ThreatFox IOCs for 2023-09-22
Severity: mediumType: malware
ThreatFox IOCs for 2023-09-22
AI Analysis
Technical Summary
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on 2023-09-22 by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) activities. However, no specific malware family, affected software versions, or detailed technical indicators are provided. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting limited analysis depth but moderate distribution potential. There are no known exploits in the wild linked to this threat, and no Common Weakness Enumerations (CWEs) or patch information is available. The absence of concrete technical details, such as attack vectors, payload characteristics, or targeted vulnerabilities, limits the ability to perform an in-depth technical dissection. The threat appears to be a collection or update of IOCs rather than a novel malware strain or exploit. The tags indicate that the information is classified as TLP:WHITE, meaning it is intended for public sharing without restriction, and is related to OSINT, implying the data may be used for detection or research rather than representing an active, sophisticated threat campaign. Overall, this threat represents a medium-severity malware-related intelligence update with limited actionable technical specifics.
Potential Impact
Given the lack of detailed technical information and absence of known exploits in the wild, the immediate impact on European organizations is likely limited. The threat primarily serves as an intelligence update, potentially aiding defenders in identifying malicious activity through shared IOCs. However, if these IOCs correspond to emerging malware or attack campaigns, organizations that fail to integrate this intelligence into their detection systems may face increased risk of undetected compromise. The medium severity rating suggests some potential for disruption or data compromise, but without specifics, it is difficult to quantify. European organizations relying on OSINT feeds for threat detection can benefit from incorporating these IOCs to enhance their situational awareness. The absence of affected versions or products indicates no direct vulnerability exploitation, reducing the risk of widespread impact. Nonetheless, organizations in sectors with high threat exposure, such as finance, critical infrastructure, and government, should remain vigilant. The threat's distribution score hints at moderate dissemination, which could translate to broader targeting or scanning activities that might impact network availability or integrity if leveraged in attacks.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain up-to-date situational awareness. 3. Conduct targeted threat hunting exercises using the IOCs to identify any latent compromises or suspicious activities within the network. 4. Strengthen network segmentation and implement strict access controls to limit lateral movement in case of infection. 5. Educate security teams on the nature of OSINT-derived intelligence and encourage proactive analysis to contextualize such data within organizational threat models. 6. Since no patches or CVEs are associated, focus on behavioral detection and anomaly monitoring rather than patch management for this specific threat. 7. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to validate and enrich the intelligence context.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://js.yalafix.com:443/checkin
- url: http://js.yalafix.com:443/logo.jpg
- file: 60.204.220.208
- hash: 80
- file: 45.63.7.212
- hash: 8888
- url: http://efeuhot.ua/single.php
- url: http://213.159.208.100/5downloads/mariadbcdnmulti/0php/7/base07geo/08/3/wp3video/4auth0/longpoll/external/wpeternal/processor/testbetter/6temporarymariadb/serverpython/670image/vm/processdb.php
- file: 43.143.148.198
- hash: 9999
- domain: encagil.com
- domain: explorecell.com
- domain: mode.encagil.com
- domain: ssl.explorecell.com
- domain: specialnewspaper.com
- domain: specialtaskevents.com
- domain: stablelightway.com
- domain: cdn.specialtaskevents.com
- domain: go.specialnewspaper.com
- domain: goto.stablelightway.com
- domain: trend.stablelightway.com
- domain: beatylines.com
- domain: descriptionscripts.com
- domain: dofollowgreenline.com
- domain: firstblackphase.com
- domain: sortyellowapples.com
- domain: specialblueitems.com
- domain: statisticline.com
- domain: violetlovelines.com
- domain: ack.firstblackphase.com
- domain: away.firstblackphase.com
- domain: ay.specialblueitems.com
- domain: back.firstblackphase.com
- domain: block.descriptionscripts.com
- domain: cdn.statisticline.com
- domain: cdn.violetlovelines.com
- domain: check.statisticline.com
- domain: comcdn.statisticline.com
- domain: come.sortyellowapples.com
- domain: comtrack.violetlovelines.com
- domain: cripts.dofollowgreenline.com
- domain: dns.firstblackphase.com
- domain: e.sortyellowapples.com
- domain: far.statisticline.com
- domain: fire.descriptionscripts.com
- domain: for.firstblackphase.com
- domain: for.sortyellowapples.com
- domain: get.firstblackphase.com
- domain: get.sortyellowapples.com
- domain: goaway.dofollowgreenline.com
- domain: light.specialblueitems.com
- domain: line.beatylines.com
- domain: main.weatherplllatform.com
- domain: pista.violetlovelines.com
- domain: rack.violetlovelines.com
- domain: reway.specialblueitems.com
- domain: script.dofollowgreenline.com
- domain: scripts.dofollowgreenline.com
- domain: select.sortyellowapples.com
- domain: shop.similarwebline.com
- domain: stat.descriptionscripts.com
- domain: stats.statisticline.com
- domain: stay.trackersline.com
- domain: step.descriptionscripts.com
- domain: step.firstblackphase.com
- domain: stock.statisticline.com
- domain: store.firstblackphase.com
- domain: trac.violetlovelines.com
- domain: track.firstblackphase.com
- domain: track.violetlovelines.com
- domain: way.specialblueitems.com
- domain: scriptsplatform.com
- domain: away.scriptsplatform.com
- domain: cdn.scriptsplatform.com
- domain: come.scriptsplatform.com
- domain: get.scriptsplatform.com
- domain: statistic.scriptsplatform.com
- domain: statistics.scriptsplatform.com
- domain: top.scriptsplatform.com
- domain: cdn.clickandanalytics.com
- domain: click.clickandanalytics.com
- domain: come.clickandanalytics.com
- domain: get.clickandanalytics.com
- domain: put.clickandanalytics.com
- domain: apis.stratosbody.com
- domain: away.linestoget.com
- domain: away.stratosbody.com
- domain: collect.clickandanalytics.com
- domain: fly.stratosbody.com
- domain: get.linestoget.com
- domain: go.linestoget.com
- domain: lists.clickandanalytics.com
- domain: sleep.stratosbody.com
- domain: spot.scriptsplatform.com
- domain: step.linestoget.com
- domain: stay.linestoget.com
- domain: stay.stratosbody.com
- domain: trace.stratosbody.com
- domain: way.trackersline.com
- domain: collect.getmygateway.com
- domain: gate.getmygateway.com
- domain: space.getmygateway.com
- domain: spot.getmygateway.com
- file: 2.56.212.66
- hash: 443
- file: 13.237.195.116
- hash: 443
- file: 3.95.241.204
- hash: 443
- file: 54.241.197.226
- hash: 443
- file: 3.82.225.224
- hash: 443
- file: 54.66.136.198
- hash: 443
- file: 194.58.71.17
- hash: 7771
- file: 54.67.19.155
- hash: 443
- file: 51.250.91.99
- hash: 443
- file: 54.67.100.168
- hash: 443
- file: 184.169.223.42
- hash: 443
- file: 54.151.74.195
- hash: 443
- file: 140.210.94.185
- hash: 443
- file: 39.104.17.212
- hash: 443
- file: 69.164.208.254
- hash: 443
- file: 54.151.68.59
- hash: 443
- file: 116.122.117.97
- hash: 8081
- url: http://eeepdcn.ua/single.php
- file: 47.103.13.224
- hash: 9999
- domain: remote.mrkorosh.site
- domain: mrkorosh.site
- domain: irsa.fartit.com
- url: https://remote.mrkorosh.site/config/-1001830809790
- url: https://remote.mrkorosh.site/api/-1001830809790
- url: https://irsa.fartit.com/rat.php
- file: 39.104.23.152
- hash: 443
- domain: witheveryregistration.click
- url: https://witheveryregistration.click/los/panel.php
- url: https://witheveryregistration.click/los/panel.php?link
- url: https://witheveryregistration.click/los
- url: https://witheveryregistration.click/
- file: 5.255.117.149
- hash: 80
- file: 5.255.117.149
- hash: 443
- domain: hadespanel.online
- url: http://5.255.117.149//rat.php
- url: http://5.255.117.149/rat.php
- url: http://5.255.117.149/
- url: https://raw.githubusercontent.com/sirosirani/hades-panel/main/url.txt
- url: https://hadespanel.online/ratsaz/ports/
- url: https://hadespanel.online/ratsaz
- url: https://uilscvnzdds.shop/sahamedalat.apk
- url: https://rimote.dns2.us/pri/web.txt
- url: https://uilscvnzdds.shop/autopay-/
- url: https://rimote.dns2.us/pri/log.php
- url: https://uilscvnzdds.shop/autopay-/index.php
- domain: uilscvnzdds.shop
- file: 45.12.2.230
- hash: 443
- file: 185.243.114.63
- hash: 443
- file: 149.56.95.151
- hash: 7443
- file: 69.57.161.144
- hash: 443
- url: https://cczqyvuy812jdy.com/vvmd54/
- url: https://cczqyvuy812jdy.com/zgbn19mx
- url: https://cczqyvuy812jdy.com/lander/chrome_1695206714/_index.php
- file: 193.142.59.76
- hash: 6322
- file: 193.142.59.76
- hash: 5689
- file: 47.100.170.9
- hash: 81
- url: http://upcloudser.online/owa/
- url: http://190.211.252.251/owa/
- file: 190.211.252.251
- hash: 80
- url: https://qocmkassa.store/jquery-3.3.1.min.js
- domain: qocmkassa.store
- url: http://5.181.80.82:8080/apiv8/getstatus
- url: http://185.216.71.207/_errorpages/space/five/fre.php
- file: 185.216.71.207
- hash: 80
- file: 78.171.102.209
- hash: 3001
- file: 92.38.135.233
- hash: 3790
- file: 54.176.193.133
- hash: 443
- file: 193.161.193.99
- hash: 31507
- url: http://193.168.141.163/4b91eb784a77478c.php
- url: http://makui.kriptonhosting.store/b1b0a368.php
- url: http://cczqyvuy812jdy.com/zgbn19mx
- url: http://cczqyvuy812jdy.com/lander/chrome_1695206714/_index.php
- domain: cczqyvuy812jdy.com
- file: 118.184.186.182
- hash: 42937
- file: 114.118.5.136
- hash: 50051
- file: 114.118.5.136
- hash: 9443
- file: 43.133.231.48
- hash: 80
- file: 43.133.231.48
- hash: 45887
- file: 185.164.172.245
- hash: 8888
- file: 185.164.172.245
- hash: 26668
- file: 81.200.47.66
- hash: 443
- file: 92.116.88.238
- hash: 443
- file: 172.96.137.159
- hash: 8080
- file: 172.96.137.159
- hash: 2181
- file: 45.56.165.30
- hash: 80
- file: 18.222.127.73
- hash: 445
- file: 137.184.125.135
- hash: 80
- file: 154.12.83.50
- hash: 8899
- file: 107.175.172.131
- hash: 8888
- file: 120.27.193.222
- hash: 8888
- file: 207.148.76.137
- hash: 8888
- file: 43.138.25.144
- hash: 8888
- file: 35.158.159.254
- hash: 10357
- file: 3.121.139.82
- hash: 10357
- file: 52.28.112.211
- hash: 10357
- domain: away.specialnewspaper.com
- url: http://5.42.75.167/
- file: 5.42.75.167
- hash: 80
- url: http://20.237.12.116/jquery-3.3.1.min.js
- file: 20.237.12.116
- hash: 80
- url: https://110.42.206.10:8080/p/freemail/lib/polyfill/es5-polyfill.js
- url: http://ccodoom.net/single.php
- file: 194.29.187.194
- hash: 443
- file: 88.151.182.150
- hash: 3790
- file: 47.245.105.130
- hash: 3790
- url: https://113.31.111.220/dequeue/faculty/201njgw7n8nx
- file: 113.31.111.220
- hash: 443
- url: https://mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com/display/chan/ib61i7mya
- domain: mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com
- file: 82.156.136.79
- hash: 443
- url: https://119.29.106.110/__utm.gif
- file: 119.29.106.110
- hash: 443
- url: https://91.238.181.238/validate/v10.6/w2ge3sc8
- file: 91.238.181.238
- hash: 443
- url: http://91.238.181.238:3389/validate/v10.6/w2ge3sc8
- url: https://54.215.87.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 54.215.87.253
- hash: 443
- url: https://1.94.3.150/ptj
- file: 1.94.3.150
- hash: 443
- file: 62.234.48.219
- hash: 80
- file: 45.81.39.16
- hash: 443
- file: 94.198.53.89
- hash: 443
- file: 172.86.75.7
- hash: 3790
- domain: whitedrill.org
- domain: sevenpunches.org
- domain: throatpills.org
- domain: machinetext.org
- file: 95.214.26.35
- hash: 443
- file: 193.124.125.110
- hash: 443
- domain: miira.live
- file: 139.59.235.156
- hash: 53
- domain: ns1.jd-1111.cn
- domain: ns2.jd-1111.cn
- file: 62.234.13.73
- hash: 53
- domain: ns12.clsr.ca
- file: 178.128.193.49
- hash: 53
- domain: ns.iloveflag.com
- file: 43.142.60.207
- hash: 53
- domain: india.tosoh.cloudns.ph
- file: 94.131.8.31
- hash: 53
- domain: upd.cndlogstics.com
- file: 47.92.27.193
- hash: 53
- domain: ns1.microsoft2888.top
- file: 1.117.93.65
- hash: 53
- url: http://8.130.128.97/fwlink
- url: http://124.223.83.171:8055/activity
- url: http://fesportal.com/forum/index.php
- file: 95.214.26.29
- hash: 443
- url: https://47.236.19.63/cx
- url: https://service-2rm5s5ep-1304892907.bj.apigw.tencentcs.com/api/x
- domain: service-2rm5s5ep-1304892907.bj.apigw.tencentcs.com
- url: https://service-hzdzk12c-1318485841.gz.apigw.tencentcs.com/push
- url: https://107.189.13.227/visit.js
- url: http://123.207.5.159:89/j.ad
- url: http://43.138.62.36:9000/cm
- url: https://47.101.41.158:37676/pixel.gif
- url: http://82.157.110.128/fwlink
- file: 101.43.96.246
- hash: 8443
- domain: ioiubby73b1n.com
- file: 109.248.206.101
- hash: 443
- file: 39.104.72.59
- hash: 443
- file: 39.106.75.77
- hash: 80
- file: 114.115.180.116
- hash: 80
- file: 104.250.180.178
- hash: 7902
- file: 8.219.143.100
- hash: 7771
- url: https://101.32.186.170/en_us/all.js
- file: 43.128.26.96
- hash: 443
- url: http://124.221.0.93:7080/push
- url: http://43.139.221.182:6666/cx
- url: https://138.68.91.128:4443/owa/
- url: http://110.40.157.87/match
- url: https://cdn.apiadmin.live:8443/index/
- domain: cdn.apiadmin.live
- file: 121.37.202.214
- hash: 8443
- url: https://106.75.251.66:8443/j.ad
- url: http://60.204.220.208/cm
- file: 114.55.93.79
- hash: 80
- url: http://148.66.2.194:8080/fwlink
- file: 148.66.2.196
- hash: 8080
- url: http://119.29.145.4:8080/en_us/all.js
- url: https://service-oocpa72a-1305610678.gz.apigw.tencentcs.com/api/x
- domain: service-oocpa72a-1305610678.gz.apigw.tencentcs.com
- file: 47.243.85.106
- hash: 443
- url: https://124.221.206.123:8443/en_us/all.js
- url: https://176.113.115.54/match
- file: 154.53.51.233
- hash: 5200
- url: http://176.123.8.152/0fad59ad7536045a.php
- file: 172.233.255.68
- hash: 4020
- file: 5.79.79.210
- hash: 80
- domain: dns1.noreply-alert.cloud
- file: 35.183.12.131
- hash: 53
- file: 94.228.168.51
- hash: 8081
- file: 94.228.168.51
- hash: 50500
- url: http://94.228.168.51/login
- file: 185.209.160.70
- hash: 7545
- file: 104.194.222.70
- hash: 5000
- file: 43.139.241.58
- hash: 109
- file: 45.56.165.30
- hash: 8000
- file: 134.122.54.122
- hash: 80
- file: 54.171.200.92
- hash: 5985
- file: 18.203.66.157
- hash: 443
- file: 18.224.23.33
- hash: 445
- file: 65.20.82.227
- hash: 443
- file: 65.20.84.68
- hash: 443
- file: 179.43.163.120
- hash: 8008
- url: https://tsvsnjv.com/damage/references/m36h9ayj6
- domain: tsvsnjv.com
- url: http://185.106.92.110/_defaultwindows.php
- file: 45.61.137.128
- hash: 22057
- url: http://f0861908.xsph.ru/l1nc0in.php
- url: https://139.59.235.156/_/scs/mail-static/_/js/
- file: 139.59.235.156
- hash: 443
ThreatFox IOCs for 2023-09-22
Medium
Published: Fri Sep 22 2023 (09/22/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2023-09-22
AI-Powered Analysis
AILast updated: 06/18/2025, 19:31:59 UTC
Technical Analysis
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on 2023-09-22 by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) activities. However, no specific malware family, affected software versions, or detailed technical indicators are provided. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting limited analysis depth but moderate distribution potential. There are no known exploits in the wild linked to this threat, and no Common Weakness Enumerations (CWEs) or patch information is available. The absence of concrete technical details, such as attack vectors, payload characteristics, or targeted vulnerabilities, limits the ability to perform an in-depth technical dissection. The threat appears to be a collection or update of IOCs rather than a novel malware strain or exploit. The tags indicate that the information is classified as TLP:WHITE, meaning it is intended for public sharing without restriction, and is related to OSINT, implying the data may be used for detection or research rather than representing an active, sophisticated threat campaign. Overall, this threat represents a medium-severity malware-related intelligence update with limited actionable technical specifics.
Potential Impact
Given the lack of detailed technical information and absence of known exploits in the wild, the immediate impact on European organizations is likely limited. The threat primarily serves as an intelligence update, potentially aiding defenders in identifying malicious activity through shared IOCs. However, if these IOCs correspond to emerging malware or attack campaigns, organizations that fail to integrate this intelligence into their detection systems may face increased risk of undetected compromise. The medium severity rating suggests some potential for disruption or data compromise, but without specifics, it is difficult to quantify. European organizations relying on OSINT feeds for threat detection can benefit from incorporating these IOCs to enhance their situational awareness. The absence of affected versions or products indicates no direct vulnerability exploitation, reducing the risk of widespread impact. Nonetheless, organizations in sectors with high threat exposure, such as finance, critical infrastructure, and government, should remain vigilant. The threat's distribution score hints at moderate dissemination, which could translate to broader targeting or scanning activities that might impact network availability or integrity if leveraged in attacks.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) platforms to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of OSINT data to maintain up-to-date situational awareness. 3. Conduct targeted threat hunting exercises using the IOCs to identify any latent compromises or suspicious activities within the network. 4. Strengthen network segmentation and implement strict access controls to limit lateral movement in case of infection. 5. Educate security teams on the nature of OSINT-derived intelligence and encourage proactive analysis to contextualize such data within organizational threat models. 6. Since no patches or CVEs are associated, focus on behavioral detection and anomaly monitoring rather than patch management for this specific threat. 7. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to validate and enrich the intelligence context.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0f4788d1-a982-4c67-b73c-bf7cdaf514f2
- Original Timestamp
- 1695427386
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://js.yalafix.com:443/checkin | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://js.yalafix.com:443/logo.jpg | Meterpreter payload delivery URL (confidence level: 100%) | |
urlhttp://efeuhot.ua/single.php | TeamSpy botnet C2 (confidence level: 100%) | |
urlhttp://213.159.208.100/5downloads/mariadbcdnmulti/0php/7/base07geo/08/3/wp3video/4auth0/longpoll/external/wpeternal/processor/testbetter/6temporarymariadb/serverpython/670image/vm/processdb.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://eeepdcn.ua/single.php | TeamSpy botnet C2 (confidence level: 100%) | |
urlhttps://remote.mrkorosh.site/config/-1001830809790 | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://remote.mrkorosh.site/api/-1001830809790 | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://irsa.fartit.com/rat.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://witheveryregistration.click/los/panel.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://witheveryregistration.click/los/panel.php?link | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://witheveryregistration.click/los | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://witheveryregistration.click/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://5.255.117.149//rat.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://5.255.117.149/rat.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://5.255.117.149/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://raw.githubusercontent.com/sirosirani/hades-panel/main/url.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://hadespanel.online/ratsaz/ports/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://hadespanel.online/ratsaz | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://uilscvnzdds.shop/sahamedalat.apk | IRATA payload delivery URL (confidence level: 100%) | |
urlhttps://rimote.dns2.us/pri/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://uilscvnzdds.shop/autopay-/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://rimote.dns2.us/pri/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://uilscvnzdds.shop/autopay-/index.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://cczqyvuy812jdy.com/vvmd54/ | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cczqyvuy812jdy.com/zgbn19mx | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cczqyvuy812jdy.com/lander/chrome_1695206714/_index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://upcloudser.online/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://190.211.252.251/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://qocmkassa.store/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.181.80.82:8080/apiv8/getstatus | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.216.71.207/_errorpages/space/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://193.168.141.163/4b91eb784a77478c.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://makui.kriptonhosting.store/b1b0a368.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cczqyvuy812jdy.com/zgbn19mx | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://cczqyvuy812jdy.com/lander/chrome_1695206714/_index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://5.42.75.167/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://20.237.12.116/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://110.42.206.10:8080/p/freemail/lib/polyfill/es5-polyfill.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://ccodoom.net/single.php | TeamSpy botnet C2 (confidence level: 100%) | |
urlhttps://113.31.111.220/dequeue/faculty/201njgw7n8nx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://mobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com/display/chan/ib61i7mya | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://119.29.106.110/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://91.238.181.238/validate/v10.6/w2ge3sc8 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://91.238.181.238:3389/validate/v10.6/w2ge3sc8 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://54.215.87.253/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://1.94.3.150/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://8.130.128.97/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.223.83.171:8055/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://fesportal.com/forum/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://47.236.19.63/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-2rm5s5ep-1304892907.bj.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-hzdzk12c-1318485841.gz.apigw.tencentcs.com/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://107.189.13.227/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://123.207.5.159:89/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.62.36:9000/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.101.41.158:37676/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://82.157.110.128/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://101.32.186.170/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.221.0.93:7080/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.139.221.182:6666/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://138.68.91.128:4443/owa/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://110.40.157.87/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://cdn.apiadmin.live:8443/index/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://106.75.251.66:8443/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://60.204.220.208/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://148.66.2.194:8080/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://119.29.145.4:8080/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://service-oocpa72a-1305610678.gz.apigw.tencentcs.com/api/x | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.221.206.123:8443/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://176.113.115.54/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://176.123.8.152/0fad59ad7536045a.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://94.228.168.51/login | RisePro botnet C2 (confidence level: 100%) | |
urlhttps://tsvsnjv.com/damage/references/m36h9ayj6 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.106.92.110/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://f0861908.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://139.59.235.156/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file60.204.220.208 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file45.63.7.212 | Sliver botnet C2 server (confidence level: 100%) | |
file43.143.148.198 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file2.56.212.66 | BitRAT botnet C2 server (confidence level: 80%) | |
file13.237.195.116 | IcedID botnet C2 server (confidence level: 80%) | |
file3.95.241.204 | IcedID botnet C2 server (confidence level: 80%) | |
file54.241.197.226 | IcedID botnet C2 server (confidence level: 80%) | |
file3.82.225.224 | IcedID botnet C2 server (confidence level: 80%) | |
file54.66.136.198 | IcedID botnet C2 server (confidence level: 80%) | |
file194.58.71.17 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.67.19.155 | IcedID botnet C2 server (confidence level: 80%) | |
file51.250.91.99 | IcedID botnet C2 server (confidence level: 80%) | |
file54.67.100.168 | IcedID botnet C2 server (confidence level: 80%) | |
file184.169.223.42 | IcedID botnet C2 server (confidence level: 80%) | |
file54.151.74.195 | IcedID botnet C2 server (confidence level: 80%) | |
file140.210.94.185 | IcedID botnet C2 server (confidence level: 80%) | |
file39.104.17.212 | IcedID botnet C2 server (confidence level: 80%) | |
file69.164.208.254 | IcedID botnet C2 server (confidence level: 80%) | |
file54.151.68.59 | IcedID botnet C2 server (confidence level: 80%) | |
file116.122.117.97 | Orcus RAT botnet C2 server (confidence level: 80%) | |
file47.103.13.224 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file39.104.23.152 | IcedID botnet C2 server (confidence level: 80%) | |
file5.255.117.149 | IRATA botnet C2 server (confidence level: 100%) | |
file5.255.117.149 | IRATA botnet C2 server (confidence level: 100%) | |
file45.12.2.230 | BianLian botnet C2 server (confidence level: 80%) | |
file185.243.114.63 | BianLian botnet C2 server (confidence level: 80%) | |
file149.56.95.151 | BianLian botnet C2 server (confidence level: 80%) | |
file69.57.161.144 | BianLian botnet C2 server (confidence level: 80%) | |
file193.142.59.76 | Remcos botnet C2 server (confidence level: 100%) | |
file193.142.59.76 | Remcos botnet C2 server (confidence level: 75%) | |
file47.100.170.9 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file190.211.252.251 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.216.71.207 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 50%) | |
file78.171.102.209 | AsyncRAT botnet C2 server (confidence level: 80%) | |
file92.38.135.233 | Meterpreter botnet C2 server (confidence level: 80%) | |
file54.176.193.133 | IcedID botnet C2 server (confidence level: 80%) | |
file193.161.193.99 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file118.184.186.182 | Sliver botnet C2 server (confidence level: 50%) | |
file114.118.5.136 | Sliver botnet C2 server (confidence level: 50%) | |
file114.118.5.136 | Sliver botnet C2 server (confidence level: 50%) | |
file43.133.231.48 | Sliver botnet C2 server (confidence level: 50%) | |
file43.133.231.48 | Sliver botnet C2 server (confidence level: 50%) | |
file185.164.172.245 | Sliver botnet C2 server (confidence level: 50%) | |
file185.164.172.245 | Sliver botnet C2 server (confidence level: 50%) | |
file81.200.47.66 | Deimos botnet C2 server (confidence level: 50%) | |
file92.116.88.238 | Deimos botnet C2 server (confidence level: 50%) | |
file172.96.137.159 | BianLian botnet C2 server (confidence level: 50%) | |
file172.96.137.159 | BianLian botnet C2 server (confidence level: 50%) | |
file45.56.165.30 | BianLian botnet C2 server (confidence level: 50%) | |
file18.222.127.73 | Responder botnet C2 server (confidence level: 50%) | |
file137.184.125.135 | Responder botnet C2 server (confidence level: 50%) | |
file154.12.83.50 | Unknown malware botnet C2 server (confidence level: 50%) | |
file107.175.172.131 | Unknown malware botnet C2 server (confidence level: 50%) | |
file120.27.193.222 | Unknown malware botnet C2 server (confidence level: 50%) | |
file207.148.76.137 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.138.25.144 | Unknown malware botnet C2 server (confidence level: 50%) | |
file35.158.159.254 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file3.121.139.82 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file52.28.112.211 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file5.42.75.167 | Vidar botnet C2 server (confidence level: 100%) | |
file20.237.12.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.29.187.194 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file88.151.182.150 | Meterpreter botnet C2 server (confidence level: 80%) | |
file47.245.105.130 | Meterpreter botnet C2 server (confidence level: 80%) | |
file113.31.111.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.136.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.29.106.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.238.181.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.215.87.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.3.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.48.219 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file45.81.39.16 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file94.198.53.89 | Unknown malware botnet C2 server (confidence level: 80%) | |
file172.86.75.7 | Meterpreter botnet C2 server (confidence level: 80%) | |
file95.214.26.35 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file193.124.125.110 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file139.59.235.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.13.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.128.193.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.142.60.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.131.8.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.27.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.117.93.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.214.26.29 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file101.43.96.246 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file109.248.206.101 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file39.104.72.59 | IcedID botnet C2 server (confidence level: 80%) | |
file39.106.75.77 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file114.115.180.116 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file104.250.180.178 | Remcos botnet C2 server (confidence level: 75%) | |
file8.219.143.100 | SpyNote botnet C2 server (confidence level: 75%) | |
file43.128.26.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.202.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.55.93.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.243.85.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.53.51.233 | Ave Maria botnet C2 server (confidence level: 100%) | |
file172.233.255.68 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file5.79.79.210 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file35.183.12.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.228.168.51 | RisePro botnet C2 server (confidence level: 100%) | |
file94.228.168.51 | RisePro botnet C2 server (confidence level: 100%) | |
file185.209.160.70 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.194.222.70 | BianLian botnet C2 server (confidence level: 50%) | |
file43.139.241.58 | BianLian botnet C2 server (confidence level: 50%) | |
file45.56.165.30 | BianLian botnet C2 server (confidence level: 50%) | |
file134.122.54.122 | Havoc botnet C2 server (confidence level: 50%) | |
file54.171.200.92 | Responder botnet C2 server (confidence level: 50%) | |
file18.203.66.157 | Responder botnet C2 server (confidence level: 50%) | |
file18.224.23.33 | Responder botnet C2 server (confidence level: 50%) | |
file65.20.82.227 | pupy botnet C2 server (confidence level: 50%) | |
file65.20.84.68 | pupy botnet C2 server (confidence level: 50%) | |
file179.43.163.120 | DCRat botnet C2 server (confidence level: 50%) | |
file45.61.137.128 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file139.59.235.156 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8888 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | BitRAT botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash7771 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash8081 | Orcus RAT botnet C2 server (confidence level: 80%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash80 | IRATA botnet C2 server (confidence level: 100%) | |
hash443 | IRATA botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 80%) | |
hash443 | BianLian botnet C2 server (confidence level: 80%) | |
hash7443 | BianLian botnet C2 server (confidence level: 80%) | |
hash443 | BianLian botnet C2 server (confidence level: 80%) | |
hash6322 | Remcos botnet C2 server (confidence level: 100%) | |
hash5689 | Remcos botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 50%) | |
hash3001 | AsyncRAT botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash31507 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash42937 | Sliver botnet C2 server (confidence level: 50%) | |
hash50051 | Sliver botnet C2 server (confidence level: 50%) | |
hash9443 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Sliver botnet C2 server (confidence level: 50%) | |
hash45887 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash26668 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | Deimos botnet C2 server (confidence level: 50%) | |
hash8080 | BianLian botnet C2 server (confidence level: 50%) | |
hash2181 | BianLian botnet C2 server (confidence level: 50%) | |
hash80 | BianLian botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash80 | Responder botnet C2 server (confidence level: 50%) | |
hash8899 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10357 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash10357 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash10357 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | IcedID botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash7902 | Remcos botnet C2 server (confidence level: 75%) | |
hash7771 | SpyNote botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5200 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash4020 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | RisePro botnet C2 server (confidence level: 100%) | |
hash50500 | RisePro botnet C2 server (confidence level: 100%) | |
hash7545 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5000 | BianLian botnet C2 server (confidence level: 50%) | |
hash109 | BianLian botnet C2 server (confidence level: 50%) | |
hash8000 | BianLian botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash5985 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | pupy botnet C2 server (confidence level: 50%) | |
hash443 | pupy botnet C2 server (confidence level: 50%) | |
hash8008 | DCRat botnet C2 server (confidence level: 50%) | |
hash22057 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainencagil.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainexplorecell.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmode.encagil.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainssl.explorecell.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspecialnewspaper.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspecialtaskevents.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstablelightway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincdn.specialtaskevents.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingo.specialnewspaper.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingoto.stablelightway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintrend.stablelightway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainbeatylines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindescriptionscripts.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindofollowgreenline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfirstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsortyellowapples.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspecialblueitems.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstatisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainvioletlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainack.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaway.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainay.specialblueitems.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainback.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainblock.descriptionscripts.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincdn.statisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincdn.violetlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.statisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincomcdn.statisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincome.sortyellowapples.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincomtrack.violetlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincripts.dofollowgreenline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindns.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaine.sortyellowapples.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfar.statisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfire.descriptionscripts.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfor.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfor.sortyellowapples.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainget.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainget.sortyellowapples.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingoaway.dofollowgreenline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlight.specialblueitems.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainline.beatylines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmain.weatherplllatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainpista.violetlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainrack.violetlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainreway.specialblueitems.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainscript.dofollowgreenline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainscripts.dofollowgreenline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainselect.sortyellowapples.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainshop.similarwebline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstat.descriptionscripts.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstats.statisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstay.trackersline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstep.descriptionscripts.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstep.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstock.statisticline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstore.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintrac.violetlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintrack.firstblackphase.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintrack.violetlovelines.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainway.specialblueitems.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainscriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaway.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincdn.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincome.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainget.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstatistic.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstatistics.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintop.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincdn.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainclick.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincome.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainget.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainput.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainapis.stratosbody.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaway.linestoget.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaway.stratosbody.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincollect.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfly.stratosbody.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainget.linestoget.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingo.linestoget.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlists.clickandanalytics.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsleep.stratosbody.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspot.scriptsplatform.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstep.linestoget.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstay.linestoget.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainstay.stratosbody.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintrace.stratosbody.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainway.trackersline.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincollect.getmygateway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingate.getmygateway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspace.getmygateway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspot.getmygateway.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainremote.mrkorosh.site | IRATA botnet C2 domain (confidence level: 100%) | |
domainmrkorosh.site | IRATA botnet C2 domain (confidence level: 100%) | |
domainirsa.fartit.com | IRATA botnet C2 domain (confidence level: 100%) | |
domainwitheveryregistration.click | IRATA botnet C2 domain (confidence level: 100%) | |
domainhadespanel.online | IRATA botnet C2 domain (confidence level: 100%) | |
domainuilscvnzdds.shop | IRATA botnet C2 domain (confidence level: 100%) | |
domainqocmkassa.store | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincczqyvuy812jdy.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainaway.specialnewspaper.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmobile.static.apiproxy.cloud.360.net.cdn.dnsv1.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwhitedrill.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainsevenpunches.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainthroatpills.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmachinetext.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainmiira.live | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainns1.jd-1111.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainns2.jd-1111.cn | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainns12.clsr.ca | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainns.iloveflag.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainindia.tosoh.cloudns.ph | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainupd.cndlogstics.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainns1.microsoft2888.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainservice-2rm5s5ep-1304892907.bj.apigw.tencentcs.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainioiubby73b1n.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincdn.apiadmin.live | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainservice-oocpa72a-1305610678.gz.apigw.tencentcs.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindns1.noreply-alert.cloud | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaintsvsnjv.com | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7baad3ddd8cef2ea7021
Added to database: 5/19/2025, 6:42:50 PM
Last enriched: 6/18/2025, 7:31:59 PM
Last updated: 8/16/2025, 11:33:36 AM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.