Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2024-01-08

Medium
Malwaretype:osinttlp:white
Published: Mon Jan 08 2024 (01/08/2024, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2024-01-08

AI-Powered Analysis

AILast updated: 06/19/2025, 14:03:18 UTC

Technical Analysis

The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2024-01-08," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint" and "tlp:white," indicating that the information is open and intended for broad sharing without restrictions. The product affected is listed as "osint," which suggests that the threat relates to open-source intelligence tools or data rather than a specific software product or version. No specific affected versions or CWE identifiers are provided, and there are no patch links or known exploits in the wild associated with this threat at the time of publication. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may indicate moderate dissemination or detection frequency. The absence of concrete IOCs or detailed technical indicators limits the ability to perform a deep technical dissection of the malware's behavior, infection vectors, or payload characteristics. However, the classification as malware and the medium severity rating imply that the threat could potentially compromise systems if leveraged effectively. The lack of known exploits in the wild and the absence of authentication or user interaction requirements in the data suggest that exploitation might be non-trivial or currently theoretical. Overall, this threat appears to be an emerging or low-profile malware campaign or sample collection shared for situational awareness rather than an active, widespread attack vector at this time.

Potential Impact

For European organizations, the potential impact of this threat is currently limited but should not be disregarded. Since the threat is associated with OSINT-related malware and lacks known exploits in the wild, immediate risk to confidentiality, integrity, or availability is low to medium. However, if the malware were to be weaponized or integrated into targeted campaigns, it could lead to unauthorized data access, espionage, or disruption of open-source intelligence gathering processes. Organizations relying heavily on OSINT tools for competitive intelligence, cybersecurity monitoring, or strategic decision-making could face operational setbacks or data compromise. Given the medium severity rating, the threat may also serve as a precursor or component of more complex attack chains, potentially impacting supply chains or critical infrastructure sectors. The absence of detailed technical indicators limits the ability to assess specific attack vectors, but vigilance is warranted, especially in sectors where OSINT data integrity is critical.

Mitigation Recommendations

Given the limited technical details, mitigation should focus on enhancing detection and prevention capabilities around OSINT tools and related data flows. Specific recommendations include: 1) Implement robust monitoring of network traffic and endpoint behavior for anomalies associated with OSINT tool usage, including unusual data exfiltration or command-and-control communications. 2) Maintain up-to-date threat intelligence feeds and integrate ThreatFox and similar OSINT sources into security information and event management (SIEM) systems to detect emerging IOCs promptly. 3) Conduct regular audits and integrity checks of OSINT tools and data repositories to identify unauthorized modifications or malware infections. 4) Enforce strict access controls and segmentation for systems handling OSINT data to limit lateral movement in case of compromise. 5) Train security teams to recognize subtle indicators of malware activity within OSINT environments and encourage sharing of new findings within trusted communities. 6) Prepare incident response plans tailored to OSINT-related threats, including containment and eradication procedures specific to malware affecting intelligence tools. These measures go beyond generic advice by focusing on the unique context of OSINT-related malware and its operational environment.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
NetherlandsNetherlands
SwedenSweden
ItalyItaly
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f5b6e7f3-1651-4265-96f7-7afa735fad94
Original Timestamp
1704758587

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttp://185.215.113.68/theme/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://diagramfiremonkeyowwa.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cakecoldsplurgrewe.pw/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://soupinterestoe.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://neighborhoodfeelsa.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://dayfarrichjwclik.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://ratefacilityframw.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://194.87.218.132/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://185.215.113.68/theme/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://fk.n0reply.eu.org:8443/api-opt-2023-gfr/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.223.64.88/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://185.196.9.234:9443/dot.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://test.wiiooiij.tk:8443/api/3
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.4.59.117:4443/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://154.204.60.179:88/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.99.151.68:4443/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://101.200.72.45:5432/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://cins.hin7lostvas.pro:8443/case.css
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.94.67.222/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://check.cloudupdateserver.cloudns.org:8443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://service-rbr85ft5-1259685312.cd.apigw.tencentcs.com/api/get
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://199.195.252.200:9443/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.110.253.157/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://8.134.80.227/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://143.198.101.149/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://107.175.247.197:4443/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://120.27.212.14/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://success.165gov.cyou:8443/wp06/wp-includes/po.php
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://159.65.150.184/jquery-3.7.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://52.226.247.32:2525/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://47.100.199.201:4443/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://42.193.119.4/en_us/all.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.201.57.173/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://124.222.173.133:9443/cm
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://107.172.16.172:8443/jquery-4.6.0.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://88.214.27.53:4443/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://workday.us.org/en-us/silentauth
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://146.56.234.203/load
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://locall.miragov.info/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.43.30.194:8443/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://79.124.40.106:81/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://seruvadessigen.3utilities.com/apiv8/getstatus
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://79.124.40.106:82/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.30.109:8888/dpixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://helloone.accountants.monster:8443/users.jsp
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.43.127.45:8443/activity
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://147.78.47.184:8092/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.35.253.212:1443/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://1.13.17.173:2020/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.100.199.201/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://47.90.247.182/updates.rss
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://120.55.82.147/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://4.194.41.34/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.30.109:7524/match
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://101.132.182.180:5111/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://20.49.255.240/secure.html
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://192.144.220.12:55555/ca
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://36.99.39.121:55443/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://74.235.187.46/async/newtab_ogb
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://www.xss.mba:10328/ga.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://147.139.32.75/g.pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://74.235.187.46/async/newtab_ogb
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://sanjianke.icu/updates
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://43.138.62.36:7001/ptj
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://123.249.101.92/pixel.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://110.41.11.72/__utm.gif
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://147.78.47.183:82/push
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://116.198.11.22/visit.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://rubyonthewal.xyz/g9jjjbnadshz/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://43.129.187.60/_/scs/mail-static/_/js/
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://85.208.109.15:4433/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://161.35.186.154:8080/j.ad
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://45.207.45.188/fwlink
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://121.37.206.148:2083/login.jsp
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://restraining.allstardriving.org
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://185.130.47.127
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://nowordshere.org/bjz1khvv
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://nowordshere.org
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://frenchpies.org
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://213.171.14.82
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://choosetotruck.com
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://188.127.224.145
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://choosetotruck.com/cdn-vs/cache.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://choosetotruck.com/ewmrgqnaww.php?regtime=
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://choosetotruck.com/cache/letter.php?741074
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://boxtechcompany.com
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://188.127.224.160
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://boxtechcompany.com/data.php?12617
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://5.181.156.235
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/alucmon.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/dxwxrelllvk.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/eucjlrz.vdf
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/fmbidfqiew.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/fujgch.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/hreelq.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/ikfnlucrfeq.dat
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/jystkgzqv.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/kzdzejqjq.mp4
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/mpsenzr.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/nmszdiichnu.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/ogzgi.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/pqcdghctwi.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/qfvxqoncr.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/qgkltuqpt.vdf
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/qjwhtxehdqw.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/qwuhtbm.mp4
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/sxkainlspoh.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/wyfeklim.pdf
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/alucmon.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/dxwxrelllvk.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/eucjlrz.vdf
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/fmbidfqiew.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/fujgch.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/hreelq.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/ikfnlucrfeq.dat
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/jystkgzqv.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/kzdzejqjq.mp4
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/mpsenzr.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/nmszdiichnu.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/ogzgi.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/pqcdghctwi.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/qfvxqoncr.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/qgkltuqpt.vdf
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/qjwhtxehdqw.mp3
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/qwuhtbm.mp4
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/sxkainlspoh.wav
zgRAT payload delivery URL (confidence level: 100%)
urlhttp://103.171.0.200/mrcheng/wyfeklim.pdf
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://103.171.0.200/mrcheng/
zgRAT payload delivery URL (confidence level: 100%)
urlhttps://goddirtybrilliancece.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://revivalconflictgrippe.site/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://evokenumberpottruckere.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://111.231.31.198/pixel
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://526775cm.nyashtech.top/eternallinejspacketlowprotectsqldbgeneratorcdn.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://d1railx6y20syj.cloudfront.net/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttps://111.230.119.183/api/x
Cobalt Strike botnet C2 (confidence level: 100%)
urlhttp://045134cm.nyashtech.top/phpjavascriptbasewordpresstempdownloads.php
DCRat botnet C2 (confidence level: 100%)

File

ValueDescriptionCopy
file154.223.17.134
AsyncRAT botnet C2 server (confidence level: 100%)
file165.232.87.210
Rhadamanthys botnet C2 server (confidence level: 100%)
file46.199.193.93
AsyncRAT botnet C2 server (confidence level: 100%)
file79.137.198.170
AMOS botnet C2 server (confidence level: 100%)
file154.204.60.179
Cobalt Strike botnet C2 server (confidence level: 80%)
file47.243.31.155
Unknown malware botnet C2 server (confidence level: 80%)
file46.246.12.15
NjRAT botnet C2 server (confidence level: 100%)
file193.233.254.4
RedLine Stealer botnet C2 server (confidence level: 100%)
file18.228.115.60
NjRAT botnet C2 server (confidence level: 100%)
file18.229.248.167
NjRAT botnet C2 server (confidence level: 100%)
file18.229.146.63
NjRAT botnet C2 server (confidence level: 100%)
file147.185.221.16
NjRAT botnet C2 server (confidence level: 100%)
file38.147.172.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file59.110.9.127
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.223.87.14
Cobalt Strike botnet C2 server (confidence level: 100%)
file108.136.162.32
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.46.69.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.35.199.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.35.199.148
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.106.47.126
Cobalt Strike botnet C2 server (confidence level: 100%)
file61.75.17.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.81.69.69
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.41.50.152
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.134.183.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.134.183.43
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.95.174.47
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.66.111
Cobalt Strike botnet C2 server (confidence level: 100%)
file168.100.9.112
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.56.64.225
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.56.64.225
Cobalt Strike botnet C2 server (confidence level: 100%)
file123.57.164.84
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.199.201
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.102.151.229
Cobalt Strike botnet C2 server (confidence level: 100%)
file62.234.166.174
Cobalt Strike botnet C2 server (confidence level: 100%)
file20.61.4.19
Sliver botnet C2 server (confidence level: 90%)
file122.10.10.115
Unknown malware botnet C2 server (confidence level: 100%)
file107.174.115.223
Unknown malware botnet C2 server (confidence level: 100%)
file66.94.120.244
AsyncRAT botnet C2 server (confidence level: 100%)
file5.161.182.109
AsyncRAT botnet C2 server (confidence level: 100%)
file178.33.203.39
AsyncRAT botnet C2 server (confidence level: 100%)
file51.20.249.187
AsyncRAT botnet C2 server (confidence level: 100%)
file91.109.186.9
AsyncRAT botnet C2 server (confidence level: 100%)
file187.24.64.252
AsyncRAT botnet C2 server (confidence level: 100%)
file74.222.22.109
AsyncRAT botnet C2 server (confidence level: 100%)
file185.172.128.52
AsyncRAT botnet C2 server (confidence level: 100%)
file185.172.128.52
AsyncRAT botnet C2 server (confidence level: 100%)
file54.38.151.131
AsyncRAT botnet C2 server (confidence level: 100%)
file185.250.148.237
AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.34.236
AsyncRAT botnet C2 server (confidence level: 100%)
file45.126.209.4
AsyncRAT botnet C2 server (confidence level: 100%)
file213.195.119.8
AsyncRAT botnet C2 server (confidence level: 100%)
file157.90.21.73
Unknown malware botnet C2 server (confidence level: 100%)
file119.160.235.239
Hook botnet C2 server (confidence level: 100%)
file79.174.13.18
Hook botnet C2 server (confidence level: 100%)
file176.123.168.117
Hook botnet C2 server (confidence level: 100%)
file91.92.255.80
Hook botnet C2 server (confidence level: 100%)
file54.211.212.149
Hook botnet C2 server (confidence level: 100%)
file91.92.240.134
Hook botnet C2 server (confidence level: 100%)
file91.92.249.143
Hook botnet C2 server (confidence level: 100%)
file13.213.38.230
Hook botnet C2 server (confidence level: 100%)
file193.161.193.99
Quasar RAT botnet C2 server (confidence level: 100%)
file172.94.93.15
Havoc botnet C2 server (confidence level: 100%)
file103.42.30.39
Venom RAT botnet C2 server (confidence level: 100%)
file103.42.30.58
Venom RAT botnet C2 server (confidence level: 100%)
file103.42.30.30
Venom RAT botnet C2 server (confidence level: 100%)
file20.6.33.42
Venom RAT botnet C2 server (confidence level: 100%)
file27.74.166.158
Venom RAT botnet C2 server (confidence level: 100%)
file27.74.166.158
Venom RAT botnet C2 server (confidence level: 100%)
file167.88.168.158
Venom RAT botnet C2 server (confidence level: 100%)
file193.233.132.62
RisePro botnet C2 server (confidence level: 100%)
file193.233.132.67
RisePro botnet C2 server (confidence level: 100%)
file193.233.132.61
RisePro botnet C2 server (confidence level: 100%)
file180.141.51.20
Unknown malware botnet C2 server (confidence level: 100%)
file192.248.184.70
Unknown malware botnet C2 server (confidence level: 100%)
file47.96.43.107
Unknown malware botnet C2 server (confidence level: 100%)
file5.42.64.70
Unknown malware botnet C2 server (confidence level: 100%)
file159.65.47.249
Unknown malware botnet C2 server (confidence level: 100%)
file45.139.222.37
Unknown malware botnet C2 server (confidence level: 100%)
file18.158.149.45
Unknown malware botnet C2 server (confidence level: 100%)
file18.158.149.45
Unknown malware botnet C2 server (confidence level: 100%)
file13.209.204.53
Unknown malware botnet C2 server (confidence level: 100%)
file106.52.233.34
Unknown malware botnet C2 server (confidence level: 100%)
file1.12.48.214
Unknown malware botnet C2 server (confidence level: 100%)
file46.151.214.196
Unknown malware botnet C2 server (confidence level: 100%)
file18.222.106.155
Unknown malware botnet C2 server (confidence level: 100%)
file20.230.19.10
Unknown malware botnet C2 server (confidence level: 100%)
file168.62.49.51
Unknown malware botnet C2 server (confidence level: 100%)
file181.237.128.179
Unknown malware botnet C2 server (confidence level: 100%)
file62.171.159.175
Unknown malware botnet C2 server (confidence level: 100%)
file18.195.76.113
Unknown malware botnet C2 server (confidence level: 100%)
file62.113.117.13
Unknown malware botnet C2 server (confidence level: 100%)
file103.106.191.10
Unknown malware botnet C2 server (confidence level: 100%)
file3.218.61.11
Unknown malware botnet C2 server (confidence level: 100%)
file35.210.122.136
Unknown malware botnet C2 server (confidence level: 100%)
file35.210.122.136
Unknown malware botnet C2 server (confidence level: 100%)
file140.82.33.83
Bashlite botnet C2 server (confidence level: 90%)
file2.91.179.245
QakBot botnet C2 server (confidence level: 100%)
file158.220.96.15
AsyncRAT botnet C2 server (confidence level: 100%)
file193.233.254.194
RedLine Stealer botnet C2 server (confidence level: 100%)
file54.250.116.148
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file119.152.6.213
Deimos botnet C2 server (confidence level: 50%)
file185.196.10.126
Havoc botnet C2 server (confidence level: 50%)
file54.154.24.71
Responder botnet C2 server (confidence level: 50%)
file72.27.165.49
QakBot botnet C2 server (confidence level: 50%)
file78.100.236.181
QakBot botnet C2 server (confidence level: 50%)
file8.130.94.202
Cobalt Strike botnet C2 server (confidence level: 100%)
file65.49.210.124
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.82.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.137.178.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file82.97.241.207
FAKEUPDATES payload delivery server (confidence level: 100%)
file185.185.68.48
FAKEUPDATES payload delivery server (confidence level: 100%)
file211.76.170.240
Brute Ratel C4 botnet C2 server (confidence level: 80%)
file124.223.64.88
Cobalt Strike botnet C2 server (confidence level: 80%)
file103.234.72.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.92.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file38.150.3.24
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.115.208.55
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.237.5.20
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.16.255
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.104.28.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.104.28.38
Cobalt Strike botnet C2 server (confidence level: 100%)
file120.27.247.156
Cobalt Strike botnet C2 server (confidence level: 100%)
file60.204.152.185
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.41.50.152
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.71.188.124
ShadowPad botnet C2 server (confidence level: 90%)
file121.37.164.60
ShadowPad botnet C2 server (confidence level: 90%)
file121.37.164.60
ShadowPad botnet C2 server (confidence level: 90%)
file60.204.211.54
ShadowPad botnet C2 server (confidence level: 90%)
file123.60.174.4
ShadowPad botnet C2 server (confidence level: 90%)
file43.142.51.234
Unknown malware botnet C2 server (confidence level: 100%)
file66.94.120.244
AsyncRAT botnet C2 server (confidence level: 100%)
file66.94.120.244
AsyncRAT botnet C2 server (confidence level: 100%)
file91.224.92.176
Hook botnet C2 server (confidence level: 100%)
file149.154.70.118
Hook botnet C2 server (confidence level: 100%)
file104.233.210.104
Hook botnet C2 server (confidence level: 100%)
file119.160.235.251
Hook botnet C2 server (confidence level: 100%)
file154.9.227.45
Quasar RAT botnet C2 server (confidence level: 100%)
file191.82.240.73
Quasar RAT botnet C2 server (confidence level: 100%)
file175.16.147.232
Quasar RAT botnet C2 server (confidence level: 100%)
file103.42.30.42
Venom RAT botnet C2 server (confidence level: 100%)
file103.82.26.41
Venom RAT botnet C2 server (confidence level: 100%)
file34.249.99.131
Unknown malware botnet C2 server (confidence level: 100%)
file147.185.221.17
XWorm botnet C2 server (confidence level: 80%)
file175.178.39.16
Unknown malware botnet C2 server (confidence level: 100%)
file207.2.123.65
Unknown malware botnet C2 server (confidence level: 100%)
file159.75.174.82
Unknown malware botnet C2 server (confidence level: 100%)
file20.83.179.56
Unknown malware botnet C2 server (confidence level: 100%)
file15.229.2.119
Unknown malware botnet C2 server (confidence level: 100%)
file188.164.199.44
Unknown malware botnet C2 server (confidence level: 100%)
file217.165.232.41
QakBot botnet C2 server (confidence level: 100%)
file147.185.221.17
NjRAT botnet C2 server (confidence level: 100%)
file34.154.74.85
Agent Tesla botnet C2 server (confidence level: 100%)
file103.171.0.200
zgRAT payload delivery server (confidence level: 100%)
file103.171.0.200
zgRAT payload delivery server (confidence level: 100%)
file198.23.254.30
Cobalt Strike botnet C2 server (confidence level: 100%)
file147.185.221.17
Revenge RAT botnet C2 server (confidence level: 100%)
file155.94.140.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.120.62.147
Ghost RAT botnet C2 server (confidence level: 100%)
file43.142.183.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.183.159
Cobalt Strike botnet C2 server (confidence level: 100%)
file46.246.6.15
AsyncRAT botnet C2 server (confidence level: 100%)
file45.138.157.57
Cobalt Strike botnet C2 server (confidence level: 80%)
file18.198.77.177
NjRAT botnet C2 server (confidence level: 100%)
file3.121.139.82
NjRAT botnet C2 server (confidence level: 100%)
file3.127.253.86
NjRAT botnet C2 server (confidence level: 100%)
file64.176.66.86
Unknown malware botnet C2 server (confidence level: 50%)
file34.239.255.86
Havoc botnet C2 server (confidence level: 50%)
file31.117.230.129
QakBot botnet C2 server (confidence level: 50%)
file188.173.33.11
QakBot botnet C2 server (confidence level: 50%)
file95.56.104.12
DarkComet botnet C2 server (confidence level: 100%)
file91.92.253.212
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.119.183
Cobalt Strike botnet C2 server (confidence level: 100%)
file141.255.152.155
CyberGate botnet C2 server (confidence level: 100%)
file141.255.152.155
CyberGate botnet C2 server (confidence level: 100%)

Hash

ValueDescriptionCopy
hash5959
AsyncRAT botnet C2 server (confidence level: 100%)
hash5945
Rhadamanthys botnet C2 server (confidence level: 100%)
hash3551
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
AMOS botnet C2 server (confidence level: 100%)
hash88
Cobalt Strike botnet C2 server (confidence level: 80%)
hash8123
Unknown malware botnet C2 server (confidence level: 80%)
hash2054
NjRAT botnet C2 server (confidence level: 100%)
hash13200
RedLine Stealer botnet C2 server (confidence level: 100%)
hash12288
NjRAT botnet C2 server (confidence level: 100%)
hash12288
NjRAT botnet C2 server (confidence level: 100%)
hash12288
NjRAT botnet C2 server (confidence level: 100%)
hash3958
NjRAT botnet C2 server (confidence level: 100%)
hash5557
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash65401
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash59992
Cobalt Strike botnet C2 server (confidence level: 100%)
hash42069
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash60000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2083
Cobalt Strike botnet C2 server (confidence level: 100%)
hash10000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6000
Sliver botnet C2 server (confidence level: 90%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash2424
AsyncRAT botnet C2 server (confidence level: 100%)
hash3004
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash4001
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash81
Hook botnet C2 server (confidence level: 100%)
hash38655
Quasar RAT botnet C2 server (confidence level: 100%)
hash2222
Havoc botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash9099
Venom RAT botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash9999
Venom RAT botnet C2 server (confidence level: 100%)
hash80
Venom RAT botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash8081
RisePro botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash2096
Unknown malware botnet C2 server (confidence level: 100%)
hash4000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash31220
Unknown malware botnet C2 server (confidence level: 100%)
hash31220
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash5555
Unknown malware botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 90%)
hash995
QakBot botnet C2 server (confidence level: 100%)
hash3320
AsyncRAT botnet C2 server (confidence level: 100%)
hash11584
RedLine Stealer botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash443
Deimos botnet C2 server (confidence level: 50%)
hash8443
Havoc botnet C2 server (confidence level: 50%)
hash445
Responder botnet C2 server (confidence level: 50%)
hash443
QakBot botnet C2 server (confidence level: 50%)
hash995
QakBot botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash443
Brute Ratel C4 botnet C2 server (confidence level: 80%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 80%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4567
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8001
ShadowPad botnet C2 server (confidence level: 90%)
hash8001
ShadowPad botnet C2 server (confidence level: 90%)
hash8003
ShadowPad botnet C2 server (confidence level: 90%)
hash8001
ShadowPad botnet C2 server (confidence level: 90%)
hash8001
ShadowPad botnet C2 server (confidence level: 90%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash6774
Quasar RAT botnet C2 server (confidence level: 100%)
hash2000
Quasar RAT botnet C2 server (confidence level: 100%)
hash8089
Quasar RAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash4447
Venom RAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash36499
XWorm botnet C2 server (confidence level: 80%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash58297
NjRAT botnet C2 server (confidence level: 100%)
hash587
Agent Tesla botnet C2 server (confidence level: 100%)
hash80
zgRAT payload delivery server (confidence level: 100%)
hash443
zgRAT payload delivery server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9561
Revenge RAT botnet C2 server (confidence level: 100%)
hash4493
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6666
Ghost RAT botnet C2 server (confidence level: 100%)
hash8445
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 80%)
hash13739
NjRAT botnet C2 server (confidence level: 100%)
hash13739
NjRAT botnet C2 server (confidence level: 100%)
hash13739
NjRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash80
Havoc botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 50%)
hash993
QakBot botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
CyberGate botnet C2 server (confidence level: 100%)
hash2222
CyberGate botnet C2 server (confidence level: 100%)

Domain

ValueDescriptionCopy
domainruspyc.top
Unknown malware botnet C2 domain (confidence level: 100%)
domainmyhostfrfr0.ddns.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainpichadex.ddns.net
DarkComet botnet C2 domain (confidence level: 100%)
domaingjfourt14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domaingjnein9vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domaingjseven7vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfeight8sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfeight8vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffive5ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffive5vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffourt14sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffourt14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfleven11sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfleven11sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfleven11vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfone1ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfone1pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfseven7sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfsix6ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfsix6sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqften10sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqften10sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqften10vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthirteen13sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthre3ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthre3sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgeit8ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgfourt14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgfourt14pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgfourt14sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgleven11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgleven11pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgnein9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgnein9pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgnein9sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgseven7vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgsix6vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgten10ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgten10pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgthre3pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgthre3vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgtwo2vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqtfive5pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqttwo2pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainemv1.qffive5ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainemv1.qften10sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffourt14sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgeiht8sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgleven11sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqgten10sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainbitrix.avtokuba.ru
Hook botnet C2 domain (confidence level: 100%)
domainapi-encar.nibiru.pro
Hook botnet C2 domain (confidence level: 100%)
domainmebadboy.fvds.ru
Hook botnet C2 domain (confidence level: 100%)
domainreksiaeksinov1.fvds.ru
Hook botnet C2 domain (confidence level: 100%)
domainsicher-online.net
Havoc botnet C2 domain (confidence level: 100%)
domainproxy-apps.com
Havoc botnet C2 domain (confidence level: 100%)
domain159-223-92-16.digitaloceandns.com
Havoc botnet C2 domain (confidence level: 100%)
domaingit.cy-security.de
Havoc botnet C2 domain (confidence level: 100%)
domainoxyphyllous.20402177.xyz
Havoc botnet C2 domain (confidence level: 100%)
domain85.192.63.57.sslip.io
Meduza Stealer botnet C2 domain (confidence level: 100%)
domain79.137.194.188.sslip.io
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainwww.elated-black.45-141-215-173.plesk.page
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainfbadearnings.com
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainams-k-node1.vleo.ru
Meduza Stealer botnet C2 domain (confidence level: 100%)
domainec2-54-210-248-214.compute-1.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainec2-3-217-28-109.compute-1.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainec2-3-235-217-21.compute-1.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainmail.payandhay.online
Unknown malware botnet C2 domain (confidence level: 100%)
domainstats.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domaincontent.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainomns.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainfc.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainapis.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainm.customerportalverify.store
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.seismicsisterhood.org
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.peninsula3.com
SpyNote botnet C2 domain (confidence level: 100%)
domainwww.europapokal2024.com
SpyNote botnet C2 domain (confidence level: 100%)
domainwww.1280678.com
SpyNote botnet C2 domain (confidence level: 100%)
domainrecruitment61.com
SpyNote botnet C2 domain (confidence level: 100%)
domainwww.736626.com
SpyNote botnet C2 domain (confidence level: 100%)
domaincrazy-hugle.185-196-8-89.plesk.page
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainmidlifeprogrammer.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaingallant-booth.185-196-8-89.plesk.page
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain185-196-8-89.plesk.page
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainns1.conectmeto.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainonline.microsoftoffice.cyou
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainfk.n0reply.eu.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaintest.wiiooiij.tk
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.goodljlagfhssss.live
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincheck.cloudupdateserver.cloudns.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainservice-rbr85ft5-1259685312.cd.apigw.tencentcs.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaind20tk7ygz8ugsj.cloudfront.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainsuccess.165gov.cyou
Cobalt Strike botnet C2 domain (confidence level: 100%)
domain3se9ewodke339f0e83.connectivitytests.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainworkday.us.org
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainlocall.miragov.info
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainseruvadessigen.3utilities.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaincloudwebhub.pro
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainnowordshere.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainhkbau02.online
CryptBot botnet C2 domain (confidence level: 100%)
domainhkblk02.online
CryptBot botnet C2 domain (confidence level: 100%)
domainhkbmix02.online
CryptBot botnet C2 domain (confidence level: 100%)
domainhkbmy02.online
CryptBot botnet C2 domain (confidence level: 100%)
domainhkbpl02.online
CryptBot botnet C2 domain (confidence level: 100%)
domainkykudat.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqd10ten.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdeight8vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfive5ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfive5pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfive5sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfive5vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfour4ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfour4pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfour4sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfour4vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfourt14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfourt14pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfourt14sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdfourt14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdnein9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdnein9pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdnein9sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdnein9sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdnein9vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdone1ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdone1pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdone1sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdone1sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdone1vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdseven7ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdseven7pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdseven7sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdseven7sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdseven7vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdsix6vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdsix6vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdten10sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdten10vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthirteen13ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthirteen13pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthirteen13sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthirteen13vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthre3ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthre3pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthre3sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthre3sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdthre3vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdtwo2sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdtwo2sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdtwo2vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqdtwo2vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfeight8pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffive5sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffive5vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffourt14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffourt14pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqffourt14vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfleven11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfleven11pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfleven11vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfnein9vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfone1pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfone1sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfone1vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfseven7ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfseven7pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfseven7pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfseven7sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfseven7vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfsix6sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfsix6vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqften10ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqften10pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqften10vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthirteen13ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthirteen13pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthirteen13vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthre3pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthre3pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthre3sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqfthre3vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqftwo2sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqftwo2vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqleven11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqleven11pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqleven11sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqleven11vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqstwo2pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domain3ddesign.3utilities.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainqleven11sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqleven11vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqleven11pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqififteen15pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqififteen15vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqifive5ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqifive5pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqifive5vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqifourt14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqifourt14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqileven11vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqinein9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqinein9vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqisix6ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqisix6vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqiten10ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqiten10vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqithirt13vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqitvelv12ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqitvelv12vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofifteen15ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofifteen15pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofifteen15sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofifteen15vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofive5ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofive5pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofive5pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofive5sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofive5sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofive5vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofourt14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofourt14pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofourt14pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofourt14sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofourt14sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqofourt14vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoleven11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoleven11pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoleven11pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoleven11sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoleven11sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoleven11vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqonein9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqonein9pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqonein9pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqonein9sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqonein9sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqonein9vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqosix6ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqosix6pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqosix6pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqosix6sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqosix6sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqosix6vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoten10ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoten10pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoten10pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoten10sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoten10sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqoten10vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqothirt13ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqothirt13pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqothirt13pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqothirt13sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqothirt13sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqothirt13vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqotvelv12ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqotvelv12pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqotvelv12pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqotvelv12sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqotvelv12sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqotvelv12vt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpfourt14ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpfourt14sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpleven11ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpleven11sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpleven11sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpnein9ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpnein9pt.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqpnein9sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqptvelv12ht.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqptvelv12sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainqptwo2sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalehej54.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalehmv64.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalejcw73.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalekah57.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalenep53.top
CryptBot botnet C2 domain (confidence level: 100%)
domainaleqxd56.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalevfe67.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalexfy76.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalezop66.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalezqi75.top
CryptBot botnet C2 domain (confidence level: 100%)
domainaleeyd31.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalefuk34.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalelof36.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalenjf44.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalensr26.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalepvb33.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalerhb46.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalesxu45.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalevju41.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalezjy47.top
CryptBot botnet C2 domain (confidence level: 100%)
domainalezno43.top
CryptBot botnet C2 domain (confidence level: 100%)
domainget.specialcraftbox.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainservice.specialcraftbox.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainsoft.specialcraftbox.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainesdm-internal.com
Havoc botnet C2 domain (confidence level: 100%)
domainec2-52-5-62-203.compute-1.amazonaws.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.m18888.com
SpyNote botnet C2 domain (confidence level: 100%)
domainwww.tpowe2.com
SpyNote botnet C2 domain (confidence level: 100%)
domain0.whitelinetosplit.com
Unknown malware botnet C2 domain (confidence level: 100%)
domain2.whitelinetosplit.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainfrom.whitelinetosplit.com
Unknown malware botnet C2 domain (confidence level: 100%)
domaingoto.whitelinetosplit.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainmss.supportflash.pics
Cobalt Strike botnet C2 domain (confidence level: 100%)
domaind1railx6y20syj.cloudfront.net
Cobalt Strike botnet C2 domain (confidence level: 100%)

Threat ID: 682c7ab8e3e6de8ceb73e8a3

Added to database: 5/20/2025, 12:51:04 PM

Last enriched: 6/19/2025, 2:03:18 PM

Last updated: 8/11/2025, 10:39:39 PM

Views: 18

Related Threats

ThreatFox IOCs for 2025-08-12

Medium
MalwareWed Aug 13 2025

Challenge for human and AI reverse engineers

Medium
MalwareTue Aug 12 2025

A New Threat Actor Targeting Geopolitical Hotbeds

Medium
MalwareTue Aug 12 2025

New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

Medium
MalwareTue Aug 12 2025

Russian-Linked Curly COMrades Deploy New MucorAgent Malware in Europe

Medium
MalwareTue Aug 12 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats