ThreatFox IOCs for 2023-08-11

Severity: mediumType: unknown

AI Analysis

Technical Summary

The provided information pertains to a set of ThreatFox Indicators of Compromise (IOCs) published on August 11, 2023. ThreatFox is a platform that aggregates and shares threat intelligence, primarily focusing on IOCs such as malicious IP addresses, domains, URLs, file hashes, and other artifacts linked to cyber threats. However, in this specific case, the data lacks detailed technical specifics such as affected software versions, vulnerability types, or exploit mechanisms. The threat is categorized as 'unknown' type with no associated Common Weakness Enumerations (CWEs) or patch information, indicating that it is likely a collection of raw threat intelligence rather than a description of a specific vulnerability or exploit. The severity is marked as medium, with a threat level of 2 (on an unspecified scale), analysis level 1, and distribution level 3, suggesting moderate confidence and dissemination of the intelligence. No known exploits in the wild have been reported, and no indicators are provided in the data. The tags indicate the data is open source intelligence (OSINT) and is shared under a white Traffic Light Protocol (TLP) classification, meaning it is intended for public sharing. Overall, this entry appears to be a routine update of threat intelligence IOCs without immediate actionable technical details or direct exploit information.

Potential Impact

Given the lack of specific technical details, affected systems, or known exploits, the direct impact of this threat intelligence update on European organizations is limited. However, the dissemination of IOCs can aid defenders in identifying and mitigating potential threats early. If these IOCs correspond to malicious infrastructure targeting European entities, organizations could face risks such as intrusion attempts, data exfiltration, or malware infections. The medium severity suggests a moderate level of concern, possibly reflecting the presence of active threat actors or campaigns associated with these IOCs. European organizations relying on threat intelligence feeds should integrate these IOCs into their detection systems to enhance situational awareness. Without concrete exploit details, the immediate risk to confidentiality, integrity, or availability is uncertain but should not be disregarded, especially for sectors with high exposure to cyber threats such as finance, critical infrastructure, and government.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enable automated detection and alerting on related malicious activity. 2. Conduct regular threat hunting exercises using the latest IOCs to proactively identify potential compromises within the network. 3. Maintain up-to-date threat intelligence sharing with trusted partners and Information Sharing and Analysis Centers (ISACs) to contextualize these IOCs within broader attack trends. 4. Enhance network segmentation and implement strict egress filtering to limit the impact of any potential intrusion linked to these IOCs. 5. Train security operations teams to recognize patterns associated with the types of threats typically reported by ThreatFox, improving response times. 6. Since no patches or specific vulnerabilities are indicated, focus on strengthening general cybersecurity hygiene, including timely patching of known vulnerabilities, multi-factor authentication, and least privilege access controls.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://116.203.166.240:27015/
ip-dst|port: 80.85.157.78|28552
url: http://gcl-page.biz/stats/save.php
url: http://gcl-page.biz/check.php
url: http://beerword.xyz/
ip-dst|port: 168.100.10.122|8081
url: http://45.9.74.70/2bfwen6kgtm/index.php
ip-dst|port: 77.126.0.168|443
ip-dst|port: 185.147.34.178|55615
url: http://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php
url: http://94.156.253.25/en_us/all.js
ip-dst|port: 94.156.253.26|80
ip-dst|port: 94.156.253.25|80
ip-dst|port: 39.49.48.18|995
ip-dst|port: 45.65.49.230|443
ip-dst|port: 86.96.75.225|2222
ip-dst|port: 100.4.182.242|2222
ip-dst|port: 200.91.114.90|443
ip-dst|port: 197.87.143.210|443
url: http://91.103.252.140/
ip-dst|port: 31.53.29.199|2222
ip-dst|port: 113.193.95.237|443
url: http://216.128.145.196/~wellseconds/?p=060773029
url: http://77.91.68.18/nice/index.php
url: http://216.128.145.196/~wellseconds/?p=529497154189253
url: http://154.90.57.70/load
url: https://23.234.254.155:4433/g.pixel
url: https://vps.cpple.tk:4433/match
ip-dst|port: 77.91.68.18|80
ip-dst|port: 66.35.127.81|2222
ip-dst|port: 117.202.205.136|993
ip-dst|port: 64.188.19.202|1604
ip-dst|port: 89.23.100.178|7872
url: http://nesanocige.us:443/files/favicon.ico
ip-dst|port: 75.156.126.33|995
ip-dst|port: 197.2.159.74|443
url: https://198.46.226.96/visit.js
ip-dst|port: 198.46.226.96|443
url: https://103.44.244.230/pixel
ip-dst|port: 103.44.244.230|443
url: http://36.140.61.132:8080/ie9compatviewlist.xml
url: http://149.129.72.37:8880/g.pixel
domain: 439mdxmex.damnserver.com
domain: 897midasgold.ddns.me
domain: 9mdxmex.damnserver.com
domain: aigodmoney009.access.ly
domain: askmrpc747bm.mymediapc.net
domain: brockmex57.golffan.us
domain: cinfintymex.geekgalaxy.com
domain: cnt-blackrock.geekgalaxy.com
domain: disrupmoney979.ditchyourip.com
domain: dmrpc77bm.myactivedirectory.com
domain: freelascdmx979.couchpotatofries.org
domain: hotdiamond777.loginto.me
domain: i89bydzi.dynns.com
domain: ikmidasgold.ddns.me
domain: imrpc7987bm.mmafan.biz
domain: infintymex747.geekgalaxy.com
domain: infintymexb.geekgalaxy.com
domain: infintymexbrock.geekgalaxy.com
domain: irocketxmtm.hopto.me
domain: izt89bydzi.dynns.com
domain: j1d3c3mex.homesecuritypc.com
domain: jinfintymexbr.geekgalaxy.com
domain: jxjmrpc797bm.mydissent.net
domain: kakarotomx.dnsfor.me
domain: kktkarotomx.dnsfor.me
domain: megaskigoldmex.dvrcam.info
domain: minfintymexbr.geekgalaxy.com
domain: myfunbmdablo99.hosthampster.com
domain: myinfintyme09.geekgalaxy.com
domain: rexsrupmoney979.ditchyourip.com
domain: skigoldmex.dvrcam.info
domain: zeedinfintymexbrock.geekgalaxy.com
ip-dst|port: 104.161.94.37|3001
url: http://45.42.160.55
ip-dst|port: 209.250.242.222|27532
ip-dst|port: 118.107.46.132|31337
ip-dst|port: 118.107.46.132|8888
ip-dst|port: 100.36.21.114|31337
ip-dst|port: 100.36.21.114|8888
ip-dst|port: 118.107.46.131|31337
ip-dst|port: 118.107.46.131|8888
ip-dst|port: 118.107.46.133|8888
ip-dst|port: 118.107.46.133|31337
ip-dst|port: 194.87.236.17|8888
ip-dst|port: 194.87.236.17|31337
ip-dst|port: 91.103.253.43|443
ip-dst|port: 146.190.219.130|443
ip-dst|port: 35.74.154.31|80
ip-dst|port: 64.176.168.231|80
ip-dst|port: 188.124.39.62|7443
ip-dst|port: 146.190.38.149|7443
ip-dst|port: 103.225.198.216|7443
ip-dst|port: 167.99.194.103|7443
ip-dst|port: 3.78.199.107|9000
ip-dst|port: 36.138.134.148|8443
ip-dst|port: 124.24.58.252|9090
ip-dst|port: 23.163.0.228|4772
ip-dst|port: 109.248.6.223|8443
ip-dst|port: 135.125.250.237|3170
ip-dst|port: 208.123.119.153|4486
ip-dst|port: 194.156.98.226|20143
ip-dst|port: 103.20.235.154|2561
ip-dst|port: 43.153.87.78|443
ip-dst|port: 176.31.163.140|80
ip-dst|port: 176.31.163.140|443
ip-dst|port: 146.190.29.203|80
ip-dst|port: 20.160.143.1|443
ip-dst|port: 52.61.243.196|445
ip-dst|port: 52.61.243.196|80
ip-dst|port: 52.61.243.196|443
ip-dst|port: 104.194.222.50|445
ip-dst|port: 51.75.91.172|5985
ip-dst|port: 51.75.91.172|445
ip-dst|port: 15.200.170.168|80
ip-dst|port: 15.200.170.168|445
ip-dst|port: 137.184.225.245|443
ip-dst|port: 141.164.54.106|445
ip-dst|port: 34.150.43.70|443
ip-dst|port: 46.246.232.45|995
ip-dst|port: 154.12.254.215|46452
ip-dst|port: 164.92.144.116|80
ip-dst|port: 143.110.241.178|80
ip-dst|port: 159.223.95.82|80
ip-dst|port: 176.124.32.164|80
ip-dst|port: 167.71.35.189|80
ip-dst|port: 185.153.182.156|80
ip-dst|port: 128.199.151.179|80
url: http://175.178.80.121:8001/ga.js
url: https://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js
ip-dst|port: 43.138.230.201|443
url: https://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 23.92.208.51|443
url: https://154.9.253.54/api/3
ip-dst|port: 154.9.253.54|443

ThreatFox IOCs for 2023-08-11

Severity: medium

Type: unknown

ThreatFox IOCs for 2023-08-11

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://116.203.166.240:27015/
ip-dst|port: 80.85.157.78|28552
url: http://gcl-page.biz/stats/save.php
url: http://gcl-page.biz/check.php
url: http://beerword.xyz/
ip-dst|port: 168.100.10.122|8081
url: http://45.9.74.70/2bfwen6kgtm/index.php
ip-dst|port: 77.126.0.168|443
ip-dst|port: 185.147.34.178|55615
url: http://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php
url: http://94.156.253.25/en_us/all.js
ip-dst|port: 94.156.253.26|80
ip-dst|port: 94.156.253.25|80
ip-dst|port: 39.49.48.18|995
ip-dst|port: 45.65.49.230|443
ip-dst|port: 86.96.75.225|2222
ip-dst|port: 100.4.182.242|2222
ip-dst|port: 200.91.114.90|443
ip-dst|port: 197.87.143.210|443
url: http://91.103.252.140/
ip-dst|port: 31.53.29.199|2222
ip-dst|port: 113.193.95.237|443
url: http://216.128.145.196/~wellseconds/?p=060773029
url: http://77.91.68.18/nice/index.php
url: http://216.128.145.196/~wellseconds/?p=529497154189253
url: http://154.90.57.70/load
url: https://23.234.254.155:4433/g.pixel
url: https://vps.cpple.tk:4433/match
ip-dst|port: 77.91.68.18|80
ip-dst|port: 66.35.127.81|2222
ip-dst|port: 117.202.205.136|993
ip-dst|port: 64.188.19.202|1604
ip-dst|port: 89.23.100.178|7872
url: http://nesanocige.us:443/files/favicon.ico
ip-dst|port: 75.156.126.33|995
ip-dst|port: 197.2.159.74|443
url: https://198.46.226.96/visit.js
ip-dst|port: 198.46.226.96|443
url: https://103.44.244.230/pixel
ip-dst|port: 103.44.244.230|443
url: http://36.140.61.132:8080/ie9compatviewlist.xml
url: http://149.129.72.37:8880/g.pixel
domain: 439mdxmex.damnserver.com
domain: 897midasgold.ddns.me
domain: 9mdxmex.damnserver.com
domain: aigodmoney009.access.ly
domain: askmrpc747bm.mymediapc.net
domain: brockmex57.golffan.us
domain: cinfintymex.geekgalaxy.com
domain: cnt-blackrock.geekgalaxy.com
domain: disrupmoney979.ditchyourip.com
domain: dmrpc77bm.myactivedirectory.com
domain: freelascdmx979.couchpotatofries.org
domain: hotdiamond777.loginto.me
domain: i89bydzi.dynns.com
domain: ikmidasgold.ddns.me
domain: imrpc7987bm.mmafan.biz
domain: infintymex747.geekgalaxy.com
domain: infintymexb.geekgalaxy.com
domain: infintymexbrock.geekgalaxy.com
domain: irocketxmtm.hopto.me
domain: izt89bydzi.dynns.com
domain: j1d3c3mex.homesecuritypc.com
domain: jinfintymexbr.geekgalaxy.com
domain: jxjmrpc797bm.mydissent.net
domain: kakarotomx.dnsfor.me
domain: kktkarotomx.dnsfor.me
domain: megaskigoldmex.dvrcam.info
domain: minfintymexbr.geekgalaxy.com
domain: myfunbmdablo99.hosthampster.com
domain: myinfintyme09.geekgalaxy.com
domain: rexsrupmoney979.ditchyourip.com
domain: skigoldmex.dvrcam.info
domain: zeedinfintymexbrock.geekgalaxy.com
ip-dst|port: 104.161.94.37|3001
url: http://45.42.160.55
ip-dst|port: 209.250.242.222|27532
ip-dst|port: 118.107.46.132|31337
ip-dst|port: 118.107.46.132|8888
ip-dst|port: 100.36.21.114|31337
ip-dst|port: 100.36.21.114|8888
ip-dst|port: 118.107.46.131|31337
ip-dst|port: 118.107.46.131|8888
ip-dst|port: 118.107.46.133|8888
ip-dst|port: 118.107.46.133|31337
ip-dst|port: 194.87.236.17|8888
ip-dst|port: 194.87.236.17|31337
ip-dst|port: 91.103.253.43|443
ip-dst|port: 146.190.219.130|443
ip-dst|port: 35.74.154.31|80
ip-dst|port: 64.176.168.231|80
ip-dst|port: 188.124.39.62|7443
ip-dst|port: 146.190.38.149|7443
ip-dst|port: 103.225.198.216|7443
ip-dst|port: 167.99.194.103|7443
ip-dst|port: 3.78.199.107|9000
ip-dst|port: 36.138.134.148|8443
ip-dst|port: 124.24.58.252|9090
ip-dst|port: 23.163.0.228|4772
ip-dst|port: 109.248.6.223|8443
ip-dst|port: 135.125.250.237|3170
ip-dst|port: 208.123.119.153|4486
ip-dst|port: 194.156.98.226|20143
ip-dst|port: 103.20.235.154|2561
ip-dst|port: 43.153.87.78|443
ip-dst|port: 176.31.163.140|80
ip-dst|port: 176.31.163.140|443
ip-dst|port: 146.190.29.203|80
ip-dst|port: 20.160.143.1|443
ip-dst|port: 52.61.243.196|445
ip-dst|port: 52.61.243.196|80
ip-dst|port: 52.61.243.196|443
ip-dst|port: 104.194.222.50|445
ip-dst|port: 51.75.91.172|5985
ip-dst|port: 51.75.91.172|445
ip-dst|port: 15.200.170.168|80
ip-dst|port: 15.200.170.168|445
ip-dst|port: 137.184.225.245|443
ip-dst|port: 141.164.54.106|445
ip-dst|port: 34.150.43.70|443
ip-dst|port: 46.246.232.45|995
ip-dst|port: 154.12.254.215|46452
ip-dst|port: 164.92.144.116|80
ip-dst|port: 143.110.241.178|80
ip-dst|port: 159.223.95.82|80
ip-dst|port: 176.124.32.164|80
ip-dst|port: 167.71.35.189|80
ip-dst|port: 185.153.182.156|80
ip-dst|port: 128.199.151.179|80
url: http://175.178.80.121:8001/ga.js
url: https://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js
ip-dst|port: 43.138.230.201|443
url: https://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
ip-dst|port: 23.92.208.51|443
url: https://154.9.253.54/api/3
ip-dst|port: 154.9.253.54|443

Source: MISP

Published: Fri Aug 11 2023

ThreatFox IOCs for 2023-08-11

Medium

Unknowntype:OSINT tlp:white

Published: Fri Aug 11 2023 (08/11/2023, 00:00:00 UTC)

Source: MISP

Description

ThreatFox IOCs for 2023-08-11

AI-Powered Analysis

AILast updated: 06/17/2025, 10:34:29 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://116.203.166.240:27015/	Vidar botnet C2 (confidence level: 100%)
urlhttp://gcl-page.biz/stats/save.php	CCleaner Backdoor botnet C2 (confidence level: 100%)
urlhttp://gcl-page.biz/check.php	CCleaner Backdoor botnet C2 (confidence level: 100%)
urlhttp://beerword.xyz/	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://45.9.74.70/2bfwen6kgtm/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://185.161.251.195/7basedbpoll/1/test/provider/processordefault.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://94.156.253.25/en_us/all.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://91.103.252.140/	RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://216.128.145.196/~wellseconds/?p=060773029	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://77.91.68.18/nice/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://216.128.145.196/~wellseconds/?p=529497154189253	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://154.90.57.70/load	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.234.254.155:4433/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://vps.cpple.tk:4433/match	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://nesanocige.us:443/files/favicon.ico	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://198.46.226.96/visit.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://103.44.244.230/pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://36.140.61.132:8080/ie9compatviewlist.xml	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://149.129.72.37:8880/g.pixel	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://45.42.160.55	JanelaRAT payload delivery URL (confidence level: 100%)
urlhttp://175.178.80.121:8001/ga.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://192.168.216.152/p/freemail/lib/polyfill/es5-polyfill.js	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://23.92.208.51/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books	Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://154.9.253.54/api/3	Cobalt Strike botnet C2 (confidence level: 100%)

Ip dst|port

Value	Description	Copy
ip-dst\|port80.85.157.78\|28552	RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst\|port168.100.10.122\|8081	RisePro botnet C2 server (confidence level: 50%)
ip-dst\|port77.126.0.168\|443	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port185.147.34.178\|55615	RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst\|port94.156.253.26\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port94.156.253.25\|80	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port39.49.48.18\|995	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port45.65.49.230\|443	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port86.96.75.225\|2222	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port100.4.182.242\|2222	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port200.91.114.90\|443	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port197.87.143.210\|443	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port31.53.29.199\|2222	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port113.193.95.237\|443	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port77.91.68.18\|80	Amadey botnet C2 server (confidence level: 50%)
ip-dst\|port66.35.127.81\|2222	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port117.202.205.136\|993	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port64.188.19.202\|1604	Remcos botnet C2 server (confidence level: 75%)
ip-dst\|port89.23.100.178\|7872	RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst\|port75.156.126.33\|995	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port197.2.159.74\|443	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port198.46.226.96\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port103.44.244.230\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port104.161.94.37\|3001	JanelaRAT botnet C2 server (confidence level: 100%)
ip-dst\|port209.250.242.222\|27532	RedLine Stealer botnet C2 server (confidence level: 100%)
ip-dst\|port118.107.46.132\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port118.107.46.132\|8888	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port100.36.21.114\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port100.36.21.114\|8888	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port118.107.46.131\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port118.107.46.131\|8888	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port118.107.46.133\|8888	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port118.107.46.133\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port194.87.236.17\|8888	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port194.87.236.17\|31337	Sliver botnet C2 server (confidence level: 50%)
ip-dst\|port91.103.253.43\|443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port146.190.219.130\|443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port35.74.154.31\|80	Brute Ratel C4 botnet C2 server (confidence level: 50%)
ip-dst\|port64.176.168.231\|80	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port188.124.39.62\|7443	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port146.190.38.149\|7443	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port103.225.198.216\|7443	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port167.99.194.103\|7443	Unknown malware botnet C2 server (confidence level: 50%)
ip-dst\|port3.78.199.107\|9000	Deimos botnet C2 server (confidence level: 50%)
ip-dst\|port36.138.134.148\|8443	Deimos botnet C2 server (confidence level: 50%)
ip-dst\|port124.24.58.252\|9090	Deimos botnet C2 server (confidence level: 50%)
ip-dst\|port23.163.0.228\|4772	BianLian botnet C2 server (confidence level: 50%)
ip-dst\|port109.248.6.223\|8443	BianLian botnet C2 server (confidence level: 50%)
ip-dst\|port135.125.250.237\|3170	BianLian botnet C2 server (confidence level: 50%)
ip-dst\|port208.123.119.153\|4486	BianLian botnet C2 server (confidence level: 50%)
ip-dst\|port194.156.98.226\|20143	BianLian botnet C2 server (confidence level: 50%)
ip-dst\|port103.20.235.154\|2561	BianLian botnet C2 server (confidence level: 50%)
ip-dst\|port43.153.87.78\|443	Havoc botnet C2 server (confidence level: 50%)
ip-dst\|port176.31.163.140\|80	Havoc botnet C2 server (confidence level: 50%)
ip-dst\|port176.31.163.140\|443	Havoc botnet C2 server (confidence level: 50%)
ip-dst\|port146.190.29.203\|80	Havoc botnet C2 server (confidence level: 50%)
ip-dst\|port20.160.143.1\|443	Havoc botnet C2 server (confidence level: 50%)
ip-dst\|port52.61.243.196\|445	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port52.61.243.196\|80	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port52.61.243.196\|443	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port104.194.222.50\|445	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port51.75.91.172\|5985	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port51.75.91.172\|445	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port15.200.170.168\|80	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port15.200.170.168\|445	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port137.184.225.245\|443	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port141.164.54.106\|445	Responder botnet C2 server (confidence level: 50%)
ip-dst\|port34.150.43.70\|443	pupy botnet C2 server (confidence level: 50%)
ip-dst\|port46.246.232.45\|995	QakBot botnet C2 server (confidence level: 50%)
ip-dst\|port154.12.254.215\|46452	DCRat botnet C2 server (confidence level: 50%)
ip-dst\|port164.92.144.116\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port143.110.241.178\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port159.223.95.82\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port176.124.32.164\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port167.71.35.189\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port185.153.182.156\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port128.199.151.179\|80	IcedID botnet C2 server (confidence level: 75%)
ip-dst\|port43.138.230.201\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port23.92.208.51\|443	Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst\|port154.9.253.54\|443	Cobalt Strike botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domain439mdxmex.damnserver.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domain897midasgold.ddns.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domain9mdxmex.damnserver.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainaigodmoney009.access.ly	JanelaRAT botnet C2 domain (confidence level: 100%)
domainaskmrpc747bm.mymediapc.net	JanelaRAT botnet C2 domain (confidence level: 100%)
domainbrockmex57.golffan.us	JanelaRAT botnet C2 domain (confidence level: 100%)
domaincinfintymex.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaincnt-blackrock.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaindisrupmoney979.ditchyourip.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaindmrpc77bm.myactivedirectory.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainfreelascdmx979.couchpotatofries.org	JanelaRAT botnet C2 domain (confidence level: 100%)
domainhotdiamond777.loginto.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domaini89bydzi.dynns.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainikmidasgold.ddns.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainimrpc7987bm.mmafan.biz	JanelaRAT botnet C2 domain (confidence level: 100%)
domaininfintymex747.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaininfintymexb.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domaininfintymexbrock.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainirocketxmtm.hopto.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainizt89bydzi.dynns.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainj1d3c3mex.homesecuritypc.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainjinfintymexbr.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainjxjmrpc797bm.mydissent.net	JanelaRAT botnet C2 domain (confidence level: 100%)
domainkakarotomx.dnsfor.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainkktkarotomx.dnsfor.me	JanelaRAT botnet C2 domain (confidence level: 100%)
domainmegaskigoldmex.dvrcam.info	JanelaRAT botnet C2 domain (confidence level: 100%)
domainminfintymexbr.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainmyfunbmdablo99.hosthampster.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainmyinfintyme09.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainrexsrupmoney979.ditchyourip.com	JanelaRAT botnet C2 domain (confidence level: 100%)
domainskigoldmex.dvrcam.info	JanelaRAT botnet C2 domain (confidence level: 100%)
domainzeedinfintymexbrock.geekgalaxy.com	JanelaRAT botnet C2 domain (confidence level: 100%)

Threat ID: 6828eab9e1a0c275ea6e31d9

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 6/17/2025, 10:34:29 AM

Last updated: 7/29/2025, 12:50:05 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2023-08-11

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2023-08-11

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Ip dst|port

Domain

Related Threats

ThreatFox IOCs for 2025-08-13

ThreatFox IOCs for 2025-08-12

ThreatFox IOCs for 2025-08-11

ThreatFox IOCs for 2025-08-10

ThreatFox IOCs for 2025-08-09

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility