ThreatFox IOCs for 2023-08-11
ThreatFox IOCs for 2023-08-11
AI Analysis
Technical Summary
The provided information pertains to a set of ThreatFox Indicators of Compromise (IOCs) published on August 11, 2023. ThreatFox is a platform that aggregates and shares threat intelligence, primarily focusing on IOCs such as malicious IP addresses, domains, URLs, file hashes, and other artifacts linked to cyber threats. However, in this specific case, the data lacks detailed technical specifics such as affected software versions, vulnerability types, or exploit mechanisms. The threat is categorized as 'unknown' type with no associated Common Weakness Enumerations (CWEs) or patch information, indicating that it is likely a collection of raw threat intelligence rather than a description of a specific vulnerability or exploit. The severity is marked as medium, with a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, suggesting moderate confidence and dissemination of the intelligence. No known exploits in the wild have been reported, and no indicators are provided in the data. The tags indicate the data is open source intelligence (OSINT) and is shared under a white Traffic Light Protocol (TLP) classification, meaning it is intended for public sharing. Overall, this entry appears to be a routine update of threat intelligence IOCs without immediate actionable technical details or direct exploit information.
Potential Impact
Given the lack of specific technical details, affected systems, or known exploits, the direct impact of this threat intelligence update on European organizations is limited. However, the dissemination of IOCs can aid defenders in identifying and mitigating potential threats early. If these IOCs correspond to malicious infrastructure targeting European entities, organizations could face risks such as intrusion attempts, data exfiltration, or malware infections. The medium severity suggests a moderate level of concern, possibly reflecting the presence of active threat actors or campaigns associated with these IOCs. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to enhance situational awareness. Without concrete exploit details, the immediate risk to confidentiality, integrity, or availability is uncertain but should not be disregarded, especially for sectors with high exposure to cyber threats such as finance, critical infrastructure, and government.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enable automated detection and alerting on related malicious activity. 2. Conduct regular threat hunting exercises using the latest IOCs to proactively identify potential compromises within the network. 3. Maintain up-to-date threat intelligence sharing with trusted partners and Information Sharing and Analysis Centers (ISACs) to contextualize these IOCs within broader attack trends. 4. Enhance network segmentation and implement strict egress filtering to limit the impact of any potential intrusion linked to these IOCs. 5. Train security operations teams to recognize patterns associated with the types of threats typically reported by ThreatFox, improving response times. 6. Since no patches or specific vulnerabilities are indicated, focus on strengthening general cybersecurity hygiene, including timely patching of known vulnerabilities, multi-factor authentication, and least privilege access controls.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://116.203.166.240:27015/
- ip-dst|port: 80.85.157.78|28552
- url: http://gcl-page.biz/stats/save.php
- url: http://gcl-page.biz/check.php
- url: http://beerword.xyz/
- ip-dst|port: 168.100.10.122|8081
- url: http://45.9.74.70/2bfwen6kgtm/index.php
- ip-dst|port: 77.126.0.168|443
- ip-dst|port: 185.147.34.178|55615
- url: http://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php
- url: http://94.156.253.25/en_us/all.js
- ip-dst|port: 94.156.253.26|80
- ip-dst|port: 94.156.253.25|80
- ip-dst|port: 39.49.48.18|995
- ip-dst|port: 45.65.49.230|443
- ip-dst|port: 86.96.75.225|2222
- ip-dst|port: 100.4.182.242|2222
- ip-dst|port: 200.91.114.90|443
- ip-dst|port: 197.87.143.210|443
- url: http://91.103.252.140/
- ip-dst|port: 31.53.29.199|2222
- ip-dst|port: 113.193.95.237|443
- url: http://216.128.145.196/~wellseconds/?p=060773029
- url: http://77.91.68.18/nice/index.php
- url: http://216.128.145.196/~wellseconds/?p=529497154189253
- url: http://154.90.57.70/load
- url: https://23.234.254.155:4433/g.pixel
- url: https://vps.cpple.tk:4433/match
- ip-dst|port: 77.91.68.18|80
- ip-dst|port: 66.35.127.81|2222
- ip-dst|port: 117.202.205.136|993
- ip-dst|port: 64.188.19.202|1604
- ip-dst|port: 89.23.100.178|7872
- url: http://nesanocige.us:443/files/favicon.ico
- ip-dst|port: 75.156.126.33|995
- ip-dst|port: 197.2.159.74|443
- url: https://198.46.226.96/visit.js
- ip-dst|port: 198.46.226.96|443
- url: https://103.44.244.230/pixel
- ip-dst|port: 103.44.244.230|443
- url: http://36.140.61.132:8080/ie9compatviewlist.xml
- url: http://149.129.72.37:8880/g.pixel
- domain: 439mdxmex.damnserver.com
- domain: 897midasgold.ddns.me
- domain: 9mdxmex.damnserver.com
- domain: aigodmoney009.access.ly
- domain: askmrpc747bm.mymediapc.net
- domain: brockmex57.golffan.us
- domain: cinfintymex.geekgalaxy.com
- domain: cnt-blackrock.geekgalaxy.com
- domain: disrupmoney979.ditchyourip.com
- domain: dmrpc77bm.myactivedirectory.com
- domain: freelascdmx979.couchpotatofries.org
- domain: hotdiamond777.loginto.me
- domain: i89bydzi.dynns.com
- domain: ikmidasgold.ddns.me
- domain: imrpc7987bm.mmafan.biz
- domain: infintymex747.geekgalaxy.com
- domain: infintymexb.geekgalaxy.com
- domain: infintymexbrock.geekgalaxy.com
- domain: irocketxmtm.hopto.me
- domain: izt89bydzi.dynns.com
- domain: j1d3c3mex.homesecuritypc.com
- domain: jinfintymexbr.geekgalaxy.com
- domain: jxjmrpc797bm.mydissent.net
- domain: kakarotomx.dnsfor.me
- domain: kktkarotomx.dnsfor.me
- domain: megaskigoldmex.dvrcam.info
- domain: minfintymexbr.geekgalaxy.com
- domain: myfunbmdablo99.hosthampster.com
- domain: myinfintyme09.geekgalaxy.com
- domain: rexsrupmoney979.ditchyourip.com
- domain: skigoldmex.dvrcam.info
- domain: zeedinfintymexbrock.geekgalaxy.com
- ip-dst|port: 104.161.94.37|3001
- url: http://45.42.160.55
- ip-dst|port: 209.250.242.222|27532
- ip-dst|port: 118.107.46.132|31337
- ip-dst|port: 118.107.46.132|8888
- ip-dst|port: 100.36.21.114|31337
- ip-dst|port: 100.36.21.114|8888
- ip-dst|port: 118.107.46.131|31337
- ip-dst|port: 118.107.46.131|8888
- ip-dst|port: 118.107.46.133|8888
- ip-dst|port: 118.107.46.133|31337
- ip-dst|port: 194.87.236.17|8888
- ip-dst|port: 194.87.236.17|31337
- ip-dst|port: 91.103.253.43|443
- ip-dst|port: 146.190.219.130|443
- ip-dst|port: 35.74.154.31|80
- ip-dst|port: 64.176.168.231|80
- ip-dst|port: 188.124.39.62|7443
- ip-dst|port: 146.190.38.149|7443
- ip-dst|port: 103.225.198.216|7443
- ip-dst|port: 167.99.194.103|7443
- ip-dst|port: 3.78.199.107|9000
- ip-dst|port: 36.138.134.148|8443
- ip-dst|port: 124.24.58.252|9090
- ip-dst|port: 23.163.0.228|4772
- ip-dst|port: 109.248.6.223|8443
- ip-dst|port: 135.125.250.237|3170
- ip-dst|port: 208.123.119.153|4486
- ip-dst|port: 194.156.98.226|20143
- ip-dst|port: 103.20.235.154|2561
- ip-dst|port: 43.153.87.78|443
- ip-dst|port: 176.31.163.140|80
- ip-dst|port: 176.31.163.140|443
- ip-dst|port: 146.190.29.203|80
- ip-dst|port: 20.160.143.1|443
- ip-dst|port: 52.61.243.196|445
- ip-dst|port: 52.61.243.196|80
- ip-dst|port: 52.61.243.196|443
- ip-dst|port: 104.194.222.50|445
- ip-dst|port: 51.75.91.172|5985
- ip-dst|port: 51.75.91.172|445
- ip-dst|port: 15.200.170.168|80
- ip-dst|port: 15.200.170.168|445
- ip-dst|port: 137.184.225.245|443
- ip-dst|port: 141.164.54.106|445
- ip-dst|port: 34.150.43.70|443
- ip-dst|port: 46.246.232.45|995
- ip-dst|port: 154.12.254.215|46452
- ip-dst|port: 164.92.144.116|80
- ip-dst|port: 143.110.241.178|80
- ip-dst|port: 159.223.95.82|80
- ip-dst|port: 176.124.32.164|80
- ip-dst|port: 167.71.35.189|80
- ip-dst|port: 185.153.182.156|80
- ip-dst|port: 128.199.151.179|80
- url: http://175.178.80.121:8001/ga.js
- url: https://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js
- ip-dst|port: 43.138.230.201|443
- url: https://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- ip-dst|port: 23.92.208.51|443
- url: https://154.9.253.54/api/3
- ip-dst|port: 154.9.253.54|443
ThreatFox IOCs for 2023-08-11
Description
ThreatFox IOCs for 2023-08-11
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of ThreatFox Indicators of Compromise (IOCs) published on August 11, 2023. ThreatFox is a platform that aggregates and shares threat intelligence, primarily focusing on IOCs such as malicious IP addresses, domains, URLs, file hashes, and other artifacts linked to cyber threats. However, in this specific case, the data lacks detailed technical specifics such as affected software versions, vulnerability types, or exploit mechanisms. The threat is categorized as 'unknown' type with no associated Common Weakness Enumerations (CWEs) or patch information, indicating that it is likely a collection of raw threat intelligence rather than a description of a specific vulnerability or exploit. The severity is marked as medium, with a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, suggesting moderate confidence and dissemination of the intelligence. No known exploits in the wild have been reported, and no indicators are provided in the data. The tags indicate the data is open source intelligence (OSINT) and is shared under a white Traffic Light Protocol (TLP) classification, meaning it is intended for public sharing. Overall, this entry appears to be a routine update of threat intelligence IOCs without immediate actionable technical details or direct exploit information.
Potential Impact
Given the lack of specific technical details, affected systems, or known exploits, the direct impact of this threat intelligence update on European organizations is limited. However, the dissemination of IOCs can aid defenders in identifying and mitigating potential threats early. If these IOCs correspond to malicious infrastructure targeting European entities, organizations could face risks such as intrusion attempts, data exfiltration, or malware infections. The medium severity suggests a moderate level of concern, possibly reflecting the presence of active threat actors or campaigns associated with these IOCs. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to enhance situational awareness. Without concrete exploit details, the immediate risk to confidentiality, integrity, or availability is uncertain but should not be disregarded, especially for sectors with high exposure to cyber threats such as finance, critical infrastructure, and government.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enable automated detection and alerting on related malicious activity. 2. Conduct regular threat hunting exercises using the latest IOCs to proactively identify potential compromises within the network. 3. Maintain up-to-date threat intelligence sharing with trusted partners and Information Sharing and Analysis Centers (ISACs) to contextualize these IOCs within broader attack trends. 4. Enhance network segmentation and implement strict egress filtering to limit the impact of any potential intrusion linked to these IOCs. 5. Train security operations teams to recognize patterns associated with the types of threats typically reported by ThreatFox, improving response times. 6. Since no patches or specific vulnerabilities are indicated, focus on strengthening general cybersecurity hygiene, including timely patching of known vulnerabilities, multi-factor authentication, and least privilege access controls.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
Indicators of Compromise
Url
Value | Description | Copy |
---|---|---|
urlhttp://116.203.166.240:27015/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://gcl-page.biz/stats/save.php | CCleaner Backdoor botnet C2 (confidence level: 100%) | |
urlhttp://gcl-page.biz/check.php | CCleaner Backdoor botnet C2 (confidence level: 100%) | |
urlhttp://beerword.xyz/ | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.9.74.70/2bfwen6kgtm/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://94.156.253.25/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://91.103.252.140/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://216.128.145.196/~wellseconds/?p=060773029 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://77.91.68.18/nice/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://216.128.145.196/~wellseconds/?p=529497154189253 | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://154.90.57.70/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.234.254.155:4433/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://vps.cpple.tk:4433/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://nesanocige.us:443/files/favicon.ico | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://198.46.226.96/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.44.244.230/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://36.140.61.132:8080/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://149.129.72.37:8880/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://45.42.160.55 | JanelaRAT payload delivery URL (confidence level: 100%) | |
urlhttp://175.178.80.121:8001/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://154.9.253.54/api/3 | Cobalt Strike botnet C2 (confidence level: 100%) |
Ip dst|port
Value | Description | Copy |
---|---|---|
ip-dst|port80.85.157.78|28552 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port168.100.10.122|8081 | RisePro botnet C2 server (confidence level: 50%) | |
ip-dst|port77.126.0.168|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port185.147.34.178|55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port94.156.253.26|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port94.156.253.25|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port39.49.48.18|995 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port45.65.49.230|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port86.96.75.225|2222 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port100.4.182.242|2222 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port200.91.114.90|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port197.87.143.210|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port31.53.29.199|2222 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port113.193.95.237|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port77.91.68.18|80 | Amadey botnet C2 server (confidence level: 50%) | |
ip-dst|port66.35.127.81|2222 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port117.202.205.136|993 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port64.188.19.202|1604 | Remcos botnet C2 server (confidence level: 75%) | |
ip-dst|port89.23.100.178|7872 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port75.156.126.33|995 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port197.2.159.74|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port198.46.226.96|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port103.44.244.230|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port104.161.94.37|3001 | JanelaRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port209.250.242.222|27532 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port118.107.46.132|31337 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port118.107.46.132|8888 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port100.36.21.114|31337 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port100.36.21.114|8888 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port118.107.46.131|31337 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port118.107.46.131|8888 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port118.107.46.133|8888 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port118.107.46.133|31337 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port194.87.236.17|8888 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port194.87.236.17|31337 | Sliver botnet C2 server (confidence level: 50%) | |
ip-dst|port91.103.253.43|443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
ip-dst|port146.190.219.130|443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
ip-dst|port35.74.154.31|80 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
ip-dst|port64.176.168.231|80 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port188.124.39.62|7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port146.190.38.149|7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port103.225.198.216|7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port167.99.194.103|7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port3.78.199.107|9000 | Deimos botnet C2 server (confidence level: 50%) | |
ip-dst|port36.138.134.148|8443 | Deimos botnet C2 server (confidence level: 50%) | |
ip-dst|port124.24.58.252|9090 | Deimos botnet C2 server (confidence level: 50%) | |
ip-dst|port23.163.0.228|4772 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port109.248.6.223|8443 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port135.125.250.237|3170 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port208.123.119.153|4486 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port194.156.98.226|20143 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port103.20.235.154|2561 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port43.153.87.78|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port176.31.163.140|80 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port176.31.163.140|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port146.190.29.203|80 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port20.160.143.1|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port52.61.243.196|445 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port52.61.243.196|80 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port52.61.243.196|443 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port104.194.222.50|445 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port51.75.91.172|5985 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port51.75.91.172|445 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port15.200.170.168|80 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port15.200.170.168|445 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port137.184.225.245|443 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port141.164.54.106|445 | Responder botnet C2 server (confidence level: 50%) | |
ip-dst|port34.150.43.70|443 | pupy botnet C2 server (confidence level: 50%) | |
ip-dst|port46.246.232.45|995 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port154.12.254.215|46452 | DCRat botnet C2 server (confidence level: 50%) | |
ip-dst|port164.92.144.116|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port143.110.241.178|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port159.223.95.82|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port176.124.32.164|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port167.71.35.189|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port185.153.182.156|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port128.199.151.179|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port43.138.230.201|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port23.92.208.51|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port154.9.253.54|443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domain439mdxmex.damnserver.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domain897midasgold.ddns.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domain9mdxmex.damnserver.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainaigodmoney009.access.ly | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainaskmrpc747bm.mymediapc.net | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainbrockmex57.golffan.us | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaincinfintymex.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaincnt-blackrock.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaindisrupmoney979.ditchyourip.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaindmrpc77bm.myactivedirectory.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainfreelascdmx979.couchpotatofries.org | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainhotdiamond777.loginto.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaini89bydzi.dynns.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainikmidasgold.ddns.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainimrpc7987bm.mmafan.biz | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaininfintymex747.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaininfintymexb.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domaininfintymexbrock.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainirocketxmtm.hopto.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainizt89bydzi.dynns.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainj1d3c3mex.homesecuritypc.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainjinfintymexbr.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainjxjmrpc797bm.mydissent.net | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainkakarotomx.dnsfor.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainkktkarotomx.dnsfor.me | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainmegaskigoldmex.dvrcam.info | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainminfintymexbr.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainmyfunbmdablo99.hosthampster.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainmyinfintyme09.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainrexsrupmoney979.ditchyourip.com | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainskigoldmex.dvrcam.info | JanelaRAT botnet C2 domain (confidence level: 100%) | |
domainzeedinfintymexbrock.geekgalaxy.com | JanelaRAT botnet C2 domain (confidence level: 100%) |
Threat ID: 6828eab9e1a0c275ea6e31d9
Added to database: 5/17/2025, 7:59:53 PM
Last enriched: 6/17/2025, 10:34:29 AM
Last updated: 7/29/2025, 12:50:05 AM
Views: 20
Related Threats
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.