# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: 1xxbot, arechclient2, asatafar, ghostpulse

# Reference: https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers

http://45.142.213.230

# Reference: https://twitter.com/P3pperP0tts/status/1197493278339469313
# Reference: https://twitter.com/P3pperP0tts/status/1196425019154403328
# Reference: https://app.any.run/tasks/efeb529d-fa5d-4adb-8527-7161080e722a/

51.15.22.167:228

# Reference: https://twitter.com/malwrhunterteam/status/1200742733805170688
# Reference: https://www.virustotal.com/gui/file/32aa5f556099e8fdf9c0f4c8f5695e5736a7cc208aacc548d623d329256d4130/detection

94.242.206.163:228

# Reference: https://twitter.com/malwrhunterteam/status/1205495402721685509

firestarter.co.ug

# Reference: https://app.any.run/tasks/4827acc3-173d-4f4f-b4ca-212e4814ba44/

93.190.142.138:228

# Reference: https://twitter.com/Arkbird_SOLG/status/1348288401049608193
# Reference: https://www.virustotal.com/gui/file/4b3411887671db0dd5e57c2187260bd79f2c5cd4279d24b96de9724f492ce3f7/detection
# Reference: https://www.virustotal.com/gui/file/3d74c37ade5a7082617acb0cb1697eb18c9a61f7099b04b76967140f3a8d03ec/detection

34.253.207.79:15647

# Reference: https://www.virustotal.com/gui/ip-address/54.194.254.16/relations
# Reference: https://twitter.com/James_inthe_box/status/1348264657736269828
# Reference: https://app.any.run/tasks/279edbe8-a2d6-4816-8602-311fa33fd34b/
# Reference: https://www.virustotal.com/gui/file/2cad1d5cd3e145f720e3da8825183d78545b834fe146a8d1ec26c0e876980a66/detection

54.194.254.16:15647

# Reference: https://twitter.com/abuse_ch/status/1348271030322790400
# Reference: https://bazaar.abuse.ch/sample/bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed/
# Reference: https://www.virustotal.com/gui/file/bf802ba3e523c502a27e0c9044bc699f0db17ebb00e5b3b9c152038a13c856ed/detection

80.209.229.192:15646

# Reference: https://www.virustotal.com/gui/file/a24bf6fa910c0fe011cdabd3c1203d735f8a28f27c646fe0ae5981bbb7304e41/detection

80.82.77.221:15647

# Reference: https://www.virustotal.com/gui/file/8d2c8fab417257c558a379fc384a5fdda844b73ca507944b90b0a101591c7fae/detection
# Reference: https://www.virustotal.com/gui/file/17a7129edcb8c2bb353c6fc365455b630912da13d3af096e9fb148647551f6b4/detection

147.78.67.95:15646
147.78.67.95:15647

# Reference: https://www.virustotal.com/gui/file/9f204e8a44750d83e2d892357db881a241e16fe82eff4fc16f0d9adecec430a3/detection

185.195.26.100:54766

# Reference: https://www.virustotal.com/gui/file/cb64e1065259e2c9e0fb663bdf4ad73a4abc514399ca86f4c3b745b61c6ab530/detection

185.82.202.143:15647

# Reference: https://www.virustotal.com/gui/file/665747baf4f8bba24765b2a486f7677b7e1f199335cace6db075f8f3dd68fcef/detection
# Reference: https://www.virustotal.com/gui/file/f12f3ad220342c60304834a7df1345521e16e13242566dbc76fc21242765fe23/detection

195.2.78.227:228
195.2.78.227:54766

# Reference: https://www.virustotal.com/gui/file/b7a16329d7ca5a5ff38f6d424b426f33a29e1fff8490016530a7433134b391f6/detection

135.181.86.99:15464

# Reference: https://www.virustotal.com/gui/file/98f7e638f8cd14879f5c9fb2071e4f53df9922cdd77a64b632fb06a197d9f9e6/detection

202.59.10.176:15646

# Reference: https://www.virustotal.com/gui/file/3ca1a97e6b3e8d9bae5a054a2c5014db99c4375cab6554e33fb4217bf34a1858/detection

86.106.93.111:15646

# Reference: https://www.virustotal.com/gui/file/71c3e512e148941ff0435c9a556d75cf8fe5621a85a6a2ea4f7a20cb6a0c6856/detection

185.165.153.51:5025

# Reference: https://tria.ge/220627-kta12aaaal/behavioral1

34.159.232.110:15647

# Reference: https://twitter.com/1ZRR4H/status/1615231876817362944
# Reference: https://twitter.com/1ZRR4H/status/1615428216684175360
# Reference: https://threatfox.abuse.ch/ioc/1068570/
# Reference: https://www.virustotal.com/gui/file/a835602db71a42876d0a88cc452cb60001de4875a5e91316da9a74363f481910/detection

http://77.73.133.83
34.107.35.186:15647
77.73.133.83:15647

# Reference: https://twitter.com/idclickthat/status/1626069576868933632

http://179.43.142.86
anydesk-infopage.com
pputty.us

# Reference: https://threatfox.abuse.ch/browse/malware/win.sectop_rat/

http://157.90.151.122
135.181.156.70:15647
138.201.120.172:15648
144.76.163.55:15648
144.76.195.220:15647
157.90.151.122:228
162.55.188.246:15647
167.235.134.14:15647
185.143.223.9:15648
185.173.36.156:228
185.197.75.191:15647
193.111.210.150:15647
34.107.84.7:15647
34.141.167.33:15647
34.141.198.105:15647
34.141.92.1:15647
34.142.80.219:15647
34.159.180.55:15649
34.159.68.86:15647
34.27.150.38:15649
34.27.176.144:15647
34.91.185.62:15649
35.198.132.51:15647
35.204.188.251:15649
35.226.102.12:15649
35.230.153.115:15647
35.234.159.213:15649
35.242.150.95:15649
35.246.173.61:15647
37.1.206.174:228
46.175.147.8:15647
5.75.147.135:15647
5.75.149.1:15645
5.75.149.1:15648
5.75.153.165:15647
62.182.156.148:15647
65.108.101.156:15647
77.232.36.56:228
77.232.39.39:228
77.232.42.253:228
77.246.107.149:15647
88.218.170.169:15647
89.248.165.23:5865
91.142.77.238:228
91.142.78.27:228
94.130.51.115:15648
95.143.190.57:15647
cloudinstalller73489.shop
ggimp.us

# Reference: https://threatfox.abuse.ch/browse/malware/win.sectop_rat/ (# 2023-08-01)
# Reference: https://www.virustotal.com/gui/ip-address/217.107.219.92/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.177.139.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.177.140.194/relations

cdn-dwnld.ru
994safeweb.store
alarmhealth623.store
linkpower994.online
newtorpan.ru
newtorpan.site
newzone623.store
next-traf623.site
shadowlink994.store

# Reference: https://twitter.com/g0njxa/status/1687801004534747136
# Reference: https://app.any.run/tasks/80b166cb-7a36-41ce-9f18-58344e7bc138/
# Reference: https://www.virustotal.com/gui/file/d35d55bb74a7cf4349e2fa4a92839e2a88f17a1fee9725801d0d97b2bf0d311c/detections

95.143.190.57:15648

# Reference: https://twitter.com/1ZRR4H/status/1699923793077055821

195.201.198.179:15647

# Reference: https://threatfox.abuse.ch/ioc/1150242/

95.217.105.184:15647

# Reference: https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks
# Reference: https://otx.alienvault.com/pulse/653fe482a1235f71266181a8

manojsinghnegi.com/2.tar.gpg

# Reference: https://twitter.com/Jane_0sint/status/1723736724533129263
# Reference: https://app.any.run/tasks/84a868ea-e8f3-436b-abe9-82b0226aac5d/

80.66.66.40:15647

# Reference: https://twitter.com/crep1x/status/1727970393237983640
# Reference: https://www.virustotal.com/gui/ip-address/45.67.228.133/relations

1subsmepjzqnvvukhd.fun
2hedonrxjakubcloudflare.fun
2lastofusupdatjakubcloudflare.fun
2subsmepjzqnvvukhd.fun
3hedonrxjakubcloudflare.fun
3ivgtdccwvbaaou.fun
3subsmepjzqnvvukhd.fun
4hedonrxjakubcloudflare.fun
5hedonrxjakubcloudflare.fun
5ivgtdccwvbaaou.fun
5subsmepjzqnvvukhd.fun
gleamgamestudios.fun
heckledunicornvb2.fun
skilleddevelopment.fun
theworkflowagency.fun
zodiaentertainment.fun

# Reference: https://twitter.com/1ZRR4H/status/1730731082734010780

slimankoomer.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.sectop_rat/ (# 2024-01-03)

138.201.125.92:15647
145.239.99.234:15647
152.89.217.190:15647
152.89.217.215:15647
152.89.217.229:15647
176.9.66.115:15747
178.63.51.126:15648
193.233.112.219:15647
193.33.195.42:15647
194.26.135.11:12432
194.26.135.180:15647
194.26.29.100:15647
194.26.29.112:15647
194.26.29.153:15648
194.26.29.44:15647
2.57.149.77:15647
212.118.39.73:15649
213.109.202.15:15747
213.109.202.229:15647
213.109.202.96:15647
213.109.202.96:15747
213.109.202.97:15647
213.109.202.97:15747
213.109.202.98:15647
213.109.202.98:15747
45.141.86.82:15647
45.141.87.124:15647
45.141.87.124:9000
45.141.87.16:15647
45.141.87.215:15647
45.141.87.218:15647
45.141.87.50:15647
45.141.87.63:15648
45.88.104.78:15647
45.92.179.244:15647
5.42.67.10:15647
77.105.132.31:15647
78.153.130.239:15647
78.153.130.239:9000
85.209.11.243:15647
91.215.85.66:15647
94.181.229.249:15647
94.181.229.249:15747
95.216.24.238:15647

# Reference: https://www.virustotal.com/gui/file/fa0b3328dda7aa7e953780fc8b6be127f747fc778f0bd3f0a2e885402c1c481e/detection

http://194.147.35.251
http://5.75.214.104

# Reference: https://x.com/smica83/status/1813912637895549108
# Reference: https://tria.ge/240718-pea5psxgkp/behavioral1

213.109.202.15:15647
213.109.202.15:9000

# Reference: https://x.com/banthisguy9349/status/1822635735494664701

45.141.87.55:15647

# Reference: https://x.com/banthisguy9349/status/1822635735494664701
# Reference: https://www.virustotal.com/gui/file/0bb9e107a5f5f9ad838173ebf222107d37cc1f378fa10f46ad5b2914f19f8e72/detection

45.141.87.55:9000

# Reference: https://www.vmray.com/analyses/_mb/f1ecf2469a83/report/network.html

91.215.85.66:9000

# Reference: https://x.com/SquiblydooBlog/status/1836362042619396160
# Reference: https://tria.ge/240917-zv36javdrj/behavioral2
# Reference: https://www.virustotal.com/gui/file/ecf5e02e19345dc4f60e531139339b5a8a95dd393b0bbcb3b4e93a184585a53a/detection

http://188.34.184.47
http://65.109.218.88
http://89.23.96.126
188.34.184.47:443
45.141.86.82:9000

# Reference: https://x.com/malwrhunterteam/status/1860405590364672452
# Reference: https://www.virustotal.com/gui/file/fe40afb158e24c1896776fe3bdef33d2bb85ae67cf7b115f309d2535fc2a6afd/detection

185.147.124.236:15647
185.147.124.236:9000

# Reference: https://www.virustotal.com/gui/file/c44c68d187d1e8adc8da0eddfada509fb6d9b00452888740affe9a069d43ea35/detection
# Reference: https://www.virustotal.com/gui/file/aaca1d0a684091ceb9367a917719e5593de9337ec857afeb51719bf8994834cf/detection

91.240.118.89:15647
91.240.118.89:9000

# Reference: https://x.com/banthisguy9349/status/1822635735494664701
# Reference: https://www.virustotal.com/gui/file/0bb9e107a5f5f9ad838173ebf222107d37cc1f378fa10f46ad5b2914f19f8e72/detection

/wbinjget?q=
/wbinjget

# Reference: https://x.com/malwrhunterteam/status/1862036608481989005
# Reference: https://www.virustotal.com/gui/file/d864a359e3a19182e72109fe75408d21b10215938e8be4098c4dbbc8ce0b7c7c/detection

45.141.84.168:15647
45.141.84.168:9000

# Reference: https://x.com/banthisguy9349/status/1864688082559115552
# Reference: https://www.virustotal.com/gui/file/9fe2c00641ece18898267b3c6e4ee0cb82ffefbc270c0767c441c3f38b63a12a/detection
# Reference: https://www.virustotal.com/gui/file/06e81f5bb3b70ddd48d4711afd1f75776bc1e28e787ffd5dab9459083796f437/detection

91.202.233.18:15647
91.202.233.18:9000

# Reference: https://x.com/JAMESWT_MHT/status/1867118417959956657
# Reference: https://www.virustotal.com/gui/file/224f45017a9dbb7db7fe2836771d8f4e77c9735499c20a19c832a91b156d7056/detection

healthclinic-stylemaven.com
pict.healthclinic-stylemaven.com

# Reference: https://x.com/JAMESWT_MHT/status/1868922347144855722
# Reference: https://www.virustotal.com/gui/file/26db835c118e06564f8074656bc403862848cc3d0b3761625a07cb4f33790902/detection
# Reference: https://www.virustotal.com/gui/file/45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503/detection
# Reference: https://www.virustotal.com/gui/file/71e590840310d7eab4d8c339a094847523d368777cfda93fde87e0b25d9051f3/detection

docu-signer.com

# Reference: https://x.com/JAMESWT_MHT/status/1880203646396416038
# Reference: https://www.virustotal.com/gui/file/5c4253a21c527794b0f6970a19f7aeed5d3be4cefcdf35a29ef23e6f0123cfc5/detection

http://185.147.124.179
185.147.124.179:15647
185.147.124.179:228
185.147.124.179:9000

# Reference: https://x.com/malwrhunterteam/status/1890139368897278029
# Reference: https://www.virustotal.com/gui/file/ac9231c343b6200c6b42c36a884a6e749bce2544045d4bf3c3ccab72d814bb9d/detection

92.255.85.36:9000
pub-5fe9ea6eaaa8428b96387919927f6a5d.r2.dev

# Refereence: https://x.com/malwrhunterteam/status/1890377293731627311
# Reference: https://www.virustotal.com/gui/file/11a2c6854f88e833ac2fc1d4ddfe0b1ec64368a53ab3a60fe6f81e8ede764712/detection

185.42.12.247:15847
185.42.12.247:9000

# Reference: https://x.com/malwrhunterteam/status/1891778943549571519
# Reference: https://www.virustotal.com/gui/file/8f55ad8c8dec23576097595d2789c9d53c92a6575e5e53bfbc51699d52d0d30a/detection

109.120.186.139:9000

# Reference: https://x.com/malwrhunterteam/status/1894515309576413469
# Reference: https://www.virustotal.com/gui/file/dc0af3253349bc3d6cff84b99746de1302117bd2fba34c8ff2f4b3225aa3d060/detection

92.255.85.23:15847
92.255.85.23:9000
bestieslos.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/5353

bestiamos.com

# Reference: https://x.com/malwrhunterteam/status/1895766317078364599
# Reference: https://www.virustotal.com/gui/file/4b580fb4ad57c5fc8820fc8b03f10c23e6760e5ae82bfad1e74837eb4cfc1b14/detection

92.255.85.23:15847
92.255.85.23:9000
undermymindops.com

# Reference: https://x.com/TRACLabs_/status/1901114766015263229
# Reference: https://www.virustotal.com/gui/file/16605a270dc13cdb07bf4544464d7bb7002be34e8011001df56e2a3fabf30a4a/detection
# Reference: https://www.virustotal.com/gui/file/e70c861b32339ab235019bb613ee1c201147902d23a01187907537db0f13a8f3/detection
# Reference: https://www.virustotal.com/gui/file/9acb461c02187dc919f609a4dfafe643b7bd09473c54d84b348d03e05c0f895c/detection
# Reference: https://www.virustotal.com/gui/file/845dd63b53d8e0d715ee4b5799be1ec7cea5a75de40c54d597502a33d86aee51/detection

172.86.115.43:443
172.86.115.43:9000
flowersmayer.click

# Reference: https://x.com/malwrhunterteam/status/1901590384507023827
# Reference: https://www.virustotal.com/gui/file/0152dc9dea7a57e3bd5872e72c1dd03180f39725da7e8e5940bca0eb67e20bae/detection

94.141.122.131:443
94.141.122.131:9000
downlfkzfoqkajada.com
overtimeforus.com

# Reference: https://x.com/malwrhunterteam/status/1902486957034221945
# Reference: https://www.virustotal.com/gui/file/c39ed32b41c2e88ca57069ced2175fbdcbb100e11e5df62717bfbf199d285ad1/detection

172.86.72.81:9000

# Reference: https://x.com/malwrhunterteam/status/1905240053699191101
# Reference: https://www.virustotal.com/gui/file/0d5311014c66423261d1069fda108dab33673bd68d697e22adb096db05d851b7/detection

82.117.255.225:9000

# Reference: https://x.com/malwrhunterteam/status/1906701366233378824
# Reference: https://www.virustotal.com/gui/file/dac7d990d4773eab9cb359386aaec2fb7eb826da9e409bc69bd5ee6f8063d5a6/detection

149.248.78.209:9000
hitiotppppalfkjfk.com
mfktiaoaolfkfjzjk.com

# Reference: https://app.validin.com/detail?find=%3A%3A%22og%3Atitle%22%3A%3A%22%20Cybersecurity%20Innovations%20-%20%20Safety%20Center%22&type=raw#tab=host_pairs (# 2025-04-20)

advancced-ip-scanner.org
auhtentic.com
authenticatt.org
b2bfinservice.com
bongacams.homes
contentreverse.world
piay-markef.cyou
piay-markef.sbs
spacemount.net
wildfantasyclub.us
google.authenticatt.org

# Reference: https://x.com/vigilantbeluga/status/1914662495664660958
# Reference: https://app.any.run/tasks/8013dff1-c735-4b06-8031-10e192b4ce18
# Reference: https://www.virustotal.com/gui/file/2ad37c2bc96ab025b2b72601d16ce90904a5afffb3cc37e706308a4700da82d7/detection
# Reference: https://www.virustotal.com/gui/file/be611c0d866c0676b73868cb3f86d7ca3e0657fb989b03151df96897f1e8b189/detection

chro.cloud
chro.fun
chrndo.cloud
webstorepooster.site
chrome.browser.com.se

# Reference: https://x.com/malwrhunterteam/status/1920784309239095566
# Reference: https://x.com/JAMESWT_WT/status/1920817831454642362
# Reference: https://www.virustotal.com/gui/file/0935654e68b32a17bde5cdde49d1dd73438222e67a8306e29bc2e734aa90e6db/detection

185.125.50.140:9000
mychecksecureconnect.cloud
verifconncaptcha.com
verifyyourconnect.com

# Reference: https://x.com/skocherhan/status/1924814510436618495
# Reference: https://www.virustotal.com/gui/file/9d2eb97d89a1d979bf2a57aedf8c1ff77cd934895d890fc45686d547ca0faf11/detection

185.7.214.30:9000

# Reference: https://x.com/malwrhunterteam/status/1929490178587902320
# Reference: https://www.virustotal.com/gui/file/b1c6f3bf2fda08d94405dc7c7d2e3a5ea75c770ec6962b7be2c0290c34136897/detection
# Reference: https://www.virustotal.com/gui/file/954c77d9f00e58e27703ba1ec0ad741275e5ce635234a7f8ec4cf521b81c59fc/detection
# Reference: https://www.virustotal.com/gui/file/42840d9af32e3fa50208aed35792195d2094d7c9126b90152df2cb76e296f272/detection
# Reference: https://www.virustotal.com/gui/file/36389a37b4203e6237a31669f64ef2a315774914f4947a41bc5d0774a2535f9f/detection

45.141.87.249:15847
45.141.87.249:9000
broserty.cfd
uplinkmirrors.shop

# Reference: https://x.com/JAMESWT_WT/status/1930259080926335474
# Reference: https://app.validin.com/detail?find=a199cd20c675a9278610e71c0fdde79c&type=hash&ref_id=2ab02419adb#tab=host_pairs (# 2025-06-04)
# Reference: https://www.virustotal.com/gui/file/10a18ee810b5a4708369adb73b635d861ac394c545d0f14d8db3cbebd506835e/detection

http://195.82.147.93
45.141.84.229:15847
45.141.84.229:9000
92.255.57.32:15847
92.255.57.32:9000
balthasar.site
enter-webuyhousecoins.com
gameupdate-endpoint.com
postedge.online
servicesproonline.com
wangzhoueon.com

# Reference: https://x.com/elasticseclabs/status/1934987649070035266
# Reference: https://x.com/bluish_red_/status/1934993284595642740
# Reference: https://www.elastic.co/security-labs/a-wretch-client
# Reference: https://app.validin.com/detail?type=hash&find=82cddf3a9bff315d8fc708e5f5f85f20#tab=host_pairs (# 2025-06-17)

103.246.145.129:15847
103.246.145.129:9000
103.249.132.235:15847
103.249.132.235:9000
104.194.133.210:15847
104.194.133.210:9000
104.207.146.23:15847
104.207.146.23:9000
104.238.162.122:15847
104.238.162.122:9000
107.189.17.143:15847
107.189.17.143:9000
107.189.18.56:15847
107.189.18.56:9000
107.189.19.196:15847
107.189.19.196:9000
107.189.21.230:15847
107.189.21.230:9000
107.189.21.86:15847
107.189.21.86:9000
107.189.24.67:15847
107.189.24.67:9000
107.189.26.86:15847
107.189.26.86:9000
138.124.101.138:15847
138.124.101.138:9000
141.255.162.250:15847
141.255.162.250:9000
141.98.11.145:15847
141.98.11.145:9000
141.98.11.22:15647
141.98.11.22:9000
143.110.230.167:15847
143.110.230.167:9000
144.124.234.94:15847
144.124.234.94:9000
144.172.100.134:15847
144.172.100.134:9000
144.172.101.228:15847
144.172.101.228:9000
144.172.105.191:15847
144.172.105.191:9000
144.172.108.216:15487
144.172.108.216:9000
144.172.109.116:15847
144.172.109.116:9000
144.172.93.139:15847
144.172.93.139:9000
144.172.94.120:15847
144.172.94.120:9000
144.172.97.2:15847
144.172.97.2:9000
144.76.103.92:15847
144.76.103.92:9000
146.103.126.197:15847
146.103.126.197:9000
147.93.57.117:15847
147.93.57.117:9000
147.93.63.178:15847
147.93.63.178:9000
150.241.83.227:15847
150.241.83.227:9000
157.90.192.89:15847
157.90.192.89:9000
162.252.173.119:15847
162.252.173.119:9000
167.172.215.17:15847
167.172.215.17:9000
170.187.138.168:15847
170.187.138.168:9000
172.105.135.22:15847
172.105.135.22:9000
172.105.148.233:15847
172.105.148.233:9000
172.232.15.18:15847
172.232.15.18:9000
172.235.190.176:15847
172.235.190.176:9000
172.86.107.67:15847
172.86.107.67:9000
172.86.111.136:15847
172.86.111.136:9000
172.86.113.216:15847
172.86.113.216:9000
172.86.114.185:15847
172.86.114.185:9000
172.86.114.98:15847
172.86.114.98:9000
172.86.116.117:15847
172.86.116.117:9000
172.86.116.205:15847
172.86.116.205:9000
172.86.117.176:15847
172.86.117.176:9000
172.86.122.25:15847
172.86.122.25:9000
176.126.163.56:15847
176.126.163.56:9000
176.46.157.33:15847
176.46.157.33:9000
178.16.55.194:15847
178.16.55.194:9000
178.236.254.136:15847
178.236.254.136:9000
178.62.240.194:15847
178.62.240.194:9000
185.11.61.13:15847
185.11.61.13:9000
185.11.61.18:15847
185.11.61.18:9000
185.125.50.119:15847
185.125.50.119:9000
185.125.50.72:15847
185.125.50.72:9000
185.125.50.92:15847
185.125.50.92:9000
185.126.64.27:15847
185.126.64.27:9000
185.126.64.49:15847
185.126.64.49:9000
185.147.124.103:15847
185.147.124.103:9000
185.147.124.148:15847
185.147.124.148:9000
185.147.124.181:15847
185.147.124.181:9000
185.147.124.186:15847
185.147.124.186:9000
185.147.124.94:15847
185.147.124.94:9000
185.147.125.79:15847
185.147.125.79:9000
185.156.72.11:15847
185.156.72.11:9000
185.156.72.63:15847
185.156.72.63:9000
185.156.72.71:15847
185.156.72.71:9000
185.156.72.80:15847
185.156.72.80:9000
185.157.214.192:15847
185.157.214.192:9000
185.39.19.222:15647
185.39.19.222:9000
185.42.12.250:15847
185.42.12.250:9000
185.42.12.64:15847
185.42.12.64:9000
185.42.12.85:15847
185.42.12.85:9000
185.7.214.25:15847
185.7.214.25:9000
185.7.214.30:15847
185.7.214.30:9000
185.80.234.251:15847
185.80.234.251:9000
185.93.89.139:15847
185.93.89.139:9000
185.93.89.54:15847
185.93.89.54:9000
185.93.89.55:15847
185.93.89.55:9000
185.93.89.56:15847
185.93.89.56:9000
188.137.176.246:15847
188.137.176.246:9000
188.137.177.201:15847
188.137.177.201:9000
192.124.178.244:15847
192.124.178.244:9000
192.248.185.188:15847
192.248.185.188:9000
193.149.176.31:15847
193.149.176.31:9000
193.149.189.225:15847
193.149.189.225:9000
193.176.22.28:15847
193.176.22.28:9000
193.176.23.5:15847
193.176.23.5:9000
193.201.9.252:15847
193.201.9.252:9000
193.24.123.19:15847
193.24.123.19:9000
193.27.90.51:15847
193.27.90.51:9000
193.29.13.58:15847
193.29.13.58:9000
193.29.13.67:15847
193.29.13.67:9000
194.165.16.68:15847
194.165.16.68:9000
194.165.16.8:15847
194.165.16.8:9000
194.246.83.10:15847
194.246.83.10:9000
194.26.27.10:15847
194.26.27.10:9000
194.26.29.161:15847
194.26.29.161:9000
194.87.29.62:15847
194.87.29.62:9000
195.82.147.132:15847
195.82.147.132:9000
195.82.147.30:15847
195.82.147.30:9000
195.85.115.66:15847
195.85.115.66:9000
196.251.117.131:15847
196.251.117.131:9000
206.188.197.224:15847
206.188.197.224:9000
209.38.147.179:15847
209.38.147.179:9000
212.34.145.235:15847
212.34.145.235:9000
216.126.236.181:15847
216.126.236.181:9000
216.126.236.182:15847
216.126.236.182:9000
216.126.236.85:15847
216.126.236.85:9000
216.126.236.87:15847
216.126.236.87:9000
216.75.145.227:15847
216.75.145.227:9000
217.12.204.47:15847
217.12.204.47:9000
217.12.206.21:15847
217.12.206.21:9000
31.214.157.247:15847
31.214.157.247:9000
34.66.252.36:15847
34.66.252.36:9000
38.180.222.190:15847
38.180.222.190:9000
45.118.248.29:15847
45.118.248.29:9000
45.138.159.2:15847
45.138.159.2:9000
45.141.84.208:15847
45.141.84.208:9000
45.141.84.60:15847
45.141.84.60:9000
45.141.86.149:15847
45.141.86.149:9000
45.141.86.159:15847
45.141.86.159:9000
45.141.86.61:15847
45.141.86.61:9000
45.141.87.106:15847
45.141.87.106:9000
45.141.87.212:15847
45.141.87.212:9000
45.141.87.7:15847
45.141.87.7:9000
45.144.53.118:15847
45.144.53.118:9000
45.146.130.136:15847
45.146.130.136:9000
45.150.34.92:15847
45.150.34.92:9000
45.151.104.27:15847
45.151.104.27:9000
45.155.249.133:15847
45.155.249.133:9000
45.155.69.149:15847
45.155.69.149:9000
45.158.169.29:15847
45.158.169.29:9000
45.227.252.23:15847
45.227.252.23:9000
45.32.187.145:15847
45.32.187.145:9000
45.59.122.82:15847
45.59.122.82:9000
45.59.124.17:15847
45.59.124.17:9000
45.59.125.228:15487
45.59.125.228:9000
45.61.148.117:15847
45.61.148.117:9000
45.61.165.177:15847
45.61.165.177:9000
45.77.137.24:15847
45.77.137.24:9000
45.77.154.115:15847
45.77.154.115:9000
45.88.104.115:15847
45.88.104.115:9000
45.88.104.17:15847
45.88.104.17:9000
45.9.190.157:15847
45.9.190.157:9000
45.94.47.104:15847
45.94.47.104:9000
45.94.47.125:15847
45.94.47.125:9000
45.94.47.133:15847
45.94.47.133:9000
45.94.47.164:15847
45.94.47.164:9000
46.101.232.143:15847
46.101.232.143:9000
46.28.71.89:15847
46.28.71.89:9000
5.10.250.239:15847
5.10.250.239:9000
5.10.250.242:15847
5.10.250.242:9000
5.188.86.2:15847
5.188.86.2:9000
5.230.54.243:15847
5.230.54.243:9000
51.112.131.127:15847
51.112.131.127:9000
54.224.85.21:15847
54.224.85.21:9000
62.164.177.21:15847
62.164.177.21:9000
62.164.177.26:15847
62.164.177.26:9000
62.164.177.36:15847
62.164.177.36:9000
62.164.177.46:15847
62.164.177.46:9000
62.164.177.51:15847
62.164.177.51:9000
62.164.177.52:15847
62.164.177.52:9000
62.164.177.5:15847
62.164.177.5:9000
62.60.131.163:15847
62.60.131.163:9000
62.60.131.58:15847
62.60.131.58:9000
62.60.247.154:15847
62.60.247.154:9000
66.63.187.22:15847
66.63.187.22:9000
67.220.72.124:15847
67.220.72.124:9000
72.5.42.175:15847
72.5.42.175:9000
74.207.236.155:15847
74.207.236.155:9000
77.239.117.135:15847
77.239.117.135:9000
77.239.99.150:15847
77.239.99.150:9000
77.73.131.91:15847
77.73.131.91:9000
78.128.113.222:15847
78.128.113.222:9000
79.124.62.10:15847
79.124.62.10:9000
80.209.243.125:15847
80.209.243.125:9000
80.64.19.129:15847
80.64.19.129:9000
80.64.19.202:15847
80.64.19.202:9000
80.64.19.63:15647
80.64.19.63:9000
80.64.30.203:15847
80.64.30.203:9000
80.64.30.2:15847
80.64.30.2:9000
81.19.135.11:15847
81.19.135.11:9000
82.117.242.178:15847
82.117.242.178:9000
82.147.88.84:15847
82.147.88.84:9000
83.222.191.118:15847
83.222.191.118:9000
83.222.191.195:15847
83.222.191.195:9000
83.222.191.223:15847
83.222.191.223:9000
83.222.191.98:15847
83.222.191.98:9000
84.200.17.129:15847
84.200.17.129:9000
84.200.77.140:15847
84.200.77.140:9000
84.200.87.68:15847
84.200.87.68:9000
85.158.110.179:15847
85.158.110.179:9000
85.208.84.191:15847
85.208.84.191:9000
85.208.84.78:15847
85.208.84.78:9000
85.209.128.31:15847
85.209.128.31:9000
86.54.25.111:15847
86.54.25.111:9000
86.54.25.83:15847
86.54.25.83:9000
88.214.50.35:15847
88.214.50.35:9000
89.185.80.219:15847
89.185.80.219:9000
91.184.242.37:15847
91.184.242.37:9000
91.199.163.122:15847
91.199.163.122:9000
91.199.163.124:15847
91.199.163.124:9000
91.199.163.74:15847
91.199.163.74:9000
91.202.233.26:15847
91.202.233.26:9000
91.211.251.106:15847
91.211.251.106:9000
91.240.118.6:15847
91.240.118.6:9000
91.92.46.229:15847
91.92.46.229:9000
92.118.151.157:15847
92.118.151.157:9000
92.255.57.31:15847
92.255.57.31:9000
92.255.57.33:15847
92.255.57.33:9000
92.255.57.34:15847
92.255.57.34:9000
92.255.57.35:15847
92.255.57.35:9000
92.255.57.36:15847
92.255.57.36:9000
92.255.57.37:15847
92.255.57.37:9000
92.255.57.75:15847
92.255.57.75:9000
93.152.230.29:15847
93.152.230.29:9000
94.156.232.249:15847
94.156.232.249:9000
94.26.90.133:15847
94.26.90.133:9000
95.217.44.118:15847
95.217.44.118:9000

# Reference: https://threatfox.abuse.ch/browse/malware/win.sectop_rat/ (# 2025-06-18)

http://194.26.29.100
http://213.109.202.229
http://45.141.84.168
http://45.141.87.50
101.202.42.228:8888
109.107.182.209:9000
119.91.61.232:7790
122.116.204.121:9000
144.172.94.120:443
144.76.103.92:15647
144.76.103.92:15747
147.45.47.210:15647
147.45.47.210:9000
152.89.217.229:9000
157.90.192.89:15648
157.90.192.89:15748
172.86.107.67:15647
172.86.107.67:15747
176.9.66.115:9000
178.63.51.126:9000
185.147.124.178:15647
185.147.124.178:15747
185.147.124.179:15747
185.147.124.181:15647
185.147.124.181:15747
185.147.124.186:15647
185.147.124.186:15747
185.147.124.236:15747
185.157.213.253:14204
185.42.12.247:15647
185.42.12.247:15747
185.42.12.250:15647
185.42.12.250:15747
185.42.12.85:15647
185.42.12.85:15747
185.7.214.25:15647
185.7.214.25:15747
185.7.214.30:15647
185.7.214.30:15747
185.73.125.96:9000
193.149.189.225:443
193.201.9.252:15647
193.233.112.219:9000
194.165.16.25:9000
194.26.27.10:15747
194.26.29.100:9000
194.26.29.161:15647
194.26.29.44:9000
195.82.147.132:15647
195.82.147.132:15747
195.82.147.30:15647
195.82.147.30:15747
2.57.149.77:9000
213.109.202.229:9000
213.109.202.242:15647
213.109.202.242:15747
213.109.202.242:9000
213.109.202.97:9000
45.141.84.208:15647
45.141.84.208:15747
45.141.84.229:15647
45.141.84.229:15747
45.141.84.60:15647
45.141.84.60:15747
45.141.86.149:15647
45.141.86.159:15647
45.141.86.82:15747
45.141.87.16:9000
45.141.87.215:9000
45.141.87.218:9000
45.141.87.50:15747
45.141.87.50:9000
45.88.104.78:9000
45.92.179.249:9000
77.246.107.149:9000
80.209.243.125:15647
80.209.243.125:15747
80.64.30.203:15647
80.64.30.203:15747
80.64.30.2:15647
80.64.30.2:15747
82.147.88.84:15647
82.147.88.84:15747
85.158.110.179:15747
85.209.11.243:9000
88.214.25.17:15647
88.214.25.17:9000
89.248.165.79:15647
91.215.85.23:9000
91.240.118.154:9000
92.255.57.31:15647
92.255.57.31:15747
92.255.57.32:15647
92.255.57.32:15747
92.255.57.33:15647
92.255.57.33:15747
92.255.57.34:15647
92.255.57.34:15747
92.255.57.35:15647
92.255.57.35:15747
92.255.57.36:15647
92.255.57.36:15747
92.255.57.37:15647
92.255.57.37:15747
92.255.57.75:15647
92.255.57.75:15747
92.255.85.23:15647
92.255.85.23:15747
92.255.85.36:15647
92.255.85.36:15747
92.255.85.36:15847
95.216.24.238:9000
asmitadesign.com
bind-new-connect.click
browser.com.de
cdn-connect.info
chrom.browser.com.de
chrome.browser.com.de
chrome.downloadlink.icu
chrome.downloadpage.com.de
chrome.pagedownload.pro
connect-to-cdn.info
dechrome.browser.com.de
downloadlink.icu
downloadpage.com.de
eventbox.com
foxit-up.date
freemonflask.click
mail.marketplacelenders.xyz
marketplacelenders.xyz
megabrountake.click
montagbadenmehr.cfd
msfed.webaudiomessages.xyz
o.webaudiomessages.xyz
obsidian.pagedownload.pro
pagedownload.pro
regular-update-your-software.org
sci.webaudiomessages.xyz
smusxath.webaudiomessages.xyz
ssl-reload-connect.help
sso.webaudiomessages.xyz
tauxhoraire.com
traduc.com
ulgroup.webaudiomessages.xyz
unrealfabricdo.click
update-connection-to.help
usa.webaudiomessages.xyz
videoshosting.live
vn3hg.webaudiomessages.xyz
webaudiomessages.xyz
ywnjb.webaudiomessages.xyz
zoom-software-download.com
zoom-up.date

# Reference: https://x.com/smica83/status/1971262372280140209
# Reference: https://tria.ge/250925-vwxb6adn51/behavioral2

kryven.cloud
