ThreatFox IOCs for 2024-11-02
ThreatFox IOCs for 2024-11-02
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-11-02 via ThreatFox, a platform that aggregates threat intelligence data. However, the details are minimal, with no specific affected software versions, no technical details about the nature of the threat, no Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat is tagged as OSINT (Open Source Intelligence) and assigned a medium severity level by the source, with a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3). The absence of indicators and technical specifics suggests this is a preliminary or generic IOC release without concrete actionable threat details. Without concrete exploit details, attack vectors, or affected systems, it is difficult to provide a precise technical explanation. Generally, IOCs are used to detect or prevent malicious activity by identifying artifacts left by attackers, such as IP addresses, domain names, file hashes, or URLs. The lack of such indicators here limits the ability to assess the threat technically.
Potential Impact
Given the lack of detailed information about the threat, affected systems, or exploitation methods, the potential impact on European organizations is currently unclear and likely limited. If these IOCs were to be integrated into security monitoring tools, they could help detect early signs of malicious activity, but without knowing the nature of the threat or targeted systems, the direct impact remains speculative. European organizations that rely heavily on threat intelligence feeds and automated detection systems might benefit from incorporating these IOCs once more details become available. However, at this stage, the threat does not appear to pose an immediate or significant risk to confidentiality, integrity, or availability.
Mitigation Recommendations
Organizations should maintain robust threat intelligence ingestion processes to incorporate new IOCs from trusted sources like ThreatFox promptly. Given the absence of specific affected products or vulnerabilities, the best mitigation is to ensure that security monitoring tools (SIEM, IDS/IPS, endpoint protection) are updated to recognize and alert on these IOCs once they are published in detail. Additionally, organizations should continue to follow standard cybersecurity best practices such as network segmentation, least privilege access, regular patching, and user awareness training to reduce overall risk exposure. Monitoring official threat intelligence channels for updates related to these IOCs is recommended to adapt defenses as more information becomes available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- ip-dst|port: 39.100.100.54|8443
- ip-dst|port: 124.70.141.78|80
- ip-dst|port: 82.115.223.88|80
- ip-dst|port: 88.209.248.69|6606
- ip-dst|port: 192.3.95.164|8000
- ip-dst|port: 192.3.95.164|8090
- ip-dst|port: 161.35.88.226|7443
- ip-dst|port: 217.107.219.171|80
- ip-dst|port: 45.149.241.241|8089
- ip-dst|port: 45.149.241.241|50555
- url: https://mundiprep.com/work/index.php
- domain: mundiprep.com
- ip-dst|port: 1.94.6.24|4444
- domain: loader.ssag00v-0ffical.com
- domain: teebro1800.dynamic-dns.net
- ip-dst|port: 179.13.10.157|8088
- ip-dst|port: 185.157.162.126|1991
- ip-dst|port: 61.216.37.4|2404
- ip-dst|port: 18.202.226.109|443
- ip-dst|port: 92.255.57.31|15647
- ip-dst|port: 4.240.117.185|7443
- domain: mx5.deitie.asia
- ip-dst|port: 3.136.231.230|443
- ip-dst|port: 171.43.196.20|8088
- ip-dst|port: 83.136.254.53|8000
- ip-dst|port: 123.60.81.51|80
- ip-dst|port: 39.100.108.3|80
- ip-dst|port: 38.180.94.234|1234
- ip-dst|port: 31.13.224.12|61512
- ip-dst|port: 31.13.224.13|61513
- ip-dst|port: 43.135.183.120|443
- ip-dst|port: 140.143.142.93|8888
- ip-dst|port: 39.100.100.54|443
- ip-dst|port: 185.208.156.248|2404
- domain: orchestratb.cyou
- ip-dst|port: 161.35.88.226|443
- domain: www.izoa.netsons.org
- domain: releases.gotraffic.fr
- ip-dst|port: 154.216.19.64|3778
- ip-dst|port: 51.75.171.9|5151
- ip-dst|port: 2.57.149.133|1912
- ip-dst|port: 4.228.228.120|7000
- ip-dst|port: 45.130.145.59|4404
- ip-dst|port: 51.20.118.144|69
- ip-dst|port: 94.46.207.10|1177
- ip-dst|port: 159.223.206.14|7000
- ip-dst|port: 178.215.224.96|7886
- ip-dst|port: 185.84.161.76|7000
- ip-dst|port: 159.223.206.14|80
- ip-dst|port: 159.223.206.14|443
- ip-dst|port: 107.149.212.147|4449
- ip-dst|port: 108.228.0.61|39506
- domain: ninjo19ht.top
- domain: onejo1ht.top
- domain: sevjoi17ht.top
- domain: sixjo16ht.top
- domain: eightjo18ht.top
- domain: fivejp5ht.top
- domain: neinjp9ht.top
- domain: sivjp6ht.top
- domain: tenjp10ht.top
- domain: twojo2ht.top
- ip-dst|port: 124.221.127.90|9876
- ip-dst|port: 202.131.82.180|80
- ip-dst|port: 45.14.226.152|443
- ip-dst|port: 103.97.178.234|80
- ip-dst|port: 38.207.185.207|80
- ip-dst|port: 154.12.19.25|80
- ip-dst|port: 39.101.162.36|8888
- ip-dst|port: 101.200.56.205|80
- ip-dst|port: 45.61.137.234|443
- ip-dst|port: 183.128.141.238|5005
- ip-dst|port: 154.12.253.45|8088
- ip-dst|port: 92.255.57.33|15647
- ip-dst|port: 46.101.85.96|80
- ip-dst|port: 45.40.96.97|1018
- ip-dst|port: 45.40.96.97|2019
- ip-dst|port: 45.40.96.97|2020
- ip-dst|port: 45.40.96.97|2021
- ip-dst|port: 45.40.96.97|2900
- ip-dst|port: 45.40.96.97|3313
- ip-dst|port: 45.40.96.97|3314
- ip-dst|port: 45.40.96.97|5155
- ip-dst|port: 45.40.96.97|5505
- ip-dst|port: 45.40.96.97|6606
- ip-dst|port: 45.40.96.97|6666
- ip-dst|port: 45.40.96.97|7707
- ip-dst|port: 45.40.96.97|8808
- ip-dst|port: 45.40.96.97|9442
- ip-dst|port: 45.40.96.97|9443
- ip-dst|port: 45.40.96.97|9999
- ip-dst|port: 45.14.226.152|80
- ip-dst|port: 8.138.18.181|80
- ip-dst|port: 139.196.26.120|48584
- ip-dst|port: 128.90.129.125|9999
- ip-dst|port: 102.117.160.175|7443
- ip-dst|port: 223.155.16.205|23333
- ip-dst|port: 223.155.16.206|23333
- ip-dst|port: 45.10.243.34|1999
- ip-dst|port: 128.90.129.125|9442
- ip-dst|port: 185.215.113.64|443
- ip-dst|port: 3.128.254.91|5050
- url: http://62.204.41.163/c882d91d1df1bdb3.php
- ip-dst|port: 66.63.169.17|1979
- url: http://95.215.207.167/076106d399a0a4a4.php
- url: http://k83398f9.beget.tech/l1nc0in.php
- ip-dst|port: 39.106.152.236|11443
- url: http://147.45.45.201/pipesql/provider/eternalvoiddb/wordpress6/uploads67/6windows/linepipejavascriptgeobasedatalifewppubliccdn.php
- ip-dst|port: 4.154.103.4|54321
- ip-dst|port: 147.185.221.23|37212
- url: http://cm45075.tw1.ru/603c38ec.php
- ip-dst|port: 109.172.94.66|15666
- url: http://109.120.176.203/api/crazyfish.php
- url: http://194.135.20.4/8/traffic/dumpprivatewp2/bigload8/downloadsgame/temporarymulti6/wplinux/line1/3packetbase/downloadsapipublicto/3tempcdnpublic/private8towp/58cpuasync/26api/javascriptjs/javascript/default/eternalimageprovider/eternaltopollpacketlowapiprotecttrafficwordpress.php
- ip-dst|port: 54.234.69.32|333
- ip-dst|port: 52.70.134.237|5222
- ip-dst|port: 128.90.129.125|5505
- ip-dst|port: 128.90.129.125|3314
- ip-dst|port: 128.90.129.125|8808
- ip-dst|port: 128.90.129.125|6666
- ip-dst|port: 103.186.117.76|7707
- url: http://39.106.152.236:11443/load
- ip-dst|port: 103.186.117.76|6606
- ip-dst|port: 103.186.117.76|8808
- ip-dst|port: 103.187.117.76|5584
- ip-dst|port: 154.216.18.171|5584
- url: http://95.215.207.66/f4e83cc9bf3bad72.php
- domain: tcfor4pn.top
- url: http://36.48.28.57:44338/mozi.m
- url: http://withcwallet.com/l1nc0in.php
- ip-dst|port: 212.162.149.72|27667
- ip-dst|port: 47.96.12.53|80
- ip-dst|port: 147.182.171.187|443
- ip-dst|port: 23.239.28.166|443
- ip-dst|port: 8.220.195.135|443
- ip-dst|port: 64.225.60.194|7443
- ip-dst|port: 67.207.86.159|7443
- ip-dst|port: 45.149.241.113|80
- ip-dst|port: 20.163.30.93|22
- ip-dst|port: 157.66.197.221|8082
- ip-dst|port: 212.162.149.73|27667
- ip-dst|port: 154.216.20.57|3434
- domain: eightjp8vs.top
ThreatFox IOCs for 2024-11-02
Description
ThreatFox IOCs for 2024-11-02
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2024-11-02 via ThreatFox, a platform that aggregates threat intelligence data. However, the details are minimal, with no specific affected software versions, no technical details about the nature of the threat, no Common Weakness Enumerations (CWEs), and no known exploits in the wild. The threat is tagged as OSINT (Open Source Intelligence) and assigned a medium severity level by the source, with a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3). The absence of indicators and technical specifics suggests this is a preliminary or generic IOC release without concrete actionable threat details. Without concrete exploit details, attack vectors, or affected systems, it is difficult to provide a precise technical explanation. Generally, IOCs are used to detect or prevent malicious activity by identifying artifacts left by attackers, such as IP addresses, domain names, file hashes, or URLs. The lack of such indicators here limits the ability to assess the threat technically.
Potential Impact
Given the lack of detailed information about the threat, affected systems, or exploitation methods, the potential impact on European organizations is currently unclear and likely limited. If these IOCs were to be integrated into security monitoring tools, they could help detect early signs of malicious activity, but without knowing the nature of the threat or targeted systems, the direct impact remains speculative. European organizations that rely heavily on threat intelligence feeds and automated detection systems might benefit from incorporating these IOCs once more details become available. However, at this stage, the threat does not appear to pose an immediate or significant risk to confidentiality, integrity, or availability.
Mitigation Recommendations
Organizations should maintain robust threat intelligence ingestion processes to incorporate new IOCs from trusted sources like ThreatFox promptly. Given the absence of specific affected products or vulnerabilities, the best mitigation is to ensure that security monitoring tools (SIEM, IDS/IPS, endpoint protection) are updated to recognize and alert on these IOCs once they are published in detail. Additionally, organizations should continue to follow standard cybersecurity best practices such as network segmentation, least privilege access, regular patching, and user awareness training to reduce overall risk exposure. Monitoring official threat intelligence channels for updates related to these IOCs is recommended to adapt defenses as more information becomes available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
Indicators of Compromise
Ip dst|port
| Value | Description | Copy |
|---|---|---|
ip-dst|port39.100.100.54|8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port124.70.141.78|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port82.115.223.88|80 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port88.209.248.69|6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port192.3.95.164|8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port192.3.95.164|8090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port161.35.88.226|7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port217.107.219.171|80 | Hook botnet C2 server (confidence level: 100%) | |
ip-dst|port45.149.241.241|8089 | Hook botnet C2 server (confidence level: 100%) | |
ip-dst|port45.149.241.241|50555 | Hook botnet C2 server (confidence level: 100%) | |
ip-dst|port1.94.6.24|4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port179.13.10.157|8088 | Remcos botnet C2 server (confidence level: 100%) | |
ip-dst|port185.157.162.126|1991 | Remcos botnet C2 server (confidence level: 100%) | |
ip-dst|port61.216.37.4|2404 | Remcos botnet C2 server (confidence level: 100%) | |
ip-dst|port18.202.226.109|443 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port92.255.57.31|15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port4.240.117.185|7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port3.136.231.230|443 | Havoc botnet C2 server (confidence level: 100%) | |
ip-dst|port171.43.196.20|8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port83.136.254.53|8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
ip-dst|port123.60.81.51|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port39.100.108.3|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port38.180.94.234|1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port31.13.224.12|61512 | Quasar RAT botnet C2 server (confidence level: 75%) | |
ip-dst|port31.13.224.13|61513 | Quasar RAT botnet C2 server (confidence level: 75%) | |
ip-dst|port43.135.183.120|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port140.143.142.93|8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port39.100.100.54|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port185.208.156.248|2404 | Remcos botnet C2 server (confidence level: 100%) | |
ip-dst|port161.35.88.226|443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port154.216.19.64|3778 | Mirai botnet C2 server (confidence level: 75%) | |
ip-dst|port51.75.171.9|5151 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
ip-dst|port2.57.149.133|1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port4.228.228.120|7000 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port45.130.145.59|4404 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port51.20.118.144|69 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port94.46.207.10|1177 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port159.223.206.14|7000 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port178.215.224.96|7886 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port185.84.161.76|7000 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port159.223.206.14|80 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port159.223.206.14|443 | XWorm botnet C2 server (confidence level: 100%) | |
ip-dst|port107.149.212.147|4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port108.228.0.61|39506 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port124.221.127.90|9876 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port202.131.82.180|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port45.14.226.152|443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port103.97.178.234|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port38.207.185.207|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port154.12.19.25|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port39.101.162.36|8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port101.200.56.205|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port45.61.137.234|443 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port183.128.141.238|5005 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port154.12.253.45|8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port92.255.57.33|15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port46.101.85.96|80 | Havoc botnet C2 server (confidence level: 100%) | |
ip-dst|port45.40.96.97|1018 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|2019 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|2020 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|2021 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|2900 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|3313 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|3314 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|5155 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|5505 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|6666 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|9442 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|9443 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.40.96.97|9999 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port45.14.226.152|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port8.138.18.181|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port139.196.26.120|48584 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port128.90.129.125|9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port102.117.160.175|7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port223.155.16.205|23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port223.155.16.206|23333 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port45.10.243.34|1999 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port128.90.129.125|9442 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port185.215.113.64|443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port3.128.254.91|5050 | NjRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port66.63.169.17|1979 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port39.106.152.236|11443 | Meterpreter botnet C2 server (confidence level: 100%) | |
ip-dst|port4.154.103.4|54321 | Meterpreter botnet C2 server (confidence level: 100%) | |
ip-dst|port147.185.221.23|37212 | NjRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port109.172.94.66|15666 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port54.234.69.32|333 | Revenge RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port52.70.134.237|5222 | Revenge RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port128.90.129.125|5505 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port128.90.129.125|3314 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port128.90.129.125|8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port128.90.129.125|6666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port103.186.117.76|7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
ip-dst|port103.186.117.76|6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port103.186.117.76|8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
ip-dst|port103.187.117.76|5584 | Remcos botnet C2 server (confidence level: 75%) | |
ip-dst|port154.216.18.171|5584 | Remcos botnet C2 server (confidence level: 75%) | |
ip-dst|port212.162.149.72|27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port47.96.12.53|80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
ip-dst|port147.182.171.187|443 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port23.239.28.166|443 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port8.220.195.135|443 | Sliver botnet C2 server (confidence level: 100%) | |
ip-dst|port64.225.60.194|7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port67.207.86.159|7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
ip-dst|port45.149.241.113|80 | Hook botnet C2 server (confidence level: 100%) | |
ip-dst|port20.163.30.93|22 | Quasar RAT botnet C2 server (confidence level: 100%) | |
ip-dst|port157.66.197.221|8082 | ERMAC botnet C2 server (confidence level: 100%) | |
ip-dst|port212.162.149.73|27667 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
ip-dst|port154.216.20.57|3434 | Hook botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://mundiprep.com/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://62.204.41.163/c882d91d1df1bdb3.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://95.215.207.167/076106d399a0a4a4.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://k83398f9.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://147.45.45.201/pipesql/provider/eternalvoiddb/wordpress6/uploads67/6windows/linepipejavascriptgeobasedatalifewppubliccdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cm45075.tw1.ru/603c38ec.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://109.120.176.203/api/crazyfish.php | PrivateLoader botnet C2 (confidence level: 100%) | |
urlhttp://194.135.20.4/8/traffic/dumpprivatewp2/bigload8/downloadsgame/temporarymulti6/wplinux/line1/3packetbase/downloadsapipublicto/3tempcdnpublic/private8towp/58cpuasync/26api/javascriptjs/javascript/default/eternalimageprovider/eternaltopollpacketlowapiprotecttrafficwordpress.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://39.106.152.236:11443/load | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://95.215.207.66/f4e83cc9bf3bad72.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://36.48.28.57:44338/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://withcwallet.com/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainmundiprep.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainloader.ssag00v-0ffical.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainteebro1800.dynamic-dns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainmx5.deitie.asia | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainorchestratb.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.izoa.netsons.org | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainreleases.gotraffic.fr | MimiKatz botnet C2 domain (confidence level: 100%) | |
domainninjo19ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonejo1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsevjoi17ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixjo16ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjo18ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivejp5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinjp9ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsivjp6ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenjp10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwojo2ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintcfor4pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjp8vs.top | CryptBot botnet C2 domain (confidence level: 100%) |
Threat ID: 6828eab9e1a0c275ea6e2d91
Added to database: 5/17/2025, 7:59:53 PM
Last enriched: 7/3/2025, 6:55:50 AM
Last updated: 8/10/2025, 11:06:12 PM
Views: 8
Related Threats
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.