ThreatFox IOCs for 2025-01-04
Severity: mediumType: malware
ThreatFox IOCs for 2025-01-04
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) related to a malware threat cataloged under the title 'ThreatFox IOCs for 2025-01-04.' ThreatFox is a known open-source threat intelligence sharing platform that aggregates and disseminates threat data, including malware signatures and behavioral indicators. The threat is classified as malware with a medium severity level, but no specific affected software versions or products are identified beyond a generic 'osint' product type, indicating that the data is primarily related to open-source intelligence rather than a specific software vulnerability or exploit. The technical details indicate a low to moderate threat level (threatLevel: 2 on an unspecified scale), with some analysis and distribution metrics provided, but no known exploits in the wild have been reported. The absence of concrete CWEs, patch links, or detailed technical indicators suggests that this is a preliminary or generalized intelligence update rather than a detailed vulnerability report. The threat is tagged with 'type:osint' and 'tlp:white,' indicating that the information is intended for unrestricted sharing and is derived from open-source intelligence. The lack of indicators and affected versions limits the ability to pinpoint exact attack vectors or malware behavior, but the presence of IOCs implies that this intelligence could be used to detect or prevent malware infections if integrated into security monitoring systems.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the general nature of the IOCs. However, the dissemination of these IOCs can enhance detection capabilities against emerging malware campaigns if integrated into security operations centers (SOCs) and threat hunting activities. The medium severity rating suggests that while the threat is not immediately critical, it could potentially be leveraged in targeted attacks or as part of broader malware campaigns affecting confidentiality, integrity, or availability if exploited. European organizations relying heavily on open-source intelligence tools or sharing platforms may find value in these IOCs for early warning and proactive defense. The lack of specific affected products or versions means the threat is more about awareness and preparedness than immediate remediation. Nevertheless, organizations in sectors with high exposure to malware, such as finance, critical infrastructure, and government, should remain vigilant as threat actors often use OSINT-derived data to craft sophisticated attacks.
Mitigation Recommendations
Given the nature of the threat as a set of IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into existing intrusion detection and prevention systems (IDS/IPS), endpoint detection and response (EDR) tools, and security information and event management (SIEM) platforms to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential infections or suspicious activities early. 3) Maintain up-to-date threat intelligence feeds and ensure that security teams are trained to interpret and act on OSINT-derived data. 4) Implement network segmentation and strict access controls to limit malware propagation if an infection occurs. 5) Encourage information sharing within industry-specific ISACs (Information Sharing and Analysis Centers) to contextualize these IOCs with sector-specific threats. 6) Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, user awareness training, and robust backup strategies to mitigate potential impacts from malware infections.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- hash: 5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18
- file: 89.169.4.44
- hash: 47925
- domain: seyfhg.work.gd
- domain: hangindgheu.click
- url: https://check.qlkwr.com/awjsx.captcha
- url: https://klipdalygeo.shop/ginni.mp4
- domain: tirepublicerj.shop
- domain: cloudewahsj.shop
- domain: noisycuttej.shop
- domain: wholersorie.shop
- domain: framekgirus.shop
- domain: rabidcowse.shop
- domain: nearycrepso.shop
- domain: grubbytellek.click
- domain: abruptyopsn.shop
- url: http://190.128.153.54:64700/.i
- url: http://190.109.178.139:24931/4
- url: http://79.119.55.204:1911/.i
- url: http://186.33.113.75:3689/.i
- url: http://94.137.31.250:8993/.i
- url: http://103.50.7.126:3689/.i
- url: http://91.200.115.75:2086/.i
- url: http://188.114.68.131:3000/.i
- url: http://196.202.194.133:63946/.i
- url: http://186.33.110.239:2121/.i
- url: http://186.33.117.22:8545/.i
- url: http://105.213.84.53:4444/.i
- url: http://89.215.188.163:41800/.i
- url: http://95.154.70.215:1314/.i
- url: http://46.246.164.241:9765/.i
- url: http://177.23.93.50:9306/.i
- url: http://95.105.41.79:50100/.i
- url: http://186.33.113.195:8801/.i
- url: http://185.226.17.104:4782/.i
- url: http://186.33.110.83:60001/.i
- url: http://77.76.80.223:3000/.i
- url: http://87.4.241.105:5005/.i
- url: http://130.204.214.199:5560/.i
- url: http://160.155.16.204:5446/.i
- url: http://79.34.21.17:46528/
- url: http://179.12.51.141:38553/
- url: http://103.237.174.238:7001
- url: http://103.84.37.101:19439
- url: http://112.78.42.90:29620
- url: http://154.126.178.16:30629
- url: http://85.72.39.196:39497/.i
- url: http://43.230.158.100:42063/i
- url: http://202.131.244.202:30068/i
- url: http://202.191.123.196:27033/i
- url: http://46.20.63.220:54770/i
- url: http://190.205.35.203:44238/i
- url: http://36.64.23.219:16021/i
- url: http://5.188.145.60:58103/i
- url: http://91.192.153.73:53020/i
- url: http://88.135.140.194:58387/i
- url: http://182.253.60.197:46757/i
- url: http://89.28.58.97:37382/i
- url: http://180.92.233.78:25155/i
- url: http://203.176.137.54:39516/i
- url: http://146.66.164.51:59592/i
- url: http://79.127.76.34:51525/i
- url: http://210.4.69.226:44803/i
- url: http://77.40.49.162:16097/i
- url: http://201.234.151.229:47684/i
- url: http://121.101.130.14:49784/i
- url: http://213.6.74.138:39286/i
- url: http://83.1.241.6:62288/i
- url: http://195.218.152.38:7093/i
- url: http://217.171.55.168:10055/i
- url: http://89.40.54.142:44298/i
- url: http://182.93.84.57:63686/i
- url: http://212.237.112.109:54692/i
- url: http://91.92.82.180:17789/i
- url: http://103.93.176.116:51065/i
- url: http://190.186.115.41:54059/i
- url: http://115.188.121.248:4062/i
- url: http://130.0.219.207:27096/i
- url: http://103.43.7.93:7601/i
- url: http://109.69.79.44:55952/i
- url: http://200.255.164.35:64406/i
- url: http://190.52.34.253:40486/i
- url: http://83.239.105.190:63796/i
- url: http://36.95.35.49:40708/i
- url: http://185.131.240.71:52561/i
- url: http://195.211.197.30:10994/i
- url: http://93.175.223.140:5544/i
- url: http://213.221.36.18:7124/i
- url: http://116.58.39.59:13057/i
- url: http://202.5.52.110:37085/bin.sh
- url: http://202.5.52.110:37085/i
- url: http://195.218.152.38:7093/bin.sh
- url: http://146.196.97.231:19590/i
- url: http://185.19.119.228:50266/i
- url: http://177.220.157.134:20907/i
- url: http://213.184.249.83:56304/i
- url: http://92.38.45.132:51519/i
- url: http://177.131.121.199:12006/i
- url: http://186.4.222.76:19066/i
- url: http://187.95.124.125:58300/i
- url: http://193.189.188.129:40630/i
- url: http://181.10.211.18:2617/i
- url: http://163.53.205.56:32999/i
- url: http://202.148.18.218:30944/i
- url: http://185.29.162.101:3788/i
- url: http://188.0.251.2:52872/i
- url: http://201.245.165.67:16287/i
- url: http://77.49.193.166:20000/i
- url: http://185.43.228.126:2473/i
- url: http://195.162.70.5:2060/i
- url: http://77.91.137.168:13945/i
- url: http://185.114.137.114:23308/i
- url: http://178.34.182.186:34662/i
- url: http://186.211.153.18:42419/i
- url: http://202.59.90.106:62207/i
- url: http://200.69.219.25:6584/i
- url: http://202.166.220.109:59928/i
- url: http://190.246.165.66:1145/i
- url: http://195.162.70.105:34207/i
- url: http://188.191.16.250:14894/i
- url: http://200.116.1.90:25508/i
- url: http://203.150.128.89:17524/i
- url: http://194.183.186.164:50835/i
- url: http://178.222.134.59:15713/i
- url: http://197.155.64.126:47085/i
- url: http://193.95.254.50:40630/i
- url: http://202.148.20.138:24291/i
- url: http://178.212.51.54:9195/i
- url: http://178.19.183.14:6116/i
- url: http://87.14.24.141:17949/i
- url: http://146.196.120.194:45995/i
- url: http://103.69.89.229:21502/.i
- url: http://195.98.68.52:41604/.i
- url: http://188.175.134.62:4496/.i
- url: http://103.203.92.41:7120/.i
- url: http://94.43.59.154:30924/.i
- url: http://84.43.49.111:1194/.i
- url: http://62.152.23.177:14418/.i
- url: http://200.61.163.235:27538/.i
- url: http://85.133.154.94:50435/.i
- url: http://181.112.153.78:7046/.i
- url: http://85.130.70.76:58241/.i
- url: http://46.167.196.225:6989/.i
- url: http://103.90.207.58:41059/.i
- url: http://71.83.248.9:43754/.i
- url: http://88.199.42.31:61023/.i
- url: http://103.93.177.61:26431/.i
- url: http://139.255.78.211:62967/i
- url: http://203.128.76.99:58053/.i
- url: http://178.169.136.50:16723/i
- url: http://200.122.211.138:31644/.i
- url: http://27.147.132.114:38521/.i
- url: http://103.61.103.83:2620/mozi.m
- url: http://202.63.242.37:43762/mozi.m
- url: http://103.1.157.126:20748/mozi.m
- url: http://103.165.58.235:59082/mozi.m
- url: http://77.70.95.84:27048/mozi.m
- url: http://190.109.189.120:49416/
- url: http://217.144.173.240:2559/.i
- url: http://77.87.236.131:32971/mozi.m
- domain: cyprecoofamerica.com
- file: 31.13.224.14
- hash: 38241
- domain: circle-o.io
- file: 5.44.252.28
- hash: 443
- file: 123.60.135.110
- hash: 443
- file: 106.75.76.252
- hash: 443
- file: 154.12.35.156
- hash: 4444
- file: 43.139.141.253
- hash: 8888
- file: 128.90.113.89
- hash: 9999
- file: 69.166.230.200
- hash: 8808
- domain: apm.vpce.gdw55e.upgrade1.zip
- file: 54.202.8.211
- hash: 17777
- file: 54.202.8.211
- hash: 55177
- domain: usps-online.com
- file: 154.213.190.241
- hash: 80
- file: 94.156.227.153
- hash: 80
- file: 103.97.176.69
- hash: 443
- url: http://103.163.208.252:8888/supershell/login/
- file: 221.132.67.76
- hash: 9735
- file: 147.185.221.19
- hash: 28055
- domain: jersey-prize.gl.at.ply.gg
- file: 41.216.189.243
- hash: 63645
- file: 123.30.186.248
- hash: 80
- file: 111.119.239.229
- hash: 8081
- file: 193.142.146.42
- hash: 2404
- file: 154.37.221.178
- hash: 8888
- file: 49.113.75.108
- hash: 8888
- file: 39.105.170.136
- hash: 8888
- file: 104.243.34.54
- hash: 8808
- file: 103.37.40.74
- hash: 56003
- file: 103.37.40.74
- hash: 56005
- file: 95.179.159.159
- hash: 7443
- file: 154.216.18.93
- hash: 8089
- domain: acc.mllcrosoft.com
- file: 209.74.66.221
- hash: 80
- domain: usps-sureness.com
- file: 139.162.187.197
- hash: 80
- domain: www.sofianeyaya.fr
- file: 45.128.233.186
- hash: 23
- file: 167.114.127.89
- hash: 8080
- domain: ecs-124-71-137-28.compute.hwclouds-dns.com
- file: 23.247.130.245
- hash: 2052
- file: 89.58.7.126
- hash: 7443
- file: 181.162.169.84
- hash: 8080
- file: 35.184.90.147
- hash: 60000
- file: 39.105.170.136
- hash: 60000
- file: 39.107.213.134
- hash: 60000
- file: 45.56.75.75
- hash: 3333
- file: 68.221.170.211
- hash: 443
- file: 20.55.69.115
- hash: 443
- file: 48.218.244.101
- hash: 3333
- file: 209.38.184.200
- hash: 3333
- file: 212.227.245.79
- hash: 8433
- file: 54.84.101.208
- hash: 443
- file: 111.33.165.150
- hash: 10011
- file: 3.34.191.96
- hash: 8000
- file: 45.55.187.97
- hash: 443
- file: 89.147.108.253
- hash: 4444
- file: 4.226.44.20
- hash: 3333
- file: 123.249.101.76
- hash: 3333
- file: 47.113.184.170
- hash: 3333
- file: 95.217.185.212
- hash: 3333
- file: 3.17.119.151
- hash: 3333
- file: 111.231.69.51
- hash: 3790
- url: http://chongmei33.myddns.rocks:7044/is-ready
- file: 46.246.14.67
- hash: 7044
- file: 46.246.14.67
- hash: 44662
- file: 54.38.52.14
- hash: 31337
- file: 38.54.17.74
- hash: 31337
- file: 78.141.205.114
- hash: 31337
- file: 152.42.136.113
- hash: 31337
- file: 23.168.152.27
- hash: 31337
- file: 81.19.140.237
- hash: 31337
- file: 209.141.42.6
- hash: 31337
- file: 178.157.82.141
- hash: 31337
- file: 146.190.17.255
- hash: 31337
- file: 8.222.186.154
- hash: 31337
- file: 190.14.37.12
- hash: 31337
- file: 46.23.108.19
- hash: 31337
- file: 47.109.65.22
- hash: 31337
- file: 81.70.253.23
- hash: 31337
- file: 194.4.49.8
- hash: 31337
- file: 107.175.209.173
- hash: 31337
- file: 194.59.30.158
- hash: 31337
- file: 111.119.222.52
- hash: 31337
- file: 195.90.225.71
- hash: 31337
- file: 172.234.231.235
- hash: 31337
- file: 8.216.82.145
- hash: 31337
- file: 41.216.183.47
- hash: 31337
- file: 194.26.213.66
- hash: 31337
- file: 43.156.17.19
- hash: 31337
- file: 45.115.236.152
- hash: 31337
- file: 191.232.34.142
- hash: 31337
- file: 103.85.25.90
- hash: 31337
- file: 154.205.155.89
- hash: 31337
- file: 165.227.206.56
- hash: 31337
- file: 36.138.32.109
- hash: 31337
- file: 103.117.120.68
- hash: 31337
- file: 87.120.115.229
- hash: 31337
- file: 208.73.206.122
- hash: 31337
- file: 185.104.181.15
- hash: 31337
- file: 209.182.225.150
- hash: 31337
- file: 193.142.147.51
- hash: 31337
- file: 162.33.179.250
- hash: 31337
- file: 87.120.113.209
- hash: 31337
- file: 161.35.177.212
- hash: 31337
- file: 20.117.118.95
- hash: 31337
- file: 185.216.68.124
- hash: 31337
- file: 94.156.177.150
- hash: 31337
- file: 159.223.229.0
- hash: 31337
- file: 79.99.41.95
- hash: 31337
- file: 37.120.178.79
- hash: 31337
- file: 161.35.25.134
- hash: 31337
- file: 151.236.220.113
- hash: 31337
- file: 47.242.214.83
- hash: 31337
- file: 3.124.115.208
- hash: 54138
- file: 15.156.199.145
- hash: 1023
- file: 13.49.46.48
- hash: 9418
- file: 213.136.57.21
- hash: 63256
- file: 180.94.159.233
- hash: 63256
- file: 210.3.209.18
- hash: 63256
- url: http://watertreecapital.com/ponyz/gate.php
- file: 204.95.99.26
- hash: 1604
- file: 1.94.115.186
- hash: 80
- file: 82.156.0.140
- hash: 9999
- file: 89.44.196.25
- hash: 443
- file: 166.108.232.68
- hash: 8443
- file: 87.120.115.7
- hash: 8089
- domain: gui.microsoft-onedrive.upgrade1.zip
- file: 46.246.14.11
- hash: 8000
- domain: usual-moneys.com
- file: 82.156.108.180
- hash: 8080
- file: 8.140.131.77
- hash: 1234
- file: 122.10.115.27
- hash: 9001
- file: 8.130.92.171
- hash: 80
- file: 106.75.76.252
- hash: 80
- file: 103.131.189.5
- hash: 8443
- file: 211.159.148.197
- hash: 80
- url: http://pdiroasdasadas.atwebpages.com/l1nc0in.php
- url: http://495112cm.renyash.ru/vmlinemultiuniversalwp.php
- url: http://178.124.176.209:12455/wall1.exe
- url: http://178.124.176.209:12455/windows.exe
- url: http://178.124.176.209:12455/diskdrive.exe
- url: http://178.124.176.209:12455/h2testw.exe
- url: http://178.124.176.209:12455/p2mdell.exe
- url: http://178.124.176.209:12455/update.exe
- file: 77.79.25.25
- hash: 7777
- file: 77.79.4.77
- hash: 7777
- file: 194.190.59.239
- hash: 7777
- file: 83.15.244.74
- hash: 7777
- file: 24.159.199.12
- hash: 7777
- file: 71.86.42.220
- hash: 7777
- file: 152.206.219.54
- hash: 7777
- file: 223.17.188.132
- hash: 7777
- file: 178.162.79.3
- hash: 7777
- file: 54.199.65.64
- hash: 37
- file: 35.180.204.6
- hash: 12000
- file: 154.31.217.203
- hash: 4443
- file: 38.129.66.7
- hash: 443
- file: 64.227.161.180
- hash: 4443
- file: 43.156.94.188
- hash: 31337
- file: 139.84.208.224
- hash: 31337
- file: 43.143.48.234
- hash: 8082
- file: 38.38.251.177
- hash: 8080
- file: 111.230.53.71
- hash: 8888
- file: 5.44.252.28
- hash: 80
- file: 194.58.68.112
- hash: 4443
- file: 103.37.40.77
- hash: 56003
- file: 103.37.40.77
- hash: 56005
- domain: sumup.live
- file: 92.108.91.121
- hash: 8808
- domain: www.globalsystemsupport.com
- domain: account.upgrade1.zip
- domain: gui.mllcrosoft.com
- file: 178.215.224.133
- hash: 8080
- file: 87.121.86.64
- hash: 80
- file: 23.227.198.237
- hash: 64103
- file: 77.238.233.217
- hash: 50050
- file: 124.221.174.136
- hash: 50050
- file: 34.237.237.84
- hash: 80
- url: http://62.109.6.177/javascript/updateexternaluniversalbase/dbjavascript1cdn/pollsql/requesthttpdefaultbase.php
- file: 103.243.25.70
- hash: 6666
- file: 116.196.92.13
- hash: 9095
- file: 85.209.156.2
- hash: 443
- file: 121.37.41.191
- hash: 6666
- file: 113.44.79.187
- hash: 8803
- file: 143.198.235.51
- hash: 443
- file: 38.207.177.216
- hash: 8443
- file: 45.77.45.45
- hash: 443
- file: 18.175.223.129
- hash: 443
- file: 107.172.140.211
- hash: 443
- file: 47.93.243.161
- hash: 443
- file: 121.62.16.173
- hash: 25505
- file: 121.62.16.160
- hash: 25505
- file: 121.62.23.192
- hash: 25505
- domain: ddosme.twilight.zip
- domain: qq.ouyang7770.com
- file: 102.117.174.219
- hash: 7443
- file: 188.117.141.123
- hash: 7777
- file: 103.30.87.130
- hash: 7777
- file: 184.189.187.198
- hash: 7777
- file: 202.126.208.62
- hash: 7777
- file: 109.194.42.217
- hash: 7777
- file: 143.170.164.140
- hash: 7777
- file: 165.220.130.166
- hash: 7777
- file: 208.91.180.200
- hash: 7777
- file: 165.220.157.175
- hash: 7777
- file: 91.194.190.97
- hash: 7777
- file: 195.95.234.40
- hash: 7777
- file: 184.74.50.100
- hash: 7777
- file: 61.220.104.77
- hash: 7777
- domain: lemonsmp.work.gd
- file: 102.211.232.40
- hash: 3778
- file: 137.220.229.61
- hash: 9091
- url: http://154.29.71.9/eternalcpuimage/publicto7poll/betterpacketwindowsapi/83/asyncpublicvideo6/7protect/6linux/tracklowbigload/sqlvoiddbprivatetraffic/publicdlelongpoll/dbcdn.php
- file: 64.237.149.93
- hash: 1800
- url: http://103.163.208.252:8888/supershell/login
- url: http://107.172.157.80:8888/supershell/login
- url: http://47.120.37.153:8888/supershell/login
- url: http://113.44.78.183:8888/supershell/login
- url: http://124.70.193.76:8888/supershell/login
- url: http://178.255.244.176:8888/supershell/login
- url: http://107.189.28.92:8888/supershell/login
- url: https://altadefinizioneapp.com/api
- url: https://onefreex.com/api
- url: https://80.85.241.225/ef05b005854373ec.php
- url: https://81.19.137.220/72e62e029dc81ebf.php
- url: https://94.228.169.55/7baff47bec0ff5db.php
- url: https://77.73.131.100/a2f524d70db7d1a7.php
- url: https://185.106.94.206/4e815d9f1ec482dd.php
- domain: broworker5s.com
- domain: browork2er.cc
- file: 147.185.221.24
- hash: 58685
- domain: between-youth.gl.at.ply.gg
- file: 80.59.36.43
- hash: 80
- file: 172.94.30.35
- hash: 8443
- url: https://185.215.113.20/gb9fskvs/index.php
- file: 211.159.148.197
- hash: 443
- file: 43.239.223.143
- hash: 8088
- file: 110.41.43.248
- hash: 8080
- file: 47.113.104.43
- hash: 9999
- file: 117.50.186.71
- hash: 8089
- file: 179.43.171.201
- hash: 80
- file: 45.82.84.41
- hash: 2404
- file: 52.204.27.109
- hash: 2404
- file: 152.42.161.88
- hash: 16666
- file: 170.106.136.132
- hash: 8888
- file: 185.117.89.125
- hash: 80
- file: 95.216.188.229
- hash: 7443
- file: 80.87.206.175
- hash: 7443
- file: 178.215.224.138
- hash: 80
- domain: pixelize.cloud
- domain: sso.microsoft-onedrive.upgrade1.zip
- domain: events.api.upgrade1.zip
- file: 116.203.56.216
- hash: 8081
- file: 39.105.24.38
- hash: 3478
- file: 39.105.24.38
- hash: 443
- file: 156.234.7.37
- hash: 4433
- file: 156.234.7.37
- hash: 10443
- url: http://condition-clearance.gl.at.ply.gg:7070
- url: http://srpmx.ddns.net:5552
- url: http://ali2015.noip.me:1177
- url: http://kakam50.no-ip.biz:5552
- url: http://klawess1.no-ip.org:1177
- url: http://10cpanel.hackcrack.io:33982
- url: http://toothless.myq-see.com:1177
- url: http://loosseer1212.no-ip.biz:1177
- url: http://abolhb.com:505
- url: http://hayderblack.no-ip.org:5552
- url: http://legend7mood.no-ip.biz:1177
- url: http://nouhparo.no-ip.biz:1177
- url: http://ahmadayad2014.no-ip.biz:1177
- url: http://tekken.zapto.org:92
- url: http://islamachour.no-ip.org:1177
- url: http://aliaaaiub2000.no-ip.org:1177
- url: http://backdoor25.no-ip.org:81
- url: http://iamsprey.ddns.net:1605
- url: http://abood147741.noip.me:81
- url: http://alkh20.no-ip.biz:5552
- url: http://kazimali00.no-ip.org:5552
- url: http://softtofu.uy.to:5552
- url: http://yoryounes.no-ip.biz:1177
- url: http://kartoxamc.ga:4726
- url: http://medo-m919.no-ip.biz:1177
- url: http://yyytuit7rt.no-ip.org:6622
- url: http://ezzbn.noip.me:1177
- url: http://darkdx2002.no-ip.biz:1177
- url: http://helpme.no-ip.org:125
- url: http://startitit2-23969.portmap.host:1604
- url: http://g574h9hd9.duckdns.org:1605
- url: http://rudghks.ddns.net:2396
- url: http://halimoullah.no-ip.org:1234
- url: http://confirmation.myvnc.com:5552
- url: http://aaaar2aaat2.ddns.net:1177
- url: http://blackmagix.no-ip.org:1177
- url: http://medohack.no-ip.biz:1117
- url: http://skandar001007.ddns.net:1101
- url: http://ailail07821532043.no-ip.biz:1177
- url: http://np21tda.no-ip.biz:1604
- url: http://hardysalah.no-ip.biz:1177
- url: http://110xxx.zapto.org:1177
- url: http://najrat13.no-ip.info:1177
- url: http://f3609e192fe8d18133.servehalflife.com:1380
- url: http://customers-edmonton.gl.at.ply.gg:28608
- url: http://colyfigo777.hopto.org:1177
- url: http://abu-saleh.no-ip.biz:1177
- url: http://abukamal.hopto.org:1177
- url: http://jastn.ddns.net:5552
- url: http://nigro02.no-ip.info:1177
- url: http://between-youth.gl.at.ply.gg:58685
- url: http://81.177.6.78/iremotepanel
- file: 81.177.6.78
- hash: 80
- file: 66.63.187.173
- hash: 15666
- file: 196.119.98.31
- hash: 10000
ThreatFox IOCs for 2025-01-04
Medium
Published: Sat Jan 04 2025 (01/04/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-01-04
AI-Powered Analysis
AILast updated: 06/19/2025, 16:16:50 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) related to a malware threat cataloged under the title 'ThreatFox IOCs for 2025-01-04.' ThreatFox is a known open-source threat intelligence sharing platform that aggregates and disseminates threat data, including malware signatures and behavioral indicators. The threat is classified as malware with a medium severity level, but no specific affected software versions or products are identified beyond a generic 'osint' product type, indicating that the data is primarily related to open-source intelligence rather than a specific software vulnerability or exploit. The technical details indicate a low to moderate threat level (threatLevel: 2 on an unspecified scale), with some analysis and distribution metrics provided, but no known exploits in the wild have been reported. The absence of concrete CWEs, patch links, or detailed technical indicators suggests that this is a preliminary or generalized intelligence update rather than a detailed vulnerability report. The threat is tagged with 'type:osint' and 'tlp:white,' indicating that the information is intended for unrestricted sharing and is derived from open-source intelligence. The lack of indicators and affected versions limits the ability to pinpoint exact attack vectors or malware behavior, but the presence of IOCs implies that this intelligence could be used to detect or prevent malware infections if integrated into security monitoring systems.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known active exploits and the general nature of the IOCs. However, the dissemination of these IOCs can enhance detection capabilities against emerging malware campaigns if integrated into security operations centers (SOCs) and threat hunting activities. The medium severity rating suggests that while the threat is not immediately critical, it could potentially be leveraged in targeted attacks or as part of broader malware campaigns affecting confidentiality, integrity, or availability if exploited. European organizations relying heavily on open-source intelligence tools or sharing platforms may find value in these IOCs for early warning and proactive defense. The lack of specific affected products or versions means the threat is more about awareness and preparedness than immediate remediation. Nevertheless, organizations in sectors with high exposure to malware, such as finance, critical infrastructure, and government, should remain vigilant as threat actors often use OSINT-derived data to craft sophisticated attacks.
Mitigation Recommendations
Given the nature of the threat as a set of IOCs without specific exploit details, mitigation should focus on enhancing detection and response capabilities. Organizations should: 1) Integrate the provided IOCs into existing intrusion detection and prevention systems (IDS/IPS), endpoint detection and response (EDR) tools, and security information and event management (SIEM) platforms to improve visibility. 2) Conduct regular threat hunting exercises using these IOCs to identify potential infections or suspicious activities early. 3) Maintain up-to-date threat intelligence feeds and ensure that security teams are trained to interpret and act on OSINT-derived data. 4) Implement network segmentation and strict access controls to limit malware propagation if an infection occurs. 5) Encourage information sharing within industry-specific ISACs (Information Sharing and Analysis Centers) to contextualize these IOCs with sector-specific threats. 6) Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, user awareness training, and robust backup strategies to mitigate potential impacts from malware infections.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- a0eb1951-d34f-432c-950b-4d3dd64ce296
- Original Timestamp
- 1736035386
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18 | Mirai payload (confidence level: 100%) | |
hash47925 | MooBot botnet C2 server (confidence level: 75%) | |
hash38241 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash17777 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash55177 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9735 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash28055 | NjRAT botnet C2 server (confidence level: 75%) | |
hash63645 | Mirai botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56005 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8080 | Bashlite botnet C2 server (confidence level: 100%) | |
hash2052 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10011 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 50%) | |
hash7044 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash44662 | STRRAT botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash54138 | BlackShades botnet C2 server (confidence level: 50%) | |
hash1023 | BlackShades botnet C2 server (confidence level: 50%) | |
hash9418 | BlackShades botnet C2 server (confidence level: 50%) | |
hash63256 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash63256 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash63256 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1604 | NjRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8000 | DCRat botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash37 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash12000 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56005 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash64103 | BianLian botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9095 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8803 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash25505 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash25505 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash25505 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash9091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1800 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash58685 | NjRAT botnet C2 server (confidence level: 75%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash8443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8088 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash16666 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8081 | DCRat botnet C2 server (confidence level: 100%) | |
hash3478 | PlugX botnet C2 server (confidence level: 90%) | |
hash443 | PlugX botnet C2 server (confidence level: 90%) | |
hash4433 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash10443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash15666 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file89.169.4.44 | MooBot botnet C2 server (confidence level: 75%) | |
file31.13.224.14 | Mirai botnet C2 server (confidence level: 75%) | |
file5.44.252.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.60.135.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.75.76.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.35.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.141.253 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.113.89 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file69.166.230.200 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.202.8.211 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.202.8.211 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file154.213.190.241 | MooBot botnet C2 server (confidence level: 100%) | |
file94.156.227.153 | Bashlite botnet C2 server (confidence level: 100%) | |
file103.97.176.69 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file221.132.67.76 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.19 | NjRAT botnet C2 server (confidence level: 75%) | |
file41.216.189.243 | Mirai botnet C2 server (confidence level: 75%) | |
file123.30.186.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.119.239.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.142.146.42 | Remcos botnet C2 server (confidence level: 100%) | |
file154.37.221.178 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.113.75.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.105.170.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.243.34.54 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.37.40.74 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.37.40.74 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.179.159.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.216.18.93 | Hook botnet C2 server (confidence level: 100%) | |
file209.74.66.221 | Havoc botnet C2 server (confidence level: 100%) | |
file139.162.187.197 | MooBot botnet C2 server (confidence level: 100%) | |
file45.128.233.186 | Bashlite botnet C2 server (confidence level: 100%) | |
file167.114.127.89 | Bashlite botnet C2 server (confidence level: 100%) | |
file23.247.130.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.58.7.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.162.169.84 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file35.184.90.147 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.105.170.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.107.213.134 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.56.75.75 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.221.170.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.55.69.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file48.218.244.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.184.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.227.245.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.84.101.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.33.165.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.34.191.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.55.187.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.147.108.253 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.226.44.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file123.249.101.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.113.184.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.217.185.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.17.119.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.231.69.51 | Meterpreter botnet C2 server (confidence level: 50%) | |
file46.246.14.67 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file46.246.14.67 | STRRAT botnet C2 server (confidence level: 100%) | |
file54.38.52.14 | Sliver botnet C2 server (confidence level: 50%) | |
file38.54.17.74 | Sliver botnet C2 server (confidence level: 50%) | |
file78.141.205.114 | Sliver botnet C2 server (confidence level: 50%) | |
file152.42.136.113 | Sliver botnet C2 server (confidence level: 50%) | |
file23.168.152.27 | Sliver botnet C2 server (confidence level: 50%) | |
file81.19.140.237 | Sliver botnet C2 server (confidence level: 50%) | |
file209.141.42.6 | Sliver botnet C2 server (confidence level: 50%) | |
file178.157.82.141 | Sliver botnet C2 server (confidence level: 50%) | |
file146.190.17.255 | Sliver botnet C2 server (confidence level: 50%) | |
file8.222.186.154 | Sliver botnet C2 server (confidence level: 50%) | |
file190.14.37.12 | Sliver botnet C2 server (confidence level: 50%) | |
file46.23.108.19 | Sliver botnet C2 server (confidence level: 50%) | |
file47.109.65.22 | Sliver botnet C2 server (confidence level: 50%) | |
file81.70.253.23 | Sliver botnet C2 server (confidence level: 50%) | |
file194.4.49.8 | Sliver botnet C2 server (confidence level: 50%) | |
file107.175.209.173 | Sliver botnet C2 server (confidence level: 50%) | |
file194.59.30.158 | Sliver botnet C2 server (confidence level: 50%) | |
file111.119.222.52 | Sliver botnet C2 server (confidence level: 50%) | |
file195.90.225.71 | Sliver botnet C2 server (confidence level: 50%) | |
file172.234.231.235 | Sliver botnet C2 server (confidence level: 50%) | |
file8.216.82.145 | Sliver botnet C2 server (confidence level: 50%) | |
file41.216.183.47 | Sliver botnet C2 server (confidence level: 50%) | |
file194.26.213.66 | Sliver botnet C2 server (confidence level: 50%) | |
file43.156.17.19 | Sliver botnet C2 server (confidence level: 50%) | |
file45.115.236.152 | Sliver botnet C2 server (confidence level: 50%) | |
file191.232.34.142 | Sliver botnet C2 server (confidence level: 50%) | |
file103.85.25.90 | Sliver botnet C2 server (confidence level: 50%) | |
file154.205.155.89 | Sliver botnet C2 server (confidence level: 50%) | |
file165.227.206.56 | Sliver botnet C2 server (confidence level: 50%) | |
file36.138.32.109 | Sliver botnet C2 server (confidence level: 50%) | |
file103.117.120.68 | Sliver botnet C2 server (confidence level: 50%) | |
file87.120.115.229 | Sliver botnet C2 server (confidence level: 50%) | |
file208.73.206.122 | Sliver botnet C2 server (confidence level: 50%) | |
file185.104.181.15 | Sliver botnet C2 server (confidence level: 50%) | |
file209.182.225.150 | Sliver botnet C2 server (confidence level: 50%) | |
file193.142.147.51 | Sliver botnet C2 server (confidence level: 50%) | |
file162.33.179.250 | Sliver botnet C2 server (confidence level: 50%) | |
file87.120.113.209 | Sliver botnet C2 server (confidence level: 50%) | |
file161.35.177.212 | Sliver botnet C2 server (confidence level: 50%) | |
file20.117.118.95 | Sliver botnet C2 server (confidence level: 50%) | |
file185.216.68.124 | Sliver botnet C2 server (confidence level: 50%) | |
file94.156.177.150 | Sliver botnet C2 server (confidence level: 50%) | |
file159.223.229.0 | Sliver botnet C2 server (confidence level: 50%) | |
file79.99.41.95 | Sliver botnet C2 server (confidence level: 50%) | |
file37.120.178.79 | Sliver botnet C2 server (confidence level: 50%) | |
file161.35.25.134 | Sliver botnet C2 server (confidence level: 50%) | |
file151.236.220.113 | Sliver botnet C2 server (confidence level: 50%) | |
file47.242.214.83 | Sliver botnet C2 server (confidence level: 50%) | |
file3.124.115.208 | BlackShades botnet C2 server (confidence level: 50%) | |
file15.156.199.145 | BlackShades botnet C2 server (confidence level: 50%) | |
file13.49.46.48 | BlackShades botnet C2 server (confidence level: 50%) | |
file213.136.57.21 | Unknown malware botnet C2 server (confidence level: 50%) | |
file180.94.159.233 | Unknown malware botnet C2 server (confidence level: 50%) | |
file210.3.209.18 | Unknown malware botnet C2 server (confidence level: 50%) | |
file204.95.99.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file1.94.115.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.156.0.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.44.196.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file166.108.232.68 | Sliver botnet C2 server (confidence level: 100%) | |
file87.120.115.7 | Hook botnet C2 server (confidence level: 100%) | |
file46.246.14.11 | DCRat botnet C2 server (confidence level: 100%) | |
file82.156.108.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.131.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.10.115.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.92.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.75.76.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.131.189.5 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file211.159.148.197 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file77.79.25.25 | Unknown malware botnet C2 server (confidence level: 50%) | |
file77.79.4.77 | Unknown malware botnet C2 server (confidence level: 50%) | |
file194.190.59.239 | Unknown malware botnet C2 server (confidence level: 50%) | |
file83.15.244.74 | Unknown malware botnet C2 server (confidence level: 50%) | |
file24.159.199.12 | Unknown malware botnet C2 server (confidence level: 50%) | |
file71.86.42.220 | Unknown malware botnet C2 server (confidence level: 50%) | |
file152.206.219.54 | Unknown malware botnet C2 server (confidence level: 50%) | |
file223.17.188.132 | Unknown malware botnet C2 server (confidence level: 50%) | |
file178.162.79.3 | Unknown malware botnet C2 server (confidence level: 50%) | |
file54.199.65.64 | Unknown malware botnet C2 server (confidence level: 50%) | |
file35.180.204.6 | Unknown malware botnet C2 server (confidence level: 50%) | |
file154.31.217.203 | Unknown malware botnet C2 server (confidence level: 50%) | |
file38.129.66.7 | Unknown malware botnet C2 server (confidence level: 50%) | |
file64.227.161.180 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.156.94.188 | Sliver botnet C2 server (confidence level: 50%) | |
file139.84.208.224 | Sliver botnet C2 server (confidence level: 50%) | |
file43.143.48.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.38.251.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.230.53.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.44.252.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.58.68.112 | Sliver botnet C2 server (confidence level: 100%) | |
file103.37.40.77 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.37.40.77 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file92.108.91.121 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file178.215.224.133 | ERMAC botnet C2 server (confidence level: 100%) | |
file87.121.86.64 | MooBot botnet C2 server (confidence level: 100%) | |
file23.227.198.237 | BianLian botnet C2 server (confidence level: 100%) | |
file77.238.233.217 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file124.221.174.136 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file34.237.237.84 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.243.25.70 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file116.196.92.13 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file85.209.156.2 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file121.37.41.191 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file113.44.79.187 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file143.198.235.51 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.207.177.216 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.77.45.45 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file18.175.223.129 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file107.172.140.211 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.93.243.161 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file121.62.16.173 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file121.62.16.160 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file121.62.23.192 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file102.117.174.219 | Unknown malware botnet C2 server (confidence level: 50%) | |
file188.117.141.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.30.87.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.189.187.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file202.126.208.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.194.42.217 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.170.164.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.220.130.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file208.91.180.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.220.157.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.194.190.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.95.234.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.74.50.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.220.104.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.211.232.40 | Mirai botnet C2 server (confidence level: 75%) | |
file137.220.229.61 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file64.237.149.93 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 75%) | |
file80.59.36.43 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file172.94.30.35 | Havoc botnet C2 server (confidence level: 50%) | |
file211.159.148.197 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.239.223.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.41.43.248 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.113.104.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.50.186.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.43.171.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.82.84.41 | Remcos botnet C2 server (confidence level: 100%) | |
file52.204.27.109 | Remcos botnet C2 server (confidence level: 100%) | |
file152.42.161.88 | Sliver botnet C2 server (confidence level: 100%) | |
file170.106.136.132 | Sliver botnet C2 server (confidence level: 100%) | |
file185.117.89.125 | ShadowPad botnet C2 server (confidence level: 90%) | |
file95.216.188.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.87.206.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.215.224.138 | Hook botnet C2 server (confidence level: 100%) | |
file116.203.56.216 | DCRat botnet C2 server (confidence level: 100%) | |
file39.105.24.38 | PlugX botnet C2 server (confidence level: 90%) | |
file39.105.24.38 | PlugX botnet C2 server (confidence level: 90%) | |
file156.234.7.37 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file156.234.7.37 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file81.177.6.78 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file66.63.187.173 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file196.119.98.31 | NjRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainseyfhg.work.gd | MooBot botnet C2 domain (confidence level: 75%) | |
domainhangindgheu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintirepublicerj.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domaincloudewahsj.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainnoisycuttej.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainwholersorie.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainframekgirus.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainrabidcowse.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainnearycrepso.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domaingrubbytellek.click | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainabruptyopsn.shop | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domaincyprecoofamerica.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincircle-o.io | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainapm.vpce.gdw55e.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainusps-online.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainjersey-prize.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainacc.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainusps-sureness.com | Meduza Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.sofianeyaya.fr | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainecs-124-71-137-28.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingui.microsoft-onedrive.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainusual-moneys.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainsumup.live | Hook botnet C2 domain (confidence level: 100%) | |
domainwww.globalsystemsupport.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainaccount.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domaingui.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainddosme.twilight.zip | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domainqq.ouyang7770.com | ValleyRAT botnet C2 domain (confidence level: 75%) | |
domainlemonsmp.work.gd | Mirai botnet C2 domain (confidence level: 100%) | |
domainbroworker5s.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbrowork2er.cc | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbetween-youth.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainpixelize.cloud | Hook botnet C2 domain (confidence level: 100%) | |
domainsso.microsoft-onedrive.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainevents.api.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.qlkwr.com/awjsx.captcha | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://klipdalygeo.shop/ginni.mp4 | Lumma Stealer payload delivery URL (confidence level: 75%) | |
urlhttp://190.128.153.54:64700/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://190.109.178.139:24931/4 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://79.119.55.204:1911/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.33.113.75:3689/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://94.137.31.250:8993/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.50.7.126:3689/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://91.200.115.75:2086/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://188.114.68.131:3000/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://196.202.194.133:63946/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.33.110.239:2121/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.33.117.22:8545/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://105.213.84.53:4444/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://89.215.188.163:41800/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://95.154.70.215:1314/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://46.246.164.241:9765/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://177.23.93.50:9306/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://95.105.41.79:50100/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.33.113.195:8801/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://185.226.17.104:4782/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.33.110.83:60001/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://77.76.80.223:3000/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://87.4.241.105:5005/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://130.204.214.199:5560/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://160.155.16.204:5446/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://79.34.21.17:46528/ | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://179.12.51.141:38553/ | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.237.174.238:7001 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.84.37.101:19439 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://112.78.42.90:29620 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://154.126.178.16:30629 | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://85.72.39.196:39497/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://43.230.158.100:42063/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.131.244.202:30068/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.191.123.196:27033/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://46.20.63.220:54770/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://190.205.35.203:44238/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://36.64.23.219:16021/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://5.188.145.60:58103/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://91.192.153.73:53020/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://88.135.140.194:58387/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://182.253.60.197:46757/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://89.28.58.97:37382/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://180.92.233.78:25155/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://203.176.137.54:39516/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://146.66.164.51:59592/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://79.127.76.34:51525/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://210.4.69.226:44803/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://77.40.49.162:16097/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://201.234.151.229:47684/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://121.101.130.14:49784/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://213.6.74.138:39286/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://83.1.241.6:62288/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://195.218.152.38:7093/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://217.171.55.168:10055/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://89.40.54.142:44298/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://182.93.84.57:63686/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://212.237.112.109:54692/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://91.92.82.180:17789/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.93.176.116:51065/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://190.186.115.41:54059/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://115.188.121.248:4062/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://130.0.219.207:27096/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.43.7.93:7601/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://109.69.79.44:55952/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://200.255.164.35:64406/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://190.52.34.253:40486/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://83.239.105.190:63796/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://36.95.35.49:40708/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://185.131.240.71:52561/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://195.211.197.30:10994/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://93.175.223.140:5544/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://213.221.36.18:7124/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://116.58.39.59:13057/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.5.52.110:37085/bin.sh | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.5.52.110:37085/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://195.218.152.38:7093/bin.sh | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://146.196.97.231:19590/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://185.19.119.228:50266/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://177.220.157.134:20907/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://213.184.249.83:56304/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://92.38.45.132:51519/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://177.131.121.199:12006/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.4.222.76:19066/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://187.95.124.125:58300/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://193.189.188.129:40630/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://181.10.211.18:2617/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://163.53.205.56:32999/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.148.18.218:30944/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://185.29.162.101:3788/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://188.0.251.2:52872/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://201.245.165.67:16287/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://77.49.193.166:20000/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://185.43.228.126:2473/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://195.162.70.5:2060/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://77.91.137.168:13945/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://185.114.137.114:23308/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://178.34.182.186:34662/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://186.211.153.18:42419/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.59.90.106:62207/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://200.69.219.25:6584/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.166.220.109:59928/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://190.246.165.66:1145/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://195.162.70.105:34207/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://188.191.16.250:14894/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://200.116.1.90:25508/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://203.150.128.89:17524/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://194.183.186.164:50835/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://178.222.134.59:15713/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://197.155.64.126:47085/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://193.95.254.50:40630/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.148.20.138:24291/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://178.212.51.54:9195/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://178.19.183.14:6116/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://87.14.24.141:17949/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://146.196.120.194:45995/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.69.89.229:21502/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://195.98.68.52:41604/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://188.175.134.62:4496/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.203.92.41:7120/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://94.43.59.154:30924/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://84.43.49.111:1194/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://62.152.23.177:14418/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://200.61.163.235:27538/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://85.133.154.94:50435/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://181.112.153.78:7046/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://85.130.70.76:58241/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://46.167.196.225:6989/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.90.207.58:41059/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://71.83.248.9:43754/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://88.199.42.31:61023/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.93.177.61:26431/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://139.255.78.211:62967/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://203.128.76.99:58053/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://178.169.136.50:16723/i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://200.122.211.138:31644/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://27.147.132.114:38521/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.61.103.83:2620/mozi.m | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://202.63.242.37:43762/mozi.m | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.1.157.126:20748/mozi.m | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.165.58.235:59082/mozi.m | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://77.70.95.84:27048/mozi.m | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://190.109.189.120:49416/ | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://217.144.173.240:2559/.i | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://77.87.236.131:32971/mozi.m | Mirai payload delivery URL (confidence level: 75%) | |
urlhttp://103.163.208.252:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://chongmei33.myddns.rocks:7044/is-ready | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://watertreecapital.com/ponyz/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://pdiroasdasadas.atwebpages.com/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://495112cm.renyash.ru/vmlinemultiuniversalwp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://178.124.176.209:12455/wall1.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://178.124.176.209:12455/windows.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://178.124.176.209:12455/diskdrive.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://178.124.176.209:12455/h2testw.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://178.124.176.209:12455/p2mdell.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://178.124.176.209:12455/update.exe | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://62.109.6.177/javascript/updateexternaluniversalbase/dbjavascript1cdn/pollsql/requesthttpdefaultbase.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://154.29.71.9/eternalcpuimage/publicto7poll/betterpacketwindowsapi/83/asyncpublicvideo6/7protect/6linux/tracklowbigload/sqlvoiddbprivatetraffic/publicdlelongpoll/dbcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://103.163.208.252:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://107.172.157.80:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://47.120.37.153:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://113.44.78.183:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://124.70.193.76:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://178.255.244.176:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://107.189.28.92:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://altadefinizioneapp.com/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://onefreex.com/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://80.85.241.225/ef05b005854373ec.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://81.19.137.220/72e62e029dc81ebf.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://94.228.169.55/7baff47bec0ff5db.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://77.73.131.100/a2f524d70db7d1a7.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://185.106.94.206/4e815d9f1ec482dd.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://185.215.113.20/gb9fskvs/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttp://condition-clearance.gl.at.ply.gg:7070 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://srpmx.ddns.net:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://ali2015.noip.me:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://kakam50.no-ip.biz:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://klawess1.no-ip.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://10cpanel.hackcrack.io:33982 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://toothless.myq-see.com:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://loosseer1212.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://abolhb.com:505 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://hayderblack.no-ip.org:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://legend7mood.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://nouhparo.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://ahmadayad2014.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://tekken.zapto.org:92 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://islamachour.no-ip.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://aliaaaiub2000.no-ip.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://backdoor25.no-ip.org:81 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://iamsprey.ddns.net:1605 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://abood147741.noip.me:81 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://alkh20.no-ip.biz:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://kazimali00.no-ip.org:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://softtofu.uy.to:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://yoryounes.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://kartoxamc.ga:4726 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://medo-m919.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://yyytuit7rt.no-ip.org:6622 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://ezzbn.noip.me:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://darkdx2002.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://helpme.no-ip.org:125 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://startitit2-23969.portmap.host:1604 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://g574h9hd9.duckdns.org:1605 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://rudghks.ddns.net:2396 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://halimoullah.no-ip.org:1234 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://confirmation.myvnc.com:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://aaaar2aaat2.ddns.net:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://blackmagix.no-ip.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://medohack.no-ip.biz:1117 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://skandar001007.ddns.net:1101 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://ailail07821532043.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://np21tda.no-ip.biz:1604 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://hardysalah.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://110xxx.zapto.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://najrat13.no-ip.info:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://f3609e192fe8d18133.servehalflife.com:1380 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://customers-edmonton.gl.at.ply.gg:28608 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://colyfigo777.hopto.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://abu-saleh.no-ip.biz:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://abukamal.hopto.org:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://jastn.ddns.net:5552 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://nigro02.no-ip.info:1177 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://between-youth.gl.at.ply.gg:58685 | NjRAT botnet C2 (confidence level: 100%) | |
urlhttp://81.177.6.78/iremotepanel | RedLine Stealer botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc3e8347ec82d2e3bf6
Added to database: 5/20/2025, 1:04:03 PM
Last enriched: 6/19/2025, 4:16:50 PM
Last updated: 8/19/2025, 12:11:56 AM
Views: 666
Related Threats
ThreatFox IOCs for 2025-08-18
MediumMalwareTue Aug 19 2025
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumMalwareMon Aug 18 2025
Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.