ThreatFox IOCs for 2023-11-21
Severity: mediumType: malware
ThreatFox IOCs for 2023-11-21
AI Analysis
Technical Summary
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on November 21, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically under the 'osint' product type, indicating that the data primarily consists of open-source intelligence indicators rather than a specific malware family or exploit. The technical details reveal a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination of these IOCs within the cybersecurity community. No specific affected software versions, CWE identifiers, or patch information are provided, and there are no known exploits actively observed in the wild. The absence of concrete technical indicators such as malware hashes, command and control infrastructure, or attack vectors limits the ability to perform a deep technical dissection of the malware itself. Instead, this threat intelligence appears to be a collection or update of IOCs that could be used by security teams to detect or prevent malware infections. The 'tlp:white' tag indicates that the information is intended for unrestricted sharing, facilitating broad dissemination among organizations and security practitioners. Overall, this threat intelligence update serves as a resource for enhancing detection capabilities rather than highlighting a novel or active malware campaign.
Potential Impact
For European organizations, the impact of this threat intelligence update is primarily in the realm of improved situational awareness and detection readiness. Since the data consists of IOCs without direct evidence of active exploitation or specific vulnerabilities, the immediate risk to confidentiality, integrity, or availability is low. However, the distribution rating of 3 suggests that these IOCs may be relevant to ongoing or emerging malware campaigns, and organizations that fail to incorporate this intelligence into their security monitoring could miss early signs of compromise. The lack of known exploits in the wild reduces the urgency but does not eliminate the potential for future attacks leveraging these indicators. European entities operating in sectors with high exposure to malware threats—such as finance, critical infrastructure, and government—should consider this intelligence as part of their broader threat hunting and incident response processes. The open sharing nature (TLP: white) supports collaborative defense efforts across borders, which is crucial given the transnational nature of cyber threats.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) systems, endpoint detection and response (EDR) tools, and network intrusion detection systems (NIDS) to enhance detection capabilities. 2. Conduct proactive threat hunting exercises using these IOCs to identify any latent or ongoing infections within the network. 3. Regularly update threat intelligence feeds and ensure that security teams are trained to interpret and act upon OSINT-derived indicators. 4. Establish automated alerting mechanisms for matches against these IOCs to enable rapid incident response. 5. Collaborate with national and European cybersecurity centers (e.g., ENISA, CERT-EU) to share findings and receive contextual updates related to these IOCs. 6. Since no patches or specific vulnerabilities are indicated, focus on maintaining robust endpoint hygiene, including timely patching of all systems, enforcing least privilege, and ensuring multi-factor authentication to reduce the attack surface. 7. Validate and enrich these IOCs with internal telemetry and other threat intelligence sources to reduce false positives and prioritize response efforts effectively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- file: 4.224.60.120
- hash: 28410
- file: 103.212.81.154
- hash: 6028
- file: 155.94.136.130
- hash: 5200
- file: 173.249.196.201
- hash: 5077
- file: 194.147.140.186
- hash: 5200
- file: 23.227.199.39
- hash: 1976
- file: 45.133.235.148
- hash: 5200
- file: 46.183.223.122
- hash: 29873
- file: 91.193.75.147
- hash: 6789
- domain: 8e3d-wzr.duckdns.org
- domain: avira-antivirus.ydns.eu
- domain: bluemail-fax.home-webserver.de
- domain: centurygift.myq-see.com
- domain: cfr.eur-import.com
- domain: donpapajay.ddns.net
- domain: grace.adds-only.xyz
- domain: info1.dynamic-dns.net
- domain: items.myq-see.com
- domain: jilnsmclein.3utilities.com
- domain: just-fax303.home-webserver.de
- domain: linelink-linesn.com
- domain: love.pure-luck.xyz
- domain: marknagy44565-36386.portmap.host
- domain: members-path.at.ply.gg
- domain: microsoft-update-tool.duckdns.org
- domain: p2.is-by.us
- domain: qgexserver.hopto.org
- domain: sanael-62946.portmap.host
- domain: segun.ddns.net
- domain: soon-lp.at.ply.gg
- domain: suitehvd2.home-webserver.de
- domain: tende.dvrdns.org
- domain: wapt.myhome-server.de
- domain: waswift.ddns.net
- domain: wz-patient001.duckdns.org
- domain: xxxxza.dynamic-dns.net
- file: 109.236.82.82
- hash: 5001
- file: 149.56.240.44
- hash: 2404
- file: 149.56.240.44
- hash: 2405
- file: 149.56.240.44
- hash: 2406
- file: 149.56.240.44
- hash: 2407
- file: 149.56.240.44
- hash: 2408
- file: 149.56.240.44
- hash: 3398
- file: 149.56.240.44
- hash: 9987
- file: 185.29.8.29
- hash: 4039
- file: 2.59.254.160
- hash: 8500
- file: 5.61.55.210
- hash: 8004
- file: 5.61.55.210
- hash: 8006
- file: 80.66.75.86
- hash: 2404
- file: 94.142.138.155
- hash: 2580
- domain: bad.con-ip.com
- domain: bantubusta0816.ddns.net
- domain: cocacabanaclubsdownt.com
- domain: comercio.con-ip.com
- domain: dxxxxza.dynamic-dns.net
- domain: gig24.sytes.net
- domain: idofjodjvodjvojvojfojooiodijnj.con-ip.com
- domain: ima.con-ip.com
- domain: large-sox.gl.at.ply.gg
- domain: menge.duckdns.org
- domain: millon777.con-ip.com
- domain: rem0323.duckdns.org
- domain: sdhisdviudsibdsibedas.con-ip.com
- domain: sdvsiudhvisdhvodshv.con-ip.com
- domain: sembe.duckdns.org
- domain: snackdoom94.hopto.org
- domain: sonia777.con-ip.com
- domain: virtuallogoprepaidmaxspippline.onedumb.com
- url: http://arrogantcatfishef.pw/api
- file: 119.45.181.134
- hash: 80
- file: 20.96.123.147
- hash: 19851
- file: 124.223.38.97
- hash: 443
- file: 147.78.47.231
- hash: 10443
- url: http://77.91.124.101/imagewindows/cdnprotonpipe/9db/providerphp/downloadseternaldle/uploads/pythontrackdump/image/uploads5/temporarymulti/topythonpacketprocessormultitrafficuniversal.php
- file: 204.44.86.49
- hash: 80
- file: 52.198.192.145
- hash: 8090
- file: 156.234.211.226
- hash: 4433
- url: http://danielhamerling.icu/40d570f44e84a454.php
- file: 37.27.22.110
- hash: 31337
- file: 37.27.22.110
- hash: 8888
- file: 5.35.5.136
- hash: 443
- file: 143.198.166.150
- hash: 7443
- file: 185.240.103.195
- hash: 8443
- file: 173.255.196.101
- hash: 443
- file: 185.236.202.153
- hash: 4444
- file: 172.208.90.130
- hash: 80
- file: 40.76.55.180
- hash: 80
- file: 20.93.5.194
- hash: 8089
- file: 78.124.155.37
- hash: 443
- file: 103.156.170.229
- hash: 995
- file: 46.251.130.164
- hash: 443
- file: 45.62.69.55
- hash: 443
- file: 154.246.116.114
- hash: 993
- file: 74.12.146.184
- hash: 2222
- file: 70.121.206.30
- hash: 2078
- file: 197.204.133.11
- hash: 443
- file: 77.49.187.148
- hash: 995
- file: 52.141.25.85
- hash: 8888
- file: 198.13.36.40
- hash: 8888
- file: 101.35.252.249
- hash: 8888
- file: 101.34.209.73
- hash: 8888
- url: http://brodoyouevenlift.co.za/g9sdjscv2/login.php
- file: 148.72.153.115
- hash: 10001
- url: http://185.78.76.13/21b9c0db1dfb4718.php
- file: 104.129.27.19
- hash: 2404
- file: 104.129.27.19
- hash: 6606
- file: 104.129.27.19
- hash: 7707
- file: 104.129.27.19
- hash: 8808
- file: 45.66.230.229
- hash: 8753
- file: 107.172.34.126
- hash: 8888
- file: 188.246.224.221
- hash: 2351
- file: 188.246.224.221
- hash: 8080
- domain: thebestgn.xyz
- url: https://thebestgn.xyz/sezar/web.txt
- url: https://thebestgn.xyz/sezar/log.php
- file: 149.248.4.22
- hash: 80
- file: 8.222.187.235
- hash: 443
- url: https://thebestgn.xyz/arslan/web.txt
- url: https://thebestgn.xyz/arslan/log.php
- url: https://thebestgn.xyz/arslan/
- url: https://imini.site/sober/web.txt
- url: https://imini.site/sober/phone.txt
- url: https://imini.site/sober/
- domain: imini.site
- file: 89.231.229.193
- hash: 54984
- url: http://116.204.98.225:8082/jquery-3.3.1.min.js
- url: https://124.223.38.97/load
- url: https://101.42.172.78/cm
- file: 101.42.172.78
- hash: 443
- url: https://123.249.104.83/match
- file: 123.249.104.83
- hash: 443
- url: https://oak-d5fmc3bzezh2dwhk.z01.azurefd.net/clientwebservice
- domain: oak-d5fmc3bzezh2dwhk.z01.azurefd.net
- file: 147.182.185.27
- hash: 443
- url: https://howtofixit.imnotaturk.network/api/-1001942313538?encrypted=true
- url: https://howtofixit.imnotaturk.network/api/-1001942313538
- url: https://howtofixit.imnotaturk.network/config/-1001942313538
- url: https://howtofixit.imnotaturk.network/config/
- url: https://howtofixit.imnotaturk.network/api/
- url: https://howtofixit.imnotaturk.network/
- domain: howtofixit.imnotaturk.network
- domain: imnotaturk.network
- url: https://fastis.xyz/dars/amoozesh/wa/contact.php?result=ok&action=upload&androidid=
- url: https://fastis.xyz/dars/amoozesh/wa/id.txt
- url: https://fastis.xyz/dars/amoozesh/wa/requests.php
- url: https://fastis.xyz/dars/amoozesh/wa/sms.php?result=ok&action=upload&androidid=
- url: https://fastis.xyz/dars/amoozesh/wa/sms.php
- url: https://fastis.xyz/dars/amoozesh/wa/
- url: https://fastis.xyz/dars/amoozesh
- url: https://fastis.xyz/dars/
- url: https://fastis.xyz/
- domain: fastis.xyz
- url: http://120.78.201.246:7777/dpixel
- url: https://re.remotekimhyunnck.site/test/log.php
- url: https://re.remotekimhyunnck.site/test/web.txt
- url: https://re.remotekimhyunnck.site/test/
- url: https://re.remotekimhyunnck.site/
- domain: re.remotekimhyunnck.site
- domain: remotekimhyunnck.site
- url: https://cands.tel/user/five/fre.php
- url: http://23.225.191.81:9000/jquery-3.3.1.min.js
- file: 8.134.161.181
- hash: 4848
- file: 87.239.108.174
- hash: 7443
- file: 158.247.253.155
- hash: 2225
- file: 139.180.216.25
- hash: 2967
- file: 70.34.209.101
- hash: 13720
- file: 137.220.55.190
- hash: 2223
- url: http://101.42.170.233:8888/visit.js
- url: http://172.245.9.15/j.ad
- url: http://117.72.17.162:8773/questions/32251816/c-sharp-directives-compilation-error
- url: http://52.198.192.145:8090/dpixel
- url: http://113.141.87.112:88/dot.gif
- url: http://140.210.213.211:8080/master22.js
- url: https://103.39.78.153/cm
- url: http://92.63.196.45:82/fwlink
- url: http://43.249.9.208/en_us/all.js
- file: 146.190.41.228
- hash: 443
- url: http://skinnychattyfur.pw/api
- file: 18.188.146.171
- hash: 8083
- file: 3.132.159.158
- hash: 13615
- file: 3.140.223.7
- hash: 13615
- file: 3.141.142.211
- hash: 13615
- file: 3.141.177.1
- hash: 13615
- file: 3.141.210.37
- hash: 13615
- file: 18.189.106.45
- hash: 13615
- domain: update.microsoftus.com
- file: 45.8.145.80
- hash: 53
- domain: tceducn.com
- file: 5.42.66.9
- hash: 80
- domain: shohetrc.com
- domain: atillapro.com
- file: 69.197.161.106
- hash: 80
- file: 185.172.128.19
- hash: 80
- domain: brodoyouevenlift.co.za
- file: 18.235.126.195
- hash: 443
- url: https://185.225.75.207/odvlzdlkmzu1ztri/
- url: https://2jamiryo22113.net/odvlzdlkmzu1ztri/
- url: https://4jamiryo22113.net/odvlzdlkmzu1ztri/
- url: https://3jamiryo22113.net/odvlzdlkmzu1ztri/
- url: https://5jamiryo22113.net/odvlzdlkmzu1ztri/
- url: https://6jamiryo22113.net/odvlzdlkmzu1ztri/
- url: https://7jamiryo22113.net/odvlzdlkmzu1ztri/
- url: https://185.225.75.19/yjrkzje0ntuynzzm/
- url: https://otakikotaik4234234.net/yjrkzje0ntuynzzm/
- url: https://otakikotaik3234234.net/yjrkzje0ntuynzzm/
- url: https://otakikotaik1334534.net/yjrkzje0ntuynzzm/
- url: https://otakikotaik1224634.net/yjrkzje0ntuynzzm/
- url: https://otakikotaik6423234.net/yjrkzje0ntuynzzm/
- url: https://lauytropo.net/mmezntkzzdfkowqz/
- url: https://bobnoopo.org/mmezntkzzdfkowqz/
- url: https://junggvrebvqq.org/mmezntkzzdfkowqz/
- url: https://junggpervbvqqqqqq.com/mmezntkzzdfkowqz/
- url: https://junggvbvqqgroup.com/mmezntkzzdfkowqz/
- url: https://junggvbvqqnetok.com/mmezntkzzdfkowqz/
- url: https://stormslva.net/mwvlmgi1odc4njfj/
- url: https://strmphone.net/mwvlmgi1odc4njfj/
- url: https://macfitt.net/mwvlmgi1odc4njfj/
- url: https://fghdfhdgh33.xyz/ymu2mgq0zwyxodm5/
- url: https://rgsdhsdf31.xyz/ymu2mgq0zwyxodm5/
- url: https://rrqg.xyz/ymu2mgq0zwyxodm5/
- url: https://fhuiooemensb.info/ymu2mgq0zwyxodm5/
- url: https://fhuiooemrrerensb.co/ymu2mgq0zwyxodm5/
- url: https://cotogarden.co/ymu2mgq0zwyxodm5/
- url: https://ecolosolution.net/ymu2mgq0zwyxodm5/
- url: https://peyfi.bio/ymu2mgq0zwyxodm5/
- url: https://nigemgrouapp.site/mwvlmgi1odc4njfj/
- url: https://nigemgrouapp.net/mwvlmgi1odc4njfj/
- url: https://strmbaselib.com/mwvlmgi1odc4njfj/
- url: http://94.156.253.125:48543
- file: 38.147.172.207
- hash: 6666
- file: 123.60.67.177
- hash: 8889
- url: http://213.248.43.54/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
- url: http://213.248.43.54/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms
- url: https://steamcommunity.com/profiles/76561199572358993
- url: https://t.me/bowbrain
- url: https://95.216.176.210/
- url: https://195.201.255.35/
- url: https://128.140.72.50/
- file: 95.216.176.210
- hash: 443
- file: 195.201.255.35
- hash: 443
- file: 128.140.72.50
- hash: 443
- file: 136.50.194.181
- hash: 4782
- file: 136.50.194.181
- hash: 80
- file: 154.9.253.177
- hash: 4782
- file: 163.5.169.28
- hash: 8080
- file: 180.195.205.155
- hash: 4782
- file: 193.161.193.99
- hash: 58530
- file: 194.55.224.24
- hash: 80
- file: 194.55.224.24
- hash: 9030
- file: 195.133.197.3
- hash: 4782
- file: 20.205.140.63
- hash: 1024
- file: 45.32.119.154
- hash: 4782
- file: 45.61.174.20
- hash: 5552
- file: 85.98.162.136
- hash: 80
- file: 87.159.4.210
- hash: 4782
- file: 88.209.197.253
- hash: 4782
- domain: cock.holyshithowmanydomainandproxycanigettorunmyserver.info
- domain: dance-civilization.gl.at.ply.gg
- domain: download.adaklab.ir
- domain: filter-ranked.at.ply.gg
- domain: fragrant-pine-29547.pktriot.net
- domain: goldbolbein.chickenkiller.com
- domain: goldgoblein.sytes.net
- domain: infallible-water-17742.pktriot.net
- domain: laraloveu-44526.portmap.host
- domain: malhost.loca.lt
- domain: mercurial6969-64808.portmap.host
- domain: microsoft-virtualpc.duckdns.org
- domain: okaa0-51499.portmap.host
- domain: opportunity-pillow.gl.at.ply.gg
- domain: points-deep.gl.at.ply.gg
- domain: police-levy.at.ply.gg
- domain: puryx-64788.portmap.host
- domain: quasardeez.ddns.net
- domain: riprealworld-55179.portmap.host
- domain: rooms-kw.gl.at.ply.gg
- domain: rough-night-92806.pktriot.net
- domain: sero.definitivlegit.xyz
- domain: shipperd69.strangled.net
- domain: short-shortly.gl.at.ply.gg
- domain: statics.kozow.com
- domain: drec123-39864.portmap.host
- domain: testrun.ddns.net
- domain: throbbing-mountain-09011.pktriot.net
- domain: topportas.ddns.net
- domain: visoxd-63447.portmap.host
- domain: voicia-net.ddns.net
- domain: treegreeny.org
- url: http://111.230.198.166:8443/push
- url: http://117.50.188.222:1433/cx
- file: 104.250.180.178
- hash: 7061
- file: 147.185.221.17
- hash: 24796
- file: 162.212.154.8
- hash: 41589
- file: 185.183.34.34
- hash: 7000
- file: 185.239.237.162
- hash: 7000
- file: 206.189.20.127
- hash: 6234
- file: 207.32.219.52
- hash: 7771
- file: 216.107.136.195
- hash: 7000
- file: 3.121.139.82
- hash: 18925
- file: 3.121.139.82
- hash: 5240
- file: 3.127.59.75
- hash: 18925
- file: 3.127.59.75
- hash: 5240
- file: 34.130.82.241
- hash: 5010
- file: 46.183.221.28
- hash: 7000
- file: 51.89.38.74
- hash: 33966
- file: 52.28.112.211
- hash: 18925
- file: 52.28.112.211
- hash: 5240
- file: 52.91.10.228
- hash: 7000
- file: 54.90.216.100
- hash: 7000
- file: 65.0.80.77
- hash: 7000
- file: 80.66.87.4
- hash: 7000
- file: 87.172.204.140
- hash: 7000
- file: 93.123.85.35
- hash: 7000
- domain: 2023navidad.duckdns.org
- domain: antilol2113-61842.portmap.host
- domain: around-lite.gl.at.ply.gg
- domain: conditions-monthly.at.ply.gg
- domain: copy-marco.gl.at.ply.gg
- domain: federal-true.gl.at.ply.gg
- domain: fgfdsnvisdnvijnsdvdssdsd.con-ip.com
- domain: frank4893.duckdns.org
- domain: functions-screensavers.gl.at.ply.gg
- domain: gold-peoples.gl.at.ply.gg
- domain: graxe239-61522.portmap.host
- domain: having-nevertheless.gl.at.ply.gg
- domain: house-rooms.gl.at.ply.gg
- domain: if-shuttle.gl.at.ply.gg
- domain: kriz-nas.ddnss.de
- domain: language-partnership.gl.at.ply.gg
- domain: lead-selections.gl.at.ply.gg
- domain: menu-webcam.gl.at.ply.gg
- domain: newpossibility.duckdns.org
- domain: okaa0-25007.portmap.host
- domain: pool-roman.at.ply.gg
- domain: size-bills.at.ply.gg
- domain: soon-lp.at.ply.gg
- domain: traffic-statewide.gl.at.ply.gg
- domain: viiper1337-29699.portmap.host
- domain: windowis11.com
- file: 185.31.111.198
- hash: 25001
- file: 185.157.162.241
- hash: 1302
- file: 176.31.254.229
- hash: 1074
- file: 185.141.63.2
- hash: 1074
- file: 185.141.63.4
- hash: 1074
- file: 185.141.63.84
- hash: 1074
- file: 185.141.63.85
- hash: 1074
- file: 188.165.192.126
- hash: 1074
- file: 188.165.192.18
- hash: 1074
- file: 188.165.195.130
- hash: 1074
- file: 195.154.174.130
- hash: 1074
- file: 195.154.176.206
- hash: 1074
- file: 195.154.176.209
- hash: 1074
- file: 195.154.178.238
- hash: 1074
- file: 195.154.188.211
- hash: 1074
- file: 195.154.235.51
- hash: 1074
- file: 195.154.241.165
- hash: 1074
- file: 195.154.242.37
- hash: 1074
- file: 195.154.243.38
- hash: 1074
- file: 195.154.251.21
- hash: 1074
- file: 195.154.251.99
- hash: 1074
- file: 195.154.252.221
- hash: 1074
- file: 195.154.253.49
- hash: 1074
- file: 37.187.142.187
- hash: 1074
- file: 37.187.143.172
- hash: 1074
- file: 37.187.148.204
- hash: 1074
- file: 62.210.204.131
- hash: 1074
- file: 88.80.145.110
- hash: 1074
- file: 88.80.145.142
- hash: 1074
- file: 88.80.147.200
- hash: 1074
- file: 88.80.147.205
- hash: 1074
- file: 88.80.147.36
- hash: 1074
- file: 88.80.148.33
- hash: 1074
- file: 88.80.148.8
- hash: 1074
- file: 91.121.171.208
- hash: 1074
- file: 91.121.30.185
- hash: 1074
- file: 91.92.111.131
- hash: 1074
- file: 91.92.111.132
- hash: 1074
- file: 91.92.111.133
- hash: 1074
- file: 94.23.58.173
- hash: 1074
- url: http://5.42.64.20/loghub/master
- file: 77.91.124.27
- hash: 20885
- url: http://sempersim.su/b14/fre.php
- url: https://sempersim.su/b14/fre.php
- file: 13.212.172.17
- hash: 443
- file: 13.212.172.17
- hash: 31337
- file: 94.198.50.195
- hash: 6000
- file: 195.2.92.206
- hash: 443
- file: 167.71.38.111
- hash: 443
- file: 5.39.249.226
- hash: 445
- file: 109.72.93.55
- hash: 445
- file: 51.20.80.52
- hash: 445
- file: 46.101.85.199
- hash: 445
- file: 13.36.11.243
- hash: 445
- file: 20.77.132.128
- hash: 445
- file: 154.246.116.114
- hash: 995
- file: 39.40.190.194
- hash: 995
- file: 190.133.143.232
- hash: 995
- file: 70.49.34.218
- hash: 2222
- file: 197.2.10.236
- hash: 443
- file: 117.195.17.160
- hash: 993
- file: 60.49.97.58
- hash: 443
- file: 117.215.23.136
- hash: 993
- file: 95.149.166.38
- hash: 443
- file: 121.209.149.131
- hash: 2222
- file: 152.32.219.243
- hash: 8888
- domain: twlifeuat.sumikuma.tw
- file: 35.77.79.179
- hash: 53
- file: 185.202.175.170
- hash: 2404
- file: 20.68.243.107
- hash: 443
- file: 112.35.98.208
- hash: 8888
- file: 45.61.128.201
- hash: 54984
- url: https://117.72.35.30/pixel.gif
- file: 64.176.5.228
- hash: 13783
- file: 65.20.78.68
- hash: 13721
- file: 64.176.67.194
- hash: 2967
- domain: qoone1sr.top
- url: http://qoone1sr.top/zip.php
- domain: barbecueappledos.pw
- file: 185.172.128.100
- hash: 80
- url: http://xpencildiscussiio.pw/api
- domain: xpencildiscussiio.pw
- url: http://1.94.26.40/dpixel
- domain: revivalsecularas.pw
ThreatFox IOCs for 2023-11-21
Medium
Published: Tue Nov 21 2023 (11/21/2023, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2023-11-21
AI-Powered Analysis
AILast updated: 06/19/2025, 13:33:13 UTC
Technical Analysis
The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on November 21, 2023, by ThreatFox, a platform specializing in sharing threat intelligence data. The threat is categorized as malware-related, specifically under the 'osint' product type, indicating that the data primarily consists of open-source intelligence indicators rather than a specific malware family or exploit. The technical details reveal a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination of these IOCs within the cybersecurity community. No specific affected software versions, CWE identifiers, or patch information are provided, and there are no known exploits actively observed in the wild. The absence of concrete technical indicators such as malware hashes, command and control infrastructure, or attack vectors limits the ability to perform a deep technical dissection of the malware itself. Instead, this threat intelligence appears to be a collection or update of IOCs that could be used by security teams to detect or prevent malware infections. The 'tlp:white' tag indicates that the information is intended for unrestricted sharing, facilitating broad dissemination among organizations and security practitioners. Overall, this threat intelligence update serves as a resource for enhancing detection capabilities rather than highlighting a novel or active malware campaign.
Potential Impact
For European organizations, the impact of this threat intelligence update is primarily in the realm of improved situational awareness and detection readiness. Since the data consists of IOCs without direct evidence of active exploitation or specific vulnerabilities, the immediate risk to confidentiality, integrity, or availability is low. However, the distribution rating of 3 suggests that these IOCs may be relevant to ongoing or emerging malware campaigns, and organizations that fail to incorporate this intelligence into their security monitoring could miss early signs of compromise. The lack of known exploits in the wild reduces the urgency but does not eliminate the potential for future attacks leveraging these indicators. European entities operating in sectors with high exposure to malware threats—such as finance, critical infrastructure, and government—should consider this intelligence as part of their broader threat hunting and incident response processes. The open sharing nature (TLP: white) supports collaborative defense efforts across borders, which is crucial given the transnational nature of cyber threats.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) systems, endpoint detection and response (EDR) tools, and network intrusion detection systems (NIDS) to enhance detection capabilities. 2. Conduct proactive threat hunting exercises using these IOCs to identify any latent or ongoing infections within the network. 3. Regularly update threat intelligence feeds and ensure that security teams are trained to interpret and act upon OSINT-derived indicators. 4. Establish automated alerting mechanisms for matches against these IOCs to enable rapid incident response. 5. Collaborate with national and European cybersecurity centers (e.g., ENISA, CERT-EU) to share findings and receive contextual updates related to these IOCs. 6. Since no patches or specific vulnerabilities are indicated, focus on maintaining robust endpoint hygiene, including timely patching of all systems, enforcing least privilege, and ensuring multi-factor authentication to reduce the attack surface. 7. Validate and enrich these IOCs with internal telemetry and other threat intelligence sources to reduce false positives and prioritize response efforts effectively.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f318aa71-915a-4af9-ad09-f2a00631328a
- Original Timestamp
- 1700611386
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file4.224.60.120 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file103.212.81.154 | Ave Maria botnet C2 server (confidence level: 100%) | |
file155.94.136.130 | Ave Maria botnet C2 server (confidence level: 100%) | |
file173.249.196.201 | Ave Maria botnet C2 server (confidence level: 100%) | |
file194.147.140.186 | Ave Maria botnet C2 server (confidence level: 100%) | |
file23.227.199.39 | Ave Maria botnet C2 server (confidence level: 100%) | |
file45.133.235.148 | Ave Maria botnet C2 server (confidence level: 100%) | |
file46.183.223.122 | Ave Maria botnet C2 server (confidence level: 100%) | |
file91.193.75.147 | Ave Maria botnet C2 server (confidence level: 100%) | |
file109.236.82.82 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file149.56.240.44 | Remcos botnet C2 server (confidence level: 100%) | |
file185.29.8.29 | Remcos botnet C2 server (confidence level: 100%) | |
file2.59.254.160 | Remcos botnet C2 server (confidence level: 100%) | |
file5.61.55.210 | Remcos botnet C2 server (confidence level: 100%) | |
file5.61.55.210 | Remcos botnet C2 server (confidence level: 100%) | |
file80.66.75.86 | Remcos botnet C2 server (confidence level: 100%) | |
file94.142.138.155 | Remcos botnet C2 server (confidence level: 100%) | |
file119.45.181.134 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file20.96.123.147 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file124.223.38.97 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file147.78.47.231 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file204.44.86.49 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file52.198.192.145 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file156.234.211.226 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file37.27.22.110 | Sliver botnet C2 server (confidence level: 50%) | |
file37.27.22.110 | Sliver botnet C2 server (confidence level: 50%) | |
file5.35.5.136 | Sliver botnet C2 server (confidence level: 50%) | |
file143.198.166.150 | Unknown malware botnet C2 server (confidence level: 50%) | |
file185.240.103.195 | BianLian botnet C2 server (confidence level: 50%) | |
file173.255.196.101 | Havoc botnet C2 server (confidence level: 50%) | |
file185.236.202.153 | Havoc botnet C2 server (confidence level: 50%) | |
file172.208.90.130 | Havoc botnet C2 server (confidence level: 50%) | |
file40.76.55.180 | Havoc botnet C2 server (confidence level: 50%) | |
file20.93.5.194 | Havoc botnet C2 server (confidence level: 50%) | |
file78.124.155.37 | QakBot botnet C2 server (confidence level: 50%) | |
file103.156.170.229 | QakBot botnet C2 server (confidence level: 50%) | |
file46.251.130.164 | QakBot botnet C2 server (confidence level: 50%) | |
file45.62.69.55 | QakBot botnet C2 server (confidence level: 50%) | |
file154.246.116.114 | QakBot botnet C2 server (confidence level: 50%) | |
file74.12.146.184 | QakBot botnet C2 server (confidence level: 50%) | |
file70.121.206.30 | QakBot botnet C2 server (confidence level: 50%) | |
file197.204.133.11 | QakBot botnet C2 server (confidence level: 50%) | |
file77.49.187.148 | QakBot botnet C2 server (confidence level: 50%) | |
file52.141.25.85 | Unknown malware botnet C2 server (confidence level: 50%) | |
file198.13.36.40 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.35.252.249 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.34.209.73 | Unknown malware botnet C2 server (confidence level: 50%) | |
file148.72.153.115 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file104.129.27.19 | Remcos botnet C2 server (confidence level: 75%) | |
file104.129.27.19 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file104.129.27.19 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file104.129.27.19 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.66.230.229 | Remcos botnet C2 server (confidence level: 75%) | |
file107.172.34.126 | Unknown malware botnet C2 server (confidence level: 80%) | |
file188.246.224.221 | DarkGate botnet C2 server (confidence level: 100%) | |
file188.246.224.221 | DarkGate botnet C2 server (confidence level: 100%) | |
file149.248.4.22 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file8.222.187.235 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file89.231.229.193 | Nanocore RAT botnet C2 server (confidence level: 80%) | |
file101.42.172.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.249.104.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.182.185.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.161.181 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file87.239.108.174 | Unknown malware botnet C2 server (confidence level: 80%) | |
file158.247.253.155 | Pikabot botnet C2 server (confidence level: 100%) | |
file139.180.216.25 | Pikabot botnet C2 server (confidence level: 100%) | |
file70.34.209.101 | Pikabot botnet C2 server (confidence level: 100%) | |
file137.220.55.190 | Pikabot botnet C2 server (confidence level: 100%) | |
file146.190.41.228 | Havoc botnet C2 server (confidence level: 50%) | |
file18.188.146.171 | Sliver botnet C2 server (confidence level: 80%) | |
file3.132.159.158 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.140.223.7 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.141.142.211 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.141.177.1 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.141.210.37 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.189.106.45 | NjRAT botnet C2 server (confidence level: 100%) | |
file45.8.145.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.42.66.9 | Amadey botnet C2 server (confidence level: 50%) | |
file69.197.161.106 | Amadey botnet C2 server (confidence level: 50%) | |
file185.172.128.19 | Amadey botnet C2 server (confidence level: 50%) | |
file18.235.126.195 | Serpent botnet C2 server (confidence level: 50%) | |
file38.147.172.207 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file123.60.67.177 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file95.216.176.210 | Vidar botnet C2 server (confidence level: 100%) | |
file195.201.255.35 | Vidar botnet C2 server (confidence level: 100%) | |
file128.140.72.50 | Vidar botnet C2 server (confidence level: 100%) | |
file136.50.194.181 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file136.50.194.181 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.9.253.177 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file163.5.169.28 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file180.195.205.155 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file194.55.224.24 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file194.55.224.24 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file195.133.197.3 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file20.205.140.63 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.32.119.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.61.174.20 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file85.98.162.136 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file87.159.4.210 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file88.209.197.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file104.250.180.178 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.17 | XWorm botnet C2 server (confidence level: 100%) | |
file162.212.154.8 | XWorm botnet C2 server (confidence level: 100%) | |
file185.183.34.34 | XWorm botnet C2 server (confidence level: 100%) | |
file185.239.237.162 | XWorm botnet C2 server (confidence level: 100%) | |
file206.189.20.127 | XWorm botnet C2 server (confidence level: 100%) | |
file207.32.219.52 | XWorm botnet C2 server (confidence level: 100%) | |
file216.107.136.195 | XWorm botnet C2 server (confidence level: 100%) | |
file3.121.139.82 | XWorm botnet C2 server (confidence level: 100%) | |
file3.121.139.82 | XWorm botnet C2 server (confidence level: 100%) | |
file3.127.59.75 | XWorm botnet C2 server (confidence level: 100%) | |
file3.127.59.75 | XWorm botnet C2 server (confidence level: 100%) | |
file34.130.82.241 | XWorm botnet C2 server (confidence level: 100%) | |
file46.183.221.28 | XWorm botnet C2 server (confidence level: 100%) | |
file51.89.38.74 | XWorm botnet C2 server (confidence level: 100%) | |
file52.28.112.211 | XWorm botnet C2 server (confidence level: 100%) | |
file52.28.112.211 | XWorm botnet C2 server (confidence level: 100%) | |
file52.91.10.228 | XWorm botnet C2 server (confidence level: 100%) | |
file54.90.216.100 | XWorm botnet C2 server (confidence level: 100%) | |
file65.0.80.77 | XWorm botnet C2 server (confidence level: 100%) | |
file80.66.87.4 | XWorm botnet C2 server (confidence level: 100%) | |
file87.172.204.140 | XWorm botnet C2 server (confidence level: 100%) | |
file93.123.85.35 | XWorm botnet C2 server (confidence level: 100%) | |
file185.31.111.198 | BitRAT botnet C2 server (confidence level: 100%) | |
file185.157.162.241 | BitRAT botnet C2 server (confidence level: 100%) | |
file176.31.254.229 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file185.141.63.2 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file185.141.63.4 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file185.141.63.84 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file185.141.63.85 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file188.165.192.126 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file188.165.192.18 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file188.165.195.130 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.174.130 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.176.206 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.176.209 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.178.238 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.188.211 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.235.51 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.241.165 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.242.37 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.243.38 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.251.21 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.251.99 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.252.221 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file195.154.253.49 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file37.187.142.187 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file37.187.143.172 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file37.187.148.204 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file62.210.204.131 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.145.110 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.145.142 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.147.200 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.147.205 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.147.36 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.148.33 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file88.80.148.8 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file91.121.171.208 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file91.121.30.185 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file91.92.111.131 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file91.92.111.132 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file91.92.111.133 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file94.23.58.173 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
file77.91.124.27 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file13.212.172.17 | Sliver botnet C2 server (confidence level: 50%) | |
file13.212.172.17 | Sliver botnet C2 server (confidence level: 50%) | |
file94.198.50.195 | BianLian botnet C2 server (confidence level: 50%) | |
file195.2.92.206 | BianLian botnet C2 server (confidence level: 50%) | |
file167.71.38.111 | Havoc botnet C2 server (confidence level: 50%) | |
file5.39.249.226 | Responder botnet C2 server (confidence level: 50%) | |
file109.72.93.55 | Responder botnet C2 server (confidence level: 50%) | |
file51.20.80.52 | Responder botnet C2 server (confidence level: 50%) | |
file46.101.85.199 | Responder botnet C2 server (confidence level: 50%) | |
file13.36.11.243 | Responder botnet C2 server (confidence level: 50%) | |
file20.77.132.128 | Responder botnet C2 server (confidence level: 50%) | |
file154.246.116.114 | QakBot botnet C2 server (confidence level: 50%) | |
file39.40.190.194 | QakBot botnet C2 server (confidence level: 50%) | |
file190.133.143.232 | QakBot botnet C2 server (confidence level: 50%) | |
file70.49.34.218 | QakBot botnet C2 server (confidence level: 50%) | |
file197.2.10.236 | QakBot botnet C2 server (confidence level: 50%) | |
file117.195.17.160 | QakBot botnet C2 server (confidence level: 50%) | |
file60.49.97.58 | QakBot botnet C2 server (confidence level: 50%) | |
file117.215.23.136 | QakBot botnet C2 server (confidence level: 50%) | |
file95.149.166.38 | QakBot botnet C2 server (confidence level: 50%) | |
file121.209.149.131 | QakBot botnet C2 server (confidence level: 50%) | |
file152.32.219.243 | Unknown malware botnet C2 server (confidence level: 50%) | |
file35.77.79.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.202.175.170 | Remcos botnet C2 server (confidence level: 75%) | |
file20.68.243.107 | BianLian botnet C2 server (confidence level: 80%) | |
file112.35.98.208 | Unknown malware botnet C2 server (confidence level: 80%) | |
file45.61.128.201 | Nanocore RAT botnet C2 server (confidence level: 80%) | |
file64.176.5.228 | Pikabot botnet C2 server (confidence level: 100%) | |
file65.20.78.68 | Pikabot botnet C2 server (confidence level: 100%) | |
file64.176.67.194 | Pikabot botnet C2 server (confidence level: 100%) | |
file185.172.128.100 | Amadey botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash28410 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash6028 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash5200 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash5077 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash5200 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash1976 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash5200 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash29873 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash6789 | Ave Maria botnet C2 server (confidence level: 100%) | |
hash5001 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash2406 | Remcos botnet C2 server (confidence level: 100%) | |
hash2407 | Remcos botnet C2 server (confidence level: 100%) | |
hash2408 | Remcos botnet C2 server (confidence level: 100%) | |
hash3398 | Remcos botnet C2 server (confidence level: 100%) | |
hash9987 | Remcos botnet C2 server (confidence level: 100%) | |
hash4039 | Remcos botnet C2 server (confidence level: 100%) | |
hash8500 | Remcos botnet C2 server (confidence level: 100%) | |
hash8004 | Remcos botnet C2 server (confidence level: 100%) | |
hash8006 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2580 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash19851 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8443 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash4444 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Havoc botnet C2 server (confidence level: 50%) | |
hash8089 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash2078 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8753 | Remcos botnet C2 server (confidence level: 75%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash2351 | DarkGate botnet C2 server (confidence level: 100%) | |
hash8080 | DarkGate botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4848 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash2225 | Pikabot botnet C2 server (confidence level: 100%) | |
hash2967 | Pikabot botnet C2 server (confidence level: 100%) | |
hash13720 | Pikabot botnet C2 server (confidence level: 100%) | |
hash2223 | Pikabot botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash8083 | Sliver botnet C2 server (confidence level: 80%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 100%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash443 | Serpent botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash8889 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash58530 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9030 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1024 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5552 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7061 | XWorm botnet C2 server (confidence level: 100%) | |
hash24796 | XWorm botnet C2 server (confidence level: 100%) | |
hash41589 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash6234 | XWorm botnet C2 server (confidence level: 100%) | |
hash7771 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash18925 | XWorm botnet C2 server (confidence level: 100%) | |
hash5240 | XWorm botnet C2 server (confidence level: 100%) | |
hash18925 | XWorm botnet C2 server (confidence level: 100%) | |
hash5240 | XWorm botnet C2 server (confidence level: 100%) | |
hash5010 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash33966 | XWorm botnet C2 server (confidence level: 100%) | |
hash18925 | XWorm botnet C2 server (confidence level: 100%) | |
hash5240 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash25001 | BitRAT botnet C2 server (confidence level: 100%) | |
hash1302 | BitRAT botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash1074 | Socks5 Systemz botnet C2 server (confidence level: 100%) | |
hash20885 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash6000 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | BianLian botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash993 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | BianLian botnet C2 server (confidence level: 80%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 80%) | |
hash54984 | Nanocore RAT botnet C2 server (confidence level: 80%) | |
hash13783 | Pikabot botnet C2 server (confidence level: 100%) | |
hash13721 | Pikabot botnet C2 server (confidence level: 100%) | |
hash2967 | Pikabot botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domain8e3d-wzr.duckdns.org | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainavira-antivirus.ydns.eu | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainbluemail-fax.home-webserver.de | Ave Maria botnet C2 domain (confidence level: 100%) | |
domaincenturygift.myq-see.com | Ave Maria botnet C2 domain (confidence level: 100%) | |
domaincfr.eur-import.com | Ave Maria botnet C2 domain (confidence level: 100%) | |
domaindonpapajay.ddns.net | Ave Maria botnet C2 domain (confidence level: 100%) | |
domaingrace.adds-only.xyz | Ave Maria botnet C2 domain (confidence level: 100%) | |
domaininfo1.dynamic-dns.net | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainitems.myq-see.com | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainjilnsmclein.3utilities.com | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainjust-fax303.home-webserver.de | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainlinelink-linesn.com | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainlove.pure-luck.xyz | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainmarknagy44565-36386.portmap.host | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainmembers-path.at.ply.gg | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-update-tool.duckdns.org | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainp2.is-by.us | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainqgexserver.hopto.org | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainsanael-62946.portmap.host | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainsegun.ddns.net | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainsoon-lp.at.ply.gg | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainsuitehvd2.home-webserver.de | Ave Maria botnet C2 domain (confidence level: 100%) | |
domaintende.dvrdns.org | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainwapt.myhome-server.de | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainwaswift.ddns.net | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainwz-patient001.duckdns.org | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainxxxxza.dynamic-dns.net | Ave Maria botnet C2 domain (confidence level: 100%) | |
domainbad.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainbantubusta0816.ddns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domaincocacabanaclubsdownt.com | Remcos botnet C2 domain (confidence level: 50%) | |
domaincomercio.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domaindxxxxza.dynamic-dns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domaingig24.sytes.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainidofjodjvodjvojvojfojooiodijnj.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainima.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainlarge-sox.gl.at.ply.gg | Remcos botnet C2 domain (confidence level: 50%) | |
domainmenge.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainmillon777.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainrem0323.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsdhisdviudsibdsibedas.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainsdvsiudhvisdhvodshv.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainsembe.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsnackdoom94.hopto.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsonia777.con-ip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainvirtuallogoprepaidmaxspippline.onedumb.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainthebestgn.xyz | IRATA botnet C2 domain (confidence level: 100%) | |
domainimini.site | IRATA botnet C2 domain (confidence level: 100%) | |
domainoak-d5fmc3bzezh2dwhk.z01.azurefd.net | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainhowtofixit.imnotaturk.network | IRATA botnet C2 domain (confidence level: 100%) | |
domainimnotaturk.network | IRATA botnet C2 domain (confidence level: 100%) | |
domainfastis.xyz | IRATA botnet C2 domain (confidence level: 100%) | |
domainre.remotekimhyunnck.site | IRATA botnet C2 domain (confidence level: 100%) | |
domainremotekimhyunnck.site | IRATA botnet C2 domain (confidence level: 100%) | |
domainupdate.microsoftus.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaintceducn.com | Amadey botnet C2 domain (confidence level: 50%) | |
domainshohetrc.com | Amadey botnet C2 domain (confidence level: 50%) | |
domainatillapro.com | Amadey botnet C2 domain (confidence level: 50%) | |
domainbrodoyouevenlift.co.za | Amadey botnet C2 domain (confidence level: 50%) | |
domaincock.holyshithowmanydomainandproxycanigettorunmyserver.info | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindance-civilization.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindownload.adaklab.ir | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfilter-ranked.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainfragrant-pine-29547.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingoldbolbein.chickenkiller.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingoldgoblein.sytes.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaininfallible-water-17742.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainlaraloveu-44526.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmalhost.loca.lt | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmercurial6969-64808.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-virtualpc.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainokaa0-51499.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainopportunity-pillow.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpoints-deep.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpolice-levy.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpuryx-64788.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainquasardeez.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainriprealworld-55179.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrooms-kw.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrough-night-92806.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsero.definitivlegit.xyz | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainshipperd69.strangled.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainshort-shortly.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainstatics.kozow.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaindrec123-39864.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintestrun.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainthrobbing-mountain-09011.pktriot.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintopportas.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvisoxd-63447.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvoicia-net.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintreegreeny.org | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domain2023navidad.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainantilol2113-61842.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainaround-lite.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainconditions-monthly.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincopy-marco.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfederal-true.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfgfdsnvisdnvijnsdvdssdsd.con-ip.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainfrank4893.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainfunctions-screensavers.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingold-peoples.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingraxe239-61522.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainhaving-nevertheless.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhouse-rooms.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainif-shuttle.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainkriz-nas.ddnss.de | XWorm botnet C2 domain (confidence level: 100%) | |
domainlanguage-partnership.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlead-selections.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmenu-webcam.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnewpossibility.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainokaa0-25007.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainpool-roman.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsize-bills.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsoon-lp.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintraffic-statewide.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainviiper1337-29699.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainwindowis11.com | XWorm botnet C2 domain (confidence level: 100%) | |
domaintwlifeuat.sumikuma.tw | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainqoone1sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainbarbecueappledos.pw | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainxpencildiscussiio.pw | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrevivalsecularas.pw | Lumma Stealer botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://arrogantcatfishef.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://77.91.124.101/imagewindows/cdnprotonpipe/9db/providerphp/downloadseternaldle/uploads/pythontrackdump/image/uploads5/temporarymulti/topythonpacketprocessormultitrafficuniversal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://danielhamerling.icu/40d570f44e84a454.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://brodoyouevenlift.co.za/g9sdjscv2/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://185.78.76.13/21b9c0db1dfb4718.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://thebestgn.xyz/sezar/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://thebestgn.xyz/sezar/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://thebestgn.xyz/arslan/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://thebestgn.xyz/arslan/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://thebestgn.xyz/arslan/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://imini.site/sober/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://imini.site/sober/phone.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://imini.site/sober/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://116.204.98.225:8082/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://124.223.38.97/load | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://101.42.172.78/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://123.249.104.83/match | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://oak-d5fmc3bzezh2dwhk.z01.azurefd.net/clientwebservice | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://howtofixit.imnotaturk.network/api/-1001942313538?encrypted=true | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://howtofixit.imnotaturk.network/api/-1001942313538 | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://howtofixit.imnotaturk.network/config/-1001942313538 | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://howtofixit.imnotaturk.network/config/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://howtofixit.imnotaturk.network/api/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://howtofixit.imnotaturk.network/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh/wa/contact.php?result=ok&action=upload&androidid= | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh/wa/id.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh/wa/requests.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh/wa/sms.php?result=ok&action=upload&androidid= | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh/wa/sms.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh/wa/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/amoozesh | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/dars/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://fastis.xyz/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttp://120.78.201.246:7777/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://re.remotekimhyunnck.site/test/log.php | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://re.remotekimhyunnck.site/test/web.txt | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://re.remotekimhyunnck.site/test/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://re.remotekimhyunnck.site/ | IRATA botnet C2 (confidence level: 100%) | |
urlhttps://cands.tel/user/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://23.225.191.81:9000/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://101.42.170.233:8888/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://172.245.9.15/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://117.72.17.162:8773/questions/32251816/c-sharp-directives-compilation-error | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://52.198.192.145:8090/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://113.141.87.112:88/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://140.210.213.211:8080/master22.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://103.39.78.153/cm | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://92.63.196.45:82/fwlink | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.249.9.208/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://skinnychattyfur.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://185.225.75.207/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://2jamiryo22113.net/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://4jamiryo22113.net/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://3jamiryo22113.net/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://5jamiryo22113.net/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://6jamiryo22113.net/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://7jamiryo22113.net/odvlzdlkmzu1ztri/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://185.225.75.19/yjrkzje0ntuynzzm/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://otakikotaik4234234.net/yjrkzje0ntuynzzm/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://otakikotaik3234234.net/yjrkzje0ntuynzzm/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://otakikotaik1334534.net/yjrkzje0ntuynzzm/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://otakikotaik1224634.net/yjrkzje0ntuynzzm/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://otakikotaik6423234.net/yjrkzje0ntuynzzm/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://lauytropo.net/mmezntkzzdfkowqz/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://bobnoopo.org/mmezntkzzdfkowqz/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvrebvqq.org/mmezntkzzdfkowqz/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggpervbvqqqqqq.com/mmezntkzzdfkowqz/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvbvqqgroup.com/mmezntkzzdfkowqz/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://junggvbvqqnetok.com/mmezntkzzdfkowqz/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://stormslva.net/mwvlmgi1odc4njfj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://strmphone.net/mwvlmgi1odc4njfj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://macfitt.net/mwvlmgi1odc4njfj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://fghdfhdgh33.xyz/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://rgsdhsdf31.xyz/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://rrqg.xyz/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://fhuiooemensb.info/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://fhuiooemrrerensb.co/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cotogarden.co/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://ecolosolution.net/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://peyfi.bio/ymu2mgq0zwyxodm5/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://nigemgrouapp.site/mwvlmgi1odc4njfj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://nigemgrouapp.net/mwvlmgi1odc4njfj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://strmbaselib.com/mwvlmgi1odc4njfj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://94.156.253.125:48543 | Alien botnet C2 (confidence level: 80%) | |
urlhttp://213.248.43.54/task/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttp://213.248.43.54/loader/screen/owysn2ysn2ysytasowusodysogmsotysnjqsn2ms | RedLine Stealer botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199572358993 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/bowbrain | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.216.176.210/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://195.201.255.35/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://128.140.72.50/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://111.230.198.166:8443/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://117.50.188.222:1433/cx | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.42.64.20/loghub/master | Mystic Stealer botnet C2 (confidence level: 100%) | |
urlhttp://sempersim.su/b14/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://sempersim.su/b14/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://117.72.35.30/pixel.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://qoone1sr.top/zip.php | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://xpencildiscussiio.pw/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://1.94.26.40/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) |
Threat ID: 682c7abae3e6de8ceb748dea
Added to database: 5/20/2025, 12:51:06 PM
Last enriched: 6/19/2025, 1:33:13 PM
Last updated: 8/13/2025, 3:50:50 PM
Views: 18
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.