Skip to main content

ThreatFox IOCs for 2024-01-03

Medium
Published: Wed Jan 03 2024 (01/03/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-01-03

AI-Powered Analysis

AILast updated: 06/18/2025, 19:47:53 UTC

Technical Analysis

The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2024-01-03," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) relevant to malware threats as of January 3, 2024. However, the data lacks specific technical details such as affected software versions, detailed malware behavior, attack vectors, or exploitation methods. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild associated with this report, and no patch information is provided. The absence of CWEs (Common Weakness Enumerations) and detailed technical analysis suggests this report is primarily informational, focusing on threat intelligence sharing rather than describing a novel or actively exploited vulnerability. The distribution score of 3 may imply moderate dissemination or relevance across multiple targets or sectors, but without further context, this remains ambiguous. Overall, this report serves as an OSINT update on malware-related IOCs without direct actionable exploit data or vulnerability specifics.

Potential Impact

Given the lack of detailed technical information and absence of known active exploits, the immediate impact on European organizations is likely limited. However, as this report aggregates malware-related IOCs, it can aid security teams in enhancing detection capabilities and threat hunting activities. European organizations that rely heavily on OSINT feeds and threat intelligence platforms may benefit from integrating these IOCs into their security monitoring tools to identify potential malware infections early. The medium severity rating suggests that while the threat is not currently critical, it should not be ignored, especially in sectors with high-value targets such as finance, critical infrastructure, and government. The potential impact includes improved situational awareness but also the risk of overlooking emerging threats if these IOCs are not incorporated into defensive measures. Since no specific malware families or attack techniques are mentioned, the impact on confidentiality, integrity, or availability cannot be precisely assessed but is presumed moderate given the medium severity classification.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection of related malware activity. 2. Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3. Maintain up-to-date threat intelligence feeds and ensure security teams are trained to interpret and act on OSINT-derived indicators. 4. Implement network segmentation and strict access controls to limit lateral movement should malware be detected. 5. Regularly review and update incident response plans to incorporate procedures for malware detection and containment based on emerging IOCs. 6. Encourage collaboration and information sharing with European cybersecurity communities and CERTs to stay informed about evolving threats linked to these IOCs. 7. Since no patches are available, focus on detection and containment rather than remediation of a specific vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
0f2cef51-527f-4897-a90d-48e0a4ef993e
Original Timestamp
1704326587

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://aybedosgaledsos.net/
Hydra botnet C2 (confidence level: 100%)
urlhttp://882584cm.nyashtech.top/eternalrequestgeobaseflowertrack.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://77.105.132.216/56f47e918c5386bf.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://47.116.17.169:5001/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://193.201.9.69/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://service-pgxnje5g-1307231181.gz.tencentapigw.com:9999/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.213.232:6666/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.236.19.63:8989/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.153.206.194:1111/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.42.213.232/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://arpa.viewdns.net/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://arpa.viewdns.net/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://arpa.viewdns.net
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://172.111.218.107
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://39.105.31.188/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://88.214.27.53:8000/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://5.45.83.223
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://5.252.177.247
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://37.1.213.121:8080
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://37.252.1.225
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://45.153.48.176
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://66.11.117.40
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://91.92.250.214
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://a0899050.xsph.ru/_defaultwindows.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://chaojimanyi.com
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://chaojimanyi.com/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://gonamph.com
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://dzxngxmlsim3.cloudfront.net/ba.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://111.231.22.61/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://116.202.180.148:2024/
Vidar botnet C2 (confidence level: 100%)
urlhttps://5.75.215.64/
Vidar botnet C2 (confidence level: 100%)
urlhttps://39.100.128.2/split/d/7473220op
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://5.230.40.118/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://5.230.46.135/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://5.230.68.85/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://5.230.68.152/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://31.13.195.10/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://45.8.159.34/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://45.11.182.116/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://45.141.37.139/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://45.155.250.54/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://77.73.69.80/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://77.73.69.95/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://77.73.69.251/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://77.73.70.10/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://77.73.70.71/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://91.92.248.26/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://91.197.1.37/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://94.242.53.26/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://94.242.53.101/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://101.99.95.144/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://159.100.9.207/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.84.140.32/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.156.172.64/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://194.36.190.238/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://216.158.225.153/login
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://94.103.90.193/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://185.106.94.86/basepollimage/3_/requestpacket2/tempdb/7pipe2/temporarypipe/providervideolinephprequestprocesslinuxtraffictemp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a0899944.xsph.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://120.48.58.156/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file5.42.64.9
RedLine Stealer botnet C2 server (confidence level: 100%)
file41.102.92.209
DarkComet botnet C2 server (confidence level: 80%)
file43.136.122.174
Cobalt Strike botnet C2 server (confidence level: 80%)
file206.119.171.125
Cobalt Strike botnet C2 server (confidence level: 80%)
file192.169.6.122
Sliver botnet C2 server (confidence level: 50%)
file20.38.38.53
Unknown malware botnet C2 server (confidence level: 50%)
file213.183.56.95
BianLian botnet C2 server (confidence level: 50%)
file35.173.234.124
Havoc botnet C2 server (confidence level: 50%)
file159.223.92.16
Havoc botnet C2 server (confidence level: 50%)
file172.232.36.73
Havoc botnet C2 server (confidence level: 50%)
file34.245.141.209
Responder botnet C2 server (confidence level: 50%)
file41.96.91.45
QakBot botnet C2 server (confidence level: 50%)
file24.46.78.214
QakBot botnet C2 server (confidence level: 50%)
file142.154.17.8
QakBot botnet C2 server (confidence level: 50%)
file196.77.31.193
QakBot botnet C2 server (confidence level: 50%)
file141.255.151.226
DCRat botnet C2 server (confidence level: 50%)
file38.180.60.28
Unknown malware botnet C2 server (confidence level: 50%)
file101.43.30.194
Cobalt Strike botnet C2 server (confidence level: 80%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 80%)
file47.95.213.55
Cobalt Strike botnet C2 server (confidence level: 80%)
file123.20.56.214
Cobalt Strike botnet C2 server (confidence level: 80%)
file46.190.144.131
Hook botnet C2 server (confidence level: 100%)
file185.250.210.93
Hook botnet C2 server (confidence level: 100%)
file91.92.244.42
Hook botnet C2 server (confidence level: 100%)
file165.232.153.139
Hook botnet C2 server (confidence level: 100%)
file185.222.58.113
RedLine Stealer botnet C2 server (confidence level: 100%)
file107.182.190.222
Cobalt Strike botnet C2 server (confidence level: 80%)
file1.12.36.65
Cobalt Strike botnet C2 server (confidence level: 100%)
file109.248.144.199
Nanocore RAT botnet C2 server (confidence level: 100%)
file154.3.2.253
Cobalt Strike botnet C2 server (confidence level: 80%)
file88.214.27.53
Cobalt Strike botnet C2 server (confidence level: 80%)
file45.61.162.107
Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.213.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.231.22.61
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.78.47.15
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.40.233.196
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.157.167.178
Cobalt Strike botnet C2 server (confidence level: 100%)
file74.48.19.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.67.195.164
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.220.163.73
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.226.198
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.134.172.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.48.58.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.12.28.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.12.28.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file94.74.105.131
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.17.104.221
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.250.16.184
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.115.220.95
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.200.120.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.121.48.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.229.54.221
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.207.47.21
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.129.187.60
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.116.89
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.204.89.237
Cobalt Strike botnet C2 server (confidence level: 100%)
file155.94.140.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file122.51.41.5
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.204.108.99
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.28.58
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.132.182.180
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.47.106.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file77.91.100.228
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.8.158.71
Cobalt Strike botnet C2 server (confidence level: 100%)
file165.227.210.49
Sliver botnet C2 server (confidence level: 90%)
file194.190.152.81
Sliver botnet C2 server (confidence level: 90%)
file159.203.149.148
Sliver botnet C2 server (confidence level: 90%)
file194.116.191.150
ShadowPad botnet C2 server (confidence level: 90%)
file14.234.25.153
AsyncRAT botnet C2 server (confidence level: 100%)
file135.125.27.218
AsyncRAT botnet C2 server (confidence level: 100%)
file91.92.254.36
AsyncRAT botnet C2 server (confidence level: 100%)
file190.213.184.38
AsyncRAT botnet C2 server (confidence level: 100%)
file91.92.251.62
AsyncRAT botnet C2 server (confidence level: 100%)
file37.1.214.209
AsyncRAT botnet C2 server (confidence level: 100%)
file47.95.197.160
AsyncRAT botnet C2 server (confidence level: 100%)
file181.215.49.104
Hook botnet C2 server (confidence level: 100%)
file80.87.197.162
Hook botnet C2 server (confidence level: 100%)
file181.215.49.105
Hook botnet C2 server (confidence level: 100%)
file91.92.255.30
Hook botnet C2 server (confidence level: 100%)
file37.230.112.206
Hook botnet C2 server (confidence level: 100%)
file34.203.226.105
Hook botnet C2 server (confidence level: 100%)
file62.234.61.157
Quasar RAT botnet C2 server (confidence level: 100%)
file47.93.42.113
Quasar RAT botnet C2 server (confidence level: 100%)
file216.238.78.129
Quasar RAT botnet C2 server (confidence level: 100%)
file91.92.250.110
Venom RAT botnet C2 server (confidence level: 100%)
file99.103.131.181
Venom RAT botnet C2 server (confidence level: 100%)
file75.130.243.162
Unknown malware botnet C2 server (confidence level: 100%)
file91.103.253.184
Meduza Stealer botnet C2 server (confidence level: 100%)
file77.105.146.152
Meduza Stealer botnet C2 server (confidence level: 100%)
file35.169.28.72
Unknown malware botnet C2 server (confidence level: 100%)
file95.217.82.39
Rhadamanthys botnet C2 server (confidence level: 50%)
file185.209.161.162
Rhadamanthys botnet C2 server (confidence level: 50%)
file91.92.253.3
Rhadamanthys botnet C2 server (confidence level: 50%)
file91.92.242.217
Rhadamanthys botnet C2 server (confidence level: 50%)
file91.92.253.159
Rhadamanthys botnet C2 server (confidence level: 50%)
file39.104.226.130
Unknown malware botnet C2 server (confidence level: 100%)
file38.181.34.201
Unknown malware botnet C2 server (confidence level: 100%)
file103.145.191.118
Unknown malware botnet C2 server (confidence level: 100%)
file121.196.193.21
Unknown malware botnet C2 server (confidence level: 100%)
file59.110.9.127
Unknown malware botnet C2 server (confidence level: 100%)
file80.85.154.199
Unknown malware botnet C2 server (confidence level: 100%)
file3.35.8.177
Unknown malware botnet C2 server (confidence level: 100%)
file13.42.163.200
Unknown malware botnet C2 server (confidence level: 100%)
file64.227.130.150
Unknown malware botnet C2 server (confidence level: 100%)
file34.247.168.187
Unknown malware botnet C2 server (confidence level: 100%)
file18.135.30.45
Unknown malware botnet C2 server (confidence level: 100%)
file18.135.30.45
Unknown malware botnet C2 server (confidence level: 100%)
file18.135.30.45
Unknown malware botnet C2 server (confidence level: 100%)
file18.135.30.45
Unknown malware botnet C2 server (confidence level: 100%)
file13.42.177.28
Unknown malware botnet C2 server (confidence level: 100%)
file104.193.111.38
Unknown malware botnet C2 server (confidence level: 100%)
file104.168.24.196
Unknown malware botnet C2 server (confidence level: 100%)
file47.7.145.133
Bashlite botnet C2 server (confidence level: 90%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file187.135.122.175
DarkComet botnet C2 server (confidence level: 100%)
file160.179.104.109
QakBot botnet C2 server (confidence level: 100%)
file188.54.123.236
QakBot botnet C2 server (confidence level: 100%)
file116.202.180.148
Vidar botnet C2 server (confidence level: 100%)
file5.75.215.64
Vidar botnet C2 server (confidence level: 100%)
file18.197.239.5
NjRAT botnet C2 server (confidence level: 100%)
file18.192.93.86
NjRAT botnet C2 server (confidence level: 100%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 100%)
file39.100.128.2
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.190.152.81
Sliver botnet C2 server (confidence level: 50%)
file179.96.164.30
Havoc botnet C2 server (confidence level: 50%)
file37.27.27.94
Responder botnet C2 server (confidence level: 50%)
file184.70.132.254
QakBot botnet C2 server (confidence level: 50%)
file78.101.91.145
QakBot botnet C2 server (confidence level: 50%)
file86.98.8.79
QakBot botnet C2 server (confidence level: 50%)
file37.210.32.140
QakBot botnet C2 server (confidence level: 50%)
file47.253.43.163
Xtreme RAT botnet C2 server (confidence level: 80%)
file91.229.239.230
IcedID botnet C2 server (confidence level: 75%)
file193.168.141.241
IcedID botnet C2 server (confidence level: 75%)
file193.233.202.4
IcedID botnet C2 server (confidence level: 75%)
file45.88.186.145
AsyncRAT botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash37471
RedLine Stealer botnet C2 server (confidence level: 100%)
hash1604
DarkComet botnet C2 server (confidence level: 80%)
hash2222
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Sliver botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash8085
BianLian botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash443
Havoc botnet C2 server (confidence level: 50%)
hash10443
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash80
DCRat botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash89
Cobalt Strike botnet C2 server (confidence level: 80%)
hash1962
DarkComet botnet C2 server (confidence level: 80%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash7777
Cobalt Strike botnet C2 server (confidence level: 80%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash9087
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1333
Nanocore RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 80%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash65235
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash40000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash65009
Cobalt Strike botnet C2 server (confidence level: 100%)
hash888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash54545
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8011
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash61259
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5677
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5111
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash31337
Sliver botnet C2 server (confidence level: 90%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash88
ShadowPad botnet C2 server (confidence level: 90%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash6000
AsyncRAT botnet C2 server (confidence level: 100%)
hash4747
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8088
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash6000
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Venom RAT botnet C2 server (confidence level: 100%)
hash2222
Venom RAT botnet C2 server (confidence level: 100%)
hash5000
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Meduza Stealer botnet C2 server (confidence level: 100%)
hash80
Meduza Stealer botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 50%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 50%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 50%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 50%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 50%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash4578
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash5723
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash5723
Unknown malware botnet C2 server (confidence level: 100%)
hash4433
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash4449
Unknown malware botnet C2 server (confidence level: 100%)
hash4431
Unknown malware botnet C2 server (confidence level: 100%)
hash5723
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9000
Unknown malware botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 90%)
hash2087
DarkComet botnet C2 server (confidence level: 100%)
hash2095
DarkComet botnet C2 server (confidence level: 100%)
hash2181
DarkComet botnet C2 server (confidence level: 100%)
hash1701
DarkComet botnet C2 server (confidence level: 100%)
hash1883
DarkComet botnet C2 server (confidence level: 100%)
hash2000
DarkComet botnet C2 server (confidence level: 100%)
hash2078
DarkComet botnet C2 server (confidence level: 100%)
hash2079
DarkComet botnet C2 server (confidence level: 100%)
hash2281
DarkComet botnet C2 server (confidence level: 100%)
hash1723
DarkComet botnet C2 server (confidence level: 100%)
hash2003
DarkComet botnet C2 server (confidence level: 100%)
hash2053
DarkComet botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash2024
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash15020
NjRAT botnet C2 server (confidence level: 100%)
hash15020
NjRAT botnet C2 server (confidence level: 100%)
hash15020
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 50%)
hash445
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 80%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash80
IcedID botnet C2 server (confidence level: 75%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domaincapcanboylokemez.com
Hydra botnet C2 domain (confidence level: 100%)
domaincayferelokimizedolem.net
Hydra botnet C2 domain (confidence level: 100%)
domaincaygadholemerezdolez.com
Hydra botnet C2 domain (confidence level: 100%)
domainceptolezcominezcoydez.com
Hydra botnet C2 domain (confidence level: 100%)
domaincevapveremezdolemereszoes2.net
Hydra botnet C2 domain (confidence level: 100%)
domaincevapveremezdolemezdolirezdoremifadso.net
Hydra botnet C2 domain (confidence level: 100%)
domaindomlezcomlezdomdenyomegdo.com
Hydra botnet C2 domain (confidence level: 100%)
domainhaygodfolmoldol.net
Hydra botnet C2 domain (confidence level: 100%)
domainhaytoplokezdolezdominec.net
Hydra botnet C2 domain (confidence level: 100%)
domainhepgeldomkelzdomezforez.net
Hydra botnet C2 domain (confidence level: 100%)
domainnededlokezdolerezsos3.net
Hydra botnet C2 domain (confidence level: 100%)
domainraceptoplumdemezdey.net
Hydra botnet C2 domain (confidence level: 100%)
domainsaydornolicezdome.net
Hydra botnet C2 domain (confidence level: 100%)
domainsayfedkolyegelme.net
Hydra botnet C2 domain (confidence level: 100%)
domainsaygakolbalabana.com
Hydra botnet C2 domain (confidence level: 100%)
domainsaygaydolezlomiedco.com
Hydra botnet C2 domain (confidence level: 100%)
domainsaygedyolezdomezdominez.net
Hydra botnet C2 domain (confidence level: 100%)
domainsaygolezdolemeze.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahridyolezdolemez.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahriyedsolemezdolerede2.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahtalidoleredominezdolez.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahtalidyolezdoliezdominez.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahtalimcominezdoles.net
Hydra botnet C2 domain (confidence level: 100%)
domaintahtalokezdolemrezced5.net
Hydra botnet C2 domain (confidence level: 100%)
domaintahtaravilazdolerez.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahtatgoblindomlin.com
Hydra botnet C2 domain (confidence level: 100%)
domaintahtaydomlokezdoleriz.net
Hydra botnet C2 domain (confidence level: 100%)
domaintahyolezdolemezdo.com
Hydra botnet C2 domain (confidence level: 100%)
domaintarafdalimezdolemezdolerez.com
Hydra botnet C2 domain (confidence level: 100%)
domaintarhanelokezdol.net
Hydra botnet C2 domain (confidence level: 100%)
domaintayfederlokizdolerizne.net
Hydra botnet C2 domain (confidence level: 100%)
domaintayfundolemezdo.com
Hydra botnet C2 domain (confidence level: 100%)
domaintayhadlokezdolereme.net
Hydra botnet C2 domain (confidence level: 100%)
domaintayrepcanogelmezo.net
Hydra botnet C2 domain (confidence level: 100%)
domaintaytoreztoleztomelez.net
Hydra botnet C2 domain (confidence level: 100%)
domaintufankolfodemolezdor.net
Hydra botnet C2 domain (confidence level: 100%)
domaintuftoflokezdoriez.com
Hydra botnet C2 domain (confidence level: 100%)
domainyathohkolfaledtosun.net
Hydra botnet C2 domain (confidence level: 100%)
domainyayfolezdolemenegidiyo.net
Hydra botnet C2 domain (confidence level: 100%)
domainasalamakolemezdoes.net
Hydra botnet C2 domain (confidence level: 100%)
domainrahlokezdolepizdomer.com
Hydra botnet C2 domain (confidence level: 100%)
domainrahmetdolezdolirmolipdom.com
Hydra botnet C2 domain (confidence level: 100%)
domainsaygabolemezdomenezcom.net
Hydra botnet C2 domain (confidence level: 100%)
domainsaygoodfoledopel.com
Hydra botnet C2 domain (confidence level: 100%)
domaintaytoplopidolep.com
Hydra botnet C2 domain (confidence level: 100%)
domainsecures-tool.com
magecart credit card skimming domain (confidence level: 100%)
domaintracker.web-cockpit.jp
magecart credit card skimming domain (confidence level: 100%)
domainpassenger210.bar
magecart credit card skimming domain (confidence level: 100%)
domainbus527.cfd
magecart credit card skimming domain (confidence level: 100%)
domainfollow707.cloud
magecart credit card skimming domain (confidence level: 100%)
domainwar740.engineer
magecart credit card skimming domain (confidence level: 100%)
domainblock714.mobi
magecart credit card skimming domain (confidence level: 100%)
domainbind853.me
magecart credit card skimming domain (confidence level: 100%)
domaintemple321.bar
magecart credit card skimming domain (confidence level: 100%)
domainearn454.live
magecart credit card skimming domain (confidence level: 100%)
domainheavy689.immo
magecart credit card skimming domain (confidence level: 100%)
domaindoor111.network
magecart credit card skimming domain (confidence level: 100%)
domainblind227.boutique
magecart credit card skimming domain (confidence level: 100%)
domainsalt204.me
magecart credit card skimming domain (confidence level: 100%)
domaindig159.digital
magecart credit card skimming domain (confidence level: 100%)
domaingymorning.cyou
magecart credit card skimming domain (confidence level: 100%)
domainhovr.monster
magecart credit card skimming domain (confidence level: 100%)
domainstrimmr.buzz
magecart credit card skimming domain (confidence level: 100%)
domainlynxer.monster
magecart credit card skimming domain (confidence level: 100%)
domain7raven.uno
magecart credit card skimming domain (confidence level: 100%)
domain2blu.cloud
magecart credit card skimming domain (confidence level: 100%)
domaindepth305.digital
magecart credit card skimming domain (confidence level: 100%)
domainslavery588.biz
magecart credit card skimming domain (confidence level: 100%)
domainreduction925.cc
magecart credit card skimming domain (confidence level: 100%)
domainsupper728.gifts
magecart credit card skimming domain (confidence level: 100%)
domainmn-vps.art
magecart credit card skimming domain (confidence level: 100%)
domainliterature539.space
magecart credit card skimming domain (confidence level: 100%)
domaingxmod.pics
magecart credit card skimming domain (confidence level: 100%)
domainwww.linxun.xyz
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain137-184-80-125.cprapid.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainmail.159-89-8-28.cprapid.com
Unknown malware botnet C2 domain (confidence level: 100%)
domain139-162-33-94.ip.linodeusercontent.com
Hook botnet C2 domain (confidence level: 100%)
domaininvadersec.com
Hook botnet C2 domain (confidence level: 100%)
domainceifador.benzetacil.com
Hook botnet C2 domain (confidence level: 100%)
domainladyrai.site
Hook botnet C2 domain (confidence level: 100%)
domainavtokuba.ru
Hook botnet C2 domain (confidence level: 100%)
domainstatic.123.87.21.65.clients.your-server.de
Hook botnet C2 domain (confidence level: 100%)
domain174.151.189.35.bc.googleusercontent.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainvistc.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainactivelifes.shop
Havoc botnet C2 domain (confidence level: 100%)
domainv2202311142188246753.nicesrv.de
Havoc botnet C2 domain (confidence level: 100%)
domainwalbuschgruppe.com
Havoc botnet C2 domain (confidence level: 100%)
domainwww.achiversacademy.shop
Havoc botnet C2 domain (confidence level: 100%)
domainec2-54-224-145-107.compute-1.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainxmrpool.shop
Unknown malware botnet C2 domain (confidence level: 100%)
domainads.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainsmetrics.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainlogs.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainbigscreenthrills.org
Unknown malware botnet C2 domain (confidence level: 100%)
domain1518644.com
SpyNote botnet C2 domain (confidence level: 100%)
domainwww.736631.com
SpyNote botnet C2 domain (confidence level: 100%)
domainraygovalizrobinezcomez.net
Hydra botnet C2 domain (confidence level: 100%)
domainrayrovelemanze.com
Hydra botnet C2 domain (confidence level: 100%)
domainsevcikconcikdomilezdolerez.com
Hydra botnet C2 domain (confidence level: 100%)
domainsevdalimdolemezdidos.com
Hydra botnet C2 domain (confidence level: 100%)
domaintayhonkolimbinesos.net
Hydra botnet C2 domain (confidence level: 100%)
domainteygolfaygoldoleriz.com
Hydra botnet C2 domain (confidence level: 100%)
domainzaryedtormentosco.net
Hydra botnet C2 domain (confidence level: 100%)
domaingayretoploforeztolezkoz.net
Hydra botnet C2 domain (confidence level: 100%)

Threat ID: 682b7ba5d3ddd8cef2e888b6

Added to database: 5/19/2025, 6:42:45 PM

Last enriched: 6/18/2025, 7:47:53 PM

Last updated: 7/28/2025, 6:12:53 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats