ThreatFox IOCs for 2023-10-28
Severity: mediumType: unknown
ThreatFox IOCs for 2023-10-28
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-28 via ThreatFox, a platform for sharing threat intelligence. However, the data lacks specific technical details about the nature of the threat, affected systems, attack vectors, or malware involved. The threat type is marked as 'unknown,' and no affected software versions or CWE identifiers are provided. The threat level is indicated as 2 (on an unspecified scale), with minimal analysis (1) and moderate distribution (3). No known exploits are reported in the wild, and no patch links or mitigation details are included. The tags indicate this is OSINT (Open Source Intelligence) data with a TLP (Traffic Light Protocol) white classification, meaning it is public information. The absence of concrete technical indicators or exploit details limits the ability to provide a detailed technical explanation. Essentially, this entry appears to be a placeholder or a general IOC update without actionable threat specifics.
Potential Impact
Due to the lack of detailed information about the threat, its attack vectors, or targeted systems, it is challenging to assess the direct impact on European organizations. The medium severity rating suggests some level of concern, but without concrete exploit data or affected products, the potential impact remains speculative. Generally, IOCs help organizations detect and respond to threats, so the availability of these IOCs could aid European cybersecurity teams in early detection if these indicators correspond to active or emerging threats. However, since no known exploits are reported and no specific vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability for European entities is likely low to medium at this stage.
Mitigation Recommendations
Given the limited information, practical mitigation steps include integrating these IOCs into existing security monitoring tools such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) systems to enhance detection capabilities. Organizations should maintain up-to-date threat intelligence feeds and ensure their security teams are aware of the new IOCs for correlation with internal logs. Regularly reviewing and tuning detection rules to minimize false positives is advisable. Additionally, maintaining robust general cybersecurity hygiene—such as timely patching of known vulnerabilities, network segmentation, and user awareness training—remains critical. Since no specific vulnerabilities or exploits are identified, no targeted patches or configuration changes can be recommended at this time.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- ip-dst|port: 101.34.83.16|30002
- ip-dst|port: 104.238.35.163|8443
- url: http://175.24.176.154/api/settings
- ip-dst|port: 147.78.47.231|7777
- ip-dst|port: 92.116.89.214|443
- ip-dst|port: 161.189.238.234|443
- ip-dst|port: 104.238.35.163|80
- ip-dst|port: 104.238.35.163|8000
- ip-dst|port: 104.236.210.243|8080
- ip-dst|port: 45.56.165.27|8000
- ip-dst|port: 85.13.118.11|443
- ip-dst|port: 157.230.124.53|443
- ip-dst|port: 217.165.234.145|443
- ip-dst|port: 41.99.8.115|443
- ip-dst|port: 80.192.52.128|443
- ip-dst|port: 105.102.31.198|443
- ip-dst|port: 197.204.20.144|443
- ip-dst|port: 78.180.83.241|443
- ip-dst|port: 78.19.233.19|2222
- ip-dst|port: 112.213.101.73|1145
- ip-dst|port: 113.207.105.235|8888
- ip-dst|port: 222.88.186.81|23703
- ip-dst|port: 156.224.22.198|8888
- ip-dst|port: 139.144.31.103|1194
- ip-dst|port: 91.109.190.5|7707
- ip-dst|port: 62.233.50.25|7443
- ip-dst|port: 45.141.87.124|13
- ip-dst|port: 93.123.85.12|1791
- ip-dst|port: 45.142.214.121|2376
- ip-dst|port: 47.98.158.167|8888
- url: https://175.24.176.154:8443/api/settings
- url: http://5.75.188.83:3306/
- url: http://momalua.fun/api
- url: http://kusmanin.fun/api
- url: http://39.108.189.188:1111/j.ad
- domain: sdl.faqserv.com
- domain: cdm.faqserv.com
- domain: cfb.faqserv.com
- domain: adsh.vizvaz.com
- domain: rbm.faqserv.com
- url: http://20.51.226.216/_/scs/mail-static/_/js/
- url: http://185.225.74.128:8080/compare/v1.44/vxk7p0gbe8
- url: http://124.70.45.102:8090/j.ad
- url: http://89.23.103.35/cx
- url: http://103.61.0.241/load
- url: http://103.234.72.74/dot.gif
- ip-dst|port: 103.61.0.241|4444
- url: http://service-m2easdvn-1303971391.bj.apigw.tencentcs.com/api/getit
- domain: service-m2easdvn-1303971391.bj.apigw.tencentcs.com
- ip-dst|port: 139.224.206.244|80
- url: http://47.242.51.201/activity
- url: http://103.61.0.241:8080/en_us/all.js
- ip-dst|port: 65.21.101.233|4714
- ip-dst|port: 125.141.145.185|443
- url: http://85.175.101.203/activity
- domain: gamesstartf.xyz
- domain: nuevo2gameslop.xyz
- ip-dst|port: 146.0.79.25|11223
- url: http://121.40.66.171:85/push
- url: http://mouseoiet.fun/api
- url: http://boddyshow.fun/api
- ip-dst|port: 109.107.182.211|28913
- ip-dst|port: 198.37.111.235|15804
- ip-dst|port: 146.0.79.23|11224
- domain: nuevoconceti.xyz
- domain: repicdominic.xyz
- ip-dst|port: 185.222.58.238|55615
- ip-dst|port: 194.190.152.148|5871
- domain: 1.jangholi.info
- ip-dst|port: 188.121.110.191|53
- ip-dst|port: 41.103.29.232|999
- ip-dst|port: 94.131.98.34|443
- domain: www.buesem2021.com
- ip-dst|port: 185.81.157.112|6606
- ip-dst|port: 91.109.190.5|8808
- ip-dst|port: 187.24.69.150|8888
- ip-dst|port: 91.208.92.210|1411
- ip-dst|port: 197.246.196.91|9999
- ip-dst|port: 185.81.157.12|6666
- ip-dst|port: 141.164.37.178|6606
- ip-dst|port: 141.164.37.178|8808
- ip-dst|port: 107.148.8.5|4783
- ip-dst|port: 118.70.46.160|8080
- ip-dst|port: 81.161.229.91|6667
- ip-dst|port: 34.123.6.222|30006
- ip-dst|port: 108.142.191.239|443
- ip-dst|port: 108.142.191.247|443
- ip-dst|port: 139.224.198.190|8888
- ip-dst|port: 141.98.10.132|4444
- ip-dst|port: 185.196.9.51|23
- ip-dst|port: 46.30.188.150|62222
- ip-dst|port: 189.250.25.77|2086
- ip-dst|port: 189.250.25.77|2116
- ip-dst|port: 189.250.25.77|2125
- ip-dst|port: 189.250.25.77|2190
- ip-dst|port: 189.250.25.77|2281
- ip-dst|port: 189.250.25.77|1756
- ip-dst|port: 121.32.27.111|8002
- ip-dst|port: 88.99.46.160|31337
- domain: ec2-54-94-98-53.sa-east-1.compute.amazonaws.com
- domain: havoc.riggcorp.com
- ip-dst|port: 8.142.69.99|55443
- ip-dst|port: 162.14.74.124|88
- ip-dst|port: 54.147.120.150|5003
- ip-dst|port: 54.147.120.150|5004
- ip-dst|port: 149.88.71.219|81
- ip-dst|port: 43.138.39.212|8080
- ip-dst|port: 124.220.42.214|4433
- ip-dst|port: 165.22.234.230|443
- ip-dst|port: 103.247.29.175|8080
- ip-dst|port: 176.9.122.103|8080
- ip-dst|port: 156.224.26.49|5555
- ip-dst|port: 124.221.174.192|80
- ip-dst|port: 38.60.199.202|8443
- ip-dst|port: 8.219.251.170|80
- ip-dst|port: 8.130.128.97|8081
- ip-dst|port: 176.9.122.154|8080
- ip-dst|port: 123.57.30.117|22222
- ip-dst|port: 120.46.63.196|443
- domain: en.voiceaipro.com
- domain: en.voice-ai.store
- domain: voice.2005thavenue.com
- url: http://elizgerls.pw/api
- ip-dst|port: 75.119.142.33|3790
- ip-dst|port: 35.73.40.176|80
- ip-dst|port: 46.148.139.144|4444
- ip-dst|port: 104.238.35.163|5984
- ip-dst|port: 193.92.178.156|995
- ip-dst|port: 220.79.237.55|443
- ip-dst|port: 197.14.193.226|443
- ip-dst|port: 71.104.100.168|443
- ip-dst|port: 105.109.175.169|995
- ip-dst|port: 88.252.226.162|443
- ip-dst|port: 45.79.174.92|1194
- ip-dst|port: 185.106.94.167|5631
- ip-dst|port: 45.135.165.166|13172
- ip-dst|port: 194.26.135.137|80
- ip-dst|port: 78.153.130.231|5000
- ip-dst|port: 82.115.223.71|5000
- ip-dst|port: 94.142.138.170|5000
- ip-dst|port: 94.142.138.145|5000
- ip-dst|port: 94.142.138.58|5000
- ip-dst|port: 89.23.98.188|5000
- ip-dst|port: 195.123.209.20|5000
- ip-dst|port: 159.69.95.42|5000
- ip-dst|port: 46.8.210.75|5000
- ip-dst|port: 77.73.133.88|5000
- ip-dst|port: 83.243.122.151|80
- ip-dst|port: 80.85.141.108|3790
- ip-dst|port: 38.181.20.78|6000
- ip-dst|port: 104.243.47.102|8080
- ip-dst|port: 3.234.189.133|443
- ip-dst|port: 199.127.62.181|8080
- ip-dst|port: 95.181.173.181|80
- ip-dst|port: 178.236.247.9|80
- ip-dst|port: 185.26.239.246|81
- ip-dst|port: 212.118.52.90|80
- ip-dst|port: 8.217.23.144|80
- ip-dst|port: 45.150.65.121|80
- ip-dst|port: 20.0.25.177|80
- ip-dst|port: 178.236.246.39|80
- ip-dst|port: 109.107.181.169|80
- ip-dst|port: 79.137.207.44|80
- ip-dst|port: 78.141.239.24|80
- url: https://165.22.234.230/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- ip-dst|port: 175.136.232.226|8080
- ip-dst|port: 175.136.232.225|8080
- ip-dst|port: 139.84.144.181|443
- ip-dst|port: 57.128.171.220|443
- ip-dst|port: 146.70.79.19|80
- ip-dst|port: 161.142.78.158|8080
- ip-dst|port: 83.212.96.62|80
- ip-dst|port: 85.209.11.185|2222
- ip-dst|port: 123.60.151.249|6666
- ip-dst|port: 3.131.147.49|12994
- ip-dst|port: 119.91.99.194|8088
- ip-dst|port: 141.98.6.98|8848
- ip-dst|port: 51.75.52.3|8848
- ip-dst|port: 119.91.99.194|8848
- ip-dst|port: 172.94.103.13|8848
- ip-dst|port: 45.138.16.187|9898
- ip-dst|port: 45.138.16.187|8848
- ip-dst|port: 107.189.169.135|8848
- ip-dst|port: 103.147.185.18|1604
- ip-dst|port: 77.91.124.111|8848
- ip-dst|port: 45.81.39.179|8848
- ip-dst|port: 5.181.80.69|8848
- ip-dst|port: 154.53.42.53|8845
- ip-dst|port: 107.175.243.138|8848
- ip-dst|port: 38.181.35.175|8848
- ip-dst|port: 164.92.246.58|9087
- ip-dst|port: 106.14.153.130|8848
- ip-dst|port: 5.161.143.161|8081
- ip-dst|port: 194.169.175.123|8081
- ip-dst|port: 45.135.232.54|8081
- ip-dst|port: 45.74.19.132|8081
- ip-dst|port: 194.169.175.125|8081
- ip-dst|port: 195.85.114.171|8081
- ip-dst|port: 95.214.25.240|8081
- ip-dst|port: 213.252.245.28|8081
- ip-dst|port: 193.56.255.166|8081
- ip-dst|port: 167.235.130.175|8081
- ip-dst|port: 193.31.118.35|8081
- ip-dst|port: 95.214.25.236|8081
- ip-dst|port: 45.11.91.14|8081
- ip-dst|port: 208.64.33.102|8081
- ip-dst|port: 79.137.202.91|8081
- ip-dst|port: 104.21.94.45|443
- ip-dst|port: 172.67.219.160|80
- ip-dst|port: 172.67.172.69|443
ThreatFox IOCs for 2023-10-28
Medium
Published: Sat Oct 28 2023 (10/28/2023, 00:00:00 UTC)
Source: MISP
Description
ThreatFox IOCs for 2023-10-28
AI-Powered Analysis
AILast updated: 07/03/2025, 06:54:54 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-28 via ThreatFox, a platform for sharing threat intelligence. However, the data lacks specific technical details about the nature of the threat, affected systems, attack vectors, or malware involved. The threat type is marked as 'unknown,' and no affected software versions or CWE identifiers are provided. The threat level is indicated as 2 (on an unspecified scale), with minimal analysis (1) and moderate distribution (3). No known exploits are reported in the wild, and no patch links or mitigation details are included. The tags indicate this is OSINT (Open Source Intelligence) data with a TLP (Traffic Light Protocol) white classification, meaning it is public information. The absence of concrete technical indicators or exploit details limits the ability to provide a detailed technical explanation. Essentially, this entry appears to be a placeholder or a general IOC update without actionable threat specifics.
Potential Impact
Due to the lack of detailed information about the threat, its attack vectors, or targeted systems, it is challenging to assess the direct impact on European organizations. The medium severity rating suggests some level of concern, but without concrete exploit data or affected products, the potential impact remains speculative. Generally, IOCs help organizations detect and respond to threats, so the availability of these IOCs could aid European cybersecurity teams in early detection if these indicators correspond to active or emerging threats. However, since no known exploits are reported and no specific vulnerabilities are identified, the immediate risk to confidentiality, integrity, or availability for European entities is likely low to medium at this stage.
Mitigation Recommendations
Given the limited information, practical mitigation steps include integrating these IOCs into existing security monitoring tools such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) systems to enhance detection capabilities. Organizations should maintain up-to-date threat intelligence feeds and ensure their security teams are aware of the new IOCs for correlation with internal logs. Regularly reviewing and tuning detection rules to minimize false positives is advisable. Additionally, maintaining robust general cybersecurity hygiene—such as timely patching of known vulnerabilities, network segmentation, and user awareness training—remains critical. Since no specific vulnerabilities or exploits are identified, no targeted patches or configuration changes can be recommended at this time.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
Indicators of Compromise
Ip dst|port
| Value | Description | Copy |
|---|---|---|
ip-dst|port101.34.83.16|30002 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
ip-dst|port104.238.35.163|8443 | BianLian botnet C2 server (confidence level: 80%) | |
ip-dst|port147.78.47.231|7777 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
ip-dst|port92.116.89.214|443 | Deimos botnet C2 server (confidence level: 50%) | |
ip-dst|port161.189.238.234|443 | Deimos botnet C2 server (confidence level: 50%) | |
ip-dst|port104.238.35.163|80 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port104.238.35.163|8000 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port104.236.210.243|8080 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port45.56.165.27|8000 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port85.13.118.11|443 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port157.230.124.53|443 | Havoc botnet C2 server (confidence level: 50%) | |
ip-dst|port217.165.234.145|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port41.99.8.115|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port80.192.52.128|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port105.102.31.198|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port197.204.20.144|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port78.180.83.241|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port78.19.233.19|2222 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port112.213.101.73|1145 | DCRat botnet C2 server (confidence level: 50%) | |
ip-dst|port113.207.105.235|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port222.88.186.81|23703 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port156.224.22.198|8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
ip-dst|port139.144.31.103|1194 | Pikabot botnet C2 server (confidence level: 50%) | |
ip-dst|port91.109.190.5|7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port62.233.50.25|7443 | Unknown malware botnet C2 server (confidence level: 80%) | |
ip-dst|port45.141.87.124|13 | Mirai botnet C2 server (confidence level: 75%) | |
ip-dst|port93.123.85.12|1791 | Mirai botnet C2 server (confidence level: 75%) | |
ip-dst|port45.142.214.121|2376 | Sliver botnet C2 server (confidence level: 80%) | |
ip-dst|port47.98.158.167|8888 | Unknown malware botnet C2 server (confidence level: 80%) | |
ip-dst|port103.61.0.241|4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port139.224.206.244|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port65.21.101.233|4714 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
ip-dst|port125.141.145.185|443 | Get2 botnet C2 server (confidence level: 80%) | |
ip-dst|port146.0.79.25|11223 | Mekotio botnet C2 server (confidence level: 100%) | |
ip-dst|port109.107.182.211|28913 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port198.37.111.235|15804 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port146.0.79.23|11224 | Mekotio botnet C2 server (confidence level: 100%) | |
ip-dst|port185.222.58.238|55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port194.190.152.148|5871 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port188.121.110.191|53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port41.103.29.232|999 | NjRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port94.131.98.34|443 | BianLian botnet C2 server (confidence level: 80%) | |
ip-dst|port185.81.157.112|6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port91.109.190.5|8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port187.24.69.150|8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port91.208.92.210|1411 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port197.246.196.91|9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port185.81.157.12|6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port141.164.37.178|6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port141.164.37.178|8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port107.148.8.5|4783 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port118.70.46.160|8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port81.161.229.91|6667 | DCRat botnet C2 server (confidence level: 100%) | |
ip-dst|port34.123.6.222|30006 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port108.142.191.239|443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port108.142.191.247|443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port139.224.198.190|8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port141.98.10.132|4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port185.196.9.51|23 | Bashlite botnet C2 server (confidence level: 90%) | |
ip-dst|port46.30.188.150|62222 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port189.250.25.77|2086 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port189.250.25.77|2116 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port189.250.25.77|2125 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port189.250.25.77|2190 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port189.250.25.77|2281 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port189.250.25.77|1756 | DarkComet botnet C2 server (confidence level: 100%) | |
ip-dst|port121.32.27.111|8002 | ShadowPad botnet C2 server (confidence level: 90%) | |
ip-dst|port88.99.46.160|31337 | Sliver botnet C2 server (confidence level: 90%) | |
ip-dst|port8.142.69.99|55443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port162.14.74.124|88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port54.147.120.150|5003 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port54.147.120.150|5004 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port149.88.71.219|81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port43.138.39.212|8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port124.220.42.214|4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port165.22.234.230|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port103.247.29.175|8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port176.9.122.103|8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port156.224.26.49|5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port124.221.174.192|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port38.60.199.202|8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port8.219.251.170|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port8.130.128.97|8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port176.9.122.154|8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port123.57.30.117|22222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port120.46.63.196|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port75.119.142.33|3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
ip-dst|port35.73.40.176|80 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
ip-dst|port46.148.139.144|4444 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port104.238.35.163|5984 | BianLian botnet C2 server (confidence level: 50%) | |
ip-dst|port193.92.178.156|995 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port220.79.237.55|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port197.14.193.226|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port71.104.100.168|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port105.109.175.169|995 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port88.252.226.162|443 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port45.79.174.92|1194 | Pikabot botnet C2 server (confidence level: 50%) | |
ip-dst|port185.106.94.167|5631 | Pikabot botnet C2 server (confidence level: 50%) | |
ip-dst|port45.135.165.166|13172 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port194.26.135.137|80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
ip-dst|port78.153.130.231|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port82.115.223.71|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port94.142.138.170|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port94.142.138.145|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port94.142.138.58|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port89.23.98.188|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port195.123.209.20|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port159.69.95.42|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port46.8.210.75|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port77.73.133.88|5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port83.243.122.151|80 | IcedID botnet C2 server (confidence level: 75%) | |
ip-dst|port80.85.141.108|3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
ip-dst|port38.181.20.78|6000 | Ghost RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port104.243.47.102|8080 | Unknown malware botnet C2 server (confidence level: 80%) | |
ip-dst|port3.234.189.133|443 | Unknown malware botnet C2 server (confidence level: 80%) | |
ip-dst|port199.127.62.181|8080 | Unknown malware botnet C2 server (confidence level: 80%) | |
ip-dst|port95.181.173.181|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port178.236.247.9|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port185.26.239.246|81 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port212.118.52.90|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port8.217.23.144|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port45.150.65.121|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port20.0.25.177|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port178.236.246.39|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port109.107.181.169|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port79.137.207.44|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port78.141.239.24|80 | Medusa botnet C2 server (confidence level: 80%) | |
ip-dst|port175.136.232.226|8080 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port175.136.232.225|8080 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port139.84.144.181|443 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port57.128.171.220|443 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port146.70.79.19|80 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port161.142.78.158|8080 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port83.212.96.62|80 | Havoc botnet C2 server (confidence level: 80%) | |
ip-dst|port85.209.11.185|2222 | QakBot botnet C2 server (confidence level: 50%) | |
ip-dst|port123.60.151.249|6666 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
ip-dst|port3.131.147.49|12994 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port119.91.99.194|8088 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port141.98.6.98|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port51.75.52.3|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port119.91.99.194|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port172.94.103.13|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port45.138.16.187|9898 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port45.138.16.187|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port107.189.169.135|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port103.147.185.18|1604 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port77.91.124.111|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port45.81.39.179|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port5.181.80.69|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port154.53.42.53|8845 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port107.175.243.138|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port38.181.35.175|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port164.92.246.58|9087 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port106.14.153.130|8848 | DCRat botnet C2 server (confidence level: 80%) | |
ip-dst|port5.161.143.161|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port194.169.175.123|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port45.135.232.54|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port45.74.19.132|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port194.169.175.125|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port195.85.114.171|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port95.214.25.240|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port213.252.245.28|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port193.56.255.166|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port167.235.130.175|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port193.31.118.35|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port95.214.25.236|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port45.11.91.14|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port208.64.33.102|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port79.137.202.91|8081 | RisePro botnet C2 server (confidence level: 80%) | |
ip-dst|port104.21.94.45|443 | MintStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port172.67.219.160|80 | MintStealer botnet C2 server (confidence level: 80%) | |
ip-dst|port172.67.172.69|443 | MintStealer botnet C2 server (confidence level: 80%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://175.24.176.154/api/settings | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://175.24.176.154:8443/api/settings | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.75.188.83:3306/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://momalua.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://kusmanin.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://39.108.189.188:1111/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.51.226.216/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.225.74.128:8080/compare/v1.44/vxk7p0gbe8 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.70.45.102:8090/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://89.23.103.35/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.61.0.241/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.234.72.74/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-m2easdvn-1303971391.bj.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.242.51.201/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.61.0.241:8080/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://85.175.101.203/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.40.66.171:85/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://mouseoiet.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://boddyshow.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://elizgerls.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://165.22.234.230/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainsdl.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domaincdm.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domaincfb.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadsh.vizvaz.com | IRATA payload delivery domain (confidence level: 100%) | |
domainrbm.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainservice-m2easdvn-1303971391.bj.apigw.tencentcs.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingamesstartf.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domainnuevo2gameslop.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domainnuevoconceti.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domainrepicdominic.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domain1.jangholi.info | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.buesem2021.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-54-94-98-53.sa-east-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainhavoc.riggcorp.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainen.voiceaipro.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainen.voice-ai.store | Unknown malware payload delivery domain (confidence level: 100%) | |
domainvoice.2005thavenue.com | Unknown malware payload delivery domain (confidence level: 100%) |
Threat ID: 6828eab9e1a0c275ea6e3104
Added to database: 5/17/2025, 7:59:53 PM
Last enriched: 7/3/2025, 6:54:54 AM
Last updated: 8/15/2025, 4:34:53 AM
Views: 21
Related Threats
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.