ThreatFox IOCs for 2023-11-13
ThreatFox IOCs for 2023-11-13
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2023-11-13," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under the "type:osint" tag, indicating that it primarily involves open-source intelligence data or is related to OSINT methodologies. No specific affected product versions or detailed technical indicators are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution but limited detailed analysis. There are no known exploits in the wild linked to this threat at the time of publication (November 13, 2023). The absence of concrete technical details such as malware behavior, infection vectors, or payload specifics limits the ability to perform a deep technical dissection. However, the classification as malware and the presence of IOCs imply that this threat could be used for reconnaissance, initial access, or persistence in targeted environments. The lack of authentication or user interaction requirements is not explicitly stated, but given the OSINT nature, it is plausible that exploitation or infection might rely on social engineering or indirect methods rather than direct system vulnerabilities. Overall, this threat appears to be in an early or informational stage, serving as a repository of IOCs for security teams to monitor and correlate with their telemetry.
Potential Impact
For European organizations, the potential impact of this threat is currently assessed as medium, consistent with the vendor's severity rating. Since no active exploits are known and no specific vulnerabilities are detailed, the immediate risk of compromise is limited. However, the distribution score of 3 indicates that the threat or its indicators are relatively widespread, which could facilitate reconnaissance activities by threat actors targeting European entities. Organizations involved in critical infrastructure, government, finance, or technology sectors may face increased exposure if these IOCs correlate with targeted campaigns. The malware's presence could lead to unauthorized data collection, espionage, or serve as a foothold for further attacks if leveraged by advanced persistent threat (APT) groups. The lack of detailed technical data restricts precise impact forecasting, but the threat's OSINT association suggests it could be part of broader intelligence-gathering or preparatory stages of cyberattacks. Consequently, European organizations should remain vigilant, especially those with high-value assets or strategic importance in the geopolitical landscape.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing detection and response capabilities tailored to OSINT-related malware threats. Specific recommendations include: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable real-time correlation and alerting. 2) Conduct targeted threat hunting exercises using the provided IOCs to identify any latent infections or suspicious activities within the network. 3) Strengthen user awareness programs emphasizing the risks associated with OSINT-based social engineering and phishing tactics, as these may be vectors for initial compromise. 4) Implement network segmentation and strict access controls to limit lateral movement if an infection occurs. 5) Regularly update and patch all systems, even though no specific patches are linked to this threat, to reduce the attack surface. 6) Collaborate with national Computer Emergency Response Teams (CERTs) and share intelligence to stay informed about evolving threat landscapes. These measures go beyond generic advice by focusing on proactive IOC integration, threat hunting, and user-centric defenses aligned with the nature of OSINT-related malware threats.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Finland
Indicators of Compromise
- url: http://grasialoud.pw/api
- url: http://hoodblor.pw/api
- file: 185.221.196.69
- hash: 5127
- url: http://31.192.237.23:80/
- file: 185.222.58.84
- hash: 55615
- file: 82.157.65.5
- hash: 3790
- file: 95.165.148.158
- hash: 7777
- file: 189.250.24.235
- hash: 2087
- file: 189.250.24.235
- hash: 1800
- url: http://quoolser.pw/api
- file: 59.110.239.147
- hash: 14344
- file: 116.203.7.211
- hash: 443
- file: 45.142.214.130
- hash: 9091
- file: 74.48.44.7
- hash: 9443
- url: https://louisianaworkingdogs.com/getimagedata.php
- file: 185.231.154.113
- hash: 50543
- file: 45.86.163.224
- hash: 7559
- file: 54.193.91.232
- hash: 3155
- file: 154.8.142.178
- hash: 443
- file: 64.227.34.214
- hash: 445
- file: 109.153.195.26
- hash: 443
- file: 109.48.28.129
- hash: 2222
- file: 154.247.7.119
- hash: 993
- file: 217.165.233.123
- hash: 443
- file: 176.44.88.234
- hash: 995
- file: 68.224.65.229
- hash: 443
- file: 187.155.147.42
- hash: 443
- file: 141.255.152.88
- hash: 80
- file: 103.143.28.37
- hash: 8888
- file: 103.143.28.35
- hash: 8888
- file: 91.215.85.154
- hash: 60859
- url: http://co99163.tw1.ru/_defaultwindows.php
- file: 157.245.28.175
- hash: 8000
- file: 35.203.88.123
- hash: 2376
- url: http://168.119.173.77:2087/
- file: 168.119.173.77
- hash: 2087
- url: http://157.90.152.131:2083/
- file: 157.90.152.131
- hash: 2083
- file: 3.127.210.141
- hash: 2376
- file: 78.47.204.96
- hash: 443
- domain: jedi.piupiu.top
- file: 79.134.225.6
- hash: 7910
- file: 34.77.140.175
- hash: 2376
- file: 35.203.123.82
- hash: 2376
- url: http://117.72.35.30:4444/pixel.gif
- file: 89.95.64.132
- hash: 1604
- url: https://47.122.10.138/cm
- file: 47.122.10.138
- hash: 443
- domain: download.windowsupdate.mom
- file: 172.245.81.35
- hash: 53
- file: 5.182.87.106
- hash: 33883
- url: http://121.40.243.103:8080/dot.gif
- url: http://47.93.63.179:8888/en_us/all.js
- url: http://192.144.231.110/pixel.gif
- url: http://43.138.30.109:9999/activity
- url: https://157.245.28.175/quit/fk/b4zao0sj2
- file: 139.84.229.159
- hash: 2665
- domain: longlakeweb.com
- file: 45.15.156.13
- hash: 80
- file: 46.1.103.69
- hash: 2341
- file: 91.92.247.217
- hash: 9003
- domain: microsoft.net.linkpc.net
- file: 194.187.251.115
- hash: 62848
- domain: storageapis.gotdns.ch
- file: 217.133.249.35
- hash: 3790
- file: 178.184.248.42
- hash: 1337
- file: 31.156.120.87
- hash: 1604
- file: 180.184.71.135
- hash: 80
- file: 31.220.94.133
- hash: 443
- domain: ec2-35-178-203-77.eu-west-2.compute.amazonaws.com
- file: 45.141.215.5
- hash: 7707
- file: 186.168.71.240
- hash: 8888
- file: 198.12.125.30
- hash: 8191
- file: 85.239.241.136
- hash: 1337
- file: 223.155.16.153
- hash: 23333
- file: 103.143.28.36
- hash: 8888
- file: 154.92.18.45
- hash: 8888
- file: 43.163.240.112
- hash: 8888
- domain: www.chromewebkit.com
- file: 95.216.249.152
- hash: 4449
- file: 65.108.26.147
- hash: 25
- file: 5.255.117.112
- hash: 80
- domain: vps-243c526b.vps.ovh.net
- file: 3.228.58.67
- hash: 443
- file: 49.13.94.153
- hash: 1021
- file: 49.12.119.148
- hash: 443
- file: 116.202.189.41
- hash: 443
- file: 167.235.143.166
- hash: 443
- file: 189.250.24.235
- hash: 2082
- file: 217.12.206.194
- hash: 443
- file: 146.70.157.115
- hash: 8080
- file: 81.68.159.196
- hash: 60000
- file: 124.222.224.57
- hash: 60000
- file: 49.113.72.114
- hash: 60000
- file: 104.225.232.136
- hash: 60000
- domain: ec2-52-204-111-102.compute-1.amazonaws.com
- domain: ns5006633.ip-51-79-230.net
- file: 51.79.230.42
- hash: 80
- file: 8.222.155.61
- hash: 443
- file: 116.204.107.102
- hash: 9090
- file: 123.249.33.8
- hash: 443
- file: 42.194.249.55
- hash: 80
- file: 43.139.69.186
- hash: 8081
- file: 106.75.162.243
- hash: 80
- file: 163.5.169.2
- hash: 80
- file: 92.63.196.46
- hash: 19480
- file: 107.175.245.109
- hash: 2052
- file: 185.196.9.120
- hash: 80
- file: 116.196.106.249
- hash: 801
- file: 54.146.202.241
- hash: 8888
- file: 114.115.180.116
- hash: 443
- file: 45.77.46.211
- hash: 8080
- file: 183.165.34.225
- hash: 10000
- file: 117.72.35.30
- hash: 4444
- file: 144.202.126.62
- hash: 80
- file: 144.202.126.62
- hash: 443
- file: 193.201.9.82
- hash: 80
- file: 180.76.121.68
- hash: 80
- file: 91.92.252.206
- hash: 53
- file: 101.132.242.31
- hash: 5555
- file: 47.92.115.161
- hash: 80
- file: 101.43.49.244
- hash: 808
- file: 47.254.50.141
- hash: 7000
- file: 101.132.192.106
- hash: 60080
- file: 62.234.36.13
- hash: 80
- file: 18.237.81.198
- hash: 443
- file: 52.193.46.239
- hash: 54443
- url: https://bukkub.top/y2u5zjyxzta5zjcw/
- url: https://bobnoopopo.org/y2u5zjyxzta5zjcw/
- url: https://junggvrebvqqpo.org/y2u5zjyxzta5zjcw/
- url: https://junggpervbvqqqqqqpo.com/y2u5zjyxzta5zjcw/
- url: https://junggvbvqqgrouppo.com/y2u5zjyxzta5zjcw/
- url: https://junggvbvqqnetokpo.com/y2u5zjyxzta5zjcw/
- url: https://junggvbvq.top/y2u5zjyxzta5zjcw/
- url: https://junggvbvq5656.top/y2u5zjyxzta5zjcw/
- url: https://jungjunjunggvbvq.top/y2u5zjyxzta5zjcw/
- file: 34.89.20.143
- hash: 2376
- url: http://herioteeakl.pw/api
- domain: dl.tehranuniversity.website
- file: 34.88.134.230
- hash: 2376
- url: http://193.233.132.12/
- file: 23.88.32.230
- hash: 443
- file: 103.27.186.188
- hash: 8443
- file: 178.184.248.42
- hash: 1604
- file: 70.34.223.131
- hash: 5938
- file: 139.180.168.216
- hash: 13786
- file: 70.34.242.159
- hash: 5243
- file: 95.179.214.49
- hash: 5242
- file: 167.179.100.211
- hash: 2221
- file: 193.233.132.12
- hash: 80
- file: 193.233.132.17
- hash: 80
- file: 195.20.16.35
- hash: 80
- file: 31.192.237.23
- hash: 80
- file: 45.15.156.26
- hash: 80
- url: http://193.233.132.17/
- url: http://195.20.16.35/
- url: http://45.15.156.26/
- url: http://193.233.132.12/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll
- url: http://193.233.132.17/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll
- url: http://195.20.16.35/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll
- url: http://31.192.237.23/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll
- url: http://45.15.156.26/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll
- file: 147.50.253.84
- hash: 1177
- file: 52.87.167.149
- hash: 443
- file: 77.78.31.79
- hash: 6000
- file: 47.120.12.203
- hash: 5566
- file: 121.37.45.135
- hash: 443
- file: 149.154.158.34
- hash: 10101
- file: 151.236.22.64
- hash: 4359
- file: 54.93.236.31
- hash: 8000
- file: 68.183.220.190
- hash: 445
- file: 46.240.140.66
- hash: 445
- file: 31.117.136.251
- hash: 2222
- file: 101.108.195.147
- hash: 443
- file: 3.125.188.168
- hash: 11170
- file: 35.157.111.131
- hash: 11170
- file: 3.124.67.191
- hash: 11170
- file: 38.47.106.249
- hash: 80
- domain: cleansoft.fun
- domain: clearcracksoft.fun
- domain: clearcracksoft.xyz
- domain: cleansoft.xyz
- url: http://vittoriogioia.icu/3886d2276f6914c4.php
- file: 47.93.235.106
- hash: 80
- url: http://154.204.56.105:9999/activity
- url: http://43.138.30.109:8888/cm
- url: http://43.138.30.109:7524/load
- domain: donotopenthis.zip
- file: 172.94.8.75
- hash: 2020
- file: 121.5.195.89
- hash: 8888
- file: 199.195.249.117
- hash: 60000
- file: 81.17.22.90
- hash: 60000
- file: 8.130.19.53
- hash: 60000
- file: 206.237.6.229
- hash: 60000
- file: 124.236.56.59
- hash: 37201
- file: 45.77.34.194
- hash: 8443
- file: 92.38.178.83
- hash: 443
- file: 54.249.85.13
- hash: 443
- file: 172.245.118.36
- hash: 8089
- file: 167.114.90.242
- hash: 8088
- file: 193.201.9.82
- hash: 443
- file: 80.66.66.252
- hash: 3790
- url: https://www.domainsec.club/__utm.gif
- domain: www.domainsec.club
- url: https://179.60.150.57/idle/1376547834/1
- url: https://193.57.137.61/idle/1376547834/1
ThreatFox IOCs for 2023-11-13
Description
ThreatFox IOCs for 2023-11-13
AI-Powered Analysis
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2023-11-13," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under the "type:osint" tag, indicating that it primarily involves open-source intelligence data or is related to OSINT methodologies. No specific affected product versions or detailed technical indicators are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is rated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution but limited detailed analysis. There are no known exploits in the wild linked to this threat at the time of publication (November 13, 2023). The absence of concrete technical details such as malware behavior, infection vectors, or payload specifics limits the ability to perform a deep technical dissection. However, the classification as malware and the presence of IOCs imply that this threat could be used for reconnaissance, initial access, or persistence in targeted environments. The lack of authentication or user interaction requirements is not explicitly stated, but given the OSINT nature, it is plausible that exploitation or infection might rely on social engineering or indirect methods rather than direct system vulnerabilities. Overall, this threat appears to be in an early or informational stage, serving as a repository of IOCs for security teams to monitor and correlate with their telemetry.
Potential Impact
For European organizations, the potential impact of this threat is currently assessed as medium, consistent with the vendor's severity rating. Since no active exploits are known and no specific vulnerabilities are detailed, the immediate risk of compromise is limited. However, the distribution score of 3 indicates that the threat or its indicators are relatively widespread, which could facilitate reconnaissance activities by threat actors targeting European entities. Organizations involved in critical infrastructure, government, finance, or technology sectors may face increased exposure if these IOCs correlate with targeted campaigns. The malware's presence could lead to unauthorized data collection, espionage, or serve as a foothold for further attacks if leveraged by advanced persistent threat (APT) groups. The lack of detailed technical data restricts precise impact forecasting, but the threat's OSINT association suggests it could be part of broader intelligence-gathering or preparatory stages of cyberattacks. Consequently, European organizations should remain vigilant, especially those with high-value assets or strategic importance in the geopolitical landscape.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing detection and response capabilities tailored to OSINT-related malware threats. Specific recommendations include: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable real-time correlation and alerting. 2) Conduct targeted threat hunting exercises using the provided IOCs to identify any latent infections or suspicious activities within the network. 3) Strengthen user awareness programs emphasizing the risks associated with OSINT-based social engineering and phishing tactics, as these may be vectors for initial compromise. 4) Implement network segmentation and strict access controls to limit lateral movement if an infection occurs. 5) Regularly update and patch all systems, even though no specific patches are linked to this threat, to reduce the attack surface. 6) Collaborate with national Computer Emergency Response Teams (CERTs) and share intelligence to stay informed about evolving threat landscapes. These measures go beyond generic advice by focusing on proactive IOC integration, threat hunting, and user-centric defenses aligned with the nature of OSINT-related malware threats.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f26f00de-b5f1-4ebd-a973-4e8230a16eba
- Original Timestamp
- 1699920186
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://grasialoud.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://hoodblor.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://31.192.237.23:80/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://quoolser.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://louisianaworkingdogs.com/getimagedata.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://co99163.tw1.ru/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://168.119.173.77:2087/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://157.90.152.131:2083/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://117.72.35.30:4444/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://47.122.10.138/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://121.40.243.103:8080/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.93.63.179:8888/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://192.144.231.110/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.30.109:9999/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://157.245.28.175/quit/fk/b4zao0sj2 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://bukkub.top/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://bobnoopopo.org/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvrebvqqpo.org/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggpervbvqqqqqqpo.com/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvbvqqgrouppo.com/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvbvqqnetokpo.com/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvbvq.top/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvbvq5656.top/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://jungjunjunggvbvq.top/y2u5zjyxzta5zjcw/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://herioteeakl.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://193.233.132.12/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://193.233.132.17/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://195.20.16.35/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://45.15.156.26/ | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://193.233.132.12/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://193.233.132.17/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://195.20.16.35/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://31.192.237.23/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://45.15.156.26/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll | Raccoon botnet C2 (confidence level: 100%) | |
urlhttp://vittoriogioia.icu/3886d2276f6914c4.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://154.204.56.105:9999/activity | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.30.109:8888/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.138.30.109:7524/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://www.domainsec.club/__utm.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://179.60.150.57/idle/1376547834/1 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://193.57.137.61/idle/1376547834/1 | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file185.221.196.69 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file185.222.58.84 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file82.157.65.5 | Meterpreter botnet C2 server (confidence level: 80%) | |
file95.165.148.158 | DarkComet botnet C2 server (confidence level: 80%) | |
file189.250.24.235 | DarkComet botnet C2 server (confidence level: 80%) | |
file189.250.24.235 | DarkComet botnet C2 server (confidence level: 80%) | |
file59.110.239.147 | Remcos botnet C2 server (confidence level: 80%) | |
file116.203.7.211 | Vidar botnet C2 server (confidence level: 80%) | |
file45.142.214.130 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file74.48.44.7 | Sliver botnet C2 server (confidence level: 80%) | |
file185.231.154.113 | Sliver botnet C2 server (confidence level: 50%) | |
file45.86.163.224 | BianLian botnet C2 server (confidence level: 50%) | |
file54.193.91.232 | BianLian botnet C2 server (confidence level: 50%) | |
file154.8.142.178 | Havoc botnet C2 server (confidence level: 50%) | |
file64.227.34.214 | Responder botnet C2 server (confidence level: 50%) | |
file109.153.195.26 | QakBot botnet C2 server (confidence level: 50%) | |
file109.48.28.129 | QakBot botnet C2 server (confidence level: 50%) | |
file154.247.7.119 | QakBot botnet C2 server (confidence level: 50%) | |
file217.165.233.123 | QakBot botnet C2 server (confidence level: 50%) | |
file176.44.88.234 | QakBot botnet C2 server (confidence level: 50%) | |
file68.224.65.229 | QakBot botnet C2 server (confidence level: 50%) | |
file187.155.147.42 | QakBot botnet C2 server (confidence level: 50%) | |
file141.255.152.88 | DCRat botnet C2 server (confidence level: 50%) | |
file103.143.28.37 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.143.28.35 | Unknown malware botnet C2 server (confidence level: 50%) | |
file91.215.85.154 | Pikabot botnet C2 server (confidence level: 50%) | |
file157.245.28.175 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file35.203.88.123 | Sliver botnet C2 server (confidence level: 80%) | |
file168.119.173.77 | Vidar botnet C2 server (confidence level: 100%) | |
file157.90.152.131 | Vidar botnet C2 server (confidence level: 100%) | |
file3.127.210.141 | Sliver botnet C2 server (confidence level: 80%) | |
file78.47.204.96 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file79.134.225.6 | Ave Maria botnet C2 server (confidence level: 100%) | |
file34.77.140.175 | Sliver botnet C2 server (confidence level: 80%) | |
file35.203.123.82 | Sliver botnet C2 server (confidence level: 80%) | |
file89.95.64.132 | DarkComet botnet C2 server (confidence level: 80%) | |
file47.122.10.138 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.81.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.182.87.106 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file139.84.229.159 | Remcos botnet C2 server (confidence level: 100%) | |
file45.15.156.13 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file46.1.103.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.92.247.217 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file194.187.251.115 | Loda botnet C2 server (confidence level: 80%) | |
file217.133.249.35 | Meterpreter botnet C2 server (confidence level: 80%) | |
file178.184.248.42 | DarkComet botnet C2 server (confidence level: 80%) | |
file31.156.120.87 | DarkComet botnet C2 server (confidence level: 80%) | |
file180.184.71.135 | Unknown malware botnet C2 server (confidence level: 80%) | |
file31.220.94.133 | Havoc botnet C2 server (confidence level: 100%) | |
file45.141.215.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file186.168.71.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.12.125.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.239.241.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file223.155.16.153 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file103.143.28.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.92.18.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.163.240.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.216.249.152 | Venom RAT botnet C2 server (confidence level: 100%) | |
file65.108.26.147 | Venom RAT botnet C2 server (confidence level: 100%) | |
file5.255.117.112 | Venom RAT botnet C2 server (confidence level: 100%) | |
file3.228.58.67 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.13.94.153 | Vidar botnet C2 server (confidence level: 100%) | |
file49.12.119.148 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.189.41 | Vidar botnet C2 server (confidence level: 100%) | |
file167.235.143.166 | Vidar botnet C2 server (confidence level: 100%) | |
file189.250.24.235 | DarkComet botnet C2 server (confidence level: 100%) | |
file217.12.206.194 | ShadowPad botnet C2 server (confidence level: 90%) | |
file146.70.157.115 | ShadowPad botnet C2 server (confidence level: 90%) | |
file81.68.159.196 | Viper RAT botnet C2 server (confidence level: 100%) | |
file124.222.224.57 | Viper RAT botnet C2 server (confidence level: 100%) | |
file49.113.72.114 | Viper RAT botnet C2 server (confidence level: 100%) | |
file104.225.232.136 | Viper RAT botnet C2 server (confidence level: 100%) | |
file51.79.230.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.222.155.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.107.102 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.33.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file42.194.249.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.69.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.75.162.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.5.169.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.63.196.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.175.245.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.196.9.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.196.106.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.146.202.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.115.180.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.46.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file183.165.34.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.35.30 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.202.126.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.202.126.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.201.9.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.76.121.68 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.92.252.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.132.242.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.115.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.49.244 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.254.50.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.132.192.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.36.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.237.81.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.193.46.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.89.20.143 | Sliver botnet C2 server (confidence level: 80%) | |
file34.88.134.230 | Sliver botnet C2 server (confidence level: 80%) | |
file23.88.32.230 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file103.27.186.188 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file178.184.248.42 | DarkComet botnet C2 server (confidence level: 80%) | |
file70.34.223.131 | Pikabot botnet C2 server (confidence level: 100%) | |
file139.180.168.216 | Pikabot botnet C2 server (confidence level: 100%) | |
file70.34.242.159 | Pikabot botnet C2 server (confidence level: 100%) | |
file95.179.214.49 | Pikabot botnet C2 server (confidence level: 100%) | |
file167.179.100.211 | Pikabot botnet C2 server (confidence level: 100%) | |
file193.233.132.12 | Raccoon botnet C2 server (confidence level: 100%) | |
file193.233.132.17 | Raccoon botnet C2 server (confidence level: 100%) | |
file195.20.16.35 | Raccoon botnet C2 server (confidence level: 100%) | |
file31.192.237.23 | Raccoon botnet C2 server (confidence level: 100%) | |
file45.15.156.26 | Raccoon botnet C2 server (confidence level: 100%) | |
file147.50.253.84 | NjRAT botnet C2 server (confidence level: 80%) | |
file52.87.167.149 | Havoc botnet C2 server (confidence level: 100%) | |
file77.78.31.79 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file47.120.12.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.45.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.154.158.34 | BianLian botnet C2 server (confidence level: 50%) | |
file151.236.22.64 | BianLian botnet C2 server (confidence level: 50%) | |
file54.93.236.31 | Havoc botnet C2 server (confidence level: 50%) | |
file68.183.220.190 | Responder botnet C2 server (confidence level: 50%) | |
file46.240.140.66 | Responder botnet C2 server (confidence level: 50%) | |
file31.117.136.251 | QakBot botnet C2 server (confidence level: 50%) | |
file101.108.195.147 | QakBot botnet C2 server (confidence level: 50%) | |
file3.125.188.168 | NjRAT botnet C2 server (confidence level: 100%) | |
file35.157.111.131 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.124.67.191 | NjRAT botnet C2 server (confidence level: 100%) | |
file38.47.106.249 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file47.93.235.106 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file172.94.8.75 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file121.5.195.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file199.195.249.117 | Viper RAT botnet C2 server (confidence level: 100%) | |
file81.17.22.90 | Viper RAT botnet C2 server (confidence level: 100%) | |
file8.130.19.53 | Viper RAT botnet C2 server (confidence level: 100%) | |
file206.237.6.229 | Viper RAT botnet C2 server (confidence level: 100%) | |
file124.236.56.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.34.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.38.178.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.249.85.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.245.118.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.114.90.242 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.201.9.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.66.66.252 | Meterpreter botnet C2 server (confidence level: 80%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash5127 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash7777 | DarkComet botnet C2 server (confidence level: 80%) | |
hash2087 | DarkComet botnet C2 server (confidence level: 80%) | |
hash1800 | DarkComet botnet C2 server (confidence level: 80%) | |
hash14344 | Remcos botnet C2 server (confidence level: 80%) | |
hash443 | Vidar botnet C2 server (confidence level: 80%) | |
hash9091 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash9443 | Sliver botnet C2 server (confidence level: 80%) | |
hash50543 | Sliver botnet C2 server (confidence level: 50%) | |
hash7559 | BianLian botnet C2 server (confidence level: 50%) | |
hash3155 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash80 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash60859 | Pikabot botnet C2 server (confidence level: 50%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash2087 | Vidar botnet C2 server (confidence level: 100%) | |
hash2083 | Vidar botnet C2 server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash443 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7910 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash33883 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2665 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash2341 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9003 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash62848 | Loda botnet C2 server (confidence level: 80%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) | |
hash1337 | DarkComet botnet C2 server (confidence level: 80%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 80%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8191 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash25 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1021 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash2082 | DarkComet botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash19480 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2052 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash808 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash54443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash2376 | Sliver botnet C2 server (confidence level: 80%) | |
hash443 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 80%) | |
hash5938 | Pikabot botnet C2 server (confidence level: 100%) | |
hash13786 | Pikabot botnet C2 server (confidence level: 100%) | |
hash5243 | Pikabot botnet C2 server (confidence level: 100%) | |
hash5242 | Pikabot botnet C2 server (confidence level: 100%) | |
hash2221 | Pikabot botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash80 | Raccoon botnet C2 server (confidence level: 100%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 80%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash6000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5566 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10101 | BianLian botnet C2 server (confidence level: 50%) | |
hash4359 | BianLian botnet C2 server (confidence level: 50%) | |
hash8000 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash11170 | NjRAT botnet C2 server (confidence level: 100%) | |
hash11170 | NjRAT botnet C2 server (confidence level: 100%) | |
hash11170 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash2020 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 100%) | |
hash37201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 80%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainjedi.piupiu.top | RedLine Stealer botnet C2 domain (confidence level: 100%) | |
domaindownload.windowsupdate.mom | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainlonglakeweb.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainmicrosoft.net.linkpc.net | Loda botnet C2 domain (confidence level: 80%) | |
domainstorageapis.gotdns.ch | Loda botnet C2 domain (confidence level: 50%) | |
domainec2-35-178-203-77.eu-west-2.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.chromewebkit.com | Venom RAT botnet C2 domain (confidence level: 100%) | |
domainvps-243c526b.vps.ovh.net | Nimplant botnet C2 domain (confidence level: 100%) | |
domainec2-52-204-111-102.compute-1.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainns5006633.ip-51-79-230.net | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaindl.tehranuniversity.website | Meduza Stealer botnet C2 domain (confidence level: 50%) | |
domaincleansoft.fun | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainclearcracksoft.fun | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainclearcracksoft.xyz | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domaincleansoft.xyz | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domaindonotopenthis.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.domainsec.club | Cobalt Strike botnet C2 domain (confidence level: 100%) |
Threat ID: 682c7abbe3e6de8ceb74ce95
Added to database: 5/20/2025, 12:51:07 PM
Last enriched: 6/19/2025, 1:18:09 PM
Last updated: 8/13/2025, 3:46:32 PM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-13
MediumEfimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing
MediumSilent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumCastleLoader Analysis
MediumThe Dark Side of Parental Control Apps
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.