# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: zaratustra

# Reference: https://twitter.com/ScumBots/status/1047543566594179073

queda2122.ddns.net

# Reference: https://twitter.com/ScumBots/status/1047422769712046080

trotokolenigers.onthewifi.com

# Reference: https://twitter.com/ScumBots/status/1046815013401501701

mdformo1.ddns.net

# Reference: https://twitter.com/ScumBots/status/1041469793625407489

farida.ddns.net

# Reference: https://twitter.com/ScumBots/status/1037351538732294145

zxcvbn123456.ddns.net

# Reference: https://twitter.com/ScumBots/status/1038158542736445441

mondns.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1040311939073826816

morfey.hldns.ru

# Reference: https://twitter.com/ScumBots/status/1050046306016747521

office365update.duckdns.org
systen32.ddns.net

# Reference: https://twitter.com/ScumBots/status/1052526398924095488

quedabesouro.ddns.net

# Reference: https://twitter.com/ScumBots/status/1053262497673891841

seekers.hopto.org

# Reference: https://twitter.com/ScumBots/status/1054081645400260608

duckdate.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1063996828516012033

morfey.myftp.org

# Reference: https://twitter.com/ScumBots/status/1064254932528832512

itachituff.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1067565492322410497

farida.ddns.net

# Reference: https://twitter.com/ScumBots/status/1069517101654777857

updatefacebook.ddns.net

# Reference: https://twitter.com/ScumBots/status/1080998862574309377

vivivi.myftp.org

# Reference: https://twitter.com/ScumBots/status/1081317358206156800

nerv7.ddns.net

# Reference: https://twitter.com/ScumBots/status/1081378115526582273

mondns.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1082132730715037696

queda212.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1089336859912744960

microsoftsecure.myq-see.com

# Reference: https://twitter.com/ScumBots/status/1090260035312275456

498408.ddns.net
olhomagicocdt.duckdns.org
systenfailued.ddns.com.br

# Reference: https://twitter.com/ScumBots/status/1090736985315201025

helloweenhagga.ddns.net
helloweenhagga1.ddns.net
helloweenhagga2.ddns.net
helloweenhagga3.ddns.net

# Reference: https://twitter.com/ScumBots/status/1095149123517534208

helloweenhagga4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1095760026923352066

updatesystem.linkpc.net

# Reference: https://twitter.com/ScumBots/status/1097587061329154055

easykill.servebeer.com
easykill1.servepics.com
easykill2.servepics.com
easykill3.servebeer.com

# Reference: https://twitter.com/ScumBots/status/1098145754185633793

haggasinger.ddns.net
haggasinger1.ddns.net
haggasinger2.ddns.net

# Reference: https://twitter.com/ScumBots/status/1101890548661698560

rat24695.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102445323417542658

mastermana1.serveirc.com
mastermana2.serveirc.com
mastermana3.serveirc.com
mastermana4.serveirc.com

# Reference: https://twitter.com/ScumBots/status/1103351296768331776

seskoal7rbe.ddns.net

# Reference: https://twitter.com/ScumBots/status/1103751431318892546

fouirux-59789.portmap.io

81.106.30.119:4444

# Reference: https://twitter.com/ScumBots/status/1104736674087665665

173.46.85.160:5555

# Reference: https://twitter.com/James_inthe_box/status/1107686616624037890
# Reference: https://twitter.com/JAMESWT_MHT/status/1107682800134750211

nobody120.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1108802212543848450

5.9.171.235:333

# Reference: https://twitter.com/ScumBots/status/1110489582494203904

91.192.100.5:1604

# Reference: https://twitter.com/Racco42/status/1112628162872119296

82.223.9.232:98

# Reference: https://twitter.com/TweeterCyber/status/1112919582635745281

kronozzz2.duckdns.org

# Reference: https://twitter.com/F_kZ_/status/1047054463570186241

37.187.155.228:85
nojjdjamel.hopto.org
nojjdjamel2251.hopto.org

# Reference: https://twitter.com/malware_traffic/status/935703820889358336

oamentyga.duckdns.org

# Reference: https://twitter.com/Racco42/status/884324767809056768

37.187.92.171:621

# Reference: https://twitter.com/Racco42/status/882123509350236160

hagroonayazabiiiiii.com
82.165.147.250:621

# Reference: https://twitter.com/luc4m/status/1113433242689052672

oldmandnsch.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1117986483196055552
# Reference: https://twitter.com/ScumBots/status/1123048893170769922
# Reference: https://twitter.com/ScumBots/status/1123675214980833280

95.213.251.165:7070
95.213.251.165:9090
95.213.191.230:9090

# Reference: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign

frankmana.duckdns.org
workfine11.duckdns.org
oldmandnsch.duckdns.org
blackhagga.duckdns.org
skyrocket1.duckdns.org
kronoz.duckdns.org
oldmandnsch.duckdns.org
kronozzz2.duckdns.org
lulla.duckdns.org
decent.myvnc.com
decent5.myvnc.com
jayztools1.ddns.net
jayztools2.ddns.net
jayztools3.ddns.net
totallol.duckdns.org
totallol1.duckdns.org
totallol2.duckdns.org
totallol3.duckdns.org
decent2.myvnc.com
decent3.myvnc.com
decent1.myvnc.com
decent4.myvnc.com
jordanchen736.sytes.net
jordanchen7361.sytes.net
jordanchen7362.sytes.net
jordanchen7363.sytes.net
lalacious1.serveftp.com
lalacious2.serveftp.com
lalacious3.serveftp.com
lalacious4.serveftp.com
mastermana1.serveirc.com
mastermana2.serveirc.com
mastermana3.serveirc.com
mastermana4.serveirc.com
mastermana5.serveirc.com
lullikhao.ddns.net
lullikhao1.ddns.net
lullikhao2.ddns.net
bullol.duckdns.org
cocomo.ddns.net
haggasinger2.ddns.net
haggasinger.ddns.net
haggasinger1.ddns.net
loramer1.ddnsking.com
easykill.servebeer.com
easykill3.servebeer.com
easykill2.servepics.com
easykill1.servepics.com
easykill3.servepics.com
helloweenhagga.ddns.net
helloweenhagga3.ddns.net
helloweenhagga4.ddns.net
helloweenhagga2.ddns.net
revengerx211.sytes.net
revengerx212.sytes.net
revengerx213.sytes.net
revengerx214.sytes.net
revengerx215.sytes.net
revengerx216.sytes.net
revengerx217.sytes.net
revengerx218.sytes.net
revengerx219.sytes.net
revengerx210.sytes.net
office365update.duckdns.org
systen32.ddns.net
bhenchood.ddns.net
emmanuelstevo.ddns.net
zinderhola1.ddns.net
zinderhola.ddns.net
myownlogs.duckdns.org
cocomo1.ddns.net
cocomo10.serveblog.net
cocomo2.ddns.net
cocomo2.serveblog.net
cocomo3.serveblog.net
cocomo4.serveblog.net
cocomo5.serveblog.net
cocomo6.serveblog.net
cocomo7.serveblog.net
cocomo8.serveblog.net
cocomo9.serveblog.net
mrcode.hopto.org
mrcode1.hopto.org
mrcode2.hopto.org
pussi2442.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1076166793054556160

presentationx.sytes.net

# Reference: https://twitter.com/ScumBots/status/1121497114532618246

5.9.171.229:777

# Reference: https://twitter.com/illegalFawn/status/1122767858126266368

jorenimo55.hopto.org

# Reference: https://twitter.com/ScumBots/status/1126966907511480321

151.80.241.114:666

# Reference: https://twitter.com/HONKONE_K/status/1135760982385483777

queda212.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1144358899429986304

185.165.153.250:5478

# Reference: https://twitter.com/ScumBots/status/1145116725970657281

93.90.193.146:213

# Reference: https://twitter.com/ps66uk/status/1145640316856340480

cheryl11.duckdns.org

# Reference: https://twitter.com/powershellcode/status/1148234398703030273

bylgay.hopto.org 
microsoftoutlook.duckdns.org
soucdtevoceumcuzao.duckdns.org

# Reference: https://twitter.com/coderippers/status/1153267389632602114
# Reference: https://www.virustotal.com/gui/ip-address/105.112.98.242/relations

105.112.98.242:1040
blackhill.ddns.net
isaacjekaguleri1234.ddns.net
mbvd.hopto.org
moneybag123.myftp.biz

# Reference: https://twitter.com/coderippers/status/1154003951152484352

mzu.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1154429111198203910

204.152.219.67:1003

# Reference: https://twitter.com/RedDrip7/status/1154696058846322688
# Reference: https://ti.qianxin.com/blog/articles/gorgon-group-campaign-aggah-with-pastebin/

kronozzz2.duckdns.org
microsoftoutlook.duckdns.org
tonypp.duckdns.org
yahakhan.duckdns.org
zoebin.duckdns.org

# Reference: https://twitter.com/Racco42/status/1158745916653920257

194.5.98.242:1212

# Reference: https://twitter.com/James_inthe_box/status/1165603800230481920
# Reference: https://www.virustotal.com/gui/ip-address/82.146.50.128/relations
# Reference: https://www.virustotal.com/gui/ip-address/37.203.214.30/relations

37.203.214.30:5000
82.146.50.128:5000
ahhahaasdas.ddns.net
dafg124.ddns.net
darckcometa.ddns.net
denisvpn2.ddns.net
devedeev.hopto.org
don4ik228.ddns.net
ewqewqewq.ddns.net
hostvimeworld.ddns.net
killler40000.ddns.net
lis1033.hopto.org
makot123.ddns.net
nikolaykolyabb.hopto.org
noinmy.ddns.net
werder3456.hopto.org
anonim001.ddns.net
asfadsvasdfsd.ddns.net
hedswjhrjkwe.freedynamicdns.net
matvey.ddns.net
micromax111.ddns.net
minecrafter1337.ddns.net
nargaroth.ddns.net
orcusbam.ddns.net
q12345gg.hopto.org
q312820ressivr.hopto.org
syka228228ppppp.ddns.net
talgat.ddns.net
uksivthack.mein-vigor.de
vhjrtyg.hldns.ru

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

helloweenhagga.ddns.net
revengerx111.sytes.net

# Reference: https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html

qstorm.chickenkiller.com
skymast231-001-site1.htempurl.com

# Reference: https://twitter.com/ScumBots/status/1175338135573684224

3.19.114.185:11400

# Reference: https://blog.prevailion.com/2019/10/mastermana-botnet.html

rgalldmn.duckdns.org
speeddfox.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1180817132763963394

144.76.134.221:333

# Reference: https://twitter.com/P3pperP0tts/status/1181546654169800705

34.95.176.194:443
bkil.ddns.net

# Reference: https://twitter.com/ScumBots/status/1184367636941029377

18.216.157.58:333

# Reference: https://twitter.com/ScumBots/status/1185658643720626176

193.161.193.99:56282

# Reference: https://twitter.com/ScumBots/status/1185983283408134145

192.241.133.27:5555

# Reference: https://twitter.com/ScumBots/status/1186745945154838528

148.251.11.102:333

# Reference: https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/

bhenchood.ddns.net
blackhagga.duckdns.org
bullol.duckdns.org
cocomo.ddns.net
cocomo1.ddns.net
cocomo10.serveblog.net
cocomo2.ddns.net
cocomo2.serveblog.net
cocomo3.serveblog.net
cocomo4.serveblog.net
cocomo5.serveblog.net
cocomo6.serveblog.net
cocomo7.serveblog.net
cocomo8.serveblog.net
cocomo9.serveblog.net
cycbra.duckdns.org
decent.myvnc.com
decent1.myvnc.com
decent2.myvnc.com
decent3.myvnc.com
decent4.myvnc.com
decent5.myvnc.com
easykill.servebeer.com
easykill1.servepics.com
easykill2.servepics.com
easykill3.servebeer.com
easykill3.servepics.com
emmanuelstevo.ddns.net
frankmana.duckdns.org
haggasinger.ddns.net
haggasinger1.ddns.net
haggasinger2.ddns.net
helloweenhagga.ddns.net
helloweenhagga2.ddns.net
helloweenhagga3.ddns.net
helloweenhagga4.ddns.net
jayztools1.ddns.net
jayztools2.ddns.net
jayztools3.ddns.net
jordanchen736.sytes.net
jordanchen7361.sytes.net
jordanchen7362.sytes.net
jordanchen7363.sytes.net
kronoz.duckdns.org
kronozzz2.duckdns.org
lalacious1.serveftp.com
lalacious2.serveftp.com
lalacious3.serveftp.com
lalacious4.serveftp.com
loramer1.ddnsking.com
lulla.duckdns.org
lullikhao.ddns.net
lullikhao1.ddns.net
lullikhao2.ddns.net
majorsss.duckdns.org
mastermana1.serveirc.com
mastermana2.serveirc.com
mastermana3.serveirc.com
mastermana4.serveirc.com
mastermana5.serveirc.com
mrcode.hopto.org
mrcode1.hopto.org
mrcode2.hopto.org
myownlogs.duckdns.org
office365update.duckdns.org
oldmandnsch.duckdns.org
pussi2442.ddns.net
revengerx210.sytes.net
revengerx211.sytes.net
revengerx212.sytes.net
revengerx213.sytes.net
revengerx214.sytes.net
revengerx215.sytes.net
revengerx216.sytes.net
revengerx217.sytes.net
revengerx218.sytes.net
revengerx219.sytes.net
skyrocket1.duckdns.org
systen32.ddns.net
totallol.duckdns.org
totallol1.duckdns.org
totallol2.duckdns.org
totallol3.duckdns.org
workfine11.duckdns.org
zinderhola.ddns.net
zinderhola1.ddns.net

# Reference: https://www.virustotal.com/gui/file/96a008b46c9acacccb03a31c01c9c28dac64b621eb819b8c92f242288207973a/detection

45.236.130.17:2022
d0rian2022.ddns.net

# Reference: https://twitter.com/P3pperP0tts/status/1190316504304246786

156.215.159.57:333
lapoire1.hopto.org

# Reference: https://twitter.com/ScumBots/status/1191396450497974274

193.161.193.99:56282

# Reference: https://twitter.com/JAMESWT_MHT/status/1193905361100644352
# Reference: https://app.any.run/tasks/d364f0d3-ed23-44ec-b230-351f75a5b0b3/
# Reference: https://app.any.run/tasks/d51c1833-2053-4d7f-a4d5-4e4f68c0bfe4/

192.169.69.25:5552
ytka.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1189578177368264704

nocbaba1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/639f527b10857a2ef47673e699818f3dd85524ec31a3d8f487e133c73ba4a186/detection

105.112.98.242:5198

# Reference: https://www.virustotal.com/gui/file/27621e43a8b7d8137c432702b03561de7590ef55d7df0c3ad1f296a2891dde79/detection

185.244.29.15:5198
mallorca.myftp.org

# Reference: https://twitter.com/ScumBots/status/1197640092397064192

190.159.103.11:8080

# Reference: https://www.virustotal.com/gui/file/94d9cfda3e2a60aea012b0948c9f9eaf55d1f7d90fb1bc9e9c094a3a064669ad/detection

40999up.sytes.net
acecervolta.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ca3045208e641a504d71b95b312e23b5956540c42390d4fd5c73b0a592605ce2/detection

79.134.225.105:1515

# Reference: https://www.virustotal.com/gui/file/5fcf8adcf19a796ba5be6eafec26b0e735132fbdc9443e64a6622ddccbc622f9/detection

anonyklax.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b8de1bc56ce012c92db35b2fa042cc64949b44561c8b99137b6b9d7352046bd2/detection

212.83.170.126:556

# Reference: https://www.virustotal.com/gui/file/9ad8e7da4c1659aa83b8c26be641cb813ca9b3b3ab66436d39c37355b2060dd8/detection

212.83.170.126:777

# Reference: https://www.virustotal.com/gui/file/57e4b72d810a2060fc33a66712099b1a1c380f6b48fc1b0d2ce551acd5a26280/detection

212.83.170.126:555

# Reference: https://twitter.com/0xCARNAGE/status/1200501488709226498
# Reference: https://app.any.run/tasks/c382b09f-03f7-4680-86c5-28316c5cc5e3/

reviewondoc.hopto.org

# Reference: https://www.virustotal.com/gui/file/194318a6aa15e9b89493527e85e366a620375fb8276a99cbbe60e74c64007cdf/detection

therazor.duckdns.org

# Reference: https://www.virustotal.com/gui/file/53ff9d532c3deb4a523a837c7d0a5e1fc73d9d229505a9b21b9fa5c2e2a75b81/detection

tripplegar.duckdns.org

# Reference: https://www.virustotal.com/gui/file/978785aa90673c5ddc678f1018e3eda34ac89d74746da046c4264716b7ad90ac/detection

raxixe.ddns.net

# Reference: https://www.virustotal.com/gui/file/c0e1cefc0fa326e6fe9bc99b75f3efbe416288bdb9c15419f3d311c74a6d5159/detection

117.102.55.39:27015
196.194.129.126:27015

# Reference: https://www.virustotal.com/gui/file/a22e0bd4c7fb42f0eff06c79882c3978d36036b05365afce51a678940b77d2db/detection

117.102.49.165:27015

# Reference: https://www.virustotal.com/gui/file/866159f1b11fe095f44befc8f854d5088ad102ca5ee1596545551474159e3b54/detection

111.88.66.94:27015
196.62.171.212:27015

# Reference: https://www.virustotal.com/gui/file/f1c7e6b4718c11fdc2480758d92457c3cfb4b76f3904164c6a3385a79bb5129c/detection

82.165.189.152:12
rdp.dgsn.fr

# Reference: https://www.virustotal.com/gui/file/0474fa430b2615ae160aad788b42af3c9c853a18f881d9f2b68142a7758cd677/detection

51.39.52.149:2303

# Reference: https://www.virustotal.com/gui/file/9ca36a408d5a16f3dc423b8d242f4e88801e8182af6ae3a11c7fc33bdb534f8e/detection

79.134.225.81:2303

# Reference: https://www.virustotal.com/gui/file/579dddb5b420ac1e3e0a7fb69aea0ce133a1abb19649e9077d9fad2587dee80f/detection

alien007.my-firewall.org

# Reference: https://www.virustotal.com/gui/file/ae8d20d5b490e43334f8338d3907f02030a2b41332ac23bbce2d450017bc8326/detection

192.253.246.145:8152

# Reference: https://www.virustotal.com/gui/file/a09c08b424b81d1ae51d6f97742e9d6e44adf7269a74d4932b9792f4cc22f077/detection

109.22.233.12:1255
ktama.linkpc.net

# Reference: https://app.any.run/tasks/44fc2e78-b754-499e-b3af-7a79464eb5e6/

102.165.36.254:2336

# Reference: https://www.virustotal.com/gui/file/186bbc489899cf51c242bdc0b015b792f041cf7457122c976ea64e7e7b5dba39/detection

184.82.53.131:333

# Reference: https://www.virustotal.com/gui/file/735f73734a4655eabf8c26ec99743df7ec47f46fcd256fbab553a10f2baada03/detection

184.82.56.227:333
184.82.57.216:333
184.82.60.41:333

# Reference: https://www.virustotal.com/gui/file/2c23d2190d208448017f9277eb99e2440c333175904adc21fd2004f06862d0b5/detection

184.82.49.43:333

# Reference: https://www.virustotal.com/gui/file/91a7176ebe6fee77e0167a84e832aef4cdbc56234a9dd72ac955f51ab43b071b/detection

184.82.55.15:333

# Reference: https://www.virustotal.com/gui/file/ad1cbf644977d986d1c92b3c0fe6350a0ef2c87d1f719f083f35cd4a36707132/detection

184.82.55.236:333

# Reference: https://www.virustotal.com/gui/file/41cd5cbe2bd4a2457887d8dc8dce4ce729e48305d60c82e587674e6a39c0b1e2/detection

184.82.62.180:333

# Reference: https://www.virustotal.com/gui/file/1339337c0a0c174773a4c4b7f6f639f995d11164eddd62d660cf3d0eb04fae46/detection

184.82.61.54:333

# Reference: https://www.virustotal.com/gui/file/664a24c87095b082bacc5ee657ec9ba62edce5f5411ca9d74204f76f52bbcbed/detection

184.82.56.227:333

# Reference: https://twitter.com/malware_traffic/status/1210701849977925635
# Reference: https://app.any.run/tasks/a003dde6-2c61-4301-9323-c767484ccaee/

186.243.111.215:2222
marcialimaadvogados.ddns.net

# Reference: https://www.virustotal.com/gui/file/ce59a9172682feb9cc529510d7f4912591e0ff05b1fb8f218feff4f56b986a5d/detection

blog.capeturk.com

# Reference: https://www.virustotal.com/gui/file/08052cd140d7a3b458bace4be4d795b28136ee259789273e3eec6ce9e93de7f7/detection

nj.monk249.date

# Reference: https://www.virustotal.com/gui/file/2f8c54525f4e26d777471da3d4a417146b670c64639dde29379f5d889b46b5fe/detection

216.176.190.198:2222

# Reference: https://www.virustotal.com/gui/file/533a3ee4340e08faf9fa56c74d1cacbc8c2fbdffbc2b1348372a929e993a5ff6/detection

93.190.51.88:2222

# Reference: https://www.virustotal.com/gui/file/131c6d984601d02a2be36bf7fb71a712619a6d4f54068c58467a9334e6e94789/detection

192.227.121.243:2222

# Reference: https://www.virustotal.com/gui/file/f32da272fbb8be7d539518a7d191e3b698eec1e6cfb9c6c99b7bc26ebb645c0c/detection

193.161.193.99:25878

# Reference: https://www.virustotal.com/gui/file/48b8bf56f5221de8f6c2d0401e94eec04ce3498473fcb24ed947d7feea546a2e/detection

104.244.75.220:38197

# Reference: https://www.virustotal.com/gui/file/568c954a9e363d0e99ff2b20296d288cdd4326283746c7fc6a57782eb594c3e6/detection

104.244.75.220:38197
104.244.75.220:38198
omaitgb.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8596eb18fbed20521e380396707504cb863569f38a4eeb7f67bd206c1966891b/detection

104.244.75.220:3074

# Reference: https://www.virustotal.com/gui/file/8faee7d114e24b7bc762ed857d6087a7975f5c5fc2b11bc48b0c452eab7a055a/detection

drivetask.win

# Reference: https://www.virustotal.com/gui/file/9f8dbd0b0911fcc986fee73a640a0fceee40f10dde5c65692a962bebbce83a42/detection

41.140.185.154:1177
canad.ddns.net

# Reference: https://www.virustotal.com/gui/file/a469892016ef8e6113447bc1499878486d0e57ec8f775a637add59b701eed55e/detection

jvckiwai.ddns.net
phnzmaster1337.ddns.net

# Reference: https://www.virustotal.com/gui/file/3903657504b1808b259ed87f135c99f97724ced294fc79deacb78ce3a6b56aa0/detection

177.126.146.10:1000
177.126.146.29:1000
3030pp.hopto.org

# Reference: https://www.virustotal.com/gui/file/663b1ed354638ffad7b4247152a55e94d256b20a422e8420712a285d5196d600/detection

196.235.119.152:5005

# Reference: https://www.virustotal.com/gui/file/94e5e4566c7119fd856c962028b9a7ecca684ff1a6c8e7ac360cdcf33ac8a609/detection

196.234.181.131:5005

# Reference: https://www.virustotal.com/gui/file/69a7dc6e31ae9b2bdd9e9b91d1c78e82f0afb5c0b15b36d6529d3b08c0af02c4/detection

196.229.217.179:5005

# Reference: https://www.virustotal.com/gui/file/edb9d01d1dc453f3992d0cc01bb2e737a9e9cd18f685bc360dbb56919a5d2341/detection

196.234.130.111:5005
196.234.134.73:5005

# Reference: https://www.virustotal.com/gui/file/8acbacd3c0cf2aa0918107dfce43d4dbe2071fbad3561ef588654fb2e28b1e6c/detection

196.234.170.219:5005

# Reference: https://www.virustotal.com/gui/file/7b368a543d6cb7253135711ba044028794111551a796d0201c02e68799349ea2/detection

196.229.142.14:5005
196.234.196.160:5005

# Reference: https://www.virustotal.com/gui/file/435f1581d05022ab3cd2b1affd6da43513f02189a8f1aa103054d793068ff996/detection

dragonfire-49462.portmap.host

# Reference: https://www.virustotal.com/gui/file/527c7c40a907dea2b874019ac4d81e4965ad8647b60b9bc5af04debf4c6f7ffb/detection

79.134.225.72:2121
sure.spdns.de

# Reference: https://www.virustotal.com/gui/file/1b44b336bf31ef38e47a4df90df8f85efb341d8a3631202ac1c1945602e51dd0/detection

176.136.148.107:333

# Reference: https://twitter.com/ScumBots/status/1213638005254168577

KevinDavis-58161.portmap.host

# Reference: https://www.virustotal.com/gui/file/58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933/detection

r3dc0d3r.duckdns.org

# Reference: https://www.virustotal.com/gui/file/858a439028cd32061a2fb29f3a13f4dcb6c09cb6147ff81f660ab19ede26d6e7/detection

103.136.156.186:12301

# Reference: https://twitter.com/ScumBots/status/1213800324630294528
# Reference: https://www.virustotal.com/gui/file/98c053d0a020c3146a1cfee09150fb2fc342f501ce00b0a898935c042ebe7016/detection

174.127.99.217:1016

# Reference: https://twitter.com/ScumBots/status/1215449944041062400

rdp2.dgsn.fr

# Reference: https://twitter.com/reecdeep/status/1215666445264224256

danielgomesb.mooo.com

# Reference: https://www.virustotal.com/gui/file/d9d6a345875324cbe8612ee7d02e6dd18f3f208d743e6aea40a8a2f3a236f8f5/detection

141.255.150.36:1337
danielgomesb.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a4382bc600bfd846a10029bd8ea0e7e94abcdef9819225dc83d581bf7c69df29/detection

179.180.82.144:1337

# Reference: https://www.virustotal.com/gui/file/0e754a806b2813874c47332e98a8c118bd1e33508b44ff0081ac36a48814d769/detection

109.202.107.15:9040
noregisterdomain.zapto.org

# Reference: https://twitter.com/ScumBots/status/1215804781865963521
# Reference: https://www.virustotal.com/gui/ip-address/78.82.164.58/relations

78.82.164.58:5552
yukselofficial.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2fc5217c461e357cef6f9aa68cb752a6834c01a34c25fc133b5a7aa8a540055d/detection

winuptade.homesecuritypc.com

# Reference: https://www.virustotal.com/gui/file/ae8d20d5b490e43334f8338d3907f02030a2b41332ac23bbce2d450017bc8326/detection

192.253.246.140:8152

# Reference: https://www.virustotal.com/gui/file/c64ee1bb47b78cc210d6d68f18064d87eb9054e559cff85f49390af75cb304de/detection

51.38.76.65:8090

# Reference: https://twitter.com/ScumBots/status/1217722417516285952

159.65.15.187:5552

# Reference: https://app.any.run/tasks/99d7ecd4-f627-4d3b-a308-b0ae8f574ea5/

ytka.duckdns.org
192.169.69.25:5552

# Reference: https://twitter.com/ScumBots/status/1219280325630623749

103.70.6.20:1117

# Reference: https://www.virustotal.com/gui/file/e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b/detection

137.74.152.239:333

# Reference: https://www.virustotal.com/gui/file/42e23b5a0fde78a0677c91043c9484aa6a9942fadf7e535a07104ff0dd501cb4/detection

177.126.146.50:1000

# Reference: https://www.virustotal.com/gui/file/c25a614eaad85114dbace254af9eda4c1d3d1383e3ca995d5e2fa9b6edfe60a5/detection

45.74.1.13:5050

# Reference: https://www.virustotal.com/gui/file/37021f720fe980d4c9c463f7362bdd5d86e217694fcd19c670e7ad90be7a0f40/detection

186.241.81.206:333
karinaregistrodns.ddns.net

# Reference: https://www.virustotal.com/gui/file/46ab018333ef331649a4564d485dc51bb3dd5fd647fb36715b0bf8c3717e78ec/detection

177.208.143.211:333

# Reference: https://www.virustotal.com/gui/file/dc0606ed37f0ca5272bd0227901406be6a0aa7c7269df96ae16f04b28399a935/detection

187.126.242.235:2222

# Reference: https://www.virustotal.com/gui/file/3df641748ce9649ec6625ca56bffdeacc77d0401e56623f9f786714478b6c4cf/detection

187.126.242.235:333

# Reference: https://www.virustotal.com/gui/file/3a52673575352f2e2c92de0f5278a4851b2c41f8a9fa3893d148a8686b5ef5a5/detection

152.246.119.195:6000
152.246.119.195:7000
152.246.121.23:6000
152.246.121.23:7000

# Reference: https://www.virustotal.com/gui/file/e570d0257f4e4ecca00963ffa5037b47a47d7095e583142dffc17c830d6f4404/detection

152.246.242.134:555

# Reference: https://www.virustotal.com/gui/file/a64e59ca45cca1f76dcccd1133b8ed1e7a38bb1ec5b9b0b59c0e29e3fc1abf8f/detection

152.246.159.95:555
152.246.38.158:555
189.201.239.249:555

# Reference: https://www.virustotal.com/gui/file/a69a3f554f10cd4e783d661a64b0602c3a27c4f82dd4a248a3dbd862ab9e4b46/detection

152.246.212.34:333
152.246.38.158:333
189.201.239.249:333

# Reference: https://www.virustotal.com/gui/file/5fc4356a2cb5599ef1438c3a237d952b814561a1f7b461dd7f47aea90c1760b9/detection

152.246.38.158:8080
79.134.225.27:333
79.134.225.27:8080

# Reference: https://www.virustotal.com/gui/file/70425c78192211fa613ff8b5ed3e0526c8c477dd1751e3fd0efcd7a9a8a07ae2/detection

189.201.239.243:8080
168.197.229.79:4000
168.197.229.79:1000

# Reference: https://www.virustotal.com/gui/file/2cdb395ef4181e494a648b1651ba079bbd27a00a31f765adf07b034d47e70890/detection

152.246.133.23:8080

# Reference: https://www.virustotal.com/gui/file/998bae2bbc2d3cd1850fd87567857c577cc1c5ce9faeb73f6112b753d0dce2b7/detection

168.197.229.19:8080
168.197.229.127:8080
168.197.229.127:4000
168.197.229.19:4000
168.197.229.127:7974

# Reference: https://twitter.com/ItsReallyNick/status/1222985472139579392

cugugugu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8c9a0e53d965e7615cf4dad382238013a262449d8fa65bc14ff424eb8c5e2d7f/detection

23.106.160.1:2299
tugatuga.duckdns.org

# Reference: https://www.virustotal.com/gui/file/72d02ba4cebd3e963eb9db394e1927eab46d671378b8393b7f55b65f34c444f4/detection

128.90.115.245:443
winuptade.zapto.org

# Reference: https://www.virustotal.com/gui/file/16b4664969ce27b9914dc9d41b5baa16a341e00f442527efffd478a73a014fa1/detection

156.205.245.221:5552

# Reference: https://pastebin.com/raw/uGwudw5k
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1224004241062232066

216.170.126.36:592
webmasterbl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9fdde98e1adcc204393795d30dd5731bdded681373161c7edd73ab09d6889fb3/detection

141.255.154.80:888

# Reference: https://www.virustotal.com/gui/file/906db2d677b2fb3fd7fd03ace459cad0547bd1a846cbe56e5e028de35b81e22d/detection

141.255.157.220:888

# Reference: https://www.virustotal.com/gui/file/b3c3d47e002f7915c2e055d05c0137a15bb9269240c211beee642530772fdc03/detection

141.255.154.80:888

# Reference: https://twitter.com/ScumBots/status/1226148003871952896

80.181.38.234:2222
95.233.69.34:2222
helpdeskcamfrog.ddns.net

# Reference: https://www.virustotal.com/gui/file/4a14f219ba3aa5ee706fa3f3b40983059568093f2a877c75ef3ebbfdf21fa2f7/detection

79.30.213.227:2222

# Reference: https://www.virustotal.com/gui/file/5c3e5f15b9b8cee942cb36206a2f833bd9984d8a4ca667d8ffcf4dc4b6edef55/detection

45.247.4.138:2222

# Reference: https://www.virustotal.com/gui/file/a17998b84107140124c51e80f092403e7a6fc48a908e1634b2292e07c528bd39/detection

45.247.34.8:2222

# Reference: https://www.virustotal.com/gui/file/01034003a84fd8217b5082c97ae709439a1e3244dbb2d936af0df50d709f535a/detection

45.247.7.250:2222

# Reference: https://www.virustotal.com/gui/file/d5736a8fe118a0896596f9d3b23d26c00d49e3a4d2a0f0c0782d8d92882913fe/detection

45.247.153.34:2222

# Reference: https://www.virustotal.com/gui/file/0cdfd28ede6e7a2ff3c55271b7b32b88f428142aefdd7139b6f6699239dcf88e/detection

45.247.223.85:2222

# Reference: https://www.virustotal.com/gui/file/eeeb2e4f35936641b2f687497a064735436a7b18710455d6afae7faf7a1a7d21/detection

45.245.234.203:2222

# Reference: https://www.virustotal.com/gui/file/e7838ac0484850cb7c44914205e13dfd0c05126b895906a84c3528adb20fb68f/detection

80.181.38.234:1188

# Reference: https://twitter.com/ScumBots/status/1225876212075110400

52.143.135.40:1738

# Reference: https://twitter.com/ScumBots/status/1225796939045838848

89.78.12.203:333

# Reference: https://www.virustotal.com/gui/file/d5f6f85cbfd2c95b1a14d09fcf03447c7416dea7c3414d78122a00bbbcad1f7f/detection

216.137.209.114:1337
pullingaporter.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7f4ab1bc842d8339f0958e573182ef37ac8c2bac621ff5547182a5730260b077/detection

216.137.194.74:333

# Reference: https://www.virustotal.com/gui/file/94d8de73814162e6c93c9cf9bacf34f60438ac2ed50ab534d770325aea2617bc/detection

141.255.150.213:1111
hayas.hopto.org

# Reference: https://www.virustotal.com/gui/file/7b184c5cca228af546bac79830f2a0270e0fa63ebee80af220c1cab99c48522e/detection

141.255.144.206:1111

# Reference: https://www.virustotal.com/gui/file/df4d41880d68d0a9b1131ce010bb76e077cd7605a94bd670e22e1d7c9b47ffad/detection

141.255.152.224:1111

# Reference: https://www.virustotal.com/gui/file/ab6e879d217ec77074d33c5576aed774faf582cfab6dc892ed606c3e1661056c/detection

141.255.144.197:3333
fackyou.myq-see.com

# Reference: https://www.virustotal.com/gui/file/e3edccc1d312c7e843773918b6d3ecabd7462b2e4b17e20c696410d08d69953a/detection

141.255.153.71:333
ffaassl.hopto.org

# Reference: https://www.virustotal.com/gui/file/0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15/detection
# Reference: https://www.virustotal.com/gui/domain/memo445.ddns.net/relations

91.109.188.6:1337
91.109.190.9:1337
memo445.ddns.net

# Reference: https://www.virustotal.com/gui/file/467d5848e6e532453dd0452ceabfe3995a12ec39e9cf1af4e31258dec21fc1f8/detection

45.247.72.194:3030

# Reference: https://www.virustotal.com/gui/file/54c74f8f5a82d5379cddf9f24331bc5d7389c810029be09d402c4954e399024e/detection

45.245.238.238:3030
45.247.126.145:3030
45.247.93.176:3030

# Reference: https://www.virustotal.com/gui/file/45815b72b91e1a1dd3ae9340f543eb5bc8a929df3f55714ab4fd913f07dc23b0/detection

168.235.111.253:8000

# Reference: https://www.virustotal.com/gui/file/8eca996c8223b75142fd73e79374585860b03a4d615bbb58e0999a403e64cd70/detection

168.235.111.253:6942

# Reference: https://twitter.com/ScumBots/status/1233071118145261568
# Reference: https://www.virustotal.com/gui/file/9be010b45a81a22f2d50c1d35f31384152c5b91dd7e3a1fe81b2c4fa95bb468c/detection

82.61.221.212:3000

# Reference: https://twitter.com/ScumBots/status/1236026843083558912
# Reference: https://www.virustotal.com/gui/file/b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b/detection

2.8.241.194:1605
steroidigo.ddns.net

# Reference: https://www.virustotal.com/gui/file/2bb44181c7547a69b7ea6a4d7c13baba0e623dd5049c055ad3902b3e04c68f62/detection

141.255.147.5:1177
brwa0772.ddns.net

# Reference: https://twitter.com/ScumBots/status/1237419849338494977

83.159.223.112:1604

# Reference: https://www.virustotal.com/gui/file/8acbacd3c0cf2aa0918107dfce43d4dbe2071fbad3561ef588654fb2e28b1e6c/detection

196.235.70.83:5005

# Reference: https://www.virustotal.com/gui/file/295a8276e98222a6589e2270d293964b7d49b99c13ab8f4e7a327e63d70652d1/detection

196.229.137.245:5005

# Reference: https://www.virustotal.com/gui/file/877267278069bab60988587079d7d3faa65e8f83b462de70d9ea881f19111634/detection

196.235.23.56:5005

# Reference: https://www.virustotal.com/gui/file/4224aad55ef5bacd7597fd954fb3ddcd1511b8b19295b81ef77bc929e360a9cb/detection

196.234.207.160:5005
196.234.209.127:5005

# Reference: https://www.virustotal.com/gui/file/f1691ed34f4150b8a265480f92047397a7f1ff908f8517c2057aaf66a6b977c4/detection

196.234.180.21:5005
196.234.135.188:5005

# Reference: https://twitter.com/ScumBots/status/1237963358986539009
# Reference: https://www.virustotal.com/gui/file/2ef9129b11a31d94a73eaeea4279ade2e58d84c121d3e97eeeb014093002da61/detection

141.255.156.41:8888
alougt.sytes.net

# Reference: https://twitter.com/ScumBots/status/1239911265922945027

119.59.115.179:5556

# Reference: https://www.virustotal.com/gui/file/1587661de0883e18e7098468fde3a3f8d428ffa05ca2204ef4723661e7ce6c46/detection

178.124.140.145:6522
178.124.140.148:6522

# Reference: https://www.virustotal.com/gui/file/d3c22b07a86e188d39af6cd0003965b6c49cf927d71f00413f369f16dc70ea56/detection

35.247.209.230:1337

# Reference: https://www.virustotal.com/gui/file/dfbe56103ba0f2a6a2c10134d0a7bb480180f4d313f8265ee6ea386f13919a90/detection

35.247.209.230:1818
paulav1.sytes.net

# Reference: https://www.virustotal.com/gui/file/232eb849f8e66aa9bd4347c0c9142f04c0f63b37c7941556925db1ebab4482d6/detection

185.165.153.228:9933

# Reference: https://twitter.com/ScumBots/status/1241609885344829440

101.98.203.110:6969

# Reference: https://www.virustotal.com/gui/file/1d95b2c065e5f5c4dee31cb336035caeb32a1c3dbdf0e4b1e2052fc7288d4c53/detection

193.161.193.99:51061

# Reference: https://twitter.com/ScumBots/status/1242206316694777856

193.161.193.99:8888

# Reference: https://www.virustotal.com/gui/file/e6eda9918b257e317e921d294b903f9488929fe7ef2efc0955bd141d19e15855/detection

imaneblueyesvpn.ddns.net

# Reference: https://www.virustotal.com/gui/file/de35000537e325fd8ed05003a1114b71aa7366f23a6185c9d8133a3793673427/detection

105.103.86.231:2016

# Reference: https://www.virustotal.com/gui/file/de35000537e325fd8ed05003a1114b71aa7366f23a6185c9d8133a3793673427/detection

141.255.152.217:333

# Reference: https://twitter.com/ScumBots/status/1242515854144798721

37.47.205.111:2685
miqas.ddns.net

# Reference: https://www.virustotal.com/gui/file/8ec66f95ee3410aff78263f82b0bc0af8a0ce0db445c9ee5e04e7e14398be5b8/detection

microsofft.sytes.net

# Reference: https://www.virustotal.com/gui/file/22a14015aca71a9ed22019f1777be6b72e85c42139eecb58b3c8c171765ce222/detection

45.161.63.8:333
javaupdate.hopto.org

# Reference: https://www.virustotal.com/gui/file/75ad02e0aea62552d29123e7f1ec9ce43808e15ee6c2143dab458bb25f110e1b/detection

45.161.63.8:1000
3030pp.hopto.org

# Reference: https://www.virustotal.com/gui/file/ecd73a6d010ccea884e92491eb555dd244b9b3f8753febcabcdd40d006618a3b/detection

177.126.146.68:1000

# Reference: https://twitter.com/ScumBots/status/1243608169592619011

192.169.69.25:5540

# Reference: https://www.virustotal.com/gui/file/5fe64553142d63b68617515cb153bc2dd2ed78847c29d1cb6415004db582d2d8/detection

141.255.144.49:333
ie83.ddns.net

# Reference: https://www.virustotal.com/gui/file/f2312c671bcf8024e02434aea312a057d44a4c39b0e4573e4e784a6ed981f888/detection

qwer3341.ddns.net

# Reference: https://www.virustotal.com/gui/file/97b25fb6b6b9c92ec259ff7e1e80c5cebdca22458e244c7185cddc9fc95e4530/detection

patopapao.hopto.org

# Reference: https://www.virustotal.com/gui/file/8ed36ddc1de819756d5bd110a6cc91fd0daba62cc4acefe3e27a427233befebe/detection

41.37.209.69:333

# Reference: https://www.virustotal.com/gui/file/5f9ddee77313e7549302a2bdef5b1fbf410badea33632b1830a694788299a0d6/detection

156.223.142.94:333

# Reference: https://www.virustotal.com/gui/file/5029a46dede9fbfc9725d5cb44d6505aa6fb2545ce852153131a71300a46adc1/detection

156.223.150.197:333

# Reference: https://www.virustotal.com/gui/file/f37dd4cf0e5cf5d5a967aa62c54e84610e93d8bdeae5a1cbfb8892bb000a8ab7/detection

156.223.227.74:333

# Reference: https://www.virustotal.com/gui/file/8d58467162a034fdab25c3d1a5b5ea9e879f6baf973300d248777f7d926c3718/detection

41.43.194.123:333

# Reference: https://www.virustotal.com/gui/file/482c3f44b3bb5e3851cf57526bd771a1d446110c155148f14e6de6b3f324a00e/detection

41.238.252.15:333

# Reference: https://www.virustotal.com/gui/file/cf5ac7af995125673232aa83ebe7834492c0e725299d11877889338f9b2244f5/detection

41.238.255.168:333

# Reference: https://www.virustotal.com/gui/file/0265df0f4f86a432ea3d7016c53ed7746278f50abfc3bfee52b03f965b2d5393/detection

81.61.77.92:8000

# Reference: https://www.virustotal.com/gui/file/70df5841dee4dd63adcd6a2ef47b943577bfcf5e02c8bda887c225846e8320bd/detection

sihost.duckdns.org

# Reference: https://www.virustotal.com/gui/file/25ecfdf7be4b09036ee2bf058ee9667d4f098aab012cca5ae7af6f2690f9dd96/detection

81.61.77.92:1000

# Reference: https://www.virustotal.com/gui/file/c963ed1aed3b00d7d07510746db53bec2cf7581024976607bbaa01e9baced4e7/detection

81.61.77.92:1111

# Reference: https://www.virustotal.com/gui/file/972494fe12432d3c2c5caebd7a206222fa5422543db36b6eafaa469b88bdefcb/detection

appdwindows.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8c8d1561bf8a39d4e141d0af274fa8f98a331cb2bc2b726b8f643e16af82bb34/detection

141.255.159.124:82
41.109.208.25:82

# Reference: https://www.virustotal.com/gui/file/40bcbd7c430a2397d240c6a50f17e0306244ead03f36c7a557281106aeaeed2e/detection

41.109.184.203:82

# Reference: https://www.virustotal.com/gui/file/a7ec340204a447bbd3ae94ccf5924b4dc78c9195f61893ea62d0f3b7421d718d/detection

41.104.122.164:82
41.105.197.112:82
41.105.223.87:82
41.108.195.11:82
41.109.153.187:82
41.109.242.126:82
91.109.178.2:82
91.109.182.10:82
91.109.182.2:82
91.109.190.7:82
91.109.190.9:82

# Reference: https://www.virustotal.com/gui/file/00169bbfd209b3e2f36f39241beffe2ab1cbf3af157e6b0137e1cb7fee2e5e78/detection

141.255.157.195:3333

# Reference: https://www.virustotal.com/gui/file/ee47c9c73df3882da35d5f522a4f69fde300906504d496dcd39090a3118bf96c/detection

141.255.157.116:2222
141.255.157.116:3333
mohsosta1177.ddns.net
mohsosta77.ddns.net

# Reference: https://www.virustotal.com/gui/file/927f9e0a1a56671f8ca37a32a43ef9c16da0304954e06ca4f505fbf5106e7407/detection

141.255.159.137:3333

# Reference: https://www.virustotal.com/gui/file/a1922406f9eec1563fbb3f321c97aa7e2415ec3fe375a8d0ffc883812f56bf8c/detection

141.255.158.111:3333

# Reference: https://www.virustotal.com/gui/file/6c2ffc000f20a2d7e513805d594259549209e51343c3e78883367a82e4b5805d/detection

105.235.130.50:3333
141.255.159.45:3333
141.255.145.71:3333
141.255.146.159:3333

# Reference: https://www.virustotal.com/gui/file/26d10dfc83e3cc5ec9f58752e437388ecdf3bdb2f1ea1c58ab84082b950b38b6/detection

141.255.153.185:3333

# Reference: https://www.virustotal.com/gui/file/5bc1e8adc555d96cfa7c6c3581e5325641afaa9aed69b95674a8cb75ed0e52b4/detection

141.255.154.26:3333
141.255.155.129:3333

# Reference: https://www.virustotal.com/gui/file/01f9af6137da80ad3941c230b19df8ff6b9ebb123e0657007c7b362604382511/detection

105.235.130.14:3333

# Reference: https://www.virustotal.com/gui/file/819ad7f67583b21e9aa25c5a4e3157808d0b5a9805409da9e3ba59f49e8b4614/detection

141.255.158.194:3333

# Reference: https://www.virustotal.com/gui/file/7eaeb3390283985406e6335798db83d27938a29cccf7c2f56e9721383ddfd9e7/detection

105.235.130.43:3333

# Reference: https://www.virustotal.com/gui/file/d4c37fb2f809b31c35715b67edc2495f37e8b81ce2f9bb345493b95daeef4292/detection

129.45.80.100:23639
41.102.139.95:23639
41.103.0.224:23639
41.103.20.174:23639
41.103.24.77:23639
41.103.28.254:23639
41.103.3.81:23639
avastui.duckdns.org
presentationfont.myq-see.com

# Reference: https://www.virustotal.com/gui/file/8f776ef60b6298ca08dbd49d8f82ac5a51bc5c817bd663d6a25404c29730938c/detection

141.255.145.14:4000
h4es.ddns.net

# Reference: https://www.virustotal.com/gui/file/f4ddbfe392971c8144ec0427a491cb22a35afd2062431dc7e7d4b9e2e8080eec/detection

177.126.146.27:1000
3030pp.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1245720802785402881

193.161.193.99:56636
hardpr0x0r-56636.portmap.host

# Reference: https://www.virustotal.com/gui/file/66596e33e83df59713d3b6c1641c236c0364198e4087cd56dcdbc9b4ccbca7b7/detection

174.36.228.136:82
31.13.86.8:82
74.86.142.55:82
xbox.servebeer.com

# Reference: https://www.virustotal.com/gui/file/4d31cc07db3d4000d766b8bf0e8723c42e02ff542347dbb7859dc53b8d117232/detection
# Reference: https://www.virustotal.com/gui/file/d08d3373636c1ffb62a34b543897e12e4a53305f1037883d3983a48bf5c1f881/detection

204.95.99.26:82
mohor.no-ip.org

# Reference: https://www.virustotal.com/gui/file/4e816f5b3a474347b656b315ac13095bd85767c4f51948919907d7510e3488be/detection

204.95.99.26:888
abodxo.no-ip.org

# Reference: https://twitter.com/0xCARNAGE/status/1246422142427770881
# Reference: https://app.any.run/tasks/a25d886d-bec7-43d4-9015-302f051844de/

aba23564.ngrok.io

# Reference: https://twitter.com/malwrhunterteam/status/1232669447304949762

1ec6b9e8.ngrok.io
91.193.75.155:8989

# Reference: https://twitter.com/gibbersen/status/1242503044996177922

79.134.225.13:8989

# Reference: https://twitter.com/malwrhunterteam/status/1251147017885106177

4ed6a6b1.ngrok.io
185.140.53.25:8989

# Reference: https://twitter.com/ScumBots/status/1251949263795306498

35.232.32.138:5555

# Reference: https://www.virustotal.com/gui/file/173ea015d6ca3e1555b613ae11740833e98e4be67803aa859fc0d764f84b7879/detection

78.159.131.80:82
chemdog.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/7b30c00b02a8d4156370a62664cf453c498ff3cda76b05279fc2852431df6447/detection

dznapster.no-ip.biz

# Reference: https://twitter.com/ScumBots/status/1257428968543866885

93.22.123.135:7000

# Reference: https://twitter.com/ScumBots/status/1257435643661205510

140.82.39.124:1738

# Reference: https://www.virustotal.com/gui/file/10fba0bc9ee902c4623fa8ecea09cf4ecb6c857a164267ad0208a24722897b4d/detection

41.220.146.159:7000

# Reference: https://www.virustotal.com/gui/file/29235055d6844ecfdf074753cb7d4972f42687a708bb9fa65615548c48eed7b6/detection

185.140.53.245:54567

# Reference: https://twitter.com/ScumBots/status/1258140060593119233

188.27.36.44:1028

# Reference: https://www.virustotal.com/gui/file/6c215da4a31c447e85daf3bf72fb8e9f56cb6580c37c3b4eaa8e155c792ea1a3/detection

105.103.157.3:5
tahoo.publicvm.com

# Reference: https://www.virustotal.com/gui/file/1aff134a5206b83064ae4273f1651dcdd231511404716fd416a91f3bf106a8cc/detection

223.206.151.33:22022

# Reference: https://www.virustotal.com/gui/file/0f0d2051d7ddce881d1f85ec1b5f7d8d251aa60b1df35d154d142604cf803115/detection

223.206.146.15:22022

# Reference: https://www.virustotal.com/gui/domain/mammoth01.ddns.net/relations

103.212.180.234:22022
147.50.241.204:22022
182.232.217.172:22022
182.232.217.182:22022
182.232.217.194:22022
182.232.225.43:22022
182.232.228.46:22022
182.232.46.30:22022
223.205.80.236:22022
223.205.82.15:22022
223.205.82.192:22022
223.205.82.213:22022
223.205.83.13:22022
223.205.86.102:22022
223.205.86.13:22022
223.205.86.146:22022
223.205.87.7:22022
223.206.144.116:22022
223.206.144.152:22022
223.206.144.41:22022
223.206.144.9:22022
223.206.145.243:22022
223.206.145.82:22022
223.206.146.120:22022
223.206.147.149:22022
223.206.148.100:22022
223.206.148.194:22022
223.206.149.109:22022
223.206.151.150:22022
223.206.151.156:22022
223.206.64.227:22022
223.206.65.2:22022
223.206.65.33:22022
223.206.66.199:22022
223.206.67.132:22022
223.206.67.230:22022
223.206.67.245:22022
223.206.68.104:22022
223.206.70.166:22022
223.206.70.198:22022
223.206.71.133:22022
223.206.71.28:22022
43.229.151.248:22022
77.78.103.20:22022
94.229.67.133:22022

# Reference: https://www.virustotal.com/gui/file/14f26dc1b6880ba1868b6417190f26609b3f19026b08f451e5fc96cd57f780bc/detection

185.140.53.74:9888

# Reference: https://twitter.com/ScumBots/status/1262424538291286017

170.78.228.248:4000
seila2332.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d856a87fd6b265d914623a7673978b7c66b48308ae797789a4839fb336707801/detection

141.255.144.172:5562
softmy.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1264002438048210944

217.164.84.62:333
bo6y3.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a23f92d952d1b3b4b2284f8a5c129e91f0e050ec2812f08335767e768b8ac66f/detection

196.74.40.168:333

# Reference: https://www.virustotal.com/gui/file/fd3c28cbfa67042043dbe7b361d7194e7ea00e2cc1ea4a6b06c4d435b4f4daba/detection

160.177.186.186:332
160.177.186.186:333

# Reference: https://www.virustotal.com/gui/file/8d6bfff3b382f329ca2201fb0c9cae12bca699e756d1ceee86f63d7229c63fc8/detection

41.141.2.101:332
41.141.2.101:333

# Reference: https://www.virustotal.com/gui/file/46d816aebc52fe493f87a1ccc0b65aed65de285cecc61322753b11ebbcbd445c/detection

141.255.154.218:333
smsyrian.ddnsking.com

# Reference: https://twitter.com/ScumBots/status/1266486304935743489

91.193.75.22:8888

# Reference: https://www.virustotal.com/gui/file/18bafb888824e81481e02f014065ea56c5d150d23b36b7d73a6f7722a9eb56fe/detection

147.253.34.221:1712
clee.no-ip.ca

# Reference: https://www.virustotal.com/gui/file/b319eab6c7f57842888ed81de438b7cddedefd3e397dec67eddccc9d16ea9aa6/detection

43.229.132.76:2222
mysqli.serveminecraft.net

# Reference: https://twitter.com/ScumBots/status/1267890554874052610

193.42.96.111:3280

# Reference: https://twitter.com/ScumBots/status/1268453010990084098

216.170.126.139:3352

# Reference: https://twitter.com/ScumBots/status/1268875857524928513

50.127.14.70:2041
realgrey.ddns.net

# Reference: https://twitter.com/ScumBots/status/1269124936565690368

216.170.126.139:3352

# Reference: https://twitter.com/ScumBots/status/1269185336598573056

41.239.162.107:1122

# Reference: https://www.virustotal.com/gui/file/63e623ac859c854be9396c32344a11ce7f7d3900fe994bb9ccb7432cd1825c17/detection

31.20.134.61:1604
revengerat17.ddns.net

# Reference: https://twitter.com/ScumBots/status/1270465208646012929

43.229.132.76:556

# Reference: https://www.virustotal.com/gui/file/4c859e1bb13836a02369f85b6782056b37386cf18dcb07147e28958ac7754b7c/detection

154.202.2.151:5556

# Reference: https://twitter.com/ScumBots/status/1271873047310610441

35.208.191.165:8081

# Reference: https://twitter.com/ScumBots/status/1272227885970001920

92.201.46.3:1119

# Reference: https://www.virustotal.com/gui/file/94205e5698a4dfdd3c4ed8a734b8c22fd717a30f760347be37ba3aeed9543afc/detection

0xdll.ddns.net

# Reference: https://www.virustotal.com/gui/file/0a64a9cc08d4d0d1993b4974b2900f1be193d5273a6a2605c2dc69b1fcb31b21/detection

77.191.149.139:2405
78.54.12.182:2405
iamintheghettoratatata.ddns.net
x4e360cb6.dyn.telefonica.de

# Reference: https://www.virustotal.com/gui/file/1f227730e450816300f82d5eb1486f38c71e72c80a4c3c1e20cc080a757cc9fa/detection

77.183.29.33:2405

# Reference: https://www.virustotal.com/gui/file/b0b2d398a1ca4758d1b821a856cbd3a336b3485ca07cbb7b9fa044233b23805e/detection

196.229.155.50:5005

# Reference: https://twitter.com/ScumBots/status/1276208761640751105

173.225.115.249:45600
rocketman2012.zapto.org

# Reference: https://twitter.com/ScumBots/status/1276208191383142403

78.109.234.53:18091

# Reference: https://twitter.com/ScumBots/status/1277093773915406336

193.161.193.99:25510
gamedevv-25510.portmap.host

# Reference: https://twitter.com/ScumBots/status/1277161643886215169
# Reference: https://www.virustotal.com/gui/file/b29e203169faf9bbb8ac122dccef487618fb86626dbb3da73f1eefb68c82ae3a/detection

91.106.40.119:333
karar.zapto.org
