ThreatFox IOCs for 2024-01-03
Severity: mediumType: malware
ThreatFox IOCs for 2024-01-03
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-01-03," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) relevant to malware threats as of January 3, 2024. However, the data lacks specific technical details such as affected software versions, detailed malware behavior, attack vectors, or exploitation methods. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild associated with this report, and no patch information is provided. The absence of CWEs (Common Weakness Enumerations) and detailed technical analysis suggests this report is primarily informational, focusing on threat intelligence sharing rather than describing a novel or actively exploited vulnerability. The distribution score of 3 may imply moderate dissemination or relevance across multiple targets or sectors, but without further context, this remains ambiguous. Overall, this report serves as an OSINT update on malware-related IOCs without direct actionable exploit data or vulnerability specifics.
Potential Impact
Given the lack of detailed technical information and absence of known active exploits, the immediate impact on European organizations is likely limited. However, as this report aggregates malware-related IOCs, it can aid security teams in enhancing detection capabilities and threat hunting activities. European organizations that rely heavily on OSINT feeds and threat intelligence platforms may benefit from integrating these IOCs into their security monitoring tools to identify potential malware infections early. The medium severity rating suggests that while the threat is not currently critical, it should not be ignored, especially in sectors with high-value targets such as finance, critical infrastructure, and government. The potential impact includes improved situational awareness but also the risk of overlooking emerging threats if these IOCs are not incorporated into defensive measures. Since no specific malware families or attack techniques are mentioned, the impact on confidentiality, integrity, or availability cannot be precisely assessed but is presumed moderate given the medium severity classification.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection of related malware activity. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3. Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4. Implement network segmentation and strict access controls to limit lateral movement should malware be detected. 5. Regularly review and update incident response plans to incorporate procedures for malware detection and containment based on emerging IOCs. 6. Encourage collaboration and information sharing with European cybersecurity communities and CERTs to stay informed about evolving threats linked to these IOCs. 7. Since no patches are available, focus on detection and containment rather than remediation of a specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- url: http://aybedosgaledsos.net/
- file: 5.42.64.9
- hash: 37471
- file: 41.102.92.209
- hash: 1604
- file: 43.136.122.174
- hash: 2222
- file: 206.119.171.125
- hash: 80
- file: 192.169.6.122
- hash: 443
- file: 20.38.38.53
- hash: 7443
- file: 213.183.56.95
- hash: 8085
- file: 35.173.234.124
- hash: 8443
- file: 159.223.92.16
- hash: 443
- file: 172.232.36.73
- hash: 10443
- file: 34.245.141.209
- hash: 445
- file: 41.96.91.45
- hash: 443
- file: 24.46.78.214
- hash: 2222
- file: 142.154.17.8
- hash: 443
- file: 196.77.31.193
- hash: 995
- file: 141.255.151.226
- hash: 80
- file: 38.180.60.28
- hash: 8888
- url: http://882584cm.nyashtech.top/eternalrequestgeobaseflowertrack.php
- file: 101.43.30.194
- hash: 89
- file: 187.135.122.175
- hash: 1962
- file: 47.95.213.55
- hash: 80
- url: http://77.105.132.216/56f47e918c5386bf.php
- file: 123.20.56.214
- hash: 7777
- file: 46.190.144.131
- hash: 80
- file: 185.250.210.93
- hash: 80
- file: 91.92.244.42
- hash: 9087
- file: 165.232.153.139
- hash: 80
- file: 185.222.58.113
- hash: 55615
- url: http://47.116.17.169:5001/push
- file: 107.182.190.222
- hash: 8443
- url: http://193.201.9.69/dot.gif
- url: http://service-pgxnje5g-1307231181.gz.tencentapigw.com:9999/visit.js
- url: http://110.42.213.232:6666/dpixel
- url: http://47.236.19.63:8989/updates.rss
- url: http://43.153.206.194:1111/g.pixel
- file: 1.12.36.65
- hash: 443
- url: http://110.42.213.232/j.ad
- file: 109.248.144.199
- hash: 1333
- url: https://arpa.viewdns.net/ie9compatviewlist.xml
- url: https://arpa.viewdns.net/ptj
- url: https://arpa.viewdns.net
- url: https://172.111.218.107
- url: http://39.105.31.188/push
- url: http://88.214.27.53:8000/en_us/all.js
- file: 154.3.2.253
- hash: 80
- url: https://5.45.83.223
- url: http://5.252.177.247
- url: http://37.1.213.121:8080
- url: https://37.252.1.225
- url: https://45.153.48.176
- url: http://66.11.117.40
- url: http://91.92.250.214
- domain: capcanboylokemez.com
- domain: cayferelokimizedolem.net
- domain: caygadholemerezdolez.com
- domain: ceptolezcominezcoydez.com
- domain: cevapveremezdolemereszoes2.net
- domain: cevapveremezdolemezdolirezdoremifadso.net
- domain: domlezcomlezdomdenyomegdo.com
- domain: haygodfolmoldol.net
- domain: haytoplokezdolezdominec.net
- domain: hepgeldomkelzdomezforez.net
- domain: nededlokezdolerezsos3.net
- domain: raceptoplumdemezdey.net
- domain: saydornolicezdome.net
- domain: sayfedkolyegelme.net
- domain: saygakolbalabana.com
- domain: saygaydolezlomiedco.com
- domain: saygedyolezdomezdominez.net
- domain: saygolezdolemeze.com
- domain: tahridyolezdolemez.com
- domain: tahriyedsolemezdolerede2.com
- domain: tahtalidoleredominezdolez.com
- domain: tahtalidyolezdoliezdominez.com
- domain: tahtalimcominezdoles.net
- domain: tahtalokezdolemrezced5.net
- domain: tahtaravilazdolerez.com
- domain: tahtatgoblindomlin.com
- domain: tahtaydomlokezdoleriz.net
- domain: tahyolezdolemezdo.com
- domain: tarafdalimezdolemezdolerez.com
- domain: tarhanelokezdol.net
- domain: tayfederlokizdolerizne.net
- domain: tayfundolemezdo.com
- domain: tayhadlokezdolereme.net
- domain: tayrepcanogelmezo.net
- domain: taytoreztoleztomelez.net
- domain: tufankolfodemolezdor.net
- domain: tuftoflokezdoriez.com
- domain: yathohkolfaledtosun.net
- domain: yayfolezdolemenegidiyo.net
- url: http://a0899050.xsph.ru/_defaultwindows.php
- url: http://chaojimanyi.com
- url: http://chaojimanyi.com/pixel
- url: https://gonamph.com
- url: https://dzxngxmlsim3.cloudfront.net/ba.css
- domain: asalamakolemezdoes.net
- domain: rahlokezdolepizdomer.com
- domain: rahmetdolezdolirmolipdom.com
- domain: saygabolemezdomenezcom.net
- domain: saygoodfoledopel.com
- domain: taytoplopidolep.com
- domain: secures-tool.com
- file: 88.214.27.53
- hash: 4443
- domain: tracker.web-cockpit.jp
- domain: passenger210.bar
- domain: bus527.cfd
- domain: follow707.cloud
- domain: war740.engineer
- domain: block714.mobi
- domain: bind853.me
- domain: temple321.bar
- domain: earn454.live
- domain: heavy689.immo
- domain: door111.network
- domain: blind227.boutique
- domain: salt204.me
- domain: dig159.digital
- domain: gymorning.cyou
- domain: hovr.monster
- domain: strimmr.buzz
- domain: lynxer.monster
- domain: 7raven.uno
- domain: 2blu.cloud
- domain: depth305.digital
- domain: slavery588.biz
- domain: reduction925.cc
- domain: supper728.gifts
- domain: mn-vps.art
- domain: literature539.space
- domain: gxmod.pics
- file: 45.61.162.107
- hash: 9999
- file: 110.40.213.71
- hash: 443
- domain: www.linxun.xyz
- file: 111.231.22.61
- hash: 80
- file: 147.78.47.15
- hash: 65235
- file: 121.40.233.196
- hash: 9999
- file: 82.157.167.178
- hash: 443
- file: 74.48.19.156
- hash: 10000
- file: 111.67.195.164
- hash: 40000
- file: 124.220.163.73
- hash: 65009
- file: 39.106.226.198
- hash: 888
- file: 8.134.172.115
- hash: 8081
- file: 120.48.58.156
- hash: 443
- file: 38.12.28.100
- hash: 80
- file: 38.12.28.100
- hash: 443
- file: 94.74.105.131
- hash: 8888
- file: 46.17.104.221
- hash: 54545
- file: 51.250.16.184
- hash: 8011
- file: 47.115.220.95
- hash: 8081
- file: 101.200.120.13
- hash: 4444
- file: 45.121.48.43
- hash: 80
- file: 103.229.54.221
- hash: 4433
- file: 45.207.47.21
- hash: 9999
- file: 43.129.187.60
- hash: 443
- file: 8.130.116.89
- hash: 10000
- file: 116.204.89.237
- hash: 80
- file: 155.94.140.13
- hash: 61259
- file: 122.51.41.5
- hash: 5677
- file: 43.204.108.99
- hash: 80
- file: 47.236.28.58
- hash: 81
- file: 101.132.182.180
- hash: 5111
- file: 38.47.106.38
- hash: 5555
- file: 77.91.100.228
- hash: 80
- file: 45.8.158.71
- hash: 2082
- file: 165.227.210.49
- hash: 443
- file: 194.190.152.81
- hash: 31337
- file: 159.203.149.148
- hash: 443
- file: 194.116.191.150
- hash: 88
- file: 14.234.25.153
- hash: 8080
- file: 135.125.27.218
- hash: 6000
- file: 91.92.254.36
- hash: 4747
- file: 190.213.184.38
- hash: 8808
- file: 91.92.251.62
- hash: 6606
- file: 37.1.214.209
- hash: 8088
- file: 47.95.197.160
- hash: 6606
- domain: 137-184-80-125.cprapid.com
- domain: mail.159-89-8-28.cprapid.com
- file: 181.215.49.104
- hash: 80
- file: 80.87.197.162
- hash: 80
- file: 181.215.49.105
- hash: 80
- file: 91.92.255.30
- hash: 80
- domain: 139-162-33-94.ip.linodeusercontent.com
- file: 37.230.112.206
- hash: 80
- file: 34.203.226.105
- hash: 80
- domain: invadersec.com
- domain: ceifador.benzetacil.com
- domain: ladyrai.site
- domain: avtokuba.ru
- domain: static.123.87.21.65.clients.your-server.de
- file: 62.234.61.157
- hash: 6000
- file: 47.93.42.113
- hash: 80
- domain: 174.151.189.35.bc.googleusercontent.com
- file: 216.238.78.129
- hash: 8888
- domain: vistc.com
- domain: activelifes.shop
- domain: v2202311142188246753.nicesrv.de
- domain: walbuschgruppe.com
- domain: www.achiversacademy.shop
- file: 91.92.250.110
- hash: 80
- file: 99.103.131.181
- hash: 2222
- file: 75.130.243.162
- hash: 5000
- file: 91.103.253.184
- hash: 80
- file: 77.105.146.152
- hash: 80
- file: 35.169.28.72
- hash: 443
- domain: ec2-54-224-145-107.compute-1.amazonaws.com
- file: 95.217.82.39
- hash: 19000
- file: 185.209.161.162
- hash: 19000
- file: 91.92.253.3
- hash: 19000
- file: 91.92.242.217
- hash: 19000
- file: 91.92.253.159
- hash: 19000
- domain: xmrpool.shop
- file: 39.104.226.130
- hash: 60000
- file: 38.181.34.201
- hash: 60000
- file: 103.145.191.118
- hash: 60000
- file: 121.196.193.21
- hash: 60000
- file: 59.110.9.127
- hash: 60000
- domain: ads.customerportalverify.store
- domain: smetrics.customerportalverify.store
- domain: logs.customerportalverify.store
- file: 80.85.154.199
- hash: 4578
- file: 3.35.8.177
- hash: 3333
- file: 13.42.163.200
- hash: 5723
- file: 64.227.130.150
- hash: 8443
- file: 34.247.168.187
- hash: 5723
- file: 18.135.30.45
- hash: 4433
- file: 18.135.30.45
- hash: 4443
- file: 18.135.30.45
- hash: 4449
- file: 18.135.30.45
- hash: 4431
- file: 13.42.177.28
- hash: 5723
- file: 104.193.111.38
- hash: 3333
- file: 104.168.24.196
- hash: 9000
- domain: bigscreenthrills.org
- domain: 1518644.com
- domain: www.736631.com
- file: 47.7.145.133
- hash: 23
- file: 187.135.122.175
- hash: 2087
- file: 187.135.122.175
- hash: 2095
- file: 187.135.122.175
- hash: 2181
- file: 187.135.122.175
- hash: 1701
- file: 187.135.122.175
- hash: 1883
- file: 187.135.122.175
- hash: 2000
- file: 187.135.122.175
- hash: 2078
- file: 187.135.122.175
- hash: 2079
- file: 187.135.122.175
- hash: 2281
- file: 187.135.122.175
- hash: 1723
- file: 187.135.122.175
- hash: 2003
- file: 187.135.122.175
- hash: 2053
- file: 160.179.104.109
- hash: 995
- file: 188.54.123.236
- hash: 995
- domain: raygovalizrobinezcomez.net
- domain: rayrovelemanze.com
- domain: sevcikconcikdomilezdolerez.com
- domain: sevdalimdolemezdidos.com
- domain: tayhonkolimbinesos.net
- domain: teygolfaygoldoleriz.com
- domain: zaryedtormentosco.net
- url: http://111.231.22.61/push
- domain: gayretoploforeztolezkoz.net
- url: https://116.202.180.148:2024/
- url: https://5.75.215.64/
- file: 116.202.180.148
- hash: 2024
- file: 5.75.215.64
- hash: 443
- file: 18.197.239.5
- hash: 15020
- file: 18.192.93.86
- hash: 15020
- file: 18.157.68.73
- hash: 15020
- url: https://39.100.128.2/split/d/7473220op
- file: 39.100.128.2
- hash: 443
- url: http://5.230.40.118/login
- url: http://5.230.46.135/login
- url: http://5.230.68.85/login
- url: http://5.230.68.152/login
- url: http://31.13.195.10/login
- url: http://45.8.159.34/login
- url: http://45.11.182.116/login
- url: http://45.141.37.139/login
- url: http://45.155.250.54/login
- url: http://77.73.69.80/login
- url: http://77.73.69.95/login
- url: http://77.73.69.251/login
- url: http://77.73.70.10/login
- url: http://77.73.70.71/login
- url: http://91.92.248.26/login
- url: http://91.197.1.37/login
- url: http://94.242.53.26/login
- url: http://94.242.53.101/login
- url: http://101.99.95.144/login
- url: http://159.100.9.207/login
- url: http://185.84.140.32/login
- url: http://185.156.172.64/login
- url: http://194.36.190.238/login
- url: http://216.158.225.153/login
- url: http://94.103.90.193/
- file: 194.190.152.81
- hash: 8888
- file: 179.96.164.30
- hash: 445
- file: 37.27.27.94
- hash: 445
- file: 184.70.132.254
- hash: 443
- file: 78.101.91.145
- hash: 995
- file: 86.98.8.79
- hash: 443
- file: 37.210.32.140
- hash: 443
- url: http://185.106.94.86/basepollimage/3_/requestpacket2/tempdb/7pipe2/temporarypipe/providervideolinephprequestprocesslinuxtraffictemp.php
- url: http://a0899944.xsph.ru/l1nc0in.php
- file: 47.253.43.163
- hash: 10001
- file: 91.229.239.230
- hash: 80
- file: 193.168.141.241
- hash: 80
- file: 193.233.202.4
- hash: 80
- url: https://120.48.58.156/ga.js
- file: 45.88.186.145
- hash: 7707
ThreatFox IOCs for 2024-01-03
Medium
Published: Wed Jan 03 2024 (01/03/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2024-01-03
AI-Powered Analysis
AILast updated: 06/18/2025, 19:47:53 UTC
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-01-03," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) relevant to malware threats as of January 3, 2024. However, the data lacks specific technical details such as affected software versions, detailed malware behavior, attack vectors, or exploitation methods. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild associated with this report, and no patch information is provided. The absence of CWEs (Common Weakness Enumerations) and detailed technical analysis suggests this report is primarily informational, focusing on threat intelligence sharing rather than describing a novel or actively exploited vulnerability. The distribution score of 3 may imply moderate dissemination or relevance across multiple targets or sectors, but without further context, this remains ambiguous. Overall, this report serves as an OSINT update on malware-related IOCs without direct actionable exploit data or vulnerability specifics.
Potential Impact
Given the lack of detailed technical information and absence of known active exploits, the immediate impact on European organizations is likely limited. However, as this report aggregates malware-related IOCs, it can aid security teams in enhancing detection capabilities and threat hunting activities. European organizations that rely heavily on OSINT feeds and threat intelligence platforms may benefit from integrating these IOCs into their security monitoring tools to identify potential malware infections early. The medium severity rating suggests that while the threat is not currently critical, it should not be ignored, especially in sectors with high-value targets such as finance, critical infrastructure, and government. The potential impact includes improved situational awareness but also the risk of overlooking emerging threats if these IOCs are not incorporated into defensive measures. Since no specific malware families or attack techniques are mentioned, the impact on confidentiality, integrity, or availability cannot be precisely assessed but is presumed moderate given the medium severity classification.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection of related malware activity. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3. Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4. Implement network segmentation and strict access controls to limit lateral movement should malware be detected. 5. Regularly review and update incident response plans to incorporate procedures for malware detection and containment based on emerging IOCs. 6. Encourage collaboration and information sharing with European cybersecurity communities and CERTs to stay informed about evolving threats linked to these IOCs. 7. Since no patches are available, focus on detection and containment rather than remediation of a specific vulnerability.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 0f2cef51-527f-4897-a90d-48e0a4ef993e
- Original Timestamp
- 1704326587
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://aybedosgaledsos.net/ | Hydra botnet C2 (confidence level: 100%) | |
urlhttp://882584cm.nyashtech.top/eternalrequestgeobaseflowertrack.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://77.105.132.216/56f47e918c5386bf.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://47.116.17.169:5001/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://193.201.9.69/dot.gif | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://service-pgxnje5g-1307231181.gz.tencentapigw.com:9999/visit.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://110.42.213.232:6666/dpixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://47.236.19.63:8989/updates.rss | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://43.153.206.194:1111/g.pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://110.42.213.232/j.ad | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://arpa.viewdns.net/ie9compatviewlist.xml | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://arpa.viewdns.net/ptj | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://arpa.viewdns.net | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://172.111.218.107 | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://39.105.31.188/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://88.214.27.53:8000/en_us/all.js | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://5.45.83.223 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://5.252.177.247 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://37.1.213.121:8080 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://37.252.1.225 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://45.153.48.176 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://66.11.117.40 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://91.92.250.214 | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://a0899050.xsph.ru/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://chaojimanyi.com | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://chaojimanyi.com/pixel | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://gonamph.com | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://dzxngxmlsim3.cloudfront.net/ba.css | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://111.231.22.61/push | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttps://116.202.180.148:2024/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://5.75.215.64/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://39.100.128.2/split/d/7473220op | Cobalt Strike botnet C2 (confidence level: 100%) | |
urlhttp://5.230.40.118/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://5.230.46.135/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://5.230.68.85/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://5.230.68.152/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://31.13.195.10/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.8.159.34/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.11.182.116/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.141.37.139/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.155.250.54/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://77.73.69.80/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://77.73.69.95/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://77.73.69.251/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://77.73.70.10/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://77.73.70.71/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://91.92.248.26/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://91.197.1.37/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://94.242.53.26/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://94.242.53.101/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://101.99.95.144/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://159.100.9.207/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://185.84.140.32/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://185.156.172.64/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://194.36.190.238/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://216.158.225.153/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://94.103.90.193/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://185.106.94.86/basepollimage/3_/requestpacket2/tempdb/7pipe2/temporarypipe/providervideolinephprequestprocesslinuxtraffictemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a0899944.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://120.48.58.156/ga.js | Cobalt Strike botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file5.42.64.9 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file41.102.92.209 | DarkComet botnet C2 server (confidence level: 80%) | |
file43.136.122.174 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file206.119.171.125 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file192.169.6.122 | Sliver botnet C2 server (confidence level: 50%) | |
file20.38.38.53 | Unknown malware botnet C2 server (confidence level: 50%) | |
file213.183.56.95 | BianLian botnet C2 server (confidence level: 50%) | |
file35.173.234.124 | Havoc botnet C2 server (confidence level: 50%) | |
file159.223.92.16 | Havoc botnet C2 server (confidence level: 50%) | |
file172.232.36.73 | Havoc botnet C2 server (confidence level: 50%) | |
file34.245.141.209 | Responder botnet C2 server (confidence level: 50%) | |
file41.96.91.45 | QakBot botnet C2 server (confidence level: 50%) | |
file24.46.78.214 | QakBot botnet C2 server (confidence level: 50%) | |
file142.154.17.8 | QakBot botnet C2 server (confidence level: 50%) | |
file196.77.31.193 | QakBot botnet C2 server (confidence level: 50%) | |
file141.255.151.226 | DCRat botnet C2 server (confidence level: 50%) | |
file38.180.60.28 | Unknown malware botnet C2 server (confidence level: 50%) | |
file101.43.30.194 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 80%) | |
file47.95.213.55 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file123.20.56.214 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file46.190.144.131 | Hook botnet C2 server (confidence level: 100%) | |
file185.250.210.93 | Hook botnet C2 server (confidence level: 100%) | |
file91.92.244.42 | Hook botnet C2 server (confidence level: 100%) | |
file165.232.153.139 | Hook botnet C2 server (confidence level: 100%) | |
file185.222.58.113 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file107.182.190.222 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file1.12.36.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file109.248.144.199 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file154.3.2.253 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file88.214.27.53 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
file45.61.162.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file110.40.213.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.231.22.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.78.47.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.40.233.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.167.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file74.48.19.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.67.195.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.220.163.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.106.226.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.172.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.48.58.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.12.28.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.12.28.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.74.105.131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.17.104.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.250.16.184 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.115.220.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.200.120.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.121.48.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.229.54.221 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.207.47.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.129.187.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.116.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.89.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.94.140.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.51.41.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.204.108.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.236.28.58 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.132.182.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.47.106.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file77.91.100.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.8.158.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file165.227.210.49 | Sliver botnet C2 server (confidence level: 90%) | |
file194.190.152.81 | Sliver botnet C2 server (confidence level: 90%) | |
file159.203.149.148 | Sliver botnet C2 server (confidence level: 90%) | |
file194.116.191.150 | ShadowPad botnet C2 server (confidence level: 90%) | |
file14.234.25.153 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file135.125.27.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.92.254.36 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file190.213.184.38 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.92.251.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file37.1.214.209 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file47.95.197.160 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file181.215.49.104 | Hook botnet C2 server (confidence level: 100%) | |
file80.87.197.162 | Hook botnet C2 server (confidence level: 100%) | |
file181.215.49.105 | Hook botnet C2 server (confidence level: 100%) | |
file91.92.255.30 | Hook botnet C2 server (confidence level: 100%) | |
file37.230.112.206 | Hook botnet C2 server (confidence level: 100%) | |
file34.203.226.105 | Hook botnet C2 server (confidence level: 100%) | |
file62.234.61.157 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file47.93.42.113 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file216.238.78.129 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.92.250.110 | Venom RAT botnet C2 server (confidence level: 100%) | |
file99.103.131.181 | Venom RAT botnet C2 server (confidence level: 100%) | |
file75.130.243.162 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.103.253.184 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file77.105.146.152 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file35.169.28.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.217.82.39 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file185.209.161.162 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file91.92.253.3 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file91.92.242.217 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file91.92.253.159 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
file39.104.226.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.181.34.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.145.191.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.196.193.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.110.9.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.85.154.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.35.8.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.42.163.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.227.130.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.247.168.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.30.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.42.177.28 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.193.111.38 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.168.24.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.7.145.133 | Bashlite botnet C2 server (confidence level: 90%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file187.135.122.175 | DarkComet botnet C2 server (confidence level: 100%) | |
file160.179.104.109 | QakBot botnet C2 server (confidence level: 100%) | |
file188.54.123.236 | QakBot botnet C2 server (confidence level: 100%) | |
file116.202.180.148 | Vidar botnet C2 server (confidence level: 100%) | |
file5.75.215.64 | Vidar botnet C2 server (confidence level: 100%) | |
file18.197.239.5 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.192.93.86 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.157.68.73 | NjRAT botnet C2 server (confidence level: 100%) | |
file39.100.128.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.190.152.81 | Sliver botnet C2 server (confidence level: 50%) | |
file179.96.164.30 | Havoc botnet C2 server (confidence level: 50%) | |
file37.27.27.94 | Responder botnet C2 server (confidence level: 50%) | |
file184.70.132.254 | QakBot botnet C2 server (confidence level: 50%) | |
file78.101.91.145 | QakBot botnet C2 server (confidence level: 50%) | |
file86.98.8.79 | QakBot botnet C2 server (confidence level: 50%) | |
file37.210.32.140 | QakBot botnet C2 server (confidence level: 50%) | |
file47.253.43.163 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
file91.229.239.230 | IcedID botnet C2 server (confidence level: 75%) | |
file193.168.141.241 | IcedID botnet C2 server (confidence level: 75%) | |
file193.233.202.4 | IcedID botnet C2 server (confidence level: 75%) | |
file45.88.186.145 | AsyncRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash37471 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 80%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8085 | BianLian botnet C2 server (confidence level: 50%) | |
hash8443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash10443 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash2222 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash80 | DCRat botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash89 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash1962 | DarkComet botnet C2 server (confidence level: 80%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash9087 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1333 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 80%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash40000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash65009 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash54545 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8011 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash61259 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5677 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash88 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4747 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash6000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 50%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4578 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5723 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5723 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4431 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5723 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 90%) | |
hash2087 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2095 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2181 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1701 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1883 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2000 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2078 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2079 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2281 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1723 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2003 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2053 | DarkComet botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash2024 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash15020 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15020 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15020 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 50%) | |
hash445 | Havoc botnet C2 server (confidence level: 50%) | |
hash445 | Responder botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 80%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash80 | IcedID botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincapcanboylokemez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaincayferelokimizedolem.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaincaygadholemerezdolez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainceptolezcominezcoydez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaincevapveremezdolemereszoes2.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaincevapveremezdolemezdolirezdoremifadso.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaindomlezcomlezdomdenyomegdo.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainhaygodfolmoldol.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainhaytoplokezdolezdominec.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainhepgeldomkelzdomezforez.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainnededlokezdolerezsos3.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainraceptoplumdemezdey.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaydornolicezdome.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainsayfedkolyegelme.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaygakolbalabana.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaygaydolezlomiedco.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaygedyolezdomezdominez.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaygolezdolemeze.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahridyolezdolemez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahriyedsolemezdolerede2.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtalidoleredominezdolez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtalidyolezdoliezdominez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtalimcominezdoles.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtalokezdolemrezced5.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtaravilazdolerez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtatgoblindomlin.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahtaydomlokezdoleriz.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintahyolezdolemezdo.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintarafdalimezdolemezdolerez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintarhanelokezdol.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintayfederlokizdolerizne.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintayfundolemezdo.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintayhadlokezdolereme.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintayrepcanogelmezo.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintaytoreztoleztomelez.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintufankolfodemolezdor.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaintuftoflokezdoriez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainyathohkolfaledtosun.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainyayfolezdolemenegidiyo.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainasalamakolemezdoes.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainrahlokezdolepizdomer.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainrahmetdolezdolirmolipdom.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaygabolemezdomenezcom.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainsaygoodfoledopel.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintaytoplopidolep.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainsecures-tool.com | magecart credit card skimming domain (confidence level: 100%) | |
domaintracker.web-cockpit.jp | magecart credit card skimming domain (confidence level: 100%) | |
domainpassenger210.bar | magecart credit card skimming domain (confidence level: 100%) | |
domainbus527.cfd | magecart credit card skimming domain (confidence level: 100%) | |
domainfollow707.cloud | magecart credit card skimming domain (confidence level: 100%) | |
domainwar740.engineer | magecart credit card skimming domain (confidence level: 100%) | |
domainblock714.mobi | magecart credit card skimming domain (confidence level: 100%) | |
domainbind853.me | magecart credit card skimming domain (confidence level: 100%) | |
domaintemple321.bar | magecart credit card skimming domain (confidence level: 100%) | |
domainearn454.live | magecart credit card skimming domain (confidence level: 100%) | |
domainheavy689.immo | magecart credit card skimming domain (confidence level: 100%) | |
domaindoor111.network | magecart credit card skimming domain (confidence level: 100%) | |
domainblind227.boutique | magecart credit card skimming domain (confidence level: 100%) | |
domainsalt204.me | magecart credit card skimming domain (confidence level: 100%) | |
domaindig159.digital | magecart credit card skimming domain (confidence level: 100%) | |
domaingymorning.cyou | magecart credit card skimming domain (confidence level: 100%) | |
domainhovr.monster | magecart credit card skimming domain (confidence level: 100%) | |
domainstrimmr.buzz | magecart credit card skimming domain (confidence level: 100%) | |
domainlynxer.monster | magecart credit card skimming domain (confidence level: 100%) | |
domain7raven.uno | magecart credit card skimming domain (confidence level: 100%) | |
domain2blu.cloud | magecart credit card skimming domain (confidence level: 100%) | |
domaindepth305.digital | magecart credit card skimming domain (confidence level: 100%) | |
domainslavery588.biz | magecart credit card skimming domain (confidence level: 100%) | |
domainreduction925.cc | magecart credit card skimming domain (confidence level: 100%) | |
domainsupper728.gifts | magecart credit card skimming domain (confidence level: 100%) | |
domainmn-vps.art | magecart credit card skimming domain (confidence level: 100%) | |
domainliterature539.space | magecart credit card skimming domain (confidence level: 100%) | |
domaingxmod.pics | magecart credit card skimming domain (confidence level: 100%) | |
domainwww.linxun.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain137-184-80-125.cprapid.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmail.159-89-8-28.cprapid.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain139-162-33-94.ip.linodeusercontent.com | Hook botnet C2 domain (confidence level: 100%) | |
domaininvadersec.com | Hook botnet C2 domain (confidence level: 100%) | |
domainceifador.benzetacil.com | Hook botnet C2 domain (confidence level: 100%) | |
domainladyrai.site | Hook botnet C2 domain (confidence level: 100%) | |
domainavtokuba.ru | Hook botnet C2 domain (confidence level: 100%) | |
domainstatic.123.87.21.65.clients.your-server.de | Hook botnet C2 domain (confidence level: 100%) | |
domain174.151.189.35.bc.googleusercontent.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvistc.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainactivelifes.shop | Havoc botnet C2 domain (confidence level: 100%) | |
domainv2202311142188246753.nicesrv.de | Havoc botnet C2 domain (confidence level: 100%) | |
domainwalbuschgruppe.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.achiversacademy.shop | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-54-224-145-107.compute-1.amazonaws.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainxmrpool.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainads.customerportalverify.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsmetrics.customerportalverify.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlogs.customerportalverify.store | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainbigscreenthrills.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain1518644.com | SpyNote botnet C2 domain (confidence level: 100%) | |
domainwww.736631.com | SpyNote botnet C2 domain (confidence level: 100%) | |
domainraygovalizrobinezcomez.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainrayrovelemanze.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainsevcikconcikdomilezdolerez.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainsevdalimdolemezdidos.com | Hydra botnet C2 domain (confidence level: 100%) | |
domaintayhonkolimbinesos.net | Hydra botnet C2 domain (confidence level: 100%) | |
domainteygolfaygoldoleriz.com | Hydra botnet C2 domain (confidence level: 100%) | |
domainzaryedtormentosco.net | Hydra botnet C2 domain (confidence level: 100%) | |
domaingayretoploforeztolezkoz.net | Hydra botnet C2 domain (confidence level: 100%) |
Threat ID: 682b7ba5d3ddd8cef2e888b6
Added to database: 5/19/2025, 6:42:45 PM
Last enriched: 6/18/2025, 7:47:53 PM
Last updated: 7/28/2025, 6:12:53 AM
Views: 10
Related Threats
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing
MediumMalwareWed Aug 13 2025
Silent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumMalwareWed Aug 13 2025
CastleLoader Analysis
MediumMalwareWed Aug 13 2025
The Dark Side of Parental Control Apps
MediumMalwareWed Aug 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.