference: https://twitter.com/0xrb/status/1513733548800634888
# Reference: https://www.virustotal.com/gui/file/27836b6948d7ce67236c868845032376044afac9a92214d44f6f73c428ac9098/detection
# Reference: https://www.virustotal.com/gui/file/b3393118d47aee3ea17dcb3051e609275bd3ca9e18341e9de833d11ab09d047e/detection

http://91.243.44.85
91.243.44.85:47823

# Reference: https://twitter.com/0xhido/status/1513801393907417094
# Reference: https://www.virustotal.com/gui/file/b0966b0b2a38cb845932231c04b16d79f2c434a0171ebe151585f154a418e02c/detection
# Reference: https://www.virustotal.com/gui/file/453408c1b42c5747704808c0226169d58c4947c248734bf99514a7ae84a257e3/detection
# Reference: https://www.virustotal.com/gui/file/2b7bed63bef18e380e05de0f668bc534c045d94c02c26fc83ce4ebf57a9a1af8/detection

145.239.253.176:4782
hector.fund

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-12%20Remcos%20IOCs

199.195.253.181:162
hawman.cc.dvrlists.com

# Reference: https://twitter.com/Bank_Security/status/1514493778018643968
# Reference: https://twitter.com/Artilllerie/status/1514591697195442178
# Reference: https://pastebin.com/iYuLKpRS
# Reference: https://www.virustotal.com/gui/file/44c144fb9b610b5927a9553468bb262c5b2b5c5d24a64cc05cfd4b098ec644fa/detection

45.15.16.162:2404
afbd-bad.org
afdb-bad.org
afdb-za.org
ns.atps-proximo.pt

# Reference: https://www.telsy.com/remcos-and-agent-tesla-loaded-into-memory-with-rezer0-loader/Cyber-Report-1-REMCOS-and-Agent-Tesla-loaded-into-memory-with-Rezer0-loader.pdf
# Reference: https://otx.alienvault.com/pulse/614c8b0439d5b0b66f92cbf7

psm-ir.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1517395274532114433
# Reference: https://app.any.run/tasks/83cb500f-a79b-406d-bc4d-6021eb02aff1/

136.144.41.237:6061

# Reference: https://isc.sans.edu/diary/rss/28616
# Reference: https://otx.alienvault.com/pulse/62739c7e3592b057d33aef7a

http://198.12.89.134

# Reference: https://twitter.com/James_inthe_box/status/1524398222352871424

hydrogiene.co.za

# Reference: https://twitter.com/pr0xylife/status/1524412708895997952
# Reference: https://www.virustotal.com/gui/file/2dca59fd8d72332b1040af729fe0904a58f325db9543c787f0706fca0f21bb10/detection

84.38.133.58:3363
treatcode.dvrlists.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-11%20Remcos%202%20IOCs
# Reference: https://www.virustotal.com/gui/file/12f26a0678ead6807a30af5f667c5b08288254c0c5ef1ba5817a3330f4445940/detection

37.0.14.217:2295
pounds22.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/39f270492601de9bc4fe67dc145af5fa3bf115ac214246d495202e3f153670c6/detection

194.5.99.51:8090

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-18%20Remcos_1%20IOCs

94.46.246.63:2404
generem.camdvr.org
generem2023.hopto.org
hobbyhrs6.zapto.org

# Reference: https://www.virustotal.com/gui/file/77c2b80009f8dbe9d42283b32bb93decbe26179a171c233c078c49bd629bef6c/detection

62.197.136.97:2080
skygroupt6.zapto.org

# Reference: https://www.virustotal.com/gui/file/05c8613bd93d233e369ece36d36ac8a92dec5cb31d7b8ba9fafa61ff343c97a7/detection

434864347.com
434864347.casacam.net
434864347.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/4575a46f553ce382b57d50f8c9255f57ffd14777667cb86d537f9d162339aa8f/detection

185.157.162.101:2404
185.244.30.113:2404
tprem.ddnsfree.com
tprem009.hopto.org
tprem4g.ddns.net
tpremm.hopto.org
tprerem2.ddnsfree.com
tpreremb2.ddnsfree.com

# Reference: https://twitter.com/reecdeep/status/1528634853469609985
# Reference: https://www.virustotal.com/gui/file/c4fd685384b5522ed7cd531245667504871064828ea317a1c8cc8ec9e9d9bded/detection
# Reference: https://www.virustotal.com/gui/file/15c47516d1be5ea577ea79aa35d01ca1100fbb40af42e51782b106bf06734fab/detection

185.157.162.137:59085
blackwealth001.duckdns.org

# Reference: https://twitter.com/satontonton/status/1529448532360384513
# Reference: https://tria.ge/220525-p3eg2aeddl

172.94.127.61:5888

# Reference: https://www.virustotal.com/gui/file/ee0e3ef0d4e024fee83ad9744a0c2fda54ea009c099144d7f3f5972b0e3c7c4d/detection

194.5.98.38:1684
anyinew.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-06%20Remcos%20RAT%20IOCs

185.199.224.92:551
remittance5443.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/20f688a5ad9f3a97a06fbe687bc519f77d68dff4e227cd92c2e377d1f91b6456/detection

192.169.69.25:2996
mastermissis.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9d66451cba895543944a91ec8f2230f0e7b1f708d38e830a6502472448379e41/detection

okehieugochukwucassperkroosdavid.duckdns.org

# Reference: https://twitter.com/smica83/status/1536263039464382465
# Reference: https://tria.ge/220613-hebynsecbr/behavioral1

176.119.28.51:9492
power22.myftp.org

# Reference: https://www.virustotal.com/gui/file/138d6b7c14089c460dac2f723c91acb6436fdcc1b9dd9f03e711e035d4bd6620/detection

194.31.98.250:2080

# Reference: https://twitter.com/ffforward/status/1537376671489175552
# Reference: https://www.virustotal.com/gui/file/cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9/detection

noneabusers.xyz
top.noneabusers.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1537394567129059328
# Reference: https://www.virustotal.com/gui/file/1051d3690e70e4227a2b0a0aa87367fb09c49c55360c7a1880b2acfba0b77490/detection

213.152.162.154:19833
213.152.186.19:19833
mine4eva.duckdns.org

# Reference: https://www.virustotal.com/gui/file/428931fca8865aa94ecab4da479ece8f2d82171566d62ef2378825f752b9cb40/detection

2.58.149.33:4333
hsgu2.chickenkiller.com

# Reference: https://otx.alienvault.com/pulse/62b3057069c7fe037d5a21fd

centplus.serveftp.com
centplus1.serveftp.com
fresh12.ddns.net
harrywlike.ddns.net
hobbyhrz1.zapto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Remcos%20IOCs

192.3.152.173:2356

# Reference: https://tria.ge/220626-q9te7sbbcq/behavioral1

91.193.75.131:3060
rawman.ddns.net

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos-%2028062022
# Reference: https://tria.ge/220628-ynswjscaam/behavioral1

103.156.90.165:4053
remcosmoney.duckdns.org

# Reference: https://gist.github.com/silence-is-best/7b71542e9713d9e8c2546090a1358789
# Reference: https://www.virustotal.com/gui/file/1f6b2f123b907738cbb9ec1cc074a4a10a8be6a2a0d4f12e528bc1cd361a0627/detection

23.105.131.237:2405
deoneogidi.hopto.org

# Reference: https://www.virustotal.com/gui/file/ce195de0b69a9f6c6e5aca39cc107917fa06e6d283acbeb79de45e6c85c5cb3f/detection

45.133.174.55:2404
mckennadevelopments.co.uk
darwin06.casacam.net
leaflet308.casacam.net
nunez115.accesscam.org
nunez118.camdvr.org
nuvez110.camdvr.org

# Reference: https://www.virustotal.com/gui/file/e0d0304a43fc6323b1d18b22faa263bfb9b7327028a2a1dc27eccd10b6f98f08/detection

91.193.75.191:6677
csolpflow.duckdns.org

# Reference: https://www.virustotal.com/gui/file/01f187b666a8f17996e6446772b67aaef1de9ecbc573d2b043a007a3bedeaca6/detection

172.111.234.100:5888

# Reference: https://www.virustotal.com/gui/file/a32fd5a09b3ce2abffd7943be510cc0b728d123f69ba9298d41478dd7a6c941f/detection

172.111.153.127:3033

# Reference: https://www.virustotal.com/gui/file/e04e4c474ded78364c1f802de5a653e2d495bc1a0ddb78325962778a221970e6/detection

172.94.127.61:5888

# Reference: https://twitter.com/1ZRR4H/status/1543339315756994563
# Reference: https://www.virustotal.com/gui/file/388c0d40658e7617789643be3aab11bb7462d4b212825527e45aa9e1dd2ead75/detection
# Reference: https://www.virustotal.com/gui/file/dea8443217c19368810fd390a6b5da86d6a07c3c37421e037ee40524e370ea31/detection
# Reference: https://www.virustotal.com/gui/file/19b985c2cd4448f9294948b58c3622c4d2118fb860f75cefdd4fccc01ac1a467/detection

80.66.75.88:2807

# Reference: https://www.virustotal.com/gui/file/5115241c4d951b005e4e38ff34fc53121bc9eb8e62805a157e0358623c258732/detection

80.66.75.88:2407

# Reference: https://twitter.com/malwrhunterteam/status/1544050660433399813
# Reference: https://www.virustotal.com/gui/file/452c3bd1e8cdf19bd89704c81540b995e887ba06e13a9cd12c67977feddfdfba/detection

162.55.210.243:2404
162.55.210.243:8000
/Remcos%20v3.5.1%20Pro.exe
/Remcos_Settings.ini
/remcos_a.exe

# Reference: https://www.virustotal.com/gui/file/14fa8b6b9e28da8046340ddd654b6636852dd113aec964b6297add3bcaa5e558/detection

185.140.53.130:2404
servicepro.ddnsfree.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos-%2017072022
# Reference: https://tria.ge/220717-xlxahsefa8/behavioral1

194.5.98.20:2160
kekeze21.ddns.net

# Reference: https://twitter.com/tosscoinwitcher/status/1549081272063889409
# Reference: https://tria.ge/220718-vlxvyabhgq/behavioral1

212.192.246.194:3542
xpremcuz300622.ddns.net

# Reference: https://www.virustotal.com/gui/file/f79d3098bfb090b6aaa390943e247178f3acff7c8214467df000cd3f102a2382/detection

20.230.127.16:2404
3.132.159.158:10880
3.140.223.7:10880
windda.ddns.net
windda1.ddns.net

# Reference: https://www.virustotal.com/gui/file/9b823d785286362e9cbf36967ce34b278638f528d4f4681c4dd080e6b652c371/detection

87.98.236.198:8080
msft.serveftp.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20Remcos%20IOCs
# Reference: https://www.virustotal.com/gui/file/0a327f7ef9cb260159b10942e80d9c378d9fa29727e2d92e4a146b8a2ab0c563/detection

91.193.75.239:10171
topboysully.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/f5fcd1c154f0ad8e635cef464f0f28ba6fbabf07f9379aa2a1cfec9ea59a173d/detection
# Reference: https://www.virustotal.com/gui/file/ed6feff2985efc50e550c04b9c0613c2749c039ce985fb386fdb17c56482df2a/detection
# Reference: https://www.virustotal.com/gui/file/d91e4b8a4169b75730e7dbf1ae01f7408e99bf843a36317579e762faba640153/detection
# Reference: https://www.virustotal.com/gui/file/b4b96d09b65bbe3acc31f204b489e55ccf41ae4170d6163a5ddc801153191d5c/detection

37.0.14.195:3840
37.0.14.198:2830
homesforiiiudgf.ddns.net

# Reference: https://www.virustotal.com/gui/file/f5b62ae366411bf1ded6d25e0788eeb4325fa6ddc58ad819488ad2de2dd1f267/detection

37.0.14.198:3655
stronger.ddns.net

# Reference: https://www.virustotal.com/gui/file/e4eee67f649702026eb3287b7d1e77ab44af7204e9770b31b3e17adff3cd923c/detection

37.0.14.195:5074
godslove1.ddns.net

# Reference: https://www.virustotal.com/gui/file/e6759048cbaa66dec4ee4160d2f6d643fe7a38e2887e458f70a4257a5bca55bf/detection

ramalubegroup.ydns.eu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-02%20Remcos%20IOCs

91.192.100.38:2050

# Reference: https://www.virustotal.com/gui/file/3cd2459f1d568d4aaaf422c284892810f7cb60dc69af99adb060f84a1c94ece6/detection
# Reference: https://tria.ge/220805-hvb9dagcg6/behavioral1

194.5.98.53:991
instment.ga
williamsmack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a80d33725dc44720c5bf641ba8adc05c49194bed8f073b4efccaeec17e8d871/detection

179.43.154.139:6121

# Reference: https://www.virustotal.com/gui/file/5910b251032dcd4f32fac230adf2f86a529a2ab45ada09afcea63f23dc300846/detection

45.156.31.217:6121

# Reference: https://www.virustotal.com/gui/file/4b8d5c7a726e4489e3e527b36d433a23a225bbb32a45dca7b2e3f7786e8beb08/detection

91.193.75.131:7446
julygoals.hopto.org

# Reference: https://www.virustotal.com/gui/file/4accc392a8e545d936119e4eb2f97c9e7779e94829cd52f62d945d1714abf6f5/detection
# Reference: https://www.virustotal.com/gui/file/22997c55858e21d73b43b397d371379cc2acd48b657cb6dfc8c2d472045abede/detection

91.193.75.131:3060
bossraw.ddns.net

# Reference: https://www.virustotal.com/gui/file/56b9e1a9f0704305007504a26661905930387fc49d0fb0f9938d28fd1d46e60a/detection

3.131.207.170:17041

# Reference: https://www.virustotal.com/gui/file/c1b0147d71f0505d82102f1d0db65752604dee80508723ce8a78453e96af358a/detection
# Reference: https://www.virustotal.com/gui/file/de6fbb6cfbf7bb74ea9d0e9dcaa07883dc357d0cfe09562ed45afc726e287607/detection
# Reference: https://www.virustotal.com/gui/file/addd9fa23db5ff36bb8407273637a4d6d20e83888dca5ad9aea3184c6e2d006d/detection

181.141.11.124:2404
181.141.11.124:2405
190.28.170.105:2404
190.28.170.105:2405
nod.con-ip.com

# Reference: https://www.virustotal.com/gui/file/883bb860b3a9a3a3940c54fd2ed5bbc757c1cd762e2962017caea38942b132a5/detection
# Reference: https://www.virustotal.com/gui/file/2b0441416dcfaeb908cf69343fc3c2af82772c0dfd3a2af8cca9659c31cbb1d0/detection

190.28.170.105:2100
190.28.170.105:2101
190.28.226.59:2100
190.28.226.59:2101
avastupdate.con-ip.com

# Reference: https://www.virustotal.com/gui/file/fd42eba50bc383aedeebedea992b3990e3a9fa04a73b574c0528d3cf2f2f9749/detection
# Reference: https://www.virustotal.com/gui/file/37d7e923eea7260124283d599c85c253323dc8c4aa0a55687fc8293f88614d07/detection

190.28.131.226:2200
190.28.202.144:2200
apartachord2.con-ip.com

# Reference: https://www.virustotal.com/gui/file/52bb7d7faf8f4575721894d514eb02d5f9c7d6a8144c50ae985a8a4bce3cf582/detection

177.41.46.96:7777

# Reference: https://www.virustotal.com/gui/file/4a2af578e2798d675503781ba8915b87fb48a109800aa09ac905e8412d27dcb0/detection

187.115.252.56:7777

# Reference: https://www.virustotal.com/gui/file/2bca2ddb0d37c48969f9ca795248774bc84b2408240e8a26a6bf2df03ea3caf7/detection

179.176.129.87:7777

# Reference: https://www.virustotal.com/gui/file/d74343f85e1546e3a5991838d2302793e4f0517ec828692e655e763269e43393/detection

185.140.53.170:55442
55440.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c2e0d247c0342212dc915382e86cb4afee5a22bcd2658e50ba51f47b2e928f0b/detection
# Reference: https://www.virustotal.com/gui/file/a6a2fac02178b0f60c9f33bd587dd7dbbc0f1906585cd72b76c3028bc1495251/detection
# Reference: https://www.virustotal.com/gui/file/a3452537122e1a6b4682461c79036cea1916f358a6cb44e6a7045ff3c17aeb93/detection

185.140.53.170:55443
45.125.239.219:55442
45.125.239.219:55443
55441r.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7a15ae3009674997a8205d2e0aa0ce03fc592a544f2340e1cd2d6b5f61e64a0b/detection

194.5.98.186:55442
194.5.98.186:55443

# Reference: https://www.virustotal.com/gui/file/a0911f69ebcbc93540e63bf007fcab0bbece1a9f55c780ea29fc0a4935e2b93b/detection

67.211.213.207:444

# Reference: https://www.virustotal.com/gui/file/6862cf51b5546665e90e27a0a188ea8c468097f86b8b5d68fa0521f4cd3a9550/detection

94.79.220.83:5330
asmarany.ddns.me

# Reference: https://www.virustotal.com/gui/file/e0b6bc3a80979c9698dc1a45ec43f00b0a35841706e1414fb29996eb57962c44/detection

109.202.103.170:8733
213.152.161.40:8733

# Reference: https://www.virustotal.com/gui/file/766ab97dc545207fe08d285356fa47298904585e8f2690c7d0532d0456d40fb6/detection

172.94.42.34:5555
kklink.duckdns.org

# Reference: https://www.virustotal.com/gui/file/98bd9ce6256c71da1189ff7552bc318b6e9e2e895612248601581b32d85a8e8b/detection

194.5.98.53:9596

# Reference: https://twitter.com/tosscoinwitcher/status/1558136237566767104
# Reference: https://tria.ge/220812-t9qk4ahha9
# Reference: https://tria.ge/220812-vckt1sfefr

184.75.221.163:44850
spy24.online
sfcarbotexpl.ddns.net

# Reference: https://www.virustotal.com/gui/file/dacac52a378ad8d74430d29733767e2b8e6282a86e29aef40e8e0f8544c8b16a/detection
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-17%20Remcos%20IOCs

142.11.211.90:2404
2ndspreading1.ddns.net
july202022.ddns.net
july20220spread.ddns.net
july20220spread2.ddns.net

# Reference: https://www.virustotal.com/gui/file/50365c827bd768ec7fdf1a5b688d19ec0645042e92f04dad712a1955e9bb4c8b/detection

febrem.ddns.net
febrem1.ddns.net
febrem2.ddns.net
febrem3.ddns.net
febrem4.ddns.net
febrem5.ddns.net
marrem1.ddnsking.com
marrem2.ddnsking.com
marrem3.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/fe2a7bd815aa82979362973574a4432be639fdb0487839eb4a665c2862a62744/detection

freshspread.ddnsking.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-18%20Remcos%202%20IOCs
# Reference: https://www.virustotal.com/gui/file/6c232920b9bb1f2c3bf71124f93f06f49fdf41c3bae35237f7b031bebba14cc5/detection

patronkingoopsalmghandnaiojamexicoquadaras.s3.sa-east-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/27b4a6f09b24a1f951811105ca5bf9d93074a352a37497374ef12807646ca502/detection

181.141.11.124:2425
defenderos.con-ip.com
defenderos2.con-ip.com

# Reference: https://www.virustotal.com/gui/file/07521351177667d93bba36bc8e3ae4bf8f96ec3915f69a23617e5c3c92f2129b/detection

181.141.11.124:33893
serviciosnecesarios.con-ip.com

# Reference: https://twitter.com/malwaremustd1e/status/1561771687720325120
# Reference: https://www.virustotal.com/gui/file/79aba8df0169a2d90b4fad63a8df8f6635f7016276079a2517a263e4b2322fa4/detection

194.5.98.244:4044
67.214.175.69:4044
obologs.work.gd

# Reference: https://www.virustotal.com/gui/file/146e9314dabcad733e15ab5e796c53fda2be2b34ea00a0bc03efda9ea674202f/detection

45.133.174.108:2404

# Reference: https://www.virustotal.com/gui/file/5d2b715da7eafff42396f80ed3fedc8be5fb818da6bd9e476d59d49a8db260bc/detection

45.133.174.47:2404
prosir.casacam.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-23%20Remcos%20IOCs

79.134.225.115:6061
bitm.dvrlists.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos%20-%2024082022

184.75.221.195:22614
184.75.221.195:35749
191.101.30.16:22614
184.75.221.195:35749
safetysystemarea.duckdns.org
securewebareaxxx.ddns.net

# Reference: https://twitter.com/c_APT_ure/status/1563259349757468672

103.231.91.59:55026
185.165.153.84:6699
bustabantu1996.ddns.net

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-26%20Remcos%20IOCs

kopadd.yunethosting.rs
mandingo.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/aef88e2d45f4df7c140ed966a391de2da9ebe34936a3300a6cd5ebd90729be0b/detection

http://120.92.102.194
181.141.5.226:8021
dfdgsfgfg.duckdns.org

# Reference: https://www.socinvestigation.com/remcos-rat-new-ttps-detection-response/
# Reference: https://otx.alienvault.com/pulse/630cbb6eb1975f82211a702f
# Reference: https://www.virustotal.com/gui/file/e2816883a7a514fe1a3fbce95c04c2fc735f0c7ab872f7c23978388c42aea5c2/detection

194.147.140.29:4456
falimore001.hopto.org

# Reference: https://tria.ge/220831-e1g52aghak

185.158.251.159:2404

# Reference: https://twitter.com/pollo290987/status/1565474724309778435
# Reference: https://www.virustotal.com/gui/file/0495c0518c4d8f7cb71cdfdd10f4736e11d5d2c7bddbebdd735cf79a86390981/detection

134.19.179.235:31598
mastercoa.co
zbshort.live
vp.mastercoa.co

# Reference: https://twitter.com/c_APT_ure/status/1565631428754345986

163.123.143.143:1664
tzitziklishop1.ddns.net

# Reference: https://otx.alienvault.com/pulse/631737749da32d502398b8d0
# Reference: https://www.virustotal.com/gui/file/f3f903bfd8ee2b9c902e22977a2804ac523c478b0fbd87d5034e39e875782ed1/detection

65.21.9.51:1760
appntw.website

# Reference: https://app.any.run/tasks/daacb7d0-96a7-46c6-8af8-7e8dd7684294/
# Reference: https://www.virustotal.com/gui/file/9e3c6d2f7b4a61b99f97c864da82a42d4e8ab8eacc729618172fbe44bf237155/detection

194.5.98.195:4545
freetogo01.ddns.net

# Reference: https://twitter.com/pollo290987/status/1568310541541580801
# Reference: https://www.virustotal.com/gui/file/48bca1c51f164b95e2f73675cfefdf525bde055caf5c3942bfcee88ff950792d/detection

192.111.146.184:5564
45.83.129.166:5564
newehmpage.webredirect.org

# Reference: https://twitter.com/tosscoinwitcher/status/1570085217507082241
# Reference: https://twitter.com/AttackTrends/status/1614568073129779201
# Reference: https://tria.ge/220914-th1lzsagd4

185.176.220.29:2404
209.145.61.216:2404
genekol.nsupdate.info
genekol1.nsupdate.info
harrywlike1.ddns.net
hendersonk2022.hopto.org

# Reference: https://twitter.com/pmmkowalczyk/status/1571843321428955137
# Reference: https://www.virustotal.com/gui/file/398fdb77c5178377193497b1d19116c647fda7d2d5a7e542ac3628366e7ce8ff/detection

194.147.140.242:10101
194.5.97.59:10101
37.0.14.209:10101
themillions.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1571863696615395329

192.121.102.15:3464
192.121.102.67:3464
193.104.197.103:3464
193.104.197.110:3464
193.104.197.30:3464
193.104.197.79:3464
193.104.197.88:3464
193.104.211.212:3464
37.0.14.204:3464
45.148.4.109:3464
45.148.4.12:3464
45.148.4.3:3464
remnewyear.myddns.me
septrem.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1571900350583508993
# Reference: https://www.virustotal.com/gui/file/22bcff5827e858e9f22a1edeeccc577897103ece173b47c10f7e3a7d0ae6d3f3/detection

163.123.143.208:57952

# Reference: https://twitter.com/pollo290987/status/1572627967137792006
# Reference: https://www.virustotal.com/gui/file/6454523a7bb0aec9d2c66c43447ea65bfe8cff6659b4b4fea26d8919571de430/detection
# Reference: https://www.virustotal.com/gui/file/a646ae729b3f8412fa1e2fd7fe6f4c5a592b3ff7446466c0258bee74f9ef2a62/detection

172.111.234.110:5888
212.192.246.154:41900

# Reference: https://otx.alienvault.com/pulse/6324668c34562390e99611e8

flyerenergy.com
mutaalofomaha.com

# Reference: https://www.virustotal.com/gui/file/28b582488eb5318ec99c37bd78932ea8e641c9ca49cab73145cf25b79935826c/detection

http://194.38.23.170

# Reference: https://twitter.com/StopMalvertisin/status/1576927905652756485
# Reference: https://www.virustotal.com/gui/file/3b44d9aa4abd608f2dd1ec103d734c6402d3cb751dc2f38a46dc682aaa05a6bb/detection

37.0.14.206:6081

# Reference: https://twitter.com/pollo290987/status/1576940654588198917

45.155.165.160:40567

# Reference: https://twitter.com/pollo290987/status/1577292591493545984

185.140.53.160:2404
194.5.98.63:2404
dapsan.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-04%20Remcos%20IOCs
# Reference: https://www.virustotal.com/gui/ip-address/69.49.230.231/relations
# Reference: https://www.virustotal.com/gui/file/a4a20a36599949af2301f68e5e636daf2ab4957d1080ead17bedc5050aea755f/detection

194.5.97.174:6268
37.0.14.208:6268
13-9whm.tk
blhlqqip2.site
blhlqqip3.site
blhlqqip4.site
blhlqqip5.site
kiadsadw1.ga
kiadsadw1.gq
kiadsadw1.ml
kiadsadw1.tk
kiadsadw2.ga
kiadsadw2.gq
kiadsadw2.ml
kiadsadw2.tk
kiadsadw3.cf
kiadsadw3.ga
kiadsadw3.gq
kiadsadw3.tk
kiadsadw4.cf
kiadsadw4.ga
kiadsadw4.ml
kiadsadw4.tk
kiadsadw5.cf
kiadsadw5.ga
kiadsadw5.gq
kiadsadw5.ml
kiadsadw5.tk
kiadsadw6.cf
kiadsadw6.ga
kiadsadw6.gq
kiadsadw6.ml
kiadsadw6.tk
kiadsadw7.cf
kiadsadw7.ga
kiadsadw7.gq
kiadsadw7.ml
kiadsadw7.tk
kiadsadw8.cf
kiadsadw8.ga
kiadsadw8.gq
kiadsadw8.ml
kiadsadw8.tk
kiadsadw9.cf
oclkcwpz5.site
server-ellcz1.cf
server-ellcz1.ga
server-ellcz1.gq
server-ellcz1.ml
server-ellcz1.tk
server-ellcz2.ga
server-ellcz2.gq
server-ellcz2.ml
server-ellcz2.tk
server-ellcz3.cf
server-ellcz3.ga
server-ellcz3.gq
server-ellcz3.ml
server-ellcz3.tk
server-ellcz4.cf
server-ellcz4.ga
server-ellcz4.gq
server-ellcz4.ml
server-ellcz4.tk
server-ellcz5.cf
server-ellcz5.ga
server-ellcz5.gq
server-ellcz5.ml
server-ellcz5.tk
server-ellcz6.cf
server-ellcz6.ga
server-ellcz6.gq
server-ellcz6.ml
server-ellcz6.tk
server-ellcz7.cf
server-ellcz7.ga
server-ellcz7.gq
server-ellcz7.ml
server-ellcz7.tk
server-ellcz8.cf
server-ellcz8.ga
server-ellcz8.gq
server-ellcz8.ml
server-ellcz8.tk
server-ellcz9.cf
server-goeif1.cf
server-goeif1.ga
server-goeif1.gq
server-goeif1.ml
server-goeif1.tk
server-goeif2.cf
server-goeif2.ga
server-goeif2.gq
server-goeif2.ml
server-goeif2.tk
server-goeif3.ga
server-goeif3.gq
server-goeif3.ml
server-goeif3.tk
server-goeif4.cf
server-goeif4.ga
server-goeif4.gq
server-goeif4.ml
server-goeif4.tk
server-goeif5.cf
server-goeif5.ga
server-goeif5.ml
server-goeif5.tk
server-goeif6.cf
server-goeif6.ga
server-goeif6.gq
server-goeif6.ml
server-goeif7.cf
server-goeif7.ga
server-goeif7.gq
server-goeif7.ml
server-goeif7.tk
server-goeif8.cf
server-goeif8.ga
server-goeif8.gq
server-goeif8.ml
server-goeif8.tk
server-goeif9.cf
server-hrmpb1.cf
server-hrmpb1.ga
server-hrmpb1.gq
server-hrmpb1.ml
server-hrmpb1.tk
server-hrmpb2.cf
server-hrmpb2.ga
server-hrmpb2.gq
server-hrmpb2.ml
server-hrmpb2.tk
server-hrmpb3.cf
server-hrmpb3.ga
server-hrmpb3.gq
server-hrmpb3.ml
server-hrmpb4.cf
server-hrmpb4.ga
server-hrmpb4.gq
server-hrmpb4.ml
server-hrmpb4.tk
server-hrmpb5.cf
server-hrmpb5.ga
server-hrmpb5.gq
server-hrmpb5.ml
server-hrmpb5.tk
server-hrmpb6.cf
server-hrmpb6.ga
server-hrmpb6.gq
server-hrmpb6.ml
server-hrmpb6.tk
server-hrmpb7.cf
server-hrmpb7.ga
server-hrmpb7.gq
server-hrmpb7.ml
server-hrmpb7.tk
server-hrmpb8.cf
server-hrmpb8.ga
server-hrmpb8.gq
server-hrmpb8.ml
server-hrmpb8.tk
server-jmxhz1.cf
server-jmxhz1.ga
server-jmxhz1.gq
server-jmxhz1.ml
server-jmxhz2.cf
server-jmxhz2.ga
server-jmxhz2.gq
server-jmxhz2.ml
server-jmxhz2.tk
server-jmxhz3.cf
server-jmxhz3.ga
server-jmxhz3.gq
server-jmxhz3.ml
server-jmxhz3.tk
server-jmxhz4.ga
server-jmxhz4.gq
server-jmxhz4.ml
server-jmxhz4.tk
server-jmxhz5.cf
server-jmxhz5.ga
server-jmxhz5.gq
server-jmxhz5.ml
server-jmxhz5.tk
server-jmxhz6.cf
server-jmxhz6.ga
server-jmxhz6.gq
server-jmxhz6.ml
server-jmxhz6.tk
server-jmxhz7.cf
server-jmxhz7.ga
server-jmxhz7.gq
server-jmxhz7.ml
server-jmxhz7.tk
server-jmxhz8.cf
server-jmxhz8.ga
server-jmxhz8.gq
server-jmxhz8.ml
server-jmxhz8.tk
server-jmxhz9.cf
server-nrcje1.cf
server-nrcje1.gq
server-nrcje1.ml
server-nrcje1.tk
server-nrcje2.cf
server-nrcje2.ga
server-nrcje2.gq
server-nrcje2.ml
server-nrcje2.tk
server-nrcje3.cf
server-nrcje3.ga
server-nrcje3.gq
server-nrcje3.ml
server-nrcje3.tk
server-nrcje4.cf
server-nrcje4.ga
server-nrcje4.gq
server-nrcje4.tk
server-nrcje5.cf
server-nrcje5.ga
server-nrcje5.gq
server-nrcje5.ml
server-nrcje5.tk
server-nrcje6.cf
server-nrcje6.ga
server-nrcje6.ml
server-nrcje6.tk
server-nrcje7.cf
server-nrcje7.ga
server-nrcje7.gq
server-nrcje7.ml
server-nrcje7.tk
server-nrcje8.gq
server-nrcje8.ml
server-nrcje8.tk
server-nrcje9.cf
server-nymyq1.cf
server-nymyq1.ga
server-nymyq1.gq
server-nymyq1.ml
server-nymyq1.tk
server-nymyq2.cf
server-nymyq2.ga
server-nymyq2.gq
server-nymyq2.tk
server-nymyq3.cf
server-nymyq3.ga
server-nymyq3.gq
server-nymyq3.ml
server-nymyq3.tk
server-nymyq4.cf
server-nymyq4.ga
server-nymyq4.gq
server-nymyq4.ml
server-nymyq4.tk
server-nymyq5.cf
server-nymyq5.ga
server-nymyq5.gq
server-nymyq5.ml
server-nymyq6.cf
server-nymyq6.ga
server-nymyq6.gq
server-nymyq6.ml
server-nymyq6.tk
server-nymyq7.cf
server-nymyq7.ga
server-nymyq7.gq
server-nymyq7.tk
server-nymyq8.cf
server-nymyq8.ga
server-nymyq8.gq
server-nymyq8.ml
server-nymyq8.tk
server-nymyq9.cf
server-pxhop1.cf
server-pxhop1.ga
server-pxhop1.gq
server-pxhop1.ml
server-pxhop1.tk
server-pxhop2.cf
server-pxhop2.ga
server-pxhop2.ml
server-pxhop2.tk
server-pxhop3.ga
server-pxhop3.gq
server-pxhop3.ml
server-pxhop3.tk
server-pxhop4.cf
server-pxhop4.gq
server-pxhop4.ml
server-pxhop4.tk
server-pxhop5.cf
server-pxhop5.ga
server-pxhop5.gq
server-pxhop5.ml
server-pxhop5.tk
server-pxhop6.cf
server-pxhop6.ga
server-pxhop6.gq
server-pxhop6.ml
server-pxhop6.tk
server-pxhop7.cf
server-pxhop7.ga
server-pxhop7.gq
server-pxhop7.ml
server-pxhop7.tk
server-pxhop8.cf
server-pxhop8.ga
server-pxhop8.gq
server-pxhop8.ml
server-pxhop8.tk
server-sadwb1.cf
server-sadwb1.ga
server-sadwb1.gq
server-sadwb1.ml
server-sadwb1.tk
server-sadwb2.cf
server-sadwb2.ga
server-sadwb2.gq
server-sadwb2.ml
server-sadwb2.tk
server-sadwb3.cf
server-sadwb3.ga
server-sadwb3.gq
server-sadwb3.ml
server-sadwb3.tk
server-sadwb4.cf
server-sadwb4.ga
server-sadwb4.gq
server-sadwb4.ml
server-sadwb4.tk
server-sadwb5.cf
server-sadwb5.ga
server-sadwb5.gq
server-sadwb5.ml
server-sadwb5.tk
server-sadwb6.cf
server-sadwb6.ga
server-sadwb6.gq
server-sadwb6.ml
server-sadwb6.tk
server-sadwb7.cf
server-sadwb7.gq
server-sadwb7.ml
server-sadwb7.tk
server-sadwb8.cf
server-sadwb8.ga
server-sadwb8.gq
server-sadwb8.ml
server-sadwb8.tk
server-sadwb9.cf
server-uewit1.cf
server-uewit1.ga
server-uewit1.gq
server-uewit1.ml
server-uewit1.tk
server-uewit2.cf
server-uewit2.ga
server-uewit2.gq
server-uewit2.tk
server-uewit3.cf
server-uewit3.ga
server-uewit3.gq
server-uewit3.ml
server-uewit3.tk
server-uewit4.cf
server-uewit4.ga
server-uewit4.gq
server-uewit4.ml
server-uewit4.tk
server-uewit5.cf
server-uewit5.ga
server-uewit5.gq
server-uewit5.ml
server-uewit5.tk
server-uewit6.cf
server-uewit6.ga
server-uewit6.gq
server-uewit6.ml
server-uewit6.tk
server-uewit7.cf
server-uewit7.ga
server-uewit7.gq
server-uewit7.ml
server-uewit7.tk
server-uewit8.cf
server-uewit8.gq
server-uewit8.ml
server-uewit8.tk
server-uewit9.cf
server-uewit9.ga
server-waajo1.cf
server-waajo1.gq
server-waajo1.ml
server-waajo1.tk
server-waajo2.cf
server-waajo2.ga
server-waajo2.gq
server-waajo2.ml
server-waajo2.tk
server-waajo3.ga
server-waajo3.gq
server-waajo3.ml
server-waajo3.tk
server-waajo4.cf
server-waajo4.ga
server-waajo4.gq
server-waajo4.ml
server-waajo4.tk
server-waajo5.cf
server-waajo5.ga
server-waajo5.gq
server-waajo5.ml
server-waajo5.tk
server-waajo6.cf
server-waajo6.ga
server-waajo6.gq
server-waajo6.ml
server-waajo6.tk
server-waajo7.cf
server-waajo7.ga
server-waajo7.gq
server-waajo7.ml
server-waajo7.tk
server-waajo8.cf
server-waajo8.ga
server-waajo8.gq
server-waajo8.ml
server-waajo8.tk
server-waajo9.cf
server-wxmqf1.cf
server-wxmqf1.ga
server-wxmqf1.gq
server-wxmqf1.ml
server-wxmqf2.cf
server-wxmqf2.ga
server-wxmqf2.gq
server-wxmqf2.ml
server-wxmqf2.tk
server-wxmqf3.cf
server-wxmqf3.ga
server-wxmqf3.gq
server-wxmqf3.ml
server-wxmqf3.tk
server-wxmqf4.cf
server-wxmqf4.ga
server-wxmqf4.gq
server-wxmqf4.ml
server-wxmqf4.tk
server-wxmqf5.cf
server-wxmqf5.ga
server-wxmqf5.gq
server-wxmqf5.ml
server-wxmqf5.tk
server-wxmqf6.cf
server-wxmqf6.ga
server-wxmqf6.gq
server-wxmqf6.ml
server-wxmqf6.tk
server-wxmqf7.cf
server-wxmqf7.ga
server-wxmqf7.gq
server-wxmqf7.ml
server-wxmqf7.tk
server-wxmqf8.cf
server-wxmqf8.ga
server-wxmqf8.gq
server-wxmqf8.ml
server-wxmqf8.tk
server-wxmqf9.cf
server-xdkhf1.ga
server-xdkhf1.gq
server-xdkhf1.ml
server-xdkhf1.tk
server-xdkhf2.ga
server-xdkhf2.gq
server-xdkhf2.ml
server-xdkhf2.tk
server-xdkhf3.cf
server-xdkhf3.ga
server-xdkhf3.gq
server-xdkhf3.ml
server-xdkhf3.tk
server-xdkhf4.cf
server-xdkhf4.ga
server-xdkhf4.gq
server-xdkhf4.ml
server-xdkhf4.tk
server-xdkhf5.cf
server-xdkhf5.ga
server-xdkhf5.ml
server-xdkhf5.tk
server-xdkhf6.cf
server-xdkhf6.ga
server-xdkhf6.gq
server-xdkhf6.ml
server-xdkhf6.tk
server-xdkhf7.cf
server-xdkhf7.ga
server-xdkhf7.gq
server-xdkhf7.ml
server-xdkhf7.tk
server-xdkhf8.cf
server-xdkhf8.ga
server-xdkhf8.gq
server-xdkhf8.ml
server-xdkhf8.tk
server-xdkhf9.cf
server-xdkhf9.ga
zelthin.dvrlists.com

# Reference: https://www.virustotal.com/gui/ip-address/162.144.81.198/relations

sped-ailyx1.ga
sped-ailyx1.gq
sped-ailyx1.tk
sped-ailyx2.ga
sped-ailyx2.gq
sped-ailyx2.ml
sped-ailyx2.tk
sped-ailyx3.cf
sped-ailyx3.gq
sped-ailyx3.ml
sped-ailyx3.tk
sped-ailyx4.ga
sped-ailyx4.gq
sped-ailyx4.ml
sped-ailyx4.tk
sped-ailyx5.cf
sped-ailyx5.ga
sped-ailyx5.gq
sped-ailyx5.ml
sped-ailyx5.tk
sped-ailyx6.cf
sped-ailyx6.ga
sped-ailyx6.gq
sped-ailyx6.ml
sped-ailyx6.tk
sped-ailyx7.cf
sped-ailyx7.ga
sped-ailyx7.gq
sped-ailyx7.ml
sped-ailyx7.tk
sped-ailyx8.cf
sped-ailyx8.ga
sped-ailyx8.gq
sped-ailyx8.tk
sped-ailyx9.cf
sped-ailyx9.gq
sped-ailyx9.ml
sped-ejeql1.cf
sped-ejeql1.ga
sped-ejeql1.gq
sped-ejeql1.tk
sped-ejeql2.cf
sped-ejeql2.ga
sped-ejeql2.gq
sped-ejeql2.ml
sped-ejeql2.tk
sped-ejeql3.cf
sped-ejeql3.ga
sped-ejeql3.gq
sped-ejeql3.ml
sped-ejeql3.tk
sped-ejeql4.cf
sped-ejeql4.ga
sped-ejeql4.gq
sped-ejeql4.ml
sped-ejeql4.tk
sped-ejeql5.ga
sped-ejeql5.gq
sped-ejeql5.ml
sped-ejeql5.tk
sped-ejeql6.ga
sped-ejeql6.gq
sped-ejeql6.tk
sped-ejeql7.cf
sped-ejeql7.tk
sped-ejeql8.cf
sped-ejeql8.ga
sped-ejeql8.gq
sped-ejeql8.ml
sped-ejeql8.tk
sped-ejeql9.cf
sped-ejeql9.ga
sped-ejeql9.gq
sped-ejeql9.ml
sped-ejeql9.tk
sped-klyit1.cf
sped-klyit1.ga
sped-klyit1.gq
sped-klyit1.ml
sped-klyit1.tk
sped-klyit2.cf
sped-klyit2.ga
sped-klyit2.gq
sped-klyit2.ml
sped-klyit2.tk
sped-klyit3.ga
sped-klyit3.gq
sped-klyit3.ml
sped-klyit3.tk
sped-klyit4.cf
sped-klyit4.ga
sped-klyit4.gq
sped-klyit4.ml
sped-klyit4.tk
sped-klyit5.ga
sped-klyit5.ml
sped-klyit5.tk
sped-klyit6.cf
sped-klyit6.ga
sped-klyit6.gq
sped-klyit6.tk
sped-klyit7.cf
sped-klyit7.ga
sped-klyit7.ml
sped-klyit8.cf
sped-klyit8.ga
sped-klyit8.gq
sped-klyit8.ml
sped-klyit8.tk
sped-klyit9.cf
sped-klyit9.ga
sped-klyit9.gq
sped-klyit9.ml
sped-wbcfd1.cf
sped-wbcfd1.ga
sped-wbcfd1.gq
sped-wbcfd1.ml
sped-wbcfd2.cf
sped-wbcfd2.ga
sped-wbcfd2.gq
sped-wbcfd2.ml
sped-wbcfd2.tk
sped-wbcfd3.gq
sped-wbcfd3.ml
sped-wbcfd3.tk
sped-wbcfd4.cf
sped-wbcfd4.ml
sped-wbcfd4.tk
sped-wbcfd5.cf
sped-wbcfd5.ga
sped-wbcfd5.gq
sped-wbcfd5.ml
sped-wbcfd5.tk
sped-wbcfd6.cf
sped-wbcfd6.gq
sped-wbcfd6.tk
sped-wbcfd7.cf
sped-wbcfd7.ga
sped-wbcfd7.ml
sped-wbcfd7.tk
sped-wbcfd8.cf
sped-wbcfd8.ga
sped-wbcfd8.gq
sped-wbcfd8.ml
sped-wbcfd8.tk
sped-wbcfd9.cf
sped-wbcfd9.ga
sped-wbcfd9.gq
sped-wbcfd9.ml
sped-wbcfd9.tk
sped-xwctm1.cf
sped-xwctm1.ga
sped-xwctm1.gq
sped-xwctm1.ml
sped-xwctm1.tk
sped-xwctm2.cf
sped-xwctm2.ga
sped-xwctm2.ml
sped-xwctm2.tk
sped-xwctm3.cf
sped-xwctm3.ga
sped-xwctm3.ml
sped-xwctm3.tk
sped-xwctm4.cf
sped-xwctm4.ga
sped-xwctm4.ml
sped-xwctm4.tk
sped-xwctm5.cf
sped-xwctm5.ga
sped-xwctm5.gq
sped-xwctm5.ml
sped-xwctm5.tk
sped-xwctm6.cf
sped-xwctm6.ga
sped-xwctm6.gq
sped-xwctm6.tk
sped-xwctm7.ga
sped-xwctm7.gq
sped-xwctm7.ml
sped-xwctm7.tk
sped-xwctm8.cf
sped-xwctm8.ga
sped-xwctm8.gq
sped-xwctm8.tk
sped-xwctm9.cf
sped-xwctm9.ga
sped-xwctm9.gq
sped-xwctm9.ml
uiu-auzq1.cf
uiu-auzq1.ga
uiu-auzq1.gq
uiu-auzq1.ml
uiu-auzq1.tk
uiu-auzq2.cf
uiu-auzq2.gq
uiu-auzq2.ml
uiu-auzq2.tk
uiu-auzq3.cf
uiu-auzq3.ga
uiu-auzq3.ml
uiu-auzq4.cf
uiu-auzq4.ga
uiu-auzq4.gq
uiu-auzq4.ml
uiu-auzq4.tk
uiu-auzq5.ga
uiu-auzq5.gq
uiu-auzq5.ml
uiu-auzq5.tk
uiu-auzq6.cf
uiu-auzq6.ga
uiu-auzq6.gq
uiu-auzq6.ml
uiu-auzq6.tk
uiu-auzq7.ga
uiu-auzq7.gq
uiu-auzq8.cf
uiu-auzq8.ga
uiu-auzq8.gq
uiu-auzq8.ml
uiu-auzq8.tk
uiu-auzq9.cf
uiu-hajs1.cf
uiu-hajs1.ga
uiu-hajs1.gq
uiu-hajs1.ml
uiu-hajs1.tk
uiu-hajs2.cf
uiu-hajs2.ga
uiu-hajs2.gq
uiu-hajs2.ml
uiu-hajs2.tk
uiu-hajs3.cf
uiu-hajs3.ga
uiu-hajs3.gq
uiu-hajs3.ml
uiu-hajs3.tk
uiu-hajs4.cf
uiu-hajs4.ga
uiu-hajs4.gq
uiu-hajs4.ml
uiu-hajs4.tk
uiu-hajs5.cf
uiu-hajs5.ga
uiu-hajs5.gq
uiu-hajs5.ml
uiu-hajs5.tk
uiu-hajs6.cf
uiu-hajs6.ga
uiu-hajs6.gq
uiu-hajs6.ml
uiu-hajs6.tk
uiu-hajs7.cf
uiu-hajs7.ga
uiu-hajs7.gq
uiu-hajs7.ml
uiu-hajs7.tk
uiu-hajs8.cf
uiu-hajs8.ga
uiu-hajs8.gq
uiu-hajs8.ml
uiu-hajs9.cf
uiu-iksk1.cf
uiu-iksk1.ga
uiu-iksk1.gq
uiu-iksk1.tk
uiu-iksk2.cf
uiu-iksk2.ga
uiu-iksk2.gq
uiu-iksk2.ml
uiu-iksk2.tk
uiu-iksk3.cf
uiu-iksk3.ga
uiu-iksk3.gq
uiu-iksk3.ml
uiu-iksk3.tk
uiu-iksk4.cf
uiu-iksk4.ga
uiu-iksk4.gq
uiu-iksk4.ml
uiu-iksk4.tk
uiu-iksk5.cf
uiu-iksk5.ga
uiu-iksk5.gq
uiu-iksk5.ml
uiu-iksk5.tk
uiu-iksk6.cf
uiu-iksk6.ga
uiu-iksk6.gq
uiu-iksk6.ml
uiu-iksk6.tk
uiu-iksk7.cf
uiu-iksk7.ga
uiu-iksk7.gq
uiu-iksk7.ml
uiu-iksk7.tk
uiu-iksk8.cf
uiu-iksk8.ga
uiu-iksk8.gq
uiu-iksk8.ml
uiu-iksk8.tk
uiu-iksk9.cf
uiu-peho1.cf
uiu-peho1.ga
uiu-peho1.gq
uiu-peho1.ml
uiu-peho1.tk
uiu-peho2.cf
uiu-peho2.ga
uiu-peho2.gq
uiu-peho2.ml
uiu-peho2.tk
uiu-peho3.cf
uiu-peho3.ga
uiu-peho3.gq
uiu-peho3.ml
uiu-peho3.tk
uiu-peho4.cf
uiu-peho4.ga
uiu-peho4.gq
uiu-peho4.ml
uiu-peho4.tk
uiu-peho5.cf
uiu-peho5.ga
uiu-peho5.gq
uiu-peho5.ml
uiu-peho5.tk
uiu-peho6.cf
uiu-peho6.gq
uiu-peho6.ml
uiu-peho6.tk
uiu-peho7.cf
uiu-peho7.ga
uiu-peho7.gq
uiu-peho7.ml
uiu-peho7.tk
uiu-peho8.cf
uiu-peho8.ga
uiu-peho8.gq
uiu-peho8.ml
uiu-peho8.tk
uiu-peho9.cf
uiu-unky1.cf
uiu-unky1.ga
uiu-unky1.gq
uiu-unky1.ml
uiu-unky1.tk
uiu-unky2.cf
uiu-unky2.ga
uiu-unky2.gq
uiu-unky2.ml
uiu-unky2.tk
uiu-unky3.cf
uiu-unky3.ga
uiu-unky3.gq
uiu-unky3.ml
uiu-unky3.tk
uiu-unky4.cf
uiu-unky4.ga
uiu-unky4.gq
uiu-unky4.ml
uiu-unky4.tk
uiu-unky5.cf
uiu-unky5.ga
uiu-unky5.ml
uiu-unky5.tk
uiu-unky6.cf
uiu-unky6.ga
uiu-unky6.gq
uiu-unky6.ml
uiu-unky6.tk
uiu-unky7.cf
uiu-unky7.ga
uiu-unky7.gq
uiu-unky7.ml
uiu-unky7.tk
uiu-unky8.cf
uiu-unky8.ga
uiu-unky8.gq
uiu-unky8.ml
uiu-unky8.tk
uiu-unky9.cf
uiu-uwim1.cf
uiu-uwim1.ga
uiu-uwim1.gq
uiu-uwim1.ml
uiu-uwim1.tk
uiu-uwim2.cf
uiu-uwim2.ga
uiu-uwim2.gq
uiu-uwim2.ml
uiu-uwim2.tk
uiu-uwim3.cf
uiu-uwim3.ga
uiu-uwim3.gq
uiu-uwim3.ml
uiu-uwim3.tk
uiu-uwim4.cf
uiu-uwim4.ga
uiu-uwim4.gq
uiu-uwim4.ml
uiu-uwim4.tk
uiu-uwim5.cf
uiu-uwim5.ga
uiu-uwim5.gq
uiu-uwim5.ml
uiu-uwim5.tk
uiu-uwim6.cf
uiu-uwim6.ga
uiu-uwim6.gq
uiu-uwim6.ml
uiu-uwim6.tk
uiu-uwim7.cf
uiu-uwim7.ga
uiu-uwim7.gq
uiu-uwim7.ml
uiu-uwim7.tk
uiu-uwim8.cf
uiu-uwim8.ga
uiu-uwim8.gq
uiu-uwim8.ml
uiu-uwim8.tk
uiu-uwim9.cf

# Reference: https://twitter.com/reecdeep/status/1577668826149306370

45.155.165.117:50005

# Reference: https://twitter.com/MalwarePatrol/status/1577725883074256896

http://194.190.152.126

# Reference: https://www.virustotal.com/gui/file/575b64f8214eb883148c52f8231326446c513181646708e34aa5d7638175527a/detection

carsond5.hopto.org

# Reference: https://twitter.com/pollo290987/status/1578047147676778497
# Reference: https://www.virustotal.com/gui/file/c699c6b1b668b088471e74e8ac09145ced97a45a0db6c59657040257fdc8508e/detection

163.123.142.150:1492
ban318937.sytes.net

# Reference: https://twitter.com/pollo290987/status/1579485354012573696

nonprofit2.mywire.org

# Reference: https://www.virustotal.com/gui/file/a125e30eb975835c5dc09562a25c94891270b1e3ca4f920435aecd1a5ea5653b/detection

81.161.229.148:5050
valvesco.duckdns.org

# Reference: https://tria.ge/220810-txhpqacdfn/behavioral1

212.193.30.230:1024
zyt2.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/1009c900538dc157a378812cec6b2528219cf5133b59b4832456ad0bfa06c139/detection

194.87.84.40:2718

# Reference: https://www.virustotal.com/gui/file/d1a2c9b8c53aac7c1b54ef1356ed4ef8af9c0e5cca965bb757ddad436d30bf1b/detection

173.254.223.68:4040
royal.giize.com

# Reference: https://www.virustotal.com/gui/file/eb6b893999f716633ae89a1ace89ae407e07017ff347b23a5b7753f44732014d/detection

141.98.6.108:15672

# Reference: https://www.virustotal.com/gui/file/0516858d158e7596381b33f25fbd178516e5d6260ddc1e96ad0de562c282af7d/detection

91.192.100.7:1995
ableyahweh.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ebf9e88c69338a8acd1bda024bf02c79e3ab357277f885dbdfb4f601623d5d6/detection

91.193.75.9:1990
amblessed.ddns.net

# Reference: https://www.virustotal.com/gui/file/a9399adef4f9beec911d353838ce6cbd5a4eeb83e1a6261b61d2b705c87d765a/detection

46.246.6.73:3669
46.246.84.6:3669

# Reference: https://twitter.com/0xToxin/status/1585274213438472194
# Reference: https://www.virustotal.com/gui/file/8c298764818ca42411115429c1f819577f5ece4d0c3dad949ea46a9ec4b49634/detection

185.225.18.106:2404
hotsdefender.webredirect.org

# Reference: https://www.virustotal.com/gui/file/929df8a15e583ad6b64698fb702cf44183f0d726d86cada07cf072d7f9f74913/detection

193.47.61.205:3542

# Reference: https://www.virustotal.com/gui/file/2f152a8da309e2878e0414477e27d6d041237de92c90f15e371c26ed9344cc40/detection

188.214.106.88:50943

# Reference: https://twitter.com/r3dbU7z/status/1589781653693804544
# Reference: https://tria.ge/221107-j1421shgaj/behavioral2

46.246.6.17:2404
46.246.6.5:2404
nuevosremcs.duckdns.org

# Reference: https://tria.ge/221117-kq1saaaa7y/behavioral1

207.244.231.35:35280
rmcos.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1597421863139160064
# Reference: https://tria.ge/221129-c4pyyaha78/behavioral1

185.246.220.39:1307
drremcoz1.ddns.net

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/08a87793c7ca10af688ef68cf54f4e5a632bef11145a60c6e48027ca91c386a5/detection

http://79.110.63.18
79.110.62.46:50499

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/284749a242c7dcee6d5f8d71bb4de12ccbc7f7acc24a8fb795859b0393f23577/detection

41.216.183.226:41900

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/3202335b43868780fc9f77d4b021c64615ba8bd148684a5d707b64f115d6fa82/detection

79.134.225.16:7967

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/7f6e79aba77c7a0d80ae08f8dabf96e340c06b9da219bc3d6c8fe38b6b33e9c1/detection

91.193.75.214:16662
obscurelegend.dvrlists.com

# Reference: https://gist.github.com/silence-is-best/213f7b2112a46acd56ceb78bf79286a8
# Reference: https://www.virustotal.com/gui/file/af967c81efde1833856442e497edcfc5da28b6af7940d985bb297fe8c6e3d0f7/detection

84.21.172.33:5763

# Reference: https://www.virustotal.com/gui/file/fa965dc6edbb0e244cef4ecab1dabb2d04c9c174e42ac25c60f463237bcea16b/detection

194.180.48.184:3542

# Reference: https://www.virustotal.com/gui/file/38eaa97605a5428cd10700e2fbfe0bd84c75052abdc963bf6ad151fee74f6130/detection

84.21.172.179:1988
dianmelek.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e85461238ebb99ee7d96d576e2b9a6b9e886ef11da937cf9c4cdc7c4746dde7f/detection

84.21.172.179:58001

# Reference: https://twitter.com/c_APT_ure/status/1603349872735920128
# Reference: https://bazaar.abuse.ch/sample/b13c979dae8236f1e7f322712b774cedb05850c989fc08312a348e2385ed1b21/

213.152.161.219:19888
213.152.161.79:19888
toornavigator.sytes.net

# Reference: https://www.virustotal.com/gui/file/cd676ef098fec646d192a9c14099ade8f10709ee793ee820457e6dc46c02fc5e/detection
# Reference: https://www.virustotal.com/gui/file/ce4085be9c0cea2fdaa6145e86166b051222fcc96eac12e1668d803a6b97ebfe/detection

194.5.97.174:656
tpergtbe2.ml

# Reference: https://www.virustotal.com/gui/file/dfdfddf99781b2553c12dc0eaa764c585279eaa29b70654a11bdc238b6af945e/detection
# Reference: https://www.virustotal.com/gui/file/c4fa78775e976b5e30d4f2fb71d48b068b3dc27d625972296fd5cc28c58eb1c0/detection

79.134.225.28:161
pharmacologicalembrz.ml

# Reference: https://www.virustotal.com/gui/file/3b2c104c6eb24ddf6033a3d0b437b9cb7f58484166b85b2424fe6722fe98c324/detection

41.58.118.71:37186
79.134.225.74:37186
whizzle456.duckdns.org
whizzle654321.serveftp.com

# Reference: https://www.virustotal.com/gui/file/c17492c8733386e70b6a3c5432da0a049e1f659f00a767e086a73813a9162c29/detection

209.209.238.36:16152
209.209.238.36:5880
15prill.dyndns.tv
15prill.sytes.net

# Reference: https://www.virustotal.com/gui/file/338a5d0cf39f62e64dce26cdff1f685d1b80e154ccfa41d0291bfc290d5d8d60/detection

2020.hopto.org

# Reference: https://twitter.com/Racco42/status/1612697711475572738
# Reference: https://app.any.run/tasks/46f2915c-5ebc-447d-976c-f4cfc4339f67/

37.139.128.24:2404

# Reference: https://www.virustotal.com/gui/file/fe39457c9d93744d4bf8e6e08fd4ac9b69966ef2d48588e61160f234a202123b/detection

109.206.243.198:2404

# Reference: https://tria.ge/230112-jptf5sfe26/behavioral2

37.0.14.207:2404
christopherferr.com

# Reference: https://www.virustotal.com/gui/file/0523d273cebb43b4eeba323fc371749c3ed1830ece59c762103f2851128f0722/detection

141.95.84.40:2405

# Reference: https://www.virustotal.com/gui/file/f925b063bdb5c518a812bdfc0281699c73819fa49d27f2a68d0d7c4b2dd9d604/detection

141.95.84.40:3232

# Reference: https://www.virustotal.com/gui/file/f59e46dee3832fe72f66d55121bacd2863022292407b1278acbbe5abf6e6ead9/detection

141.95.84.40:2411
141.95.84.40:3333

# Reference: https://www.virustotal.com/gui/file/da75b0a4f9e3b9106c2ab1a393b8c5fef9046ba29e498f889d3ff92c5c6760f3/detection

141.95.84.40:4090

# Reference: https://www.virustotal.com/gui/file/d72b9f4910cbe10f8d1b3eeb7096f26412fce2b735c9929c354d8f20265aba50/detection

141.95.84.40:2412

# Reference: https://www.virustotal.com/gui/file/5f22fce8c855d810422147bed37ed543c0b187652397e2854b7184fae0a5042f/detection

141.95.84.40:7171

# Reference: https://www.virustotal.com/gui/file/2f53875cb56cc1a1f69655fcfca71ac0f952b8d582bda33e101d8b262e38d0f9/detection

141.95.84.40:2606

# Reference: https://www.virustotal.com/gui/file/2bbf5987d936a4c437176ae1d7bff6de9ad5a39d5a5c77038559a8e1dc93b0c5/detection

141.95.84.40:3055

# Reference: https://www.virustotal.com/gui/file/f854ee6b89136167029b67a2b53c55d438df3099530b352d3e7766daaba9369d/detection

84.21.172.49:4890

# Reference: https://www.virustotal.com/gui/file/0b369a736f1f26563fde964ce5a3e43e6ef527a274ba336b701a7c8c34957541/detection

195.178.120.12:55988
thekillforabuse1.xyz
top.thekillforabuse1.xyz

# Reference: https://twitter.com/petrovic082/status/1614957930633101312
# Reference: https://www.virustotal.com/gui/file/41bebe4ac472b4e0d768fd1b4af192d8685380dd7a86c2341e6958b99c49e8cf/detection

195.178.120.12:1068
hirosguide.hu/ti/

# Reference: https://twitter.com/peterkruse/status/1616424231998210049
# Reference: https://www.virustotal.com/gui/ip-address/181.141.4.137/relations
# Reference: https://www.virustotal.com/gui/file/d6d3cfd0832e5bff7d52697ff3383e23f778957577361f5628922f2a6f0e7dab/detection

181.141.4.137:2001
181.141.4.137:2002
estroyer.con-ip.com
francia.con-ip.com
inglaterra.con-ip.com
lucas.con-ip.com
marruecos.con-ip.com
nacional.con-ip.com
rafael.con-ip.com
rober.con-ip.com
rusia.con-ip.com
social.con-ip.com

# Reference: https://twitter.com/c_APT_ure/status/1615840721227120641
# Reference: https://www.virustotal.com/gui/file/fdbd71c8d64f2707a4c035b246e720504299fac3d8d7ed69af76a2de55f390db/detection

37.0.14.211:3426
skg08.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ba191102fc7fc2a29c3bfd4e6bdf51863982f754c7d7663dcb47af3cbdd42181/detection

37.0.14.211:2404
dansanija.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/

http://104.168.45.122
http://13.124.14.174
http://179.43.155.153
http://52.62.144.52
http://79.110.63.66
103.125.189.83:61328
103.231.91.59:25298
104.223.119.26:7733
104.223.19.115:2404
104.223.67.132:2404
104.254.90.203:42940
104.254.90.251:5502
107.174.202.148:14207
109.206.240.68:50544
109.206.240.6:2405
109.206.243.162:53399
109.70.144.69:3535
109.70.144.79:2000
109.70.144.79:2525
128.127.104.80:5502
134.19.179.243:47855
139.28.36.147:50147
139.28.36.170:50197
139.28.39.161:2408
141.95.16.111:2404
141.98.101.133:5502
141.98.6.9:4500
142.147.97.189:1604
146.70.158.105:9674
146.70.79.79:5050
147.135.146.243:1960
149.202.24.70:1960
149.202.8.123:2404
15.235.53.10:3005
151.106.30.13:1960
155.94.136.147:2409
155.94.136.161:2404
155.94.136.202:2404
155.94.185.15:2404
157.90.145.151:1441
157.90.145.151:2158
161.129.44.36:5888
163.123.142.150:1993
163.123.142.150:9900
164.68.105.38:1960
171.22.30.101:59301
171.22.30.122:2406
171.22.30.129:5890
172.81.61.215:5050
172.93.164.93:2404
172.93.166.85:2404
172.93.187.111:2404
172.94.127.61:3389
172.94.88.33:8080
172.96.14.13:2404
172.96.14.18:2404
173.212.217.108:1050
173.44.55.155:5502
176.126.86.245:62520
178.162.204.238:7913
179.43.155.153:443
180.214.238.18:55898
181.128.108.153:3078
184.75.221.107:42940
185.106.93.201:1337
185.136.161.189:1960
185.136.163.102:1960
185.136.168.135:49177
185.136.170.229:1960
185.136.171.105:1960
185.146.88.243:2404
185.156.174.115:32763
185.157.162.115:2404
185.161.209.113:2404
185.165.153.181:6666
185.169.52.127:2404
185.189.112.27:30544
185.202.175.248:2404
185.206.225.51:18853
185.206.225.59:28027
185.216.71.245:6113
185.216.71.62:46193
185.222.58.243:8780
185.222.58.245:2404
185.222.58.53:1190
185.222.58.53:2049
185.222.58.57:1960
185.225.74.134:13579
185.225.74.148:2404
185.236.76.65:50544
185.246.131.246:333
185.246.220.130:2987
185.246.220.53:50434
185.246.220.63:3285
185.246.221.36:54794
185.252.178.35:41900
185.255.113.251:2404
185.36.191.22:58010
185.65.134.164:57012
185.65.134.165:59301
185.65.134.166:55433
185.65.134.167:55898
185.65.134.167:59301
185.65.134.182:59301
185.9.19.107:11274
185.9.19.107:8716
188.72.124.143:2295
191.101.130.149:2404
191.101.130.149:6606
191.101.130.149:7707
191.101.130.149:8808
191.101.130.24:2404
192.169.69.25:48604
193.23.3.128:28364
193.23.3.34:43672
193.25.214.194:2404
193.29.104.13:8954
193.42.32.19:2409
193.42.33.124:5050
193.47.61.170:22022
194.147.140.100:2207
194.147.140.12:7982
194.147.140.153:1997
194.147.140.168:1985
194.147.140.197:34574
194.147.140.242:2556
194.147.140.24:7657
194.147.140.32:1970
194.147.140.32:4670
194.147.140.6:4485
194.147.140.7:4770
194.180.48.225:1024
194.180.49.17:28282
194.187.251.163:3573
194.190.152.126:80
194.5.98.133:1978
194.5.98.141:2442
195.133.40.119:1993
195.133.40.168:54345
198.20.177.164:3200
198.23.207.34:2404
198.46.173.141:50482
198.46.173.141:50484
198.46.177.210:50483
198.50.231.138:2409
20.251.10.189:2349
20.38.32.202:2347
206.188.197.133:2404
208.67.107.123:8780
208.67.107.146:28288
212.193.30.230:2286
212.193.30.230:3330
212.193.30.230:3343
212.193.30.230:3348
212.193.30.230:3366
212.193.30.230:6320
212.23.211.238:26009
212.87.204.116:42836
212.87.204.130:48591
213.152.161.30:5502
213.152.161.5:53513
213.152.161.85:26342
213.152.162.94:28027
213.152.186.40:53513
213.183.58.19:4000
217.61.105.139:2404
217.64.127.195:18538
217.64.127.195:52651
23.105.131.186:1967
23.105.131.206:1978
23.105.131.238:1212
23.19.227.171:2404
23.19.227.82:1986
31.192.232.48:1991
31.192.232.48:2000
31.192.232.48:2255
31.192.232.48:3455
37.0.14.199:1985
37.0.14.203:2404
37.0.14.204:6969
37.0.14.206:2404
37.0.14.216:20901
37.120.155.179:8716
37.139.128.4:52324
37.139.128.4:54345
41.216.183.195:3060
41.216.183.96:50505
41.216.183.96:55055
45.128.234.54:55433
45.128.234.54:57012
45.137.118.105:443
45.137.22.116:2404
45.137.22.236:5890
45.137.22.248:8780
45.137.22.77:8780
45.138.16.39:5202
45.138.172.94:2404
45.139.105.174:10929
45.139.105.174:2210
45.139.105.174:3111
45.139.105.174:3132
45.139.105.174:5890
45.139.105.174:6320
45.155.165.117:40004
45.155.165.117:56243
45.155.165.139:57604
45.62.170.248:2444
45.66.151.212:1960
45.81.243.246:2022
45.81.39.21:2404
45.82.84.10:2408
45.87.61.104:3033
45.88.66.122:54321
46.183.216.163:8107
46.183.217.11:64702
46.183.223.57:7888
5.206.227.115:2404
5.42.199.110:1703
51.161.212.232:2406
51.161.212.232:2407
51.210.137.26:2404
51.210.137.26:3345
51.210.137.26:5656
51.75.209.245:2404
51.75.209.245:2406
52.9.61.96:2404
62.102.148.160:43219
64.112.85.218:4888
64.44.102.244:1960
65.21.9.53:1104
66.63.168.35:5888
78.138.105.209:1986
79.110.63.178:8974
79.134.225.109:2404
79.134.225.115:2442
79.134.225.116:2404
79.134.225.119:3035
79.134.225.23:1097
79.134.225.36:3400
79.134.225.36:3404
79.134.225.6:62520
79.134.225.94:5050
79.134.225.98:2404
79.142.69.160:24103
80.66.75.36:53777
80.66.75.41:11114
80.66.75.41:1445
80.66.75.41:33222
80.66.75.51:2290
80.85.153.132:2442
81.161.229.194:28888
83.229.39.38:2404
84.38.132.103:2404
85.31.44.145:28888
85.31.44.145:41900
85.31.46.94:5050
87.121.221.150:50012
87.121.221.29:47891
88.209.254.28:2404
89.37.99.49:5888
89.45.6.58:54841
91.192.100.12:2404
91.192.100.20:7967
91.192.100.23:2404
91.192.100.41:8600
91.192.100.48:1979
91.193.75.134:8877
91.193.75.163:10171
91.193.75.179:8780
91.193.75.188:60005
91.200.102.59:2404
91.231.84.41:10929
91.231.84.41:22824
91.231.84.41:52651
95.111.251.64:1405
96.44.132.182:2404
arttronova124.duckdns.org
arttronova23.duckdns.org
aryexpcrt.ddns.net
aza.mastercoa.co
bendiciones777.con-ip.com
blessed.mypsx.net
bmarch459.sytes.net
brremcoz1.ddns.net
bustabantu0817.duckdns.org
caliente.con-ip.com
calvo.con-ip.com
casamami.con-ip.com
craigjonson91211.freedynamicdns.net
cryptersandtools-70d26.appspot.com
dapsan.biz
destroyer.con-ip.com
eaidali101.ddns.net
emberluck.duckdns.org
favgrandson7.sytes.net
fineboy.andosela.xyz
god7.duckdns.org
harvard.zapto.org
iehvihciuwgcihw.con-ip.com
ischishdiuchwdc.con-ip.com
liloskyxpgrot.duckdns.org
loft.london
march4great.ddns.net
maz.mastercoa.co
mazhararyousaf.ddns.net
mesa67279.sytes.net
muwkege4.zapto.org
ndimmiri.hopto.org
noforabusers1.xyz
noneabuse01.xyz
nonprofit2.webredirect.org
not2beabused02.xyz
nuevocarro.con-ip.com
nwconstructions.us
ogcmaw.duckdns.org
palma.con-ip.com
powerstationinfinite.online
remfff.duckdns.org
richardskoug34.ddns.net
santiagoroblesplata.con-ip.com
sas.yuldede.com
sdhbcsidhvosdhv.con-ip.com
seanblacin.sytes.net
sub.not2beabused02.xyz
svervhiubvdc.con-ip.com
tochukwu1122.ddns.net
top.noforabusers1.xyz
top.noneabuse01.xyz
top.not2beabused01.xyz
toshiba1122.ddns.net
ucremcz1.ddns.net
wudciwhefhgw.duckdns.org
yasinkayites.ddns.net

# Reference: https://www.virustotal.com/gui/file/f6847b746e97fbfbf29670e635317472fbfd5524e1f2d9d34bf78a3d15e9a7e3/detection

181.235.5.74:2427
contifico.con-ip.com

# Reference: https://twitter.com/r3dbU7z/status/1621166936703877120
# Reference: https://www.virustotal.com/gui/file/7255c52bd792b4078fb2bc5924259cc3becada28ea69afb76f26a7b2eb2f28cd/detection

185.246.220.63:3689

# Reference: https://www.virustotal.com/gui/file/4c95e2b5198e322af6ec97711dec10264d68c37eb27c19a6ad884430f0e0f638/detection

142.147.97.189:2404
ezeife.kozow.com

# Reference: https://twitter.com/Cyber0verload/status/1623752663153221632
# Reference: https://cert.gov.ua/article/3804703 (# UAC-0050)
# Reference: https://www.virustotal.com/gui/ip-address/80.78.254.28/relations
# Reference: https://www.virustotal.com/gui/file/f1103f0e35b7b47f020f951f07a87c74275aacec6a2610690a0f80e34e8eae73/detection
# Reference: https://www.virustotal.com/gui/file/5047f53e2e496b38b1a11bc856c79d6602fb28f7a0b16a4c4082845dee225677/detection
# Reference: https://www.virustotal.com/gui/file/ca408a4f313a8dc8afe42b490e74b345d758bc319c0b5b251f03fed84e8deb0e/detection

101.99.91.158:5222
124.88.67.67:5222
124.88.67.98:5222
178.23.190.252:8080
178.23.190.253:8080
178.23.190.254:8080
178.23.190.54:8080
94.131.99.153:5222
94.131.99.153:8080
94.131.99.156:5222
94.131.99.56:5222
94.131.99.89:5222
industrial-safety.online
telecomds.online
mail.industrial-safety.online

# Reference: https://www.virustotal.com/gui/file/174d22ee27fbd8ea4dfedfcd32765e3fc48a39de6a8e7ddffbf2038ac75ac6a5/detection

147.185.221.223:10558
147.185.221.223:10559
147.185.221.223:10560
147.185.221.223:10561
147.185.221.223:10562
147.185.221.223:10563
financial-replication.at.playit.gg
kit-era.at.playit.gg
second-serving.at.playit.gg
services-bone.at.playit.gg
sort-perceived.at.playit.gg
time-trigger.at.playit.gg

# Reference: https://twitter.com/r3dbU7z/status/1621535413167874050
# Reference: https://www.virustotal.com/gui/file/73d0dbd4654e3711bb0c4feb8f8e580e3069cb8ae4477799d1db4c566ebd918b/detection

192.99.180.181:2404

# Reference: https://www.virustotal.com/gui/file/fe77b458294e45cb53caf1354ad3e7bba1ea24f8f45c2ee6b33d65ff8052fabb/detection
# Reference: https://www.virustotal.com/gui/file/051c452acf3d8aca8cc7044c8a7a15722cbc146c756789c08f90ade3a4be3d94/detection
# Reference: https://www.virustotal.com/gui/file/d4dbaf7206b04968b0b555406e6e3d8e37eff3eecb2556bd88a3a349bfcab2ae/detection
# Reference: https://www.virustotal.com/gui/file/a2ddaa327b7712ee58f7809794540157d2433bd27aca885cdc98893cf8eebf53/detection

192.169.69.26:2404
80.76.51.46:2404
92.222.212.90:2404
rlbotz.duckdns.org
thorami.duckdns.org
tridengames.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4/detection

142.44.214.143:9051
34.122.119.165:9215
34.173.190.11:9217
35.184.164.194:9212
35.192.147.46:9211
including-bugs.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/fd41341e7936b32a7952b587ded5e3160068656feb358d9ace34e53e508a3f84/detection
# Reference: https://www.virustotal.com/gui/file/ada41a94c2faec325a2e2234c68b80b1309f9e0bd754494fcba5f9f10f6bc260/detection

154.12.234.207:2404
209.126.83.213:2404
retsuportm.ddnsfree.com

# Reference: https://cert.gov.ua/article/3931296 (Ukrainian)

101.99.91.124:5222
101.99.91.170:5222
101.99.91.176:5222
101.99.93.104:5222
111.90.148.194:5222
111.90.148.194:81
217.69.139.209:5222
217.69.139.209:81
217.69.139.232:81
217.69.139.243:81
77.91.100.6:5222
77.91.100.9:5222
94.131.99.159:5222
courtbox.online
courtgova.online
courtgova.site

# Reference: https://www.virustotal.com/gui/file/bb369b5310b6d9812c46d64a408f7556fad21376d1d0c854c43309b2dac34552/detection

37.0.14.209:6299
no4abuse1.xyz
top.no4abuse1.xyz

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

37.0.14.209:2025
zytt.dvrlists.com

# Reference: https://www.virustotal.com/gui/file/e7e71fa866ba62d702c610faec93f3618e3af846f9244b11ba3bba3179b58ce8/detection
# Reference: https://www.virustotal.com/gui/file/35077e72a589bccd4ddab3a75c7ff5d90421d4e79c1cc582c610f31e63f3f24b/detection

185.19.85.162:4939
79.134.225.82:4939
84.38.134.104:4939
backupfrontmanny.duckdns.org
myfrontmannyfour.ddns.net

# Reference: https://www.virustotal.com/gui/file/94798c0478f2ecebff0e05360bb8c6f4646fa267811d15e9d534c7067225df97/detection

194.147.140.242:2556
mercyandgrace.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3e18068bd0a755b56b0a23b68b6bf56542f675e0870e20c5e29fc9877ca56267/detection
# Reference: https://www.virustotal.com/gui/file/c2c285151064d2e8fee89d61084df820145e2f65a9798a9264ae0339e6789cf1/detection

http://195.2.79.233
193.188.22.218:4449

# Reference: https://www.virustotal.com/gui/file/82f9f17c738ca81deec5af268b89385215b9995231bb278ca1f3d5f21a09bac7/detection
# Reference: https://www.virustotal.com/gui/file/fd3002c39c81e97b390ccc699b4fbbce86e34ce784df963ae7ed85521c354cc8/detection

162.125.34.133:5854
202.160.130.145:5854
polyxxx.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/3706c1a1a2f12ff1cb47e856954190bab2ff09e46e7c917054a63c00bff57a64/detection

futjaparasetafusin.isa-geek.net

# Reference: https://www.virustotal.com/gui/file/2c05a049d94c304aa3895af58e8d4e5b0e33c7e4dda10bfcb5f3daeeb32b5227/detection
# Reference: https://www.virustotal.com/gui/file/b7b9713d2d43703ef4b66c2df66386453513be78efd25a50ffbe90db656fe472/detection

185.213.154.164:9535
rroki123.linkpc.net
shkurt2019.access.ly
thejerm.cable-modem.org

# Reference: https://www.virustotal.com/gui/file/1fe71ac0c89a0f467c54820e5a95423e71daf94861a8eb26775b788237658199/detection

j1kkkc.is-very-evil.org

# Reference: https://www.virustotal.com/gui/file/aefc0b8991380d4ed310f40efd7426c405ea19aeb2ede611b7f22117c31a3cfe/detection

boutiquezara.myftp.biz
cctv.zapto.org

# Reference: https://www.virustotal.com/gui/file/03afb1b7954f0e777e41101fec1cdab213cb8ce1e836556acb72c9ab73cd3b66/behavior

91.180.129.59:20377

# Reference: https://www.virustotal.com/gui/file/257cf39ae78d946effda763508911f7bb0688962813ef8d006b5e6a0f7327426/detection

141.98.255.145:56134

# Reference: https://www.virustotal.com/gui/file/3af3cffefa2df2c079f2901470005de5c361357e1072fd234226d72ea2214d45/detection

191.101.130.198:2404

# Reference: https://twitter.com/wwp96/status/1632898079421505537
# Reference: https://app.any.run/tasks/00a4ec21-60e9-43bb-96d4-0cdcee47bca1/

207.244.241.149:2304
siigo.con-ip.com

# Reference: https://www.virustotal.com/gui/file/45b2d2ff27a08b400f0e149e5371c683b09963058ff52b5c395ab79ecf6de1c8/detection

181.128.79.6:2500
contificoseguro.con-ip.com

# Reference: https://www.virustotal.com/gui/file/22bad1da863df7a01a4313e5f1a78745c09154ae1cf841c5424a929dda8f96b0/detection

165.227.31.192:22507

# Reference: https://www.virustotal.com/gui/file/797decf73ca98e03c717e08d090b560561f7e8191d324075540fdf84f965ce94/detection
# Reference: https://www.virustotal.com/gui/file/06ec60aeabdb6fc13bac12c233f47973fc644a4c7ae5d94e9efdc8fcfcfb60ed/detection

178.73.192.3:4750
46.246.14.7:4750
46.246.6.11:4750
testfortest.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ac5715dbbb22286a1cc79fe33377cd2dcb71ac6ad5d876da8e938684e7d7cf8/detection

85.31.46.94:5050
valvesco.duckdns.org

# Reference: https://any.run/malware-trends/remcos

njxyro.ddns.net

# Reference: https://twitter.com/1ZRR4H/status/1637119841734651908
# Reference: https://www.virustotal.com/gui/file/6fe0fe1c59a8435b63996576a0f2d303be85d511a8daa8d0c593e633f602395f/detection
# Reference: https://www.virustotal.com/gui/file/10b447223e420c0ab76476d27e868f097ef36ccebbff81803d63c58f6da49748/detection

179.14.8.212:2550
quinto.con-ip.com

# Reference: https://twitter.com/AnFam17/status/1637885778691801089
# Reference: https://tria.ge/230320-wrtadagg7t/behavioral2

78.142.18.37:2404
xlongactive.su

# Reference: https://twitter.com/sicehice/status/1638571831727718401
# Reference: https://www.virustotal.com/gui/file/667bb5198e18e79b8dad7fa903cf92377c05b76716db89db92fff7b62c78b683/detection

141.95.16.111:2420
141.95.16.111:8080

# Reference: https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses
# Reference: https://www.virustotal.com/gui/file/37e6e8c41257b40d4f636227552fd2551123ada208dde4fd71ca34e8ec62cf92/detection

146.70.61.131:9150
217.138.195.19:9150
84.39.117.57:9150
hallowed247.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1640709439933276167
# Reference: https://twitter.com/petrovic082/status/1640709635182309376

chr15.shop

# Reference: https://twitter.com/jaydinbas/status/1643626557070536704
# Reference: https://www.virustotal.com/gui/file/44b446550f315e7eb407e4494373e0ed7ce6b808128b8eb8d06ec556aea7bdf1/detection

194.67.212.47:4050
cancercause.net

# Reference: https://www.virustotal.com/gui/file/3d4ffcd1cd594f452ad1c374933eea8dd36d21a6d01372cc7f1afc636d26fa72/detection

45.137.116.253:443

# Reference: https://www.virustotal.com/gui/file/fe0f85db302b99b7fc610f789839a31398c542abb4d229b94521ae5b16b7d3e7/detection

185.225.73.76:2397
nadiac7806.hopto.org

# Reference: https://www.virustotal.com/gui/file/678d3d4b1057a230e358c3b9b88eb2b5e7611e448427788cc6474ae9a0c19404/detection

212.8.244.201:3641
jovaneo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6ca5b31d744ce3575ff60c28f306225332138a098127b4bc8fc811a9c8c1680b/detection

185.225.73.58:18114
forwarding2023.ddns.net

# Reference: https://www.virustotal.com/gui/file/c918a2c1bcad3c73628eb57a95c5d6eb2011b377c110678efa6bbd7fb793a2be/detection
# Reference: https://www.virustotal.com/gui/file/a5d742db1490b373d8c421473b93779ec7d8a5e072b85d849de19b7fb9bcac52/detection

http://23.95.97.22

# Reference: https://tria.ge/230425-gegngsae4t/behavioral2

dfdagsdsag.con-ip.com

# Reference: https://www.virustotal.com/gui/file/717dab9464c35bda378df8f42ceb245e1b34152fe7a5b1cefa632927c6275732/detection

45.146.254.153:993

# Reference: https://www.virustotal.com/gui/file/68fb3a671a5874c2671d327dd9fa5c8b747418567f76f37338b3203d3211cbec/detection
# Reference: https://www.virustotal.com/gui/file/b1afbce51ad052f936b989214964d56e2290a7fb5548763273c1fc4382cd5c1c/detection
# Reference: https://www.virustotal.com/gui/file/e7dc51c8f8a75a1ea71894a8c624d1431362a4da4e297b30e183d41169e7b910/detection
# Reference: https://www.virustotal.com/gui/file/0072e60010ff8494c740d83551263eb547c50eee0d9bbf2425d36795ddcc4684/detection

185.126.237.209:2404
185.126.237.209:7060
212.87.204.98:443
217.61.105.139:7060
cartmort.shop
deflatetesting.info
huffmanresearch.info
infogzip.org
kallitredabbacaza.com
lzmaresearch.org
mjjalaperaba.net
snappyapiv2.org
understandlzma.org
zlibinfos.info

# Reference: https://www.virustotal.com/gui/file/34d301cbabff59f4c4206009bd832ef2e361d91d54c010208ae1bc1207da4596/detection

185.246.131.246:333
majjip22spbax.photography

# Reference: https://www.virustotal.com/gui/file/f9edc031e26e9d37e740acfd3739cc3f0a442bb14ec34d9b2ddbf79db56e073f/detection

mazzancollttyde.business

# Reference: https://blog.talosintelligence.com/threat-roundup-0421-0428-2/ (# Win.Dropper.Remcos-9998831-1)

kelikjoinset.freedynamicdns.org
noblegas.myftp.org

# Reference: https://www.virustotal.com/gui/file/e43e755e8b9f8b1f892cd081a7376af5aa3d89c23320758e80191910be0b3f0f/detection

45.74.19.83:2217
forve.ddns.net
forvegreat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ff8c79939cb030f093d795ddfb6b0a115c46bbe8c035fd22e895471b5bb5a83c/detection

2.58.56.250:57833
tcheck.cloud

# Reference: https://www.virustotal.com/gui/file/b6ba28cd7e6152eca49b060e78ae19121f9b3d4cb9c87743843a076d73f191a1/detection

194.55.224.106:2718

# Reference: https://twitter.com/reecdeep/status/1654432521822543872
# Reference: https://www.virustotal.com/gui/file/f35faa287ffeebfb47b1db14085b92a89ec76c958c3ec246a5a28dc8dbe825d5/detection

193.239.84.153:9184

# Reference: https://twitter.com/reecdeep/status/1655565717347893254

192.3.176.131:2404

# Reference: https://threatfox.abuse.ch/ioc/1119560/

135.181.139.172:2404

# Reference: https://threatfox.abuse.ch/ioc/1119749/

51.195.57.234:333

# Reference: https://www.virustotal.com/gui/file/8a8565e9dfb8f2907a18d68c64ca56dd0c581f585f796f6363270d14556003fc/detection

193.142.146.220:2404

# Reference: https://www.virustotal.com/gui/file/c296470f0a24955e74c6695312974b6f7b32b89147368e84804b47f76d5befa3/detection

134.19.179.211:30491
pekonomiana.duckdns.org

# Reference: https://twitter.com/Jane_0sint/status/1676557127211536385
# Reference: https://app.any.run/tasks/80e04690-c0c0-4bb7-91d3-5e4fb9d215be/

146.70.163.91:8716

# Reference: https://twitter.com/phage_nz/status/1676404211813355520
# Reference: https://tria.ge/230705-avk8aaaa84

138.199.38.132:62429
185.157.162.19:62429
194.32.146.132:62429
45.141.152.68:62429
46.246.34.52:62429

# Reference: https://tria.ge/230705-n2bt3sca74/behavioral1

172.111.140.79:9595
45.74.7.132:9595
salwanazeeze.ddns.net
salwanazeeze.duckdns.org

# Reference: https://twitter.com/dark0pcodes/status/1676396493412900864
# Reference: https://twitter.com/dark0pcodes/status/1681341586037260289
# Reference: https://twitter.com/dark0pcodes/status/1676969339944312834
# Reference: https://www.virustotal.com/gui/file/17f63115e8c161ad2ad85718404c2e3d59a181667ba6b89284c35887a443729a/detection
# Reference: https://www.virustotal.com/gui/file/8265efba54226248bfe4d5c721b8dea37978698b5bda7cb4a2b36cf081c81538/detection
# Reference: https://www.virustotal.com/gui/file/9a3371948a7d362e630c64fa0b8a418cbc86f446089b981f90a76bd259720795/detection
# Reference: https://www.virustotal.com/gui/file/b7682dee32d6c2e86b620114658dc2dc2359166952475cd25f32c434e416c432/detection
# Reference: https://www.virustotal.com/gui/file/b9a960653ff52f45aa18145f1b54f38e8a93a7b7e833315496d42c049cf5fece/detection
# Reference: https://www.virustotal.com/gui/file/b9aac3b32c9cd750aa7f32a8f80f52bbcc3addcea889ed1d428e0b48c6dcec90/detection
# Reference: https://www.virustotal.com/gui/file/c87444d30b44a6a6b939194458d6641c857efa879aa0a8ad762c6dbd5988f6ba/detection
# Reference: https://www.virustotal.com/gui/file/ce93fbd68e459ace2bacd467ffed18410d19e8d40c15f1b379b88179f7fa78d6/detection
# Reference: https://www.virustotal.com/gui/file/ea72af7a6311b86b7a9ff357e22c1c59bc77c95779825adf4a9d9608bbdcab12/detection
# Reference: https://www.virustotal.com/gui/file/eba7929ca243f8e567c43ed30cd31b0e1908d25c6cc0f5390a1c604c8e2360c4/detection
# Reference: https://www.virustotal.com/gui/file/cb0aa2943461630d7a199f770f588fc995dda412eb3fb1c615eedf1560871dbb/detection
# Reference: https://www.virustotal.com/gui/file/b9a960653ff52f45aa18145f1b54f38e8a93a7b7e833315496d42c049cf5fece/detection
# Reference: https://www.virustotal.com/gui/file/4c29b1a43b4155c751f29e263cdfa02b88df61d32547e2d21c7b5a6cff7bf3a0/detection
# Reference: https://www.virustotal.com/gui/file/b3ef1748be797764b40a79f5cf5dccf056466c007a18ee8259c6648cf75edba6/detection
# Reference: https://www.virustotal.com/gui/file/e25d8b0efeaaf2771d2a25b413b97e6c9c78ad66d48c33b03ed367901970f65d/detection

179.13.2.240:1011
179.13.2.240:2424
179.14.173.93:1011
181.131.216.115:1011
181.131.216.115:1011
181.131.218.17:1883
181.131.218.17:7770
181.132.132.53:1883
181.132.132.53:7770
181.132.143.185:1883
181.132.143.185:7770
181.132.143.37:1883
181.132.143.37:7770
81.132.143.37:1883
81.132.143.37:7770
181.141.0.230:1883
181.141.0.230:7770
181.141.7.178:1883
181.141.7.178:7770
aguardiente.con-ip.com
andresisaza.con-ip.com
anueljose.con-ip.com
apto777.con-ip.com
arrebatao.con-ip.com
bendito2.con-ip.com
benito02.con-ip.com
brayan.con-ip.com
bunuelo.con-ip.com
cactus.con-ip.com
carlosperdomoremser.con-ip.com
casa777.con-ip.com
casas.con-ip.com
crucero.con-ip.com
cx.con-ip.com
dominicano.con-ip.com
elbendito.con-ip.com
erjhbsdihbvihdsbisdjbv.con-ip.com
euro.con-ip.com
fgfdbdgnghbgdd.con-ip.com
gilbertosuarezrem.con-ip.com
ginebra.con-ip.com
graciasdios777.con-ip.com
groceria.con-ip.com
gvfrvnjiksnvodmvo.con-ip.com
hoysechichonea.con-ip.com
jfiusdgvusdbvisdguvb.con-ip.com
jhcdiucishcisdfs.con-ip.com
mandado.con-ip.com
moneymoney.con-ip.com
monito.con-ip.com
nidvhuidfnowossax.con-ip.com
olkmnbftyujbvfd.con-ip.com
palenquito.con-ip.com
paletas.con-ip.com
palma.con-ip.com
pandequeso.con-ip.com
parchado.con-ip.com
poderes.con-ip.com
prosperidad.con-ip.com
proteccion.con-ip.com
republicabolibariana.con-ip.com
ricardocuetoren.con-ip.com
santiagocervantes.con-ip.com
sdfjowdjflkdsmfijdscpkpkjkjaa.con-ip.com
sdfvisdbiusdjniudbciu.con-ip.com
sdhbcsidhvosdhv.con-ip.com
suigciacishcucidba.con-ip.com
televisor45.con-ip.com
uribetc.con-ip.com
uyfijbuhvuyguhjvuyhuhbg.con-ip.com
viushhirbhudsgcskjdcnos.con-ip.com

# Reference: https://www.virustotal.com/gui/file/29cbb0d27bbc787365e8c2aa11205b0218a178eda781bca644f8c77e55ad03c7/detection

149.102.243.187:2226

# Reference: https://www.virustotal.com/gui/file/9be6accc4b6d1235258499496f8be06d8ed5a286cc93547cbbb863f42d5ea612/detection

192.119.108.74:6120
wudthost.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1267ceb4db62b39b163313547e169954e55f31be5aa5aec84c0ada071a636adf/detection

173.44.50.86:8091
soatfebrero.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1ccc7e57074fb432d2de187fca944ac480e5b2ad68ad7cc52388e3381990396/detection

191.89.247.6:4404
5junio2023.webredirect.org
5junio2023.webredirect.org.ovh.net

# Reference: https://www.virustotal.com/gui/ip-address/52.152.223.228/relations
# Reference: https://www.virustotal.com/gui/file/094211e442816ff11e5eb8079cc59a26ac41aa54ba00ef9ebbaef994b9c00e03/detection
# Reference: https://www.virustotal.com/gui/file/f4d0a2a3b982f0f926b6a4bfda48569162b14fe878913fe3f0eac91a43b6ff8e/detection

http://52.152.223.228
52.152.223.228:2225
newforting.duckdns.org

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/GuLoader/GuLoader_From_lnk_to_Shellcode.txt

194.187.251.91:12603
banifabused1.xyz
banifabused2.xyz
randomlybackup.duckdns.org
sub1.banifabused2.xyz
top1.banifabused1.xyz

# Reference: https://www.virustotal.com/gui/file/26b6c0a48df8f13ec145995daecdd670d35e5d0e09bac3c3a703a60e753aa1ba/detection

plunder.ddnsguru.com

# Reference: https://www.virustotal.com/gui/file/9f99648517b9f710d70c90aebcf84a8581c894be7e5c04684a2ba4e032d490e1/detection

102.36.149.129:37542
213.152.161.133:37542
claudia7363.ddns.net

# Reference: https://twitter.com/ULTRAFRAUD/status/1677403656587542528
# Reference: https://www.virustotal.com/gui/file/3c2e2530e0fb0773264c08c6e972b7ac271bce223d74f28f83d97b998b7d5cb3/detection
# Reference: https://www.virustotal.com/gui/file/f46cce95f74f08a3f703f1b1e3486c6572478ceb138f37134bd6dab427a3fd8e/detection

http://153.92.126.196
153.92.126.196:7060
marketisportsstumi.win
tempshsavesprt.info

# Reference: https://www.virustotal.com/gui/file/9785533cb7602ad9249482ae31cdb142e4d98e92725cfba370e4577680f5d8b1/detection

153.92.126.196:333
clothingappspalreta.net

# Reference: https://www.virustotal.com/gui/file/e5ab5323642a757a76dd39f0940c9215123051226a560c7ebdf76a5544505854/detection

51.195.57.234:555
kaliinuxnowwdangerou.org

# Reference: https://www.virustotal.com/gui/ip-address/153.92.126.196/relations
# Reference: https://www.virustotal.com/gui/file/25fdcfc2b1a92dce0e2162a43e29a9068c1e3d1849aaf48f9961a815be24a0f5/detection
# Reference: https://www.virustotal.com/gui/file/c9d48368b1cc7976aea7afb8f7e9318469b8c7b176113602a0a8716f2c0c77e1/detection
# Reference: https://www.virustotal.com/gui/file/24ed9643b8e4736cd3efad36802f69380d7e67a36259be6a461dbde4b0cb4bc2/detection
# Reference: https://www.virustotal.com/gui/file/555624bc6b20024f54c2065d552fd8fd448daa83578a472b7a231c58e0277d33/detection
# Reference: https://www.virustotal.com/gui/file/6b23e539caad82b0b090dafe09ed7dd61ffbf6874e1b8da30551594fdf46f33a/detection

153.92.126.196:1212
38.146.57.60:2404
akakilapphasrespsp.com
caddimilopidelphsimpl.de
ippallsmenremrmc.photography
kerlamaabramsurf.com
malsfedgortrtza.com
mastrrokiakivasai.com
mmnedgeggrrva.com
nikecostanzo.com

# Reference: https://www.virustotal.com/gui/file/75145be95746fcb54ef093b665cc7dcfb1cdfc7e6455dd271b1326b1543bbe16/detection

http://91.244.197.9

# Reference: https://www.virustotal.com/gui/file/ca5ababc4dace1fe81f11aab44e3939447f7946cf2fcac509d2d159f1707aeb1/detection

139.84.139.29:2324
newyearrem.myftp.biz

# Reference: https://www.virustotal.com/gui/file/eb27c48c3d4219fdfb2143fadcc021728c7969bd34fe731b2b17c0469766711f/detection

70.34.197.90:2424

# Reference: https://www.virustotal.com/gui/file/dcd26e9ef9f50646f285a1b577e077cf2d0d33d0c7eab174034fee6f33a234d9/detection

http://103.10.68.110

# Reference: https://www.virustotal.com/gui/file/190b66d218ef0d0b69b6b27cf99a62fffe29139d6f00592bede76928c9f79102/detection

172.111.167.143:3119
mexbar.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4424663695e9749f70cf73c587c910202344b18aa86144ca748aede28239a13f/detection

179.13.3.110:2021
newsestrenos1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8b6a909110ca907eb279cfb8f6db432af5564263e49c6982001b83fcffe04c07/detection

154.12.254.215:57832
rxms.duckdns.org

# Reference: https://twitter.com/AnFam17/status/1682446732565643265

94.142.138.111:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-07-23)

103.212.81.154:1940
103.212.81.155:54984
103.212.81.159:3422
110.34.102.159:2404
134.195.139.199:2404
141.95.84.40:2407
141.98.6.232:2404
141.98.83.15:5750
146.70.158.105:9138
153.92.126.194:2404
153.92.126.196:80
154.53.41.212:2404
157.90.206.40:2404
161.97.64.199:2404
172.93.222.140:2404
173.208.140.44:2404
173.243.112.4:2404
176.124.215.147:2404
178.162.212.214:9625
179.13.3.110:1520
185.228.72.156:2404
185.29.11.109:2404
185.56.83.208:2404
185.65.134.188:55433
188.191.106.233:2404
188.72.124.143:7902
191.89.243.236:5151
191.89.247.6:7778
192.154.224.110:2020
192.3.193.40:2404
192.3.193.42:2404
192.3.223.132:2404
193.142.146.203:2404
193.203.238.136:2404
193.23.3.15:32676
194.147.140.144:1993
194.147.140.166:1987
194.147.140.226:55433
194.147.140.226:55434
194.233.72.56:2404
194.59.218.165:2408
194.59.218.181:2404
194.87.151.52:5072
2.59.255.202:2404
2.59.255.57:55433
2.59.255.57:55434
212.193.30.230:6873
212.87.204.153:4100
217.182.15.139:2055
23.227.196.61:8957
24.152.37.94:2404
2peoples.duckdns.org
3df331cc64cdbb3097dc08c5e68b1ed06209dfc0f1eddf6570.crusherx1.sbs
45.12.253.190:35789
45.67.231.82:2404
46.246.6.9:1998
5.253.114.108:2022
51.210.170.199:34087
54.36.226.161:2404
54.37.140.61:2404
54.39.30.229:2404
54.39.36.52:48331
79.124.8.44:2404
80.66.75.116:4567
80.66.75.129:3719
80.66.75.172:2792
84.38.130.197:2404
84.38.130.200:2404
84.38.133.134:32676
85.206.161.12:2404
85.208.139.146:2404
85.208.139.242:2404
85.217.144.119:4031
85.31.44.129:37782
87.121.47.123:43055
87.121.47.123:43077
91.192.100.10:11010
91.192.100.49:32676
91.245.253.46:8709
94.142.138.111:5701
95.214.27.194:45060
b6079658.sytes.net
churchboy19.ddns.net
churchboy2.ddns.net
churchboy9.ddns.net
colukas37.ddns.net
crusherx1.sbs
favor-grace-fax.home-webserver.de
hasperion.kozow.com
mikepedro207yyyxx.ddns.net
mikepedro208yyyxx.ddns.net
mikepedro209yyyxx.ddns.net
monarkpapes.com
pekonomia.duckdns.org
pentester02.duckdns.org
plunder.dedyn.io
plunder.duckdns.org
plunder.dynnamn.ru
plunder.jumpingcrab.com
pops.mastercoa.co
rnnfibiteammony.duckdns.org
supremeswitchgear.com
twyfordtille.com
wealthyblessed.ddns.net

# Reference: https://www.virustotal.com/gui/file/889008d2491e5f92d86a36cd32374eee10e745cc310bd97b23ca17c0735bb061/detection

180.214.236.46:4848

# Reference: https://app.any.run/tasks/b40d702a-4dd3-42c5-a629-70e037ecfe31/

closen.kozow.com

# Reference: https://threatfox.abuse.ch/ioc/1140214/

23.106.60.117:7719

# Reference: https://threatfox.abuse.ch/ioc/1140174/

194.180.48.209:32676

# Reference: https://www.virustotal.com/gui/file/a780671fb8843df86eb6d9a17080a3dfe3caffc2a7ab3d19f5f60025f4e064bb/detection

181.142.211.88:7476

# Reference: https://www.virustotal.com/gui/file/a88132c9eaaae224c518e6bd900b5708850939dcdb65310e06e513a72424db07/detection
# Reference: https://www.virustotal.com/gui/file/92e494319d7ee8a055f2fb64bd5f3ed051877289a0948f1e53b485799613b16b/detection

191.89.247.6:6663
191.89.247.6:6669
remcosamarre.duckdns.org

# Reference: https://tria.ge/230726-d7lw5aha75/behavioral2

192.161.184.21:24050

# Reference: https://www.virustotal.com/gui/file/c7003a9e7e9919888c9a190ec5079c1c92d0fed2a1efc13391935b3f853ddd99/detection

185.174.101.152:2025
192.161.184.21:2025
pegasasufantasydaremogayumemirujiyoutoiutsubasahir.lat
powerdatabaseresearchworkproofficial.online

# Reference: https://www.virustotal.com/gui/file/bb0c54caf772dc967438e03e5944923da6c8ae1c0f01e14e6ce6d9f9d94f7ffe/detection

186.169.74.57:1992
powerstation2021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ecddd8cc1dcf63ad1d437df18a17048db818922f26911273ab5c2534fb2977bc/detection
# Reference: https://www.virustotal.com/gui/file/bc560f1b389e01878838e3d66f72c275e2d30c95b9a3e5b68af4ee8e71f0008e/detection
# Reference: https://www.virustotal.com/gui/file/a7b85993bb6145e1a3afcfea61b6a07c5faddc9124dd395d08ad168bdf7cff6d/detection

181.235.11.105:2404
186.169.45.193:2404
rpower2021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9acd14f51f44097e8f00ff0bf413ffdd856c2d7d762064843040a2cde4df3f60/detection

91.109.190.6:2404

# Reference: https://app.any.run/tasks/b9b1eeeb-a7f8-4abb-8dcc-712b9403499c/

http://212.192.219.52

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-07-31)

134.195.139.194:2404
194.59.218.152:2404
52.152.223.228:8887
80.76.51.205:6262

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-01)

194.180.48.113:1190
20.231.24.237:2368
66.63.163.71:6371
69.61.31.254:2404

# Reference: https://www.virustotal.com/gui/file/8c4bc6ed9991809c5bd70ebd6b31ac467b7a994e023f4442a1330f97d8b7181b/detection

185.195.237.203:57703
remcacount.co
verem.remcacount.co

# Reference: https://www.virustotal.com/gui/file/68f90e7cd6f81bcd548c046cfaca36e766da7fdcdddf286ef769c30062fde895/detection

185.195.237.203:3924
213.170.203.31:3924
ghostboy.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/929ef989b79b634cfbef7c4e8543351fa1c3560aec13e8c8f374298ccc5f947b/detection

208.67.107.168:8117

# Reference: https://www.virustotal.com/gui/file/152c6aa91bc274a0662811c5671f952e44f4f0c72378f667d91a9b4c93a5e4c8/detection

177.255.89.162:2450
iess.con-ip.com
microsoftteams.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.50/relations
# Reference: https://www.virustotal.com/gui/file/98962f488c06605ff276ae7fc49e494635ff1a7b250bffdfb080450ad99c0863/detection

79.134.225.50:5901
anonymous149.duckdns.org
anonymous149149.duckdns.org
breadashetypoccu.hopto.org
coretes.duckdns.org
donp007.myq-see.com
hostlogsadmin.duckdns.org
indaboski.myq-see.com
kaseganbetturio.serveblog.net
kingsdoggy12.hopto.org
kipluterndern.hopto.org
nanocoredt.dnsupdate.info
nassiru1144.ddns.net
uchcn1.hopto.org
vijhantegamedforsea.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1148526/

104.223.35.34:2404

# Reference: https://threatfox.abuse.ch/ioc/1149033/

79.110.49.161:3343

# Reference: https://twitter.com/reecdeep/status/1688812981881077760
# Reference: https://app.any.run/tasks/74fdd4a4-643c-4b62-804b-b62582bcc3da/

172.93.161.245:2404

# Reference: https://threatfox.abuse.ch/ioc/1149111/

178.32.90.242:2550

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-08)

103.212.81.155:3960
194.147.140.213:11011
83.143.245.51:9625

# Reference: https://www.virustotal.com/gui/file/05eab1bf6d6b027055dca440bc4b4470494e33da814a1054e3717a229b30eb0e/detection

91.193.75.133:2815
zion6.ddns.net

# Reference: https://www.virustotal.com/gui/file/71db98626b734cd458a6b030f3aeb6c21153828c9c7d1fb8e319b84acbebc3c6/detection

91.192.100.8:5000
dilshadkhan.duia.ro
dodotyhsga.webhop.me

# Reference: https://www.virustotal.com/gui/file/b6369cfca020a432a0f51d4df317ccaf01637ecc33cbfe9568c6846500ff06ca/detection

91.193.75.173:8978
geo23.ddns.net

# Reference: https://threatfox.abuse.ch/ioc/1149223/

167.114.189.33:2404

# Reference: https://www.virustotal.com/gui/file/fb46515be4c07cc1e9eeaf83a86c929bd3aa2c348e808e34aec6d5c35a542c93/detection

moneymagnetjoe.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7c97b878e4ada40db957c8a46c7abfa4480dd333ceb788c646a8f493ae78ccfb/detection

172.96.14.57:2404

# Reference: https://www.virustotal.com/gui/file/7c97b878e4ada40db957c8a46c7abfa4480dd333ceb788c646a8f493ae78ccfb/detection

172.96.14.57:8925

# Reference: https://www.virustotal.com/gui/file/cf39a14a2dc1fe5aa487b6faf19c63bc97103db670fa24c62832895e3002eca2/detection

23.172.112.72:2404
binccoco.com

# Reference: https://www.virustotal.com/gui/file/b8eadca25ba0999b19226d5d8e72f93c4287fbb21016a3924e1c11b694d4eb23/detection

177.255.88.161:8787
dvdvalle123.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1149526/

64.188.19.202:1604

# Reference: https://threatfox.abuse.ch/ioc/1149680/

45.74.19.42:6420

# Reference: https://www.virustotal.com/gui/file/cc467d30cee2dfa02e936f81d0b06feb97ac3638b95acc20c02cbec8d912d08e/detection

194.5.98.154:1366
bishoprem.duckdns.org

# Reference: https://tria.ge/230812-kt3faaah99

178.73.218.4:8645
kizitodavina.duckdns.org

# Reference: https://twitter.com/TrackerC2Bot/status/1690785548779048960
# Reference: https://www.virustotal.com/gui/file/7fd1e285f1e5ce2a63513d7122f54b4c02bec1645aab6ae3b74139a60805bd4c/detection

http://192.210.255.48
192.210.255.48:2404

# Reference: https://www.virustotal.com/gui/file/c8fb06e6a2f7cba53be925434e39e1a829db4e9c569d8b5dff71142772646e3e/detection

194.68.59.44:9074

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-14)

194.68.59.44:9074
205.234.181.73:2404
23.19.87.242:1987
67.21.81.85:1481
ojfoidjfoijdijlkjoosodkjjjdc.con-ip.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/remcos_banca-sella_14-08-2023.json
# Reference: https://www.virustotal.com/gui/file/50f3db3dc8ef4ee255514877f5715d26d1838699cf80d057cd046c4ef1ffb6b2/detection

172.96.14.58:9181

# Reference: https://www.virustotal.com/gui/file/4f138cd5c06d63316037e0622fa6c9e91a6798c78a45730777296c332dc4b98c/detection

177.255.88.161:1214
newrqas1.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-15)

191.89.247.6:3078
191.89.247.6:7811
disenospublici.info
procesjudicial2.duckdns.org
servicios.disenospublici.info
tttmundo2022.eastus.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/6291532d8a12896b5213e468896e222ca6c112b977d53c6a0a61cd78a3ee7535/detection

172.111.167.99:9596
exbanebiec.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-18)

192.154.229.70:20911
agent.servegame.com
rainbow-industrie.com

# Reference: https://www.virustotal.com/gui/file/e63794351a4cbd5a14a5dd264911b5e2ce21020b48eeba7d3fee00e8e55990e6/detection

52.152.223.228:3232

# Reference: https://www.virustotal.com/gui/file/c54af7e24215edadf540270b25f677432314d8520f4aaec234b9b5769476fd7d/detection

forevertwon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5a65eed2b91a9ee3b27f23be09c38d26dda9c0d7bbbf4582c4a0c8429f70b139/detection

191.89.247.6:8887

# Reference: https://www.virustotal.com/gui/file/91741818480b13eaac1d5547b488142fe2df86b8eb51b62b31acbfd5fef53f47/detection

deidf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac3a6ad13ede048573f561b04558c5b3e0e84a2a4af280b559794087018e369d/detection

191.89.247.6:2254

# Reference: https://www.virustotal.com/gui/file/13eaaf9262a1e2779f91d6cd71b0eab1dcf04407cbb55efec7bf4444a9b4e7a2/detection

181.49.85.74:5507

# Reference: https://www.virustotal.com/gui/file/df8a82e384952b608508a0decd8adfabf4903bb4474b86063b1ad4fbb1870c01/detection

80.66.75.40:53777

# Reference: https://www.virustotal.com/gui/file/e45afde600fe6309191801a04d60dc61f43a74347de9cafc042c2ff579a69b89/detection
# Reference: https://www.virustotal.com/gui/file/2e35fdc17438371969bd8c8474ee720827aca8bcd7f7c8b69fbeaff2ea8e8418/detection

81.141.1.122:7770
graciiasdios777.con-ip.com
multitud.con-ip.com

# Reference: https://www.virustotal.com/gui/file/6460ce4d46ea972d0296bfbfd2315b2686021380c4d22ceb0c0a987faa749fd4/detection

185.225.75.245:2404
185.225.75.252:2404

# Reference: https://threatfox.abuse.ch/ioc/1151083/

192.210.255.48:1070

# Reference: https://www.virustotal.com/gui/file/d986c4d64650cdbb34bfbe5133846627db098f37f6c757d615f511d5a794507a/detection

/00O0o0O0o0O0o0O0o0o0000o0Oo0o0o00O00000o000000##############00000000##############00000000000.doc

# Reference: https://www.virustotal.com/gui/ip-address/103.212.81.154/relations
# Reference: https://threatfox.abuse.ch/ioc/1151365/

103.212.81.154:2404
larforce.duckdns.org

# Reference: https://twitter.com/r3dbU7z/status/1667228091792474115
# Reference: https://twitter.com/ULTRAFRAUD/status/1693384923216781384

http://193.56.28.104
193.56.28.104:443
193.56.28.104:8080

# Reference:  https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-22)

208.67.107.123:8787
46.21.250.36:7722

# Reference: https://twitter.com/reecdeep/status/1694328059694924061
# Reference: https://www.virustotal.com/gui/file/ce7d8dc35f50388ccfdbfed28b7547148e1fdd9e9fcae25782ff74df865e9ede/detection
# Reference: https://www.virustotal.com/gui/file/507600ed1125b37a165b5f10812838fa648437734d92cd313406f35384c013bc/detection

85.209.134.253:6991
macudok.ydns.eu

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-08-24)

163.123.143.32:42199
163.123.143.32:43991
194.147.140.242:1998

# Reference: https://threatfox.abuse.ch/ioc/1151965/

194.180.48.209:2555

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-04)

103.212.81.155:2404
103.212.81.160:2404
163.123.143.99:34771
193.42.32.237:2404
212.23.211.238:27009
37.139.129.251:2404
80.66.75.86:1234
94.156.6.253:2402

# Reference: https://www.virustotal.com/gui/file/047357fcec6a30308870dcd1f11647c39d775634115d1ad354e1923f81cab20b/detection

212.23.211.238:27999

# Reference: https://www.virustotal.com/gui/ip-address/179.13.6.226/relations
# Reference: https://www.virustotal.com/gui/file/6d69abf704c0ac0c71d7d35cc0eaa5b0ba230b7538ee159ad415b06798143c33/detection

179.13.6.226:7171
xboxoner.duckdns.org

# Reference: https://www.virustotal.com/gui/file/50360abbc508d169cda7d1a79ad2032827b553f0b9ed82c7b1609d074c20a112/detection

179.13.6.226:7000
r3mk05.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e42e3d351d20756f3606d5aa7650bc4ed7743b121c49991daa1e7f96769ddb48/detection
# Reference: https://www.virustotal.com/gui/file/a53d11281e99e8c8a4d0ff272ffd32a43e20e5717e484587788060c71795d9da/detection

103.212.81.157:6609
91.193.75.175:6609
moremoney.myftp.org

# Reference: https://app.any.run/tasks/e7008e71-f53d-42cc-a3bd-b5c7fba70cb9/

46.246.84.10:8645

# Reference: https://www.virustotal.com/gui/file/7a5efa51ae71f8a93dfb88504f5941bb7e46ea3b7b7c1859b8257d84106ee1ea/detection
# Reference: https://www.virustotal.com/gui/file/6af592562ba2e19500b7b633fca1b43423c9360e77eda5537d5f6581765057b3/detection
# Reference: https://www.virustotal.com/gui/file/51752f36f49ff0474ae8ca302ab8e4fd1e195879bcaaf5124d655cecdf4867af/detection

116.203.194.248:2404

# Reference: https://www.virustotal.com/gui/file/fa3cdd8db1e4f8076d405cac16edca8e60c62f08d84c3c2f1e9e9051f5b176e3/detection

181.141.2.24:1213

# Reference: https://www.virustotal.com/gui/ip-address/181.141.3.139/relations
# Reference: https://www.virustotal.com/gui/file/7142b07a5e390f5f22692ce44476cd929d480960cd5cab08441ac94dd6087b10/detection

http://181.141.3.139
xamppsostener.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b58c136a19f5fb1d32d05d11a29f61dca14dffd87dbb81667bd6c66e3613b424/detection

backupjuly2022.ddns.net
backupjuly20222.ddns.net

# Reference: https://www.virustotal.com/gui/file/ed3d534a29859ec5904d1aae4fedc936310a0d92bb69fde1f2770b9bda780822/detection

194.5.98.213:1356
chimarem.duckdns.org

# Reference: https://www.virustotal.com/gui/file/01d67a61839330c6b6668f4e0df2b3d04c9d7ac0c2324eaa5d8e7f23e7439f95/detection

backupmi.ddns.net
frspeed.ddns.net

# Reference: https://www.virustotal.com/gui/file/fb6d878a160b6b646fe4e351238ad28f89281ecc811408b3951715d9b4e37019/detection

52.167.50.75:2404
jessen.hopto.org
jessen.myddns.rocks
jkharding2014.ddns.net
kellyben.hopto.org

# Reference: https://www.virustotal.com/gui/file/f0bea0b603315d014b05dee779470561705b73652f78d68e0341d83a9c3ce5f9/detection

154.12.233.76:2404
mynewfresh.ddns.net
mynewfreshmynow.ddns.net
mynewfreshtop.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc64e03c49f09e0f6fca9109b7c3097ba4415811b78b494c29c2057cabe68bdb/detection

reneelauto.ddns.net
reneelauto.dynu.net

# Reference: https://www.virustotal.com/gui/file/e44b2eb94b410b772fb9fbb4d41b1b3c51fe45e5fe755f21aefc3e029c0fd81c/detection

154.53.45.198:2404
retsuportm.ddnsfree.com
spreadrem1.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/60a3f6763fe980edbf7b492bde61ff253acfd8669c5c23080abb837ae2661744/detection

5.193.9.10:1754
tonymario.chickenkiller.com
tonymaris7342.ddns.net

# Reference: https://www.virustotal.com/gui/file/849a8a4eaa862bfc02805bfd35560d592c6b8a6c295f77da2aa1e0d49219d3bb/detection
# Reference: https://www.virustotal.com/gui/file/77f413c1323f7953e51210235dbf3051e45efed9c2bd8a7984f4a257d5fc38a5/detection

194.147.140.199:3030
194.147.140.212:4045
ascoitaliasasummer.duckdns.org

# Reference: https://www.virustotal.com/gui/file/26cae4cdeef032aea2bd4ea1c5b88fbfb876bb3dd35a54076356195969fe3611/detection

109.206.243.174:6110
b6079658.sytes.net

# Reference: https://www.virustotal.com/gui/ip-address/179.13.2.154/relations
# Reference: https://threatfox.abuse.ch/ioc/1155570/

179.13.2.154:8000
agostodosgad.duckdns.org
bdios8877.duckdns.org
cocomelon27.duckdns.org
dia16mayoje.duckdns.org
diosestaconmiugo.duckdns.org
eduardoestevex.duckdns.org
enagostoestb.duckdns.org
envio7sep2023.duckdns.org
esteesasyn.duckdns.org
esteesmider.duckdns.org
estemesesdedios.duckdns.org
estwrmessol.duckdns.org
lostermas.duckdns.org
mairoester.duckdns.org
marquesosa3.duckdns.org
parahotmejor.duckdns.org
parajulioped.duckdns.org
paraprobares.duckdns.org
quasintiner.duckdns.org
renvosdtutu.duckdns.org
servernjnuevo.duckdns.org
sientosmilter.duckdns.org
somosdecall.duckdns.org
todoparadios.duckdns.org
vamosaverc.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-08)

179.13.3.111:2449
194.147.140.232:6609

# Reference: https://www.virustotal.com/gui/file/f5d707c704a60d1578d0b00f656477eda9b5dbfa440466660bfd92aff363625d/detection

179.13.6.226:9520

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/821297856b7676b60ce6a3350c747efde9e09d94

http://192.169.7.142
http://54.219.186.60
http://88.218.16.126
101.99.93.158:5050
101.99.94.41:2704
103.114.104.136:2404
103.114.106.35:5585
103.114.107.184:20903
103.133.109.176:5456
103.147.184.15:3031
103.147.184.53:4041
103.147.184.53:7070
103.151.124.64:2244
103.151.125.125:1991
103.153.77.83:20901
103.153.77.83:4348
103.156.92.178:1010
103.156.92.178:7006
103.167.84.15:5004
103.167.84.35:2705
103.211.55.190:2404
103.212.81.155:1605
103.89.88.238:3322
103.89.88.238:4292
103.89.91.236:6399
103.99.0.229:2404
104.128.188.243:2404
104.128.188.37:4049
104.128.188.37:5049
104.129.0.106:1989
104.156.238.13:2468
104.207.150.47:2010
104.223.83.103:2022
104.254.90.243:5481
106.54.105.135:2404
107.172.196.134:4100
107.173.219.35:7789
108.174.197.5:5050
109.169.89.116:2021
115.186.136.237:9999
134.19.179.235:8908
134.209.47.156:6664
135.181.140.182:4783
136.144.41.64:2404
136.144.41.64:4675
136.243.153.76:5851
137.74.176.164:1960
138.199.38.132:63560
139.162.67.184:2404
139.64.246.192:444
141.95.84.40:3035
141.95.84.40:4010
141.95.99.22:3001
141.98.83.219:59245
141.98.83.220:24044
142.93.185.195:1999
144.217.68.78:2404
144.217.68.78:3000
144.217.68.78:4040
144.91.123.87:3033
144.91.79.86:4444
144.91.79.86:4783
146.255.79.163:183
146.255.88.199:2286
146.59.156.137:54985
146.70.149.22:2404
146.70.61.147:5481
147.124.221.3:2404
15.235.53.10:3099
15.235.53.10:3111
15.237.137.33:2404
151.106.15.158:4040
151.237.185.211:4681
151.237.185.211:7279
151.80.8.17:1715
154.16.63.197:3360
154.16.93.185:192
154.53.43.207:1905
156.96.59.29:2406
158.46.19.240:2404
159.203.16.166:2777
159.69.9.118:1572
160.116.15.132:1337
160.20.147.120:2404
161.97.180.213:45265
162.218.211.157:8780
162.245.190.35:2404
162.55.210.243:8888
163.123.143.162:45002
163.123.143.162:45200
165.227.31.192:22826
167.88.2.172:2050
167.88.9.73:2035
167.88.9.83:2050
171.22.30.7:5578
172.111.141.64:5888
172.111.153.101:5888
172.111.153.167:2404
172.111.165.135:2023
172.111.165.44:3030
172.111.200.225:8069
172.111.222.165:3030
172.111.234.10:8088
172.111.234.167:3389
172.245.244.102:3310
172.81.129.208:2012
172.81.129.208:8110
172.93.161.248:2404
172.93.161.25:2404
172.93.164.188:1980
172.93.164.35:3774
172.93.187.66:1642
172.93.201.114:1960
172.94.44.202:6606
172.94.88.13:5888
172.94.88.26:3033
173.209.43.16:2404
173.46.85.173:2017
174.128.224.81:33
176.111.174.14:20004
176.113.115.26:8080
176.123.9.138:5855
178.124.140.143:137
178.175.138.219:200
178.18.247.224:45265
178.20.44.131:2404
178.20.44.131:2405
178.20.44.131:2406
178.238.229.54:24311
178.239.21.194:9912
178.32.72.136:1440
179.43.144.204:62520
179.43.187.23:7711
18.218.132.40:2404
181.58.154.181:2224
184.164.77.132:49151
184.164.77.132:54155
184.175.243.180:5050
184.75.209.172:33878
184.75.221.115:5639
184.75.221.171:5129
184.75.221.171:6159
184.75.221.43:46327
184.75.223.203:2678
185.103.96.143:5129
185.103.96.143:6159
185.103.96.151:6698
185.104.184.43:5129
185.104.184.43:6159
185.105.236.179:1952
185.111.75.200:1339
185.121.139.61:2403
185.125.205.91:9727
185.136.171.240:4044
185.140.53.131:4876
185.140.53.136:1818
185.140.53.136:42866
185.140.53.139:8153
185.140.53.13:6649
185.140.53.13:7045
185.140.53.148:1011
185.140.53.152:6890
185.140.53.153:2404
185.140.53.154:8760
185.140.53.163:3362
185.140.53.163:3363
185.140.53.163:6890
185.140.53.178:2404
185.140.53.17:9955
185.140.53.188:7809
185.140.53.190:7172
185.140.53.192:1011
185.140.53.197:1011
185.140.53.200:1987
185.140.53.203:1866
185.140.53.209:1990
185.140.53.233:2021
185.140.53.233:5588
185.140.53.238:1990
185.140.53.239:1988
185.140.53.239:2244
185.140.53.242:2977
185.140.53.4:4380
185.140.53.4:6645
185.140.53.4:7070
185.140.53.4:7289
185.140.53.4:9955
185.140.53.5:3234
185.140.53.5:3849
185.140.53.5:6642
185.140.53.68:3024
185.140.53.69:1122
185.140.53.6:909
185.140.53.9:3007
185.145.45.150:4445
185.148.241.49:1948
185.150.24.39:1011
185.150.24.48:1011
185.157.162.100:49151
185.157.162.19:63560
185.157.162.75:1212
185.157.162.75:2222
185.157.162.75:62186
185.158.115.38:5007
185.158.115.38:5012
185.158.115.38:5019
185.158.139.201:39790
185.161.209.247:5329
185.162.88.44:5500
185.165.153.151:2244
185.165.153.15:6642
185.165.153.177:4323
185.165.153.195:7204
185.165.153.199:27835
185.165.153.214:1011
185.165.153.215:6608
185.165.153.25:8970
185.165.153.27:6768
185.165.153.68:1988
185.172.111.213:27015
185.172.111.229:27016
185.174.40.32:3606
185.189.112.19:5481
185.19.85.135:4509
185.19.85.135:7171
185.19.85.137:10029
185.19.85.141:8855
185.19.85.168:1723
185.19.85.171:2055
185.19.85.174:1999
185.19.85.179:2021
185.19.85.179:2244
185.19.85.182:8078
185.202.175.170:2404
185.202.175.219:4110
185.204.1.236:7777
185.204.1.237:2404
185.208.211.221:3618
185.208.211.226:2333
185.215.113.102:2404
185.215.113.102:666
185.220.35.18:2404
185.222.57.217:1190
185.222.57.217:8780
185.222.57.90:8780
185.222.58.136:8787
185.222.58.152:8780
185.225.74.210:8890
185.234.216.209:3284
185.239.237.197:443
185.244.26.194:11990
185.244.26.204:26500
185.244.26.208:29100
185.244.26.217:2704
185.244.26.241:1989
185.244.26.244:5888
185.244.26.247:1919
185.244.29.165:2404
185.244.29.174:73
185.244.29.195:1991
185.244.29.241:5689
185.244.30.100:20902
185.244.30.101:1990
185.244.30.140:2021
185.244.30.148:2244
185.244.30.18:6642
185.244.30.207:1990
185.244.30.27:2021
185.244.30.28:8780
185.244.30.56:1900
185.244.30.69:1515
185.244.30.90:2244
185.244.30.93:6553
185.244.31.10:1414
185.244.31.251:2423
185.244.31.74:6666
185.246.220.63:2404
185.247.228.253:1998
185.29.11.26:2404
185.29.8.102:773
185.29.9.111:2297
185.29.9.113:7790
185.29.9.125:2404
185.4.29.184:137
185.4.29.184:162
185.62.190.232:7680
185.62.86.145:42024
185.7.214.157:666
185.82.217.154:2845
188.116.40.77:6868
188.127.231.93:2404
188.246.224.154:3284
188.72.124.143:2855
188.72.124.143:2858
189.34.60.225:3333
191.101.22.136:9074
191.101.22.196:2409
191.101.30.16:4444
192.121.87.11:1118
192.152.0.60:1994
192.210.133.19:4042
192.3.141.183:61769
192.3.141.183:8078
193.105.134.94:2728
193.111.198.220:5861
193.111.198.220:5862
193.142.59.6:9494
193.142.59.76:5689
193.142.59.76:6322
193.161.193.99:40488
193.161.193.99:50422
193.188.22.165:2406
193.188.23.26:2121
193.47.61.225:47501
193.56.28.39:2211
194.127.178.68:2404
194.127.179.121:5002
194.147.140.146:8951
194.147.140.251:4952
194.187.251.91:5123
194.26.135.44:2404
194.26.135.44:3891
194.31.98.58:2404
194.31.98.67:2404
194.32.146.132:63560
194.34.132.153:5624
194.36.111.59:5639
194.40.242.22:3404
194.5.212.11:666
194.5.97.103:1011
194.5.97.116:6666
194.5.97.12:30100
194.5.97.14:6645
194.5.97.155:2021
194.5.97.159:7809
194.5.97.174:1990
194.5.97.18:6642
194.5.97.206:2556
194.5.97.209:7743
194.5.97.232:3737
194.5.97.247:1919
194.5.97.27:1988
194.5.97.32:5890
194.5.97.48:2404
194.5.97.66:1840
194.5.97.70:2404
194.5.97.73:6890
194.5.97.90:1234
194.5.98.100:1988
194.5.98.155:3330
194.5.98.171:60009
194.5.98.178:456
194.5.98.202:2404
194.5.98.203:1988
194.5.98.21:23411
194.5.98.21:2657
194.5.98.28:7006
194.5.98.32:959
194.5.98.81:7123
194.5.98.95:4224
194.5.99.119:1882
194.5.99.16:8493
194.5.99.205:1988
194.5.99.218:2060
194.5.99.218:2404
194.5.99.243:1666
194.5.99.243:2017
194.5.99.40:7461
194.5.99.51:2019
194.68.59.47:2404
195.178.120.118:2404
198.46.173.141:50485
199.247.0.12:5553
199.249.230.22:5481
199.249.230.27:5129
199.249.230.27:6159
20.115.127.188:1177
20.115.127.188:30120
20.115.127.188:4447
20.115.127.188:4448
20.214.203.178:4034
20.38.13.217:2524
203.159.80.123:5050
204.44.78.113:3360
204.48.16.32:4567
206.123.129.103:4565
206.123.140.83:5888
206.123.141.211:54382
206.123.158.139:3618
207.32.216.106:2404
207.32.218.137:5430
209.105.243.126:8650
212.193.30.101:7661
212.193.30.23:2873
212.7.208.111:4832
212.80.206.85:2404
212.83.46.177:2404
212.83.46.23:3110
212.83.46.26:4023
212.83.46.26:4044
212.83.46.26:4045
213.152.161.239:8733
213.152.161.24:5639
213.152.161.25:59755
213.152.161.85:47754
213.152.162.181:5129
213.152.162.181:6159
213.152.162.69:8733
213.183.40.17:4765
213.183.58.34:6669
213.183.58.40:6041
213.184.126.144:1337
213.208.129.213:137
213.92.255.174:7707
216.38.2.200:9929
216.38.2.215:2404
216.38.7.225:6524
216.38.7.225:6809
216.38.7.248:2041
217.138.212.58:52667
217.138.252.123:3319
217.138.252.123:8941
217.151.98.163:5639
217.64.149.109:2404
217.64.149.109:61769
217.79.189.38:5852
23.105.131.229:1960
23.105.131.236:8888
23.105.131.244:2404
23.105.131.244:3390
23.105.131.244:4290
23.146.242.110:9142
23.19.227.243:2404
25.68.49.245:3636
31.171.152.100:2404
31.171.152.104:130
31.171.152.104:3104
31.171.152.106:2019
31.171.152.106:4323
31.210.20.56:2404
31.220.44.253:5222
31.223.65.8:2404
34.227.28.79:8866
34.66.5.36:8082
35.247.37.33:2404
35.247.37.33:2809
37.0.14.206:3352
37.0.14.210:6809
37.1.206.146:11011
37.1.206.16:5959
37.1.206.16:7373
37.1.207.123:5858
37.1.218.181:5851
37.1.218.181:5852
37.1.218.181:5853
37.1.218.181:5854
37.1.222.252:5851
37.120.210.219:3398
37.120.217.243:5639
37.120.234.11:2404
37.252.10.80:5858
37.252.10.80:5959
37.252.11.23:5757
37.252.11.23:5858
37.252.11.23:6464
37.252.11.23:6565
37.252.11.23:6868
37.252.11.23:7676
37.252.11.23:7878
37.252.11.66:5858
37.46.150.207:9944
37.46.150.211:9987
38.242.246.175:2404
38.68.53.190:2929
43.226.229.83:5024
45.12.253.189:36897
45.135.128.195:8888
45.137.22.104:4445
45.137.22.104:8780
45.137.22.250:7050
45.137.22.36:20201
45.137.22.36:4838
45.137.22.45:5200
45.137.22.77:5888
45.141.152.68:63560
45.144.225.112:7777
45.144.225.221:5090
45.153.240.189:1986
45.76.221.195:2404
46.0.234.90:1604
46.165.221.14:8092
46.183.220.15:2022
46.183.220.61:2404
46.21.147.82:2404
46.21.250.36:7733
46.246.34.52:63560
46.249.62.250:5850
46.8.211.72:4444
5.181.166.25:27350
5.187.48.36:7656
5.187.49.231:4321
5.2.68.75:2558
5.20.206.229:8888
5.248.241.94:2404
5.252.165.58:34067
5.45.72.225:9003
5.45.87.29:8000
5.61.53.13:8000
5.61.56.10:9003
5.61.56.10:9004
5.61.57.165:5879
51.222.10.175:5861
51.222.10.175:5862
51.79.177.107:5855
51.89.201.42:1960
54.37.160.139:5467
54.37.235.82:8850
54.39.198.226:1960
64.188.26.145:2404
64.44.139.178:7200
65.108.9.124:4783
65.21.127.164:4783
65.21.9.54:1055
66.63.168.12:2404
66.70.141.157:2404
68.9.71.150:2404
69.61.41.126:4020
69.61.41.126:5050
72.11.157.241:4445
74.235.148.214:5000
74.63.220.6:2152
77.48.28.227:2442
78.30.214.80:25565
79.105.173.179:2404
79.110.52.7:2404
79.110.52.93:2404
79.134.225.100:1011
79.134.225.101:1011
79.134.225.102:2023
79.134.225.102:2025
79.134.225.103:6060
79.134.225.105:1910
79.134.225.108:5851
79.134.225.108:6868
79.134.225.10:98
79.134.225.112:1774
79.134.225.117:6767
79.134.225.118:6666
79.134.225.118:6667
79.134.225.120:8958
79.134.225.126:191
79.134.225.12:60256
79.134.225.13:26500
79.134.225.15:1011
79.134.225.17:2050
79.134.225.19:2555
79.134.225.19:2556
79.134.225.19:6606
79.134.225.20:8760
79.134.225.21:1930
79.134.225.21:60512
79.134.225.22:9763
79.134.225.23:6666
79.134.225.25:2404
79.134.225.25:3131
79.134.225.25:4141
79.134.225.27:4001
79.134.225.31:6089
79.134.225.34:20210
79.134.225.39:1982
79.134.225.43:5908
79.134.225.49:1953
79.134.225.52:1712
79.134.225.55:2021
79.134.225.72:2050
79.134.225.72:32765
79.134.225.73:6001
79.134.225.75:1199
79.134.225.75:7171
79.134.225.77:2001
79.134.225.77:2050
79.134.225.78:2404
79.134.225.78:6666
79.134.225.78:6667
79.134.225.7:2050
79.134.225.80:1952
79.134.225.81:3456
79.134.225.8:4241
79.134.225.8:6434
79.134.225.8:8654
79.134.225.8:8686
79.134.225.92:1212
79.134.225.92:1234
79.134.225.97:1558
79.134.225.97:8600
79.134.225.98:9080
79.134.225.99:1337
79.134.225.99:5678
79.172.242.28:2404
79.66.202.242:2404
79.66.202.242:4572
80.66.75.100:8788
80.66.75.109:50981
80.66.75.123:2456
80.66.75.126:53813
80.66.75.27:55777
80.66.75.28:55777
80.66.75.34:55777
80.66.75.36:3121
80.66.75.36:55777
80.66.75.37:53777
80.66.75.41:24155
80.66.75.41:36405
80.66.75.41:55535
80.66.75.51:11111
80.66.75.51:12565
80.66.75.51:13335
80.66.75.51:1352
80.66.75.51:2401
80.66.75.51:2402
80.66.75.51:2403
80.66.75.51:2404
80.66.75.51:49404
80.66.75.51:63464
80.66.75.73:1869
80.66.75.79:8758
80.66.75.90:4567
80.66.77.55:12043
80.66.88.139:36777
80.82.77.221:2606
81.161.229.69:12297
81.19.131.21:2580
83.95.173.122:2404
84.212.68.93:2404
84.43.208.174:4782
85.204.116.30:27017
87.237.165.162:1011
87.251.79.106:4567
87.251.79.117:10101
87.98.236.198:443
87.98.236.198:49650
89.163.144.125:5855
89.163.144.211:5015
89.163.214.180:6003
89.249.74.213:40511
89.249.74.213:4808
89.33.193.60:2845
89.33.193.60:5555
89.35.228.202:5050
89.35.228.236:4848
89.39.107.61:2606
91.103.252.68:2580
91.189.180.205:42018
91.192.100.10:11011
91.192.100.13:11011
91.192.100.25:27835
91.192.100.27:2404
91.192.100.4:1414
91.192.100.55:3360
91.192.100.57:8780
91.193.75.115:4343
91.193.75.121:1011
91.193.75.126:2019
91.193.75.145:1604
91.193.75.146:2021
91.193.75.147:2021
91.193.75.166:1011
91.193.75.178:7689
91.193.75.178:8769
91.193.75.182:2404
91.193.75.185:1989
91.193.75.188:60001
91.193.75.188:60004
91.193.75.188:60007
91.193.75.189:54255
91.193.75.199:1360
91.193.75.199:1361
91.193.75.199:1362
91.193.75.199:2404
91.193.75.216:1990
91.193.75.227:4380
91.193.75.252:2404
91.193.75.252:9003
91.193.75.45:1990
91.193.75.48:2244
91.193.75.78:2021
91.193.75.84:6688
91.236.116.140:666
91.241.19.107:1313
91.243.44.142:3654
91.243.44.200:61212
91.243.44.20:59681
91.243.44.45:1703
91.243.44.75:1703
91.243.44.88:2403
91.92.128.25:11373
92.220.36.40:2404
92.220.36.40:2405
92.255.57.105:666
93.158.208.100:27065
93.183.234.62:2404
93.190.8.107:2404
93.87.38.12:2404
94.23.218.87:4783
94.237.28.110:64526
94.242.206.175:5883
94.242.206.175:5885
94.242.206.175:5886
94.242.206.175:5888
94.242.59.19:27015
95.140.125.37:2169
95.140.125.47:6666
95.154.196.12:5851
95.167.151.238:137
95.214.27.17:8974
95.217.114.96:4782
95.217.114.96:4783
95.217.144.93:5865
96.9.208.176:2404
96.9.246.149:2024
96.9.246.149:2404
98.143.144.208:2404
1.facewii.in
1.qy92v8t2ot.in
1010.http01.com
121991dec.ddns.net
1515.dynu.net
15766.mooo.com
1c04adeeb09f2e8e5f0f7835e3240044dd0d645d050fd511ac33594dfa43.myboyfornow.pics
1zab4ever.duckdns.org
1zab4ever.no-ip.org
2.bgf4s9ydfe.in
2.facewii.in
2021best.duckdns.org
20billion.ddns.net
305way.duckdns.org
3247823647823.duckdns.org
399i6fi7voahk2g.xyz
3xe94lqhph0janx.ru
4mekey.myftp.biz
4rdp.com
5541.gotdns.ch
5778.hopto.org
5bwfdr9ipmxb0qq.ru
5ow86mh1sf1l1mr.ru
6aj7sx0v4x0o7z8.ru
7980.duckdns.org
903b6a1b4bcf0f1d44494cf445debfc6e7f166ea9a7adds.crusherx1.site
9792c43e055ef0733bcda6cf8aba4af1b0d9af10e2254b7b54da28136de2.cryptic.ink
9days.duckdns.org
9x3uvdpd8u3ybu48.chickenkiller.com
a458386d9.duckdns.org
abino.hopto.org
abjhqm11.duckdns.org
ablegodforsure.ddns.net
abuhjil.com
abujafirms.com
abujafirms1.duckdns.org
accessgranted.crabdance.com
activate.office-on-the.net
adminpotalpublicpersonaswps.website
aertdfvaz.ac.ug
afework.ddns.net
afework.hopto.org
afgdsg.duckdns.org
afrog.sytes.net
aguiyi1234.duckdns.org
aircommodore.ddns.net
ajohnston.duckdns.org
alcoholremser.duckdns.org
alegria.con-ip.com
aleksanderbodhan159.ddns.net
aleksandrekuc.ddns.net
alhabib4rec.ddns.net
alhabib4rec.duckdns.org
alhabib4rec.freeddns.org
aliex.hopto.org
alldatalogs.xyz
alukoren.duckdns.org
amanda97132.duckdns.org
ambientadorservre.duckdns.org
anasalgadodu921.con-ip.com
anbritz.com
aneurinbarnard.duckdns.org
angelista23.duckdns.org
anonuser2.club
anotherlevel.ddns.net
anti-vi.duckdns.org
anti.firewall-defender.cloudns.asia
apleegod12345.ddns.net
apostleremcos.duckdns.org
apostleremcos77.ddns.net
arabia465.duckdns.org
arencoservices.ddns.net
arkern-tr.com
arslanturk.duckdns.org
arttronova1.duckdns.org
ascoitaliasa.duckdns.org
asddfftye.duckdns.org
ateraresult.viewdns.net
auragmdh.com
autgerman.autgerman.com
auto7.duckdns.org
avira-antivirus.duckdns.org
awwes-antivirus.duckdns.org
azuite.ddns.net
bababaf5363.duckdns.org
back-effort.at.ply.gg
backup10012.nsupdate.info
bakup.superbanifabused2.xyz
baloto1.duckdns.org
bambam.hopto.org
banananaiop.kozow.com
bandota.con-ip.com
barrmexy321.ddns.net
bash.mywire.org
bash1.accesscam.org
bash2.accesscam.org
bash2.accessscam.org
bbbr1.ddns.com.br
beckz.duckdns.org
beimeltrans.duckdns.org
bekleyen.myq-see.com
belisha.punkdns.top
bendicemihogar.con-ip.com
bendicionesbenciioe.con-ip.com
bensonm3jb3nj1.mangospot.net
bestubuy.ddns.net
betrice1.chickenkiller.com
betterdaysahead.duckdns.org
bgf4s9ydfe.in
bigfish2345.ddns.net
bilibili610003.duckdns.org
billdropping9003.duckdns.org
billion2020.ddns.net
billionsonline.ddns.net
billypax-fax.dyn.home-webserver.de
binly.club
bitcoinpage.dynu.net
bitrem2022.northcentralus.cloudapp.azure.com
bitybity900.ddns.net
bkns-rubis43.ddns.net
blackbb.ddns.com.br
blesseddaxyman.hopto.org
blessedmacatty.ddns.net
blessedudoka.ddns.net
blessings.ddns.net
blessings2021.ddns.net
blessingsfollowme.hopto.org
blessingsnblessings.ddns.net
blessmelord.hopto.org
blessmelord1.ddns.net
blessmyhustlelord.ddns.net
blessthychild.hopto.org
blinkzworld.club
blowmymind.hopto.org
bobo231.hopto.org
bodhansanders.hopto.org
bodhansanders.duckdns.org
bogyz123.ddns.net
boh.anondns.net
bongon.hopto.org
botellita3434-46423.portmap.host
brasil.con-ip.com
brasilia63.duckdns.org
bressonseencrounder.mangospot.net
brian0612.ddns.net
briana.mypsx.net
brianaf511.duckdns.org
bright2020.hopto.org
brudfascaqezd.ac.ug
bruno.camdvr.org
bruno1.camdvr.org
bruno2.camdvr.org
bunkman.duckdns.org
bunkman212.ddns.net
bunkman212.duckdns.org
bush009.duckdns.org
bushaka009.duckdns.org
bushbackup.duckdns.org
bushnew.duckdns.org
businessculture.dvrlists.com
bustabantu0817.ddns.net
bustabantu0817.ddnsgeek.com
bustabantu0817.hopto.org
bvc234.ddns.net
bxtis123.ddns.net
cacgroups.hopto.org
callito2024.sytes.net
calvinlarry3551.ddns.net
calvinlarry3551.hopto.org
camil.con-ip.com
camrow1.duckdns.org
canival.duckdns.org
capriteam.ddns.net
captdic.duckdns.org
captmay.duckdns.org
carmensantanate62.con-ip.com
cartextranss.duckdns.org
casacasa.con-ip.com
casacasa777.con-ip.com
casademamaymia.con-ip.com
casamama1.con-ip.com
casarem.dynuddns.com
cashout2018.ddnss.de
casillas.hicam.net
casillas.libfoobar.so
casillas45.hopto.org
casillasmx.chickenkiller.com
catash.ddns.net
cathodlectr223.zapto.org
cato.iownyour.org
catomaaaaa.freedynamicdns.org
cazt01money.ddns.net
celikklczet.com
centourismeadddynamicoptional001.loseyourip.com
centro.con-ip.com
ceo.point2this.com
ceo2.point2this.com
cfo11.ddns.net
cfo11.hopto.org
chaseric.ddns.net
chaseric.hopto.org
chasesure.ddns.net
chasesure.duckdns.org
chen12.chickenkiller.com
chhjvhvkjbhliiuyuj.duckdns.org
chiboy22.ddns.net
chidera12345.ddns.net
chilegrace.ddns.net
chimmyxx.ipq.co
chinnyann.ddns.net
chinnyann.duckdns.org
chizzy8642.ddns.net
chucksnchucks.ydns.eu
cincuentarem.duckdns.org
cincuentaynueverem.duckdns.org
cincuentayseisrem.duckdns.org
cincuentayunorem.duckdns.org
cjmoneykelvincrugar.duckdns.org
ckay4real.hopto.org
cl-powar.com
classicbube.duckdns.org
clearvisoingraphicsremcoz.ddns.net
clinton2.duckdns.org
clinton3.ddns.net
cnnnnnnnncjldhsfui2ewryyr26734ohisdfsfsdxcvxvvv.publicvm.com
cobeckconstruction5430.camdvr.org
cobeckconstruction5430317.camdvr.org
coemxarre.duckdns.org
coke.nsupdate.info
collector1.duckdns.org
collector2.duckdns.org
collector3.duckdns.org
colombiabus72.duckdns.org
colombiahos.hopto.org
colpengaer.duckdns.org
coman-n.duckdns.org
computer079.linkpc.net
conecioplaystation4.ddnsfree.com
conipjuanchorem.con-ip.com
considered-arrest.at.ply.gg
construcciones.disbayal.me
contactchoweysafe.ddns.net
coronanancy14-50163.portmap.io
costamarfil13.duckdns.org
cothdesigns.com
coto-ar.com
coventry001.ddns.net
covid19remoc.duckdns.org
covornalord.duckdns.org
craigjonson1.gotdns.ch
craxsrat.ddns.com.br
creditdept01.myq-see.com
crusherx1.cfd
crusherx1.site
cryptic.ink
cryptotabhost.online
crystalbally44210.duckdns.org
csc.mastercoa.co
ctbcbk.us
cteu48n17qjpwv4.ru
ctl-plg-ap-12.nsa.gov
cuarentaycinco.duckdns.org
cuarentaycuatrorem.duckdns.org
cuarentaysieterem.duckdns.org
cuartos.con-ip.com
cvbcvb902834dsdfsscxvewr234234dvxcvx.publicvm.com
d02297e47fefcb8af4e517022b64ba0235369fc19f32b013d150666b9.jaytele0.site
darlingnwa4x4.hopto.org
darren2023.sytes.net
dash.3utilities.com
dash1.3utilities.com
dash2.ddns.net
dash3.ddns.net
dash4.ddns.net
databasenash2020.online
databasepropersonombrecomercialideasearchwords.services
datavcc.duckdns.org
datbuggy.servepics.com
davewang.ddns.net
davewang.duckdns.org
davidwong4ghost.ddnsking.com
dbanty2.ddns.net
dcws2kksik85f288.xyz
ddboy.ddns.net
ddns.dbcdubai.com
ddns.rbs.pw
de1.localtonet.com
death1fax.home-webserver.de
dedetsardfkjh.ru
deejay140-37878.portmap.io
defenderavs.mooo.com
deltatradings-eg.com
demoledor.duckdns.org
dera33.ddns.net
desastre.con-ip.com
destallesinformaciones12.duckdns.org
dfgdgertdvdf.space
dfgdgertdvdf.tech
dfkljsdf283293084jksdfsdewrdssdfsdfsdfsfsf.publicvm.com
dfrannks.ddns.net
dftyuj.duckdns.org
dhforklifts.com
dico.is-a-hard-worker.com
dico.is-a-liberal.com
dinero.ddns.net
diosesbueno.con-ip.com
divdemoce.duckdns.org
dkvisbsdidsdubvsdv.con-ip.com
dns2.mailredirect.ooo
dogspeaks.giize.com
dogspeaks.hopto.org
dollarands.duckdns.org
dollarboy1.duckdns.org
dominoduck2102.duckdns.org
dominoduck2103.duckdns.org
dominoduck2109.duckdns.org
dominoduck2113.duckdns.org
dominoduck2120.duckdns.org
dominoduck2124.duckdns.org
donatelo783.duckdns.org
donjon555.ddns.net
donjon555.hopto.org
donlin.dvrlists.com
dontbloc1.duckdns.org
dontbloc2.duckdns.org
dontbloc3.duckdns.org
dontblock.duckdns.org
dontreachme1.ddns.net
doopcrib.club
dopeclones87.ddns.net
dozrem.duckdns.org
dpqw-avira.bot.nu
drgarerd.eu
drgeraldvanluven12.zapto.org
driod.ydns.eu
drlogs1.publicvm.com
droidtech2.com
dropy1.ddns.net
dropy2.ddns.net
dsgrrrgfgf.duckdns.org
duckdb28921.duckdns.org
duckdne7832732.duckdns.org
duckdnw4.duckdns.org
duckguy.duckdns.org
dujuyer375ourf.duckdns.org
duplicado53.duckdns.org
dvsgfdda.duckdns.org
dxb1.mooo.com
dyansy11.ddns.net
dynasy12.ddnsking.com
dynasy13.myddns.me
ea01299e9ae43df8612cc3ecf2c968c41c55b74b483d44927dbc5185bd.crusherx1.cfd
ea01299e9ae43df8612cc3ecf2c968c41c55b74b483d44927dbc5185bdab.myboyfornow.bond
eastsidepapi.myq-see.com
echox12.ddns.net
ecxco.com
edfgh.ddns.net
effef.duckdns.org
egfsdgfdgh.duckdns.org
egommbute2020.ddns.net
eileenwmsscm.duckdns.org
ejimmss.ddns.net
ekuronew.hopto.org
ekurorem.duckdns.org
elastolut.duckdns.org
electricaribe.duckdns.org
elfinal.con-ip.com
elkjvsvhbwue.duckdns.org
elpapa0810.mypsx.net
elrenacer832.duckdns.org
elzy.ddns.net
emarketinglatakva.ddns.net
emilio2024.kozow.com
emiratods837.duckdns.org
emkanat.ddns.net
encoreelectric.dvrlists.com
encrushias328.sytes.net
enmark80.duckdns.org
ennenbach.duckdns.org
entradas2024.duckdns.org
entrandohhh.duckdns.org
envisiensintl.com
envisiensintl.duckdns.org
eowkai122.duckdns.org
ericbishop225.servepics.com
ericbishop225.sytes.net
ernestico8392.duckdns.org
euorvent.com
europarem.duckdns.org
evaclock1.hopto.org
evangelical7395.ddns.net
eventsbypearce.host
everestenterprses21.sytes.net
evnovic.ddns.net
ewewlveojndsv.con-ip.com
ewgxbuwkuncjo90.club
experience247.ddns.net
explorersystem.dyndns.biz
ezfax2021.home-webserver.de
ezisec.duckdns.org
fabiancarrillolora09.con-ip.com
facewii.in
facturadigital.biz
fanarybless.ddns.net
fanta.nsupdate.info
fatherlord1.ddns.net
favor.bounceme.net
favour2020.ddns.net
favour2021.ddns.net
fax-joh.dyn-ip24.de
fax-prince.home-webserver.de
fdfjdfjjhfjhgf.duckdns.org
fdghfghhre.duckdns.org
fernand.con-ip.com
feromo.duckdns.org
fery.mastercoa.co
festivapherma.com
fgbgfyby.loseyourip.com
fgjrtgrgwhwrjjjsr.con-ip.com
fgtrert.duckdns.orgqweerreww.duckdns.org
fiamim.com
filandes72.duckdns.org
finalesdejulio2020202020.duckdns.org
finseca.con-ip.com
firedownplay43883.duckdns.org
fjgjkhltyjj.duckdns.org
flatbar21004.duckdns.org
fmunity247.ddns.net
foodhubcompany.duckdns.org
forcertx.com
foshfjdfnisudhfios.con-ip.com
fouskal.theworkpc.com
franex.gotdns.ch
fredneilq.ddns.net
freeeboyi.duckdns.org
freelife.mywire.org
freelife01.mywire.org
freelife1.mywire.org
freelife2.mywire.org
freelife3.mywire.org
freelife4.mywire.org
freelife5.mywire.org
freeware.gleeze.com
fresh03.ddns.net
fresh134.ddns.net
frostyfoodco.kozow.com
fsdf.is-a-republican.com
fuchvsodfhwgefbaa.con-ip.com
futerty.mooo.com
futy.ga
futy6674.ga
futy676.com
fwgeg.duckdns.org
g8m3cyido670ly5.club
gabriellozanolora09.con-ip.com
gabrielmarquezlora09.con-ip.com
galo.servehttp.com
galoservices.servequake.com
ganster.con-ip.com
gastonlopezlora09.con-ip.com
gato87630.mypsx.net
gatus.ga
gbotowaya.linkpc.net
gcrozona.duckdns.org
gcrozonav.duckdns.org
gd92nof7quuu2l.ru
gem7.nerdpol.ovh
geneish.mywire.org
gethat.publicvm.com
getrektkid.duckdns.org
getrektkiddo.duckdns.org
ghkbffhjkhdxchjkf.ddns.net
github-58677.portmap.io
gitpacdxb1.ddns.net
gkoayu2862.duckdns.org
globalsystempl.ddns.net
gloriamae3232.duckdns.org
gloryandsuccess.sytes.net
goals.sytes.net
goals44.sytes.net
god111favour.ddns.net
godgodgod.ddns.net
godhelpme.ddns.net
godisgood247.duckdns.org
godslovem.ddns.net
gofarbooking.ddns.net
goldie.nsupdate.info
golpe9032.duckdns.org
gonorreaomegonorrea2021.duckdns.org
gonsalogurierreslora09.con-ip.com
goodisgood.ru
goodlife4sure.ddns.net
goodluckfile.ddns.net
goodworkers.ddns.net
goodygoody.duckdns.org
googlepics.gotdns.ch
gozman11.duckdns.org
grace.maximos.quest
grace111.ddns.net
grace2020.home-webserver.de
grace2020.sytes.net
gracefoundme.duckdns.org
graceland2021.ddns.net
graceland22.ddns.net
graceman2021.ddns.net
graceofgod1.ddns.net
graclogs.duckdns.org
grannyclassone.ddns.net
greatglass.servebeer.com
greatzillart.ydns.eu
grevk.ddns.net
grrgfdsagdgfgfsg.con-ip.com
grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu
gstpppp.crabdance.com
guido.con-ip.com
gustavobills.gotdns.ch
gustavobillz.duckdns.org
guy.hopto.me
guysniaja.duckdns.org
h.nerdpol.ovh
hadrqlo.ddns.net
harvard2.zapto.org
haveyoutube.hopto.org
hawmans.cc.dvrlists.com
hazelglory1.ddns.net
hazelglory1.hopto.org
heartdoaz.ac.ug
heinrichbaum.duckdns.org
helisaclou.helisaclou.com
helloservice.mywire.org
hemidiindia.com
henrietta.myddns.me
hillsong5566.ydns.eu
hjieyhe.ddns.net
hoefeynacia.xyz
holamundo.ddns.net
hold.linkpc.net
holygrillfax.home-webserver.de
homoney177.duckdns.org
hoppanga.club
hostdyn77.ddns.net
hostlords24.bounceme.net
hotii.ddns.net
housteko.mywire.org
houstrik.gleeze.com
hpx360pavillon.ddns.net
huracan.con-ip.com
hussanm.duckdns.org
hustlehard.ddns.net
iamfriendz.duckdns.org
iamfriendz.linkpc.net
ichi34.duckdns.org
idiotobocaefabmantenio2021.duckdns.org
idkwhatnameto.ddns.net
iessecuador.con-ip.com
igweumz.myddns.me
ihavemercy.duckdns.org
ihechi.ddns.net
imagine999.ddns.net
imranmhemoodcheema.ddns.net
indira8923.duckdns.org
info111.ddns.net
infoprokaps.ddns.net
infoprokapz.ddns.net
informaciondelproceso.duckdns.org
inicio.con-ip.com
inovacaptab.com
inssolution.duckdns.org
ipbanhbeone.hopto.org
ipngubinh.hopto.org
isp.remcosagent.dns-cloud.net
isrealpicker.duckdns.org
issacc.duckdns.org
iwantcheats.xyz
iwehfojesnojene.con-ip.com
iygfbafn792322.duckdns.org
izlamabad.strangled.net
j3wb76496fukmhj.ru
jackbaur75.linkpc.net
jackpiaau.duckdns.org
jackson910.dvrlists.com
jackyjian1965.hopto.org
jamaica123.ddns.net
jamaru1444.myftp.biz
james111.ddns.net
janeilla.myddns.me
janermontez86723.duckdns.org
jauansantos8721.duckdns.org
jaytele0.site
jbarn.camdvr.org
jeanettee.myddns.me
jfgagnon-31435.portmap.io
jgwmxykzoty0e22ronzlahhrlzd8om139wn9xf5q.duckdns.org
jimmy101.myq-see.com
jimnvv.ddns.net
jkamani.xyz
jkhxcvklsdflujkjhgdfuyter.ru
jluxi.dynu.net
jmtjmt.ddns.net
jobs.closeweek.club
john777.ddns.net
johnhoff.hopto.org
johnhoff1.hopto.org
jokerwe.duckdns.org
joseryeyr.con-ip.com
jqni1my7489jkmb.ru
jswork.ddns.net
jswork.duckdns.org
juanferandresdaza.con-ip.com
judyhus19.dvrlists.com
jueces23.duckdns.org
juliod87qw2.duckdns.org
junio1ok.duckdns.org
justicia.con-ip.com
juzgado832182.duckdns.org
jvofviubedvbev.con-ip.com
k55nfjeasa.ad-center.marketing
kamilaczap.myddns.me
kamryy.ddns.net
karnnod.com
kassssy.duckdns.org
kasssys.ddns.net
katruda.duckdns.org
kaymoni.duckdns.org
kelvincrugar.duckdns.org
kenke.mooo.com
kerrrrr.duckdns.org
kesaihk.com
khazsk.duckdns.org
kike.con-ip.com
king.dyn.ydns.io
king1.warzonedns.com
kingman.hopto.org
kintero.con-ip.com
kjdes.ddns.net
kl8nn6dcsfg69bn20h.duckdns.org
kmt-2.duckdns.org
kobiremcos.punkdns.top
kobiremcos2.punkdns.top
kobiremcos3.punkdns.top
kocdestek.ddns.net
kohjguj.ydns.eu
kokotin.kozow.com
laamanezatuister.duckdns.org
lab-protect.in
labeokunta.dyndns.org
lailataoday.hopto.org
lalalalalaalal.fr.to
leandrorey.duckdns.org
leewardmarineservices.duckdns.org
leewardmarineservices.mywire.org
letitbesoj.ddns.net
letmedie.crabdance.com
lifeless.gotdns.ch
lightvsv.duckdns.org
liguid.duckdns.org
liis036f.duckdns.org
lindron.ddns.net
lindron1.ddns.net
lindron2.ddns.net
linvosuyi.myddns.me
lionsguard.ddns.net
locahost247.org
local8263.duckdns.org
localhost247.org
logan.mypop3.org
logged.duckdns.org
logisctism.duckdns.org
logisctismest.duckdns.org
logisitica.discisoted.info
logzhome.mywire.org
love.nsupdate.info
lovedaysde.duckdns.org
lovelead.ydns.eu
lpbafldpvnsq11i.club
lsdw.dyndns.org
luckymanfavour.ddns.net
luckymanoffavour.ddns.net
luisacastro84.duckdns.org
luisarrieta5.duckdns.org
lunesgermanarellanos.con-ip.com
lxijr.ddns.net
macatyrules.ddns.net
macdonaldo.hopto.org
macho.hopto.org
mafianclub-41203.portmap.host
mageret894.chickenkiller.com
mail.deiomino.icu
mail.mastercoa.co
makuo.hopto.org
malito.con-ip.com
malwarechecker.ddns.net
maly22333.ddnsking.com
mam.mastercoa.co
maneediem.com
mannypenny.duckdns.org
maquivirtual.duckdns.org
marabos.ddns.net
marcando.con-ip.com
marcobalassoneets.ddns.net
marinelife9003.duckdns.org
markspahn490.ddns.net
markusrichard.mywire.org
marlonloperalora09.con-ip.com
marrem0.ddnsking.com
marriagaserrem.con-ip.com
martinelialora09.con-ip.com
marzo172022.con-ip.com
masterpat0nms672ns.duckdns.org
masters4733.sytes.net
maxwealth123.ddns.net
mdipaolo-remm.duckdns.org
medallos.duckdns.org
mediacome.duckdns.org
meembabab.ddns.net
megacomercialproservicesandnetworkingtelemarketing.online
megamoney2021.duckdns.org
mekremcos23.freedynamicdns.net
melvinchrist774.zapto.org
merce.con-ip.com
merceariadobenedito.store
mercedes.con-ip.com
mescot-metal.com
messi.dns.army
metarx.ddnsking.com
metx.duckdns.org
micenaxus.com
michelle247.ddns.net
microsoft-update-tool.duckdns.org
microsoft-updatetool.duckdns.org
microsoftwindowsvanced.duckdns.org
micxrus.ru
miercolesdndurem.duckdns.org
mikegrace2020.ddns.net
mikegrace2021.ddns.net
mikepedro207yxxx.ddns.net
mikepedro207yyyxxx.ddns.net
milbendiciones.con-ip.com
mildebendiciones.con-ip.com
milliondollar23.duckdns.org
mirandli.mirandli.com
mk.gdssa.cloudns.ph
mk.gtsdominicana.us
mmtrade.chickenkiller.com
mmtrade.publicvm.com
mnkhosting.de
mommaowow.myftp.biz
mondanepre.myddns.me
moneymustansme.duckdns.org
moneymustdrop.ddns.net
moneywonders.megasalesltd.com
moorenike.sytes.net
movement2020.ddns.net
mr0910.duckdns.org
mrbigice.hopto.org
mrtoby.hopto.org
msic10.quintetoffshore.com
mstq-designs.xyz
muchogroup.ddns.net
mukatt.com
municiapa821.duckdns.org
mxmeite.duckdns.org
my.bingoroll18.net
my.bingoroll19.net
my.bingoroll20.net
myboyfornow.bond
myboyfornow.pics
myfrontmannyfive.ddns.net
mylabssfsdf.spb.ru
mymann2021name.ddns.net
mynewmachinisonthewaycoming.duckdns.org
myproject1.ddns.net
myworldss.hopto.org
n8hoie32bkdpfd7.info
nakamura.hopto.org
nakamuraa.ddns.net
namonanwa.duckdns.org
naninani11.ddns.net
napaneli.com
navalbroda.ydns.eu
nbvuhvioeodhdu.duckdns.org
ncholazzervas.hopto.org
ndma.chickenkiller.com
nebus2022.duckdns.org
nerverdieorcus.is-a-doctor.com
netcos.mooo.com
neverdiemosole.is-a-doctor.com
new.bingoroll20.net
newdawn.zapto.org
newera625.ddns.net
newifeanyi12.ddns.net
newoneatu.hopto.org
newremc22.ddns.net
newserversforlogs1.ddns.net
newserversforlogs2.ddns.net
newspk.ddns.net
newstub01.duckdns.org
newtyer.hopto.org
nicholds.dyndns-web.com
nickman12-46565.portmap.io
nikkihutsltd.duckdns.org
nitido.con-ip.com
nj.dyndns.org
nkiruka2020.ddns.net
nkosarevaocs.duckdns.org
nkume666.ddns.net
nnnnoy.ddns.net
noneynoney.ddns.net
nonprofit.mywire.org
northside.hopto.org
novic.ddns.net
noviembre7.duckdns.org
nuevodiahoysivamoshacerplata.duckdns.org
nullhacker001.camdvr.org
nuxomexe.hopto.org
nvdiedico.knowsitall.info
nvdiedicob.is-a-chef.org
nvdiedicobies.is-a-hard-worker.com
nvdiedicozeus.dyndns-web.com
nvdiedicozeuse.webhop.org
nvdieroxy.kicks-ass.net
nvdieroxy.servebbs.org
nvisbviurbviuhbrr.con-ip.com
nvremcos.myq-see.com
nwajesu2020.freedynamicdns.org
nwajesu2021.ddns.net
nwokeomadaxy.hopto.org
nxghej4nnhx4j8u.ru
nyan43.duckdns.org
oba12343.ddns.net
obby.hopto.org
obclondon.ddns.net
obclondon.duckdns.org
observatorioplanificacionselectaccount.services
oceantrademn.ddns.net
odi111.ddns.net
odicjidjcsoijcodjicdij.con-ip.com
office1.servemp3.com
officer170.webredirect.org
official.myq-see.com
officialsw.chickenkiller.com
offsensiveho.dnsfor.me
ohekelem4x4.hopto.org
oifjvdofjvofknf.con-ip.com
okkkk1.ddns.net
olhgan3802.duckdns.org
olimpusdnre.duckdns.org
olorunwa.duckdns.org
oluwa12.ddns.net
omari12.duckdns.org
ommi-it.com
one.dmi.cloudns.ph
ongod4ever.ddns.net
onigegegege.duckdns.org
onlinemich-33503.portmap.host
onyedika23456.hopto.org
onyem.myftp.org
openrvdl.duckdns.org
orifak.ydns.eu
orland.con-ip.com
orozco-fax.home-webserver.de
oscarule.xyz
osiris8612.duckdns.org
ostriuyer.myddns.me
ourt2949aslumes9.duckdns.org
ozn.dvrlists.com
pabliotoes.duckdns.org
pabloemilio.mypsx.net
pacorem.duckdns.org
pakchoob.me
pakehoob.com
palmeirasremdns.duckdns.org
paloita9973.duckdns.org
pandemic4u.duckdns.org
pandemic5u.duckdns.org
pandemic6u.duckdns.org
pappysnr.duckdns.org
paraguaydnrempara.duckdns.org
parhatcsafxz.ac.ug
parisdnremparis.duckdns.org
parkingcctv.dynamic-dns.net
partnermepartneryou.duckdns.org
pascality.ddns.net
pastor1.con-ip.com
pcnewsesperanza.duckdns.org
pearlcip111.ddns.net
pearlcip111.hopto.org
pedro2021w.ddns.net
pedro2021w1.ddns.net
pedro2021w2.ddns.net
pekonomie.duckdns.org
pelerem.duckdns.org
pentest.awsmppl.com
perkasa.hopto.org
petebots.cloud
peterwong.ddns.net
petroleum.sytes.net
pfizervacunadns.duckdns.org
picapiedra.con-ip.com
piergxrx.com
pilarpilarifca2.duckdns.org
pilatos1025.dynu.net
pilo99.ddns.net
piratecrusher32-30031.portmap.host
piusdefender.ddns.net
playstachon.duckdns.org
playtime40098.ddns.net
plinio.con-ip.com
plssssssssss.ddns.net
polonia783.duckdns.org
pop.mastercoa.co
port9548.dynns.com
portalwpsiniciopublicvirtual.xyz
porterflrm.com
portugaku386.duckdns.org
portugal16.duckdns.org
ppprrooo.duckdns.org
prantiexport.myq-see.com
prayerarequesttojah.ddns.net
preferencial20.dynuddns.net
preparewell2023.ddns.net
press2.awsmppl.com
primetoolz.duckdns.org
princedaniels.duckdns.org
professionalkeepalive.online
progaming69.ml
progesteron610.ddns.net
programahumanitaria202220222022.duckdns.org
progressive2024.com
proprapra90.ddns.net
prosperidad777.con-ip.com
protagonist.ac.ug
protherm.ddns.net
proverbio.con-ip.com
prueba1666662.duckdns.org
prueba6812111.duckdns.org
pruebanue97382.duckdns.org
pruebaonce83191.duckdns.org
pruebaseisete86322.duckdns.org
pruebatreinai1087182364.duckdns.org
pruebatreintaicuatro91726192.duckdns.org
pruebatreintaiseis721852.duckdns.org
pruebatreintauno167821.duckdns.org
pruebaveinticinco782351212.duckdns.org
pruebavente815113.duckdns.org
pruebaventidos124235.duckdns.org
pruebaventiuni321234.duckdns.org
pruebaventiuwn73185129.duckdns.org
ps5r.duckdns.org
push4me.freeddns.org
pushpush9810.ddns.net
putcalligoanswer.hopto.org
pvtrans.ydns.eu
qaqaqa.ddns.net
qatar1329872.duckdns.org
qaw.mastercoa.co
qnb.mooo.com
qnp.mooo.com
quadrad.duckdns.org
quaxim.ocry.com
que.hopto.org
qweerreww.duckdns.org
qy92v8t2ot.in
raboundeu.duckdns.org
rambolastblood.ddns.net
ramosasdj.ac.ug
ramseycynthia.gleeze.com
ramzy.duckdns.org
rangel713.duckdns.org
ratagainbk.gleeze.com
raz23-51034.portmap.host
razorr.bounceme.net
rdp.con-ip.com
rebekauk.duckdns.org
reboot.duckdns.org
recom-40698.portmap.io
recomwest.duckdns.org
recuperaciondecartera.xyz
redeban.duckdns.org
referantsa12.duckdns.org
referantsa14.duckdns.org
regiskm67.buyshouses.net
relocosrelocos.dyndns-at-home.com
rem-pounds.ddns.net
rem.nerdpol.ovh
rem.unionbindinqcompany.it
rem04smtpmailserver.bid
rem1.nerdpol.ovh
rem2.nerdpol.ovh
rem3876.duckdns.org
remaboki.duckdns.org
remback.blair-reality.com
remback1.blair-reality.com
remcapi.duckdns.org
remco101.duckdns.org
remco102.duckdns.org
remco9200.duckdns.org
remcobakup.duckdns.org
remcolife.duckdns.org
remconuevo.duckdns.org
remcos.fingusti.club
remcos.kolisis.space
remcos009s.duckdns.org
remcos1.ydns.eu
remcos2026.duckdns.org
remcos50501.hopto.org
remcosagent.dns-cloud.net
remcose.ddns.net
remcosw11.mywire.org
remcosw22.giize.com
remcosw33.kozow.com
remcosw44.freeddns.org
remcosw55.freeddns.org
remcosw66.freeddns.org
remcosw77.freeddns.org
remcoswealth.ddns.net
remcoswill.dynu.net
remcozy.duckdns.org
remego.ddns.net
remer.newshipexpress.com
remgeesecond.duckdns.org
remma.ddns.net
remman3.ddns.net
remman4.ddns.net
remman5.ddns.net
remman6.ddns.net
remno.myddns.me
remremrem2021marzo2021.duckdns.org
remsprotocol.servehttp.com
remy.publicvm.com
renan-fax.dyndns1.de
rencos.ddns.net
report1.duckdns.org
report59.duckdns.org
resereved12.nerdpol.ovh
retsuportm2.ddnsfree.com
reubenjet2018.http01.com
reveals.ddns.net
reveals.hopto.org
rex2020.hopto.org
rexarluther.ddns.net
reyreich.ddns.net
rfq.salesbin.digital
ricard32.con-ip.com
rich-fam1.strangled.net
richardd.camdvr.org
richiealvin2021.duckdns.org
rippc.ddns.net
rm.dogetaxi.io
rm.squidgame.to
robertmoore.hopto.org
robertozk.freeddns.org
robinsonwdq222.duckdns.org
rock.extrafive.loan
rockview.duckdns.org
rogeliada333.duckdns.org
rogerhunk41.duckdns.org
rogerhunk41.nsupdate.info
rogerhunk41backup.nsupdate.info
rogerhunk41backup011.nsupdate.info
rokyfilms.3utilities.com
romancito24.duckdns.org
romania3784.duckdns.org
romec.shipnotifica.com
rominar247.ddns.net
rornfl12.duckdns.org
roxy.dynalias.net
roxy.is-by.us
royal0001.hopto.org
rsaupdatr.jumpingcrab.com
runadp-mcos.duckdns.org
runam.ddns.net
ruthy.qdp6fj1uji.xyz
rwanda1010.duckdns.org
rxmz.duckdns.org
sabrinaoyst.ddns.net
sack517.ddns.net
sack517.duckdns.org
salesumishcn.ddns.net
sallyfosterjones.com
saloon-fax.myhome-server.de
sandovalreip.con-ip.com
sandrahurtadosa583.con-ip.com
saocris.ddns.net
saquelargore.duckdns.org
sara.con-ip.com
satsundai.club
sdegreenfieldsdeeenf.duckdns.org
sdfklxcjviouewr237289748234dsrfsdfewrwerewrdsf.linkpc.net
sdfxcvjk23423789dskjfsd234dsfsdvvsdfsf.publicvm.com
sdgsfgjvcbcbc.duckdns.org
sdkvifernuebvhcdbv.con-ip.com
sdsd.nerdpol.ovh
seagloballogistic.in
search.akamaimicro.com
seasons444.ddns.net
seba2580.duckdns.org
sebastianvelezdn.con-ip.com
securewebareax.dyn-o-saur.com
seguridadrc.con-ip.com
seleccion38312.duckdns.org
sep16bebe.duckdns.org
serapey.xyz
server.tanzaltech.pw
servermolink.ddns.net
serverr00008.hopto.org
serververdeparare.con-ip.com
services11.accesscam.org
servr.jordangaming1.xyz
servr.killifabuse1.xyz
servr.killwhenabuse1.xyz
sesentaycuatrorem.duckdns.org
sesentaytresrem.duckdns.org
settings.wifizone.org
sevenrem1.duckdns.org
severm.duckdns.org
sfgrrtyhedgssehyrtj.con-ip.com
sfsvdkjvnksnvknsojdn.con-ip.com
sgfergergfibvisisvgsg.con-ip.com
sgntmichael.ddns.net
shark.vfpi2hz38p.icu
sharongary6.duckdns.org
shell-win11.duckdns.org
shellgang.gleeze.com
shogun-dark.duckdns.org
shooter99.duckdns.org
shooterjob.duckdns.org
shooterjob02.duckdns.org
shooterjobb.duckdns.org
sibepoc.duckdns.org
simplytechnicolor.duckdns.org
simplytechnicolor03.ddns.net
simplytechnicolor03.duckdns.org
simplytechnicolor2.duckdns.org
simsekaluminyurn.com
simshans.duckdns.org
sinzu2.camdvr.org
sinzu3.kozow.com
sinzu4.ddnsgeek.com
sinzu5.giize.com
sinzu6.camdvr.org
sinzu7.camdvr.org
sivhisvishiuhdsfhuhf.con-ip.com
skillupdate.kicks-ass.org
sky.nepis.faith
sky234.ddns.net
skyden.awsmppl.com
skyden.duckdns.org
slidmore.ddns.net
slx-wave.duckdns.org
smartcut.duckdns.org
smb34.duckdns.org
snick.myddns.rocks
snick4059.ddns.net
snrpappy.duckdns.org
sodviodnvsjivosnvd.con-ip.com
sofi90.con-ip.com
sofiavergarate72.con-ip.com
sofie12.duckdns.org
softdream.gleeze.com
softinstall.ug
solardem.strangled.net
solo.chessregister.rss-search.anondns.net
sostenedor.mypsx.net
soweto24.sytes.net
spedra.ddnsfree.com
spiderserver023.duckdns.org
spreadbum1.ddnsfree.com
spreadbum2.ddnsfree.com
spreadrem2.ddnsfree.com
srv01.airdns.org
ssdhir.ddns.net
ssldata-transfero.pw
ssshost.viewdns.net
stahlcran.com
starkduck0001.duckdns.org
startup381.duckdns.org
stateman.ddns.net
statesman.ddns.net
staywoke.ddns.net
storemedia.dyndns.org
storeyman7109.duckdns.org
strekhost2061.duckdns.org
stud.breathlane.icu
style.etanetsys.com
sub.abuse2none.xyz
sub.josmartphones.waw.pl
sub.noneabuse2.xyz
sub.not4abuse1.xyz
sub.wedont1abuse.xyz
subnet.duckdns.org
subservidor.duckdns.org
subsubrm.duckdns.org
suchfamily.eu
suddominio2024.duckdns.org
suiza762.duckdns.org
summitegy2534.ddns.net
sumo.hopto.org
sungito.zklg.net
sunshine08.ddns.net
superboard.ddns.net
supportforrem.ddns.net
supr3m3.xyz
svjhfviuerfvnojdsnvo.con-ip.com
swapo2020.ddns.net
swapo222.ddns.net
swqrn.com
swrypaiii.ydns.eu
sydlarremedies.com
sydor.tjsosda.com
systemcontrol.ddns.net
systemcontrol2.ddns.net
tajelisalamat.duckdns.org
talented.hopto.org
talianau86.duckdns.org
tallboy.zapto.org
tammyberry.duckdns.org
tattonmurpy6.ddns.net
tdegreenffields.duckdns.org
teamfavour111.ddns.net
teamfavour111.duckdns.org
tehilaproj.hopto.org
temmermerble.com
temprem2021.kozow.com
tergat752.duckdns.org
terlevisor23.con-ip.com
terzona2022.duckdns.org
testigood247.ddns.net
testimony.ddns.net
testoctober235.ddns.net
testtingggg5.from-ms.com
thankgod1.ddns.net
thankgodwell.ddns.net
thedoorsisopen.ddns.net
thegatorway.com
thereal2333.hopto.org
theshooter09.duckdns.org
thony.ddns.net
tikettlo.tikettlo.lol
tisnew.ddns.net
titikanor.ru
tobi12345.hopto.org
tokia7823.duckdns.org
toolz.mywire.org
top.abuse1none.xyz
top.alton01.xyz
top.dontabuse1.xyz
top.eaglee1.xyz
top.jordangamingpcs.waw.pl
top.killaifabuse1.xyz
top.never01abuse.xyz
top.noneabuse1.xyz
top.not4abuse1.xyz
top.noway2abuse1.xyz
top.smartphonesjo.waw.pl
top.thesafeheaven.com
top.wedont1abuse.xyz
topfont.duckdns.org
toptoptop1.online
toptoptop1.site
tornado.ydns.eu
torrecuatroremser.duckdns.org
torredosserrenc.duckdns.org
torretresdnremtorre.duckdns.org
torreunoserrenc.duckdns.org
toshiba1122.duckdns.org
totalga.ddns.net
totalgb.ddns.net
totalgp.ddns.net
totalgp12.ddns.net
tprem4g.casacam.net
tprem8g.hopto.org
track.panstar.ltd
transitcapo.duckdns.org
transito.con-ip.com
transporte.serviicargas.design
travisrem.duckdns.org
treelab.hopto.org
trijgrscviomnbvdewacvioplmjytrewwqazxcvty.ydns.eu.ydns.eu
trucker5.ddns.net
trump89238.duckdns.org
tulicknewfavour.ddns.net
turquia111.duckdns.org
twistg.ddns.net
u4wqbjlplzi5hdx.ru
u864243.northcentralus.cloudapp.azure.com
u864243.nsupdate.info
u864244.nsupdate.info
u864245.nerdpol.ovh
u876137.ddns.net
u876137.duckdns.org
ubsgolds.com
ugococa111.ddns.net
ugococa111.freeddns.org
ugodengerguard.xyz
ukraineaugust15.duckdns.org
umuchu.hopto.org
umuoji.hopto.org
united55.ddns.net
unknown-kpera.ddns.net
upstand.duckdns.org
uribito16.duckdns.org
urtyest29458iurtpes4est.duckdns.org
us1.localtonet.com
us2.localtonet.com
utchmann.ddns.net
uyoman.duckdns.org
valjan.in
variety-hat.at.ply.gg
varshtrade.com
vccdata.duckdns.org
vcv.mastercoa.co
vdbto19wogzzu.info
vegospupm.ddns.net
velezdominiore.con-ip.com
venonletmonitprradministratioran.loseyourip.com
veryscary2244.ddns.net
vidrios.ycontrucciones.services
vikkibret.mywire.org
vmware.ndnet2.org
voeurhfvjsdvsd.con-ip.com
vozkidscaracoldns.duckdns.org
vpv.remcacount.co
vstore101.com
vuelta2020.ddns.net
w1w.mastercoa.co
waledon002.duckdns.org
wanananaiop.theworkpc.com
wasy.dynu.net
waterz08.dvrlists.com
wavesvc32.duckdns.org
wavesvc64.duckdns.org
ways-examining.at.ply.gg
wealth.ddns.net
wealth.dynuddns.com
wealth1234.ddns.net
wealth234.ddns.net
wealthambassador.ddns.net
wealthkogd.hopto.org
wealthlyblessed.ddns.net
wealths.duckdns.org
wealthy.duckdns.org
wealthyman.ddns.me
wealthyrem.ddns.net
wealthyremcos1.myddns.rocks
weathbillionaires.ddns.net
webkit.publicvm.com
websetting7777.camdvr.org
welloff.myq-see.com
werverdsfefef.con-ip.com
wetransfers-online.xyz
whiteson2019.publicvm.com
wibhfiwhdciwhfvijdnb.con-ip.com
widda1.ddns.net
wifi.con-ip.com
wilfrido23897.duckdns.org
williams.tjsosda.com
willofgod.hopto.org
wilsocer382.duckdns.org
wilsondavid.ddns.net
winam.ddns.net
winamd.org
windowsupdatenew.duckdns.org
winvohost.ddns.net
wkefewjfnkuhciuwfnhdb.con-ip.com
workbox100.ignorelist.com
workbox100.linkpc.net
workbox100.publicvm.com
worldglobalrem.serveirc.com
wv5hvbijspasvvi.info
x40.spdns.eu
xamp.zapto.org
xandybars1.ddns.net
xcash.ddns.net
xmwire.duckdns.org
xoftmanrem002.camdvr.org
xoftmanrem003.camdvr.org
xpert.dyndns.biz
xrp.mooo.com
xteebaby.icu
xvhjuqq1skbs0bo.info
xyzpree.hopto.org
xzpnhfvnlsjjchr.club
yedaibi.com
yg9twivamv6sw0n.ru
yjune2021.duckdns.org
yjune71021.duckdns.org
yokiri.com
youngboss1994.ddns.net
yousbresde.ddns.net
yousm.duckdns.org
yousucc.hopto.org
ytuna1709.duckdns.org
ytuna7307.duckdns.org
ytuna7325.duckdns.org
yupyup123.duckdns.org
yuyitosjs.duckdns.org
zednet.mooo.com
zeife.giize.com
zekeriyasolek44.duckdns.org
zekeriyasolek45.duckdns.org
zeusnodie.mypets.ws
zimchi2021.ddns.net
zl5uyooepo2sqez.info
zoppere.nerdpol.ovh
zoppere1.nerdpol.ovh
zumanmelden.hopto.org
zxyqx.ydns.eu
zykk5es6go3izsb.club
zysnuy.com
zyt.dvrlists.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-12)

103.202.52.254:5050
172.93.160.33:2404

# Reference: https://www.virustotal.com/gui/file/1ad28ce4f9f5a7e9b9ce2d0e655d4749490201ea7039231caf9f85d751f4f418/detection

172.94.40.145:2000

# Reference: https://www.virustotal.com/gui/file/29cb8ad400f9f4c4f55b39de3cf63903114266795dbfa7cb7e9040d2b23ab4b9/detection
# Reference: https://www.virustotal.com/gui/file/694b1c7f0d1a21c7b495d562c4edd3b93122d17d1f568c118fc5e427cc2489d0/detection
# Reference: https://www.virustotal.com/gui/file/879759742b7ed546f62f1837d15642ed292fd3c859554e11dd3d27dff4f32416/detection
# Reference: https://www.virustotal.com/gui/file/e9a7db610a01f4e6eddaa4fe904ef0bdad386e56a4ea544c6706f9a5bfc94f1c/detection

179.43.144.205:5050
185.213.22.240:2020
5.2.68.68:2020
5.2.68.72:2020
5.2.68.73:2020
5.2.68.74:2020
5.2.68.82:2020
doorbackup.sbs
doorspa.shop

# Reference: https://www.virustotal.com/gui/file/9cd1a5af314816521e29b06c271de6016fcfe71f3e39beb374edd4c56c25a662/detection

5.2.68.70:21090
5.2.68.71:2340
sparaback.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-14)

5.78.40.210:2404
5.78.40.210:2405

# Reference: https://www.virustotal.com/gui/file/040d8d8ba4648cfb66df323b0789a901c34213d9c8e5dc4970c8a5bbfa84cdf2/detection

172.81.60.60:3467

# Reference: https://threatfox.abuse.ch/ioc/1163976/

204.44.124.131:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-18)

45.62.170.73:2405
72.11.142.195:55955

# Reference: https://threatfox.abuse.ch/ioc/1164717/

103.212.81.159:1126

# Reference: https://www.virustotal.com/gui/file/0e022459a85eec6b565b70aa1a2a3ec49009375ec65521758740de2d8e7bb375/detection

103.212.81.159:3256

# Reference: https://www.virustotal.com/gui/file/1e2f3f495e180913a4250f182efec7bab6c029a553abaf6cfdd73416e8eda033/detection

103.212.81.159:3846
bxfpmlncqcmtwgdsxbrn.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b627753254a002ccc97b2db8ac92d130513c85fb2e2e86f3764e8c998611ac02/detection

45.155.7.187:22066

# Reference: https://www.virustotal.com/gui/file/4f4a8ff83672c8134227742b12e228e512d32e3c3dabb8e96bdc6b28628d3d26/detection

104.250.180.178:7902

# Reference: https://www.virustotal.com/gui/file/5286f7e6103043dd6fde463519103ba2dfb395170faaabc601109804182a9a7a/detection

45.142.214.15:3170
45.142.214.15:3180
123123231.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-09-25)

141.98.6.9:7044
185.255.114.32:2404
185.38.142.102:3107
193.42.33.27:5252
5.252.22.56:2404
64.188.24.134:2404
80.66.75.66:3388
95.214.24.210:2404
alvaritospamlamu.con-ip.com
bliv.duckdns.org
brian0627.duckdns.org
cascada.con-ip.com
claudiabetancurlora09.con-ip.com
comico.con-ip.com
dsoiuhvciosdjncoshvibd.con-ip.com
fgndibsvisdviree.con-ip.com
ifdhbodfijvoidsjvpfdpfijh.con-ip.com
puerta1.con-ip.com
remcostest.ddns.net
remsmart.hopto.org
vanidad.con-ip.com
wedhstinwell.online

# Reference: https://www.virustotal.com/gui/file/a522965f3ee8450fac5ef490fd0dd782fd10235826f9e619935c3b847b676c80/detection

23.105.131.181:1609

# Reference: https://www.virustotal.com/gui/file/63223780aa12fb5c0b23024a61b9dc8f1c8c701e026eccab7a4d2ef667f6a7f5/detection

85.209.176.106:2404

# Reference: https://threatfox.abuse.ch/ioc/1179490/

81.19.131.36:2450

# Reference: https://www.virustotal.com/gui/file/631766c4b41778f45c6b68a1ef6a7f700b249def52f2a5297d6e7e0a32dba49d/detection

45.66.230.12:2404

# Reference: https://threatfox.abuse.ch/ioc/1182618/

45.95.169.191:2404

# Reference: https://www.virustotal.com/gui/file/77b9a0c1a2227c43cf08700532888479d5dc29067277625745a151804f96cd44/detection

186.102.171.59:3337
war.bumbleshrimp.com

# Reference: https://www.virustotal.com/gui/file/4953397ff1e2db23646a3e86c91b1f5fd3b7a4e5565dffa00feb9bb26f054bc3/detection

181.141.3.182:8888
asegurar100.4cloud.click

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-03)

141.95.84.40:2222
185.225.74.166:1606
194.180.49.35:4935
81.161.229.158:2404
94.156.6.57:6657

# Reference: https://twitter.com/doc_guard/status/1709557264250495203
# Reference: https://www.virustotal.com/gui/file/3e090a3f20ab44f4efec21a7896198035f9076a9badc8764e4a0bd2fe68c45f5/detection

/i0i0ii0i0I0OII0OI0OI00I0Iioi0io0oi0ioi000000##############0000000000##############00000000.doc
/i0i0ii0i0I0OII0OI0OI00I0Iioi0io0oi0ioi000000%23%23%23%23%23%23%23%23%23%23%23%23%23%230000000000%23%23%23%23%23%23%23%23%23%23%23%23%23%2300000000.doc

# Reference: https://twitter.com/ginkgo_g/status/1711309741773951129
# Reference: https://www.virustotal.com/gui/ip-address/193.57.33.7/relations
# Reference: https://www.virustotal.com/gui/file/b89c5a9c7ae50cdd6825a645c72d8a7009c38f0372db4fe5224c7e2af8200be4/detection

179.61.237.12:443
allnato.net
drivebackupupdate.com

# Reference: https://twitter.com/karol_paciorek/status/1712422451534045305
# Reference: https://tria.ge/231012-mswmfsdh2t/behavioral1

179.14.9.58:1883
sdvjhdibvcksdnvisdhvsds.con-ip.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-13)

194.147.140.148:1998
194.147.140.246:1998
2.59.254.111:33380
20.110.88.130:6334
5.196.117.233:2023
37.1.222.255:22066
79.110.62.168:6781
79.134.225.83:7400
91.242.229.190:2450
94.156.6.158:50147
95.214.27.6:2409

# Reference: https://twitter.com/reecdeep/status/1714921437050364117
# Reference: https://twitter.com/Tac_Mangusta/status/1714934097657688416
# Reference: https://tria.ge/231004-pq4ldsdf72/behavioral1
# Reference: https://www.virustotal.com/gui/file/1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139/detection
# Reference: https://www.virustotal.com/gui/file/c5898ac379acfcd23bedfceff198bf5e738921bf61b299ca47bdd8c223199515/detection
# Reference: https://www.virustotal.com/gui/file/e16efeb6c3e5c72ff5deb4da48d1ae448da32bb2043e71f2c1b338d1c6a0acda/detection
# Reference: https://www.virustotal.com/gui/file/85bdf691ddbeebf9a11faa642fc7767507014483a7d43ede19406bfe46b8969f/detection

45.90.222.54:2404
45.90.222.54:5500
studioaziende.click
spm23.casacam.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-19)

http://5.2.68.80
139.28.219.36:51147
141.95.84.40:1212
185.214.10.18:8766
194.147.140.158:1997
194.147.140.158:1998
194.147.140.194:1998
194.147.140.194:3030
194.147.140.196:1995
80.76.51.172:8087
80.76.51.172:8787
81.161.229.171:2404

# Reference: https://twitter.com/r3dbU7z/status/1715570648737615991
# Reference: https://www.virustotal.com/gui/file/a38da72082fc2dc1f60b3b245e1f2382d5f8c1d08ebc397dd0d81cc9f74ebbe6/detection

muzu.re

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-24)

135.125.189.140:1030
45.40.96.248:2404
45.95.169.117:2404
45.95.169.140:2404
81.19.131.34:2450
busbuctomorrrw.ddns.net
empireboss.ydns.eu
mancuso.con-ip.com
myfrontmannysix.ddns.net
remcoss2023.duckdns.org

# Reference: https://twitter.com/Racco42/status/1717267956210503879
# Reference: https://app.any.run/tasks/16f53867-81fe-41c4-8019-16ee5cecdeb4/
# Reference: https://www.virustotal.com/gui/file/d4c96c493952ab9601201dc7875a664148107c06a5481ae53414037fc1edccda/detection
# Reference: https://www.virustotal.com/gui/file/15851690d3cb99d95e82bb47d3f31db71688c69dd50b0a8367e97aa3b501b637/detection

105.112.134.82:6426
172.94.4.196:6699
79.134.225.87:7575
bantubusta0816.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-10-30)

107.150.18.101:2404
107.175.229.139:8087
122.225.124.110:2404
185.225.73.200:2580
185.255.114.50:2404
193.142.59.106:5832
193.142.59.240:5151
193.161.193.99:60921
194.147.140.212:1999
2.59.254.111:3346
221.12.129.226:2404
37.217.2.176:7777
5.61.53.75:8007
59.110.239.147:2404
69.24.199.30:1800
80.66.75.51:37481
91.92.241.117:8787
91.92.246.64:34771
91.92.247.146:3348
94.156.65.197:2404
94.156.66.37:45944
94.156.66.37:49539
95.214.27.6:3366
95.214.27.83:2404
apples.con-ip.com
blackrockxp.dyndns.org
danielitopt.con-ip.com
donpapii.duckdns.org
dsojvhocnvlkvokcvond.con-ip.com
filwelreg.pw
gfkodssnvosdjvlksnvldkj.con-ip.com
grantadistciaret.com
haroldmoscotelora09.con-ip.com
kashrteletts.giize.com
lestfuckinggoon.broke-it.net
miradores.con-ip.com
rdpown.ydns.eu
secure.cloudproxyserv.com
sheddy1122.ddns.net
somto.ydns.eu
sxvcddhcbdjcbixg.con-ip.com
whitecat.space

# Reference: https://www.virustotal.com/gui/file/3cb93d166196c1400e069fd437153d956df26d587c969c2c1a525874633a1e99/detection

103.212.81.150:6524
103.212.81.157:6524
212.100.79.161:6524

# Reference: https://www.virustotal.com/gui/file/4c97e1a48c3b25929a7a628c74e44eadfa4c26d00bba70a9803a3db7b37b06e9/detection

37.139.129.43:3212
85.195.105.97:3212
85.195.105.97:3223

# Reference: https://www.virustotal.com/gui/file/0dea44c7280c4a6134fd2831b6b7c4aa87584f71d4b563d6e006534ccd1c5fac/detection

46.183.221.100:3212

# Reference: https://www.virustotal.com/gui/file/1cac61de4ea72de9a6bf94d9cac661e29a147ac63b1e0ec9fa167b6e9fddb822/detection

172.111.167.99:9595

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-11-07)

139.84.229.159:2665
142.202.190.140:2404
194.147.140.145:1997
198.55.113.202:2404
20.252.43.59:4403
59.110.239.147:14344
91.92.242.184:2404
91.92.242.184:2602
91.92.244.149:2404
91.92.255.12:25050
94.156.69.95:2404
95.214.27.6:3348

# Reference: https://www.virustotal.com/gui/file/d51fab7aeed3c057ca6f99ea8bc3c277ccde4e99bc667a774f9e89b13e7d7b16/detection

81.161.229.136:4820
aganaku4ghana.bounceme.net

# Reference: https://cert.gov.ua/article/6276351 (# UAC-0050)
# Reference: https://app.validin.com/axon?find=195.133.199.230&type=ip
# Reference: https://app.validin.com/axon?find=45.10.245.245&type=ip

http://111.90.147.157
http://111.90.147.188
http://111.90.147.21
http://111.90.147.78
http://111.90.147.98
111.90.147.133:465
111.90.147.133:4899
111.90.147.133:8080
111.90.147.133:81
111.90.147.190:8080
111.90.147.216:8080
davincigroup.online
groupdavinci.online
ns1.davincigroup.online
ns1.groupdavinci.online
ns2.davincigroup.online
ns2.groupdavinci.online

# Reference: https://www.virustotal.com/gui/file/5eee291b4252b66880c0e2dc3bb62bd3e6f1813320b839016f07ab2374a640f2/detection
# Reference: https://www.virustotal.com/gui/file/4202789483158024de2ce0a94a904d61c916923212237263d4d3d478a8d8fb5b/detection

156.96.151.132:35602
199.249.230.42:18118
199.249.230.42:35602
94.156.66.16:35602
jourando199resti.duckdns.org
septnet.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-11-14)

103.212.81.158:3050
192.3.101.8:45671
192.3.101.8:55677

# Reference: https://twitter.com/Tac_Mangusta/status/1724725241820205428
# Reference: # Reference: https://cert-agid.gov.it/wp-content/uploads/2023/11/systembc_remcos_agenzia-entrate_16-11-2023.json
# Reference: https://www.virustotal.com/gui/ip-address/62.173.145.211/relations
# Reference: https://www.virustotal.com/gui/file/17d3c73c2e512a9e42144343edb790be0ecbfe65952db4109752378ad8054f79/detection

http://62.173.141.116
62.173.141.116:445
62.173.145.211:3839
62.173.145.211:4050
62.173.145.211:7020
listpoints.click
listpoints.online
retghrtgwtrgtg.bounceme.net

# Reference: https://www.virustotal.com/gui/file/0df9680d38ed0bc71156bef32ba93ac711a58a47dfbfc087bd4e55230b1a3f40/detection

196.217.76.129:3009
serviceinfo.freeddns.org

# Reference: https://www.virustotal.com/gui/file/0e2d052e8ae4c77d2a3ead51349a642a7fbda47ff26c63bd433cdf6fb659420f/detection

pissings.nerdpol.ovh

# Reference: https://app.validin.com/axon?find=185.81.157.16/29&type=ip4
# Reference: https://www.virustotal.com/gui/ip-address/185.81.157.20/relations

remcoddlr.xyz
remcsslinfo.xyz
remsslinf4.xyz
remsslinf5.xyz

# Reference: https://www.virustotal.com/gui/file/0387dd2156aaaf5a1f7339b454c42702748f07712c4a0572668dfb88b039e50f/detection

aikbig.duckdns.org

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/11/remcos_agenzia-entrate_20-11-2023.json

http://62.173.141.118
62.173.141.118:445
center.onthewifi.com
datastream.myvnc.com
gservicese.com
vckkbkxu.page.link

# Reference: https://twitter.com/James_inthe_box/status/1726617679266795780
# Reference: https://www.virustotal.com/gui/file/9ef9b4a8ab8366ea77b049febf61fd2003aa90b9b38f5c301bff8a60a0feef24/detection

103.212.81.158:6524
103.212.81.161:6524

# Reference: https://twitter.com/JAMESWT_MHT/status/1726588073323135194
# Reference: https://app.any.run/tasks/ede94e83-44c4-4a8e-b045-f269cc21cda7/

http://142.250.72.174

# Reference: https://twitter.com/JAMESWT_MHT/status/1726617631686533352
# Reference: https://app.any.run/tasks/6266a21e-171c-4835-9fa3-c4b3592261fc/

91.215.85.63:2718
91.215.85.63:3839
91.215.85.63:5225
91.215.85.63:7020
91.215.85.63:8118

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-11-20)

103.212.81.160:6609
104.129.27.19:2404
107.150.18.101:1604
107.150.18.214:2404
109.236.82.82:5001
149.56.240.44:2404
149.56.240.44:2405
149.56.240.44:2406
149.56.240.44:2407
149.56.240.44:2408
149.56.240.44:3398
149.56.240.44:9987
172.174.245.21:5400
172.81.62.183:2404
172.93.187.227:2404
172.93.217.218:2404
185.156.174.155:9992
185.189.112.11:9625
185.202.173.178:2404
185.29.8.29:4039
198.27.121.194:2712
2.59.254.160:8500
209.127.186.232:4765
45.66.230.229:8753
5.61.55.210:8004
5.61.55.210:8006
64.237.177.189:1800
80.66.75.86:2404
91.92.242.85:4285
91.92.243.110:3734
91.92.254.87:1606
94.142.138.155:2580
bad.con-ip.com
cocacabanaclubsdownt.com
comercio.con-ip.com
dxxxxza.dynamic-dns.net
gig24.sytes.net
idofjodjvodjvojvojfojooiodijnj.con-ip.com
ima.con-ip.com
large-sox.gl.at.ply.gg
millon777.con-ip.com
rem0323.duckdns.org
sdhisdviudsibdsibedas.con-ip.com
sdvsiudhvisdhvodshv.con-ip.com
sembe.duckdns.org
sonia777.con-ip.com
virtuallogoprepaidmaxspippline.onedumb.com

# Reference: https://twitter.com/peterkruse/status/1726866287379263580
# Reference: https://www.virustotal.com/gui/ip-address/103.212.81.155/relations
# Reference: https://www.virustotal.com/gui/file/22224f65c07515b2f61e29f7f1a14005d0de54378aa925d9e017bb2ac26b5395/detection

103.212.81.157:58001
doytupodkifopffbiu.ddns.net
eopgupgdpopopfuupi.ddns.net
exynosuzak.duckdns.org
hahbdu.kozow.com
igborem.duckdns.org
mattwems36.ddns.net
nybenstaycalm.ddns.net

# Reference: https://www.virustotal.com/gui/file/07890acb79a77d4e64fb47e98a752e2564fc722ec4094b8d0bb2abdb27405899/detection

citii.bar
atu.hopto.org

# Reference: https://www.virustotal.com/gui/file/0f780d643f6238b1146973d35535fc59342a8d5eed18f75a68496d521484d23c/detection
# Reference: https://www.virustotal.com/gui/file/39b0fffc0abc5ab93b925561969c238305497eb0af47dbcd21c340b66e74d51a/detection

185.244.30.76:3036
23.105.131.206:3036
arttronova12.duckdns.org

# Reference: https://twitter.com/v0lundr_/status/1729409817578455234
# Reference: https://www.virustotal.com/gui/ip-address/46.246.12.11/relations

46.246.12.11:9999
serviciostransitoant.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3eac3c0c1cca36b1db0d04b5ea74cd06600123febf2063d6eb05c01d90029fa6/detection

172.94.14.24:2103
cosrem.ddns.net
cosrem.ddnsgeek.com
cosrem.dyndns.org

# Reference: https://twitter.com/v0lundr_/status/1729897758427942930
# Reference: https://www.virustotal.com/gui/file/f71847450b386b8c7fd34717cd934f1c2286b39a2ce95bbeaf8c34d17dfd4b0f/detection
# Reference: https://www.virustotal.com/gui/file/9412a14100e466c918334a2fa6d74e28bb5580c30287afa8a3e8d55a2b72c94d/detection
# Reference: https://www.virustotal.com/gui/file/8fe98ae573432ec9f94b3ad6ed10bef5f3a5308751842c3a5f8f4fcd1786028b/detection
# Reference: https://www.virustotal.com/gui/file/29508c77800bd693998af91f8c0e3c0e62f848c4b44865a4928b817bcce58cf7/detection

91.92.252.158:2090

# Reference: https://www.virustotal.com/gui/file/071c44bd1144e0a1f0cf5f61bc8336b774dc3ffce0d358d32d809b8e468a78e3/detection

104.250.186.63:9596
money001.duckdns.org

# Reference: https://cert.gov.ua/article/6276567 (# UAC-0050)
# Reference: https://www.virustotal.com/gui/ip-address/95.214.26.199/relations
# Reference: https://www.virustotal.com/gui/file/a7aca87179f51e229aa9a2f13bb8ab76750c8092579cc7b4d0cbc40235cdde27/detection
# Reference: https://www.virustotal.com/gui/file/ff0a84220d028052a841312cd81baa525d19f7e4b0ce94dbbaf6634a776d3814/detection

http://101.99.92.102
http://101.99.92.19
http://101.99.92.218
http://185.65.105.190
http://185.65.105.191
http://185.65.105.192
http://185.65.105.193
http://185.65.105.196
http://185.65.105.197
http://95.214.26.18
http://95.214.26.190
http://95.214.26.199
http://95.214.26.25
http://95.214.26.60
http://95.214.26.79
http://95.214.26.90
http://95.214.26.99
101.99.92.101:465
101.99.92.102:465
101.99.92.102:8080
101.99.92.103:465
101.99.92.19:465
101.99.92.19:8080
101.99.92.212:8080
101.99.92.218:8080
142.202.189.215:2404
185.157.162.241:1303
185.65.105.15:465
185.65.105.193:8080
185.65.105.194:8080
185.65.105.195:8080
185.65.105.196:8080
185.65.105.197:465
185.65.105.198:465
185.65.105.199:465
194.147.140.212:2025
195.201.79.232:2026
198.27.121.194:2024
213.152.187.200:8185
5.2.68.80:600
59.110.239.147:1800
85.209.176.69:57484
91.92.249.176:4285
91.92.250.65:2404
94.156.67.170:6657
94.156.67.247:2402
95.214.26.140:2404
95.214.26.199:21
95.214.26.199:465
95.214.26.199:8080

# Reference: https://twitter.com/JAMESWT_MHT/status/1729036763711312316
# Reference: https://twitter.com/JAMESWT_MHT/status/1730143302723252328
# Reference: https://www.virustotal.com/gui/ip-address/62.173.146.192/relations
# Reference: https://www.virustotal.com/gui/file/04e5b2ca6f0ed2eb8a36deaef7ec8a5ba5780aa07e133153eac2e120ffe41672/detection

gamecente.com
pressfacto.com
tecnologiesline.com
agenzia.servebeer.com
modulo.servegame.com
onlines.3utilities.com

# Reference: https://www.virustotal.com/gui/file/883fcbc771e319fd3774a956a97d2ce58aa9d60748030908642e2d5663268b36/detection

179.13.11.55:2001
fajardo1.con-ip.com

# Reference: https://www.virustotal.com/gui/file/07d08fec6ba5f329093359752f754bebd370e8a03a19e51dec789ce4ca410d47/detection

ceorcs.duckdns.org

# Reference: https://www.virustotal.com/gui/file/087437b32c1e997dab7d3174c11b810c64aa6e693e0964f11927e143db2664d9/detection

179.13.1.242:2121
stage3.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4f927f878aed924b1835a7e7e6567cd48acf0109df583d37be588bee6e9f7229/detection

proxi2018.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3a9d70341e3650b9f6b2713c388aceb90ffc6e7aaa75fc4d88fba3f2eb604cfc/detection

186.85.86.96:2123
restorebackup.duckdns.org
servidor2019.duckdns.org
tardesdeverano.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a1ebbca305d169f324f500bbca39a0274fcfffb14af20077d2f8d5e70f5f853c/detection

181.71.216.115:1014
chicagodnre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/998902d20d96b0ceb5b27007e2cfb4c8a23fe8714ed39f0e86b409e673849209/detection
# Reference: https://www.virustotal.com/gui/file/48a782c5e9655220f464a42099557fbb17b2a2230e2e9f81dc6e6af0572c6fa5/detection

181.131.217.138:1012
salonsocialdnre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/53d04de9d551f1f52d871849a0303016dffee30155d7ab4b0e442c565cdce8ac/detection

181.131.217.138:1014
sergiofajardodndure.duckdns.org

# Reference: https://www.virustotal.com/gui/file/77d20c7a8b7bd53e099dc0bc93fe6ebd77af2888903659359bb275aa732885ea/detection

46.246.6.15:8079
jackcopias.duckdns.org

# Reference: https://www.virustotal.com/gui/file/18f2864a63bb2c31d17f93fb41eb527d35cbdbf0fa63d41a60d6fcde4125d044/detection

http://66.228.43.8
194.187.251.115:14645

# Reference: https://cert.gov.ua/article/6276652

http://101.99.92.100
http://101.99.92.101
http://101.99.92.103
http://101.99.92.104
http://101.99.92.105
http://101.99.92.106
http://101.99.92.107
http://101.99.92.108
101.99.75.140:8080
101.99.75.142:8080
101.99.75.145:465
101.99.75.145:8080
101.99.75.147:465
101.99.75.148:8080
101.99.75.156:465
101.99.75.159:465
101.99.75.233:465
101.99.75.233:8080
101.99.92.100:8080
101.99.92.104:8080
101.99.92.108:8080
101.99.92.110:8080
101.99.92.230:8080
101.99.92.252:8080
217.76.59.48:24251
79.137.205.201:15666
remccoss2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4abdfcd240b09c5e1d8cd90d780c3db8f4f3d892be71d7b307d44051e0c15670/detection

46.246.14.15:8079
pradera.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d1f114be8bca0a0ba4a77c505872422ea8eaa94ca640e959bfe05888cc4d50cb/detection
# Reference: https://www.virustotal.com/gui/file/a50f293605d6559b67ef90900ff2a8e0217b18ba8a03e8059e3240096be04721/detection
# Reference: https://www.virustotal.com/gui/file/6fc627420119f7038451c054214d0b912175c039907cd06dd71fd7f2efa0cf09/detection
# Reference: https://www.virustotal.com/gui/file/457228e0ca8403e469fcc929729d0ed6475cfa2c8e9c88f3ad682acdb78db698/detection

178.73.218.7:24251
181.54.74.23:24251
46.246.12.12:24251
46.246.14.7:24251
46.246.4.13:24251
toxica.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a4b821d0cadc92c344c8b60f5290a5e5520fd1fb3813b88c529c48d285b72c63/detection

46.246.12.13:8080
46.246.12.3:8080
46.246.84.18:8080

# Reference: https://www.virustotal.com/gui/file/d49a6a93ff42f203e7fdb1ac967a8e371d98b8fea7b0fa017bb53209c2638991/detection

178.73.192.2:2525
yumaguoc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0b4a03d6f1cafe6b33b43863f07b71984d6cad56d4feed763504f766cc0b5188/detection

46.246.26.10:2404
46.246.4.6:2404

# Reference: https://www.virustotal.com/gui/file/4abdfcd240b09c5e1d8cd90d780c3db8f4f3d892be71d7b307d44051e0c15670/detection

46.246.12.11:8079
46.246.14.15:8079
46.246.4.17:8079
46.246.4.6:8079
46.246.84.11:8079

# Reference: https://www.virustotal.com/gui/domain/peces.duckdns.org/relations
# Reference: https://www.virustotal.com/gui/file/ad4dfd22e897fcd8ba3f53f9cf70ceaec8dfae22b76c0bff2264bbbe8bf6d2e4/detection

178.73.192.15:8090
188.126.90.22:8090
188.126.90.5:8090
46.246.4.13:8090
46.246.82.18:8090
46.246.86.5:8090
peces.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0e299c0d7197a76c0257e2def3474dab4bedd366fb8ead4350e0c5a52cf79f57/detection

46.246.84.13:2424
46.246.84.13:415

# Reference: https://www.virustotal.com/gui/file/107e7bffd42b07556b846f3eb79e39765400299770d01d2445feff1605c65ffd/detection

178.18.254.199:2323
46.246.6.18:2323
bogota200.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2023-12-17)

109.248.151.72:2179
109.248.151.72:7770
109.248.151.76:1974
141.98.102.187:11274
142.202.191.238:2404
172.245.208.30:45070
172.245.208.30:52707
172.93.164.62:2404
192.161.184.21:24053
193.142.59.211:7257
194.147.140.186:4040
194.147.140.205:4040
194.147.140.222:2025
20.84.117.57:2347
45.137.22.136:8087
5.181.80.139:2404
51.89.208.8:2404
64.237.181.19:1800
89.163.146.42:5000
astucia77.con-ip.com
comercio223.con-ip.com
delamanodedios777.con-ip.com
dfghgfrdsdcvgtrdxcvplkopsdsdsz.con-ip.com
eterno.con-ip.com
eweo9264gtuiort.duckdns.org
fdvijkrfdsojnlmrfsdojnlmfrdvcj.con-ip.com
felipito24.con-ip.com
gfojhvousdovisovosjoisdovn.con-ip.com
gggb2.dvrdns.org
gospel.con-ip.com
horsesnje.net
luci2023.duckdns.org
mesa12.con-ip.com
mxzaa.duckdns.org
mybabygirl.duckdns.org
nazareno77.con-ip.com
novbillions.myddns.me
playman0101.duckdns.org
satura.con-ip.com
suntit.ddns.net
svdjvhinvosdhfojsdfdffhdoflsnj.con-ip.com
tesoro.con-ip.com
tincaanii.duckdns.org
tmsuccess.duckdns.org
wealthalways.duckdns.org
wealthy2023.ddns.net
wealthyman.freemyip.com

# Reference: https://twitter.com/1ZRR4H/status/1736734016789688485

coffeebeanscrusher.com
coolwavecloud.com
mikroservicelogs.com

# Reference: https://twitter.com/smica83/status/1737890435450753489
# Reference: https://tria.ge/231221-vx44dsbcej/behavioral1

91.92.252.201:2404

# Reference: https://twitter.com/Cyber0verload/status/1721982506327589225
# Reference: https://www.virustotal.com/gui/ip-address/194.31.109.82/relations
# Reference: https://www.virustotal.com/gui/file/b802c9fee74a5915eae2186b83885477ba8130d284729bf2b3c60ece4742c8bb/detection
# Reference: https://www.virustotal.com/gui/file/44e593c98acaf52aee91c09fe00fa196668351783fc8a623fc1da5325635130f/detection
# Reference: https://www.virustotal.com/gui/file/3f4321110b3e20a56971194eed40057340fb301e71e8dd8b24d8a5c17ea9f2e5/detection
# Reference: https://www.virustotal.com/gui/file/a7aca87179f51e229aa9a2f13bb8ab76750c8092579cc7b4d0cbc40235cdde27/detection

http://89.23.98.22
89.23.98.22:137
89.23.98.22:139
89.23.98.22:445
npddocs.com

# Reference: https://cert.gov.ua/article/6276824 (# UAC-0050)

http://101.99.75.145
http://101.99.75.16
http://45.87.154.153
http://94.131.102.115
http://94.131.102.117
http://94.131.102.119
http://94.131.102.122
http://94.131.102.124
101.99.75.145:8081
101.99.75.147:8081
101.99.75.14:8081
101.99.75.16:465
101.99.75.16:54550
101.99.75.16:8080
101.99.75.16:8081
45.87.154.153:8080
45.87.155.41:465
45.87.155.41:54550
45.87.155.41:8080
45.87.155.41:8081
94.131.102.115:54550
95.164.35.143:8081
95.164.35.174:54550
95.164.35.174:8081
95.164.35.234:8081

# Reference: https://twitter.com/1ZRR4H/status/1740423278181617962
# Reference: https://www.virustotal.com/gui/file/4cfb8f8f8a4c4f884c01b1ff708568f486144c689dab28aa3dcd2e84e6b0d95d/detection

194.87.31.229:6438

# Reference: https://www.virustotal.com/gui/file/10cae0676fcf60dbbb56266448fff13a2ed236753243fea28d41f3902863e053/detection

15.235.3.1:2000
15.235.3.1:2001
15.235.3.1:443

# Reference: https://www.virustotal.com/gui/file/827aef6c24af890a50222194f62185665ff6bf80bab8fc0c7c0f4222f4e4bc66/detection
# Reference: https://www.virustotal.com/gui/file/0cf6caf94751847e6cbefe0084ed61626045c19412955869feb4e30cfe61e856/detection
# Reference: https://www.virustotal.com/gui/file/f35b3a3ed4f9525f6093f500488c6b28e022f354a12786a2b66bee5197665069/detection
# Reference: https://www.virustotal.com/gui/file/dacc274a2d0eff3a875bdfdc3800f22bb63a7eaef19be29272ab5d28b9d193f7/detection

http://107.175.113.207
85.195.105.66:7010
85.195.105.85:7027
kennyremcosbelintourismedleonline.gleeze.com
/kennyremcosbelintourismedleonlinesssss..txt
/kennyremcosbelintourismedleonlinesssss.txt
/remcoskelivnlinexxxxxxxxxxxxonline.txt
/remcoslandnewbuildertobest.txt

# Reference: https://www.virustotal.com/gui/file/d68810f29a58f09db1f036393cfc52c6b0934e7089077bc90a38fdece78489d9/detection

178.33.57.159:8899
185.196.8.237:4449
194.87.31.181:9587

# Reference: https://www.virustotal.com/gui/file/1a0fbc4bb35eac3cb5a7ce95abc1b4eee36628194326ad3894d0da3e66a98dab/detection

181.131.217.212:1213
maresos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6825089ed1af52418880ec0d831498ab19088676081a2c5c674b5b5e03c7cd7f/detection

179.14.170.49:1213
chupetines39999.duckdns.org
jairsos.duckdns.org
palmita2022.duckdns.org

# Reference: https://twitter.com/Cyber0verload/status/1754953038324785605
# Reference: https://cert.gov.ua/article/6277063 (# UAC-0050)
# Reference: https://scpc.gov.ua/api/files/ca8167d3-fb54-41f3-a531-699845247dcf

http://77.105.132.124
77.105.132.124:2404
77.105.132.124:81
77.105.132.70:2404

# Reference: https://twitter.com/Tac_Mangusta/status/1747042307503698360
# Reference: https://app.any.run/tasks/a006c2e9-2eec-45f2-9dcd-313736bd41c4/

107.172.31.178:14645
remcosmonitor.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3f1bb67aa98c351a393af7d622253dc665254a2eade0dd2e7e08354e935a8e0e/detection

alwehda5050.hopto.org

# Reference: https://www.virustotal.com/gui/file/e929c35d863e401fc1485f99febbc0c15eca608fc8220a4c9da2f72a365422aa/detection

46.246.12.4:8079
46.246.14.5:8079
46.246.80.10:8079

# Reference: https://www.virustotal.com/gui/file/7eb6163c64d8a76a6ae68356a2bf76639603dff973c334ef6ef1064850e9fd9e/detection
# Reference: https://www.virustotal.com/gui/file/5e7737b52af57557cae41a5c592019b693a1aef166dbe57dc55481ca1b0e0152/detection
# Reference: https://www.virustotal.com/gui/file/4ed7b20aba7daa1ecf923869f49593bcf1a1b0141dd8a99a8addd23d4e1583d7/detection

213.152.161.165:37830
213.152.161.165:8347
213.152.186.168:37830
213.152.186.168:8347
213.152.161.244:37830
213.152.161.244:8347
wenevergoing2abuse.xyz
top.wenevergoing2abuse.xyz
deadyh2849ijest.duckdns.org
highestlotto.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/213.152.186.168/relations

jakesjackett.duckdns.org
jakesradarr.duckdns.org
johncena141.eu.org
namelessdot.kozow.com
roadf.duckdns.org
zilla2.airdns.org

# Reference: https://twitter.com/Dkavalanche/status/1747672939212718116
# Reference: https://twitter.com/1ZRR4H/status/1747755216210944179
# Reference: https://www.virustotal.com/gui/file/27d5953995df9205a0450564a57b22a45ed9985231d793d26f3a2427fc712a9e/detection

191.88.251.13:7770
sexoanal777.con-ip.com

# Reference: https://www.virustotal.com/gui/file/4effb7493819e25c61af5e224d8a774652957b99ec1faca19e1c84bd0c9ff840/detection
# Reference: https://www.virustotal.com/gui/file/db818294e50a757b1511cb2ac06b678e829c5328e920c5105ec30985e585b2c0/detection

http://185.70.104.90
http://77.105.132.70
185.70.104.90:2404
185.70.104.90:465
185.70.104.90:8080

# Reference: https://twitter.com/Tac_Mangusta/status/1749763630847987861
# Reference: https://app.any.run/tasks/c6adf0f3-8207-4605-ae70-0ed04c3070d7/
# Reference: https://www.virustotal.com/gui/file/0cb44c4f8273750fa40497fca81e850f73927e70b13c8f80cdcfee9d1478e6f3/detection
# Reference: https://www.virustotal.com/gui/file/746eec0fdae9a2c542baaa19aaf0ea70d3b96cfc36c15ac1eea7ae444d90fc58/detection

140.228.29.110:5500
vnc2024.gleeze.com
vnvariant2024.ddnsfree.com

# Reference: https://twitter.com/gothburz/status/1749772029270642884
# Reference: https://app.any.run/tasks/c56661ed-55ca-4580-ad28-e76474552388/

http://107.174.212.74
2024remcmon.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-01-23)

107.174.142.70:10090
122.176.133.66:2404
122.176.133.66:2667
149.56.240.44:2409
162.218.122.24:5707
163.5.64.15:57844
181.131.217.74:1998
185.189.112.27:2529
193.222.96.21:29871
23.155.8.220:14344
44.31.248.7:1800
44.31.248.7:2404
45.95.169.102:2404
49.12.86.61:2404
64.188.20.177:1053

# Reference: https://www.virustotal.com/gui/file/318ed6c3c58cdc5ba824bcdf401e7f7f613442e252239b641a294fafade1806e/detection

213.152.162.165:3241
213.152.162.165:3650
kingdom2019.homedns.org
maelus.mine.nu
remcos.dyndns.biz

# Reference: https://www.virustotal.com/gui/file/05df7a0c57ddb53db47daa1e23462221b9dcadf8ed43341a6722b16f4e5b9216/detection

54.94.248.37:21412

# Reference: https://www.virustotal.com/gui/file/5872cad57194202b403ee89adc743a2a6c4fddcf74b0f92115143d2b70876e51/detection

147.124.215.172:2424

# Reference: https://www.virustotal.com/gui/file/aebd61e3f2fd8cd993e843e28b39440b5f0c1a127e110a2926a55a6f1617c9f1/detection
# Reference: https://www.virustotal.com/gui/file/6e6a096ae62624f1e6d03d63d0bbeea75193b919dcde9b380d0d5d20967a00ac/detection
# Reference: https://www.virustotal.com/gui/file/25d3e09d8870acae1772f501d6f86e7da48bf2c78fd942052db49cf4ca305e09/detection

91.92.254.198:2090

# Reference: https://www.virustotal.com/gui/file/770c9005bd4ff01294d09e8aab9852791ec27751dfbae1b4fdad3d36042dabb2/detection

103.114.163.134:2404

# Reference: https://www.virustotal.com/gui/file/2e0cf356012de3636858096f1966ca0c68a9a60f22f575d5035fdb953b90e909/detection

http://95.214.24.37
185.225.74.112:2404

# Reference: https://www.virustotal.com/gui/file/08f99aa27cbedd18401cfae07c7dd2e79966c6f63777fb95bc7a73c5cad5a537/detection

45.81.39.190:30890

# Reference: https://www.virustotal.com/gui/file/2893876f26c73d7dce1828babf03dfd9551c3d36a7b8de144daef87d7e1e102c/detection

45.81.39.190:30890

# Reference: https://www.virustotal.com/gui/file/107a9d29c7ff748aec36940674dbf6be004aad0f70acb725e7f06f34f5e9a546/detection

91.92.252.36:2090

# Reference: https://www.virustotal.com/gui/file/6e6a096ae62624f1e6d03d63d0bbeea75193b919dcde9b380d0d5d20967a00ac/detection

91.92.254.198:2090
91.92.255.165:2090

# Reference: https://www.virustotal.com/gui/file/65c3dce03d8a78cd9ad2c634fdafb71036aa8ba025e8a818c67cab9ca2894d14/detection

91.92.255.22:2090
deviltelegram.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/4d63da19dcd26f061f8d68c63ac1f2bbda04042fd07424242d8813b1bf11abd4/detection

91.92.255.87:2424

# Reference: https://twitter.com/doc_guard/status/1752343177896317394
# Reference: https://www.virustotal.com/gui/file/346d471bd9f585ac6a4a6b6e11a12004edffdccf92680d701935a7e653fb2b0d/detection
# Reference: https://www.virustotal.com/gui/file/f8cbeec0ed28a8828e727c4059fe0d3bf3b34abb3978cdaf112bc36eec83983e/detection

23.95.60.87:8823

# Reference: https://www.virustotal.com/gui/file/e568039b89b31c048803401ee0f8f3b1d521d30518e214a50cf0c9dcb022c8ed/detection

185.174.101.104:8889
jgm.kozow.com

# Reference: https://www.virustotal.com/gui/file/e88fe7b93cad3649ec872f78fbd781d686da10df0a9edfdd006f41d09aae26a0/detection
# Reference: https://www.virustotal.com/gui/file/a356b0460dbf9bf47d9b0901d031222238ef86edef49fd39eb32d191b01831d4/detection
# Reference: https://www.virustotal.com/gui/file/9f41ac11c9c83ca7914c656210a5331a2b5e84192fa40dfbcf3dabdb8721a6bc/detection
# Reference: https://www.virustotal.com/gui/file/50fe957b824b5281935a348299b20b888ff1fb0e954fedfbefcf72ba3216d50d/detection
# Reference: https://www.virustotal.com/gui/file/3e2d85e28e433727f9e127271dcbf0ac833c160de97097f8ecb19bb74b77389f/detection

149.202.127.103:5550
185.174.101.114:5550
ooop.casacam.net

# Reference: https://twitter.com/malwrhunterteam/status/1752677381091762280
# Reference: https://twitter.com/1ZRR4H/status/1752739473245237278
# Reference: https://www.virustotal.com/gui/file/1afa97a4a2c1d6bae74b4b76298b85de076a084bcee539b9503a3d4bd1d13016/detection

104.243.242.194:39841
brodbeckconsulting.com
blessingjumarou1ubk01.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1a5fef4a3bbce0a3e77343c3794484a88a4cbe42a466e09749aba58ea081bd8d/detection

203.159.80.101:6553

# Reference: https://www.virustotal.com/gui/file/5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b/detection

185.102.170.122:4145
spapertyy.duckdns.org

# Reference: https://twitter.com/k3yp0d/status/1754380225792577647
# Reference: https://www.virustotal.com/gui/file/e59274d207874f12c6d07fa5b51a9dfeaa317e62ecf2d9649c23ea0b0a90c8a7/detection
# Reference: https://www.virustotal.com/gui/file/28e6753f8f47db2a1336c0879ddfe54a7c9c38c14512d918bee4f573e531c7ad/detection

46.246.98.161:32546

# Reference: https://www.virustotal.com/gui/file/40fa3f0245a23b91aa7e566354a293cf3274c36f3fe2a5b5218396c9424ef14a/detection

94.156.64.228:3039
inforsaservice.africa

# Reference: https://www.virustotal.com/gui/file/2b40c1d597121cc34d742525a17ba6b1debfd07d7564e1ee73aa33a1cfae291a/detection

94.156.64.228:9035
express104.duckdns.org

# Reference: https://twitter.com/smica83/status/1757513596014117203
# Reference: https://www.virustotal.com/gui/file/b6797391d325130f1f9eec9e9c3fce701de47e21ef0f3a24ccd46a6933156171/detection
# Reference: https://www.virustotal.com/gui/file/70b4a41e1eabeccdb8bfe9f88afccc0e4565e082df34392376e6c18779c7ea56/detection

http://172.206.61.17
http://70.34.220.238
172.206.61.17:55642
mamsc2.ru.com

# Reference: https://www.virustotal.com/gui/file/07a2b2929840caf05d6e56ef54825e994dc7bce4ed5756a4a73ecd7461c2e7f6/detection

5.39.43.50:2875
5.39.43.50:5552

# Reference: https://www.virustotal.com/gui/file/1d90a454b56c8addb0d28cea148a10a6a10b380fc246985f596f7ebf5e717820/detection

186.169.36.241:1010
186.169.60.26:1010
186.169.80.244:1010
krater1.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.249.218/relations
# Reference: https://www.virustotal.com/gui/file/f4925558b595d236a2855ec39ef7ac33f7d708e5b516ba2594bf11cdc3d5ee32/detection
# Reference: https://www.virustotal.com/gui/file/7011e943cedb2fceabf6e1c4af34ada670b497a6bb62391f86e1a46988c43d86/detection
# Reference: https://www.virustotal.com/gui/file/11dd7ec0b0e2b3ab66eb6a9898b2913cb65bd825d18ad0a3b69dd3da446f0283/detection
# Reference: https://www.virustotal.com/gui/file/04dc94bdbdf01a1847d5ca096802054030da166a33579b38cf32c53eac80c10f/detection

191.88.249.218:1777
191.88.249.218:7770
cholin777.con-ip.com
elgigante.con-ip.com
elgrande.con-ip.com
gomelo.con-ip.com
hebreo.con-ip.com
jerusalen.con-ip.com
mazaltov.con-ip.com

# Reference: https://www.virustotal.com/gui/file/b51400c9b5e55cf635f8b65346ec30c32d6a0195b033fbf73747c00564991d17/detection
# Reference: https://www.virustotal.com/gui/file/a2f35efbce3c610c6fe4da5d568af9a060cda5d2959c27e81874a4afc78f5c0a/detection

191.88.250.230:1998
deusdsfduhfdjisjdfasaxc.con-ip.com
sssssssdhhdiodhuhdisdisgi.con-ip.com

# Reference: https://www.virustotal.com/gui/file/948aeed2454ef21d5484ff1f1f838190c3ac06eaeefa666d2503a00be6cfe7a8/detection

graciasdiosito.con-ip.com

# Reference: https://www.virustotal.com/gui/file/13d4f10bfea71cb0047b449cdc892bfb660c1457234db1caecc6c88237d2931d/detection

matusalen77.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.250.230/relations

anhelo.con-ip.com
bendecidos.con-ip.com
dsfkdsvnlsnvklvdsnvodv.con-ip.com
edden.con-ip.com
enticonfio.con-ip.com
ergdsbsicshdfsijfsiudhf.con-ip.com
galaxia.con-ip.com
memorias.con-ip.com
nuevocomienzo777.con-ip.com
ostentar.con-ip.com
persistencia.con-ip.com
salomon77.con-ip.com
sion.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.249.200/relations

191.88.249.200:1998
191.88.249.200:7770

# Reference: https://www.virustotal.com/gui/file/4ab2455d35d3b218b13a212d8cb262904a390008f3647a5a727f7b3adb5c7cc5/detection

181.131.218.222:7770
farsante9.con-ip.com

# Reference: https://www.virustotal.com/gui/file/ac161b5d27f0cadeccd1174771eaa47ee88167df0a2f8f8d3139a9fdba7766fc/detection

191.88.250.230:7770
anguila.con-ip.com
jireh.con-ip.com

# Reference: https://www.virustotal.com/gui/file/8bc109418958f77b0dae770f503660da9dd09a844d52a75fb2dbb2e2274610d4/detection

sieteninas.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.218.222/relations

abundancia777.con-ip.com
caramelo.con-ip.com
gamin.con-ip.com
redentor.con-ip.com
salud77.con-ip.com
yahweh.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.218.118/relations

181.131.218.118:1998
181.131.218.118:7770
lesbiano.con-ip.com
ruby.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.217.136/relations

181.131.217.136:1998
181.131.217.136:7770

# Reference: https://www.virustotal.com/gui/file/1838aa30d4a9346eadef17376e9f57a05cd4e325b1e6c1e3b57fe1eaa5253191/detection

181.142.162.155:4576

# Reference: https://www.virustotal.com/gui/file/5b935616f3d93c9168f3af28c4aa108118607afcb98e9843325ee6fabdb58dde/detection

103.68.85.205:35890

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-02-24)

http://65.20.81.37
http://77.105.132.92
103.186.117.105:1970
103.186.117.181:1775
103.186.117.186:2404
103.186.117.232:1985
103.186.117.238:1941
103.186.117.77:1760
103.186.117.77:1761
103.67.196.125:4505
103.69.96.162:4502
103.77.243.159:4042
107.173.4.16:8787
107.174.138.159:1900
109.248.151.96:52048
139.28.36.84:2404
172.245.208.5:2060
172.86.69.21:4042
172.94.12.73:1979
172.96.14.30:6871
172.96.14.33:6789
172.96.14.67:9785
173.211.106.128:7785
178.33.57.148:7634
185.222.57.87:4505
185.222.58.252:1992
185.222.58.40:1990
185.236.228.203:2024
188.116.23.142:23033
192.177.111.126:2404
194.147.140.132:9231
213.152.162.89:9702
23.106.121.133:1177
23.155.8.220:1800
23.155.8.220:2404
45.156.21.39:3443
46.183.220.203:35966
46.183.223.29:2404
62.102.148.185:9771
64.188.20.186:5050
64.237.213.102:1800
65.108.24.114:2404
65.21.212.85:2404
72.11.158.94:1604
77.105.132.92:21
77.105.132.92:2404
77.105.132.92:463
77.105.132.92:465
77.105.132.92:4899
77.105.132.92:60989
77.105.132.92:81
83.137.157.54:9231
84.38.132.126:61445
89.249.73.162:2479
91.223.3.151:4508
91.92.242.176:51480
91.92.250.122:2404
91.92.252.26:7766
93.177.75.98:56816
allsmt.cam
callii.ydns.eu
jnchina.ydns.eu
mfreshbnrem.ddns.net
wiund98272sb01jshbq.con-ip.com

# Reference: https://www.virustotal.com/gui/file/d6c4e74a2a9ccdbe06290419c73185b032757f9d595b42029e8c245406a5731e/detection

103.239.67.36:4546
payday27.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f51637225f10b37a9dde2d4c6cd64e7aae92713e53acdf5421d628b8d9009397/detection

fressos.jumpingcrab.com

# Reference: https://www.virustotal.com/gui/file/32c38d159ca596fc6f8696c7462299312a8b243dd4ea75086946494f5c5cd801/detection

194.49.94.62:3542

# Reference: https://www.virustotal.com/gui/file/e96aed97b899d7cfc37b229f045f6b87623f9abd97b15256fa6322685cb2c5f0/detection

109.206.243.117:3542

# Reference: https://www.virustotal.com/gui/file/6f156a6c661f4b68eb1be00e5a1be53fb80f05af516ef4dcdd7d3e937a1db580/detection

85.31.45.55:3542

# Reference: https://www.virustotal.com/gui/file/6c0f5a9bf9bfd84be91f3d84335b63ac95ac2b227fedc5de439971577328ac30/detection

194.49.94.62:3542

# Reference: https://www.virustotal.com/gui/file/fef21a629ada2ecd6ebdaa88757c3d22ab39e3b253be3d6d2881401dcbe56c9e/detection

51.38.94.188:3542

# Reference: https://www.virustotal.com/gui/file/eda41d23c7bc84ea300f808dfe9e8e8fafbaa391e83a86a2f0e5386e4687de3b/detection

45.155.165.172:3542

# Reference: https://www.virustotal.com/gui/file/f6286150f55733d8d1d98902d0037675c909e22db24ac5775582b940d4c443ee/detection

85.208.136.233:3270
lapokims.ddns.net

# Reference: https://www.virustotal.com/gui/file/ca34c0e11484d4b311aafcd3de089a5e0e71fb83685a0fe2e1b0d60b53bb7aa2/detection

91.92.243.163:3241
chukwuonye.duckdns.org

# Reference: https://any.run/malware-trends/remcos

aljob24.3utilities.com
bedende.duckdns.org
buike0147.duckdns.org
conected.gotdns.ch
dgfgsdggfssdwdew.con-ip.com
enero2024.con-ip.com
fenvijsdfidfisdiodwhfuew.con-ip.com
gonzaloescobarlora09.con-ip.com
i0fjgegoergijerjgoej.con-ip.com
marzo5.con-ip.com
marzo6.con-ip.com
novomrcos.duckdns.org
patillal1.con-ip.com
sdfsdjhswdbjhd.con-ip.com
teamadmin.duckdns.org

# Reference: https://twitter.com/Cyber0verload/status/1770450767708577984
# Reference: https://www.virustotal.com/gui/file/629ddfa5ec4865204854218e457e9b89091f8e62a1c1149726d521a00a0c2f38/detection
# Reference: https://www.virustotal.com/gui/file/e8c709806823eb45fda01c05d8f93fd616b39dd7ca817c4b444c957b9f7230b8/detection

94.156.69.149:2445
newerra.duckdns.org

# Reference: https://www.virustotal.com/gui/file/95669357d566e842f080358e9b1cdcfdea9419a49f252d05ea3b3566f4f22eec/detection

185.161.208.123:6655

# Reference: https://www.virustotal.com/gui/file/f5760b1ca60bdaf8f4b6f28838fbf2009df3405f8023bd544042ab415de8617a/detection

104.223.119.206:45682
46.226.164.175:1234
softwareupdatexkwre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e1cb41543e7c1f4fb4809f85e8c2e95b8e8cfdfe1c10cabdfdf66d0f6833d24b/detection

66.63.162.155:1608

# Reference: https://www.virustotal.com/gui/file/44f329aab838c260ec6eb949069db14abc1c7719dbd3101f8dae1e3af83180f9/detection

185.174.101.104:5030

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-03-24)

http://147.78.103.250
103.186.117.243:1947
103.186.117.66:1906
103.198.26.210:1902
103.67.163.213:9462
103.77.243.215:2404
107.172.31.178:2404
107.172.31.19:8823
107.175.113.194:2404
107.175.113.196:2404
109.248.150.210:50270
139.64.172.17:2404
172.245.208.13:4445
172.93.160.2:2404
172.94.54.167:2404
176.31.196.206:2024
179.15.14.181:9091
185.255.114.104:2404
185.255.114.127:2404
186.169.60.250:1987
192.210.201.57:52499
192.210.201.57:52748
192.210.201.57:62289
192.3.109.132:4445
192.3.216.131:1808
192.3.216.140:16519
192.3.216.140:52498
194.147.140.146:6609
195.54.170.36:22033
20.121.128.235:4674
20.121.128.235:4834
20.121.128.235:4845
20.121.128.235:4876
37.120.235.114:2269
64.237.212.192:1800
83.137.157.61:9231
91.92.241.203:37942
91.92.251.30:2025

# Reference: https://twitter.com/naumovax/status/1772304102078218701
# Reference: https://www.virustotal.com/gui/file/93946883de3d4074ac4baed60abcc3f2d0c57c8ef6e41ceaedbc5ca0de55dc30/detection

http://147.185.243.107
103.195.103.144:14645

# Reference: https://www.virustotal.com/gui/file/1d4e2459d8bee6025192c3d3e51adbc9b3845c6ae3b2ef463a4c308067a129a6/detection

91.192.100.22:8100
remco8100.duckdns.org

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/surfing-the-tidal-waves-of-hr-themed-spam-emails/
# Reference: https://otx.alienvault.com/pulse/65a98c8e9a48c29463a4edc1

ujuandjule.ru
twwhvw.ujuandjule.ru
bafybeidobzpdgxhc4eotu5kbojpfltyd4sjsn5gxqbp35k32ymhtibeucy.ipfs.dweb.link
pub-d6a35764152345299e690fcaba91066e.r2.dev

# Reference: https://www.virustotal.com/gui/file/12f70c8a78288b74dbe4975aaad95a83aa9b32c61a7897f25af6dd743b9554bf/detection

195.3.220.212:9191
rotamotusir.su

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-03-31)

107.150.18.202:2404
194.147.140.180:1987
66.50.11.141:1800
91.92.247.97:2505
covid19help.top

# Reference: https://www.virustotal.com/gui/file/98aef3b7d82c35811b70cc727baffc0e456bcd8b0f3db3f3053fa53fbd6c05f2/detection

213.152.162.154:48483
shelly456.duckdns.org

# Reference: https://www.virustotal.com/gui/file/857d262fb83c22ea5a0f194c93aaeb4f8a614906ea6e5dc0f2584b8a32a944e6/detection
# Reference: https://www.virustotal.com/gui/file/5e4d84732f87ab574ed37f76467b451bb3ed392132ac850e79860d453fbbfe98/detection

149.154.161.221:32491
185.161.209.202:36745
185.174.101.134:21352
213.152.162.154:32491
marianna.hopto.org
myshara.ddns.net
mysharing.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.157.162.141/relations

sinzu1.ddns.net
sinzu2.ddns.net
sinzu3.ddns.net
sinzu4.ddns.net
sinzu5.ddns.net

# Reference: https://www.virustotal.com/gui/file/7c3ee63168ad6a482c01546202c85ab10c7b2196672bd42876b760f15ea96e05/detection

jaztc.duckdns.org

# Reference: https://twitter.com/johnk3r/status/1775646168489267515
# Reference: https://www.virustotal.com/gui/file/90aeca3777576bf0d4928c488d1f60752a81cd8fb6050dbb69697116003a5ba5/detection

191.88.250.15:1880
josealdogamarralora09.con-ip.com

# Reference: https://twitter.com/Cyber0verload/status/1775915149901049925
# Reference: https://twitter.com/Cyber0verload/status/1775921483673391398
# Reference: https://twitter.com/Cyber0verload/status/1775933494029431294
# Reference: https://twitter.com/Cyber0verload/status/1778888227186737325
# Reference: https://twitter.com/ShanHolo/status/1775981408592294283
# Reference: https://cert.gov.ua/article/6278521 (# UAC-0184)
# Reference: https://www.virustotal.com/gui/ip-address/185.196.11.194/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.153.139.61/relations
# Reference: https://www.virustotal.com/gui/file/2e7aa640b2da6d9350afba1b8ad0b65bc85ac335dde42f08cd540da8580e2a78/detection
# Reference: https://www.virustotal.com/gui/file/e72f17d6111a1a7b814f0b10a708b7e5edadb990f19b6dc95014b65a8dd2d144/detection
# Reference: https://www.virustotal.com/gui/file/d8c2df12fea48c073ee89e11bfb7900dcb683cbf1b637a68a0ff0be6141cdec9/detection
# Reference: https://www.virustotal.com/gui/file/8dc1d26c3868ff1b7168304ff5a58d19e442073fdbd8f8e4ac276fef1c6715f3/detection
# Reference: https://www.virustotal.com/gui/file/47cfe61bccad89c5224246133274d8d2bdc77c1f8a93db51917a428ab33f2e03/detection
# Reference: https://www.virustotal.com/gui/file/46cb4538eef46a475ceda72b082d94e3e9fefba0e8e493a590ad2f1c281cca08/detection
# Reference: https://www.virustotal.com/gui/file/632bcce7ac08303c8f7d9784035ae4b044bc9fccca9bc11db94fc532e6939704/detection

http://51.38.145.47
178.33.57.148:443
178.33.57.149:443
51.38.145.47:8080
88.151.192.14:443
94.156.66.107:9000
51.38.145.47.sslip.io
biches-yeah.co.ua
i-like-hokku.co.ua
one-more-chance.co.ua
owly-hoh-and-hop.biz.ua
specter.co.ua
the-new-age.co.ua
we-are-happy-here.biz.ua
yeah-biches.kyiv.ua
/hooks/adolf?id=
/hooks/hitler?id=
/hooks/hoh?id=
/hooks/stalin?id=
/hooks/virustotalsuckmycock?id=
/virustotalsuckmycock?id=

# Reference: https://www.virustotal.com/gui/file/0bcb0e09cea6aee6519b897b38137ed629f03286f45e5af05cc26d2ca7547cb3/detection

186.169.80.244:1214
newnjazules1.duckdns.org
ver4-81.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a84679de0066291002f90b6fda1792c1efaf701dcf8ba46a016e2cebb8bc7220/detection

194.147.140.150:3838
remdec.duckdns.org

# Reference: https://www.virustotal.com/gui/file/13d86de442fd832c83a9fcdd7e3b25729818cc4d6fc395d015a34d07d8a461f8/detection

18.228.115.60:12185
18.229.146.63:12185
18.229.248.167:12185
18.231.93.153:12185

# Reference: https://www.virustotal.com/gui/file/eb80567949112f500d2ad5a7a1cd7a743d452fa3dfd8ef7f117cec26633f90c2/detection
# Reference: https://www.virustotal.com/gui/file/1c9562e4fa4f2e47a340161fcd08b6ad549ff329a81d125aaf87ce67554eaa76/detection

179.13.0.175:1988
informes8520.duckdns.org

# Reference: https://www.virustotal.com/gui/file/33ecb8873ad1eaeedbefb22aad4bfda2ef1535496038a0f5cb8f766c6cc268c7/detection

179.13.0.24:7089

# Reference: https://www.virustotal.com/gui/file/f9cf48429302e6d13375316cdec3ea2a4c76fc0b303f791093ef738b4dc8aa75/detection
# Reference: https://www.virustotal.com/gui/file/1a5e416c52c05aa813b4baaeddf2a13945fc20d667c13fbafe4e52d73ce17292/detection

134.19.179.195:9702
213.152.187.230:9702
trfsgysu28opask01.duckdns.org
trfsgysu28opask02.duckdns.org

# Reference: https://x.com/karol_paciorek/status/1793596358819274815
# Reference: https://www.virustotal.com/gui/file/6778fea0bea7bd311fbda7b2f6257a7826733a664199d8073c878e401ba20a33/detection
# Reference: https://www.virustotal.com/gui/file/622ba1289dd4dfffa369ed39129e5b5e4ea17a4764cc2da4c72620719548cfde/detection

144.126.131.93:2404
149.102.132.238:8080
185.174.101.90:2404
bbhmeetre1ms.freeddns.org
meetre1ms.freeddns.org
mysmeetr.ddns.net
mysweeterbk.ddns.net
myumysmeetr.ddns.net

# Reference: https://twitter.com/naumovax/status/1784224878293319902
# Reference: https://tria.ge/240403-cl89vsch6y/behavioral1
# Reference: https://www.virustotal.com/gui/file/7efd9de26a438503b6d0bc112ed76e29db45c3341b4b82ad81556c6218ca37cd/detection

216.218.135.118:45000

# Reference: https://www.virustotal.com/gui/file/bf9ad6d5ab052e617886367c51000ec1cca0e540649ceeb77ff9ea4f7b70b8dc/detection

174.127.99.167:8970
185.174.100.34:8970
185.244.30.12:8970
duckkill.sytes.net
kingkill.duckdns.org

# Reference: https://www.virustotal.com/gui/file/110680ceaaa3ef42c7f4c89579adedaa3c6703c4bab543ca29c35ed183f3a754/detection

ubasinachi2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/d7debe5620f6e49a6a08c61c8b76c29aaac9311e140364474bf9016b901b1093/detection
# Reference: https://www.virustotal.com/gui/file/8a2f3206cbe0c4829ab419e14169b4df759d9f265d571ddd776f1cca00187b12/detection

gracewaki2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/2b87f312cf2c6528b50e25f4122d4433c2d7ca49e51f2e179565b7fb68ae74f4/detection

185.19.85.139:5505
37.4.252.98:5505
siojfhaolkisjfoajfo.ddns.net

# Reference: https://www.virustotal.com/gui/file/f32a97f563252bff61946e173b7450e55fefcaa016e7d805fb7b27bb89e44bde/detection
# Reference: https://www.virustotal.com/gui/file/d7a883e46da3c5969be0f5eb66a79fc1fd07d7fa942e40f8e1c66deb77891b24/detection
# Reference: https://www.virustotal.com/gui/file/52c8758531cefdc3e47582d7247f2c2bbcd9176dfc3263f32b8e5d56c448171b/detection

185.244.30.9:3535
78.182.1.79:3535
pranti.ddns.net

# Reference: https://twitter.com/ScumBots/status/1784625972894998577
# Reference: https://www.virustotal.com/gui/file/4c28b6d5329d067a5887a65dd287ddd2bbdfe3e30cfea5cd023ff3971938e9ef/detection

103.224.182.242:8889
sendfiletiahforem.ducdns.org
sendfiletiahforem.duckdns.org

# Reference: https://www.virustotal.com/gui/file/932eba9528131b4579b904b174641a3ee5430cbd521e96497a9c1827ef6b1973/detection

185.161.209.155:2444
jsjs.giize.com

# Reference: https://www.virustotal.com/gui/file/ad3dc7a0c6ce33a7e45775b3452343eb748fab8823311df58d4599d6a203ff80/detection

23.249.165.210:2424

# Reference: https://www.virustotal.com/gui/file/11825db772e53bbaa461c8c4350bae0cffd8d1dff823bd504339e3bb23e517a4/detection

94.156.69.232:22891
94.156.71.108:22891
94.156.79.125:22891
ready4u.ddns.net

# Reference: https://www.virustotal.com/gui/file/91e4bb8408db1e54d407d1859cbdde5c9df1a70c755474b5c7542ad661e30d00/detection

185.206.225.59:52182
dave17.bumbleshrimp.com

# Reference: https://twitter.com/ShanHolo/status/1788512597660033228
# Reference: https://www.virustotal.com/gui/file/7e6ba6f340da6ec5121f2c910b376fe4a23adeed64ab239a295864c136eb40b1/detection

http://107.173.4.16
107.173.4.16:2560

# Reference: https://x.com/banthisguy9349/status/1791867832071757869
# Reference: https://urlhaus.abuse.ch/host/94.156.68.227/
# Reference: https://www.virustotal.com/gui/ip-address/94.156.68.227/relations

http://94.156.68.227
seaview.dynuddns.net

# Reference: https://www.virustotal.com/gui/file/92c36cb8d0ab070bb2fa32857c4e8a21fb4f41977fbd06a1c3b6d195a9a42d0a/detection

102.218.89.31:7658
2.59.254.111:7658
albuckar.duckdns.org
bigfish.zapto.org
buckar.ddns.net

# Reference: https://x.com/karol_paciorek/status/1793201205050499327

185.196.11.223:1998
185.196.11.252:1998
85.239.241.136:1998
91.92.249.94:1998
94.156.64.207:1998
94.156.69.136:1998
94.156.69.226:1998

# Reference: https://www.virustotal.com/gui/file/9e66832c750261b33f6357cf7043836a6e3fc44abbb2d3ecca268c66e12f18e3/detection

rencosmayo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8152e6c6b226a3c11b6d0a358f611ac3f23630fc497f7875f2406041fe0f804e/detection

46.246.84.17:9078

# Reference: https://www.virustotal.com/gui/file/e072cb74d516f3e768ccccde32c9bfe62fb5748a900e3e9cec6b32315a963584/detection

179.14.9.158:8899
181.52.102.110:8899
191.88.248.162:8899
191.88.251.248:8899
keys2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/814c772578aa45400ad6b80ec10ba54b222cf8f7f8369f054b01e5dde8531073/detection
# Reference: https://www.virustotal.com/gui/file/4815ea5836d7caa023355795b41170b08f9fbdfb0d326a32649918248d1b768f/detection

181.141.40.28:1213
191.88.248.162:1213
sost2024ene.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4c25904caad0e4c31bf2285e99433b9a4cb1901d49968d26b704a9e1ce7db4f9/detection

181.141.0.88:1012
centroremcentro.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f6f0b9b8b7a2ee0a64f33c5df868a2ae646d9c5ca161b7031994db881ec2b11b/detection

179.13.3.249:1011
181.131.216.115:1011
cuarentaynueverem.duckdns.org
cuarentayochorem.duckdns.org
cuarentayseisrem.duckdns.org
nuevamandadaahorasi.con-ip.com
octavoserdns.duckdns.org
sesentarem.duckdns.org
sesentaydosrem.duckdns.org
sesentayunorem.duckdns.org
videollamadaconipservicios.con-ip.com
zunildavergaradns.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/179.13.4.178/relations
# Reference: https://www.virustotal.com/gui/file/9c6be56b2bb73d2340ef1fb3588ac4504f4d4aa373673d13e3aeb3f44a1e1b8b/detection

179.13.4.178:4040
sebastianferreirodns.con-ip.com

# Reference: https://www.virustotal.com/gui/file/5798d9ac4b8c65ad1b2e592ddced6d93a44a7973575b8a9c7f38e7f4e053b95d/detection
# Reference: https://www.virustotal.com/gui/file/b52deff2531a031eb44ddf692dabf3ee414b4a5702319a78df23f9894d28b9b5/detection
# Reference: https://www.virustotal.com/gui/file/d26905886a1f3e12a5af7e473ef805a346b8c89f68a2855128745b26212f78d6/detection
# Reference: https://www.virustotal.com/gui/file/4482d14ed386eae07d5c6495adc13902139be57ca49a06bf3e54f4c2beaadadf/detection

181.141.0.135:5023
181.141.40.74:5023
181.141.42.4:5023
191.88.248.74:5023
29idjidpoiic903jnu92cvvvew.con-ip.com
73uhd7893hn23cvshdscw.con-ip.com
7g378gd2udx98d23d.con-ip.com
angulojaider87.con-ip.com
komiviecni3812.con-ip.com

# Reference: https://www.virustotal.com/gui/file/aecea027823501894725b21789c9da56992213e00e007c6b4e0f8839237faf71/detection

http://91.92.254.152
109.248.151.170:2404
109.248.151.170:6565
gggb2.dvrdns.org
bnfjdbhgo.duckdns.org
ghuytyh45.duckdns.org
sahjwevhjrsan.duckdns.org
mkknew.oss-cn-beijing.aliyuncs.com
mmkknn.oss-cn-beijing.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/cce955a091518aefb9693ba4e103cdc31afc138c9eb9503984bf08f5f70eff46/detection

185.29.11.23:10521
embargogo237.duckdns.org
embargogo2378.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5716ca13a390d744b1276a1ca83f837f55f797a53b68fa1c738939c94f19f52d/detection

45.74.19.121:7927
45.74.39.51:7927
elmauz.freemyip.com

# Reference: https://x.com/1ZRR4H/status/1798735303286685905
# Reference: https://www.virustotal.com/gui/file/e029f20edff24955bbfc954ba9b6408afe55e0f8c52ee7dbdd46e5ca22da70a4/detection
# Reference: https://www.virustotal.com/gui/file/d9ffb32f33d1f16ca20346890449d410edb025a631f40b277c692474ba0c0318/detection
# Reference: https://www.virustotal.com/gui/file/1bcf74fddff2cfa570a0b6bdeff42e95b0a17d591d4195d7886541988f59e4d2/detection
# Reference: https://www.virustotal.com/gui/file/ffd9f2e324d3baff97628f057532ff8fbd553a22b3d6fb375ca89879f42d956b/detection
# Reference: https://www.virustotal.com/gui/file/3afc8ef18d02bf8c40ba4fb029058c1f7d4bfb10f05d0dd281db6695091100ae/detection
# Reference: https://www.virustotal.com/gui/file/345c76d39f1b71665c9ad3c4dbef1aee57e25d0b181c19c6e5d0116fce6e86ef/detection

104.243.242.137:7035
46.183.222.46:5111
77.221.151.22:7070
77.91.77.107:7070
deytrycooldown.duckdns.org
newlink.duckdns.org
pattreon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b70e59a589cca565eb07ae8489590f19bf28a6176e38c2d117d41ed4d58578cb/detection

178.215.236.100:1486
gymacademie.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc8d3ca124b39f73a8517c8edaf52732dc7766f405dda194114e58f8f841778b/detection

82.102.27.171:43833

# Reference: https://x.com/banthisguy9349/status/1799482287752651227
# Reference: https://www.virustotal.com/gui/file/635afa4851ab707d7527325d132caabb0387cb5a3ae3eccee23b3c8891fff4d5/detection
# Reference: https://www.virustotal.com/gui/file/6453ff4a1251fd031693f652a2e446c2c5119170758b7b5e71895bfd4b38f6a8/detection

185.140.53.144:8691
megabytemantom.com/file_d/
megabytemantom.com/luck/

# Reference: https://www.virustotal.com/gui/file/0ff5577cfd7a88944989af7cca1d21a7ee820521fc3d283808b0824770979f53/detection

46.246.6.210:8079
aseguroremcos.duckdns.org
fade2288.ddns.net

# Reference: https://www.virustotal.com/gui/file/c43279eb52c1a6cde692ce0f4b1b6f30f2b346e9fa2faaff00b7bcacb53c5d13/detection
# Reference: https://www.virustotal.com/gui/file/174f4f8590436762a9557ccecbefc30b685ac5c4623c7f275203bcfbe8dd6f4b/detection

185.244.213.31:6006
185.29.8.44:6006
187.58.168.116:6006
31.220.7.204:6006
remcos.ddns.net

# Reference: https://www.virustotal.com/gui/file/a92cea8bd1038d53e05f5a8b9c01a2980e9f9b092cb2b21dbe4d4fd347b769d3/detection

159.89.203.110:6587
159.89.203.110:7612
167.86.109.16:7612
207.250.29.219:6587
207.250.29.219:7612
207.250.29.221:6587
207.250.29.221:7612
46.105.127.143:6587
46.105.127.143:7612
5.226.168.130:6587
5.226.168.130:7612
51.15.219.33:7612
remcos.punkdns.top
remcos2.punkdns.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-06-22)
# Reference: https://www.virustotal.com/gui/file/0ac639ca37ecd3ff37879ba130a8ed3092fe1de20054ae9cde28af180ed6632c/detection

103.198.26.130:45645
103.198.26.130:56765
107.175.229.139:8823
139.84.139.29:1692
144.208.127.241:1717
192.253.251.227:57484
45.61.132.128:1952
94.156.68.54:87
96.47.235.152:2024
bossnacarpet.com
hjnourt38haoust1.duckdns.org
iwarsut775laudrye2.duckdns.org
iwarsut775laudrye3.duckdns.org
janbours92harbu01.duckdns.org
janbours92harbu02.duckdns.org
janbours92harbu03.duckdns.org
megacitta190004.duckdns.org
merega.3utilities.com
oriondedjdissd.con-ip.com
remcoss2024feb.duckdns.org
rifugio.freemyip.com

# Reference: https://www.forcepoint.com/blog/x-labs/url-shortener-microsoft-word-remcos-rat-trojan
# Reference: https://www.virustotal.com/gui/file/13646fefa24c414888f2ca78de605a063c41dbd4945dee1ebb00e8cbae65085d/detection

http://96.126.101.128
94.156.66.67:2409
belgom.duckdns.org
fordede.duckdns.org
logili.duckdns.org
newsat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a49d38cf698e0acad8cc028c3f0b3a7e0d7de2f5c345439ccae413d3e10c29c4/detection

103.212.220.14:5675
185.108.105.241:5675
41.76.192.17:5675
41.76.195.228:5675
45.74.39.78:5675
45.74.44.36:5675
45.74.46.124:5675
45.74.46.207:5675
45.74.46.230:5675
45.74.46.241:5675
45.74.46.73:5675
mroffice.hopto.org

# Reference: https://www.virustotal.com/gui/file/086252671c0dcf22ef7f0ceca33375d47bbeab0c985963552f8f528498775678/detection
# Reference: https://www.virustotal.com/gui/file/fcdbde9d610f443bbfea15d925e9fcb72b7075d6156d281c627b105086a46746/detection

178.215.236.110:3050
45.88.90.110:3050
ricohltd.top
vauxhall.top
jgbours284hawara01.duckdns.org
jgbours284hawara02.duckdns.org
jgbours284hawara03.duckdns.org

# Reference: https://pastebin.com/raw/EPCBAKGJ

103.77.243.159:2404
104.243.32.42:2404
107.173.4.16:2404
118.31.63.89:2404
145.239.230.233:2404
147.124.210.13:2404
158.220.98.130:2404
167.88.166.237:2404
172.111.139.125:2404
172.111.186.144:2404
177.255.84.124:2404
181.141.41.63:2404
181.41.200.209:2404
185.157.162.103:2404
185.157.162.126:2404
185.174.101.15:2404
185.214.10.55:2404
185.241.208.66:2404
185.255.114.122:2404
191.252.153.239:2404
192.210.214.9:2404
192.3.101.18:2404
193.111.249.133:2404
193.142.146.101:2404
193.142.146.21:2404
194.59.30.46:2404
195.201.87.182:2404
198.23.227.212:2404
20.161.82.217:2404
204.10.160.132:2404
204.9.187.48:2404
213.238.177.144:2404
213.252.247.119:2404
217.76.56.205:2404
23.227.183.122:2404
24.152.36.221:2404
45.133.174.54:2404
45.156.86.26:2404
45.156.86.27:2404
45.40.96.164:2404
45.74.37.70:2404
45.74.37.97:2404
45.77.115.93:2404
46.246.4.212:2404
5.206.224.223:2404
5.230.75.50:2404
5.34.182.173:2404
64.188.22.11:2404
65.21.134.79:2404
78.142.18.109:2404
78.142.18.110:2404
78.142.18.111:2404
78.142.18.221:2404
8.213.216.15:2404
83.147.37.144:2404
86.104.73.215:2404
88.119.170.153:2404
91.92.247.170:2404
91.92.249.174:2404
92.204.171.198:2404
92.53.65.66:2404
94.130.249.123:2404
94.156.67.171:2404
94.156.67.174:2404
94.156.68.216:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-07-06)
# Reference: https://www.virustotal.com/gui/file/09ea9e11557019340fd2f3f2bb6f3e6be02780d7da597e0148e5b96d933706f2/detection
# Reference: https://www.virustotal.com/gui/file/35cc50dfa2e5b9183e125df2cac72ea68e76d15af151b32737e32f5866dda091/detection

103.212.81.159:5207
103.237.87.156:1993
103.237.87.159:9462
103.237.87.161:1993
103.237.87.32:1999
103.237.87.40:1993
107.173.4.18:2556
107.173.62.181:17120
138.201.150.244:3984
157.254.236.96:2404
172.93.218.178:44555
173.255.204.62:2556
181.134.154.236:1664
181.134.154.236:7770
191.101.130.177:6903
192.3.64.149:2888
206.123.148.194:3980
206.123.148.196:3980
212.162.149.42:7118
5.78.82.186:2405
66.85.26.234:7888
80.85.154.121:1980
94.156.68.105:7256
94.156.68.221:2424
94.156.69.93:2973
abril24.con-ip.com
abril25.con-ip.com
arannsasaaransasaturituri2024.duckdns.org
bayerns342.duckdns.org
bendito.con-ip.com
benjaminavendanolora09.con-ip.com
cachabfeb.duckdns.org
cachafeb.duckdns.org
cada1224.con-ip.com
ccerrado10.con-ip.com
chichonexpress.con-ip.com
comidafood.con-ip.com
dgfrnvkdjnrljfre.con-ip.com
didiersarmientolora09.duckdns.org
dominiogeneral20240202402024.duckdns.org
dominioseternosgraciasadios20230230230.duckdns.org
dominoduck2055.duckdns.org
dpm-sael.com
dvefwfdddaa.con-ip.com
envijunio.duckdns.org
ergfdsvhiebviured.con-ip.com
ergfergnownfiejrf.con-ip.com
fabiansambuesalora09.duckdns.org
fdvdfvflknvonfnf.con-ip.com
ferfnekfkjerfjre.con-ip.com
fiujrkefdosdlfosdjfjdf.con-ip.com
gukguygugv.con-ip.com
herherregerterger.con-ip.com
idfofjvoevjoejvoerjovjri.con-ip.com
inverterrem.duckdns.org
jairodomingueslora09.duckdns.org
jhigyjkgfjkfkfku.con-ip.com
josesalomonlora09.duckdns.org
juderule.africa
junio04.con-ip.com
junio06.con-ip.com
junio17.con-ip.com
junio19.con-ip.com
junio21.con-ip.com
junio24.con-ip.com
junio25.con-ip.com
junio26.con-ip.com
juniorvalemonda.con-ip.com
kdhviusdhiuduidhn.con-ip.com
kiolok.duckdns.org
lorenagamarralora09.duckdns.org
marioyepeslora09.duckdns.org
mayo006.con-ip.com
mayo07.con-ip.com
mayo292024.con-ip.com
mayoelmesdelamosca202422024.duckdns.org
milciadestorreslora09.duckdns.org
milotedaenerdia.con-ip.com
mou3543.duckdns.org
oro.con-ip.com
panel2.con-ip.com
pasarasaberquecuenta.con-ip.com
pr1275995.con-ip.com
rfdslnfiwdfjnwlcnwonjjs.con-ip.com
rfglnlsdknflsdnfldsns.con-ip.com
sdfgdjghiudsifh.con-ip.com
sdfvskdjcnsdkcmowdijfei.con-ip.com
sdvfsdjfijfirbfe.con-ip.com
sgddvjcmvkdmvdmod.con-ip.com
skbfsjbfhsdbfhbdsbfsbifbis.con-ip.com
sos2021rico.duckdns.org
tydyjtdfjhtf.con-ip.com
vegetachcnc.com
wrfegvfdsefme.con-ip.com

# Reference: https://www.virustotal.com/gui/file/e90338e3426444f725cbed7873c7c3edeadaaf9bc289bdaa18ff7ebca8c916c6/detection

181.131.219.106:1992
sodfhsiuhdvishvisdhivgh.con-ip.com

# Reference: https://www.virustotal.com/gui/file/c6437ea43449b6cb763714ba5034c406dfb66485c1a2d76ac4b9f1a4314240a6/detection

191.88.248.148:1992
uribe07.con-ip.com

# Reference: https://www.virustotal.com/gui/file/2a432a4c49955323930cf55b7ed264acc5d07a6a3837718901b8a9d1de3df36b/detection

191.88.248.148:1880
alfonsolozanolora09.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/191.88.248.148/relations

djifhidjfvndfvn.con-ip.com
jhonatanbedollalora09.con-ip.com
mariagarcialora09.con-ip.com
mariapenalora09.con-ip.com

# Reference: https://www.virustotal.com/gui/ip-address/181.131.217.74/relations

defdwsccs.con-ip.com
sfgreoughifjgnlkdhfe.con-ip.com
tele12.con-ip.com

# Reference: https://www.virustotal.com/gui/file/db1c03a38ddda7f85b4d812e7aa84f11464b02719cb621d21289464fd7e14fa0/detection

181.131.217.156:9403

# Reference: https://www.virustotal.com/gui/file/b7fc2c96f3385d388315dfbb4c06bec55adf81dad51fc5116b90270541a198c2/detection

179.14.171.7:9597
181.131.217.156:9597
191.88.249.118:9597

# Reference: https://www.virustotal.com/gui/file/81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92/detection

181.131.217.156:2093
181.141.8.110:2093
186.85.86.226:2093

# Reference: https://www.virustotal.com/gui/file/30365c2a08495f1a3e13f086a12f20119152df943b74b2c55e100886283d820e/detection

181.131.217.81:1990
cristianbarreralora09.duckdns.org
cristianlozanolora09.duckdns.org
didiersarmientolora09.duckdns.org
fabiansambuesalora09.duckdns.org
fabricioromerolora09.duckdns.org
falconrodrigueslora09.duckdns.org
felipepelaezlora09.duckdns.org
fernadosernalora09.duckdns.org
fernasantoslora09.duckdns.org
jairodomingueslora09.duckdns.org
josesalasarlora09.duckdns.org
josesalomonlora09.duckdns.org
lorenagamarralora09.duckdns.org
lucianopradolora09.duckdns.org
luciocastanolora09.duckdns.org
luiscarlospetrolora09.duckdns.org
manberoioliveralora09.duckdns.org
manologonsaleslora09.duckdns.org
mariomendeslora09.duckdns.org
marioyepeslora09.duckdns.org
marlonpiedraitalora09.duckdns.org
marlonrangerlora09.duckdns.org
mauriciobelenolora09.duckdns.org
maurorodrigueslora09.duckdns.org
milciadestorreslora09.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1810305014088282568
# Reference: https://www.virustotal.com/gui/file/23355e6bb3fb1b0e389e7ec95bacf5f205cfb4e1be6f427aabd9fcba0f603a59/detection

45.95.232.100:9000
45.95.232.221:4434

# Reference: https://www.virustotal.com/gui/file/47b12bc3756bf1c2339578eef98a12eb68f142f601ebee25eacca7d6ef6dc349/detection

157.20.182.38:4443

# Reference: https://www.virustotal.com/gui/file/ffac703f236c11563dec94b9d9dcc0f1bb37a814f98400e62512a2df5e596ec6/detection

81.19.139.76:4343

# Reference: https://www.virustotal.com/gui/file/fbc8bed8f5a9b1c73a165119d5f1735f5f06562b787f50f343b04e1bc8f0b2d4/detection

http://45.95.232.221

# Reference: https://www.virustotal.com/gui/file/e314b233b41a5688a4e43f876ccb10718351d3f396b4df623b4ebb0a093be7e0/detection

http://45.95.232.82
45.95.232.82:4434

# Reference: https://www.virustotal.com/gui/file/d938cb8accbc51046158350155f1af9248fc8459ef2b92be752b93dae77504a6/detection

http://81.19.139.14
81.19.139.4:434

# Reference: https://x.com/k3yp0d/status/1812896923906375859
# Reference: https://www.virustotal.com/gui/file/93d62921b098eb238d3398dfbe70c0e764b2b0bd73e7abed9b5fe0e2a2b6262b/detection

http://45.95.232.235

# Reference: https://x.com/k3yp0d/status/1813137156333834580

http://194.87.71.46
http://88.151.192.40

# Reference: https://x.com/k3yp0d/status/1813577767956668497
# Reference: https://www.virustotal.com/gui/file/f9006cde13a4687743768e5abacb4c4be0d0f40ce80dabd4e236720e7f567b41/detection
# Reference: https://www.virustotal.com/gui/file/b2c949c04039bdb0248021a6c73389f27f82b3a3ca94c651bd58002076621f72/detection
# Reference: https://www.virustotal.com/gui/file/94b18630ceb9c0e7a108c0700684650d80554eb612e43c9cad763c8b6eeb946b/detection
# Reference: https://www.virustotal.com/gui/file/98acb5d3ae106853227b89091f146beb21859fbe9e941711cd13799d5139e416/detection

http://45.95.232.215
miwrt3szxozwhyqdyyznin.hooks.webhookrelay.com

# Reference: https://x.com/k3yp0d/status/1813602107486044417

http://45.95.232.52
http://77.83.246.105

# Reference: https://x.com/ShanHolo/status/1813824489073131771
# Reference: https://www.virustotal.com/gui/file/c5d6d93d875e65ad931c04b210768b1ab1042ea31045f902faa61983c32bd2e8/detection

http://107.173.143.46
107.173.4.18:2556
173.255.204.62:2556
bossnacarpet.com
vegetachcnc.com

# Reference: https://x.com/g0njxa/status/1814564408846147830
# Reference: https://app.any.run/tasks/be61420d-8456-458d-b230-ce2b19af4f68/

213.5.130.55:443
213.5.130.58:443
compranoautorizada.com
medinetuix.com
miguellozanocolloto.com
portalintranetgrupobbva.com
rollbit.casino
bancamarch.compranoautorizada.com
bbva.compranoautorizada.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://103.85.25.182
http://162.251.146.190
http://172.94.25.38
101.99.94.105:9999
103.186.116.111:7788
103.186.116.224:8080
103.186.116.30:2404
103.186.116.80:2404
103.186.64.142:443
103.237.87.161:2404
103.237.87.32:2404
103.237.87.40:2404
103.253.17.222:6426
103.77.243.159:5009
104.238.220.231:4872
104.243.242.229:1692
104.243.38.89:2404
104.243.42.74:2404
104.37.184.140:2404
107.172.148.221:8080
107.175.31.172:2525
107.175.34.66:2025
109.248.144.232:8081
109.248.150.178:2404
111.90.143.125:4101
12.221.146.138:8000
134.255.217.251:8000
134.255.217.251:8100
134.255.252.75:443
136.243.151.110:2404
136.243.151.110:443
141.98.101.133:20990
142.11.201.122:5121
142.11.201.122:6123
142.11.201.122:6124
142.11.201.123:5121
142.11.201.123:6121
142.11.201.123:6124
142.11.201.124:5121
142.11.201.124:6122
142.11.201.124:6123
142.11.201.124:6124
142.11.201.125:6121
142.11.201.125:6122
142.11.201.125:6123
142.11.201.125:6124
142.11.201.126:5121
142.11.201.126:6121
142.11.201.126:6122
142.11.201.126:6124
145.239.230.233:443
147.78.103.153:9090
152.201.163.76:2000
152.201.191.104:2000
152.202.253.94:2000
157.20.182.138:443
158.220.124.192:1012
158.51.121.150:2404
162.251.122.115:2404
162.251.146.190:3306
162.251.146.190:443
162.251.146.190:53
162.251.146.190:8080
172.111.137.131:4040
172.111.186.112:1919
172.111.186.112:1921
172.111.186.112:2020
172.111.186.112:2021
172.111.186.144:2021
172.111.186.144:2222
172.174.173.151:2404
172.245.123.14:2404
172.81.63.157:5200
172.93.222.185:2404
172.93.222.208:2404
172.93.222.25:2404
172.94.25.38:1921
172.94.25.38:2020
172.94.25.38:2021
172.94.25.38:2024
172.94.25.38:2025
172.94.25.38:2125
172.94.25.38:2402
172.94.25.38:2404
173.212.199.134:4433
173.234.107.81:2404
176.9.23.50:1697
176.9.23.50:3677
176.9.23.50:4483
176.9.23.50:6119
176.9.23.50:6397
176.9.23.50:6591
176.9.23.50:7083
176.9.23.50:7273
176.9.23.50:7329
176.9.23.50:7539
176.9.23.55:5394
178.215.236.129:1781
178.73.192.19:2404
178.73.192.19:8888
178.73.192.4:2404
178.73.218.4:2404
179.13.4.37:8080
179.15.133.126:2404
179.15.149.222:1667
179.15.149.222:2404
180.214.236.46:4288
181.131.217.222:5220
181.215.79.222:51269
181.236.120.75:2000
181.49.85.74:5506
181.49.85.74:5508
185.156.72.28:2403
185.157.162.103:443
185.158.113.101:2404
185.161.209.117:41955
185.161.210.49:21352
185.161.210.49:32491
185.169.54.165:2404
185.196.10.111:2404
185.196.10.111:7777
185.196.9.78:24041
185.222.58.41:5938
185.222.58.47:2404
185.239.236.234:443
185.29.11.56:4200
185.29.9.6:6699
185.38.142.127:443
185.41.248.110:31337
185.56.80.120:5590
185.56.83.208:6969
188.126.90.7:8888
188.93.233.246:2404
191.252.153.239:2405
192.3.64.185:8080
193.142.146.101:2401
193.142.146.173:2404
193.26.115.139:2404
194.169.175.190:2404
194.55.186.241:2404
194.59.30.201:17527
194.59.30.76:57846
194.87.45.90:8080
195.211.98.128:8081
195.26.242.179:2404
198.13.35.20:36082
2.58.56.179:4444
2.58.56.84:4444
204.10.160.139:2404
205.234.200.175:14645
207.244.237.106:7276
208.64.33.148:25
208.64.33.148:5000
208.64.33.148:8080
208.64.33.62:8080
209.90.234.13:2404
212.162.149.80:2404
213.252.247.119:2222
213.5.130.59:443
23.134.94.5:5470
23.134.94.5:5471
23.227.193.34:1024
23.254.224.59:2404
24.152.36.36:2404
3.110.151.234:5060
3.130.209.29:28191
38.114.123.24:2404
38.181.2.139:2404
38.181.2.56:2404
38.181.2.77:2404
38.255.54.17:31832
38.255.55.171:2404
45.137.116.128:443
45.156.86.29:9032
45.156.86.52:9032
45.230.254.43:8000
45.66.231.190:2489
45.66.231.47:2404
45.74.19.149:2022
45.74.19.43:6699
45.74.37.70:2444
45.74.37.70:3999
45.74.37.70:8090
45.74.37.97:888
45.77.115.225:2003
45.88.186.15:2404
45.89.247.46:2404
45.95.169.135:2404
45.95.169.139:2404
45.95.232.171:4343
45.95.232.171:443
45.95.232.215:443
45.95.232.21:4343
45.95.232.21:443
45.95.232.229:4343
45.95.232.229:443
45.95.232.237:4343
45.95.232.237:443
45.95.232.249:443
45.95.232.52:443
45.95.232.89:443
46.183.222.46:5000
46.183.223.84:7070
46.246.12.3:2404
46.246.12.3:8888
46.246.12.4:2404
46.246.14.12:2404
46.246.4.17:2404
46.246.4.17:8888
46.246.80.11:9090
46.246.82.22:9090
46.246.82.3:9090
46.246.84.28:9090
46.246.86.16:2404
46.246.86.16:8884
46.246.86.16:8888
46.246.86.16:8889
46.246.86.20:2404
5.252.53.134:2404
5.253.86.233:2404
5.61.36.74:54311
5.8.11.93:4040
57.128.155.22:4056
65.108.129.220:8088
66.248.206.187:2404
67.203.7.232:2404
75.127.7.188:2404
77.83.246.105:443
77.83.246.46:443
77.83.246.55:443
77.83.246.60:443
78.142.18.110:2401
78.142.18.110:2405
78.142.18.110:2406
78.142.18.111:2401
78.142.18.111:2405
78.142.18.111:2406
78.142.18.112:2401
78.142.18.112:2404
78.142.18.112:2405
78.142.18.112:2406
78.142.18.221:2401
78.159.112.29:1911
78.159.112.29:8008
78.159.112.29:8080
8.210.234.19:2404
8.218.28.159:8683
80.66.75.238:3388
80.79.7.197:2404
80.94.92.120:2404
83.147.38.162:8888
83.147.38.162:9999
83.147.53.80:2404
84.247.169.247:2404
84.38.134.104:8080
85.209.11.113:123
85.209.11.113:2053
85.209.11.113:5000
85.209.11.113:8443
86.104.72.183:2701
86.104.72.183:2706
86.104.72.183:2707
88.119.170.153:2444
88.119.170.153:8090
89.117.23.25:57832
91.92.240.153:2080
91.92.242.91:2404
91.92.245.43:2404
91.92.246.111:2404
91.92.246.148:2404
91.92.246.66:2404
91.92.249.86:8201
91.92.255.54:2404
92.204.171.198:888
94.130.131.169:3122
94.156.65.138:2404
94.156.66.230:35889
94.156.67.58:2404
94.156.79.89:2404
95.214.54.179:2404

# Reference: https://www.virustotal.com/gui/file/f893c6fd241a58065f77bfe56db7e7cf060224be0b3f38e352312e05ab35f7fe/detection
# Reference: https://www.virustotal.com/gui/file/5080e38aaf9a00af84a5baf06d1eeb1881dd24a389ff719add6b7b650d1ddaea/detection

http://91.134.103.134

# Reference: https://x.com/malwrhunterteam/status/1816861171409940564
# Reference: https://www.virustotal.com/gui/file/a115bd24258d2fa68c60a051026c9736e99d6bca72ca33c74b92e2965efbb71a/detection
# Reference: https://www.virustotal.com/gui/file/7b82dbf6f4e480cd2b805b8c23d3f0d864b1de7242f04adf6a9078ca6e8930ef/detection
# Reference: https://www.virustotal.com/gui/file/6d93a42c2bffbf94f703b3bbe6e0e9026d76bfb501367bbeb1c2531e28ac6cab/detection

http://81.19.139.74
81.19.139.74:4343
/fhtp934657hgjdkldjnblcvpgg.zip
/fhtp934657hgjdkldjnblcvracs/brt_1_0147.doc
/fhtp934657hgjdkldjnblcvracs/oshad_88.docx
/fhtp934657hgjdkldjnblcvracs/rv_luti_2024_roku.xlsx
/fhtp934657hgjdkldjnblcvracs/

# Reference: https://www.virustotal.com/gui/ip-address/192.3.101.142/relations
# Reference: https://www.virustotal.com/gui/file/cf8e318a25edc46fe366195ca9efd3de290db535c42d4565987b2de7eeecffc9/detection
# Reference: https://www.virustotal.com/gui/file/1b7645def29702c924a9cff0a5234b8a697f6d89be75593a725cf8f7da8c7288/detection

http://192.3.101.142
192.3.101.142:18576
forxlamfile.duckdns.org
fridayyyyvert.3utilities.com
hiddenrmcnew.duckdns.org
maveing.duckdns.org
mercurimanangere.ddnsking.com
mondaynoip.ddnsking.com

# Reference: https://www.virustotal.com/gui/ip-address/179.15.149.222/relations
# Reference: https://www.virustotal.com/gui/file/f31f939d16c6b493080ecd189296153bfdb0a22d89e7dbc22d87bab21dbfe75b/detection
# Reference: https://www.virustotal.com/gui/file/ed0686ca469ef0c6d231b50b13a8e9c940c1864b1cdb6d1bd49aff3bab7664c3/detection
# Reference: https://www.virustotal.com/gui/file/d3ae0198e42c1f207bd4ba866ad9f634cddb1b3f15757db7b417a74bfc20116e/detection
# Reference: https://www.virustotal.com/gui/file/90bbc186938b8bf66f288b9376a9ee09e3ea004231d79e29eac556060cd7f6a3/detection
# Reference: https://www.virustotal.com/gui/file/5e865150c02b6687a220b59762459744c0467ec451b48be1569b8b92326c2e25/detection

179.15.149.222:1663
179.15.133.126:1664
179.15.149.222:1665
179.15.149.222:1667
179.15.149.222:1668
bbuseruploads.s3.amazonaws.com
card25.con-ip.com
estrillajuju.con-ip.com
hgfghdfdhgfhjfgukugf.con-ip.com
muchodinerohoy.con-ip.com
renovar.con-ip.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

103.67.163.218:2298
104.238.220.25:2404
104.243.242.233:1692
144.76.198.145:2020
144.76.198.145:8090
144.76.198.145:9090
147.45.45.187:443
154.216.19.153:8090
154.216.19.153:9090
157.254.236.188:25
167.0.242.66:2000
172.93.222.225:2404
172.94.36.43:4444
172.94.89.130:1781
172.94.89.133:18711
176.9.23.50:3591
176.9.23.50:6489
176.9.23.50:9839
178.215.236.246:4591
179.13.1.246:2404
185.196.220.29:18711
188.126.90.3:2404
193.142.146.101:2403
195.10.205.95:443
198.46.178.150:2404
2.58.56.84:2404
213.190.4.203:51268
217.12.201.39:2404
217.12.201.39:888
217.76.57.196:2425
23.95.60.70:2404
45.59.120.222:8080
45.66.231.70:2404
45.80.158.56:2404
45.89.48.132:2404
46.246.12.3:8884
46.246.12.3:8889
46.246.12.7:9090
46.246.80.4:2404
46.246.82.7:2404
54.193.66.5:2404
62.169.29.134:2404
91.92.240.75:2404
91.92.243.195:4190
91.92.244.29:1109
92.118.57.244:2404
94.130.131.169:7730
94.130.249.123:2639
94.130.249.123:3128
94.130.249.123:3474
94.130.249.123:4139
94.130.249.123:4493
94.130.249.123:4583
94.130.249.123:4893
94.130.249.123:4917
94.130.249.123:4963
94.130.249.123:5897
94.130.249.123:5967
94.130.249.123:6397
94.130.249.123:6916
94.130.249.123:6987
94.130.249.123:7367
94.130.249.123:7394

# Reference: https://www.virustotal.com/gui/file/de4ed9c858ba08046e51aaa6c2ef12636836597d85a79319870e241bb8c408b1/detection
# Reference: https://www.virustotal.com/gui/file/8fbc4642276d9a4a7d9bd8403ad877f6924ca453390df838e032b3f89d376d18/detection

http://176.223.130.167
91.92.243.78:2404
shenron19862.duckdns.org

# Reference: https://x.com/karol_paciorek/status/1820442575339188265

http://45.138.183.226
216.9.224.58:5555
45.138.183.226:8973
45.138.183.226:8974
45.90.89.252:8973
45.90.89.252:8974
enargy.co
bxi.giize.com

# Reference: https://x.com/JAMESWT_MHT/status/1820762213667275177
# Reference: https://www.virustotal.com/gui/ip-address/172.93.222.33/relations
# Reference: https://app.any.run/tasks/309b558d-a7ad-4d1f-8f4a-dde5353fe158/
# Reference: https://www.virustotal.com/gui/file/0215613cd0d68cb74ec1ac781faff5e41d8ddaf32dc281c5ea847a4d3c1040bb/detection

172.93.222.33:35550
supersmsblow.live
megafusion.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f45cff43d3cc69afda28e08941242d4e82d20d1adc642e96a73caac2aa5d5900/detection
# Reference: https://www.virustotal.com/gui/file/6edc26583499cc66f14c2e362182a31546d1965792343fba41ce1fa494ed03bf/detection

pythonsleep.online

# Reference: https://x.com/Cyberteam008/status/1821374578066702672
# Reference: https://pastebin.com/Vm62bRXS

http://146.70.161.48
http://179.43.185.237
http://23.28.149.187
http://46.19.137.165
http://77.105.161.52
101.99.92.147:4433
103.186.116.111:4440
103.237.87.159:2404
103.30.10.32:7000
104.243.242.171:8580
104.243.242.228:4040
104.243.38.89:5008
12.221.146.138:9090
128.127.104.25:888
134.255.252.75:22
137.74.188.193:2404
142.11.201.123:6123
142.11.201.126:6123
147.78.103.153:8090
152.202.240.123:2000
152.89.198.197:443
172.111.186.112:2022
172.94.108.143:8091
176.9.23.50:6998
176.9.23.50:7081
178.33.57.155:443
179.13.6.213:2016
179.43.185.237:443
179.43.185.237:53
181.235.132.27:8888
185.234.216.107:5000
185.234.216.107:5001
185.234.216.107:5003
185.53.209.178:53
185.53.209.178:8080
186.112.207.223:2023
186.169.58.119:2404
188.215.229.132:5001
191.93.113.10:2000
193.239.160.78:8080
193.26.115.41:443
194.59.31.129:3191
195.201.87.182:443
198.12.81.159:2560
198.23.227.135:5590
204.10.160.151:2404
204.10.160.179:2404
208.87.206.171:443
212.32.249.39:1194
213.109.202.33:5000
213.252.247.119:1111
216.173.116.240:9595
216.9.224.18:9943
37.1.208.225:8081
41.216.183.71:5000
45.141.215.89:2404
45.146.253.227:443
45.154.98.228:443
45.157.233.63:2404
45.61.132.128:2404
45.61.166.165:9019
45.74.37.70:5050
45.77.115.225:2006
45.77.73.71:2121
45.95.169.134:443
45.95.232.235:4343
45.95.232.242:4343
46.183.222.78:8081
46.19.137.165:443
46.19.137.165:53
46.246.12.20:9080
46.246.14.10:9080
46.246.14.9:9080
46.246.14.9:9090
46.246.6.20:9090
46.246.80.20:8888
46.246.80.8:8079
46.246.82.12:6665
46.246.82.20:9080
46.246.82.21:8888
46.246.84.10:8888
46.246.86.20:9078
46.4.224.203:443
5.8.11.120:7070
62.204.41.246:5000
62.204.41.246:5001
62.204.41.246:9000
64.176.43.119:7007
64.188.16.157:9001
64.23.156.103:443
65.21.134.79:8090
66.150.198.176:10050
66.150.198.176:25
67.217.228.230:443
77.105.161.52:8080
77.105.161.52:8888
77.91.77.55:5252
78.159.112.29:7077
80.253.239.170:443
83.147.37.166:8888
83.147.37.166:9999
85.206.161.93:888
85.209.11.113:5001
85.209.11.113:8001
85.209.11.113:8445
91.227.77.101:443
91.231.182.193:8080
91.92.241.189:9080
91.92.249.142:9898
91.92.254.202:2404
92.52.217.56:8080
94.130.131.169:8513
94.156.69.173:2404
94.156.79.25:8090
94.158.245.104:8090

# Reference: https://www.virustotal.com/gui/ip-address/177.191.139.145/relations
# Reference: https://www.virustotal.com/gui/ip-address/187.72.79.111/relations
# Reference: https://www.virustotal.com/gui/file/0714671314754f5830bd40aba2f7f238796f18dc3c8dcd571ca4413e2ec2b124/detection
# Reference: https://www.virustotal.com/gui/file/cea295ccfe6d772a40cdfa8e31e42c3433f7f9b672f9f8ecf5905a4a78fd49ce/detection

162.251.122.70:45889
45.66.231.62:2487
alfapacs.ddns.net
gigololo.duckdns.org
mappe.ddns.net
servidorwindows.ddns.com.br
windowsssjunedd.duckdns.org

# Reference: https://tria.ge/240807-hpsn6stgjk/behavioral2

192.3.176.174:26734
wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro
host.wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro

# Reference: https://www.virustotal.com/gui/file/2390cf47d9412574ff2590506a066f8a18d9b5775a55fea1b0121ebe7fe49c6f/detection

212.92.242.121:2404

# Reference: https://www.virustotal.com/gui/file/aa3588b284988846e7b49e3aa32ec48ed95677e381c5cefe742841b58531c78f/detection

sandshoe.ignorelist.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-08-10)

http://34.151.206.189
http://65.21.245.7
103.186.116.14:2404
103.186.116.90:67
103.186.116.90:70
103.198.26.25:96
103.74.101.242:2404
104.243.242.231:1692
104.243.242.234:1692
108.181.191.159:2404
122.175.43.125:2404
138.201.150.245:6589
146.70.137.90:3343
147.124.212.130:2405
147.124.212.217:22330
147.185.221.18:52136
148.113.165.11:3030
149.28.83.171:2404
152.201.163.76:2001
154.216.18.89:2404
154.216.19.153:333
155.254.25.33:10050
172.111.232.174:2404
172.93.218.178:45667
172.94.89.132:18711
173.215.153.107:1800
178.23.190.118:52499
181.134.102.135:2404
181.235.135.17:2404
185.17.26.109:45682
185.196.220.194:2404
185.196.220.195:2404
185.196.9.6:2404
185.29.9.110:2404
188.165.120.122:6622
192.3.95.204:8787
193.239.160.78:18080
193.26.115.21:7009
194.59.30.104:2404
195.10.205.113:443
198.23.227.212:32583
204.10.160.158:53604
212.86.115.26:2404
213.152.161.249:11274
213.152.187.220:30311
217.76.50.73:3256
23.227.202.48:2404
23.227.203.18:44577
31.43.185.8:2202
38.170.239.50:6192
45.204.3.1:2404
45.66.231.157:2404
45.66.231.163:2404
45.66.231.197:2404
45.66.231.198:2404
45.66.231.218:4259
45.80.158.32:61009
46.175.167.116:2404
46.183.223.70:4047
46.246.14.10:2404
46.246.14.10:8888
46.246.4.8:2404
46.246.6.9:2404
46.246.82.2:8888
46.28.236.222:2404
62.102.148.156:9771
65.21.245.7:81
77.105.161.144:2404
77.105.161.144:4899
77.105.161.144:8081
77.105.161.52:2404
77.105.161.52:4899
77.91.77.55:32024
84.38.133.48:2404
85.209.133.95:1961
91.92.246.78:2404
91.92.248.42:2404
94.156.65.182:31051
94.156.69.174:7459
95.214.54.179:2301
ab9001.ddns.net
anyone-blogging.gl.at.ply.gg
areaseguras.con-ip.com
eadzagba1.duckdns.org
jesusgabrielahumadalora09.con-ip.com
latestgrace2024.duckdns.org
luky00921.ddns.net
method890.ddns.net
newskingdomz.live
officerem.duckdns.org
peleinufele.kozow.com
serverupdatemarch353.duckdns.org
taysour6lakut1.duckdns.org
taysour6lakut2.duckdns.org
unifrieghtmovers.com
windowsserverfebarch.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1822918414446297409
# Reference: https://www.virustotal.com/gui/file/5bb6c4fd0757c706f61538fac3e6697dc8ad2b1061682c079c2869dcba2ebc86/detection
# Reference: https://www.virustotal.com/gui/file/52daf73ade9a604dee09d39a62636d33ff50f6e08de58a96e012f8f3141b54ae/detection

185.225.74.254:6655
65.109.15.146:7666
paialspailas.duckdns.org
paialspailas22.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2f1f66a7d7f0058db7f854e5ed21829fcbc075a6a94590b16a1509267a477511/detection

94.156.175.95:21
94.156.175.95:39967
siaemic.cam
server.siaemic.cam

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

103.14.225.137:6425
103.186.64.146:2404
103.67.162.246:2404
103.67.162.248:2404
104.243.242.227:1692
104.243.242.232:1692
104.250.175.237:1871
107.137.89.241:2404
111.90.147.110:3390
111.90.147.110:81
141.95.84.40:39
152.204.251.167:2404
152.204.251.167:8888
154.127.53.157:2404
154.216.20.177:2404
154.216.20.252:32024
154.216.20.51:443
162.251.122.90:2404
167.0.250.58:2000
167.0.254.30:2000
172.111.139.167:2404
172.86.70.236:7070
172.94.89.141:1781
173.249.194.100:2404
176.31.92.202:36745
178.73.192.14:2404
178.73.192.14:8888
179.43.182.85:2222
179.43.182.85:2404
179.61.237.4:443
181.235.158.214:2404
185.208.158.171:8922
185.208.158.205:2404
185.208.158.212:443
185.29.10.35:2404
185.38.142.127:2404
191.88.255.116:2404
192.3.243.155:2404
193.142.58.10:8300
194.190.152.246:8080
194.59.30.123:2404
194.61.28.213:57108
195.211.98.63:8081
195.26.87.40:2404
198.46.243.123:5938
204.10.160.158:54604
206.123.148.197:2404
208.70.254.150:2404
23.227.202.100:10110
23.95.206.163:26000
34.34.97.238:8888
43.226.229.234:2404
45.133.74.183:2404
45.137.22.106:2404
45.156.86.29:1847
45.66.231.228:2080
45.66.231.75:2404
45.95.169.110:2404
45.95.169.137:2404
46.174.55.144:2404
46.174.55.144:443
46.183.223.11:2404
46.246.80.15:2404
46.246.82.12:2404
46.246.82.20:2404
46.246.84.10:2404
46.246.84.12:2404
46.246.84.19:2404
46.246.84.19:8888
46.246.84.2:2404
5.161.181.2:2404
5.253.86.247:2404
64.188.18.85:2404
67.203.0.132:2404
67.203.7.218:2404
69.197.174.209:2404
8.130.29.217:2404
80.94.95.119:2404
83.149.72.49:2404
84.38.129.51:9999
84.38.133.170:9999
84.38.133.53:2404
89.149.197.177:2404
91.92.244.161:2404
94.156.69.213:2404
94.46.246.60:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-08-18)

103.186.117.57:2404
103.67.162.233:9462
111.90.147.110:465
111.90.147.110:8090
154.216.18.14:7070
154.216.19.222:7088
172.86.70.236:4242
181.235.9.111:2404
192.129.178.60:5121
192.210.150.26:8787
23.95.235.18:2557
45.156.86.52:1847
45.95.169.139:2403
65.21.66.222:9821
agosto14.con-ip.com
method8888.ddns.net
sungito2.ddns.net
tochisglobal.ddns.net

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://101.99.75.219
http://111.90.148.123
http://154.216.20.51
101.99.75.219:2404
101.99.75.219:8080
103.186.117.159:13924
104.243.242.230:1692
104.250.175.232:1871
104.250.175.236:1871
111.90.148.123:2404
111.90.148.123:8080
152.202.226.171:2000
152.204.248.116:2404
152.204.248.116:8888
154.216.17.14:2404
154.216.18.157:2404
154.216.18.214:2404
154.216.18.216:2404
154.216.18.232:9090
172.111.131.34:46167
185.208.158.82:2404
189.38.106.100:3004
189.38.106.100:8080
192.129.178.58:5121
192.129.178.59:5121
192.129.178.61:5121
192.129.178.62:5121
192.3.101.172:2404
195.211.98.63:8090
208.77.22.212:17527
23.27.244.39:2404
45.148.17.50:57155
45.62.170.171:2404
45.66.231.251:2404
45.88.186.251:443
45.94.31.35:4444
45.95.169.175:2404
46.246.6.15:2404
46.246.6.15:9090
46.246.6.4:8888
46.246.80.11:2404
46.246.84.12:9090
46.29.238.104:2404
57.128.155.22:4054
57.128.155.22:4057
65.108.24.88:2404
78.142.18.110:2407
78.142.18.111:2407
78.142.18.112:2407
78.142.18.221:2407
79.110.49.142:9999
84.38.132.103:7001
91.234.199.40:2404
91.234.199.40:443
91.92.241.131:2404
91.92.242.128:2404
91.92.242.143:2404
91.92.249.210:4395
94.156.65.246:2404
96.47.232.195:2404

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-08-25)

http://101.99.75.178
101.99.75.178:2404
101.99.75.178:4899
101.99.75.178:8080
103.161.133.243:2404
104.238.220.231:4871
111.90.148.123:5651
118.163.177.120:2404
154.216.18.232:8090
172.111.137.132:57484
172.111.186.124:7777
192.3.101.172:9674
192.3.64.152:2559
194.169.175.109:2404
43.226.229.227:57484
45.66.231.73:22891
46.183.223.84:9898
46.246.6.4:8884
46.246.6.4:8889
89.32.41.177:2404
91.92.241.171:89
94.154.37.219:3942
abomenaa.duckdns.org
acheminement-assistance.com
alvaritox.con-ip.com
dhlseguimiento.com
eager-northcutt.45-95-232-237.plesk.page
freak4u.duckdns.org
gray-mouse-10079.zap.cloud
great-poitras.45-95-232-237.plesk.page
hgbourst28lasor2.duckdns.org
infovitale-secuameli.site
lluxurioesessparesort.com
mon-suivi-info.com
newsletter208.home-webserver.de
ppizzavonrom.com
schokoladenzauber.com
strange-sinoussi.45-95-232-237.plesk.page
suivi-colis-info.com
turkishlotteryoffate.com.tr
ups-infotracking.com
vps-zap1037826-7.zap-srv.com

# Reference: https://x.com/malwrhunterteam/status/1828157748900700247
# Reference: https://www.virustotal.com/gui/file/a7048b5c7ad209fc0748b6aeae5261aaad7d358bcd899f91bd1294780e9c266a/detection
# Reference: https://www.virustotal.com/gui/file/8c0281e7890b713ecc149fa3f4280ec8f9b349d9d442e673aaa720c96c07dc5f/detection
# Reference: https://www.virustotal.com/gui/file/576700e02475a3b2dc014167c5167b69598ec5801fe5256a808285c2055fd23f/detection

94.156.69.53:3400
access-companys.con-ip.com

# Reference: https://www.virustotal.com/gui/file/1a20454e463f4642d58f0e531e16dc4b9b6f6ef17766decdb02c12dbc820ba36/detection

148.113.165.11:127

# Reference: https://www.virustotal.com/gui/file/03c3d8e55815807839b5a6c33d9ff6be07a3a19e3c1488a0fa4d89c14ee6a75e/detection

148.113.165.11:3030

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt

206.123.148.197:3980

# Reference: https://x.com/JAMESWT_MHT/status/1829422189528973774
# Reference: https://app.any.run/tasks/66d8c99a-5671-4dec-9bb8-fff3cd359106

63.141.237.145:5642
63.141.237.145:5757
remcosco222.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1829466806391656787
# Reference: https://www.virustotal.com/gui/file/df7d2e54b67a7788dd7c326a6c2a1c5b935b94288622fb7bbeff3ba336205cd7/detection
# Reference: https://www.virustotal.com/gui/file/ddd94d9d25f4ee02343b209e6d345457ef0b3efebccfd9a16b721e1c59a6cb03/detection
# Reference: https://www.virustotal.com/gui/file/cb43e05491b09d4c7da14d3f42d11a2bb4fa81b0fb47717d44c75426832cdf30/detection
# Reference: https://www.virustotal.com/gui/file/a2bfa5db078137d391b392758fca56b34c8d3c9b0a7e23b1ba9fa9a2edf91000/detection
# Reference: https://www.virustotal.com/gui/file/2ee1e4201c69f361a30b28aef54b3a56cf42a559d5c6101f11f51c38adca8f55/detection

http://83.222.191.201
83.222.191.201:24251

# Reference: https://x.com/StrikeReadyLabs/status/1830420330541703309
# Reference: https://www.virustotal.com/gui/ip-address/94.154.172.166/relations
# Reference: https://www.virustotal.com/gui/file/53c944e2e98e5b68fa43a83b73575775f9c231612f981358686caa29d7e37bf0/detection

uknownabode.duckdns.org
xemdeptrai.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0b6ff11b6bb77a2b5fddd259c021c80096d681e955468e342435ab93d1743cd7/detection

101.99.93.108:2404

# Reference: https://x.com/malwrhunterteam/status/1831738472299688333
# Reference: https://www.virustotal.com/gui/file/18ffe969595851eed2e247ff3e872a488415820e05371531a388276eeccaa250/detection
# Reference: https://www.virustotal.com/gui/file/3e5adec34d0e3567b3eed2c917eaac783ff3eb19c2a1154339ebd1b2497f1e24/detection
# Reference: https://www.virustotal.com/gui/file/68fe63cdae0b90cd1df1d400879135d3c18522c98cf4a9473156b477a71529ce/detection
# Reference: https://www.virustotal.com/gui/file/791e4eed86e4d17301d1f0ba8e75c82d44c4ab2be4b9b9e0c88ad7754948ed82/detection
# Reference: https://www.virustotal.com/gui/file/9549f73133514942aadfcf6f3f38f5d89e573ba7d9b18cde44f29f0a172d7c32/detection

http://5.181.156.117
5.181.156.117:8576

# Reference: https://x.com/malwrhunterteam/status/1832056215356022789
# Reference: https://www.virustotal.com/gui/file/3c911df5b86df9712bf5f14ff49c3beadb62cbde886609139c437bf0a919fc49/detection
# Reference: https://www.virustotal.com/gui/file/1a4380f4a67993c78d73e57335b7972189ea44f768517c2e382ee267cc48ad5f/detection
# Reference: https://www.virustotal.com/gui/file/947ba630b4d2d998525eff4f08a5f9a0f45052b51fab71c7838ffae57ab0e4f5/detection

172.111.244.2:6042
172.111.244.4:6042
172.111.244.7:6042
172.111.244.11:6042
privmerkt.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://111.90.147.146
http://172.111.250.17
http://185.239.236.234
101.99.93.108:1723
101.99.93.108:8080
103.161.133.243:2080
103.186.116.168:2404
103.186.116.193:8080
103.198.26.72:25
103.198.26.72:8080
104.243.242.235:1692
109.110.184.176:2404
111.90.147.146:2404
111.90.147.146:8080
111.90.148.145:1024
111.90.148.145:2404
111.90.148.145:8000
125.227.79.121:2404
139.99.137.193:2404
142.44.173.92:8080
143.92.60.24:2404
143.92.60.26:2404
143.92.60.29:2404
146.70.87.250:2404
149.202.0.252:2404
152.201.188.254:2000
154.216.17.203:2404
154.216.18.235:2404
154.216.19.222:5532
154.216.19.222:6509
154.216.20.211:6902
154.216.20.223:5584
157.20.182.60:2404
162.248.224.13:2404
162.251.122.106:2404
162.252.172.190:443
167.0.225.82:2000
172.111.131.36:17527
172.111.131.44:46167
172.111.139.127:2404
172.111.139.160:2404
172.111.139.88:2404
172.111.186.144:4444
172.111.250.17:2404
172.111.250.17:443
172.94.3.25:8080
172.94.53.165:2404
177.255.88.227:2404
181.235.160.251:2404
181.235.160.251:8888
181.235.222.138:8888
185.146.88.217:2404
185.150.191.117:4609
185.157.162.103:1997
185.174.101.128:2404
185.208.158.171:6042
185.241.208.83:2404
185.38.142.128:8080
192.177.111.22:2404
192.236.237.18:9090
192.3.101.254:9674
192.3.220.30:2080
192.3.23.251:2404
193.142.146.101:2406
193.143.1.11:443
194.28.225.73:443
198.244.236.18:2404
198.46.174.158:2404
204.10.160.206:2404
204.10.160.230:7983
206.123.152.101:2404
213.252.247.119:4444
23.106.238.209:2404
23.95.173.183:2404
31.222.238.188:2404
34.151.206.189:2404
38.153.61.72:2404
45.138.16.248:8081
45.202.35.28:2404
45.202.35.40:2404
45.61.157.44:2404
45.62.170.238:2404
45.66.231.234:2404
45.88.186.161:443
45.89.247.101:2080
45.89.247.112:2404
45.89.247.134:2404
45.89.247.135:2404
45.89.247.45:2404
45.89.247.98:2404
45.89.48.165:2404
45.95.169.104:2404
45.95.169.18:2404
46.246.12.23:2404
46.246.14.24:2404
46.246.6.14:2404
46.246.6.21:2404
46.246.6.21:8884
46.246.82.10:2404
46.246.84.15:8888
46.246.84.17:8888
46.246.84.6:2404
46.246.86.11:2404
47.243.114.61:2323
5.253.247.130:2404
5.253.247.130:443
64.188.12.208:5500
64.188.18.85:4455
65.21.66.217:2404
67.203.7.145:2404
67.203.7.223:2404
67.207.161.204:2404
69.46.15.142:2404
83.147.37.152:2404
85.17.23.154:2404
89.34.99.39:2404
91.92.240.98:2404
91.92.241.132:2404
91.92.255.186:34312
94.156.65.125:2404

# Reference: https://x.com/JAMESWT_MHT/status/1832474715979436302
# Reference: https://app.any.run/tasks/f602ee0f-f9c9-403f-8589-712a7e2b3cb8

192.3.101.17:2404

# Reference: https://www.virustotal.com/gui/file/bf350d8f7fbd4db00e6d87a45558522548b4d816f32ea0cc57ec9342111f4dbc/detection

91.193.75.113:4045
referantsa1.duckdns.org
tergatco777.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6e64f1c66b67d4912394403d99b88da47f28f0a682e17c94af69b8f59221d6be/detection

154.13.163.54:6065
185.244.30.86:6065

# Reference: https://www.virustotal.com/gui/file/c294a3733759e35bc74da2dcd95fab459ca9e2cdb845f3c0d3c2012c6bf7a9d3/detection

181.136.226.14:1998
194.147.140.207:1998

# Reference: https://www.virustotal.com/gui/file/90f99f8659dd04260d1b30b7d139e832ba8e2f2bbbb393f07f7ebcbaef8093c8/detection

45.95.169.162:3321

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-09-09)

103.237.86.135:2021
109.248.151.169:2404
172.111.244.104:3980
198.13.35.20:25723
43.226.229.234:57484
45.138.16.208:2404
45.66.231.182:2404
46.246.80.8:2404
5.20.120.177:2404
80.66.75.98:2404

# Reference: https://x.com/vmray/status/1833180847551160381
# Reference: https://www.vmray.com/analyses/_vt/d534ed1c1ca0/report/network.html
# Reference: https://www.virustotal.com/gui/file/d534ed1c1ca02484710138b6a1517db17c76e799041ba0e908cde3abb93d80bb/detection
# Reference: https://www.virustotal.com/gui/file/668ddbfe96219c2902b46779cb66520f9d5145c0d2c0873d815f10d89bcbe005/detection
# Reference: https://www.virustotal.com/gui/file/4456c86e1e94ea89baefae9a62592e95ae7b49560440d6efe0e80c660bdb8073/detection
# Reference: https://www.virustotal.com/gui/file/325fde6dcba7eacd28df2465028d87d8afb43eb243aa4b4970242e507775570a/detection

5.182.211.249:23101
pushswroller.eu
remwavesw.com
rollerswpush.eu
swpushroller.eu
bas.swpushroller.eu
rem.pushswroller.eu
run.rollerswpush.eu
swre.remwavesw.com
tip.swpushroller.eu
/dovfd/Plksbjdwhd.js
/dovfd/Yherfwjd.js
/Plksbjdwhd.js
/Yherfwjd.js

# Reference: https://x.com/kddx0178318/status/1833492153277792663
# Reference: https://app.any.run/tasks/a423a0f6-0722-4a60-9ca0-b27d49eca7b5
# Reference: https://www.virustotal.com/gui/file/842c000429c7e5787fb9fd0961238758e04b4af6c6b56dc4bb0c4db27af69fce/detection

43.226.229.234:57484
lyshdiopofu.kr
uppsintrtfo.ee
notariusnaydenova.eu/wp-admin/users/Stevets.csv

# Reference: https://x.com/karol_paciorek/status/1833434905587396630
# Reference: https://www.virustotal.com/gui/file/c07e92647c58d22541517b52a7c7af5031deacc9261d5eb45ea7f72d778df49a/detection

onedrive-microsoft.redirectme.net
onedrive.webhop.me

# Reference: https://www.malware-traffic-analysis.net/2024/09/11/index.html
# Reference: https://www.virustotal.com/gui/file/085149beb8dbcf6a2b42cf0de78eb1a82e1860d936c8d46b13029021fee35271/detection
# Reference: https://www.virustotal.com/gui/file/4a79a8b83afd4feb2fd2e130d54f667fa9ee6c61ecf7d61efed3753ab2450775/detection

198.23.201.62:4877
198.46.178.133:4877

# Reference: https://www.virustotal.com/gui/file/ec8b98607e1889c5f170be0021cfb688eb209c33ca3202abd34cfa586edce983/detection

91.151.88.7:2404
mehmetemreural.net

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-15)

http://101.99.93.144
101.99.93.144:2404
101.99.93.144:465
101.99.93.144:50255
107.172.148.221:14645
107.173.229.136:2404
120.79.89.234:2404
131.226.2.26:2404
146.70.24.188:2404
147.124.209.163:2404
172.94.53.168:2404
179.13.2.98:2404
185.157.162.126:1997
185.174.101.120:2404
192.129.178.61:6122
192.210.150.17:2404
208.70.254.147:2404
31.6.50.127:2404
38.132.122.173:2404
41.216.188.178:2404
45.138.16.248:801
45.61.129.21:2404
45.66.231.122:2080
46.246.12.210:9090
46.246.80.10:2404
46.246.80.10:8888
46.246.80.5:8889
46.246.82.8:2404
46.246.82.8:9090
46.8.221.61:443
51.89.208.28:2404
67.207.166.172:2404
80.66.75.98:2000
84.38.132.51:2404
89.117.52.151:2404
91.92.242.74:2080
91.92.255.64:2404
94.156.67.144:2404

# Reference: https://x.com/malwrhunterteam/status/1837393554001240279
# Reference: https://www.virustotal.com/gui/file/b125da74dfb843031eb2ec7eac49792c97e1a1a272a3a47b39a635a8deeec03b/detection

193.142.146.203:2405

# Reference: https://x.com/banthisguy9349/status/1837534484373098604

http://103.182.19.148
http://104.243.38.54
http://107.172.148.248
http://107.175.242.80
http://107.175.243.142
http://149.28.221.9
http://149.28.237.172
http://172.232.189.85
http://172.232.4.203
http://172.236.19.62
http://192.227.173.64
http://192.227.225.173
http://192.3.193.155
http://192.3.223.30
http://192.3.243.166
http://198.12.107.122
http://198.12.81.171
http://198.12.81.228
http://198.23.133.156
http://198.23.188.147
http://198.46.177.156
http://198.46.178.137
http://198.46.178.154
http://198.46.178.181
http://23.94.148.16
http://23.95.235.112
http://45.89.247.102
http://45.90.89.123
http://91.134.98.142
http://99.79.191.228

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-09-22)

http://101.99.93.169
103.161.133.224:5584
103.161.133.245:9898
103.186.117.150:1282
103.186.117.228:2404
103.198.26.22:2404
103.67.162.213:2435
104.243.242.226:1692
116.55.248.235:10443
116.55.248.235:20443
141.95.84.40:37
148.113.165.11:3000
154.216.18.217:5690
154.216.18.217:8967
154.216.20.237:9090
165.154.219.160:39685
172.111.139.93:2404
172.111.163.226:8901
172.111.250.17:2455
172.93.220.148:45682
172.94.9.172:57484
173.249.193.221:2404
173.249.194.122:2404
179.13.2.98:8888
181.236.124.3:2000
184.75.221.171:36441
190.70.119.188:8997
192.129.178.58:6121
192.129.178.58:6122
192.129.178.58:6123
192.129.178.58:6124
192.129.178.59:6120
192.129.178.59:6121
192.129.178.59:6122
192.129.178.59:6123
192.129.178.59:6124
192.129.178.59:6125
192.129.178.60:6120
192.129.178.60:6121
192.129.178.60:6122
192.129.178.60:6123
192.129.178.60:6124
192.129.178.60:6125
192.129.178.61:6120
192.129.178.61:6121
192.129.178.61:6123
192.129.178.61:6124
192.129.178.61:6125
192.129.178.62:6120
192.129.178.62:6121
192.129.178.62:6122
192.129.178.62:6124
192.129.178.62:6125
192.3.101.29:1070
192.3.101.29:14645
192.3.23.251:1070
193.142.146.101:2405
193.142.146.203:2406
194.59.31.104:2404
195.246.231.197:606
198.13.35.20:2404
198.135.48.32:7067
198.23.197.108:7010
198.37.105.222:8080
209.250.252.99:2525
212.162.149.163:2404
23.106.127.123:91
23.106.127.79:5679
23.95.60.82:1070
45.126.209.252:443
45.139.104.150:8080
45.143.200.21:3389
45.66.231.111:2404
45.89.247.127:2404
45.90.89.98:8243
46.246.6.11:2404
46.246.6.21:8889
46.246.82.8:8888
46.246.84.15:2404
46.246.84.15:8884
46.246.84.4:2404
46.246.84.4:9090
51.222.121.200:2404
67.203.7.162:2404
80.66.75.47:55777
84.38.132.40:2404
86.104.72.183:2709
91.92.240.228:2404
91.92.241.132:3000
91.92.244.33:443
91.92.251.188:8080
91.92.251.188:9090
93.67.51.29:2404
94.156.65.202:2404
94.156.67.94:63193
blakaa.duckdns.org
crash.sh
curt.wiz.co
ichika.tw
loip.cc
nnamoo.duckdns.org
strms.ly
ubal.do
udum.work.gd
ufye28738bd3yv23d783.con-ip.com

# Reference: https://www.virustotal.com/gui/file/28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793/detection

64.176.178.205:1988
zakriexports.com

# Reference: https://x.com/Gi7w0rm/status/1838837540054241651
# Reference: https://tria.ge/240925-hqxphsthqe/behavioral3

190.9.223.135:4576
remcos2024fin.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3f17c7c8dd1638141546da3b36d9b64dc7ae4081bc53cd40f0ac135f122921aa/detection

181.131.216.24:1213
holdadmin2024.duckdns.org
rem0324.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1839558287714349487
# Reference: https://www.virustotal.com/gui/file/dbbcec0d5113d71eaff4520425519d1cf48fd207f0189335292930e1dc4b519f/detection

37.120.137.198:4422
heavytank21gh.com

# Reference: https://www.virustotal.com/gui/file/14f1be9adf86ae849dc4588e2fe837a0365287c2de485d0ee3df8fd2aa0cf6b2/detection

http://91.202.233.169
89.117.23.25:57840
prehv.duckdns.org
rupz.duckdns.org
wrzn.duckdns.org
zaratanes.duckdns.org

# Reference: https://www.virustotal.com/gui/file/060d6f9c0505a7709281567b10bbc91256a073ecd4fef23e3de47f5ff7aa40de/detection

45.135.232.38:5999
89.117.23.25:5999
91.92.248.248:5999
dxpam.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/89.117.23.25/relations

arwr.duckdns.org
asyx.duckdns.org
dcfast.duckdns.org
hypersh.duckdns.org
keepz.duckdns.org
newsl.duckdns.org
njfast.duckdns.org
prdon.duckdns.org
qfast.duckdns.org
rfast.duckdns.org
rounk.duckdns.org
runp.duckdns.org
rupz.duckdns.org
viscas.duckdns.org
wrzn.duckdns.org

# Reference: https://x.com/Merlax_/status/1842001785587650815

190.9.223.135:4576
remcosoct.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1843366576164352127
# Reference: https://www.virustotal.com/gui/file/429214e0fbaf7dc7990ae7690d393d82c04c73eb72ef91ca98e9d78d36afb818/detection

78.142.18.223:2404

# Reference: https://www.virustotal.com/gui/ip-address/185.185.71.79/relations
# Reference: https://www.virustotal.com/gui/file/acb3954b95e3c897d5ac69a8cc09ed81aace7b3193aa637f5ceb2a4a23204078/detection

http://77.105.161.194
101.99.94.69:2404
fwfjakas.com
pqowics.com
qbvsmvv.com
qwdfewf.com
saoaoss.com
jtybuxblokjhz8hr.saoaoss.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://101.99.93.120
http://101.99.94.69
http://198.20.161.194
101.99.93.120:5000
101.99.94.69:8090
102.165.14.28:27000
102.165.14.28:28000
102.165.46.145:2404
103.161.133.16:2404
103.186.116.133:2404
103.186.116.99:2404
103.186.117.126:9373
103.186.117.143:9373
103.186.117.214:9373
103.186.117.97:9373
103.198.26.226:2404
104.250.169.103:2404
107.175.130.20:14645
107.175.130.20:2404
135.125.27.227:8100
142.202.188.195:2404
146.70.41.191:2404
147.124.212.210:2404
152.204.241.66:2404
154.216.17.122:2404
154.216.17.214:2404
154.216.18.125:44122
154.216.18.177:443
154.216.18.229:443
154.216.20.219:443
154.216.20.223:4040
154.216.20.223:8090
154.216.20.223:9090
157.20.182.169:2404
165.154.219.160:7397
167.88.165.216:2404
172.111.163.227:9583
172.111.213.73:2404
172.111.213.81:2404
172.94.127.3:6042
172.94.127.3:7920
172.94.127.4:7920
173.208.241.155:8888
178.33.182.74:334
178.73.218.9:2404
181.131.216.100:2404
181.131.216.73:2404
181.235.200.130:8888
181.236.206.3:2000
185.156.175.35:19101
185.157.162.103:557
185.157.162.126:557
185.174.101.156:2404
185.174.101.182:2404
185.174.101.192:2404
185.174.101.218:2404
185.196.10.242:5938
185.196.8.98:2105
185.196.8.98:4728
185.196.9.145:3394
185.241.208.199:2404
185.29.10.114:6767
188.190.10.175:2404
188.190.10.197:2404
192.129.178.58:6120
192.129.178.58:6125
192.129.178.62:6123
192.210.150.29:2404
192.3.101.137:2404
192.3.101.184:9674
192.3.220.19:2080
193.142.146.101:2407
193.42.11.31:2404
198.13.35.20:21423
198.20.161.194:443
198.20.161.194:53
198.20.161.194:8080
198.37.105.222:27000
198.46.235.203:2404
202.95.213.49:39685
202.95.213.49:7397
202.95.8.65:2404
202.95.8.67:2404
202.95.8.99:2404
204.10.160.136:2404
209.250.252.99:2255
209.250.252.99:2404
35.199.115.230:2404
37.120.210.219:25723
37.48.102.22:1820
37.48.102.22:2404
38.240.55.153:2404
45.134.225.153:2404
45.138.16.176:5057
45.141.215.5:8081
45.141.215.70:2404
45.32.125.172:6886
45.32.129.178:5555
45.43.86.230:4190
45.66.231.191:2404
45.66.231.39:2404
45.66.231.49:443
45.74.50.102:2404
45.88.88.83:2404
45.88.91.63:2404
45.89.247.155:2404
45.89.247.178:443
45.95.169.113:2404
45.95.169.124:2404
46.246.12.13:2404
46.246.4.18:2404
46.246.82.16:2404
46.246.82.4:2404
46.246.86.13:2404
46.246.86.13:8884
46.8.211.102:2404
46.8.211.104:2404
46.8.211.109:2404
46.8.211.120:2404
46.8.211.137:2404
46.8.211.164:2404
46.8.211.167:2404
46.8.211.175:2404
46.8.211.177:2404
46.8.211.189:2404
46.8.211.195:2404
46.8.211.201:2404
46.8.211.232:2404
46.8.211.234:2404
46.8.211.42:2404
46.8.211.44:2404
46.8.211.57:2404
46.8.211.5:2404
46.8.211.69:2404
46.8.211.72:2404
64.188.20.210:3800
64.95.13.160:2404
67.203.7.212:2404
78.142.18.112:2403
78.159.112.29:1080
79.23.76.107:2404
80.183.105.180:2404
83.217.208.165:8980
86.38.225.26:2404
87.120.115.36:2404
87.120.127.239:2404
87.98.186.183:2405
91.92.251.190:2404
91.92.251.82:2404
93.123.39.108:2404
93.123.39.21:2404
94.156.104.118:2404
94.156.69.146:2404
95.168.174.42:2404
95.216.94.138:2222
95.216.94.138:2404
95.236.12.28:2404

# Reference: https://x.com/malwrhunterteam/status/1845717495002300859
# Reference: https://www.virustotal.com/gui/file/a0ab0a82d3d002785a5d1aafed149c455ae6a850c526cd78af24e42a3f453822/detection

45.88.88.33:6698
autohof-reimer.de
autoshausamsachsenwald.de
autosingers.de
caravanehamburg.de
hessengaragen.de
porsche-bon.de
porsche-zentrum-dresden.de
autohaus-cn.de/old/mobile/Banausic.qxd

# Reference: https://cert.gov.ua/article/6281009

http://101.99.93.108
http://111.90.147.147
101.99.93.108:465
101.99.93.108:8091
101.99.93.144:4899
101.99.93.144:8080
101.99.94.69:21
101.99.94.69:44444
101.99.94.69:4899
111.90.147.146:21
111.90.147.146:465
111.90.147.146:54750
111.90.147.147:8091
111.90.148.191:15666
172.86.68.37:7363
45.143.166.100:52336

# Reference: https://www.virustotal.com/gui/file/464b429b5c446267a52419ca61d5f08a70d259b48783c2f2b692125ea9bed29a/detection

144.172.122.67:2404

# Reference: https://x.com/D3LabIT/status/1846120504882602048
# Reference: https://www.virustotal.com/gui/file/a81393b534b9f803d64ca3d43f9e3b8a184a9e790ac20f2f51d347114384e7a2/detection
# Reference: https://www.virustotal.com/gui/file/0b666cd2c3ce0dc60fd07de691b357fbd2094ff194815977c0faab671edfca75/detection
# Reference: https://www.virustotal.com/gui/file/06b262074417f1d27dc0e1687868f57965caad6e3873e39141eefa6772bc1cc5/detection

genas.gr/bsq/
genas.gr/bsq1/

# Reference: https://x.com/malwrhunterteam/status/1846994153583894542
# Reference: https://www.virustotal.com/gui/file/8e521953f01b56f163a5d7ca777cdbef86f1d9291bf994d3ba35cb0e89729da0/detection

193.233.18.18:4050
193.233.18.18:5140
duedateforme.com
extendedbreakfast.com
goatratedman.com
shakaojafun.com
sleepychanreal.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2024-10-20)

http://185.38.142.127
http://80.66.75.248
101.99.92.189:2404
102.165.14.28:26000
103.124.107.115:16465
103.16.215.57:7487
103.161.133.119:894
103.186.116.220:6565
103.186.116.30:1111
103.186.116.93:2404
103.186.117.146:9373
103.186.117.236:45111
103.186.117.76:9373
103.198.26.87:2404
111.90.140.34:2404
134.255.225.121:443
154.216.17.185:6902
154.216.18.65:2404
162.251.122.111:2404
167.0.201.5:2404
171.22.108.171:2404
172.111.139.193:2404
172.111.139.193:4810
172.111.139.34:2404
172.111.250.17:2022
172.94.127.5:5290
172.94.127.5:6042
172.94.127.5:7920
179.14.8.215:2404
181.235.130.175:2404
181.235.130.175:8888
185.174.102.178:2404
185.196.10.242:8172
185.196.8.98:9583
185.208.159.211:2404
185.241.208.102:2404
185.241.208.64:2404
186.169.83.212:1213
188.126.90.22:2404
188.190.10.175:2405
188.215.229.113:2404
188.215.229.114:2404
192.3.101.137:5980
192.3.220.30:8080
195.82.147.130:5000
199.127.60.203:443
204.10.160.167:63749
204.10.160.212:6622
23.106.127.109:5432
23.227.193.34:2404
38.180.75.202:2404
45.141.215.46:4545
45.66.231.130:35966
46.183.222.126:2442
46.246.12.10:2404
46.246.14.11:2404
46.246.6.10:2404
46.246.86.13:8888
66.150.198.142:26000
66.150.198.142:2700
66.150.198.142:27000
66.150.198.142:28000
80.66.75.248:443
82.54.229.29:2404
85.209.11.113:5005
87.120.117.213:7717
87.120.117.215:7717
87.16.58.214:2404
92.255.85.63:5000
93.123.39.49:7717
93.123.39.50:7717
94.103.125.229:2404
94.141.120.5:2404
025sep.duckdns.org
15imp.duckdns.org
23spt.duckdns.org
agosto1.con-ip.com
clepdhunt.duckdns.org
comandoespecial2023.duckdns.org
dcmxz.duckdns.org
dcratff.duckdns.org
dianimpuesto.con-ip.com
dsjfndswibebfds.con-ip.com
dumboi.duckdns.org
enviosyrecuperaciondecartera2024.duckdns.org
faststaynow.duckdns.org
general7777.duckdns.org
honeypotresearchteam.duckdns.org
julio25.con-ip.com
klv44lczjht9758zd99zgye3mccpd959y.duckdns.org
leehoi01.ddns.net
mail.mesinfotostat.com.my
maxert.wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro
microsoft-analyse.com
microsoft.gotdns.ch
nwemarkets.com
ramcxx.duckdns.org
rcj.duckdns.org
remdriver64.pm
remremc.duckdns.org
rm.bizvally.net
rnyhbarwallet.com
septiembre18.con-ip.com
serversw.duckdns.org
sriecuad.con-ip.com
ugnrv.duckdns.org
viveroelgirasol.com
vps-zap1126706-1.zap-srv.com
webdecision.buyshouses.net
windowsoctarem.duckdns.org
zuesremmy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9edb79752241c09f75638486ed9e0ac0e5dafc7cb7128ec38d492cc263890b68/detection
# Reference: https://www.virustotal.com/gui/file/f6d8d4988844576ce042e45a0247d56197faba7a633742b6e1d7fd8db30166f1/detection

178.215.224.176:2409
hugobus.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1850958585775227385
# Reference: https://www.virustotal.com/gui/file/d5f8ef850eb7325a031a3f3b0435fc7e2b7a40d3a0f059e600b144ec109dcf27/detection

45.88.88.33:8439

# Reference: https://www.virustotal.com/gui/file/430d5d4db81a8e2e4cdcc7c572d3aefc7ced09a2a77246fc28297271ee646f4b/detection

185.165.153.43:6798
netag.ooguy.com

# Reference: https://x.com/malwrhunterteam/status/1854803255542329580
# Reference: https://www.virustotal.com/gui/file/a681f4e8aff080bfbfeead57c1d44c7dc4165fe18fb72f3e22cea7b7e06a44f8/detection

hopitaldewigle.com
hopitaldesbois.ddns.net

# Reference: https://www.virustotal.com/gui/file/934b5f5b18236fd26cdee1af7ab19ab4c549578066cdca663529068111e81537/detection

172.111.137.131:3981
191.252.83.213:21
191.252.83.213:60636
192.169.69.26:3980
in-houselegal.ro
janbours92harbu007.duckdns.org
janbours92harbu04.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://111.90.140.65
103.161.133.98:2404
103.195.236.227:2728
104.168.5.51:2404
104.168.7.10:5031
104.243.242.228:1692
107.148.35.41:8000
108.165.101.138:2404
109.199.113.226:37830
111.90.140.65:10000
111.90.140.65:2404
146.70.87.170:2404
147.45.44.105:2404
147.45.44.105:9980
149.28.238.241:2404
154.127.53.248:2404
162.19.147.238:2404
172.111.137.165:2404
172.111.139.12:2405
172.111.139.199:4810
172.233.164.152:2003
172.93.189.76:2404
172.94.127.3:5290
172.94.89.130:18711
172.94.9.163:2404
172.94.9.164:2404
172.94.9.166:2404
172.94.9.171:2404
178.215.224.99:16377
178.73.192.2:2404
179.13.10.157:8088
181.235.132.44:8888
185.130.226.153:2404
185.153.197.22:2404
185.157.162.103:1991
185.157.162.126:1991
185.196.10.242:4728
185.196.10.242:7736
185.196.10.242:9544
185.196.8.98:8172
185.196.9.145:3399
185.208.156.182:2404
185.208.156.248:2404
185.208.159.227:2404
185.234.65.186:2404
185.236.228.160:443
185.241.208.173:8081
185.241.208.44:2000
185.38.142.226:2404
186.169.95.181:8888
188.126.90.4:2404
192.161.184.44:2468
192.227.228.36:2404
192.3.146.145:443
192.3.176.145:2404
192.3.64.137:2404
193.142.146.5:2404
193.227.129.84:2404
193.29.13.204:5850
194.59.31.143:4444
195.211.99.96:2404
198.154.93.41:8082
198.167.212.66:2404
198.46.178.148:2404
202.95.213.11:7397
204.10.160.230:8693
206.189.218.238:3363
207.189.164.112:5471
209.14.2.233:2404
212.162.149.195:2404
212.162.149.220:2404
212.162.149.226:9285
212.171.18.177:2404
212.171.19.191:2404
212.22.82.124:2404
213.252.247.119:1122
217.76.57.196:2426
23.227.202.197:2404
23.88.3.155:4444
35.220.133.24:3306
38.255.61.31:2404
4.229.242.13:2404
41.216.183.250:2404
45.137.22.227:443
45.138.16.130:8081
45.141.215.46:2404
45.149.241.229:2404
45.88.186.149:2404
45.92.156.11:44160
46.246.12.11:2404
46.246.12.14:2404
46.246.14.19:2404
46.246.14.9:2404
46.246.6.16:2404
46.246.80.4:9090
46.246.82.20:9090
46.246.84.20:2404
46.246.84.2:9090
46.246.86.10:2404
46.246.86.14:2404
5.230.77.102:2404
5.34.178.79:8081
5.34.178.79:8090
51.161.105.244:2404
61.216.37.4:2404
62.133.61.45:36745
66.63.162.79:2404
66.63.187.246:2404
69.166.8.242:2404
79.116.68.10:2404
80.66.75.248:2404
80.66.76.99:2404
84.38.132.104:1985
85.17.107.2:2404
85.209.133.15:2404
87.120.113.37:2404
87.120.117.212:7717
87.120.117.214:7717
87.120.117.216:7717
87.120.120.25:2404
87.120.125.229:64809
87.247.158.106:443
92.118.112.116:2404
92.255.85.63:5001
92.255.85.63:5002
93.123.109.191:2404
93.123.39.134:8080
94.156.177.164:2404
94.156.177.165:2404

# Reference: https://x.com/malwrhunterteam/status/1856381774974070902
# Reference: https://www.virustotal.com/gui/file/1b123c13eda6b37cc70953fe64ab10dbcb86cb595ddd15dc6f40d47d5c0ef977/detection

95.217.148.142:9004

# Reference: https://www.virustotal.com/gui/file/29db2e73129c1daeb6248f06e8ff6ef9db2b01811309b6849d430aada0384de1/detection

95.217.148.142:9001

# Reference: https://x.com/smica83/status/1856711774738755857
# Reference: https://www.virustotal.com/gui/file/ab8ff14d6b99ce52bbe765329e94b5db046e4d3099dd2ac5bc54fbdb008545fe/detection

103.54.153.76:56001

# Reference: https://x.com/JAMESWT_MHT/status/1858838783019327856
# Reference: https://www.virustotal.com/gui/file/048e6aff03b371ab067540869adbc37bf5b6c8602b75e070e8b821a7a21dda6a/detection
# Reference: https://www.virustotal.com/gui/file/430db6f1574a9598f4973b4ed81a9e9e40e709ef57a2fa51ab060a1ffb8c73e4/detection

162.251.122.76:45677
162.251.122.76:7119
windowsssforjunee.duckdns.org

# Reference: https://x.com/Tac_Mangusta/status/1858847664261014012
# Reference: https://www.virustotal.com/gui/file/1ae064f3e47d3d9297e2f0e06cb195daa68728196cc31bfc9f903f5ccc18d35a/detection

204.10.160.239:9682

# Reference: https://www.virustotal.com/gui/file/437c785b2093ffb955f17d63758cfb10e741509415cc55de8050e2d918716a4a/detection

181.141.40.225:3020
181.141.40.225:30201
contath.org
oportunidad-escolombiasegura.cfd

# Reference: https://www.virustotal.com/gui/file/27923e50fe28857b1e9c3bf7db4a98561b9c69070568b4256953a815cdb32974/detection

181.141.40.225:3018
alissoon.org
camino9938.strangled.net

# Reference: https://www.virustotal.com/gui/file/25336d94b24bb72f6cea4f73d016781c8fc6d097d6534dbe8a143524a5b3c450/detection

199.59.150.13:3018
concilio399.strangled.net

# Reference: https://www.virustotal.com/gui/file/70fde5e9ea72ec208951adecf91801b752d72390a87d7defb288d67553a446a1/detection
# Reference: https://www.virustotal.com/gui/file/62383fe5c03e976381c5ff835275dcb9393159df5bd3bd8485433e88b76c5955/detection
# Reference: https://www.virustotal.com/gui/file/41e5a96e353fe110e8f899e7e468ceaa3640c706f3eadf8c8a4dc1823ab97d7b/detection

45.135.232.38:57870
rfwr.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fa8cb99dc0792ec95c60536acf6777a00be94081030540ac78c00c6097adb02b/detection

http://181.141.41.63
sostener2024dns.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1861495812712182035
# Reference: https://www.virustotal.com/gui/file/7fedcec3a38dec8650ae2f64271b19c01372881ce83f1fe4597f85b26c4a0732/detection
# Reference: https://www.virustotal.com/gui/file/00e5e4c53c99d62c722b309b6e394e3c53d47a23406730433b4aaf928e06512d/detection

147.79.115.147:3949
185.42.12.39:2404
193.201.9.187:2049
65.108.68.57:2404
cloudprotection.zip
windowsappbazaar.com

# Reference: https://x.com/malwrhunterteam/status/1862776034568868124
# Reference: https://x.com/c_APT_ure/status/1862952740764123615
# Reference: https://x.com/JAMESWT_MHT/status/1862956066994049163
# Reference: https://app.any.run/tasks/31706fe9-02b9-4c3d-839c-891592401b6a
# Reference: https://www.virustotal.com/gui/file/c848ae66e0dd24d5620ef756a9a1efec4996fd488da1e00eb9695cfe6d45b254/detection
# Reference: https://www.virustotal.com/gui/file/93674e207f913c1e8fa39a6e75807c6865c73feee39e38e7a9747003c8bd22b1/detection
# Reference: https://www.virustotal.com/gui/file/e0ee945c690f55a1ae5b9bf3c8376fb8076962b47e5835a65df05d2c67cc84ac/detection

212.28.178.113:2404
87.120.127.42:8250
freshmeetre1ms.freeddns.org
freshmysweeterbk.ddns.net
here-industry-wind-greece.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/2d86b510d8ea917226a2f42c10b5ecce4a7e636a5461b3414acb020f7da5b950/detection

31.220.90.137:2404

# Reference: https://x.com/1ZRR4H/status/1864486678129258641
# Reference: https://www.virustotal.com/gui/file/a1bc0999e0a70970615710f53f353e85ff94367e832c45cfca4e8716f7c1cb5b/detection
# Reference: https://www.virustotal.com/gui/file/e21ba230ca353ac49e1e7f7ce9270fd07a436b07aa6be43213c79f30f84f3e7e/detection
# Reference: https://www.virustotal.com/gui/file/f587b07402eeffdface43b9298302e339f5e58c5c548bd43bb8523356229a5a6/detection
# Reference: https://www.virustotal.com/gui/file/43662e68046f7ba9f58863a4f68170c4752e8da64e76324fb25fbabb193bb361/detection
# Reference: https://www.virustotal.com/gui/file/08515f93546b01dc779a90e19eee6e73b53012f2cc4e5f1d3d975982f76ee916/detection

181.131.217.244:1831
181.131.217.244:30201
181.131.217.244:30203
haramb.net
probandonuevodomicolombia.cfd
ardilla00239.ydns.eu
formationslistcomplet2.sexidude.com

# Reference: https://www.virustotal.com/gui/file/3dee4573911345d6b845257b391a90861bb3c345e2f5b445cdd5edbffb58b75a/detection

172.111.215.196:4047
martinsplexis.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c3dcf0bb8f1a9506ec058c0b70f3335e02d3e9d83a5e3af370b917c097f191b6/detection

rxsas.duckdns.org

# Reference: https://x.com/StrikeReadyLabs/status/1866824377905316054
# Reference: https://www.virustotal.com/gui/file/e9079fcb427a71278a419eb7e4535c7cd7e2be9ebb79aee8da965b5d19adedb0/detection
# Reference: https://www.virustotal.com/gui/file/6a050c9c875f5748908ab6c4ced355dd530137e98f3b28f06807c454c52a6dbe/detection

104.243.246.120:2030

# Reference: https://x.com/suyog41/status/1868533484614201654
# Reference: https://www.virustotal.com/gui/file/c17639a76e698b9220fcd7782773044fe3442ccd4fa03b37c6596c81a71b8212/detection
# Reference: https://www.virustotal.com/gui/file/e135a0545f9ac6821d13a35621ce770d8aca60c02e3bd526f9ee3ae86ed48ce4/detection

62.60.154.142:4610
adamswandi.duckdns.org
hafiznor3374.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1869429578080686123
# Reference: https://www.virustotal.com/gui/ip-address/181.131.217.244/relations
# Reference: https://www.virustotal.com/gui/file/5b6d068cbb2da32893692965eaf1f899c101342516e7a573d3dd8dc288b6e67b/detection
# Reference: https://www.virustotal.com/gui/file/28773fb2aff96e836707d9ffd5e8aa706d0ce54c956fbee42b9dd9b150e997e8/detection
# Reference: https://www.virustotal.com/gui/file/e171fc7b8f0e86a7b1370400eb1042d3493da91b17b3541311db79eac3a1702d/detection
# Reference: https://www.virustotal.com/gui/file/f736a78fbd7503cf34da64f0a1df4f36a9419d387bca32ab4c641864437d2a5b/detection

http://62.60.226.24
navegacionseguracol24vip.org
15nov.con-ip.com
3diciembre.con-ip.com
comercio0025.dns.army
newstaticfreepoint24.ddns-ip.net

# Reference: https://x.com/banthisguy9349/status/1873306226291003660

casino.ddnss.de
cee.work.gd
mikoniko.zapto.org
mikonikoa.zapto.org
mikonikob.zapto.org
mikonikoc.zapto.org
mikonikod.zapto.org
mikonikoe.zapto.org
mikonikof.zapto.org
mikonikog.zapto.org
mikonikoh.zapto.org
mikonikoi.zapto.org
mikonikoj.zapto.org
mikonikok.zapto.org
mikonikol.zapto.org
mikonikom.zapto.org
mikonikon.zapto.org
mikonikoo.zapto.org
mikonikop.zapto.org
mikonikoq.zapto.org
mikonikor.zapto.org
mikonikos.zapto.org
pentester03.gleeze.com
rmcnewprojectadd.duckdns.org
salma12.myftp.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://212.34.131.71
http://89.110.87.72
100.42.189.136:18711
101.99.75.173:22
103.186.117.159:29263
103.237.86.135:2404
103.35.190.90:2404
103.67.162.242:2404
103.67.163.159:2404
103.73.160.249:2404
104.194.133.247:2404
104.194.134.203:2404
104.243.254.103:2404
104.250.169.100:2404
104.250.169.102:2404
104.250.169.104:2404
104.250.169.99:2404
107.175.31.172:2404
109.199.97.232:2404
109.248.151.221:2195
109.248.151.222:2404
111.90.147.138:2404
111.90.147.138:8080
135.148.195.248:6847
142.11.201.38:8099
142.202.240.82:2404
147.124.212.145:2404
147.45.178.189:32491
149.56.240.44:2410
154.127.53.241:7276
154.127.53.89:2404
154.216.16.182:9090
154.216.17.190:2404
154.216.19.20:7070
154.216.20.209:2404
154.216.20.81:2404
154.3.39.18:3306
157.230.51.65:2404
158.220.124.189:46167
158.247.220.99:4040
160.25.73.25:6426
162.251.122.86:6644
162.251.122.87:2404
163.5.112.11:2404
163.5.112.84:2404
163.5.32.81:2404
167.114.160.126:2404
167.94.81.157:3119
170.205.31.90:3333
171.243.40.189:2404
172.111.139.107:2404
172.111.139.141:2404
172.111.139.143:2404
172.111.186.144:1234
172.111.244.104:2889
172.111.244.113:2889
172.111.244.98:2889
172.233.75.144:25723
172.245.244.69:2404
172.86.64.38:5000
172.93.218.118:2404
172.94.127.3:7035
172.94.127.4:6042
172.94.127.4:7035
172.94.89.135:18711
173.211.106.233:2404
176.10.80.43:2404
176.96.137.165:2404
178.73.192.9:2404
178.73.218.6:2404
179.43.171.197:3390
181.131.216.206:2404
181.236.124.54:2404
181.71.139.200:2404
185.107.44.13:5837
185.147.124.113:443
185.149.146.255:4501
185.149.234.209:2700
185.149.234.209:27000
185.149.234.209:28000
185.149.234.209:29000
185.157.162.103:1990
185.157.162.103:1995
185.157.162.103:447
185.157.162.126:1990
185.157.162.126:1995
185.157.162.126:447
185.174.103.111:2404
185.196.10.242:2105
185.196.10.242:9774
185.196.10.27:2404
185.196.8.98:9774
185.203.217.21:8888
185.208.158.161:2404
185.241.208.87:2404
185.25.205.221:2404
185.49.126.69:2404
186.169.45.11:2404
186.169.74.236:8888
188.126.90.10:2404
190.102.41.206:2404
191.91.176.72:2404
191.96.207.172:2404
192.119.110.114:2404
192.129.178.58:5120
192.129.178.58:5122
192.129.178.59:5120
192.129.178.59:5122
192.129.178.60:5120
192.129.178.60:5122
192.129.178.61:5120
192.129.178.61:5122
192.129.178.62:5120
192.129.178.62:5122
192.210.150.17:56887
192.210.255.174:8580
192.3.101.149:6946
192.3.101.9:2404
192.3.146.145:1243
192.3.146.145:465
192.3.176.134:7062
192.3.216.141:8769
193.227.129.84:2440
194.163.146.146:2404
194.26.192.55:3022
194.59.30.53:60782
194.59.31.37:3488
194.59.31.44:4190
194.59.31.84:3488
198.244.238.111:2404
198.244.238.84:8888
198.244.238.84:8889
198.46.178.148:2024
2.58.56.217:2404
2.59.163.86:40102
2.59.163.86:40104
204.10.194.175:4444
206.189.218.238:4782
206.72.197.102:30486
208.115.220.58:2404
212.162.149.91:2404
212.192.14.53:2404
212.28.184.189:2404
216.9.226.100:3898
217.12.201.39:26076
23.160.168.166:2404
23.226.132.41:2404
23.94.148.26:2404
24.152.38.77:2404
31.13.224.230:16465
38.146.219.230:2700
41.216.183.190:2404
41.216.183.218:56792
41.216.183.238:7112
43.226.229.235:8201
44.201.134.44:2404
45.138.157.46:8888
45.138.48.25:2404
45.202.35.247:2404
45.82.84.41:3389
45.82.84.41:8080
45.88.186.186:25
46.246.14.17:2404
46.246.14.2:2404
46.246.14.8:2404
46.246.4.15:2404
46.246.4.5:2404
46.246.6.12:2404
46.246.80.18:2404
46.246.80.26:2404
46.246.80.26:8884
46.246.80.3:9090
46.246.80.6:2404
46.246.82.15:2404
46.246.82.22:2404
46.246.82.5:2404
46.246.84.7:2404
46.250.230.39:2404
5.180.24.231:2404
5.34.178.128:789
51.195.71.14:2404
54.39.233.87:2404
62.60.244.124:8082
65.21.8.16:2404
69.61.31.229:2404
69.61.31.248:2404
69.61.74.24:2404
77.91.70.254:2404
78.142.18.109:2401
79.110.49.78:3307
8.209.221.211:21854
8.209.221.211:25314
8.209.221.211:82
80.76.51.19:2404
80.76.51.246:6796
81.161.238.174:46098
83.136.208.202:4057
84.38.135.229:49233
85.17.23.162:2404
85.209.11.113:321
85.209.11.113:5002
87.120.112.79:2404
87.120.114.20:53279
87.120.117.233:2404
87.120.120.25:5940
87.120.120.51:2404
87.120.120.55:49012
87.120.125.138:2404
87.120.125.229:53215
87.120.84.23:2404
87.120.84.56:2404
87.121.86.223:2404
87.121.86.48:46098
88.119.171.114:2404
88.119.171.114:8090
89.117.23.22:57550
89.149.197.170:2404
89.187.25.219:8080
89.207.131.21:7787
91.192.100.36:8090
91.202.233.4:2404
91.235.142.2:443
91.235.142.2:8080
91.92.137.232:8090
92.255.85.63:5003
93.123.109.154:6881
93.123.39.134:9090
93.123.39.68:44122
94.154.37.200:8080
94.156.167.37:2404
94.156.227.184:2404
95.217.148.142:9007
95.217.150.99:8006
96.47.234.140:2404

# Reference: https://x.com/skocherhan/status/1875803060389474697

212.85.70.235:10443
212.85.70.235:443

# Reference: https://x.com/marsomx_/status/1875859954206494985
# Reference: https://tria.ge/250105-cf4r7azlaj/behavioral2
# Reference: https://app.validin.com/detail?type=ip&find=193.26.115.39#tab=resolutions

193.26.115.39:7009
candwfarmsllc.com
myguyapp.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-05)

http://101.99.75.173
http://101.99.94.64
101.99.75.173:3306
101.99.75.173:5432
101.99.94.64:2404
101.99.94.64:8080
103.67.163.105:3435
107.173.143.31:2404
163.5.160.233:2404
172.111.250.17:2023
193.142.146.42:2404
195.66.214.7:8080
45.82.84.41:2404
46.246.14.7:2404
52.204.27.109:2404
8.209.221.211:45314
83.136.208.202:4054
91.235.143.28:8080

# Reference: https://www.virustotal.com/gui/file/c64be040beacfa41be4b8280b4b02a7cfd5d4d81a75bc94e81d0848b7baa2f4f/detection

179.15.136.6:1997
municipioalcidiadechicamocha.ddnsgeek.com

# Reference: https://x.com/malwrhunterteam/status/1880198305541738552
# Reference: https://www.virustotal.com/gui/file/5433726d3912a95552d16b72366eae777f5f34587e1bdaa0c518c5fcbc3d8506/detection
# Reference: https://www.virustotal.com/gui/file/6f35551adda5f7d30ed491d7b3e8f3e2f401a03381a55ce1b5970eabc04bcafb/detection
# Reference: https://www.virustotal.com/gui/file/f9c6e2f4c1be741b973d13b711fe68c71a2245c9908d0345724805f5eff1e2e7/detection

177.255.85.101:30201
177.255.85.101:30202
177.255.85.101:35950
comina998.ddns-ip.net
republicadominica2025.ip-ddns.com

# Reference: https://x.com/skocherhan/status/1883703928388538869
# Reference: https://x.com/SquiblydooBlog/status/1883831911757545623
# Reference: https://www.virustotal.com/gui/ip-address/185.193.126.8/relations
# Reference: https://app.validin.com/detail?find=Cloudflare%20Turnstile&type=raw&ref_id=5e473024868#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/72b53da3b8596ea64041a541fcb4fca3b5b10b1ff16adb0f2bf115ed796d7549/detection

californiadeliverynet.com
deliverycloudnetwork.com
dezertdreamz.com
merenjewelstore.com
nevadanetsolutions.com
nyclouddelivery.com
smartcloudnetwork.com
texascdnservices.com
texascloudnetwork.com

# Reference: https://x.com/SquiblydooBlog/status/1883831911757545623
# Reference: https://www.virustotal.com/gui/file/23717fb20568898c76e833cc105ff3126aafa246c063c0eac32e88f6d2d457c7/detection
# Reference: https://www.virustotal.com/gui/file/4afb456bb3983c01aee5136f35b7c2ee462730ca277e533ae3a323f6bd91a4e3/detection
# Reference: https://www.virustotal.com/gui/file/e197ceb80e3ef185b35ed96577baea6b3f01d4a66375434be1211111af80d3d6/detection
# Reference: https://www.virustotal.com/gui/file/9138b3a2d4a2738aeee8fdcbf6d62cca2f0e932961a42535b857d086199abeae/detection

http://80.78.28.225
185.42.12.75:2406
185.42.12.75:2410
185.42.12.75:2425
65.108.36.97:5262
cloudhostcdn.net
/site/static/ebalka.php

# Reference: https://x.com/JAMESWT_MHT/status/1884932953974702298
# Reference: https://tria.ge/250130-kbvbysxqan/behavioral2

192.169.69.26:14646
dateforme.duckdns.org
newbigupdateforme.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1a8c4a357230c2b388cb9cc9171ab0bcc37a194fdf99e69e6a42d8e1a3d2652b/detection

192.3.232.40:14645
millionairedreams2025.duckdns.org

# Reference: https://www.virustotal.com/gui/file/34301e0488067473626447c25248b1314b515968555deb1331dabb2cd484da8e/detection

rem.pioneerprinters.us

# Reference: https://www.virustotal.com/gui/file/c736ab44a5855464b1ab0fe09d2bcfe2bf09a941b25008e90c79f5250d4ac2cf/detection
# Reference: https://www.virustotal.com/gui/file/b59288726f13a2e4e00977cb8b8c5327028626807dc6c822b27883f027c82080/detection
# Reference: https://www.virustotal.com/gui/file/820b7a3d354a39b35f02c92f02dd331e04256ddd4d713475abcaab40da52d748/detection
# Reference: https://www.virustotal.com/gui/file/432830317267f66a042f8eabcf70c0b93822f96479471aa2d191db2dbd24ce92/detection

http://185.29.10.30
172.245.208.17:14645
creatednewauthorstarting.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1887254172300681578
# Reference: https://www.virustotal.com/gui/file/9694363be3d6b7a016d60a196098a0143f007f365726d92eba046bde95903e08/detection

185.195.64.115:2404
blockchainsdev.net
papersmoneygang.store

# Reference: https://x.com/JAMESWT_MHT/status/1888134786507563303

upchemicals.co.in/test/cgi-bin/

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos (# 2025-02-09)

101.99.94.64:465
101.99.94.64:50000
103.144.139.171:8080
103.186.117.182:5577
103.186.117.39:9373
103.186.117.61:9373
103.187.117.76:5584
103.251.166.169:2404
104.161.16.227:2404
104.250.175.226:10403
107.172.148.221:465
107.173.4.16:2456
107.174.65.146:1194
113.45.150.97:2404
138.68.81.155:4200
140.228.29.53:2404
141.95.114.240:2404
144.172.96.82:2404
144.172.98.53:2404
147.124.212.133:2404
147.124.215.24:2404
150.202.2.103:443
152.204.249.244:8888
154.127.53.249:27000
154.216.16.101:2404
154.216.16.165:2758
154.216.16.38:2404
154.216.16.40:2404
154.216.16.54:6092
154.216.17.204:2404
154.216.18.132:6767
154.216.18.132:6868
154.216.18.171:5584
154.216.18.232:5050
154.216.18.62:2404
154.216.19.141:2531
154.216.19.197:2404
154.216.20.185:3142
154.39.150.170:8080
161.35.219.59:1377
161.35.219.59:7475
161.35.56.10:2404
162.251.123.206:2404
163.5.112.59:2404
163.5.169.248:2404
163.5.32.49:2404
172.111.131.108:19760
172.111.139.179:2405
172.111.139.188:2404
172.111.139.222:2404
172.111.192.106:4688
172.111.216.72:2404
172.111.216.73:2404
172.111.216.77:2404
172.111.244.103:2889
172.111.244.104:2879
172.111.244.105:2889
172.111.244.113:2879
172.111.250.17:2401
172.111.250.17:2403
172.245.123.12:8690
172.245.208.17:1070
172.94.127.4:3727
172.94.127.4:5290
172.94.9.167:2404
172.94.9.168:1962
172.94.9.168:2404
172.94.9.171:1962
176.10.80.43:3050
176.65.134.7:443
176.65.137.89:2404
176.65.139.101:2404
176.65.139.53:2404
176.65.139.69:333
176.65.139.69:8090
176.65.139.69:9090
176.65.139.79:1962
176.65.144.121:5689
176.97.117.181:2404
176.97.117.181:8080
177.106.216.153:2404
178.73.192.16:2404
178.73.192.6:2404
178.73.218.5:2404
179.13.3.202:8085
179.15.136.6:2404
179.43.171.197:3392
181.130.8.144:2404
181.131.217.244:1842
181.131.217.244:3021
181.235.145.203:2404
181.235.145.203:8888
181.236.124.54:3000
181.71.216.203:3020
185.130.249.27:6161
185.156.175.43:2758
185.156.73.22:65435
185.157.162.103:1777
185.157.162.103:1994
185.157.162.103:779
185.157.162.126:1994
185.157.162.126:779
185.174.101.126:2404
185.174.101.126:2405
185.196.10.242:2408
185.196.10.242:5552
185.196.10.96:2404
185.196.11.39:2404
185.196.11.96:2404
185.196.8.98:7920
185.196.9.248:3912
185.199.224.91:2404
185.208.158.201:2404
185.208.158.201:3610
185.208.158.2:2404
185.217.1.142:3337
185.234.72.215:2404
185.234.72.215:4444
185.241.208.44:2404
185.29.10.213:63650
185.39.207.11:35550
185.42.12.75:2405
185.7.214.250:2426
186.169.34.70:8888
186.169.45.11:8888
186.169.57.33:2404
186.169.72.217:2404
188.126.90.11:2404
188.245.209.124:2404
190.102.40.205:2404
190.6.65.2:25158
191.101.51.117:10050
191.101.51.117:10051
191.101.51.117:11371
191.101.51.117:24554
191.101.51.117:2700
192.129.178.58:5123
192.129.178.59:5123
192.129.178.60:5123
192.129.178.61:5123
192.129.178.62:5123
192.169.69.26:1070
192.169.69.26:5023
192.210.150.26:3678
192.3.101.137:8780
192.3.101.149:8764
192.3.146.145:14645
192.3.146.173:1243
192.3.146.173:14645
192.3.146.173:443
192.3.146.173:465
192.3.243.136:6878
193.143.1.71:443
194.11.246.6:2404
194.163.151.98:2404
194.180.48.18:45265
194.59.30.113:443
194.59.31.139:46530
194.59.31.33:3191
194.59.31.40:3487
195.133.78.18:7346
195.177.94.177:443
195.177.95.155:2404
195.177.95.222:2404
195.177.95.56:2404
195.177.95.89:2404
198.244.238.84:2404
198.244.238.84:8884
198.46.178.132:8690
198.46.178.152:2025
2.58.56.182:2404
2.58.56.250:2404
2.59.163.86:40103
205.234.144.159:2404
206.123.152.102:2026
206.189.218.238:2286
206.189.218.238:3386
207.32.218.117:2404
208.64.33.64:9422
208.64.33.69:6720
208.64.33.76:25
208.64.33.76:8080
212.32.249.39:8443
212.34.147.3:8080
213.136.81.72:8888
213.142.159.30:2404
213.152.187.200:32491
213.152.187.241:12776
213.159.66.34:2404
213.159.66.34:2405
216.128.146.203:2404
216.219.80.142:7070
216.9.226.138:16465
217.12.201.39:23501
23.140.8.132:22022
23.148.144.245:2404
23.148.144.62:2025
23.148.144.62:2404
23.94.36.151:2404
31.13.224.237:2404
31.13.224.72:3421
31.42.184.188:2404
31.57.166.32:2404
37.120.151.102:2404
38.180.161.73:2404
45.133.158.36:10050
45.133.158.36:10051
45.133.158.36:11371
45.133.158.36:24554
45.138.48.25:3333
45.145.42.103:2404
45.149.241.204:435
45.156.85.63:443
45.200.148.89:2404
45.200.51.19:2404
45.200.51.19:8080
45.200.51.22:2404
45.200.51.22:8080
45.200.51.8:2404
45.200.51.8:8080
45.32.129.178:2404
45.32.153.255:2017
45.88.186.186:2404
45.88.186.59:2404
45.88.91.118:2404
45.88.91.207:2404
45.89.48.7:2404
46.175.167.116:444
46.246.6.13:2404
46.246.82.9:2404
49.13.68.31:443
5.181.159.153:1151
5.252.153.10:4447
5.252.153.86:4777
5.252.153.90:2404
5.252.153.99:2404
5.34.178.128:8081
5.34.178.128:8090
5.34.178.144:2404
5.34.178.169:5469
5.34.178.33:5469
5.45.76.64:1463
5.45.76.64:1464
5.45.79.50:28086
5.78.128.99:2405
5.78.46.203:2404
52.9.229.248:2404
62.60.226.42:43155
62.60.226.6:43155
64.112.84.184:2404
64.237.240.11:1800
64.95.10.69:2404
64.95.10.69:5000
66.248.206.163:2404
66.248.206.173:2404
66.55.74.120:1000
66.55.74.235:1000
67.211.208.114:7070
69.174.100.12:2404
69.30.247.252:2404
77.91.70.254:24046
79.110.49.232:2404
79.110.49.250:4190
79.110.49.32:2404
80.76.49.186:2404
80.76.49.186:8090
80.76.51.190:16465
81.161.238.107:2404
82.147.85.102:2405
82.147.88.203:2405
84.38.133.30:18682
85.209.133.15:3310
85.31.47.54:2404
87.120.112.98:2404
87.120.112.98:8090
87.120.113.211:2404
87.120.114.13:21035
87.120.114.25:21035
87.120.114.31:21035
87.120.115.189:2404
87.120.116.187:56
87.120.116.245:2400
87.120.116.245:2404
87.120.126.58:6961
87.120.127.120:2404
87.121.86.203:5977
87.121.86.6:2404
88.119.171.163:8090
88.119.171.163:9090
89.187.25.219:443
91.223.3.146:2404
94.156.105.55:2345
94.156.166.46:2404
94.156.167.190:2404
95.110.224.149:2404
95.214.234.153:443
95.214.234.153:8080
95.217.148.142:9002
95.217.148.142:9003
95.217.148.142:9005
95.217.148.142:9006
007lora.varpourtec.com
02xose.duckdns.org
210482145303.duckdns.org
2nptlfm.duckdns.org
38w98z.duckdns.org
3vrsuf4xn.duckdns.org
3woaas54q.duckdns.org
4odxd5nr.duckdns.org
5nd42h78s.duckdns.org
5y0erk3.duckdns.org
65u6fi.duckdns.org
6nsyrg3.duckdns.org
99emperor.duckdns.org
9scrp622a.duckdns.org
a2dkrq4.duckdns.org
a5yxakrja.duckdns.org
abeangana.duckdns.org
abokirem.duckdns.org
acttwindows.duckdns.org
ad6roh0.duckdns.org
administratief-controle.duckdns.org
adobeexplorer.com
agamwizard.duckdns.org
agriconnexenlign.duckdns.org
aio-oc.net
alemania2020.duckdns.org
alexferton.duckdns.org
ambaqnjgkk.duckdns.org
amzonx8y40nopppgx.duckdns.org
annulation-mabanquebnp.com
anonbaba.net
apleegodfivem.ddns.net
arb22.duckdns.org
archerleet.duckdns.org
areabill.duckdns.org
asyys.duckdns.org
at-port.net
authecfiosnfrsg.duckdns.org
authmgv.info
axaxdad.ydns.eu
az5iklo5x.duckdns.org
b58mg4zo.duckdns.org
bayerntours.zip
bienvenidoperezlora.kozow.com
bilkosmpis.fi
blees7.duckdns.org
boot1.zapto.org
borc.gleeze.com
bparibas-oppositions.com
brideeded.duckdns.org
btj6xzc.duckdns.org
bxjljczavv.duckdns.org
bznabyzfts.duckdns.org
c8ekknj5h.duckdns.org
caissdpagneregionsafr.duckdns.org
carmenduranlora09.ddnsgeek.com
ccaqmjeabn.duckdns.org
cetemauthecionregonfr.duckdns.org
cetlm.duckdns.org
chasemysite.duckdns.org
cinasa.duckdns.org
ck81trfk.duckdns.org
claimgratisfreefire1.duckdns.org
comisaria11.duckdns.org
controle-pagina.duckdns.org
crtcrot.duckdns.org
customservicmsazon.duckdns.org
cwrdpcaaiq.duckdns.org
cxc3w0hp0.duckdns.org
dckazts.duckdns.org
decmainserver.webredirect.org
dedicated-zap1145577-1.zap-srv.com
detuthi.duckdns.org
diegoserranova7208i23v32uy82u.duckdns.org
dzsrso.duckdns.org
entrarviaverde.com
entry-certainly.gl.at.ply.gg
enviameplata.kozow.com
eysmytoiey.duckdns.org
ffkk212.duckdns.org
francesdomingueslora09.gleeze.com
frchu3r.duckdns.org
freelucydspinbn.duckdns.org
gamdaan.duckdns.org
gf9e8eb.duckdns.org
goody.work.gd
googlerecaptchatestsite.duckdns.org
gosp.duckdns.org
gotoolinks.org
gray-horse-56758.zap.cloud
gvwsieawhk.duckdns.org
hackersez97.duckdns.org
haleleeh8iuoty1.duckdns.org
haleleeh8iuoty2.duckdns.org
haleleeh8iuoty3.duckdns.org
haleleeh8iuoty4.duckdns.org
hdfctop.duckdns.org
hg575438h-0.duckdns.org
hhzb57ims.duckdns.org
http://103.144.139.171
http://172.111.252.249
http://212.34.147.3
hugobross.duckdns.org
hzqgfqrswm.duckdns.org
iamblessed.duckdns.org
ibivgggb.ddns.net
icplxgssyx.duckdns.org
idbzwjfbaw.duckdns.org
indiana317.com
indianaroadassist.com
indletrfouclouts.duckdns.org
interacdeposittransfer10001.com
inyjafjvta.duckdns.org
ipfaxuqmod.duckdns.org
jandupdate873.webredirect.org
janout21oadstse1.duckdns.org
janout21oadstse2.duckdns.org
janout21oadstse3.duckdns.org
janout21oadstse4.duckdns.org
jax4v0n.duckdns.org
jinvestments.duckdns.org
jorgeperezpu145.con-ip.com
juanosorio.loseyourip.com
juansira.mywire.org
jvjswtvany.duckdns.org
jwdtcx3kfb.duckdns.org
kbbvvla.duckdns.org
kdjdajdijijff.com
kela-vahvistaa.net
keramiccircle.net
kobo2025rmc.duckdns.org
kposlifestyle.design
krakencryptotrades.duckdns.org
krakenrecoveries.freemyip.com
krissbui.duckdns.org
kunbrhtjrtj1.duckdns.org
kvxnvbdvv.com
kxjkddzway.duckdns.org
laughing-mendeleev.45-156-85-63.plesk.page
lawky.duckdns.org
ledger-manage.com
ledgerdiagnostics.com
leehoi02.ddns.net
linkgrubnaya1.duckdns.org
lkhdsolgii.duckdns.org
luiscaseres.gleeze.com
lwvn6qu.duckdns.org
mandope483.duckdns.org
manifest0000000backup.duckdns.org
manifestbackup.freemyip.com
marcelodosantoslora09.loseyourip.com
masterb12.risunn.com
meatniggabella.duckdns.org
meme.linkpc.net
meme7.work.gd
memoki.gleeze.com
microsoft.bnctechnology.space
moneybanks.mysynology.net
moneyluck.duckdns.org
moneyluckwork.ddns.net
mtt9kw1mj.duckdns.org
n8a88e.duckdns.org
newtimeforrmsupdates.duckdns.org
nextnewupdationsforu.duckdns.org
nfcuaccounthelp.net
nicekboupdatedgood.duckdns.org
nmqhczyvvz.duckdns.org
noreplyaccount-supportalert.duckdns.org
novermber12.duckdns.org
novermber12.freeddns.org
ns1-2587.msftdns.net
nuevo12.duckdns.org
nunubv1.fratellillottini.com
nurnjjdsqs.duckdns.org
nzvqlhdxon.duckdns.org
o0yyzd2pq.duckdns.org
offlinetimedns.duckdns.org
ohioubereatsaccountsalert.duckdns.org
online-veiligdoorverbinden.com
onlygod6754.duckdns.org
opengatesfavour.duckdns.org
oyo.work.gd
p2fverifynow.com
packto.duckdns.org
packtobk.duckdns.org
pageclient-userdesk0061.duckdns.org
pdbynkgdkj.duckdns.org
pg8mt1m1.duckdns.org
pitchbookfinance.co
porakilo.duckdns.org
porfavor.duckdns.org
portaal-belastingdienst.info
proudquitter.com
pst-billion.gl.at.ply.gg
q4w9xskk.duckdns.org
qkqz6um.duckdns.org
r0z4hf.duckdns.org
realtimeinc.duckdns.org
recovery-accountamzonsecure-updateinfo.duckdns.org
recoverytrades.duckdns.org
redrr.duckdns.org
rem.oceanchemexport.co
remcosnov24.duckdns.org
renajazinw.duckdns.org
rj0987654321.duckdns.org
rm.anonbaba.net
rogers-authentication.com
ronymahmoud.duckdns.org
rosks.duckdns.org
rras.duckdns.org
secure002.com
secureasignver.duckdns.org
secureweblogin003.duckdns.org
semsy-oda.duckdns.org
shaizzen01.duckdns.org
showviteadobe.com
shpylink.com
sincar212.duckdns.org
siste-nytt.com
skatteverket.info
skatteverkett.com
smbitsolutions.xyz
soppa.duckdns.org
sostenerstatup12.duckdns.org
ssldns00000000000.duckdns.org
sullyapexjobs.duckdns.org
sungito333.ddns.net
superlane.duckdns.org
support09verify.duckdns.org
sweetnessofbestthingsgivenbest.duckdns.org
teewire.ydns.eu
testeold.duckdns.org
tijdstempelsync.duckdns.org
timestats455.duckdns.org
tqpmkgcqqq.duckdns.org
tqxd97t.duckdns.org
treeofwealth.freemyip.com
treeofwealthyz.freemyip.com
tricodersvault.duckdns.org
tricodersvaulting.duckdns.org
tricodersvaultz.freemyip.com
tsnlkigwvc.duckdns.org
tsroczvqvu.duckdns.org
u9iykt.duckdns.org
uawsncxsxu.duckdns.org
uaxkfcwqsx.duckdns.org
ucuspmkiag.duckdns.org
udspkidxmc.duckdns.org
ufljfbokji.duckdns.org
ugwrnkidgi.duckdns.org
uhebplgbdb.duckdns.org
uigeaqnidu.duckdns.org
uigvrnjehy.duckdns.org
uiq4ldas.duckdns.org
updated212.duckdns.org
updxuqjedy.duckdns.org
uptimebot.kozow.com
userdesk-serv009.duckdns.org
usysplifjh.duckdns.org
utspjfbpso.duckdns.org
vdbxsoavgd.duckdns.org
veri1y-secured-update.duckdns.org
verify-account-bankingcenters.duckdns.org
verifynavycu.com
vgdrmjeyas.duckdns.org
viperoleplay.net
vjawrnjfcz.duckdns.org
vmgczwrnrr.duckdns.org
voecuyt.duckdns.org
vps-zap984637-1.zap-srv.com
vqnkytpkgi.duckdns.org
vtmkjfbxnh.duckdns.org
wavirallnertt99.duckdns.org
weebyvshki.duckdns.org
welcomeabundance01.duckdns.org
welcomeabundancenow.duckdns.org
wgcxsnicqm.duckdns.org
wgdythbweu.duckdns.org
whbxshbwbo.duckdns.org
windowjayjay.duckdns.org
windowsammorris.duckdns.org
windowsupdateserveraug.duckdns.org
wivmigbyif.duckdns.org
wj5ztqo.duckdns.org
wondertopafri.duckdns.org
wwuolifsqz.duckdns.org
x6u4stfk5.duckdns.org
xeudinqnuh.duckdns.org
xljfcynjpm.duckdns.org
xweb.ddns.net
yabobo.duckdns.org
yayabeloo.duckdns.org
ymroz990.duckdns.org
z4l9btl.duckdns.org
zharkiwork.duckdns.org
zk-drop.com
zone.leteletelelele.com
zpovxh.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/179.13.3.202/relations
# Reference: https://www.virustotal.com/gui/file/9f07f8740f0983720ae82c9f14c308017cd36bd51a490899b4b2362d78601a07/detection

anzytarrrrtt.duckdns.org
ffyyyttrrtttr.duckdns.org
misterdc.duckdns.org
netwin66wow.duckdns.org
remcosssss.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1891430471562657940
# Reference: https://www.virustotal.com/gui/file/af2d72fc2c8e4b4a6b7be2d7b5806d37ffc13b27d2a210ffffcc8c963862e184/detection
# Reference: https://www.virustotal.com/gui/file/cc4ccb3d451d2339ffc3c1ffbfd955e40d4903c2c6e82661ea0ec9c693272abb/detection

http://41.216.188.218
41.216.188.218:2606
eddy2024.ddns.net
eddy2025.ddns.net

# Reference: https://x.com/Tac_Mangusta/status/1891784721325039827

http://198.12.123.6
http://217.160.17.80

# Reference: https://x.com/malwrhunterteam/status/1892156103120597363
# Reference: https://www.virustotal.com/gui/file/27631e88462342b700862d389d3068b166e0b30406cedb7b888d1900b7cc06d9/detection

194.59.31.47:5200
19.59.31.4:2500
2025keeptring.gotdns.ch
plmakeawa.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos (# 2025-02-22)

http://111.90.150.120
101.99.94.197:81
102.165.14.36:2404
103.186.117.159:48453
103.195.236.246:9462
103.20.235.209:22331
104.168.141.89:33162
104.234.204.180:2404
104.243.242.236:1692
104.250.169.100:3191
104.250.169.102:3191
111.90.150.120:21
134.122.23.251:2404
140.238.207.208:2247
141.95.123.139:2404
144.202.42.37:2002
144.202.42.37:2004
147.45.45.143:9090
157.20.182.51:56872
162.230.48.189:2404
162.251.122.83:2404
162.33.178.61:5000
172.111.137.68:2889
172.111.216.230:2405
172.111.216.66:2404
172.111.216.71:2404
172.111.244.104:8347
172.245.123.49:8690
172.94.53.178:17527
172.94.9.162:1962
172.94.9.167:1962
173.211.106.67:4860
173.249.39.212:8811
176.65.139.69:4040
176.65.139.91:2404
176.65.140.160:2404
176.65.140.25:2404
176.65.141.49:2431
176.65.141.64:443
176.65.142.123:443
176.65.143.154:2404
176.65.144.154:3077
178.215.224.15:2404
179.43.171.218:2000
181.131.219.42:2404
181.235.4.255:2404
185.140.53.140:2404
185.157.162.168:1990
185.157.162.168:1991
185.157.162.168:1994
185.157.162.168:1995
185.157.162.168:1997
185.157.162.168:447
185.157.162.168:557
185.196.10.153:2404
185.196.10.153:5000
185.202.173.24:5824
185.208.156.45:2404
185.38.142.181:443
185.7.214.250:2404
186.169.38.94:8888
186.169.51.98:8888
188.127.225.33:5637
191.101.130.60:2404
191.101.51.120:30233
191.101.51.149:2404
192.142.18.166:2404
192.210.150.24:5590
192.3.176.136:2404
192.3.179.143:2404
192.3.243.143:6878
193.142.146.179:2404
193.23.3.29:1570
193.23.3.29:2404
193.23.3.29:8888
193.26.115.83:2404
194.59.30.80:5930
194.59.31.111:46167
194.59.31.126:3939
194.59.31.30:3939
194.59.31.62:3939
194.59.31.64:3939
196.251.118.14:2404
196.251.118.49:2404
196.251.118.49:789
196.251.81.45:40124
198.12.81.146:7643
198.135.50.224:53648
198.135.51.176:49950
204.10.160.190:2404
204.10.161.144:2404
206.123.150.192:2405
206.123.150.225:2404
206.123.150.225:2405
206.123.150.72:2405
206.123.152.34:3191
206.123.152.43:3191
206.123.152.48:3191
216.250.252.33:60309
23.94.253.2:2404
23.94.82.22:5890
31.58.169.232:2404
37.120.208.40:56379
45.144.214.126:4126
45.149.241.85:2404
45.61.166.182:2404
45.62.170.61:2404
45.66.248.181:2404
46.183.222.85:49327
46.246.86.12:2404
5.181.157.26:40000
5.181.157.26:587
5.181.158.24:21
5.181.158.24:40000
5.181.158.24:60000
5.45.67.76:1212
5.78.119.141:2404
5.78.125.211:2405
51.38.119.244:2404
51.89.177.234:2404
62.60.226.49:1115
64.23.156.231:2404
67.203.7.163:3320
79.110.49.89:4251
8.209.221.211:51977
8.209.221.211:9161
82.115.223.170:2404
88.119.171.163:2804
92.255.85.63:5004
92.255.85.63:5005
92.255.85.63:5006
93.123.118.7:2404
94.156.227.92:2404
99.79.64.127:2404
16enero.con-ip.com
0928fax.home-webserver.de
amuntgroupfree.ip-ddns.com
ardhragirliamhereforudear.duckdns.org
austin99.duckdns.org
bangerr.duckdns.org
benhenry2234.zapto.org
donato.con-ip.com
elyeso.ip-ddns.com
fidelity123.zapto.org
figonenye.duckdns.org
greatkindnessfromgodcoming.duckdns.org
halelgeeh8iugoty1.duckdns.org
halelgeeh8iugoty2.duckdns.org
halelgeeh8iugoty3.duckdns.org
halelgeeh8iugoty4.duckdns.org
heksaa3030.redirectme.net
kavemarb99juyet1.duckdns.org
kavemarb99juyet2.duckdns.org
kavemarb99juyet3.duckdns.org
kavemarb99juyet4.duckdns.org
kavemarb99juyet5.duckdns.org
kavemarb99juyet6.duckdns.org
knoxinvestmentandsales.com
lala2025.duckdns.org
moneyluck.ddns.net
naps.is-into-games.com
newgoodthingsforkbhh.duckdns.org
odg01.is-a-landscaper.com
oktoviyanto.ddns.net
pinkandgreen87.info
readysteaurants.com
remaboki2025.duckdns.org
remcosf2025.duckdns.org
riversyakos.freeddns.org
rmc1995.duckdns.org
sales778.bounceme.net
service-transfert.duckdns.org
supersoftin.duckdns.org
tama333.duckdns.org
tjwpn04kn.localto.net
ugobelube.duckdns.org
whatgodneedtogiveme.duckdns.org
xbbxzqaw.ddns.net

# Reference: https://www.virustotal.com/gui/file/f828561f75ee664450e1aac29256aa0aff6bd349232f98d33048dde78c0962bf/detection
# Reference: https://www.virustotal.com/gui/file/82bc0c4cea63170035dae4e9960b8403cc86a55ce96e763514206d612b57bf78/detection
# Reference: https://www.virustotal.com/gui/file/31b4230ab0b1e15b55948c13c881ac07627b49cbf2cddd29bef7e527536896b4/detection

176.65.141.238:3124

# Reference: https://x.com/ShanHolo/status/1894398314063225112
# Reference: https://www.virustotal.com/gui/file/db65ec3e55dbc789c0a2edeefe3ff5fb294394abb884b0ccfac5aabb47808c7f/detection
# Reference: https://www.virustotal.com/gui/file/898ff8e379b963f1eadd3d9ff45367e14b11538409fc7cbfea81362bcfe1e282/detection

http://198.46.177.136
http://217.154.84.12
192.169.69.26:56487
216.9.225.75:56487
216.9.225.75:8046
m-anm09-bmernm2437mnkbsgd.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1896546596051095765
# Reference: https://www.virustotal.com/gui/file/c999f22918026ac125f994e2552bc1d44d8ad24a22749f8d4bf350f565d3cf89/detection

193.9.36.1:2404
193.9.36.1:2500
193.9.36.1:5200
194.59.31.40:2404
baddieszn.duckdns.org
bahadii.duckdns.org
conquer25.duckdns.org
unforseen.duckdns.org

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-10-IOCs-for-Remcos-RAT-activity.txt
# Reference: https://www.virustotal.com/gui/file/f6946b226d21d0f716980980d61ef1a6ca429bed0c42c4ad51c9d813ee626469/detection

206.123.152.51:3980
hftook7lmaroutsg1.duckdns.org

# Reference: https://x.com/skocherhan/status/1899652730609696945
# Reference: https://www.virustotal.com/gui/file/489a4758ea8e46736dc0f67da790eeba6d5244de889dcee5ff49dcd6e9929736/detection
# Reference: https://www.virustotal.com/gui/file/7feca68aa30931d5af1378f39e194f9e7076df3073402d6fa31a48b60836ae16/detection
# Reference: https://www.virustotal.com/gui/file/e19cb28e2b13040569000ef6fa44841a804b3b122a34db5c711131a2c9106b81/detection

http://147.124.213.50
185.196.9.173:52507
remyma.duckdns.org

# Reference:

http://177.136.225.183
http://196.251.73.236
103.178.235.40:2404
103.186.101.114:2404
103.186.117.159:48454
103.186.117.228:9373
103.186.117.238:9373
103.186.117.61:2404
103.195.236.246:2404
103.198.26.21:2404
103.198.26.222:9373
103.198.26.27:9373
103.20.235.209:2401
104.168.133.74:9349
104.219.234.172:2404
104.234.70.147:2404
104.243.254.101:2404
104.245.145.253:60142
104.245.240.123:2404
104.245.240.212:2404
104.250.169.68:2404
104.250.169.70:2404
104.250.169.99:3191
107.172.148.197:14645
107.178.106.121:2404
118.31.229.51:8080
130.0.33.93:21280
131.226.2.137:2404
134.122.23.251:8508
135.125.189.140:1040
135.125.189.140:1041
135.125.27.227:2404
144.202.42.37:2005
146.185.233.97:6856
147.124.211.21:2404
147.124.215.24:2535
147.124.217.110:2404
149.56.71.55:2404
15.204.0.108:4607
15.204.130.251:443
155.254.245.47:25
155.254.245.47:8080
161.35.56.10:2405
162.230.48.189:8848
162.251.123.215:2404
163.5.112.79:7070
163.5.32.138:5050
163.5.32.138:7070
163.5.32.240:30360
164.92.163.239:4567
164.92.84.107:2404
172.111.137.66:1962
172.111.137.68:1962
172.111.216.79:2404
172.111.232.229:8201
172.111.232.230:8201
172.245.93.118:45990
172.81.132.221:2024
172.81.132.221:2404
172.81.132.221:6699
172.93.165.173:2404
172.93.218.189:2404
172.94.111.109:2404
172.94.125.137:2405
172.94.17.217:2404
172.94.17.217:888
172.94.53.74:8080
172.94.9.165:57484
172.94.9.172:1962
172.94.9.174:1962
172.94.9.179:1962
172.94.9.227:5671
172.94.9.232:5671
173.214.167.56:7335
173.214.167.78:2404
173.225.101.112:7394
173.249.204.156:2404
176.65.134.223:2404
176.65.134.66:443
176.65.139.107:1313
176.65.139.78:2404
176.65.140.174:8090
176.65.141.249:80
176.65.142.140:3990
176.65.142.28:8080
176.65.142.81:9090
176.65.144.183:3256
176.65.144.188:30473
176.65.144.192:4573
176.65.144.26:2404
176.65.144.26:2405
176.65.144.7:2404
176.65.144.84:1921
178.162.156.169:2020
178.73.192.3:2404
178.73.218.20:2404
179.13.0.133:2404
179.13.1.59:2404
179.43.171.220:3390
179.43.171.220:3396
181.131.218.182:2404
181.214.48.187:2404
181.235.178.232:8888
181.235.189.1:8888
184.75.221.171:54190
185.128.227.28:4444
185.150.189.167:2051
185.157.162.126:1777
185.189.151.74:2404
185.196.10.242:2967
185.202.173.24:2404
185.234.72.215:3333
185.7.214.9:2404
186.169.33.22:2404
186.169.51.98:2404
186.169.87.220:2404
186.169.90.226:2404
188.127.224.20:4578
190.144.146.90:4020
190.144.146.90:5508
190.144.146.90:5509
191.101.51.7:2404
191.96.78.180:2404
191.96.78.250:2404
192.169.69.26:23458
192.169.69.26:63521
192.227.246.70:1988
192.3.146.153:1243
192.3.146.153:14645
192.3.146.153:443
192.3.146.153:465
192.3.176.138:57668
192.3.179.143:14645
192.3.220.21:2404
192.30.89.67:52682
192.52.242.31:2404
193.142.146.118:2404
193.142.146.168:6691
194.187.251.115:52682
194.59.31.211:1818
195.177.94.100:8080
195.211.191.150:3981
195.211.191.157:1987
195.211.191.39:1987
196.251.69.224:2404
196.251.69.251:80
196.251.69.63:2721
196.251.70.41:2404
196.251.70.67:789
196.251.80.197:3914
196.251.80.28:2404
196.251.84.215:2404
196.251.84.215:789
196.251.87.253:3409
196.251.88.124:2404
196.251.92.106:47666
196.251.93.4:2404
198.12.81.137:1070
198.12.81.137:14645
198.12.81.137:14646
198.12.81.137:7070
198.12.89.160:14645
198.12.89.21:14645
198.135.50.146:59786
198.135.52.171:4433
198.37.105.224:45699
198.44.134.4:52682
198.46.178.132:16446
198.46.178.132:16454
204.10.160.193:2404
206.123.152.40:3191
206.123.152.66:7070
207.244.225.2:25608
209.159.154.50:2505
212.162.149.125:2404
212.232.22.174:2404
213.152.161.181:14087
213.199.55.238:8888
213.209.150.10:2404
216.219.80.142:6060
216.9.226.167:1280
23.95.106.22:2222
23.95.60.124:14645
31.56.110.131:2404
31.57.166.58:443
31.57.166.72:443
37.221.64.232:20201
37.27.215.10:1331
38.114.114.231:5470
4.201.156.203:2404
41.216.188.247:2606
43.226.229.205:2404
43.226.229.206:2404
43.226.229.207:2404
45.137.22.227:2404
45.144.212.83:1987
45.154.98.113:23101
45.158.8.193:2404
45.185.208.131:2404
45.74.46.35:3980
45.74.46.37:2404
45.74.46.39:3990
45.92.1.33:2404
45.94.31.203:2404
46.183.222.30:2404
46.183.222.61:2404
46.246.86.8:2404
47.239.64.74:2404
5.181.157.26:21
5.181.157.26:60000
5.181.158.24:587
5.249.164.16:2404
51.195.193.143:443
51.81.149.203:5520
62.171.159.81:5671
64.23.171.108:2404
64.23.173.210:2404
66.150.198.157:2404
66.150.198.182:2404
66.55.75.102:4000
67.211.208.114:32024
68.168.31.113:2404
69.61.84.210:2404
74.50.94.137:2105
74.50.94.137:3727
74.50.94.137:5938
74.50.94.137:9774
79.142.69.160:52682
8.209.221.211:28538
81.19.131.86:6856
81.19.131.95:6856
81.19.216.134:443
87.121.84.251:2404
89.23.108.220:443
89.238.150.43:52682
89.40.31.15:9373
91.135.156.200:8109
91.219.148.89:2017
91.235.142.33:2404
93.123.118.14:2404
93.123.118.40:2404
93.123.118.8:2404
95.217.62.121:2404
185-38-142-181.cprapid.com
21ene.ip-ddns.com
253762ju6.duckdns.org
355eed608bbd.duckdns.org
5386528bst.duckdns.org
6382nh268.duckdns.org
64rf3782wv.duckdns.org
89fc437.duckdns.org
akwabalam.duckdns.org
angel182394.ru
angel32423.ru
blackbirdessential.cloud
bumojanuary2025mi.ddns.net
cgzqztmr.duckdns.org
e3uy8orhd0i.duckdns.org
feb2025isblessed.duckdns.org
fmanslaq9t1.duckdns.org
freebirdkissingonmylipswithnicefeelings.duckdns.org
freshserver.ddns.net
frontofficefax20.home-webserver.de
ftook7lmoutsg2.duckdns.org
ftook7lmoutsg3.duckdns.org
ftook7lmoutsg4.duckdns.org
ftook7lmoutsg5.duckdns.org
g35gra2c2.duckdns.org
glitchhaven.tech
h4k9oc7d3.duckdns.org
hftook7lmoutsg1.duckdns.org
hftook7lmoutsg2.duckdns.org
hftook7lmoutsg3.duckdns.org
hftook7lmoutsg4.duckdns.org
hftook7lmoutsg5.duckdns.org
hiplexus.punkdns.top
interestedthingsforkissinggirlwithloves.duckdns.org
january2025mi.ddns.net
johngavin2311860.ddns.net
johngavintwo1860.duckdns.org
joukslk44flotwo25.duckdns.org
ke2ce0der1an.duckdns.org
los10mejoresgeneradoresdecdigode.duckdns.org
m438326t9.duckdns.org
masterpoldo0354.kozow.com
myhost001.myddns.me
n047t2l3m8.duckdns.org
nwmmww0oaksod00.duckdns.org
ortain7histas1.duckdns.org
ortain7histas2.duckdns.org
ortain7histas3.duckdns.org
ortain7histas4.duckdns.org
ortain7histos1.duckdns.org
pasjanuary2025mi.ddns.net
pisses.duckdns.org
qamspby9t.duckdns.org
qwertyuioplkjhgfdsazxcvbnm.ydns.eu
rcxd.access.ly
rcxd.airdns.org
realsw.jumpingcrab.com
realsw.mooo.com
realsw.strangled.net
realsw.ydns.eu
realws.ydns.eu
rediffclip.duckdns.org
richdardtyyue.duckdns.org
sarok7lmoutsg1.duckdns.org
sarok7lmoutsg2.duckdns.org
sarok7lmoutsg3.duckdns.org
sarok7lmoutsg4.duckdns.org
sarok7lmoutsg5.duckdns.org
setjanuary2025mi.ddns.net
sphayer66jugaru1.duckdns.org
subddfg.lol
sun-anime.gl.at.ply.gg
sunrisebcg.duckdns.org
thyssenrkupp.com
tuck.work.gd
tvrcecbegny.tvrcemeheff.euinnos.com
tvrcehcwdg.tvrcemeheff.euinnos.com
tvrcehervw.tvrcemeheff.euinnos.com
tvrcehervw2.tvrcemeheff.euinnos.com
tvrcemeheff.euinnos.com
tvrcemejeff.tvrcemeheff.euinnos.com
venitocamelo25.ddns-ip.net
verynicepeoplesforsweetkiss.duckdns.org
wedeawlaoko.duckdns.org
wemails1.casacam.net
wormbit.ydns.eu
y4hzb4pn4t.duckdns.org

# Reference: https://x.com/smica83/status/1902087891443966071
# Reference: https://www.virustotal.com/gui/file/1363680b09ab56b23c65e47f989988e3edcd92392398d20a0935652efdf32b70/detection

http://81.19.131.86

# Reference: https://x.com/skocherhan/status/1902169352729768255
# Reference: https://www.virustotal.com/gui/file/83cc9395582825c673c7738afbb9f53a95b83aeb21365ad42703bcedf1ded219/detection

191.88.252.140:30204
191.88.252.140:30805
computador12.ddns-ip.net

# Reference: https://x.com/skocherhan/status/1903663743608730026
# Reference: https://www.virustotal.com/gui/file/15627a894811556dd8e5f9c8af8bc8205d503673c41fd65076398ed1738a1717/detection

196.251.69.63:2721

# Reference: https://x.com/skocherhan/status/1903968293997658584
# Reference: https://www.virustotal.com/gui/file/041b5d7d9326495a95264aeb63bb5ec66ec6f7c9342da886577d8b910a57645d/detection

216.9.225.133:20930
makersoer.ydns.eu

# Reference: https://x.com/skocherhan/status/1904024191071883598
# Reference: https://www.virustotal.com/gui/file/eac9a7b99bdc97b3566c834c55c275ad420a50bd8828e3b77226976529e8157c/detection

192.3.232.40:14645
newstartofthisyearforrichmillionairegoodfordream.ydns.eu

# Reference: https://x.com/skocherhan/status/1903972594316964124
# Reference: https://www.virustotal.com/gui/file/b71900a845d1fbfe8d6e40957af57a77e8eaee3a0ff2cf7dcfcf04c9b49dc992/detection

216.9.225.133:10890

# Reference: https://x.com/skocherhan/status/1903937436608049328
# Reference: https://www.virustotal.com/gui/file/1c9d34307f9492a0257d5e3f6eec997c6fd1d92dee13f9bff785a62645fa7cce/detection

192.3.64.144:1070
192.3.64.144:14645
192.3.64.144:14646

# Reference: https://x.com/skocherhan/status/1906763810121429111
# Reference: https://x.com/skocherhan/status/1906770378128544114
# Reference: https://www.virustotal.com/gui/file/2ab78e5d801c37d36d0941f74105bbb49917a89761b104527acc594faf95dc3a/detection

177.255.84.37:1512
181.131.219.241:30204
191.88.252.140:6015
asdasdsf.con-ip.com
betolopez1548.giize.com
camilocarrascallora09.camdvr.org
carlosmisad.giize.com
josemenbrenia.gleeze.com
josemihuelavisca.giize.com
lusmancaraca.ddnsgeek.com
usuariofebrero25.dedyn.io

# Reference: https://x.com/ShanHolo/status/1910297684004515918
# Reference: https://www.virustotal.com/gui/file/c7bdef6f72689a3279cfbd4a47882019055e0138cdb2ab229cdb96f9ed541196/detection

154.39.0.198:2404
courieerexpress.com

# Reference: https://x.com/skocherhan/status/1911202151541440901
# Reference: https://www.virustotal.com/gui/file/12c076c3848a80e588f154079097b5141e4cd3e1310a1ed0cc9e13f268ab4e69/detection

20.121.52.1:5707
20.121.52.1:5708
20.121.52.1:5709

# Reference: https://x.com/skocherhan/status/1911245810668364051
# Reference: https://www.virustotal.com/gui/file/dd19e61d163a4f60de99634b57d4732a338efb745677654b55f1cb06d801b590/detection

dominocloudplatform.com
insdriveupdates-360.com

# Reference: https://x.com/skocherhan/status/1911234216525812061
# Reference: https://www.virustotal.com/gui/file/0442e74e9379e1c90ef02722b3c3e48ec747e2a44ec560bfe6042e96ff82e769/detection

66.113.31.17:7547

# Reference: https://x.com/skocherhan/status/1911204840950087997
# Reference: https://www.virustotal.com/gui/file/0ca1ef32893f31cbb8d35de5a5fd67ce40f1d684dcaf914da0a13d58410b54eb/detection
# Reference: https://www.virustotal.com/gui/file/ec19f883779f0c42c6de71d4b1954e1661ae30b54eedd864d7f4f90d87723b2f/detection

194.59.30.170:2558
silsaaadddddfgghjkloiujujuhyhy.ydns.eu

# Reference: https://x.com/malwrhunterteam/status/1911752298079965207
# Reference: https://www.virustotal.com/gui/file/e89e4d9fec98799eaab37f3cb8c4afb00af81debe5db6b47fa60422d4cb2a846/detection
# Reference: https://www.virustotal.com/gui/file/e98e26061333a1336931d20edc45c8e7a4e7a278f730bfc4254a4116098bb277/detection
# Reference: https://www.virustotal.com/gui/file/6c7ee17e9b7a4a09280f2768d9cef4f84f8a22ffdb97c41a418e807d62f4f379/detection
# Reference: https://www.virustotal.com/gui/file/447121dbb6238969d1f814840363d4c3dbe916d60edd59f811d51b8d879dfae2/detection

190.144.146.90:2204
preplyg.com
preplyg.preplyg.com

# Reference: https://www.virustotal.com/gui/ip-address/190.144.146.90/relations

imaxatmonk.com
piizaparquinq.info
pizzafshaioin.info
referenwo.com
reposterializzart.info
zongamervid.com
imaxatmonk.imaxatmonk.com
productos.zongamervid.com
referenwo.referenwo.com
restaurantes.pizzafshaioin.info
servicio.reposterializzart.info
servicios.piizaparquinq.info

# Reference: https://www.virustotal.com/gui/ip-address/181.49.85.74/relations

blockbuster1.cc
chocomelos.live
jturbay.design
kellogspremiun.tech
lgsarmien.net
multiserv.lol
nomcol.tel
pizzaintegril.info
superbol.name
teamsf.team
domiciliox.pizzaintegril.info
dulcerna.chocomelos.live
nomcol.nomcol.tel
lgsarmien.lgsarmien.net
superbol.superbol.name
recursoshumanos.jturbay.design
teamsf.teamsf.team
multiserv.multiserv.lol
zucaritas.kellogspremiun.tech
rebiull.blockbuster1.cc

# Reference: https://x.com/malwrhunterteam/status/1911892461032706378
# Reference: https://www.virustotal.com/gui/file/b5e0484e09ad61c26f50631cdc80037a9d3a8fe818c1f15fb3d8114b1aa661fe/detection
# Reference: https://www.virustotal.com/gui/file/b5e0484e09ad61c26f50631cdc80037a9d3a8fe818c1f15fb3d8114b1aa661fe/detection
# Reference: https://www.virustotal.com/gui/file/f4e416c4ed2ed71704ecda3803bb5e51e4e7db8894fe62ee64bba8ead9ced9e9/detection

http://38.180.49.238
38.180.49.238:5921

# Reference: https://x.com/skocherhan/status/1912121454587421121

bocamur1chagbbg.shop
encioxxlx1.online
stnvlt.shop
sac2.stnvlt.shop
suporte3.bocamur1chagbbg.shop
suporte4.encioxxlx1.online

# Reference: https://x.com/skocherhan/status/1912117955145462184
# Reference: https://www.virustotal.com/gui/file/e9cf41d90fadc126d1108a04799943b53828824e0daa231c490d78f416a74650/detection

185.236.231.64:1089

# Reference: https://x.com/skocherhan/status/1911880476307882274
# Reference: https://www.virustotal.com/gui/file/f752acfa771ea440599615ba590fb07942fa856bb5753702cbf8f8fb607b8b67/detection

196.251.73.133:4257

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-04-27)

101.99.75.103:2404
103.186.101.114:1884
103.186.101.114:8550
103.186.117.178:9373
103.28.89.34:10101
103.47.146.161:3222
103.83.87.167:13405
103.83.87.167:13406
103.83.87.190:5817
104.168.33.19:2404
104.219.239.2:2404
104.245.240.158:2404
104.249.131.230:2404
104.250.169.66:2404
104.250.169.68:1962
104.250.169.98:2404
104.37.4.100:6000
104.37.4.100:6001
104.37.4.100:6002
104.37.4.101:6000
104.37.4.101:6001
104.37.4.101:6002
104.37.4.27:2404
107.150.0.72:2404
107.172.148.197:14646
107.172.4.163:2404
107.174.65.156:2404
107.175.32.184:2404
107.175.32.184:2405
107.175.32.185:2404
107.175.32.185:2405
108.171.192.252:2404
108.171.194.157:2404
108.181.199.101:2404
109.120.137.79:101
109.120.137.79:404
109.120.137.86:101
109.71.252.89:2404
135.125.27.232:2404
138.124.89.153:41555
138.201.196.83:7080
140.228.29.33:2404
144.172.92.114:2404
144.172.92.114:25
144.202.42.37:2003
144.208.127.241:1313
146.185.239.84:59111
146.70.58.162:61166
146.70.67.66:6513
147.124.211.121:50322
147.124.214.10:19712
147.124.214.238:1223
147.124.214.238:21
147.124.214.238:2683
147.124.216.223:5577
147.185.221.26:40252
147.93.146.25:2404
148.113.214.176:2409
15.204.130.251:2404
151.242.69.69:443
152.204.228.76:8888
154.26.154.57:2404
160.30.192.52:2404
163.5.160.87:443
172.111.131.195:2404
172.111.131.46:46167
172.111.137.163:46167
172.111.137.164:46167
172.111.137.165:46167
172.111.139.117:2405
172.111.139.254:2404
172.111.150.197:3872
172.111.162.48:1995
172.111.187.45:8201
172.111.189.21:5671
172.111.189.22:5671
172.111.213.197:1950
172.111.213.6:51485
172.111.244.134:46167
172.111.244.147:46167
172.111.244.162:2404
172.111.244.163:2404
172.111.250.17:2024
172.245.25.184:2404
172.81.132.221:2121
172.93.218.191:2404
172.94.111.240:2404
172.94.111.34:2404
172.94.122.71:1962
172.94.17.217:26076
172.94.53.162:1361
172.94.53.67:3191
172.94.53.68:3191
172.94.53.69:3191
172.94.9.164:1962
172.94.9.165:1962
172.94.9.177:1962
173.212.220.5:1781
173.214.166.105:4352
173.214.166.105:5525
173.225.102.145:5938
173.225.102.145:8172
173.225.102.152:23128
173.225.102.26:2505
173.225.103.138:30300
173.225.103.138:30370
173.225.103.138:30380
173.225.103.138:7070
173.225.99.47:3858
173.225.99.47:6349
174.138.190.94:6217
176.65.134.115:2404
176.65.134.169:4700
176.65.134.39:3124
176.65.134.41:2413
176.65.134.7:2404
176.65.134.7:8808
176.65.139.78:1952
176.65.139.88:4688
176.65.139.88:4689
176.65.141.138:443
176.65.141.162:2758
176.65.141.249:443
176.65.142.14:6060
176.65.142.27:4054
176.65.143.147:2404
176.65.144.143:5800
176.65.144.154:7070
176.65.144.19:2404
176.65.144.200:6426
179.13.1.59:6189
179.13.5.203:8040
179.13.9.223:2404
179.43.176.3:3390
179.43.176.3:3393
179.43.176.3:443
179.61.237.133:2404
179.61.237.133:9090
18.222.49.62:3755
181.131.216.154:2016
181.235.162.205:8888
181.235.212.139:7704
182.237.50.200:443
183.82.155.7:2025
185-38-142-128.cprapid.com
185.156.175.60:42827
185.157.162.21:59111
185.157.162.22:59111
185.165.170.222:2404
185.189.112.27:2758
185.196.220.56:2404
185.208.156.45:14646
185.208.159.165:2404
185.236.231.168:443
185.236.231.64:2404
185.244.29.219:2404
185.244.30.101:2404
185.244.30.97:2404
185.29.8.45:2404
185.38.142.128:443
185.49.126.133:2404
186.169.80.207:2404
186.169.81.137:8888
186.169.89.162:8888
188.93.233.42:2404
191.101.130.246:2404
191.235.90.134:2404
192.142.0.149:443
192.159.99.119:1000
192.169.69.26:52190
192.169.69.26:57376
192.177.111.67:2404
192.227.168.165:1070
192.227.168.165:14645
192.227.168.165:14646
192.227.246.70:2017
192.253.246.132:443
192.3.101.149:6565
192.3.111.145:2404
192.3.118.5:2404
192.3.176.155:443
192.3.176.155:465
192.3.193.172:2404
192.3.64.144:7070
192.52.242.41:443
193.124.47.250:9323
193.142.146.212:2404
193.142.146.35:2404
193.142.146.50:2404
193.142.146.70:2404
193.142.146.70:56004
193.222.96.222:2404
193.227.129.75:2404
193.23.3.29:38999
194.102.105.105:2404
194.26.192.250:1000
194.37.97.148:2404
194.56.225.6:2404
194.59.31.127:1818
194.59.31.149:2571
194.59.31.18:2026
194.59.31.217:17527
194.59.31.31:2500
194.59.31.60:2404
194.59.31.60:2500
194.59.31.69:2571
194.59.31.74:17527
194.59.31.92:1818
195.211.191.54:3981
196.251.115.182:2404
196.251.116.111:2721
196.251.116.149:4507
196.251.116.158:4507
196.251.116.166:2404
196.251.116.171:2404
196.251.116.172:2404
196.251.116.190:2004
196.251.116.190:2404
196.251.116.190:4507
196.251.116.201:2007
196.251.116.218:2007
196.251.116.218:2404
196.251.116.236:2404
196.251.116.245:2721
196.251.116.253:2404
196.251.117.26:44717
196.251.117.88:2404
196.251.118.76:4752
196.251.69.136:3421
196.251.69.251:2404
196.251.69.85:2404
196.251.70.239:2404
196.251.70.94:43213
196.251.71.150:2404
196.251.71.155:2404
196.251.71.248:2404
196.251.72.108:2404
196.251.72.143:2404
196.251.72.54:2404
196.251.73.130:2404
196.251.73.153:2404
196.251.80.124:2404
196.251.81.176:2404
196.251.81.9:5555
196.251.83.183:2721
196.251.83.79:7812
196.251.85.180:4098
196.251.86.105:2404
196.251.86.234:5555
196.251.86.242:2404
196.251.86.31:35889
196.251.86.41:2404
196.251.87.237:2404
196.251.87.24:2404
196.251.88.99:2404
196.251.90.107:44839
196.251.92.17:58882
196.251.92.49:51010
196.251.92.62:2404
196.251.92.84:2404
196.251.92.84:45111
196.251.93.44:47666
198.12.89.160:443
198.12.89.160:465
198.135.50.66:2404
198.144.189.79:2404
198.167.193.86:54984
198.167.198.12:8817
198.244.224.198:2404
2.39.166.250:2404
20.199.42.42:2404
204.10.160.146:49263
204.10.160.164:4545
205.209.122.85:2404
206.123.152.100:46167
206.123.152.106:2565
206.123.152.111:2026
206.123.152.36:3191
206.123.152.38:3980
206.123.152.41:3191
206.123.152.47:3191
206.188.197.211:2404
206.189.158.128:6513
208.64.33.139:8080
208.64.33.74:443
208.64.33.74:8080
212.162.149.10:42123
212.162.149.99:2404
216.250.248.203:1988
216.9.225.133:48905
216.9.225.133:49067
216.9.225.133:57089
216.9.225.133:57090
216.9.225.163:24040
216.9.225.163:34040
216.9.225.163:44040
216.9.225.163:57090
216.9.225.168:13405
216.9.225.168:13406
216.9.225.168:13498
216.9.225.168:13646
216.9.225.168:13647
216.9.225.168:13960
216.9.225.168:13961
216.9.225.168:14646
216.9.225.168:14656
216.9.225.168:14658
216.9.225.168:34040
216.9.225.168:34050
216.9.225.168:7070
216.9.225.172:7070
217.138.212.60:53956
217.64.149.45:2404
23.148.144.163:7897
23.175.50.123:5884
23.175.50.77:5568
23.95.235.13:2404
24.152.38.198:2404
27.124.6.49:2404
3.99.173.173:2404
31.220.81.57:2404
31.57.33.159:2404
37.1.207.4:1415
37.1.207.4:1708
37.1.207.4:1709
37.120.151.102:27375
37.252.14.141:4242
37.252.14.141:5454
38.102.9.64:23074
38.242.155.5:2404
38.242.208.134:2425
38.242.248.109:2404
43.134.86.188:4522
43.226.229.198:2404
45.11.78.115:10000
45.11.78.116:10000
45.11.78.142:10000
45.125.12.194:2404
45.125.12.194:8080
45.125.66.57:34509
45.134.140.70:56809
45.141.215.102:2404
45.141.233.95:8801
45.144.214.123:6374
45.230.255.103:8000
45.61.136.244:443
45.62.170.96:2404
45.74.15.228:3402
45.74.46.34:46167
45.83.31.38:4000
45.88.186.118:2404
45.88.186.43:2404
45.88.186.77:2404
45.88.91.214:4500
45.88.91.69:3434
45.94.31.80:2404
47.121.120.18:2404
49.13.68.31:49136
5.175.234.25:4444
5.181.157.176:21
5.181.157.176:33389
5.181.157.176:55555
5.181.157.69:21
5.181.157.69:33389
5.181.157.69:55555
5.206.224.118:8080
5.206.224.118:8443
5.45.73.40:1212
5.8.18.103:6856
51.89.177.234:443
52.9.229.248:443
54.39.19.186:443
54.39.19.186:47824
54.39.19.186:47826
62.113.200.214:7080
62.171.189.68:3402
62.60.226.101:40106
62.60.226.114:40103
62.60.226.139:30303
62.60.226.139:30304
62.60.226.139:30305
62.60.226.21:40106
62.60.235.90:42555
65.108.103.92:2404
65.108.103.92:8808
65.20.70.235:443
66.225.254.158:2404
66.248.206.248:2404
66.63.187.21:6299
67.207.161.246:48540
67.211.216.77:5555
68.168.223.108:30330
68.168.223.108:30380
68.168.223.108:7070
72.5.42.161:6666
77.110.106.17:443
8.209.221.211:55812
80.76.49.130:5000
80.76.49.131:5900
80.85.154.131:1122
82.24.182.111:9090
83.149.72.49:2405
84.196.87.46:2404
84.32.220.50:4468
84.38.134.37:2404
85.158.108.187:40106
85.158.108.187:40504
85.158.108.187:40506
85.192.49.163:2404
85.9.204.228:2404
86.54.42.119:2404
88.119.171.163:2020
89.238.176.4:57376
89.238.176.5:57376
91.223.3.141:2404
92.119.178.42:2404
94.26.90.48:443
94.46.246.66:76
95.216.118.42:2404
95.217.206.215:2404
95.249.183.252:2404
96.9.124.72:443
001remsw.ydns.eu
1x178p.duckdns.org
1x178pbk.duckdns.org
7908pt.4cloud.click
abby.work.gd
agwo.duckdns.org
agwo212.duckdns.org
allblessingcometome.freemyip.com
ambiopharmconsultingltd.com
amuselabs.duckdns.org
anaratiana.zapto.org
angel234se94.ru
angela2q32fds94.ru
angela2qwdw394.ru
angeladwedwefds94.ru
angeladwqwe94.ru
angelasdw12394.ru
audiorm6.duckdns.org
backup212.duckdns.org
backup419.duckdns.org
bartsbee.kozow.com
bb990a9a6fafe.duckdns.org
blancoestev27.duckdns.org
bras-gruppe.de
brugallant.duckdns.org
c43730v.duckdns.org
chys0m.duckdns.org
clickaccessme.com
confident-archimedes.179-43-176-3.plesk.page
craekuro.duckdns.org
dayoun2msrosit1.duckdns.org
dayoun2msrosit2.duckdns.org
dayoun2msrosit3.duckdns.org
dayoun2msrosit4.duckdns.org
dayoun2msrosit5.duckdns.org
dbauto.info
ddffg-52874.portmap.host
demo2025project.duckdns.org
dico.on-the-web.tv
dip.realmensw.com
directlygonow.com
dodon.ydns.eu
dr.is-gone.com
dukasbecomeagreatpersonwhowantotbecomegreatnessfor.ydns.eu
dum555.duckdns.org
dyndico.from-il.com
eloquent-babbage.185-236-231-168.plesk.page
eloquent-banzai.185-236-231-168.plesk.page
envio1997.duckdns.org
esteesnuevo2025.duckdns.org
ewumlaji.duckdns.org
fantasticnigth25.ip-ddns.com
fartgo21oursts1.duckdns.org
fartgo21oursts2.duckdns.org
fartgo21oursts3.duckdns.org
feb1sgr8.duckdns.org
funky333.duckdns.org
furia.camdvr.org
game-glory.gl.at.ply.gg
globalmail.dynuddns.net
goodgirlfriendgivenmebestgiftgorentireti.duckdns.org
goodthingswithgreathappinescomingsoon.duckdns.org
greattravelexperiencegettingfromthenewth.duckdns.org
gugrant-gu.duckdns.org
gugrant-gubk.duckdns.org
gugrant11.duckdns.org
gugrant11bk.duckdns.org
hajouts8koumis1.duckdns.org
hajouts8koumis2.duckdns.org
hajouts8koumis3.duckdns.org
hajouts8koumis4.duckdns.org
hajouts8koumis5.duckdns.org
hajouts8koumis6.duckdns.org
henlogs.duckdns.org
hftook7lmaroutsg2.duckdns.org
hftook7lmaroutsg3.duckdns.org
hftook7lmaroutsg4.duckdns.org
hftook7lmaroutsg5.duckdns.org
host160.newreport.org
http://185.236.231.168
http://192.142.0.149
http://198.144.189.79
http://23.94.82.22
http://65.20.70.235
idonetire.duckdns.org
ikechi2.duckdns.org
iniii.duckdns.org
iniiibk.duckdns.org
interestedthingsforkissinggirlwithlovesw.duckdns.org
ip143.ip-51-195-193.eu
ip251.ip-15-204-130.us
jamourtg6hansit1.duckdns.org
jamourtg6hansit2.duckdns.org
jamourtg6hansit3.duckdns.org
jamourtg6hansit4.duckdns.org
jamourtg6hansit5.duckdns.org
janbours92harbubreakthroughs.loseyourip.com
jlonjaretsartvonrohr.duckdns.org
kistore90.duckdns.org
klm20.zapto.org
latestrem.duckdns.org
leak-shop.cc
m2z5a7d.duckdns.org
mail.185-38-142-181.cprapid.com
mailhost.mysynology.net
makeyourchoice0808.online
male-shut.gl.at.ply.gg
massgrace2025.duckdns.org
mastertoto02f.kozow.com
mastertoto03a.kozow.com
metamask-recoveryform.185-236-231-168.plesk.page
michelgoodsupportingtems.duckdns.org
microwin.xyz
milala.duckdns.org
minerasicvalue.com
mold.justswgroup.com
moneyluck-transfert.freeddns.org
murtgu7kalos1.duckdns.org
murtgu7kalos2.duckdns.org
murtgu7kalos3.duckdns.org
musing-brown.185-38-142-181.plesk.page
myonline40804.duckdns.org
newfresh11223.duckdns.org
newsbloger1.duckdns.org
newsbloger2.duckdns.org
nextgenerationzynkobsupporterlovesgood.duckdns.org
nomass2024.duckdns.org
north-preference.gl.at.ply.gg
nvdiemozess.broke-it.net
nzobaku.ddns.net
obinwannedimna.ydns.eu
odumagamba.duckdns.org
oghupim.duckdns.org
oghupimpim.duckdns.org
oghupol.duckdns.org
oni17.duckdns.org
oni22.duckdns.org
othersinr.duckdns.org
parosh.didns.ru
pillardapper.duckdns.org
pipbinorel99.com
popbaggy.ignorelist.com
porsche-augsbrug.de
portmapaccountonline-51665.portmap.io
postmasterrelayserver.duckdns.org
qx1.duckdns.org
qx1bk1.duckdns.org
qx1bk2.duckdns.org
ramcourse.duckdns.org
rasuljon.ydns.eu
ratianaana701.bounceme.net
relentless.webredirect.org
relentlesswicked.duckdns.org
relentlesswicked.myvnc.com
rem001sw.ydns.eu
rem002sw.ydns.eu
rem25rem.duckdns.org
rem9rrr.duckdns.org
rem9rrr2.duckdns.org
remjouhs9kpiu1.duckdns.org
remjouhs9kpiu2.duckdns.org
remjouhs9kpiu3.duckdns.org
remjouhs9kpiu4.duckdns.org
remjouhs9kpiu5.duckdns.org
remsw.ydns.eu
rhymers.duckdns.org
roonye.ydns.eu
ruffella1122.duckdns.org
sangrodrinkinbottleporto.xyz
sendwaves.co
shukurov.ydns.eu
somsom22.duckdns.org
sphayer66jugaru2.duckdns.org
sphayer66jugaru3.duckdns.org
sptx.supportrmx.xyz
sptx1.dynuddns.com
streamingrpots.duckdns.org
sw004rem.ydns.eu
swertyhgvcfrdewsquiplkjmnb.ydns.eu
swrem.justswents.com
tamar.ydns.eu
tevzadze.ydns.eu
thenewbettercomabcktimecamefornewlifesta.duckdns.org
thewaygate.xyz
tla-auto.fr
tooljoke.top
trabajonuevos.duckdns.org
udogachile.duckdns.org
ugconsultanceltd.com
valromeximsrl.duckdns.org
verynicepeopleswithgreatnessgivenmebestthings.ydns.eu
vittaconsultants.com
vpn385336453.softether.net
vtrow.ydns.eu
vzprojekti.com
wealthyblessedma01n.duckdns.org
wealthyblessedman.duckdns.org
wolzppway.duckdns.org
wubalabla.duckdns.org
wv-as.de
xinroi.org
xxploitt.duckdns.org
zainezw.duckdns.org

# Reference: https://www.virustotal.com/gui/file/46bfe10b68307cc75464df5d4d06946ab2eb372a6e0fbd79a0e6adb9a5c439f9/detection

rickscottflorida.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-05-04)

104.37.174.16:2404
107.173.4.10:2404
111.90.150.101:4088
139.99.22.173:2404
144.172.94.163:2404
144.172.94.210:2404
147.189.128.43:2404
154.30.4.199:2404
157.20.182.60:443
172.111.137.167:2404
172.111.139.83:2405
172.111.244.103:8347
172.111.244.142:35889
172.245.208.17:14646
173.225.103.138:4047
173.225.103.138:8080
176.107.181.14:2404
176.65.134.30:7070
176.65.134.34:7070
176.65.140.153:2404
176.65.142.222:8080
185.101.38.39:2405
185.241.149.215:2017
185.244.30.100:4800
185.244.30.100:4801
185.244.30.100:4802
185.244.30.102:2404
185.38.142.101:443
185.39.207.40:2404
188.93.233.249:8088
191.101.51.29:2556
192.227.173.59:2556
193.227.129.75:6595
195.211.191.54:2404
196.251.116.226:2404
196.251.69.149:8000
196.251.72.64:5633
196.251.73.133:4752
196.251.73.236:80
196.251.73.23:5000
196.251.73.23:5001
196.251.73.23:5002
196.251.81.84:4000
196.251.84.214:8000
196.251.84.214:8001
196.251.85.124:2404
196.251.86.197:2404
198.135.49.120:2404
198.135.49.79:2404
198.54.129.52:6623
212.69.86.8:2404
213.209.143.57:2404
216.9.225.163:27070
216.9.225.168:13604
216.9.225.168:13605
216.9.225.168:14305
216.9.225.168:14306
216.9.225.168:14308
216.9.225.168:14309
3.96.152.27:2404
3.96.152.27:2535
37.114.63.40:2404
37.120.210.211:42830
45.134.48.104:2404
45.134.48.104:56002
45.141.233.95:7501
45.63.106.176:2404
45.74.15.226:3402
45.88.186.77:7232
62.60.226.21:30303
62.60.226.21:30304
66.63.187.166:2404
69.24.199.27:1800
79.110.49.33:1616
80.76.49.24:10505
82.21.158.147:9373
87.98.236.198:2404
89.117.77.234:2404
89.213.142.173:2404
96.9.124.219:5006
5502-3.duckdns.org
enviamelejos2025.kozow.com
klm21.zapto.org
mcjacademy.cyou
mxsunami.gotdns.ch
pureee.ydns.eu

# Reference: https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/

146.185.233.96:6856

# Reference: https://x.com/malwrhunterteam/status/1920076506614714756
# Reference: https://www.virustotal.com/gui/file/7153539f4a5ff245bb49723ac4bc7059f82b39be6690c516237e112d18135f9b/detection

45.74.19.10:1054
steveswiths.freemyip.com

# Reference: https://x.com/skocherhan/status/1922828815442628608
# Reference: https://www.virustotal.com/gui/file/79dc014b262d8a8b384655ab8ef69285fc18028684050701843efe2eea2bd107/detection
# Reference: https://www.virustotal.com/gui/file/558f5025b049b752804800440c4d3da358ddda232b50cee87133e079af175dc3/detection

209.54.102.162:2065
cecdubai.me
activenowdnsme.duckdns.org
backupdnsnow.duckdns.org
wdnsme.duckdns.org

# Reference: https://blog.qualys.com/vulnerabilities-threat-research/2025/05/15/fileless-execution-powershell-based-shellcode-loader-executes-remcos-rat
# Reference: https://www.virustotal.com/gui/file/3c35ec71596a34fc823394cb25c9715334cb8126c35d0491e08853d8db614921/detection

mytaxclientcopy.com

# Reference: https://x.com/malwrhunterteam/status/1926390382432026817
# Reference: https://x.com/Cyber0verload/status/1926989973137338419
# Reference: https://www.virustotal.com/gui/file/94bc0c01641801f258e207eca8227845f3f1c686e7394ce3864a6b2538b8eadb/detection

146.185.233.170:3928

# Reference: https://x.com/smica83/status/1926906152421351470
# Reference: https://www.virustotal.com/gui/file/ed3ea3727b6cbd1a9d61ada18691a1f818684cfe6176d7ec169382d3ba291669/detection

185.241.208.118:9683

# Reference: https://x.com/skocherhan/status/1927368649846780295
# Reference: https://www.virustotal.com/gui/file/144eea2b04b77c59b219ca2d9cfb622efccb3289302a23ef42f5aa8644bbd1d6/detection

192.169.69.26:3981
billionairegangs2025.freemyip.com
cashouttrades2025.duckdns.org
wealthybankinc2025.ddns.net
wealthybillionaireman.duckdns.org
wealthybillionaireman007.duckdns.org
wealthymanbanks007.kozow.com
wealthymindset007.freemyip.com

# Reference: https://x.com/skocherhan/status/1929127454448488664
# Reference: https://www.virustotal.com/gui/file/2409ec5a6e8f65fb8e54e0d47f1b7c8b0ba048d564a4257e48bd3d9350e99c08/detection

198.55.102.43:14646
mygoldenjorneyformeetteslagirlshebeautiy.duckdns.org
newjourneynewstartfreshthingforfuture.duckdns.org
sweetindianfestivalsessioncutegirlformel.duckdns.org

# Reference: https://x.com/James_inthe_box/status/1929560663963144661
# Reference: https://gist.github.com/silence-is-best/ede4c444ba406003642a99017274413d

185.196.10.162:2404
23.146.242.237:5817
enermax-com.cc
may2025.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-06-05)

http://103.157.28.180
http://194.180.158.119
http://5.252.178.248
http://80.77.25.233
103.131.131.92:2404
103.157.28.180:443
103.157.28.180:53
103.186.117.40:47666
103.237.86.82:53038
104.168.19.226:2404
104.168.5.47:2404
104.168.81.231:2404
104.234.114.229:2404
104.243.254.107:2404
104.243.35.242:2404
104.250.238.168:5200
104.37.172.225:14645
104.37.172.227:14645
104.37.4.100:2404
104.37.4.116:6011
104.37.4.116:6012
104.37.4.116:6013
104.37.4.117:4800
104.37.4.117:4801
104.37.4.117:4802
104.37.4.128:7010
104.37.4.128:7011
104.37.4.128:7012
104.37.4.139:2404
104.37.4.144:2404
104.37.4.150:6032
104.37.4.150:6033
104.37.4.27:4508
107.172.132.44:14646
107.172.132.44:14647
107.173.4.16:2561
107.173.4.8:2404
108.181.199.16:2404
109.120.137.229:443
109.120.137.229:7737
109.120.137.229:7795
109.248.144.228:2404
109.248.150.178:1604
123.58.218.108:3306
124.198.131.178:8888
124.198.131.190:4000
124.198.131.20:33332
124.198.131.44:2003
124.198.131.44:2006
138.255.160.200:2404
141.98.11.112:2404
142.147.97.44:45691
143.198.219.181:9373
144.172.100.101:2404
144.172.94.163:2427
146.70.137.90:3010
146.70.67.154:6513
146.70.67.74:6513
146.70.67.90:6513
147.124.213.156:3116
147.124.213.156:6148
147.124.219.201:2404
148.113.214.176:2404
148.113.214.176:4090
151.242.63.194:2404
151.242.63.92:2404
154.30.4.199:443
154.30.4.223:2404
154.39.0.186:2404
154.39.0.186:4488
154.39.0.186:6666
154.62.226.110:2404
154.62.226.110:2525
154.62.226.195:2404
154.62.226.195:2525
160.187.97.163:60101
160.191.215.55:45191
162.120.71.104:2404
162.246.185.77:4699
163.5.32.25:2404
163.5.32.80:2973
164.68.116.238:2404
165.22.63.8:6513
167.114.196.34:2404
167.114.25.64:2404
172.111.137.162:46167
172.111.139.42:2405
172.111.150.194:3872
172.111.189.20:5671
172.111.244.100:37830
172.111.244.102:37830
172.111.244.103:37830
172.111.244.98:37830
172.177.207.123:4720
172.177.207.123:4730
172.177.207.123:4750
172.177.207.123:8802
172.177.207.123:8804
172.177.207.123:8805
172.177.207.123:8807
172.245.208.27:1070
172.245.208.27:14645
172.245.208.27:2404
172.65.164.86:443
172.65.183.142:443
172.93.188.237:2404
172.93.189.89:2404
172.94.122.163:2404
172.94.125.34:5675
172.94.27.162:2404
172.94.53.66:3191
172.94.53.70:3191
172.94.9.164:3980
172.94.9.167:3980
172.94.9.180:1962
172.94.9.181:1962
173.225.100.207:2681
173.225.100.207:6382
173.225.102.145:9774
173.225.103.138:30360
175.114.122.123:443
176.123.10.41:7000
176.123.2.242:5939
176.65.134.78:45682
176.65.138.19:2080
176.65.140.129:3191
176.65.140.179:3191
176.65.141.185:2404
176.65.141.187:443
176.65.141.47:7070
176.65.141.69:443
176.65.141.93:9011
176.65.141.93:9012
176.65.141.93:9013
176.65.141.99:2404
176.65.142.105:2404
176.65.142.109:2404
176.65.142.114:2404
176.65.142.31:9090
176.65.142.90:2404
176.65.143.47:9373
176.65.144.72:2404
178.73.218.2:8090
178.75.102.190:1595
179.12.116.83:2404
179.13.0.197:2404
179.13.1.144:8088
179.13.10.247:2404
179.13.4.245:2404
179.14.13.169:2404
179.15.5.9:2404
179.43.176.3:3397
181.224.24.205:2405
181.235.15.197:1515
185.157.162.132:2404
185.157.162.132:443
185.196.8.100:1424
185.196.9.68:27374
185.208.159.176:57882
185.209.21.176:51024
185.223.31.73:443
185.234.67.205:6025
185.244.30.103:2404
185.244.30.120:2404
185.29.8.65:6374
185.49.126.223:2404
186.169.50.123:1515
186.169.63.68:8888
186.169.80.199:1515
186.169.82.245:8888
186.169.92.72:8888
188.214.39.228:10101
188.93.233.101:8443
188.93.233.221:9373
188.93.233.249:8443
191.96.207.235:2404
191.96.207.241:2404
191.96.224.154:2404
191.96.39.104:23082
191.96.39.104:23083
192.142.4.232:8443
192.153.57.112:5730
192.159.99.164:3003
192.169.69.26:5200
192.175.127.202:30486
192.3.171.198:14646
192.52.242.63:25
192.52.242.63:8080
193.143.1.155:8545
193.161.193.99:34383
193.186.4.126:49419
193.23.3.29:5552
193.23.3.29:7775
193.26.115.12:9323
193.26.115.199:2404
194.165.16.5:5000
194.180.158.119:10000
194.180.48.36:2404
194.37.97.148:1010
194.59.30.111:2404
194.59.30.197:1361
194.59.31.38:5200
194.59.31.46:2404
194.59.31.46:5200
194.59.31.57:2404
194.59.31.82:2404
195.133.194.205:2404
195.133.63.98:2404
195.177.94.76:2668
195.211.191.54:3980
195.82.147.97:443
196.251.115.153:3421
196.251.115.153:3431
196.251.115.185:43213
196.251.115.237:5000
196.251.115.237:5001
196.251.116.176:2404
196.251.117.129:84
196.251.117.82:2404
196.251.118.131:2005
196.251.69.149:8001
196.251.69.149:8002
196.251.69.222:2005
196.251.69.226:3421
196.251.71.144:2404
196.251.73.206:2404
196.251.81.26:34421
196.251.81.84:4001
196.251.81.84:4002
196.251.83.104:2404
196.251.83.60:8787
196.251.85.124:2004
196.251.85.124:4507
196.251.85.128:9090
196.251.85.225:2404
196.251.86.108:2404
196.251.86.199:2404
196.251.88.201:8545
196.251.92.126:443
196.251.92.58:61033
196.251.93.24:47666
198.12.83.91:40734
198.12.89.160:49152
198.135.50.1:2341
198.135.50.90:12361
198.135.50.90:2255
198.23.200.105:2404
198.55.102.43:14645
198.55.102.43:2404
198.55.102.44:14645
198.55.102.44:14646
198.55.102.44:2404
198.55.98.242:2404
2.58.56.182:443
202.148.53.179:2404
204.10.160.138:2404
206.189.158.128:6156
207.244.245.192:2404
209.54.101.183:9373
209.54.102.133:8076
209.54.102.170:5070
209.58.181.226:6513
212.162.151.143:2404
212.69.86.8:5061
213.209.150.174:2404
213.252.247.119:4422
216.219.84.165:3737
216.250.249.219:2267
216.250.251.93:49714
216.250.253.128:2404
216.250.253.13:2404
216.9.224.152:1024
216.9.224.152:3090
216.9.224.158:13403
216.9.224.158:13404
216.9.224.158:14305
216.9.224.158:14306
216.9.224.45:16465
216.9.225.163:13030
216.9.225.163:23030
216.9.225.163:33030
216.9.225.163:54040
216.9.227.170:1213
216.9.227.170:2013
216.9.227.170:6090
23.26.77.15:2404
23.27.48.77:2404
23.95.162.101:2404
27.102.127.136:443
27.102.127.137:443
31.42.184.188:4042
37.120.151.102:27374
37.120.206.165:51024
37.120.206.165:63513
37.120.206.166:63513
37.120.210.219:42830
38.18.229.197:2030
38.255.49.40:2404
38.60.217.111:5900
43.134.86.188:8533
43.160.205.144:8533
45.13.38.142:2404
45.132.107.36:2404
45.137.22.119:15302
45.138.16.81:1515
45.141.215.24:2404
45.141.215.91:2404
45.144.214.52:6379
45.145.42.194:2000
45.148.18.45:63513
45.148.18.46:63513
45.74.15.227:3402
45.74.15.230:3402
45.74.15.233:3402
45.80.158.95:2404
45.88.186.158:4000
45.88.186.30:2404
45.88.91.5:2404
46.101.236.176:1853
46.246.12.11:8090
46.246.14.2:8090
46.246.6.2:2404
46.246.6.5:8090
46.246.82.11:2404
46.246.82.11:8090
46.246.82.12:8090
46.246.82.16:8090
46.246.86.6:8090
5.249.160.134:2404
5.252.178.248:8080
5.61.59.56:5852
5.8.19.105:2404
5.8.19.8:60736
51.195.193.137:8545
51.38.146.210:3000
51.89.204.11:64387
54.39.19.186:47825
62.60.226.114:40102
62.60.226.140:30305
62.60.226.190:31114
62.60.226.190:41113
62.60.226.190:41119
62.60.226.190:41120
65.109.104.169:9330
67.21.33.209:9398
67.211.216.77:3396
67.211.216.77:9191
68.168.31.113:53284
68.235.43.14:58849
76.121.13.90:5353
77.102.235.44:8888
77.220.212.80:2404
77.83.207.163:5000
77.90.185.28:2404
78.70.235.238:2404
79.110.49.180:2404
79.110.49.198:2404
79.110.49.199:2404
79.110.49.5:2404
79.110.62.113:4836
80.76.49.13:10505
80.76.49.32:2404
82.57.194.217:2404
83.147.55.95:443
83.149.72.49:443
84.32.5.105:8000
85.239.244.98:2404
86.38.225.161:2404
86.95.214.105:3872
87.98.236.198:110
88.119.171.114:3999
89.238.176.5:53284
89.40.31.128:9373
89.40.31.225:9373
89.40.31.57:9373
89.57.131.77:2096
91.151.89.158:2404
91.206.169.79:2404
92.118.56.54:2404
94.102.49.177:5900
94.130.34.243:4042
94.156.112.223:55566
94.158.245.19:25
94.158.245.19:8080
94.198.96.166:52190
95.211.63.137:42713
95.217.150.23:2404
95.217.97.221:2404
0kul-62391.portmap.io
22wizz.duckdns.org
ab90001.ddns.net
activedns4rat.duckdns.org
ae-emiratesline.com
airtoncomeplast.duckdns.org
akzholpetroleum.xyz
alaye1.duckdns.org
alaye2.duckdns.org
alayeb3.duckdns.org
alayebambam.kozow.com
alayebambam1.kozow.com
alayebambam2.kozow.com
aneesh-technomakest.duckdns.org
aneesh-technomakestbk.duckdns.org
aneesh-technomakestbk2.duckdns.org
aneesh-technomakestbk3.duckdns.org
ankul.vmcentra.top
anuel123.kozow.com
apponflyd.duckdns.org
appxxssvc.duckdns.org
arhv920.de
asegurar8889rem.mysynology.net
assanalumlnyum.com
atgairport.com
azido.zapto.org
barraka-eg.com
besttrailwithgreatstartingpointforhimgvf.duckdns.org
biuropgcnc.duckdns.org
biuropgcncbk.duckdns.org
blogs77.zapto.org
bnmaks.duckdns.org
brutico2025aprende.kozow.com
byamba.webredirect.org
califriendsasaaas.ydns.eu
cashmoneyinc2025.casacam.net
cdlink3.duckdns.org
cestfinidns.vip
corina2contracte.duckdns.org
corina2contractebk.duckdns.org
cursuve.ddns.net
darlon2025.duckdns.org
dejlan1290.com
diebucker2455.de
doncu2029.duckdns.org
dripnfinesse.duckdns.org
ees-ro.com
eleop927.de
elfin.duckdns.org
elrey051526.kozow.com
emailserverfortuakas.duckdns.org
envio8092.duckdns.org
established-greensboro.gl.at.ply.gg
finalrem.duckdns.org
flytouur.shop
fuego.ydns.eu
gohardorgohome.duckdns.org
greatday.duckdns.org
greatwallfurnitures.duckdns.org
greatyear.duckdns.org
gs45.duckdns.org
guest-visiting.gl.at.ply.gg
guyzues.duckdns.org
hard-gulf.gl.at.ply.gg
iamsoblessedin2025.duckdns.org
ikechukwu.duckdns.org
imexinternationaltrader.com
innsyoungsunpack.duckdns.org
ipduc03.duckdns.org
ipduc03bk.duckdns.org
jahnbyer5kajot1.duckdns.org
jahnbyer5kajot2.duckdns.org
jahnbyer5kajot3.duckdns.org
jahnbyer5kajot4.duckdns.org
jahnbyer5kajot5.duckdns.org
jenniffersmith1985.duckdns.org
jenniffersmith1985bk.duckdns.org
juancasacara.camdvr.org
kabla.duckdns.org
kocsistem.redirectme.net
leandropm.zapto.org
lpcar2023.zapto.org
maildelivery.mysynology.net
may1313.duckdns.org
may444.duckdns.org
mctestnoip0403.ddns.net
missiondomain.duckdns.org
motoko-28053.portmap.io
mrspaulamagret.duckdns.org
mxsunama.gotdns.ch
mxsuname.gotdns.ch
mxsunamo.gotdns.ch
myremone.dynu.net
naimshekh-39648.portmap.io
ndisammy.duckdns.org
newera08.casacam.net
newremcos.duckdns.org
nkwujameson.duckdns.org
nkwujamesonbk.duckdns.org
nkwuorigin.duckdns.org
nkwuoriginbk.duckdns.org
oijdwe820b397gdb3n298rd2.con-ip.com
pcircle.duckdns.org
pcubed.duckdns.org
plepmatrixindex.duckdns.org
privatedns.buildmedic.com
privatedns.uhdengine.com
ptriang.duckdns.org
rcdoncu1905.duckdns.org
realmensw.icu
realmensw.life
reconciliacion6meses3.duckdns.org
rembvt.duckdns.org
remcos8091.duckdns.org
remcosdns.duckdns.org
remcosnocreat.duckdns.org
remotegrace25.duckdns.org
rep.realmensw.life
rudolph-anwalt.de
selectbrasil.ddns.net
sermansilian.com
silver-map.gl.at.ply.gg
sleeperhehehe.duckdns.org
sort.realmensw.icu
ssldevice.myftp.biz
starefer8jabour1.duckdns.org
starefer8jabour2.duckdns.org
starefer8jabour3.duckdns.org
starefer8jabour4.duckdns.org
stchimuss.duckdns.org
steadypressure.duckdns.org
suave0316.ddns.net
sxeodus.punkdns.pw
sys99.mooo.com
takerhumble.duckdns.org
truelifemed.cam
ttttppplll.duckdns.org
ttttppplllbk.duckdns.org
tvq.realmensw.click
uhie2025.duckdns.org
unter51ben.com
visualmirlla.com
vmcentra.top
vpnsplashstech.duckdns.org
wealthismine.duckdns.org
wizz111.duckdns.org

# Reference: https://x.com/smica83/status/1932482444499755203
# Reference: https://x.com/c_APT_ure/status/1932756295850823818

173.248.244.159:5200
gohome.duckdns.org

# Reference: https://cert-agid.gov.it/wp-content/uploads/2025/06/remcos-11-06-2025.json

parsvana-grp.biz
irritaspec.xyz.parsvana-grp.biz

# Reference: https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign

remc21.duckdns.org
sosten38999.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1933490938812510341
# Reference: https://www.virustotal.com/gui/file/f30e06116709e71cf687f033440738c148dc161b6948106e61a3980a4d8c6ebe/detection

172.65.175.19:2404

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

http://172.65.235.212
http://176.65.141.249
103.198.26.208:12167
104.243.242.165:4862
107.172.232.68:7001
107.172.235.204:6000
107.172.235.204:6001
107.172.235.204:6002
108.165.237.188:2404
144.172.110.221:8080
147.124.211.116:2404
147.135.215.25:2406
149.102.135.177:2404
172.111.200.240:2404
176.65.134.100:31679
179.43.176.3:3391
185.104.194.25:30304
192.227.128.139:2404
193.26.115.62:909
196.251.117.238:4488
196.251.66.59:5000
196.251.71.170:2404
196.251.83.210:5000
196.251.92.210:2404
198.135.50.90:17241
45.141.215.223:9142
46.246.6.20:2404
77.83.207.163:5001
79.110.49.104:2404
79.55.104.179:2404
92.119.114.76:6025
94.131.111.131:2405

# Reference: https://x.com/ShanHolo/status/1933962546232328589
# Reference: https://www.virustotal.com/gui/file/ecca275df0af28dbbd0b0d74c0eaf5b29194cb5293f1ccdd2ba87f203481852a/detection

216.250.253.8:2429
wershishir.duckdns.org

# Reference: https://x.com/JAMESWT_WT/status/1935501604725342308
# Reference: https://app.any.run/tasks/10cb48bf-24a9-4a3a-ac7e-f327a3081ab9/
# Reference: https://www.virustotal.com/gui/file/41d9c5aac992d96eb6d450451161896b2563a33dac8af859f0e52821ec543945/detection

178.215.236.251:2727

# Reference: https://www.virustotal.com/gui/file/63feaf107a3b7e49d35e6f8307d05883555677e34acf9a8c681e8f3060bb4dc5/detection

181.131.219.91:1313
nuevorem2023.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1935992863977799847

107.172.232.83:4190
193.227.129.75:6553
196.251.116.234:31422
198.135.51.178:2404

# Reference: https://www.virustotal.com/gui/file/1b348d709de8dfe2c2cff7be86ad7a086cff189e1ff598dee76917d2a94ae619/detection

51.89.204.178:42466
privatedns.huishengzhang.com

# Reference: https://x.com/smica83/status/1937880268133519691
# Reference: https://www.virustotal.com/gui/file/4d60f6f81e95299a7ff7635c969f851e88660afa14d858762292bcc199d5d870/detection
# Reference: https://www.virustotal.com/gui/file/edfd832718f5863a3a83935b653284961ea8c67f4edf9ddfdef6932c11b4fa96/detection

192.30.240.103:55919

# Reference: https://www.virustotal.com/gui/file/8ac97ff661bffb2f5b84d9afb15852d8c85a18488bc08bb05cfa747941ab417f/detection

alisteelhousee.ddns.net

# Reference: https://www.virustotal.com/gui/file/2692f91f7373c31ccb6a31438403d2455f1cd05c1cef217e95038aac3c1827cc/detection

184.105.237.196:64536
alisteelhousee.ddns.net

# Reference: https://www.virustotal.com/gui/file/0dad9e0fbfaeaf8b06a5121fa4fe452c7b77b3887147e0112226bbc66b791317/detection

185.140.53.247:2528
84.38.134.111:3540
kydels.ddns.net

# Reference: https://www.virustotal.com/gui/file/1e3088057314ebac4acc57f495f9616d96bc98bf7a9e7d42e52eb212f461ff22/detection

45.11.183.46:6075
protnetdrieas.myftp.org

# Reference: https://www.virustotal.com/gui/file/03c473bc4bf8caea4be36fc9e6b47f55d0d7a47033ab3153a23c1457e01ef80a/detection

zntexports.serveftp.com

# Reference: https://x.com/K_N1kolenko/status/1938552118475944428

194.165.16.141:5556

# Reference: https://x.com/JAMESWT_WT/status/1938570457483256238
# Reference: https://www.virustotal.com/gui/file/cd82340a2485580109f0250c99b7ea8cc5f4f40497c665d1ed525bbb9f8fc1c9/detection

http://109.248.144.184
http://172.245.95.23
http://192.227.135.210
http://62.60.208.170
http://87.106.188.21
newstartnewjournyevamygirllovesalotwithm.duckdns.org
/xampp/cv/wp4096799-lost-in-space-wallpapers.jpg
/wp4096799-lost-in-space-wallpapers.jpg

# Reference: https://x.com/skocherhan/status/1938598993103135224
# Reference: https://www.virustotal.com/gui/file/a6da34f24a64faa5c61ffa854801a3fbb033460c557e77ffcc578f041958307c/detection

95.214.54.172:7703

# Reference: https://x.com/smica83/status/1938925669691351196
# Reference: https://tria.ge/250628-p49pkavwc1/behavioral3
# Reference: https://app.validin.com/detail?find=2025-05-20T20%3A47%3A34Z&type=raw&ref_id=a4f8640644d#tab=rdap (# 2025-06-28)

dlldownloadfile.store
jlaeats3.space
jlaeats4.space

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-06-29)

103.202.55.169:2404
103.202.55.193:2404
103.202.55.211:2404
104.243.254.99:2404
104.37.4.115:5011
104.37.4.115:5012
104.37.4.115:5013
104.37.4.151:8012
104.37.4.151:8015
104.37.4.151:8016
107.150.0.54:443
107.172.232.68:7000
107.172.232.68:7002
107.172.232.94:2404
107.174.42.72:2404
109.94.169.73:1917
124.198.132.143:1000
124.198.132.191:9322
124.198.132.91:1000
139.28.219.36:54872
139.28.219.38:54872
144.76.16.181:2404
146.70.67.50:6513
147.124.215.110:54833
147.124.215.110:54868
147.135.215.25:2407
147.135.215.25:2408
147.135.215.25:443
148.251.20.79:2404
15.228.248.225:1024
152.42.181.21:6513
152.89.162.7:64070
155.133.26.179:2404
155.133.26.179:48791
161.77.75.195:50100
162.225.105.220:2427
162.246.185.77:4688
172.111.189.19:5671
172.111.244.106:37830
172.111.244.108:37830
172.111.244.99:37830
172.94.9.231:5671
172.94.96.245:2025
173.214.166.105:2956
173.225.100.131:2404
173.225.101.112:6711
173.225.99.206:6217
176.65.142.199:2404
176.65.143.144:5200
177.255.89.100:2404
178.128.110.228:2404
179.15.6.179:7015
179.43.143.162:4812
18.230.228.127:1024
181.131.216.154:1906
181.206.158.190:2404
181.206.158.190:3001
184.75.208.178:2758
185.149.233.28:2404
185.149.24.141:2404
185.153.182.193:443
185.156.175.35:42827
185.156.72.125:2404
185.156.72.125:443
185.156.72.125:8808
185.175.58.109:4444
185.208.158.175:2973
185.222.59.81:2404
185.241.208.254:9863
186.169.48.180:1515
188.132.198.136:2404
191.96.78.242:2404
192.142.10.143:4444
192.159.99.213:2404
192.227.144.34:4693
192.3.3.139:45682
193.36.38.91:34044
193.56.135.117:9373
193.56.135.148:9373
193.56.135.167:9373
194.156.79.202:2404
194.165.16.141:23986
194.165.16.141:5557
194.59.30.68:2404
194.59.31.137:2404
194.59.31.28:1759
194.59.31.28:6220
194.59.31.30:1618
194.59.31.87:6220
195.177.94.73:5900
196.251.116.140:2004
196.251.116.140:2404
196.251.116.72:2404
196.251.118.157:2404
196.251.118.164:1990
196.251.118.164:2004
196.251.118.164:2404
196.251.118.204:2404
196.251.66.110:5007
196.251.66.225:1515
196.251.66.55:2404
196.251.66.55:5000
196.251.69.104:2404
196.251.69.198:2721
196.251.70.128:2404
196.251.70.223:78
196.251.70.22:2404
196.251.71.222:2404
196.251.71.39:6374
196.251.71.42:2404
196.251.72.191:5001
196.251.72.80:2404
196.251.80.237:2404
196.251.81.212:2404
196.251.81.214:2404
196.251.83.174:2404
196.251.83.180:2404
196.251.83.186:2404
196.251.83.192:2404
196.251.83.195:34321
196.251.83.210:5001
196.251.83.251:2404
196.251.84.103:2404
196.251.84.157:2404
196.251.88.18:2404
196.251.92.210:5000
198.12.83.91:2404
198.135.49.79:2490
198.23.251.10:7006
198.55.98.155:2040
198.55.98.155:2556
198.55.98.155:5085
198.55.98.172:28800
2.58.56.13:9544
2.58.56.61:2404
205.209.99.214:7070
206.123.145.228:2404
208.94.246.47:2505
209.54.103.171:4445
213.209.143.110:2404
216.9.224.122:13608
216.9.224.122:13609
216.9.224.122:14044
216.9.224.122:14045
216.9.224.122:14088
216.9.224.122:14089
216.9.224.122:14098
216.9.224.122:14099
216.9.224.152:8909
216.9.224.215:2080
216.9.225.163:24000
216.9.225.163:25000
216.9.225.19:13508
216.9.225.19:13509
216.9.225.221:54604
216.9.225.45:8987
23.94.53.68:1876
23.95.60.6:14657
23.95.60.6:14658
31.13.190.10:10251
31.46.251.137:2404
31.57.219.204:2404
37.120.206.166:51029
37.252.14.141:5253
37.252.5.162:9002
37.59.51.125:5002
38.240.33.97:2404
38.255.49.23:2404
38.255.49.28:2404
44.223.198.167:2405
45.131.108.248:2404
45.141.215.24:2585
45.148.18.44:63513
45.62.170.181:2404
45.74.16.85:2404
45.80.158.55:2404
45.80.158.80:2404
45.88.186.161:6606
45.88.186.30:5050
5.188.166.115:2404
5.45.76.64:1462
51.222.133.178:2404
54.211.223.112:16465
62.60.226.198:40101
62.60.226.198:40102
66.63.187.80:111
67.21.33.183:10050
67.21.33.183:10051
67.21.33.183:26000
67.21.33.183:2700
69.10.40.172:1962
77.105.138.209:443
77.83.207.163:5004
77.83.207.163:5005
78.159.131.98:40482
79.110.49.116:2404
79.110.50.74:1110
79.110.50.74:7090
79.110.50.74:8090
79.142.69.139:42830
79.22.134.238:2404
80.79.6.185:2404
86.38.225.10:2404
88.119.171.163:5050
88.198.24.82:2404
91.199.42.144:2404
91.92.120.109:2404
93.127.160.198:2017
93.152.217.141:40000
93.152.217.141:60000
93.152.217.141:8080
94.72.109.180:2404
95.215.204.85:63513
95.216.114.227:2525
99.110.222.178:2404
1x178p1.duckdns.org
actwindowdsdriver.duckdns.org
actwindowdsdrivers.duckdns.org
adityabirlia.com
anuelaa.con-ip.com
basefashionsbd.duckdns.org
boss2468.duckdns.org
boysmain.duckdns.org
boyz2346.duckdns.org
chido246.duckdns.org
cirugia4k.con-ip.com
danielbetterfuturewithbestlifegivenmefor.duckdns.org
delamanodedios.dynuddns.com
demoncity1.dynalias.com
dondodovn.com
donmichiko.com
edgardocarrascal904050.duckdns.org
elcantantedelgueto.ydns.eu
exclusionremcoss.duckdns.org
fasout1999tasry01.duckdns.org
fasout1999tasry02.duckdns.org
fernandolopez105040.duckdns.org
ferrylin.com
finalrmc.duckdns.org
finalrmcbk.duckdns.org
fjsanchaz.com
givedem.duckdns.org
givedem2.duckdns.org
glag.duckdns.org
gotkeeptryn.ignorelist.com
hatem2youssef.duckdns.org
hatem2youssef2.duckdns.org
holzbrenaaa.xyz
holzbrenzii.com
holzbrenzzz.xyz
honeypot.ooguy.com
http://93.152.217.141
ishimmiri1.duckdns.org
ishimmiri1bk.duckdns.org
jblaki.duckdns.org
jblakibk.duckdns.org
jenniffersmith1986.duckdns.org
join-critical.gl.at.ply.gg
justfuckme.duckdns.org
kamdum.duckdns.org
kamdumbk.duckdns.org
keenwood.duckdns.org
khalifarema.zapto.org
letseehowitgoes.mooo.com
mannieha246.duckdns.org
masterclaserok.ddns-ip.net
maxmusttry.duckdns.org
maxpressure.duckdns.org
medusa.blogdns.com
michikoa.duckdns.org
michikoak51.duckdns.org
michikodom.duckdns.org
msdigitportal.com
newdayplss.duckdns.org
newremco.duckdns.org
newwave.strangled.net
obomo.ydns.eu
odijohn.duckdns.org
odogwuvisual123.duckdns.org
optimizeeltd.duckdns.org
ozoemena.duckdns.org
ozoemenabk.duckdns.org
producto.mueblesaccesoriosxi.com
propios.gleeze.com
redslide13-42748.portmap.io
rem.aaahorneswll.com
salutcoc.duckdns.org
screence.store
shieldmain.duckdns.org
sonicpanbugs.com
suporteokx.zapto.org
systemcopilotdriver.ydns.eu
talkabt.duckdns.org
teamfavour222.ddns.net
uheri234.4cloud.click
updatedrvier.duckdns.org
vectorwod.vectorwod.com
vselectbrasil.ddns.net
wedbest001.duckdns.org
wedbest002.duckdns.org
wedbest004.camdvr.org
wedbest004.kozow.com
wedbest012.duckdns.org
wedbest02.ddns.net
wedbest021.zapto.org
wedemkioa.duckdns.org
windows.driversact.store
workgroup.myvnc.com
xietaoesong.duckdns.org
xietaoesongbk.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8cff04f47b22b1080899abe5a4aedbb1157f291b5902ddc5390806507818fa8b/detection

62.60.226.101:40104
62.60.226.21:40103
62.60.226.21:40104
62.60.226.21:40105
85.158.108.184:55448

# Reference: https://www.virustotal.com/gui/file/c25b6f5c36b2fa9492a6a5367a9c0f55c627c30571bda7285fae3a275e3688d7/detection

104.243.252.138:1960
pricedanth.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f78b8bd05751042825dfe75aa79354ba257025097be510777993b47a39b7be16/detection

196.251.88.247:65320
novermber12.dynamic-dns.net

# Reference: https://x.com/ShadowOpCode/status/1942590733309075739
# Reference: https://www.virustotal.com/gui/file/04d3274ba1ed497ddb85655d56b31136b6787f9a0b2a3b7279adf75aecd92ae3/detection

198.55.102.68:5462
ambakgroup.com

# Reference: https://x.com/skocherhan/status/1942770155425034508
# Reference: https://www.virustotal.com/gui/file/2e50d3a8e3fa7385e6bd42f7cb73cf7cc7365b5544324b485271bbbc39b40e2a/detection

107.172.232.83:13047
nawatbsc.com
bafybeidvf6tytrspkd4wnvxzs23m3kjr6bfvgszbfwybmmcosl4rrhvuo4.ipfs.w3s.link
google-com-site-backup.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e713e31d4edb7cd8f10ef3be6948015ea17f4969d0800c5c3149e8e53a0c2284/detection

196.251.88.111:2404
newsletter255.myhome-server.de

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

100.42.176.116:2404
103.202.55.149:2404
104.243.254.103:4862
104.243.254.98:4862
104.37.5.194:2404
107.172.232.88:2525
109.230.231.31:2404
124.198.131.29:2404
124.198.131.57:9792
142.147.97.173:2404
146.103.41.79:25565
147.124.215.2:5577
147.124.216.103:57479
155.254.24.139:23212
160.25.72.36:2404
160.25.73.206:2404
163.5.149.28:5009
167.160.161.103:2404
167.160.161.198:99
167.160.161.254:99
167.160.161.83:443
167.86.89.37:2404
170.39.184.193:2404
172.111.244.105:37830
172.245.152.196:28000
172.245.4.223:13409
172.81.61.168:2404
172.93.160.93:2404
172.94.9.229:5671
173.208.206.107:2404
173.225.102.145:2967
173.225.102.145:3727
173.225.102.145:4728
173.249.28.102:2565
176.46.157.34:443
179.13.2.162:2404
181.131.217.135:5060
181.141.40.93:1906
181.206.158.190:3000
185.156.175.51:42830
185.208.159.121:2404
185.241.208.104:2404
185.25.50.35:443
185.254.96.17:2404
185.8.104.8:2404
185.96.166.113:2404
191.233.20.127:2404
192.159.99.10:2404
192.159.99.94:2404
192.3.146.207:2404
192.3.176.155:1243
192.3.176.155:14645
193.233.113.134:2404
193.26.115.12:4000
193.31.28.49:5946
194.15.46.225:56687
194.26.192.183:7070
194.59.30.27:2404
195.191.218.23:30370
196.251.117.110:2404
196.251.117.113:9090
196.251.117.230:2404
196.251.66.195:2404
196.251.66.228:2404
196.251.66.228:5000
196.251.66.31:2404
196.251.69.234:2404
196.251.69.238:2404
196.251.69.245:2404
196.251.73.253:4476
196.251.81.126:6001
196.251.83.210:5002
196.251.84.158:5000
196.251.84.172:2404
196.251.84.176:5000
196.251.86.186:37848
196.251.86.217:2404
198.135.51.107:6751
198.23.175.35:6500
198.23.175.45:4900
2.58.56.13:2404
205.209.99.87:5555
206.123.145.132:2404
206.123.145.192:2404
206.123.145.192:2405
206.123.145.241:443
206.123.149.194:2404
206.123.152.38:33862
206.123.152.39:2404
208.94.246.47:2404
208.94.246.62:2404
209.54.101.159:5001
209.54.101.159:5002
212.115.41.175:16465
212.162.149.164:443
212.162.149.240:45588
212.23.222.49:4040
213.209.150.161:2404
216.250.250.246:443
216.250.252.62:2404
216.9.224.169:2404
216.9.225.221:14305
216.9.225.221:14306
217.156.123.93:2404
23.254.225.125:2404
3.21.206.81:2405
31.57.38.195:20909
31.57.38.42:2404
31.6.7.154:2404
38.18.229.101:2080
38.211.230.55:2404
38.255.49.38:2404
45.138.16.118:2404
45.138.16.30:1024
45.138.16.91:1024
45.138.50.75:2404
45.141.215.223:2404
45.141.233.131:5902
45.144.214.106:443
45.144.214.51:7084
45.154.98.13:2404
45.154.98.16:2404
45.80.158.242:2024
45.80.158.242:2404
45.82.254.44:9373
45.94.31.124:2404
45.94.31.65:53690
5.101.81.63:2404
5.252.153.84:6534
65.21.212.93:2441
77.90.153.167:2404
80.64.19.165:6000
80.64.19.165:6001
80.64.19.165:6002
80.85.140.193:4411
85.117.242.173:2404
87.251.78.205:7000
91.191.209.9:2404
91.92.46.250:21
91.92.46.250:25
95.217.190.166:5555

# Reference: https://x.com/skocherhan/status/1950038093622362344
# Reference: https://www.virustotal.com/gui/file/735755dd5c8495ce02fd4810b4fa309b513e290730fce44236cf697d8f473d0d/detection

http://146.185.239.57
http://198.55.102.200
5.8.19.3:8080
serverdata-cloud.cloud

# Reference: https://www.virustotal.com/gui/file/09b930fd43842bf205b6e4182d9044ec9213b0aba4491294080a957b073a5b2f/detection

198.55.102.43:14646
angeleviagivenmebestthingsforbetterfeell.duckdns.org

# Reference: https://x.com/skocherhan/status/1950029038061273582
# Reference: https://www.virustotal.com/gui/file/41d47220784dc77d6e508acced41a37d0991653249993483840454e85bc20178/detection

149.102.135.177:2555
macapugas.info
okglobalconcept.com

# Reference: https://x.com/skocherhan/status/1950046504829296829
# Reference: https://www.virustotal.com/gui/file/2dd98ff5988f476a5305d2430394553af7517c4c378489a893df30c028ecd724/detection

198.12.126.169:4445
okserver29.com

# Reference: https://x.com/JAMESWT_WT/status/1950103479579562030
# Reference: https://www.virustotal.com/gui/file/11433468e3572b72da5f85dad70544d49b68883801a8defa35ff29626c3b95a1/detection

45.74.10.249:4477
bigbelly042.duckdns.org

# Reference: https://www.virustotal.com/gui/file/37750ec050b864b0941a8948ce4ce9fb059953df96b7fd9c1f9ea098bcbb1a2f/detection
# Reference: https://www.virustotal.com/gui/file/272367f343c5cc65fc0ea3e33add217a79c930c42bcc7d6b63330f32966d4315/detection
# Reference: https://www.virustotal.com/gui/file/272367f343c5cc65fc0ea3e33add217a79c930c42bcc7d6b63330f32966d4315/detection
# Reference: https://www.virustotal.com/gui/file/67a7f30d86ed578b278a9ee6555ae683f54f4b122dec3e15826e4ba8746d484f/detection
# Reference: https://www.virustotal.com/gui/file/69744636d6aac537697a9e83924196a280eeecd865619c7a7a07d55a1978bec8/detection

147.124.212.84:4477
147.124.214.212:4477
173.211.106.113:4477
192.169.69.26:4477
00283643bbm.duckdns.org
chrisbekner001.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-07-30)

103.199.18.230:8437
104.131.57.194:5577
104.243.254.100:18760
104.243.254.98:2404
107.172.132.32:2404
107.172.132.40:2404
107.172.238.21:2404
107.172.44.146:45456
107.175.148.74:1921
146.103.41.79:2404
147.185.221.24:4445
148.113.214.176:2405
148.113.214.176:2406
154.216.18.45:7095
155.254.24.175:58834
164.92.208.135:443
172.245.152.196:27000
172.245.152.196:29000
172.245.152.196:31000
172.245.152.196:32000
172.245.4.218:2404
172.245.4.223:13408
172.245.4.223:13508
172.245.4.223:13509
172.245.4.223:16406
172.245.4.223:16409
172.245.4.250:16070
172.245.4.250:16090
172.94.96.90:5999
176.46.157.34:2404
176.46.157.34:8808
179.13.0.116:2404
179.13.3.160:8787
179.43.143.162:2812
181.142.211.98:30204
181.206.158.190:2405
185.149.233.28:2325
185.149.233.28:2388
185.149.233.28:2405
185.156.175.171:42830
185.174.103.111:2468
185.196.8.109:9003
185.196.9.216:3609
185.208.158.201:2030
185.208.158.201:2410
185.208.158.201:3601
185.208.158.201:3609
185.208.158.201:3611
185.241.149.206:1024
192.227.135.201:2404
192.227.135.254:8791
193.23.3.29:38990
193.23.3.29:8889
193.26.115.245:6969
194.59.31.18:6220
194.59.31.23:2500
194.59.31.33:1759
194.59.31.4:6520
194.59.31.54:6220
194.59.31.5:2500
195.177.94.9:5858
195.206.105.227:42830
196.251.113.11:2414
196.251.113.21:2404
196.251.114.40:2404
196.251.116.107:1986
196.251.117.152:2404
196.251.117.230:5000
196.251.118.181:2404
196.251.69.82:2404
196.251.71.110:2906
196.251.71.42:5002
196.251.72.222:2404
196.251.73.217:2404
196.251.80.30:2404
196.251.80.30:5000
196.251.81.126:6000
196.251.81.126:6002
196.251.84.172:5000
196.251.87.251:1986
198.12.126.169:4445
198.135.49.81:1987
198.135.50.152:1190
198.46.173.22:2404
198.55.98.242:7647
2.58.56.75:9321
203.202.232.196:6374
206.123.145.116:2404
209.54.102.136:2404
216.250.250.246:8080
216.9.224.34:16070
216.9.224.34:16090
23.140.8.180:23032
38.180.49.49:5921
38.240.50.173:2404
38.242.208.134:2427
45.133.116.121:7612
45.133.116.121:8437
45.133.116.121:8791
45.133.174.35:2404
45.156.87.226:9373
45.77.162.217:800
45.88.186.30:7070
45.88.186.30:9000
5.101.81.63:1515
5.101.81.63:9000
5.252.153.84:2404
51.38.29.129:7000
77.48.28.216:137
77.83.207.163:5002
77.83.207.163:5003
77.83.207.213:2288
77.95.229.18:54212
77.95.229.18:7772
77.95.229.18:8989
79.110.49.140:4900
79.110.50.8:14305
79.110.50.8:14306
79.124.8.6:2404
86.54.42.17:2404
87.120.186.37:13742
92.118.56.54:7799
99.30.61.197:2427
00283643bbm.duckdns.org
activistascol25.myonlineportal.net
alfapetroluems.com
anonuevovidanueva20212021.duckdns.org
ares25.duckdns.org
asttoria-trade.com
backupindvy.duckdns.org
bakerhughas.com
basetitanuim.com
bestevagirlsheisanangelformyfgirlforever.duckdns.org
bestpeoplesaroundtheworldwithbeautifullt.duckdns.org
bigbelly042.duckdns.org
biotec-imc.xyz
brimaganla.duckdns.org
buukas.duckdns.org
campoyitierra.com
cannonistanbulsskys.duckdns.org
capreconlmtdafull.dedyn.io
ccls-co.cam
chiwalk79.duckdns.org
chukwunweikefrankokiteamaekeibeku.ydns.eu
codingoffensive.duckdns.org
denagautr7jkoms1.duckdns.org
denagautr7jkoms2.duckdns.org
denagautr7jkoms3.duckdns.org
denagautr7jkoms4.duckdns.org
denagautr7jkoms5.duckdns.org
documentfliers.com
documentflies.com
donjhkkr.kicks-ass.org
dozyremco.sbs
eleme11.ddns.net
eleme11.loseyourip.com
email-server.xyz
envrem07.duckdns.org
eskom.cc
evidence-ecommerce.gl.at.ply.gg
farahsaamer.duckdns.org
freemadness.duckdns.org
ganggang300182312-32221.portmap.host
gasworld.duckdns.org
german-exhibitions.gl.at.ply.gg
goodfilesvibresgood.dynuddns.net
graceforexpantion.sbs
guardameplata.kozow.com
hajouts8koumis10.duckdns.org
hajouts8koumis11.duckdns.org
hajouts8koumis12.duckdns.org
hajouts8koumis9.duckdns.org
hajouts8koumis910.duckdns.org
hold-mayre.duckdns.org
hyteras.org
iykemonii.ydns.eu
j3ru5al3m.duckdns.org
jekwuserver.ydns.eu
jmaxx2.duckdns.org
johngavins12311860.ddns.net
johngavins2311860.ddns.net
karenmuir.hopto.org
kingmethod.sytes.net
know-damages.gl.at.ply.gg
kreon.one
lcdlcds.com
lionvs.gotdns.ch
lms-austria.duckdns.org
log-bi.gl.at.ply.gg
logscomenow.sbs
lopez789.kozow.com
lost.baoda-mouid.com
luciphas.xyz
masterdabha02.kozow.com
mdnsserver.com
meme8.work.gd
mokveid.duckdns.org
moneycomenow.sbs
ms-office.duckdns.org
ms-office1.duckdns.org
mvchase.com
mxsunamz.gotdns.ch
mybabygirlevangilnegoodfirlgirlbabybgirl.duckdns.org
myfactorydocs.ddns.me
newjewel.duckdns.org
newpage44.mywire.org
nwa2323.ydns.eu
officedesk.4nmn.com
okglobalconcept.com
okglobalconcept1.name
osetigolumdede.duckdns.org
phone2347.freeddns.org
procesos2025.duckdns.org
procesosnew07.mysynology.net
qui.realmensw.top
realmensw.top
real9.dynuddns.com
rem.specialtyfoodnetwork.site
remdynu1.accesscam.org
remdynu2.accesscam.org
respaldofinal.kozow.com
sheddinho1122.ddns.net
slitterline.xyz
socmer.baoda-mouid.com
taker202.ddns.net
taker202.duckdns.org
televisor1.con-ip.com
tesoro.dynuddns.com
uwammunachimso.duckdns.org
vetreosystems.cam
vidrloscobo.com
vietololm.duckdns.org
vltalmex.com.mx
webdevs.vip
weneedverysweetgirlwholovesmebetterthana.duckdns.org
wigroups.com
windows11.webredirect.org
wizzyandrichy.hopto.org
wormoni.lms-austria.com

# Reference: https://www.virustotal.com/gui/file/1e19b4f199e9a268ee17dfd209e97e36eca9109c383639e2b71dbf8fb50a7854/detection

codeveinsurance.info

# Reference: https://x.com/JAMESWT_WT/status/1953033487243526575
# Reference: https://www.virustotal.com/gui/ip-address/181.206.158.190/relations

actwindow.duckdns.org
actwindows.duckdns.org
pasar09enero.duckdns.org
windowsupdateact.camdvr.org
windowsupdatess.duckdns.org

# Reference: https://www.virustotal.com/gui/file/042aa85d23a054fb5ec69c1d011b940013364bdcc86fa4a6ff625d72616d395e/detection
# Reference: https://www.virustotal.com/gui/file/4a1b0b0c7a6dbd48ad7bf7d6d7466adabf613ec1f01db0d149af75b0a517de47/detection
# Reference: https://www.virustotal.com/gui/file/8ba719096f4a5b615ab48954401613af2f337c31fc652e4a369c46e738a64a93/detection
# Reference: https://www.virustotal.com/gui/file/f7d06fa0061cf50a2ee513983fa5d2e5ea97372bc9d0e45ddc35ae7abd0bea3c/detection

152.201.182.125:3000
191.93.121.208:3000
windowsdriver.pro
act.windowsdriver.pro

# Reference: https://x.com/jcarndt/status/1953540544887439514
# Reference: https://app.any.run/tasks/372375b1-0607-4285-aed9-5686830acc14
# Reference: https://www.virustotal.com/gui/file/fd2f90a42479a2f12d82044131433cb7607a89e71ee26f872250f77459d9543d/detection
# Reference: https://www.virustotal.com/gui/file/de565d13d545a022abdc3effdd1b92f9630eed7191809c0a98c40798fbfd39cd/detection
# Reference: https://www.virustotal.com/gui/file/718734a8319982c7eb13ad71df42bab53b61060cb0c84ffc67923796b4adc076/detection
# Reference: https://www.virustotal.com/gui/file/591a43a1993c0bc0575167cd43edcd55b0d727fa94ba40938dccf6538e30e8d5/detection
# Reference: https://www.virustotal.com/gui/file/408e10fbf6c0677896d3b394291fbfd9c142b7a42870711e9a6a6db5d4e0b248/detection
# Reference: https://www.virustotal.com/gui/file/21386a03af793975ea8df8faa5b1730a9c7591515f75b4cea3d72ca7b089a288/detection

http://191.233.1.72
147.124.213.156:31166
5.8.19.3:31166
wfc-steel.com
validation.wfc-steel.com

# Reference: https://www.ibm.com/think/x-force/dissecting-castlebot-maas-operation
# Reference: https://www.virustotal.com/gui/file/007f031d4ba5f964136fe73615f524eccdeced5cd7573c281bc1455d5cab2ff6/detection

http://62.60.226.73
cdnasia.pro
google.herionhelpline.com

# Reference: https://x.com/K_N1kolenko/status/1953786161064779972

109.248.151.75:5888
147.124.223.67:2404
167.160.161.80:42337
196.251.114.54:2404
196.251.86.226:1986
46.183.222.118:4477

# Reference: https://x.com/smica83/status/1953711977479778336
# Reference: https://x.com/skocherhan/status/1953804700433760569
# Reference: https://www.virustotal.com/gui/file/bdca5c6c5c23a9e1f20da032c6290e423322cfc2285ab1f49c9c51b203dd0539/detection

nominanuevo.duckdns.org
nuevoducks.ddns.net
nuevoservidorremco.duckdns.org
testven.duckdns.org
updatewindowsdriver.duckdns.org

# Reference: https://x.com/skocherhan/status/1954211506637185483
# Reference: https://www.virustotal.com/gui/file/e3b5d1a632591d192fe884bd05815b76baac9f7f7aa41a666c11c4ef87f79746/detection

124.198.132.82:7004
candwfarmsinc.com
file-sharecloud.com
fileshares.cloud

# Reference: https://x.com/smica83/status/1954797828825378828
# Reference: https://tria.ge/250811-hhtb5agn8x/behavioral1

192.145.124.4:60736
averolucas.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6e48c698fab342b9e32ab08c57ff56639b853226f254cf6b1d0bbcc8c9d7bd7b/detection

181.224.24.205:2026
saftycar.com

# Reference: https://www.virustotal.com/gui/file/f5de4a64544531993e7985b43eeb96b21ca7b33f5f12136f260eeb60e190fa0b/detection

186.169.44.17:1515
projectgroup32.infinityfreeapp.com
rem31rem.duckdns.org
respaldomx2.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-08-24)

100.26.201.238:1617
101.99.75.37:2405
101.99.75.37:443
102.165.14.51:50542
103.17.172.198:14344
104.168.0.133:2404
104.224.31.144:2404
104.243.254.100:4862
104.243.254.101:48791
104.243.254.102:48791
104.243.254.99:4862
104.36.83.75:2505
107.150.0.101:64242
107.150.0.150:27362
107.172.132.44:2404
107.172.232.71:4477
107.172.232.82:2404
107.172.232.83:5466
107.172.235.201:2404
107.172.44.179:443
107.172.44.179:465
107.174.33.3:2404
107.175.148.101:2404
107.175.88.72:2404
107.175.88.72:5000
108.171.192.135:27000
109.134.250.129:2404
109.234.37.53:443
109.248.144.169:8088
124.198.131.205:1000
124.198.132.19:8888
124.198.132.82:8000
128.90.106.162:2404
128.90.106.179:2404
128.90.113.153:2404
128.90.113.74:2404
139.99.235.40:4040
142.202.188.223:8888
143.244.46.151:2404
144.172.101.98:2404
144.172.108.160:2404
146.185.239.28:2404
147.124.213.72:53105
147.124.219.132:2828
147.135.215.25:2405
147.45.45.172:2404
154.44.29.210:443
155.2.192.215:2404
160.25.72.95:2404
160.25.72.96:2404
162.251.121.43:19882
162.251.121.43:23148
162.251.121.43:44237
166.1.209.157:1414
166.1.209.157:2404
166.88.132.69:2404
172.111.137.165:3384
172.111.137.67:2889
172.111.137.70:2889
172.111.137.71:2889
172.111.139.214:2404
172.111.244.101:37830
172.245.152.196:33000
172.245.152.196:34000
172.245.152.216:2404
172.245.208.14:2404
172.81.62.139:8888
172.94.18.114:2404
172.94.9.171:8811
172.94.9.175:8811
172.94.9.228:5671
172.94.9.235:5671
172.94.9.240:5671
172.94.96.101:49905
173.249.194.142:3717
176.46.158.42:2404
176.46.158.42:443
176.46.158.42:8808
176.46.158.66:2404
176.46.158.66:443
176.46.158.66:8808
177.255.89.53:2404
178.16.54.86:443
178.16.54.91:443
178.16.55.232:2404
178.16.55.94:443
179.14.11.248:2404
179.15.140.131:2404
181.131.217.135:5061
185.143.228.159:9090
185.208.158.241:2404
185.208.159.121:8899
185.208.159.206:2404
185.241.208.170:2404
185.243.5.79:4403
185.243.5.79:4405
185.249.198.213:5999
185.40.86.43:99
192.159.99.164:2003
192.159.99.164:2004
192.254.70.103:8080
192.3.177.156:2404
192.3.3.142:27000
192.30.241.205:2404
193.161.193.99:38077
193.26.115.190:2404
193.26.115.190:7070
193.26.115.190:9000
193.26.115.209:1024
194.165.16.169:2404
194.165.16.89:2404
194.180.48.253:16789
194.26.192.176:2404
194.26.192.177:2404
194.26.192.66:2404
194.5.99.243:7204
196.251.114.179:2404
196.251.114.179:5000
196.251.114.71:443
196.251.116.26:34213
196.251.117.170:2404
196.251.117.188:2404
196.251.117.194:19863
196.251.117.47:5000
196.251.118.181:5000
196.251.69.134:2404
196.251.70.160:2404
196.251.70.160:5000
196.251.70.224:33672
196.251.70.227:2404
196.251.70.250:8721
196.251.72.103:2404
196.251.81.21:9373
196.251.81.31:2404
196.251.81.3:2404
196.251.83.113:2404
196.251.83.191:2404
196.251.83.211:2404
196.251.83.70:2404
196.251.85.125:2404
196.251.85.144:2404
196.251.85.144:5000
196.251.87.11:5432
196.251.88.19:2404
196.251.88.9:2404
196.251.92.69:28288
198.12.126.169:8787
198.12.83.117:2404
198.135.49.80:2489
198.135.50.115:2404
198.135.51.107:2404
198.135.51.240:8080
198.37.105.154:9036
2.58.56.225:2404
200.54.101.183:9373
204.10.160.141:443
206.123.149.194:3608
206.123.152.38:33672
206.123.152.39:33862
206.123.152.42:33862
206.123.152.45:2404
206.123.152.49:33862
208.64.33.109:2404
212.162.149.228:443
213.152.161.56:26608
213.190.4.203:51269
216.250.248.207:2404
216.250.249.221:443
216.250.249.221:8080
216.250.249.221:8081
216.250.249.221:8443
216.250.250.246:8443
216.250.252.245:2404
216.70.72.152:2404
216.9.224.34:15402
216.9.224.34:15403
216.9.224.34:60408
216.9.224.34:60409
216.9.224.52:2077
216.9.224.52:2080
216.9.224.88:15402
216.9.224.88:15403
23.95.103.199:1515
23.95.103.199:2404
23.95.103.199:5000
23.95.103.199:9000
23.95.103.211:2404
24.255.243.54:2404
24.255.243.54:2405
27.102.127.136:2404
27.102.127.137:2404
3.141.103.103:443
3.21.206.81:2404
37.27.128.29:2404
38.242.208.134:2426
38.242.237.39:2404
38.55.190.11:16547
38.60.217.107:1521
45.132.238.147:2404
45.132.238.147:443
45.132.238.150:2404
45.134.225.90:5656
45.138.183.221:4477
45.138.48.85:4444
45.142.115.8:1001
45.15.140.99:443
45.221.64.12:443
45.221.64.233:2404
45.221.64.233:25
45.221.64.233:465
45.80.158.63:2404
45.80.158.65:2404
45.83.31.159:9322
45.88.186.214:909
45.88.186.30:7000
45.88.91.136:2404
46.183.222.115:4477
46.247.108.46:5888
46.30.189.9:443
47.117.245.58:2404
47.97.125.50:2404
50.114.115.74:2404
51.68.244.175:2404
54.233.9.240:4444
62.102.148.166:42827
62.171.190.178:3872
62.60.226.133:61287
62.60.226.231:2022
63.141.230.48:2404
66.63.187.232:8264
67.207.161.236:61021
69.166.230.100:2404
69.5.189.18:2404
72.68.192.55:2410
74.50.94.176:6040
78.128.112.6:3030
78.70.235.44:2404
79.134.225.99:4859
80.64.18.85:2404
84.38.132.101:3535
84.38.133.210:2404
85.208.84.22:2288
85.208.84.28:6002
85.208.84.36:5000
86.38.225.117:2404
87.120.93.192:6969
88.119.171.114:2444
88.214.59.189:2404
89.187.25.171:30233
89.238.176.4:50542
91.149.239.51:2404
91.219.239.222:2404
91.92.109.169:3306
91.92.120.100:2404
93.127.160.198:2021
94.154.35.190:62180
94.154.35.190:63288
94.154.35.89:2404
94.156.232.202:443
94.26.90.178:2404
aattcc.ddns.net
abundancia.kozow.com
babylon987.duckdns.org
cannonistanbulsskyss.duckdns.org
carljas.duckdns.org
chmsts.duckdns.org
chrisbekner02.duckdns.org
christianemma033.duckdns.org
coldalt.coldalt.com
crypherx.com
davidlee90109.duckdns.org
derrickdns199825.myftp.biz
derrickdns19982531700.myftp.biz
derrickdns5430.ddnsking.com
derrickdns54303170.ddnsking.com
domaninspalillos.duckdns.org
dooijeweerd.duckdns.org
dragones2.dynuddns.com
educare1.ddns.net
eevm4ds.ddns.net
ego34.duckdns.org
embanex.com
evelmarin.duckdns.org
galpetco.duckdns.org
generalboss.duckdns.org
generalboss001.duckdns.org
gftrefer8jabour1.duckdns.org
gftrefer8jabour2.duckdns.org
gftrefer8jabour3.duckdns.org
gftrefer8jabour4.duckdns.org
gigle.duckdns.org
inverterpos.duckdns.org
jajaj2024.kozow.com
july321.duckdns.org
klm25.zapto.org
komkom.ddns.net
last0.duckdns.org
lgd8u7dn1.localto.net
lisastevenson-42329.portmap.host
mbadaego1.ddnsgeek.com
miacata.duckdns.org
msasteelalloys.cc
newthingsforagirltolovebestpersoninthewo.duckdns.org
ngumbitertiary0012.duckdns.org
nnaeko111.duckdns.org
nordiska.cc
nowwework.3utilities.com
osmshk.org
perfectsemplegas.de
properties-lf.gl.at.ply.gg
px.zcidc.net
qxuom.ddns.net
rema.earise.pro
remcos.as.vip
ritihas826-36023.portmap.host
santoos-63758.portmap.host
server44.mentality.cloud
soc.cartsan-mold.com
ssa-personalservices.com
terang.duckdns.org
utoboolusho1.zapto.org
versionestablefinal.kozow.com
vestcast.co
voxenil647-38077.portmap.host
vvig.cc
w1lz.ddnsking.com
whiteness.hopto.org
windeckoloko.duckdns.org
yoriabd.duckdns.org
zxzczxz.ddns.net

# Reference: https://x.com/K_N1kolenko/status/1960239146837926109

148.113.165.11:4090
94.154.35.151:1986
99.30.61.197:2437

# Reference: https://x.com/skocherhan/status/1961554678107238902
# Reference: https://www.virustotal.com/gui/file/10b2add82c6c718cfbe20af4f41d85cbecdb17671dca59501275d8c3f2dd4b57/detection

172.94.96.61:2404
bango.free.nf

# Reference: https://x.com/FatzQatz/status/1961468010323218669
# Reference: https://www.virustotal.com/gui/file/362e16c47380da271b5a9a19a9d35b6e1f9f6f6b0ea2bc56511d536176ea17db/detection
# Reference: https://www.virustotal.com/gui/file/3f4628e53113b20e860fdeb1e36f1090443cd532612c69c03a723bc19b390761/detection
# Reference: https://www.virustotal.com/gui/file/5fafbdd38af1e9b333754a608a7b40da1c331c52d30b8df96cb93307fa7d2c09/detection

172.94.127.103:1771
172.94.127.103:1772
 172.94.9.230:1771
 172.94.9.230:1772
213.152.187.215:6212
213.152.187.215:8401
mauasas35safael1.duckdns.org
mauasas35safael2.duckdns.org
mauasas35safael3.duckdns.org
mauasas35safael4.duckdns.org
mauasas35safael5.duckdns.org

# Reference: https://app.validin.com/detail?find=31agosto.vbs&type=dom&ref_id=7c6cac13d30#tab=host_pairs (# 2025-09-15)

2septiembrerem.duckdns.org
rem0925.duckdns.org

# Reference: https://www.virustotal.com/gui/file/008552c691b84f66447bc02a60209c2ca6e88415bae39de8eb5b72ffd5c0a5e3/detection

192.145.124.4:52082

# Reference: https://www.virustotal.com/gui/file/3f87066067c7938e0fd98e3df375c8052e0b1544c43afd4588fea4ad049e9d77/detection

incitysteel.top

# Reference: https://www.virustotal.com/gui/file/1e6f9b4f6cac04753bfb2d40b50e76236dfdc970c19dea4f3ca130864e87ce11/detection

averolucasbk.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1968946939598102862

185.241.208.84:7374
198.23.175.46:465

# Reference: https://x.com/D3LabIT/status/1970040267366416872
# Reference: https://www.virustotal.com/gui/ip-address/185.157.162.27/relations
# Reference: https://www.virustotal.com/gui/file/3f12e7967c3fa1884dbeeeb7ca7ece7ab0f55af59a6e9ea72058427c3a3c7803/detection

flatspin.top
krakas.duckdns.org

# Reference: https://x.com/FalconFeedsio/status/1970928259375476857
# Reference: https://www.virustotal.com/gui/ip-address/91.184.249.224/relations

91.184.249.224:35550

# Reference: https://www.virustotal.com/gui/file/b7d8f9b54c2fb4452b59eeb3aee9299c0dc6ae321ee7e9a9af0673270030d9bb/detection

216.9.225.221:14305
216.9.225.221:14306
tuslakhan.duckdns.org

# Reference: https://x.com/K_N1kolenko/status/1972558919924134389

124.198.131.67:9333
172.245.209.139:4552
172.245.209.211:2404
191.96.76.138:23029
196.251.92.69:29444
198.23.177.199:9090
198.23.177.200:2404
198.23.177.209:7070
23.95.103.211:14645

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

103.237.86.120:2024
103.60.14.27:2404
103.60.15.107:2005
103.67.163.29:2404
103.83.87.230:8077
104.168.115.79:8080
104.168.7.200:2404
104.192.3.50:2404
104.243.44.143:2404
104.243.44.143:9866
104.250.169.103:3191
107.172.132.42:2404
107.172.132.45:14646
107.172.132.45:14647
107.172.135.31:14646
107.172.135.31:14647
107.172.232.84:2404
107.172.44.148:54143
107.172.44.148:57453
107.172.44.179:14645
107.174.34.142:14646
107.174.34.142:14649
107.175.88.101:2404
107.189.18.131:18751
108.174.56.140:2404
108.174.56.150:2404
108.181.121.140:1234
109.123.250.38:5671
109.236.89.41:2404
124.198.131.166:2404
124.198.131.244:1000
124.198.131.67:9333
124.198.132.105:3000
124.198.132.198:3000
124.198.132.91:4444
128.90.106.146:2404
128.90.106.186:2404
128.90.108.71:2404
128.90.113.123:2404
128.90.113.62:2404
139.99.162.200:2404
139.99.235.40:8080
142.147.97.158:2404
142.202.191.92:8888
143.244.46.148:52022
144.172.101.98:5010
144.172.116.136:2404
144.91.82.9:31981
146.19.56.99:2404
146.70.67.58:6513
147.124.213.155:8080
147.124.217.204:2404
147.124.223.75:62404
147.189.141.209:30300
147.189.141.209:30390
149.248.79.113:2404
149.28.70.98:2404
15.228.243.194:2404
151.244.170.74:1337
151.244.234.123:2404
152.42.143.4:2404
154.127.53.68:2404
154.205.145.190:8080
154.3.40.26:2404
156.67.27.201:3191
157.20.32.137:2404
157.254.164.90:2404
157.254.236.35:2440
157.254.236.78:443
158.94.208.103:443
158.94.208.222:9000
158.94.208.246:5902
158.94.208.246:5903
158.94.209.127:2404
158.94.209.241:5902
159.223.171.199:5000
160.250.133.235:2404
161.248.178.253:2404
161.248.179.190:2404
161.248.179.216:2404
163.5.169.217:2404
164.92.197.38:3578
166.88.117.240:2404
167.86.89.37:3190
169.150.231.244:54700
169.150.231.246:54700
172.111.131.113:1771
172.111.137.163:2404
172.111.137.163:3384
172.111.139.183:2405
172.111.139.21:8808
172.111.139.32:2405
172.111.213.74:2404
172.111.232.226:8201
172.111.244.104:37830
172.111.244.107:37830
172.245.152.196:35000
172.245.209.139:4550
172.245.209.139:4551
172.245.209.139:4552
172.245.209.139:4553
172.245.209.196:2404
172.245.209.211:2404
172.245.4.213:2404
172.245.95.32:2404
172.81.133.231:9911
172.94.9.164:8811
172.94.9.168:8811
172.94.9.186:8811
172.94.9.231:1771
172.94.96.46:2404
172.94.96.60:2404
173.195.100.175:1070
173.249.9.44:2961
176.57.184.244:2404
176.65.132.170:2404
178.16.52.221:2404
178.16.52.243:2404
178.16.52.249:2000
178.16.53.140:2405
178.16.53.140:2407
178.16.53.14:443
178.16.53.169:2404
178.16.53.79:5000
179.13.0.138:2404
18.222.233.217:2404
181.71.218.9:2404
185.128.106.44:2404
185.14.92.201:2000
185.174.101.106:2405
185.174.101.224:59821
185.182.185.101:1772
185.184.27.137:1516
185.184.27.137:2404
185.187.235.215:44850
185.196.10.219:2404
185.196.11.138:2404
185.196.11.56:443
185.222.58.49:465
185.232.21.42:2473
185.236.20.7:40482
185.241.208.211:2404
185.241.208.222:2000
185.241.208.28:2404
185.241.208.35:1000
185.241.208.48:2404
185.241.208.84:2404
185.243.5.79:4407
185.76.243.138:40482
186.169.33.26:2404
186.169.40.245:3585
190.255.85.13:2404
190.255.91.195:2404
191.101.131.189:2404
191.235.32.59:4444
191.96.225.141:2404
192.142.10.27:7000
192.145.124.5:60736
192.145.124.6:60736
192.159.99.232:1000
192.210.236.134:45546
192.227.135.230:6374
192.3.177.145:9090
192.3.198.4:2481
193.23.3.100:2404
193.233.207.241:2404
193.26.115.110:5000
193.26.115.14:2404
193.26.115.186:1024
193.26.115.190:5000
193.26.115.230:5009
194.26.192.117:2404
194.26.192.88:2404
194.87.80.121:2404
195.177.94.165:2323
195.177.94.190:2404
195.177.94.30:2323
195.177.94.33:2323
195.177.94.60:2404
195.19.93.242:2404
196.251.115.20:2404
196.251.115.25:5000
196.251.116.248:2404
196.251.116.93:2404
196.251.116.98:2404
196.251.116.98:5000
196.251.117.135:2404
196.251.117.217:2404
196.251.117.234:2404
196.251.117.66:2404
196.251.117.69:2404
196.251.118.205:2404
196.251.118.247:6001
196.251.69.12:4546
196.251.69.186:2404
196.251.69.194:2404
196.251.69.196:2404
196.251.69.196:5000
196.251.70.233:2404
196.251.72.212:8080
196.251.73.101:2404
196.251.73.138:2404
196.251.73.226:5000
196.251.73.238:2404
196.251.73.97:2404
196.251.80.14:2404
196.251.80.152:2404
196.251.80.162:2404
196.251.80.238:2404
196.251.80.39:2404
196.251.80.78:2404
196.251.81.162:2404
196.251.81.95:2404
196.251.83.148:2404
196.251.83.188:2404
196.251.83.188:5000
196.251.83.222:2404
196.251.83.238:2404
196.251.83.33:2404
196.251.83.83:2404
196.251.87.15:2404
196.251.92.42:29116
196.251.92.52:29004
196.251.92.69:29444
196.251.92.79:45109
196.57.129.61:2404
196.57.129.62:2404
198.135.48.184:2080
198.135.51.150:2404
198.23.175.50:4500
198.23.175.59:443
198.23.177.199:9090
198.23.177.200:2404
198.23.177.209:7070
198.23.177.210:29187
198.46.173.23:24045
198.46.243.140:2404
198.55.102.43:14648
198.55.102.44:14648
198.55.103.203:14645
198.55.103.203:4867
198.55.98.95:2404
2.58.56.224:2404
20.206.242.70:4444
202.148.53.180:2404
204.10.160.193:45667
206.123.145.6:2404
206.123.152.103:2565
206.123.152.104:2565
206.123.152.34:33862
206.123.152.36:33862
206.123.152.37:33862
206.123.152.40:33672
206.123.152.41:33862
206.123.152.43:33672
206.123.152.46:33672
206.123.152.47:33862
208.78.220.65:2404
209.54.103.160:9090
209.54.103.171:2404
212.11.64.120:2404
212.162.149.200:443
212.83.139.101:2404
213.152.187.243:9558
213.209.143.110:2602
213.227.129.32:9558
213.227.129.32:9559
213.252.247.119:1234
216.173.65.45:2404
216.250.252.52:2404
216.9.224.215:2090
216.9.224.34:24047
216.9.224.34:24048
216.9.224.66:2404
216.9.224.88:1200
216.9.225.19:60707
216.9.225.19:60708
216.9.225.28:2404
217.138.204.165:54533
217.138.212.52:54134
217.138.212.53:54134
217.138.212.54:54134
217.195.155.74:54444
217.195.155.75:54444
217.195.155.76:54444
217.195.155.77:54444
217.195.155.78:54444
23.227.203.207:443
23.254.250.11:2707
23.27.124.91:2404
23.94.126.182:2404
23.95.106.22:4444
24.255.238.135:2404
27.147.169.101:8080
3.139.240.105:2404
31.57.188.233:2404
37.120.153.92:2467
37.120.206.166:57742
38.242.230.250:2404
4.228.216.14:4444
4.228.224.81:4444
41.216.188.69:2404
45.138.183.207:4477
45.14.246.57:2404
45.153.34.83:2404
45.158.8.240:2404
45.66.11.61:56101
45.74.48.69:5671
45.83.31.107:8000
45.83.31.47:5555
45.88.186.199:3000
46.250.253.70:2404
47.84.83.41:2404
5.101.82.32:2404
5.101.86.55:57201
5.101.86.62:52948
5.206.227.234:2404
51.178.11.177:2404
51.222.16.166:2405
62.60.131.168:2404
66.63.187.37:2404
66.85.26.200:2404
68.183.186.194:6513
69.10.45.244:5938
69.61.43.118:2404
69.67.172.242:2404
77.239.106.138:2404
79.110.50.90:8099
8.209.221.211:1682
84.19.175.165:56470
84.19.175.183:56470
84.19.175.184:56470
84.38.129.14:2404
86.54.42.38:2404
89.238.176.4:53284
89.31.121.220:443
91.193.7.162:6513
91.92.241.145:2404
91.92.241.57:443
91.92.242.68:5000
92.61.71.38:2404
93.127.143.46:2404
94.154.35.190:59804
94.154.35.191:2000
95.111.252.39:34171

# Reference: https://threatfox.abuse.ch/browse/malware/win.remcos/ (# 2025-10-05)

103.237.86.140:3312
103.83.87.230:8090
103.83.87.230:8091
103.83.87.230:9180
104.250.169.71:1771
104.36.50.26:8080
107.150.0.150:51659
107.172.132.32:6506
107.172.132.40:7271
124.198.132.129:8997
132.147.91.121:14344
138.197.34.67:6388
146.185.239.67:60376
147.124.213.155:443
152.42.181.21:6089
154.205.145.190:443
157.250.206.39:1024
160.250.133.60:3310
172.245.4.224:2404
172.245.4.224:6868
172.245.4.224:7475
172.94.127.136:12760
172.94.127.140:12760
172.94.9.176:31980
172.94.96.90:2404
173.212.199.134:2266
176.46.158.66:6606
178.16.52.250:1986
181.235.14.141:2404
185.148.240.106:4477
185.167.61.11:3980
185.174.101.106:2404
185.174.101.224:2404
185.196.8.216:4777
185.40.86.43:2022
193.234.55.86:4043
194.26.192.66:433
195.177.94.223:2156
196.251.113.3:2404
196.251.115.25:2404
196.251.116.187:2404
196.251.117.141:4581
196.251.117.235:2404
196.251.118.247:6002
196.251.73.138:5000
196.251.80.78:6000
196.251.80.78:6001
196.251.83.148:5000
196.251.83.33:20404
196.251.83.83:5000
196.251.85.186:4078
198.23.177.199:4070
198.46.173.23:5000
198.46.173.23:7000
198.46.173.23:7070
198.46.173.23:9000
198.55.102.43:14650
198.55.102.44:14650
20.201.113.23:1024
203.24.92.61:9712
204.10.160.179:45590
206.123.152.101:3421
206.123.152.35:33862
206.123.152.37:33672
206.123.152.47:33672
206.123.152.99:3421
209.38.193.86:5050
212.83.139.101:2405
212.83.139.101:443
213.176.67.24:2404
216.250.252.245:4248
216.250.252.245:43175
23.140.36.124:48192
38.242.230.250:2405
4.228.216.14:2404
45.158.8.240:2405
45.55.67.254:6377
45.62.170.235:2404
45.80.158.210:1234
45.88.186.160:6969
46.250.253.70:888
54.39.30.223:1026
54.39.30.224:1026
54.39.45.93:9001
62.60.226.231:99
69.10.45.244:8172
69.195.129.139:6939
79.110.50.90:3029
82.115.211.4:15407
82.115.211.4:15409
93.127.160.198:2019
00kla.com
2024.123hack.us
ablelifepurp.duckdns.org
ablelifepurp.ydns.eu
akshaytiwari-63234.portmap.host
amarre12.dynuddns.net
amarre29.kozow.com
amarrepago25.dynuddns.net
ammsaue.com
awesome123.duckdns.org
bell.mokveid.com
bell.mtd-l.com
bestwishesfornewstartingwithrems.duckdns.org
bigpappa.duckdns.org
blackyywire.ddns.net
bobo101.hopto.org
brasilselectbackup.ddns.net
cbzr-98pq1.ydns.eu
cnn9001.duckdns.org
colombiaeslibre9889.dynuddns.com
ctsapa.com
deo.ydns.eu
desalator.com
dfdfhdhdrgethftrj.duckdns.org
dlvatecsl.com
educational-intelligent.gl.at.ply.gg
eepaulisblessed.duckdns.org
egi0of8.duckdns.org
electronic-sharp.gl.at.ply.gg
elevatormagnet.duckdns.org
eririego.top
exelelo.webhop.me
fahad-airlink.duckdns.org
fteamez7iurs01.duckdns.org
gabrielgarcialora09.kozow.com
gael20242.kozow.com
genesisloperalora09.con-ip.com
ghddfe.duckdns.org
gondeen.com
goodangelgivenbestbabygirlevacamebackbea.duckdns.org
greatguru1985.ydns.eu
greatzimebube.duckdns.org
hbws.cc
honeyportsecurityresearchteam.duckdns.org
htgeruyukwhyj.duckdns.org
ikechukwugrace.duckdns.org
infopoint.duckdns.org
inversat.cc
iwantmyangelevaalwaysbehappylovesugirlth.duckdns.org
iyruuv6.ydns.eu
jayw8724-39348.portmap.host
k8uh0-bfc.duckdns.org
karina2bento-com.xyz
kbs-frb.cc
krakas2.duckdns.org
laurent-kefere.duckdns.org
laxreal10.duckdns.org
lethals.duckdns.org
low-incl.gl.at.ply.gg
mybestangelgirlinsideofmyheartwithlovebe.duckdns.org
nicegoodkidsevaangelsheismygirlsoir.duckdns.org
nnamoograce.duckdns.org
northsalls.com
not4abuse01.xyz
oneoptionforeverling.mysynology.net
padrisosr25.dynuddns.com
paper-preparation.gl.at.ply.gg
paygateme.net
prove.mine.nu
remcodit.top
rjwz.ydns.eu
rmdns.servesarcasm.com
saleskunshan.com
salesmarking.com
sdniduhiudvudbucbudb.con-ip.com
sec1.diabolikk1.xyz
sfave8ojurshe1.duckdns.org
sfave8ojurshe2.duckdns.org
sfave8ojurshe3.duckdns.org
sfave8ojurshe4.duckdns.org
sfave8ojurshe5.duckdns.org
shee.ydns.eu
sheismybestgirlbabyangelmylovlg.duckdns.org
soblessedagain.duckdns.org
socmer.airdns.org
solarbee.ydns.eu
stachi.ydns.eu
streetwisecre.duckdns.org
suzhuomate.com
sweet1617181920.duckdns.org
taxacts.de
tipsept.ydns.eu
tooblessed2bcursed.duckdns.org
top.not4abuse01.xyz
treemmesrl-eu.com
twealthybillionaireman.duckdns.org
verybestfuckingpersonieseeninmylifetrulystupidmanwhoaorundon.ydns.eu
verygreatjourneyofthebabygirlwholivesfor.duckdns.org
verynicejourencywithbetterbabygirloftheb.duckdns.org
wblspc.com
winsrvc.ddns.net
wizbiz.dynu.net
wllgore.com
wonderfulstartwithneewseriousworkgreatan.duckdns.org
ysgnmmjmmj.duckdns.org

# Reference: https://x.com/c_APT_ure/status/1976384898794651826
# Reference: https://www.virustotal.com/gui/file/5879d31ba880a8bf0825ed666ce82913b53830be8ab8f20ea22702f4202ff789/detection

http://198.23.177.201
45.133.174.146:31423

# Reference: https://www.virustotal.com/gui/file/45861cfb823fb2a2d59f697e13623934c635fc8bceb9af5f282343fd224dfab2/detection

104.223.84.8:14641
angelblessedzynovakobothankyougodfeelhap.duckdns.org
bestoptionforgoldenangelworkingthingsgre.duckdns.org
sheismybestgirlbabyangelshemylovemybabyg.duckdns.org

# Reference: https://www.virustotal.com/gui/file/45861cfb823fb2a2d59f697e13623934c635fc8bceb9af5f282343fd224dfab2/detection

kutt.rhaimes.com

# Reference: https://x.com/JAMESWT_WT/status/1978432073514778838
# Reference: https://x.com/JAMESWT_WT/status/1978442657757069383
# Reference: https://www.virustotal.com/gui/file/007062d09128a9d16fb1b4c2fa7a3eca0b2b9e632da2dc8acbf58be8571dad49/detection

138.199.59.4:60736
185.157.162.27:56687
185.157.162.30:56687
makyol.top
adigo.ydns.eu
agulo22.ydns.eu
austria.duckdns.org
lms.austria.duckdns.org

# Generic

/invoice_Qkdxcnmk.bmp
/swlu_Gmgzhmnp.png
/litupin_Kywfvjxv.bmp
/remcos_a_rgzXPLek0.bin
/TT_2021_Remcos%20v2_DDoOoaFhuj99.bin
/Xrllqxvmom.png
/_errorpages/remcoszx.exe
/remcoszx.exe
/newremcos.txt
/newremcos.php
/newremcos.ps1
/newremcos.hta
/newremcos.asp
/newremcos.aspx
/newremcos.py
/newremcos.pyc
/novoremcos.txt
/novoremcos.php
/novoremcos.ps1
/novoremcos.hta
/novoremcos.asp
/novoremcos.aspx
/novoremcos.py
/novoremcos.pyc
