ThreatFox IOCs for 2021-10-10
Severity: mediumType: malware
ThreatFox IOCs for 2021-10-10
AI Analysis
Technical Summary
The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on October 10, 2021, by ThreatFox, a platform dedicated to sharing threat intelligence data. The threat is categorized as malware-related, specifically under the 'osint' product type, indicating that it is primarily related to open-source intelligence gathering rather than a specific malware family or exploit. The absence of affected versions and patch links suggests that this is not tied to a particular software vulnerability but rather a set of threat intelligence indicators that can be used to detect or analyze malicious activity. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or relevance. No known exploits in the wild are reported, and there are no associated CWEs or specific attack vectors detailed. The lack of indicators in the provided data limits the ability to pinpoint exact tactics, techniques, or procedures (TTPs) used by adversaries. Overall, this entry appears to be a medium-severity intelligence update aimed at enhancing situational awareness rather than describing an active or exploitable vulnerability.
Potential Impact
Given that this threat intelligence entry consists of IOCs without direct exploit information or active malware campaigns, the immediate impact on European organizations is limited. However, the availability of these IOCs can aid defenders in identifying and mitigating potential threats before they materialize into active compromises. The medium severity rating suggests that while the threat is not currently causing widespread damage, it could be indicative of emerging malicious activity or reconnaissance efforts targeting organizations. European entities that rely heavily on OSINT for threat detection or that are part of sectors frequently targeted by cyber espionage or cybercrime (such as finance, critical infrastructure, or government) may find this intelligence useful for enhancing their detection capabilities. The absence of known exploits reduces the urgency but does not eliminate the need for vigilance, as threat actors may leverage these IOCs in future campaigns.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise or reconnaissance activity within the network. 3. Maintain up-to-date endpoint detection and response (EDR) solutions capable of correlating IOC data with behavioral analytics to detect stealthy malware or intrusion attempts. 4. Share and correlate this intelligence with sector-specific Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5. Train security analysts to recognize patterns associated with the types of malware or threat actors linked to these IOCs, even if direct exploit details are not available. 6. Continuously monitor ThreatFox and similar OSINT platforms for updates or expansions of these IOCs to stay ahead of evolving threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 46.101.172.62
- hash: 666
- file: 107.174.46.89
- hash: 717
- file: 51.159.54.29
- hash: 666
- file: 107.172.141.135
- hash: 1194
- file: 50.115.174.119
- hash: 606
- file: 107.172.248.140
- hash: 666
- file: 46.101.158.148
- hash: 443
- file: 64.225.98.197
- hash: 443
- file: 134.209.240.181
- hash: 443
- file: 161.35.195.78
- hash: 443
- file: 164.90.174.188
- hash: 443
- file: 164.90.237.7
- hash: 443
- file: 165.22.83.25
- hash: 443
- file: 167.172.101.84
- hash: 443
- file: 167.172.160.45
- hash: 443
- file: 128.199.29.170
- hash: 606
- file: 157.245.241.51
- hash: 1312
- file: 45.14.226.120
- hash: 9400
- file: 209.141.51.34
- hash: 576
- file: 155.138.252.212
- hash: 42516
- url: http://185.150.117.169/admin.css
- file: 185.150.117.169
- hash: 80
- url: https://forticlientupdater.com/admin.css
- file: 185.150.117.169
- hash: 443
- url: http://42.51.33.115:8081/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 42.51.33.115
- hash: 8081
- url: https://36.112.31.160:8443/ie9compatviewlist.xml
- file: 36.112.31.160
- hash: 8443
- url: https://shysecuritybusiness.com:8080/jquery-3.3.1.min.js
- url: https://213.227.155.75:8080/jquery-3.3.1.min.js
- file: 213.227.155.75
- hash: 8080
- url: https://opposecurityaudit.com:8080/jquery-3.3.1.min.js
- url: https://213.227.155.48:8080/jquery-3.3.1.min.js
- file: 213.227.155.48
- hash: 8080
- url: https://service-4f1dmvy9-1252742900.sh.apigw.tencentcs.com/api/getit
- file: 1.117.245.254
- hash: 443
- url: http://82.157.96.204:11/cm
- file: 82.157.96.204
- hash: 11
- url: https://securityhumanresources.com:8080/jquery-3.3.1.min.js
- url: https://45.147.230.247:8080/jquery-3.3.1.min.js
- file: 45.147.230.247
- hash: 8080
- url: https://bagauditsecurity.com:8080/jquery-3.3.1.min.js
- url: https://213.227.155.241:8080/jquery-3.3.1.min.js
- file: 213.227.155.241
- hash: 8080
- url: https://1.116.141.23/microsoftupdate/shellex/kb242782/default.aspx
- file: 1.116.141.23
- hash: 443
- url: https://desertfu.com/access/
- file: 162.244.80.15
- hash: 443
- url: http://161.97.138.56:88/push
- file: 161.97.138.56
- hash: 88
- url: http://bloomcad.com/access/
- file: 162.33.178.10
- hash: 80
- url: https://82.156.186.133/__utm.gif
- file: 82.156.186.133
- hash: 443
- url: https://naratygam.com/jquery-3.3.1.min.js
- file: 80.92.205.165
- hash: 443
- url: http://neymenaf.com/jquery-3.3.1.min.js
- file: 23.160.193.134
- hash: 80
- url: http://173.234.155.186/lu
- file: 173.234.155.186
- hash: 80
- url: https://virtualauditsecurityservices.com:8080/jquery-3.3.1.min.js
- url: https://23.82.141.150:8080/jquery-3.3.1.min.js
- file: 23.82.141.150
- hash: 8080
- url: http://1.15.32.77:8888/g.pixel
- file: 1.15.32.77
- hash: 8888
- url: http://121.40.30.88:83/ie9compatviewlist.xml
- file: 121.40.30.88
- hash: 83
- url: https://hurtsecurityfinance.com:8080/jquery-3.3.1.min.js
- url: https://45.153.240.167:8080/jquery-3.3.1.min.js
- file: 45.153.240.167
- hash: 8080
- url: http://1.116.207.171:84/en_us/all.js
- file: 1.116.207.171
- hash: 84
- file: 49.235.93.124
- hash: 38080
- url: https://service-1srzoq4i-1307759375.gz.apigw.tencentcs.com/api/x
- file: 104.225.237.37
- hash: 443
- url: http://116.62.179.70/updates.rss
- url: https://digisecuritysolutions.com:8080/jquery-3.3.1.min.js
- url: https://23.82.141.151:8080/jquery-3.3.1.min.js
- file: 23.82.141.151
- hash: 8080
- url: http://47.104.207.11:8080/api/3
- file: 47.104.207.11
- hash: 8080
- url: http://120.79.157.3/ptj
- file: 120.79.157.3
- hash: 80
- url: http://175.24.60.104/pixel
- file: 175.24.60.104
- hash: 80
- file: 149.202.251.226
- hash: 384
- file: 146.196.67.61
- hash: 45526
- hash: 4932b7fa81a500c5050ccf3a945077e3
- hash: 032694cfee1c05e1b2aa8fcf842a3539
- hash: 06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed
- file: 192.248.153.100
- hash: 9375
- file: 137.184.131.240
- hash: 1312
- file: 51.222.21.120
- hash: 42514
- hash: 6f7302e24899d1c05dcabbc8ec3e84d4
- file: 209.141.53.247
- hash: 55650
- url: http://d14hpc69sn0990.cloudfront.net:443/safebrowsing/xqim/shtv7hoevgv9ompxdmab6ul-rlgmo5rv0-czy0z
- url: http://101.35.79.199:8089/activity
- file: 101.35.79.199
- hash: 8089
- url: https://www.ynetcoil.xyz:2053/g.pixel
- file: 116.206.94.164
- hash: 2053
- url: http://119.91.107.57:88/wp06/wp-includes/po.php
- file: 119.91.107.57
- hash: 88
- url: http://139.196.20.79/api/getid
- file: 139.196.20.79
- hash: 80
- url: http://149.28.152.137/visit.js
- file: 149.28.152.137
- hash: 80
- url: http://209.182.236.217:808/wp-content/themes/calliope/wp_data.php
- file: 209.182.236.217
- hash: 808
- url: http://103.214.18.230/en_us/all.js
- file: 103.214.18.230
- hash: 80
- url: http://43.128.19.172:81/ie9compatviewlist.xml
- file: 43.128.19.172
- hash: 81
- url: https://104.225.237.37:8888/jquery-3.3.1.min.js
- file: 104.225.237.37
- hash: 8888
- url: http://47.96.95.155:8001/pixel.gif
- file: 47.96.95.155
- hash: 8001
- url: http://39.106.45.206:9090/j.ad
- file: 39.106.45.206
- hash: 9090
- url: https://gastaro.com/jquery-3.3.1.min.js
- file: 162.33.179.40
- hash: 443
- url: https://www.ynetcoil.xyz:2053/ptj
- file: 116.204.211.101
- hash: 2053
- url: https://82.157.115.95:85/g.pixel
- file: 82.157.115.95
- hash: 85
- url: http://124.70.46.123:8123/match
- file: 124.70.46.123
- hash: 8123
- url: http://45.129.99.151:445/ca
- file: 45.129.99.151
- hash: 445
- url: http://39.107.41.90:4433/fwlink
- file: 39.107.41.90
- hash: 4433
- url: http://45.76.184.181:45677/push
- file: 45.76.184.181
- hash: 45677
- url: https://47.119.138.1:8121/ptj
- file: 47.119.138.1
- hash: 8121
- url: http://47.243.163.164:22222/ie9compatviewlist.xml
- file: 47.243.163.164
- hash: 22222
- url: http://46.161.40.85:28015/ptj
- file: 46.161.40.85
- hash: 28015
- url: http://121.199.51.9/pixel.gif
- file: 121.199.51.9
- hash: 80
- url: http://new.f1ashupdate.xyz:2052/en_us/all.js
- file: 194.156.98.129
- hash: 2052
- url: http://service-56wp912n-1307492913.sh.apigw.tencentcs.com/api/getit
- file: 8.135.67.207
- hash: 80
- url: https://ki9.xyz:5555/match
- file: 39.108.129.85
- hash: 5555
- url: http://119.3.59.17:9999/load
- file: 119.3.59.17
- hash: 9999
- url: http://168.100.8.117/j.ad
- file: 168.100.8.117
- hash: 80
- url: https://45.77.174.139:6443/dot.gif
- file: 45.77.174.139
- hash: 6443
- url: https://154.204.25.175:8088/access/
- file: 154.204.25.175
- hash: 8088
- url: http://185.216.119.91:8080/match
- file: 185.216.119.91
- hash: 8080
- file: 147.182.207.68
- hash: 23552
- url: http://www.steepygrieta.quest/oqaa/
- url: https://188.165.185.104/ee
- url: https://47.93.9.242:8082/__utm.gif
- file: 47.93.9.242
- hash: 8082
- url: http://47.99.163.64:53/push
- file: 47.99.163.64
- hash: 53
- url: http://47.93.27.121:8081/live-txy/check
- file: 47.93.27.121
- hash: 8081
- url: http://188.165.185.104/ee
- file: 172.245.36.129
- hash: 9931
- file: 137.184.96.192
- hash: 9506
- domain: chongmei33.publicvm.com
- domain: chonglee575.duckdns.org
- file: 141.101.134.18
- hash: 2703
- file: 141.101.134.18
- hash: 49746
- file: 141.101.134.51
- hash: 49746
- file: 136.144.41.46
- hash: 53
- file: 137.184.152.251
- hash: 9931
- url: http://cs.baibu.cf:8080/match
- file: 47.108.160.251
- hash: 8080
- url: http://59.63.210.27:2052/__utm.gif
- file: 59.63.210.27
- hash: 2052
- url: https://121.4.64.254:44301/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 121.4.64.254
- hash: 44301
- url: http://121.199.41.206/__utm.gif
- file: 121.199.41.206
- hash: 80
- url: http://47.102.118.245:8080/push
- file: 47.102.118.245
- hash: 8080
- url: https://114.118.5.101/owa/vaaruccwwmd4hbsdp0f3oetfsjb
- file: 114.118.5.101
- hash: 443
- url: http://139.196.81.139:10000/ga.js
- file: 139.196.81.139
- hash: 10000
- url: http://1.116.246.188:6565/pixel
- file: 1.116.246.188
- hash: 6565
- url: https://121.199.53.120:8081/ga.js
- file: 121.199.53.120
- hash: 8081
- file: 114.216.201.12
- hash: 6666
- url: http://8.129.212.57:4567/load
- file: 8.129.212.57
- hash: 4567
- url: https://82.157.115.95:8899/en_us/all.js
- file: 82.157.115.95
- hash: 8899
- url: http://120.55.38.252:5555/cx
- file: 120.55.38.252
- hash: 5555
- url: http://47.101.220.137:500/ga.js
- file: 47.101.220.137
- hash: 500
- url: http://47.108.160.251/g.pixel
- file: 47.108.160.251
- hash: 80
ThreatFox IOCs for 2021-10-10
Medium
Published: Sun Oct 10 2021 (10/10/2021, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2021-10-10
AI-Powered Analysis
AILast updated: 06/18/2025, 19:19:35 UTC
Technical Analysis
The provided threat information pertains to a collection of Indicators of Compromise (IOCs) published on October 10, 2021, by ThreatFox, a platform dedicated to sharing threat intelligence data. The threat is categorized as malware-related, specifically under the 'osint' product type, indicating that it is primarily related to open-source intelligence gathering rather than a specific malware family or exploit. The absence of affected versions and patch links suggests that this is not tied to a particular software vulnerability but rather a set of threat intelligence indicators that can be used to detect or analyze malicious activity. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate dissemination or relevance. No known exploits in the wild are reported, and there are no associated CWEs or specific attack vectors detailed. The lack of indicators in the provided data limits the ability to pinpoint exact tactics, techniques, or procedures (TTPs) used by adversaries. Overall, this entry appears to be a medium-severity intelligence update aimed at enhancing situational awareness rather than describing an active or exploitable vulnerability.
Potential Impact
Given that this threat intelligence entry consists of IOCs without direct exploit information or active malware campaigns, the immediate impact on European organizations is limited. However, the availability of these IOCs can aid defenders in identifying and mitigating potential threats before they materialize into active compromises. The medium severity rating suggests that while the threat is not currently causing widespread damage, it could be indicative of emerging malicious activity or reconnaissance efforts targeting organizations. European entities that rely heavily on OSINT for threat detection or that are part of sectors frequently targeted by cyber espionage or cybercrime (such as finance, critical infrastructure, or government) may find this intelligence useful for enhancing their detection capabilities. The absence of known exploits reduces the urgency but does not eliminate the need for vigilance, as threat actors may leverage these IOCs in future campaigns.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise or reconnaissance activity within the network. 3. Maintain up-to-date endpoint detection and response (EDR) solutions capable of correlating IOC data with behavioral analytics to detect stealthy malware or intrusion attempts. 4. Share and correlate this intelligence with sector-specific Information Sharing and Analysis Centers (ISACs) to improve collective defense. 5. Train security analysts to recognize patterns associated with the types of malware or threat actors linked to these IOCs, even if direct exploit details are not available. 6. Continuously monitor ThreatFox and similar OSINT platforms for updates or expansions of these IOCs to stay ahead of evolving threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 01e3b724-c47e-44bb-b140-c46beb621627
- Original Timestamp
- 1633910581
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file46.101.172.62 | Bashlite botnet C2 server (confidence level: 50%) | |
file107.174.46.89 | Bashlite botnet C2 server (confidence level: 75%) | |
file51.159.54.29 | Bashlite botnet C2 server (confidence level: 75%) | |
file107.172.141.135 | Bashlite botnet C2 server (confidence level: 75%) | |
file50.115.174.119 | Bashlite botnet C2 server (confidence level: 75%) | |
file107.172.248.140 | Bashlite botnet C2 server (confidence level: 75%) | |
file46.101.158.148 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file64.225.98.197 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file134.209.240.181 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file161.35.195.78 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file164.90.174.188 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file164.90.237.7 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file165.22.83.25 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file167.172.101.84 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file167.172.160.45 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
file128.199.29.170 | Bashlite botnet C2 server (confidence level: 75%) | |
file157.245.241.51 | Mirai botnet C2 server (confidence level: 75%) | |
file45.14.226.120 | Mirai botnet C2 server (confidence level: 75%) | |
file209.141.51.34 | Bashlite botnet C2 server (confidence level: 75%) | |
file155.138.252.212 | Bashlite botnet C2 server (confidence level: 75%) | |
file185.150.117.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.150.117.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.51.33.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.112.31.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.227.155.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.227.155.48 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.117.245.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.96.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.147.230.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.227.155.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.116.141.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.244.80.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.97.138.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.33.178.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.186.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.92.205.165 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.160.193.134 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.234.155.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.82.141.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.15.32.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.40.30.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.153.240.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.116.207.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.235.93.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.225.237.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.82.141.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.104.207.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.79.157.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.24.60.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.202.251.226 | Mirai botnet C2 server (confidence level: 75%) | |
file146.196.67.61 | Mirai botnet C2 server (confidence level: 75%) | |
file192.248.153.100 | Mirai botnet C2 server (confidence level: 75%) | |
file137.184.131.240 | Mirai botnet C2 server (confidence level: 75%) | |
file51.222.21.120 | Mirai botnet C2 server (confidence level: 75%) | |
file209.141.53.247 | Mirai botnet C2 server (confidence level: 75%) | |
file101.35.79.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.206.94.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.91.107.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.20.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.28.152.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file209.182.236.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.214.18.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.128.19.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.225.237.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.96.95.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.106.45.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.33.179.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.211.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.115.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.46.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.129.99.151 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.107.41.90 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.76.184.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.119.138.1 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.243.163.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.161.40.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.199.51.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.156.98.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.135.67.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.108.129.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.3.59.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file168.100.8.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.174.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.25.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.216.119.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.182.207.68 | Mirai botnet C2 server (confidence level: 75%) | |
file47.93.9.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.99.163.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.93.27.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.36.129 | Mirai botnet C2 server (confidence level: 75%) | |
file137.184.96.192 | Mirai botnet C2 server (confidence level: 75%) | |
file141.101.134.18 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.101.134.18 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.101.134.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file136.144.41.46 | Mirai botnet C2 server (confidence level: 75%) | |
file137.184.152.251 | Mirai botnet C2 server (confidence level: 75%) | |
file47.108.160.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.63.210.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.4.64.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.199.41.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.102.118.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.118.5.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.196.81.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.116.246.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.199.53.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.216.201.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.129.212.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.115.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.55.38.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.101.220.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.160.251 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash666 | Bashlite botnet C2 server (confidence level: 50%) | |
hash717 | Bashlite botnet C2 server (confidence level: 75%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash1194 | Bashlite botnet C2 server (confidence level: 75%) | |
hash606 | Bashlite botnet C2 server (confidence level: 75%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash443 | BazarBackdoor botnet C2 server (confidence level: 100%) | |
hash606 | Bashlite botnet C2 server (confidence level: 75%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash9400 | Mirai botnet C2 server (confidence level: 75%) | |
hash576 | Bashlite botnet C2 server (confidence level: 75%) | |
hash42516 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash38080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash384 | Mirai botnet C2 server (confidence level: 75%) | |
hash45526 | Mirai botnet C2 server (confidence level: 75%) | |
hash4932b7fa81a500c5050ccf3a945077e3 | BazarBackdoor payload (confidence level: 50%) | |
hash032694cfee1c05e1b2aa8fcf842a3539 | BazarBackdoor payload (confidence level: 50%) | |
hash06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed | AsyncRAT payload (confidence level: 50%) | |
hash9375 | Mirai botnet C2 server (confidence level: 75%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash42514 | Mirai botnet C2 server (confidence level: 75%) | |
hash6f7302e24899d1c05dcabbc8ec3e84d4 | BluStealer payload (confidence level: 50%) | |
hash55650 | Mirai botnet C2 server (confidence level: 75%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash808 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash445 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash45677 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash22222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash28015 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2052 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash23552 | Mirai botnet C2 server (confidence level: 75%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9931 | Mirai botnet C2 server (confidence level: 75%) | |
hash9506 | Mirai botnet C2 server (confidence level: 75%) | |
hash2703 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash49746 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash49746 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash53 | Mirai botnet C2 server (confidence level: 75%) | |
hash9931 | Mirai botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2052 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash44301 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6565 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4567 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash500 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://185.150.117.169/admin.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://forticlientupdater.com/admin.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://42.51.33.115:8081/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://36.112.31.160:8443/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://shysecuritybusiness.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://213.227.155.75:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://opposecurityaudit.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://213.227.155.48:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-4f1dmvy9-1252742900.sh.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://82.157.96.204:11/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://securityhumanresources.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.147.230.247:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://bagauditsecurity.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://213.227.155.241:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://1.116.141.23/microsoftupdate/shellex/kb242782/default.aspx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://desertfu.com/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://161.97.138.56:88/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://bloomcad.com/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://82.156.186.133/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://naratygam.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://neymenaf.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://173.234.155.186/lu | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://virtualauditsecurityservices.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.82.141.150:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.15.32.77:8888/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.40.30.88:83/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://hurtsecurityfinance.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.153.240.167:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.207.171:84/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-1srzoq4i-1307759375.gz.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://116.62.179.70/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://digisecuritysolutions.com:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.82.141.151:8080/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.104.207.11:8080/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.79.157.3/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://175.24.60.104/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://d14hpc69sn0990.cloudfront.net:443/safebrowsing/xqim/shtv7hoevgv9ompxdmab6ul-rlgmo5rv0-czy0z | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://101.35.79.199:8089/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.ynetcoil.xyz:2053/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://119.91.107.57:88/wp06/wp-includes/po.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.196.20.79/api/getid | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.28.152.137/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://209.182.236.217:808/wp-content/themes/calliope/wp_data.php | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.214.18.230/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.128.19.172:81/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://104.225.237.37:8888/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.96.95.155:8001/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.106.45.206:9090/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://gastaro.com/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.ynetcoil.xyz:2053/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://82.157.115.95:85/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.70.46.123:8123/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.129.99.151:445/ca | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.107.41.90:4433/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.76.184.181:45677/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.119.138.1:8121/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.243.163.164:22222/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://46.161.40.85:28015/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.199.51.9/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://new.f1ashupdate.xyz:2052/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-56wp912n-1307492913.sh.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://ki9.xyz:5555/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://119.3.59.17:9999/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://168.100.8.117/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://45.77.174.139:6443/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://154.204.25.175:8088/access/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.216.119.91:8080/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://www.steepygrieta.quest/oqaa/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://188.165.185.104/ee | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.93.9.242:8082/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.99.163.64:53/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.93.27.121:8081/live-txy/check | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://188.165.185.104/ee | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://cs.baibu.cf:8080/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://59.63.210.27:2052/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.4.64.254:44301/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.199.41.206/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.102.118.245:8080/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://114.118.5.101/owa/vaaruccwwmd4hbsdp0f3oetfsjb | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://139.196.81.139:10000/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://1.116.246.188:6565/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://121.199.53.120:8081/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.129.212.57:4567/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://82.157.115.95:8899/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://120.55.38.252:5555/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.101.220.137:500/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.108.160.251/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainchongmei33.publicvm.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainchonglee575.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7badd3ddd8cef2ebc0e5
Added to database: 5/19/2025, 6:42:53 PM
Last enriched: 6/18/2025, 7:19:35 PM
Last updated: 8/12/2025, 3:03:52 AM
Views: 10
Related Threats
Silent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumMalwareWed Aug 13 2025
CastleLoader Analysis
MediumMalwareWed Aug 13 2025
The Dark Side of Parental Control Apps
MediumMalwareWed Aug 13 2025
Uncovering a Web3 Interview Scam
MediumMalwareWed Aug 13 2025
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project
MediumMalwareWed Aug 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.