ThreatFox IOCs for 2023-10-28
ThreatFox IOCs for 2023-10-28
AI Analysis
Technical Summary
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-28 by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, no specific affected software versions or products are identified, and no patches or known exploits are currently available. The threat level is indicated as medium (severity: medium, threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis detail (analysis: 1). The absence of concrete technical details such as malware family, attack vectors, or payload specifics limits the depth of technical understanding. The threat appears to be primarily related to the collection and dissemination of network activity data and payload delivery mechanisms, potentially used by threat actors to facilitate further malicious operations. Given the lack of specific indicators or exploit details, this threat likely represents a general awareness or intelligence update rather than an active, targeted campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is intended for public sharing without restrictions, further supporting the notion that this is an intelligence dissemination rather than an immediate critical threat. Overall, this threat represents a medium-level malware-related risk focused on OSINT and network activity, with limited actionable technical details at this time.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of specific exploit details, affected software versions, or active known exploits in the wild. However, the focus on OSINT and network activity suggests potential risks related to reconnaissance and payload delivery phases of cyberattacks. If threat actors leverage these IOCs effectively, organizations could face increased exposure to targeted malware delivery or network intrusions. This could lead to data exfiltration, disruption of services, or compromise of sensitive information. The medium severity indicates that while immediate widespread damage is unlikely, organizations should remain vigilant, especially those with critical infrastructure or high-value data assets. The lack of patches or mitigation guidance implies that defensive measures must rely on detection and response capabilities rather than vulnerability remediation. European entities involved in sectors with high network exposure or those that actively monitor threat intelligence feeds may be more directly impacted, as they could be targeted for follow-up attacks using these IOCs.
Mitigation Recommendations
Given the nature of this threat as an OSINT and network activity-related malware with no specific patches or exploits, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related network activity and payload delivery attempts. 2) Conduct regular network traffic analysis to identify anomalous or suspicious communications that may align with the shared IOCs. 3) Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4) Implement strict network segmentation and least privilege access controls to limit the potential impact of payload delivery. 5) Enhance email and web filtering solutions to reduce the risk of initial payload delivery vectors. 6) Conduct regular security awareness training focusing on recognizing social engineering and phishing attempts that could be used to deliver malware payloads. 7) Establish incident response playbooks that incorporate the analysis of OSINT and network activity indicators to enable rapid containment and remediation. These measures go beyond generic advice by emphasizing the operational integration of OSINT IOCs and proactive network monitoring tailored to the nature of this threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 101.34.83.16
- hash: 30002
- file: 104.238.35.163
- hash: 8443
- url: http://175.24.176.154/api/settings
- file: 147.78.47.231
- hash: 7777
- file: 92.116.89.214
- hash: 443
- file: 161.189.238.234
- hash: 443
- file: 104.238.35.163
- hash: 80
- file: 104.238.35.163
- hash: 8000
- file: 104.236.210.243
- hash: 8080
- file: 45.56.165.27
- hash: 8000
- file: 85.13.118.11
- hash: 443
- file: 157.230.124.53
- hash: 443
- file: 217.165.234.145
- hash: 443
- file: 41.99.8.115
- hash: 443
- file: 80.192.52.128
- hash: 443
- file: 105.102.31.198
- hash: 443
- file: 197.204.20.144
- hash: 443
- file: 78.180.83.241
- hash: 443
- file: 78.19.233.19
- hash: 2222
- file: 112.213.101.73
- hash: 1145
- file: 113.207.105.235
- hash: 8888
- file: 222.88.186.81
- hash: 23703
- file: 156.224.22.198
- hash: 8888
- file: 139.144.31.103
- hash: 1194
- file: 91.109.190.5
- hash: 7707
- file: 62.233.50.25
- hash: 7443
- file: 45.141.87.124
- hash: 13
- file: 93.123.85.12
- hash: 1791
- file: 45.142.214.121
- hash: 2376
- file: 47.98.158.167
- hash: 8888
- url: https://175.24.176.154:8443/api/settings
- url: http://5.75.188.83:3306/
- url: http://momalua.fun/api
- url: http://kusmanin.fun/api
- url: http://39.108.189.188:1111/j.ad
- domain: sdl.faqserv.com
- domain: cdm.faqserv.com
- domain: cfb.faqserv.com
- domain: adsh.vizvaz.com
- domain: rbm.faqserv.com
- url: http://20.51.226.216/_/scs/mail-static/_/js/
- url: http://185.225.74.128:8080/compare/v1.44/vxk7p0gbe8
- url: http://124.70.45.102:8090/j.ad
- url: http://89.23.103.35/cx
- url: http://103.61.0.241/load
- url: http://103.234.72.74/dot.gif
- file: 103.61.0.241
- hash: 4444
- url: http://service-m2easdvn-1303971391.bj.apigw.tencentcs.com/api/getit
- domain: service-m2easdvn-1303971391.bj.apigw.tencentcs.com
- file: 139.224.206.244
- hash: 80
- url: http://47.242.51.201/activity
- url: http://103.61.0.241:8080/en_us/all.js
- file: 65.21.101.233
- hash: 4714
- file: 125.141.145.185
- hash: 443
- url: http://85.175.101.203/activity
- domain: gamesstartf.xyz
- domain: nuevo2gameslop.xyz
- file: 146.0.79.25
- hash: 11223
- url: http://121.40.66.171:85/push
- url: http://mouseoiet.fun/api
- url: http://boddyshow.fun/api
- file: 109.107.182.211
- hash: 28913
- file: 198.37.111.235
- hash: 15804
- file: 146.0.79.23
- hash: 11224
- domain: nuevoconceti.xyz
- domain: repicdominic.xyz
- file: 185.222.58.238
- hash: 55615
- file: 194.190.152.148
- hash: 5871
- domain: 1.jangholi.info
- file: 188.121.110.191
- hash: 53
- file: 41.103.29.232
- hash: 999
- file: 94.131.98.34
- hash: 443
- domain: www.buesem2021.com
- file: 185.81.157.112
- hash: 6606
- file: 91.109.190.5
- hash: 8808
- file: 187.24.69.150
- hash: 8888
- file: 91.208.92.210
- hash: 1411
- file: 197.246.196.91
- hash: 9999
- file: 185.81.157.12
- hash: 6666
- file: 141.164.37.178
- hash: 6606
- file: 141.164.37.178
- hash: 8808
- file: 107.148.8.5
- hash: 4783
- file: 118.70.46.160
- hash: 8080
- file: 81.161.229.91
- hash: 6667
- file: 34.123.6.222
- hash: 30006
- file: 108.142.191.239
- hash: 443
- file: 108.142.191.247
- hash: 443
- file: 139.224.198.190
- hash: 8888
- file: 141.98.10.132
- hash: 4444
- file: 185.196.9.51
- hash: 23
- file: 46.30.188.150
- hash: 62222
- file: 189.250.25.77
- hash: 2086
- file: 189.250.25.77
- hash: 2116
- file: 189.250.25.77
- hash: 2125
- file: 189.250.25.77
- hash: 2190
- file: 189.250.25.77
- hash: 2281
- file: 189.250.25.77
- hash: 1756
- file: 121.32.27.111
- hash: 8002
- file: 88.99.46.160
- hash: 31337
- domain: ec2-54-94-98-53.sa-east-1.compute.amazonaws.com
- domain: havoc.riggcorp.com
- file: 8.142.69.99
- hash: 55443
- file: 162.14.74.124
- hash: 88
- file: 54.147.120.150
- hash: 5003
- file: 54.147.120.150
- hash: 5004
- file: 149.88.71.219
- hash: 81
- file: 43.138.39.212
- hash: 8080
- file: 124.220.42.214
- hash: 4433
- file: 165.22.234.230
- hash: 443
- file: 103.247.29.175
- hash: 8080
- file: 176.9.122.103
- hash: 8080
- file: 156.224.26.49
- hash: 5555
- file: 124.221.174.192
- hash: 80
- file: 38.60.199.202
- hash: 8443
- file: 8.219.251.170
- hash: 80
- file: 8.130.128.97
- hash: 8081
- file: 176.9.122.154
- hash: 8080
- file: 123.57.30.117
- hash: 22222
- file: 120.46.63.196
- hash: 443
- domain: en.voiceaipro.com
- domain: en.voice-ai.store
- domain: voice.2005thavenue.com
- url: http://elizgerls.pw/api
- file: 75.119.142.33
- hash: 3790
- file: 35.73.40.176
- hash: 80
- file: 46.148.139.144
- hash: 4444
- file: 104.238.35.163
- hash: 5984
- file: 193.92.178.156
- hash: 995
- file: 220.79.237.55
- hash: 443
- file: 197.14.193.226
- hash: 443
- file: 71.104.100.168
- hash: 443
- file: 105.109.175.169
- hash: 995
- file: 88.252.226.162
- hash: 443
- file: 45.79.174.92
- hash: 1194
- file: 185.106.94.167
- hash: 5631
- file: 45.135.165.166
- hash: 13172
- file: 194.26.135.137
- hash: 80
- file: 78.153.130.231
- hash: 5000
- file: 82.115.223.71
- hash: 5000
- file: 94.142.138.170
- hash: 5000
- file: 94.142.138.145
- hash: 5000
- file: 94.142.138.58
- hash: 5000
- file: 89.23.98.188
- hash: 5000
- file: 195.123.209.20
- hash: 5000
- file: 159.69.95.42
- hash: 5000
- file: 46.8.210.75
- hash: 5000
- file: 77.73.133.88
- hash: 5000
- file: 83.243.122.151
- hash: 80
- file: 80.85.141.108
- hash: 3790
- file: 38.181.20.78
- hash: 6000
- file: 104.243.47.102
- hash: 8080
- file: 3.234.189.133
- hash: 443
- file: 199.127.62.181
- hash: 8080
- file: 95.181.173.181
- hash: 80
- file: 178.236.247.9
- hash: 80
- file: 185.26.239.246
- hash: 81
- file: 212.118.52.90
- hash: 80
- file: 8.217.23.144
- hash: 80
- file: 45.150.65.121
- hash: 80
- file: 20.0.25.177
- hash: 80
- file: 178.236.246.39
- hash: 80
- file: 109.107.181.169
- hash: 80
- file: 79.137.207.44
- hash: 80
- file: 78.141.239.24
- hash: 80
- url: https://165.22.234.230/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- file: 175.136.232.226
- hash: 8080
- file: 175.136.232.225
- hash: 8080
- file: 139.84.144.181
- hash: 443
- file: 57.128.171.220
- hash: 443
- file: 146.70.79.19
- hash: 80
- file: 161.142.78.158
- hash: 8080
- file: 83.212.96.62
- hash: 80
- file: 85.209.11.185
- hash: 2222
- file: 123.60.151.249
- hash: 6666
- file: 3.131.147.49
- hash: 12994
- file: 119.91.99.194
- hash: 8088
- file: 141.98.6.98
- hash: 8848
- file: 51.75.52.3
- hash: 8848
- file: 119.91.99.194
- hash: 8848
- file: 172.94.103.13
- hash: 8848
- file: 45.138.16.187
- hash: 9898
- file: 45.138.16.187
- hash: 8848
- file: 107.189.169.135
- hash: 8848
- file: 103.147.185.18
- hash: 1604
- file: 77.91.124.111
- hash: 8848
- file: 45.81.39.179
- hash: 8848
- file: 5.181.80.69
- hash: 8848
- file: 154.53.42.53
- hash: 8845
- file: 107.175.243.138
- hash: 8848
- file: 38.181.35.175
- hash: 8848
- file: 164.92.246.58
- hash: 9087
- file: 106.14.153.130
- hash: 8848
- file: 5.161.143.161
- hash: 8081
- file: 194.169.175.123
- hash: 8081
- file: 45.135.232.54
- hash: 8081
- file: 45.74.19.132
- hash: 8081
- file: 194.169.175.125
- hash: 8081
- file: 195.85.114.171
- hash: 8081
- file: 95.214.25.240
- hash: 8081
- file: 213.252.245.28
- hash: 8081
- file: 193.56.255.166
- hash: 8081
- file: 167.235.130.175
- hash: 8081
- file: 193.31.118.35
- hash: 8081
- file: 95.214.25.236
- hash: 8081
- file: 45.11.91.14
- hash: 8081
- file: 208.64.33.102
- hash: 8081
- file: 79.137.202.91
- hash: 8081
- file: 104.21.94.45
- hash: 443
- file: 172.67.219.160
- hash: 80
- file: 172.67.172.69
- hash: 443
ThreatFox IOCs for 2023-10-28
Description
ThreatFox IOCs for 2023-10-28
AI-Powered Analysis
Technical Analysis
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on 2023-10-28 by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, no specific affected software versions or products are identified, and no patches or known exploits are currently available. The threat level is indicated as medium (severity: medium, threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis detail (analysis: 1). The absence of concrete technical details such as malware family, attack vectors, or payload specifics limits the depth of technical understanding. The threat appears to be primarily related to the collection and dissemination of network activity data and payload delivery mechanisms, potentially used by threat actors to facilitate further malicious operations. Given the lack of specific indicators or exploit details, this threat likely represents a general awareness or intelligence update rather than an active, targeted campaign. The TLP (Traffic Light Protocol) classification as white indicates that the information is intended for public sharing without restrictions, further supporting the notion that this is an intelligence dissemination rather than an immediate critical threat. Overall, this threat represents a medium-level malware-related risk focused on OSINT and network activity, with limited actionable technical details at this time.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of specific exploit details, affected software versions, or active known exploits in the wild. However, the focus on OSINT and network activity suggests potential risks related to reconnaissance and payload delivery phases of cyberattacks. If threat actors leverage these IOCs effectively, organizations could face increased exposure to targeted malware delivery or network intrusions. This could lead to data exfiltration, disruption of services, or compromise of sensitive information. The medium severity indicates that while immediate widespread damage is unlikely, organizations should remain vigilant, especially those with critical infrastructure or high-value data assets. The lack of patches or mitigation guidance implies that defensive measures must rely on detection and response capabilities rather than vulnerability remediation. European entities involved in sectors with high network exposure or those that actively monitor threat intelligence feeds may be more directly impacted, as they could be targeted for follow-up attacks using these IOCs.
Mitigation Recommendations
Given the nature of this threat as an OSINT and network activity-related malware with no specific patches or exploits, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related network activity and payload delivery attempts. 2) Conduct regular network traffic analysis to identify anomalous or suspicious communications that may align with the shared IOCs. 3) Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4) Implement strict network segmentation and least privilege access controls to limit the potential impact of payload delivery. 5) Enhance email and web filtering solutions to reduce the risk of initial payload delivery vectors. 6) Conduct regular security awareness training focusing on recognizing social engineering and phishing attempts that could be used to deliver malware payloads. 7) Establish incident response playbooks that incorporate the analysis of OSINT and network activity indicators to enable rapid containment and remediation. These measures go beyond generic advice by emphasizing the operational integration of OSINT IOCs and proactive network monitoring tailored to the nature of this threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- ff57758a-42ab-41a8-acef-ad1f4de32d3c
- Original Timestamp
- 1698537786
Indicators of Compromise
File
Value | Description | Copy |
---|---|---|
file101.34.83.16 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file104.238.35.163 | BianLian botnet C2 server (confidence level: 80%) | |
file147.78.47.231 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file92.116.89.214 | Deimos botnet C2 server (confidence level: 50%) | |
file161.189.238.234 | Deimos botnet C2 server (confidence level: 50%) | |
file104.238.35.163 | BianLian botnet C2 server (confidence level: 50%) | |
file104.238.35.163 | BianLian botnet C2 server (confidence level: 50%) | |
file104.236.210.243 | BianLian botnet C2 server (confidence level: 50%) | |
file45.56.165.27 | BianLian botnet C2 server (confidence level: 50%) | |
file85.13.118.11 | BianLian botnet C2 server (confidence level: 50%) | |
file157.230.124.53 | Havoc botnet C2 server (confidence level: 50%) | |
file217.165.234.145 | QakBot botnet C2 server (confidence level: 50%) | |
file41.99.8.115 | QakBot botnet C2 server (confidence level: 50%) | |
file80.192.52.128 | QakBot botnet C2 server (confidence level: 50%) | |
file105.102.31.198 | QakBot botnet C2 server (confidence level: 50%) | |
file197.204.20.144 | QakBot botnet C2 server (confidence level: 50%) | |
file78.180.83.241 | QakBot botnet C2 server (confidence level: 50%) | |
file78.19.233.19 | QakBot botnet C2 server (confidence level: 50%) | |
file112.213.101.73 | DCRat botnet C2 server (confidence level: 50%) | |
file113.207.105.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file222.88.186.81 | Unknown malware botnet C2 server (confidence level: 50%) | |
file156.224.22.198 | Unknown malware botnet C2 server (confidence level: 50%) | |
file139.144.31.103 | Pikabot botnet C2 server (confidence level: 50%) | |
file91.109.190.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.233.50.25 | Unknown malware botnet C2 server (confidence level: 80%) | |
file45.141.87.124 | Mirai botnet C2 server (confidence level: 75%) | |
file93.123.85.12 | Mirai botnet C2 server (confidence level: 75%) | |
file45.142.214.121 | Sliver botnet C2 server (confidence level: 80%) | |
file47.98.158.167 | Unknown malware botnet C2 server (confidence level: 80%) | |
file103.61.0.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.224.206.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file65.21.101.233 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file125.141.145.185 | Get2 botnet C2 server (confidence level: 80%) | |
file146.0.79.25 | Mekotio botnet C2 server (confidence level: 100%) | |
file109.107.182.211 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file198.37.111.235 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file146.0.79.23 | Mekotio botnet C2 server (confidence level: 100%) | |
file185.222.58.238 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.190.152.148 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file188.121.110.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file41.103.29.232 | NjRAT botnet C2 server (confidence level: 100%) | |
file94.131.98.34 | BianLian botnet C2 server (confidence level: 80%) | |
file185.81.157.112 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.109.190.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file187.24.69.150 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.208.92.210 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file197.246.196.91 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.81.157.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.164.37.178 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.164.37.178 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file107.148.8.5 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file118.70.46.160 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file81.161.229.91 | DCRat botnet C2 server (confidence level: 100%) | |
file34.123.6.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.142.191.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.142.191.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.224.198.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file141.98.10.132 | Venom RAT botnet C2 server (confidence level: 100%) | |
file185.196.9.51 | Bashlite botnet C2 server (confidence level: 90%) | |
file46.30.188.150 | DarkComet botnet C2 server (confidence level: 100%) | |
file189.250.25.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file189.250.25.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file189.250.25.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file189.250.25.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file189.250.25.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file189.250.25.77 | DarkComet botnet C2 server (confidence level: 100%) | |
file121.32.27.111 | ShadowPad botnet C2 server (confidence level: 90%) | |
file88.99.46.160 | Sliver botnet C2 server (confidence level: 90%) | |
file8.142.69.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.14.74.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.147.120.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.147.120.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.88.71.219 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.138.39.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.42.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file165.22.234.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.247.29.175 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.9.122.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.224.26.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.174.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.60.199.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.219.251.170 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.128.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.9.122.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.57.30.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.46.63.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file75.119.142.33 | Meterpreter botnet C2 server (confidence level: 80%) | |
file35.73.40.176 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file46.148.139.144 | BianLian botnet C2 server (confidence level: 50%) | |
file104.238.35.163 | BianLian botnet C2 server (confidence level: 50%) | |
file193.92.178.156 | QakBot botnet C2 server (confidence level: 50%) | |
file220.79.237.55 | QakBot botnet C2 server (confidence level: 50%) | |
file197.14.193.226 | QakBot botnet C2 server (confidence level: 50%) | |
file71.104.100.168 | QakBot botnet C2 server (confidence level: 50%) | |
file105.109.175.169 | QakBot botnet C2 server (confidence level: 50%) | |
file88.252.226.162 | QakBot botnet C2 server (confidence level: 50%) | |
file45.79.174.92 | Pikabot botnet C2 server (confidence level: 50%) | |
file185.106.94.167 | Pikabot botnet C2 server (confidence level: 50%) | |
file45.135.165.166 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.26.135.137 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file78.153.130.231 | TitanStealer botnet C2 server (confidence level: 80%) | |
file82.115.223.71 | TitanStealer botnet C2 server (confidence level: 80%) | |
file94.142.138.170 | TitanStealer botnet C2 server (confidence level: 80%) | |
file94.142.138.145 | TitanStealer botnet C2 server (confidence level: 80%) | |
file94.142.138.58 | TitanStealer botnet C2 server (confidence level: 80%) | |
file89.23.98.188 | TitanStealer botnet C2 server (confidence level: 80%) | |
file195.123.209.20 | TitanStealer botnet C2 server (confidence level: 80%) | |
file159.69.95.42 | TitanStealer botnet C2 server (confidence level: 80%) | |
file46.8.210.75 | TitanStealer botnet C2 server (confidence level: 80%) | |
file77.73.133.88 | TitanStealer botnet C2 server (confidence level: 80%) | |
file83.243.122.151 | IcedID botnet C2 server (confidence level: 75%) | |
file80.85.141.108 | Meterpreter botnet C2 server (confidence level: 80%) | |
file38.181.20.78 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file104.243.47.102 | Unknown malware botnet C2 server (confidence level: 80%) | |
file3.234.189.133 | Unknown malware botnet C2 server (confidence level: 80%) | |
file199.127.62.181 | Unknown malware botnet C2 server (confidence level: 80%) | |
file95.181.173.181 | Medusa botnet C2 server (confidence level: 80%) | |
file178.236.247.9 | Medusa botnet C2 server (confidence level: 80%) | |
file185.26.239.246 | Medusa botnet C2 server (confidence level: 80%) | |
file212.118.52.90 | Medusa botnet C2 server (confidence level: 80%) | |
file8.217.23.144 | Medusa botnet C2 server (confidence level: 80%) | |
file45.150.65.121 | Medusa botnet C2 server (confidence level: 80%) | |
file20.0.25.177 | Medusa botnet C2 server (confidence level: 80%) | |
file178.236.246.39 | Medusa botnet C2 server (confidence level: 80%) | |
file109.107.181.169 | Medusa botnet C2 server (confidence level: 80%) | |
file79.137.207.44 | Medusa botnet C2 server (confidence level: 80%) | |
file78.141.239.24 | Medusa botnet C2 server (confidence level: 80%) | |
file175.136.232.226 | Havoc botnet C2 server (confidence level: 80%) | |
file175.136.232.225 | Havoc botnet C2 server (confidence level: 80%) | |
file139.84.144.181 | Havoc botnet C2 server (confidence level: 80%) | |
file57.128.171.220 | Havoc botnet C2 server (confidence level: 80%) | |
file146.70.79.19 | Havoc botnet C2 server (confidence level: 80%) | |
file161.142.78.158 | Havoc botnet C2 server (confidence level: 80%) | |
file83.212.96.62 | Havoc botnet C2 server (confidence level: 80%) | |
file85.209.11.185 | QakBot botnet C2 server (confidence level: 50%) | |
file123.60.151.249 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file3.131.147.49 | DCRat botnet C2 server (confidence level: 80%) | |
file119.91.99.194 | DCRat botnet C2 server (confidence level: 80%) | |
file141.98.6.98 | DCRat botnet C2 server (confidence level: 80%) | |
file51.75.52.3 | DCRat botnet C2 server (confidence level: 80%) | |
file119.91.99.194 | DCRat botnet C2 server (confidence level: 80%) | |
file172.94.103.13 | DCRat botnet C2 server (confidence level: 80%) | |
file45.138.16.187 | DCRat botnet C2 server (confidence level: 80%) | |
file45.138.16.187 | DCRat botnet C2 server (confidence level: 80%) | |
file107.189.169.135 | DCRat botnet C2 server (confidence level: 80%) | |
file103.147.185.18 | DCRat botnet C2 server (confidence level: 80%) | |
file77.91.124.111 | DCRat botnet C2 server (confidence level: 80%) | |
file45.81.39.179 | DCRat botnet C2 server (confidence level: 80%) | |
file5.181.80.69 | DCRat botnet C2 server (confidence level: 80%) | |
file154.53.42.53 | DCRat botnet C2 server (confidence level: 80%) | |
file107.175.243.138 | DCRat botnet C2 server (confidence level: 80%) | |
file38.181.35.175 | DCRat botnet C2 server (confidence level: 80%) | |
file164.92.246.58 | DCRat botnet C2 server (confidence level: 80%) | |
file106.14.153.130 | DCRat botnet C2 server (confidence level: 80%) | |
file5.161.143.161 | RisePro botnet C2 server (confidence level: 80%) | |
file194.169.175.123 | RisePro botnet C2 server (confidence level: 80%) | |
file45.135.232.54 | RisePro botnet C2 server (confidence level: 80%) | |
file45.74.19.132 | RisePro botnet C2 server (confidence level: 80%) | |
file194.169.175.125 | RisePro botnet C2 server (confidence level: 80%) | |
file195.85.114.171 | RisePro botnet C2 server (confidence level: 80%) | |
file95.214.25.240 | RisePro botnet C2 server (confidence level: 80%) | |
file213.252.245.28 | RisePro botnet C2 server (confidence level: 80%) | |
file193.56.255.166 | RisePro botnet C2 server (confidence level: 80%) | |
file167.235.130.175 | RisePro botnet C2 server (confidence level: 80%) | |
file193.31.118.35 | RisePro botnet C2 server (confidence level: 80%) | |
file95.214.25.236 | RisePro botnet C2 server (confidence level: 80%) | |
file45.11.91.14 | RisePro botnet C2 server (confidence level: 80%) | |
file208.64.33.102 | RisePro botnet C2 server (confidence level: 80%) | |
file79.137.202.91 | RisePro botnet C2 server (confidence level: 80%) | |
file104.21.94.45 | MintStealer botnet C2 server (confidence level: 80%) | |
file172.67.219.160 | MintStealer botnet C2 server (confidence level: 80%) | |
file172.67.172.69 | MintStealer botnet C2 server (confidence level: 80%) |
Hash
Value | Description | Copy |
---|---|---|
hash30002 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8443 | BianLian botnet C2 server (confidence level: 80%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Deimos botnet C2 server (confidence level: 50%) | |
hash443 | Deimos botnet C2 server (confidence level: 50%) | |
hash80 | BianLian botnet C2 server (confidence level: 50%) | |
hash8000 | BianLian botnet C2 server (confidence level: 50%) | |
hash8080 | BianLian botnet C2 server (confidence level: 50%) | |
hash8000 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash1145 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash23703 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1194 | Pikabot botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash13 | Mirai botnet C2 server (confidence level: 75%) | |
hash1791 | Mirai botnet C2 server (confidence level: 75%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4714 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Get2 botnet C2 server (confidence level: 80%) | |
hash11223 | Mekotio botnet C2 server (confidence level: 100%) | |
hash28913 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash15804 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash11224 | Mekotio botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5871 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash999 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 80%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1411 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4783 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6667 | DCRat botnet C2 server (confidence level: 100%) | |
hash30006 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 90%) | |
hash62222 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2086 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2116 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2125 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2190 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2281 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1756 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8002 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash55443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5003 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5004 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash22222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash4444 | BianLian botnet C2 server (confidence level: 50%) | |
hash5984 | BianLian botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash1194 | Pikabot botnet C2 server (confidence level: 50%) | |
hash5631 | Pikabot botnet C2 server (confidence level: 50%) | |
hash13172 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash5000 | TitanStealer botnet C2 server (confidence level: 80%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash6000 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash81 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash80 | Medusa botnet C2 server (confidence level: 80%) | |
hash8080 | Havoc botnet C2 server (confidence level: 80%) | |
hash8080 | Havoc botnet C2 server (confidence level: 80%) | |
hash443 | Havoc botnet C2 server (confidence level: 80%) | |
hash443 | Havoc botnet C2 server (confidence level: 80%) | |
hash80 | Havoc botnet C2 server (confidence level: 80%) | |
hash8080 | Havoc botnet C2 server (confidence level: 80%) | |
hash80 | Havoc botnet C2 server (confidence level: 80%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash12994 | DCRat botnet C2 server (confidence level: 80%) | |
hash8088 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash9898 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash1604 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8845 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash9087 | DCRat botnet C2 server (confidence level: 80%) | |
hash8848 | DCRat botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash8081 | RisePro botnet C2 server (confidence level: 80%) | |
hash443 | MintStealer botnet C2 server (confidence level: 80%) | |
hash80 | MintStealer botnet C2 server (confidence level: 80%) | |
hash443 | MintStealer botnet C2 server (confidence level: 80%) |
Url
Value | Description | Copy |
---|---|---|
urlhttp://175.24.176.154/api/settings | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://175.24.176.154:8443/api/settings | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.75.188.83:3306/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://momalua.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://kusmanin.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://39.108.189.188:1111/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://20.51.226.216/_/scs/mail-static/_/js/ | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://185.225.74.128:8080/compare/v1.44/vxk7p0gbe8 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://124.70.45.102:8090/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://89.23.103.35/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.61.0.241/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.234.72.74/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-m2easdvn-1303971391.bj.apigw.tencentcs.com/api/getit | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.242.51.201/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://103.61.0.241:8080/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://85.175.101.203/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.40.66.171:85/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://mouseoiet.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://boddyshow.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://elizgerls.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://165.22.234.230/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books | Cobalt Strike botnet C2 (confidence level: 100%) |
Domain
Value | Description | Copy |
---|---|---|
domainsdl.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domaincdm.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domaincfb.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainadsh.vizvaz.com | IRATA payload delivery domain (confidence level: 100%) | |
domainrbm.faqserv.com | IRATA payload delivery domain (confidence level: 100%) | |
domainservice-m2easdvn-1303971391.bj.apigw.tencentcs.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingamesstartf.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domainnuevo2gameslop.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domainnuevoconceti.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domainrepicdominic.xyz | Mekotio botnet C2 domain (confidence level: 100%) | |
domain1.jangholi.info | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwww.buesem2021.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-54-94-98-53.sa-east-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainhavoc.riggcorp.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainen.voiceaipro.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainen.voice-ai.store | Unknown malware payload delivery domain (confidence level: 100%) | |
domainvoice.2005thavenue.com | Unknown malware payload delivery domain (confidence level: 100%) |
Threat ID: 682acdc2bbaf20d303f18491
Added to database: 5/19/2025, 6:20:50 AM
Last enriched: 6/18/2025, 9:20:59 AM
Last updated: 8/17/2025, 3:46:54 PM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-18
MediumFake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumPhishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.