Remcos RAT - Indicators of Compromise

Last updated: 2026-07-12

C2 Domains (170)

oyine.duckdns.org
trackpipe.dev
newremupdate.duckdns.org
lastore7kajp5.duckdns.org
lastore7kajp4.duckdns.org
lastore7kajp3.duckdns.org
lastore7kajp2.duckdns.org
lastore7kajp1.duckdns.org
gapo.rako9jabus1.com
newupdaterem.duckdns.org
myremnew.duckdns.org
newprocess28.duckdns.org
mynewraw.duckdns.org
estatuscuointeligencia.ydns.eu
technologistics.online
hyffygfukkjutfttyyertrdtrdftdtrdtdrtrttr.duckdns.org
bukosakisagreatmanwhohasnotrepliredtoeop.duckdns.org
yam.janou8kaburo1.com
jahour7lamo4.duckdns.org
jahour7lamo3.duckdns.org
jahour7lamo2.duckdns.org
jahour7lamo1.duckdns.org
somethingtapangelcominginourlifeforbless.duckdns.org
www.oluwasurreloggzbackup3.com
www.oluwasurreloggzbackup2.com
www.oluwasurreloggzbackup1.com
www.oluwasurreloggz.com
pb64.duckdns.org
192.210.229.56
bunnea.duckdns.org
fastroute661.duckdns.org
research.cloud-ip.cc
bioresearch.bumbleshrimp.com
research.abrdns.com
papito.hopto.org
rownip.dyndnss.net
itsyou.blacksheeplookingugly.com
www.greatnewcorpbackup3.com
www.greatnewcorpbackup2.com
www.greatnewcorpbackup1.com
www.greatnewcorp.com
www.newgracecorpbackup3.com
www.newgracecorpbackup2.com
www.newgracecorpbackup1.com
www.newgracecorp.com
soste15oct.duckdns.org
camzeroconnect.duckdns.org
ezege.duckdns.org
fiancepsi1bk.duckdns.org
fiancepsi1.duckdns.org
wealthybank.ddns.net
kere-32668.portmap.io
throt2.gleeze.com
throt.ddnsgeek.com
alibabaforwader10.ddns.net
mohmusremcos.duckdns.org
escoclar.duckdns.org
4thguy.ooguy.com
cdn.network-sync.online
eepaulz.ansmtpariba.com
kelvin654.duckdns.org
sendfiletiahforem.ducdns.org
service-kombk.ydns.eu
service-kom.ydns.eu
myremrem.duckdns.org
myremupdates.duckdns.org
winnersderwestrem.ddns.net
universalgsinc.duckdns.org
unigedgsinc.duckdns.org
booloo.hopto.org
tallymostfavor.duckdns.org
vuloinsioscollid.duckdns.org
princeremi25fr.accesscam.org
myfresapril2025remi.accesscam.org
letkepwinbudgt.accesscam.org
hhufhtwest2887.ddns.net
freewetremdsgft54.ddns.net
forbacjskdfred.accesscam.org
aprilfreshremsshot.ddns.net
lewisham1122.ddnsking.com
blessgod1903-60577.portmap.host
paialspailas22.duckdns.org
paialspailas.duckdns.org
stinosa.duckdns.org
chrisbekner001.duckdns.org
remcos2025rem.duckdns.org
remcosmonitor.duckdns.org
gymacademie.ddns.net
dcratyprograma.duckdns.org
swre.remwavesw.com
run.rollerswpush.eu
rem.pushswroller.eu
embargogo2377.duckdns.org
hiddenhost.duckdns.org
chhidden.duckdns.org
sost1213.duckdns.org
rxsas.duckdns.org
newauthurdomain.duckdns.org
shlobo.duckdns.org
wemberdag.duckdns.org
jansuri.kozow.com
rcmpx.duckdns.org
luuumabk.duckdns.org
luuuma.duckdns.org
bluntdavid38.kozow.com
davidchong01.camdvr.org
liveos.zapto.org
limpios.con-ip.com
shilajat.duckdns.org
1.tcp.us-cal-1.ngrok.io
www.genaralclassprojectbackup3.com
www.genaralclassprojectbackup2.com
www.genaralclassprojectbackup1.com
www.genaralclassproject.com
backup2026.ddnsgeek.com
olowo.gleeze.com
rzchi.duckdns.org
e70839572bk.duckdns.org
e70839572.duckdns.org
yuosryb6o.duckdns.org
yuosryb6o.ddns.net
wwww.pqpicc.com
catoma11.accesscam.org
longislandpremium.4nmn.com
oswork.duckdns.org
teebro1800.dynamic-dns.net
rmcnewlistening.duckdns.org
thacoseafoods.com
servemail.exprotedsteel.pro
thermsyit.duckdns.org
perezchanges2464.duckdns.org
carolinawri039884.duckdns.org
believegodislove.top
believegodisforalllove.top
newremc.duckdns.org
premwork.duckdns.org
goodab.duckdns.org
cavps7.duckdns.org
dremom2.duckdns.org
sendfiletiahforem.duckdns.org
darkholocron.viewdns.net
saturnexplorer.4nmn.com
jgm.kozow.com
jimbb.ydns.eu
wealthabundance.duckdns.org
akwaeze234.duckdns.org
panda9001.ddns.net
host.wemnbbsweoipmngbyutrdcunbgrtjeroendns.pro
antifraud.duckdns.org
cokka.duckdns.org
gu-grant-gzbk.ydns.eu
gu-grant-gz.ydns.eu
theworldofgodispowerinc.duckdns.org
newbeggin.duckdns.org
gregolia.duckdns.org
janbours92harbu04.duckdns.org
janbours92harbu007.duckdns.org
remchukwugixiemu4.duckdns.org
remchukwugix231fgh.duckdns.org
remccccs.fartit.com
benito3343.duckdns.org
alex22aro.hopto.org
fastroute633.duckdns.org
sub.noforabusers2.xyz
buike0147.duckdns.org
remcoctubre2024.duckdns.org
cooempresasltda104.duckdns.org
FXassistant.4nmn.com
newlinkforconnect.duckdns.org
mever.duckdns.org

C2 IP Addresses (200)

45.74.7.201
216.9.225.38
144.91.76.114
45.74.7.199
45.74.7.191
216.133.157.16
155.103.71.115
103.83.86.48
94.199.45.148
85.206.168.238
45.74.7.195
20.204.61.204
155.103.69.30
13.73.107.136
13.70.174.70
91.92.242.180
88.151.72.143
84.247.142.79
62.60.226.157
45.74.7.196
45.74.7.194
31.57.216.62
186.169.89.64
103.11.41.19
89.106.83.84
45.74.7.193
45.74.7.192
104.168.7.195
103.11.41.20
103.11.41.10
89.106.83.75
185.115.164.60
185.115.164.59
89.106.83.80
89.106.83.74
198.135.54.39
135.181.182.96
128.90.112.249
89.106.83.79
69.166.206.151
209.54.103.155
138.226.236.193
2.27.62.201
88.216.73.83
138.226.237.250
138.226.236.101
104.168.0.147
102.220.160.94
46.151.182.138
211.159.223.14
144.172.107.251
113.31.102.219
45.155.69.97
185.122.171.65
185.122.171.124
77.110.109.120
66.163.114.54
27.102.118.100
185.122.171.157
5.8.19.158
5.8.19.157
45.74.7.172
173.249.41.192
107.172.238.14
5.8.19.155
45.74.7.168
27.102.137.139
45.74.7.173
141.98.10.150
103.83.87.87
5.206.224.226
45.74.7.170
45.74.7.169
45.74.7.165
173.231.188.244
104.37.173.203
107.173.9.99
217.60.195.194
147.124.223.75
5.101.84.82
45.74.7.166
45.74.7.164
45.74.7.163
45.74.7.155
192.227.219.81
45.74.7.160
45.74.7.161
45.74.7.159
45.74.7.156
2.26.17.59
64.89.160.127
2.27.5.72
5.101.86.23
46.161.0.48
192.236.217.70
5.101.86.67
194.116.236.239
8.217.141.231
217.60.195.176
2.27.5.42
2.27.5.37
107.172.238.13
78.108.57.24
78.108.56.64
185.158.249.112
91.124.19.150
87.76.179.22
87.76.179.153
45.91.138.95
31.76.87.105
209.54.102.152
172.245.195.233
96.44.167.215
5.101.82.60
192.3.136.254
182.23.2.163
31.77.189.2
31.76.87.242
2.26.74.90
138.199.59.5
31.76.32.159
2.26.75.121
2.26.75.102
2.27.5.220
144.31.236.223
31.76.87.112
5.230.69.118
144.31.236.224
209.99.189.198
94.103.1.223
31.76.87.218
31.76.32.181
2.27.5.179
2.26.75.218
193.187.91.216
191.107.87.183
69.164.245.165
31.76.32.230
31.76.32.201
31.76.32.161
198.23.177.222
107.172.44.141
101.99.92.220
64.89.162.178
64.89.162.10
31.76.32.160
193.163.203.183
144.31.236.19
46.151.182.181
2.27.62.228
159.69.59.93
130.94.95.135
31.76.87.188
2.27.5.236
2.27.5.120
2.26.75.249
192.3.96.82
104.251.181.62
2.27.5.234
2.26.75.243
107.172.135.27
2.26.75.248
2.26.75.241
155.103.70.100
80.253.249.67
138.9.118.222
2.26.75.239
192.177.111.89
155.103.70.198
2.58.56.50
84.32.41.227
172.111.169.79
196.251.107.114
155.103.71.146
31.56.209.79
192.30.243.28
155.103.71.135
2.26.75.242
5.101.82.8
190.2.150.52
124.198.132.98
5.101.83.143
5.101.82.98
45.154.98.254
178.16.54.208
155.103.71.232
138.9.41.208
23.81.118.124
2.26.75.240
190.255.82.151
46.29.234.94
2.59.162.106
138.9.254.121
193.29.13.23
140.235.17.40
85.17.244.120
213.209.159.91
5.101.81.163
144.172.94.91
84.21.189.225

Malicious URLs (114)

http://66.63.170.33/81/img_085818.png
https://lemon-kutt.lemon.cchan.tv/VXteWP
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/WUswB
https://cuth.me/YEqaFn
http://66.63.170.33/httpswww.digitaltrends.comcomputingai-browsers-are-here-and-you-need-to-learn-how-to-use-the-web-properly.php
http://66.63.170.33/httpsexpertinsights.comdata-security-and-privacytop-secure-file-sharing-storage-services-need.php
http://66.63.170.33/81/kingsibacktoruletheworld.hta
http://66.63.170.33/301/img_044239.png
http://66.63.170.33/301/weneedbetterplacewithbestfeature.hta
https://masuk.to/EUGfh3
https://dawn-bush-ddd1.yasminanthonyy.workers.dev/yHcDA
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/DoPkb
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/pijol
https://dawn-bush-ddd1.yasminanthonyy.workers.dev/EapFp
https://dawn-bush-ddd1.yasminanthonyy.workers.dev/gglDg
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/etiVI
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/NkgAa
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/KugEf
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/ULUcj
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/ekKrr
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/BVXMa
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/wIXPl
https://pub-ce54f1982e42425c94a1dd345decfbb9.r2.dev/slive.png
https://pub-14b7818eeed2473fb453a2385620ceb9.r2.dev/vplaqn.png
https://dawn-bush-ddd1.yasminanthonyy.workers.dev/jXILw
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/vzjBJ
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/vemRp
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/NcaeY
https://acmgrupo.com/new/optimized_MSI.png
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/VyVZu
https://small-morning-8be0.fsocietyandtools.workers.dev/QQIB-J3OB-PICL-3175/img_x231jh.png
https://small-morning-8be0.fsocietyandtools.workers.dev/6NS9-9ZTY-N247-UX3J/img_wp6sn7.png
https://as.al/file/UGJG0S
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/egYcW
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/yxybF
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/aNWAd
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/yxgQj
https://icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev/nYeQl
https://raw.githubusercontent.com/bhh545578-lab/asasasas/refs/heads/main/kalel123.png
http://small-morning-8be0.fsocietyandtools.workers.dev/QQIB-J3OB-PICL-3175/img_id20y0.png
https://filesco.lovestoblog.com/jungle.png
https://as.al/file/AzKztT
https://d7.tfdl.net/public/2026-06-03/f2760afb-0bc2-4ad4-9a54-c3a9079de4ff/7896789678JKLJMNIJNM.png
http://kpmmg.org/common/caches/optimized.png
http://d7.tfdl.net/public/2026-06-03/f2760afb-0bc2-4ad4-9a54-c3a9079de4ff/7896789678JKLJMNIJNM.png
http://66.63.170.33/90/img_045800.png
http://66.63.170.33/90/givenrestthignsaregoodformebest.hta
http://66.63.170.33/httpswww.gartner.comennewsroompress-releases2025-05-13-gartner-identifies-top-trends-shaping-the-future-of-cloud.php
https://raw.githubusercontent.com/solid-23/ghy/refs/heads/main/kkArdSd.txt
https://raw.githubusercontent.com/slaytonms/ab/refs/heads/main/AdkkSfA.txt
https://raw.githubusercontent.com/solid-23/kl/refs/heads/main/mkFpIik.txt
https://raw.githubusercontent.com/solid-23/job/refs/heads/main/fhhkmoo.txt
https://raw.githubusercontent.com/slaytonms/gt/refs/heads/main/djkpodd.txt
https://raw.githubusercontent.com/slaytonms/nb/refs/heads/main/SrdmaIk.txt
https://raw.githubusercontent.com/slaytonms/df/refs/heads/main/oicAjon.txt
https://raw.githubusercontent.com/slaytonms/hy/refs/heads/main/cAbdcfo.txt
https://raw.githubusercontent.com/slaytonms/hi/refs/heads/main/peokjfS.txt
https://bitbucket.org/ghkjkghlkgl/ghf/downloads/2.jpg
https://raw.githubusercontent.com/solid-23/bv/refs/heads/main/SijgpcA.txt
https://toptionlab.co.za/tr.vbs
https://paste.sensio.no/BirdsKnocked
https://raw.githubusercontent.com/solid-23/ki/refs/heads/main/boagniF.txt
http://mivventi.com/adminreport/service.txt
https://yaso.su/raw/uy3rCXFK
http://80.253.251.8:5225/REFORESTGAL.VILAR-SL_NIEcopiaAusweis.pdf.lnk
http://80.253.251.8:5225/Ausweis.js
http://192.3.176.237/100/img_043611.png
https://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhv6ErsuPf2QHpJ59uZgXt1RD0dnyqcMGKeYi4
https://lpi0ngge6c.ufs.sh/f/6iUgXKGAnNfhfkzVpT8zhFpeCvZscS8IaxlWKQyYEH0qrJ7G
https://epaste.app/p/MYgb7ihl/raw
https://raw.githubusercontent.com/respalditorespaldito/repalditopro/refs/heads/main/CRYP.txt
https://yaso.su/raw/utlwCJNi
https://pastefy.app/WSBxlMpn/raw
https://186.169.75.221/a.exe
https://bashupload.com/Daerjg.exe
https://dn721508.ca.archive.org/0/items/optimized_msi_20251017_0233/optimized_MSI.png
http://186.169.76.187/31agosto.vbs
http://186.169.76.187/sostener.vbs
http://186.169.76.187/andre.vbs
http://186.169.76.187/dllchichi.txt
http://186.169.76.187/pchichi.txt
http://respaldo2.duckdns.org/scvhost.vbs
http://runds.duckdns.org/proceso.vbs
http://respaldo2.duckdns.org/proceso.vbs
http://runds.duckdns.org/scvhost.vbs
http://exclusionremcoss.duckdns.org/sostener.vbs
http://exclusionremcoss.duckdns.org/sostener1.vbs
http://exclusionremcoss.duckdns.org/proceso.vbs
http://exclusionremcoss.duckdns.org/scvhost.vbs
http://arcangelgabriel2828.duckdns.org/sostener.vbs
http://arcangelgabriel2830.duckdns.org/sosten.vbs
http://arcangelgabriel2830.duckdns.org/sostener.vbs
http://remcolinomayo24.duckdns.org/sostener.vbs
http://avefenix21deabril.duckdns.org/proceso.vbs
http://remcolino.duckdns.org/proceso.vbs
http://remcolinomayo24.duckdns.org/sosten.vbs
http://rc2404.duckdns.org/sosten.vbs
http://avefenix21deabril.duckdns.org/sostener.vbs
http://cookies641570.duckdns.org/sosten.vbs
http://remcolino.duckdns.org/sostener.vbs
http://remcos7770.duckdns.org/proceso.vbs
http://rc2404.duckdns.org/sostener.vbs
http://cookies32560.duckdns.org/sostener.vbs
http://cookies32560.duckdns.org/sosten.vbs
http://remcolinomayo24.duckdns.org/proceso.vbs
http://arcangelgabriel2828.duckdns.org/proceso.vbs
http://arcangelgabriel2828.duckdns.org/sosten.vbs
http://remcos7770.duckdns.org/sosten.vbs
http://remcolino.duckdns.org/sosten.vbs
http://cookies641570.duckdns.org/sostener.vbs
http://cookies32560.duckdns.org/proceso.vbs
http://rc2404.duckdns.org/proceso.vbs
http://asincnew5555.duckdns.org/sosten.vbs
http://remcos7770.duckdns.org/sostener.vbs

Data Sources

MalwareBazaar (abuse.ch) ThreatFox (abuse.ch) URLhaus (abuse.ch)