ThreatFox IOCs for 2025-01-06
Severity: mediumType: malware
ThreatFox IOCs for 2025-01-06
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on January 6, 2025, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with open-source intelligence (OSINT) activities. However, the data lacks specific details about the malware family, attack vectors, affected software versions, or technical exploitation mechanisms. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild linked to these IOCs, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of detailed technical indicators, such as hashes, IP addresses, or domains, limits the ability to perform a granular technical analysis. The threat appears to be in an early or observational stage, primarily serving as intelligence for monitoring rather than an active, widespread attack campaign. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable without restriction. Overall, this threat intelligence entry represents a medium-level malware-related concern based on OSINT data, with limited actionable technical specifics at this time.
Potential Impact
Given the lack of detailed technical information and the absence of known exploits in the wild, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT suggests potential reconnaissance or preparatory activities by threat actors. European organizations, especially those relying heavily on OSINT tools or platforms, could face increased risk if these IOCs correlate with emerging malware campaigns. Potential impacts include unauthorized data access, disruption of services, or infiltration attempts if the malware evolves or is leveraged in targeted attacks. The medium severity rating implies moderate risk, with possible confidentiality and integrity impacts if exploited. Availability impacts appear less likely given the current data. Organizations in sectors with high exposure to OSINT data or those involved in intelligence, defense, or critical infrastructure may be more sensitive to this threat vector.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Organizations should integrate these IOCs into their threat intelligence platforms and continuously monitor for any related activity within their networks. 2. Validate and Enrich IOCs: Since the provided IOCs are sparse, security teams should seek additional context from ThreatFox or other intelligence sources to enrich detection capabilities. 3. Network Segmentation: Limit exposure of critical systems to external OSINT-related data feeds to reduce potential attack surfaces. 4. Endpoint Protection: Deploy advanced endpoint detection and response (EDR) solutions capable of identifying anomalous behavior potentially linked to emerging malware. 5. User Awareness: Train staff on the risks associated with OSINT tools and the importance of verifying sources to prevent inadvertent exposure to malicious content. 6. Incident Response Preparedness: Update incident response plans to include scenarios involving OSINT-related malware threats, ensuring rapid containment and remediation. 7. Collaboration: Engage with European cybersecurity information sharing organizations to stay updated on evolving threats related to these IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
Indicators of Compromise
- file: 142.202.82.250
- hash: 9000
- file: 168.119.49.202
- hash: 80
- file: 168.119.49.202
- hash: 443
- file: 62.128.222.130
- hash: 80
- file: 62.128.222.130
- hash: 81
- file: 62.128.222.130
- hash: 443
- file: 136.144.176.192
- hash: 80
- file: 136.144.176.192
- hash: 443
- file: 129.187.125.15
- hash: 80
- file: 129.187.125.15
- hash: 443
- file: 141.138.136.102
- hash: 80
- file: 141.138.136.102
- hash: 443
- file: 134.60.76.192
- hash: 80
- file: 134.60.76.192
- hash: 443
- file: 185.194.236.52
- hash: 80
- file: 185.194.236.52
- hash: 443
- file: 138.201.175.216
- hash: 443
- file: 208.93.103.123
- hash: 80
- file: 208.93.103.123
- hash: 443
- file: 208.93.103.252
- hash: 80
- file: 208.93.103.252
- hash: 443
- file: 154.201.68.91
- hash: 443
- file: 154.201.68.91
- hash: 2086
- file: 154.201.68.91
- hash: 2095
- file: 206.119.178.163
- hash: 443
- file: 23.94.36.151
- hash: 2404
- file: 163.5.32.49
- hash: 2404
- file: 45.11.77.153
- hash: 443
- file: 87.120.112.38
- hash: 31337
- file: 87.120.116.89
- hash: 50337
- file: 20.117.118.95
- hash: 443
- file: 54.69.132.108
- hash: 80
- file: 54.69.132.108
- hash: 443
- file: 13.75.71.8
- hash: 80
- file: 13.75.71.8
- hash: 443
- file: 213.108.110.219
- hash: 80
- file: 213.108.110.219
- hash: 443
- file: 52.178.68.157
- hash: 80
- file: 52.178.68.157
- hash: 443
- file: 52.178.68.157
- hash: 8081
- file: 52.178.68.157
- hash: 8443
- domain: lanhub.dreamhack-leipzig.de
- url: http://117.209.89.239:39944/mozi.m
- file: 172.67.161.31
- hash: 80
- domain: ilyasautotech.com.au
- file: 61.140.45.63
- hash: 2376
- file: 47.109.142.20
- hash: 2376
- file: 91.160.181.237
- hash: 4782
- file: 47.242.37.176
- hash: 5433
- file: 45.43.163.22
- hash: 443
- file: 172.232.62.81
- hash: 443
- domain: cfffee.sbs
- domain: www.laboursupplychains-za.org
- domain: mypajnel.x24hr.com
- domain: gate.0xbot.cc
- domain: 64.176.65.49.sslip.io
- domain: 64-176-59-232.ipv4.staticdns3.io
- file: 193.83.228.180
- hash: 4444
- file: 87.120.125.230
- hash: 7581
- file: 69.166.230.99
- hash: 6606
- file: 128.90.113.104
- hash: 9999
- file: 104.243.46.129
- hash: 5555
- file: 94.156.167.42
- hash: 7777
- file: 34.66.4.137
- hash: 7443
- domain: vmi2262496.contaboserver.net
- file: 91.107.219.231
- hash: 8082
- file: 91.107.219.231
- hash: 8089
- domain: webdisk.sumup.live
- domain: nice-raman.154-216-18-93.plesk.page
- file: 23.94.153.130
- hash: 8089
- domain: ssl.upgrade1.zip
- domain: reporting.microsoft-onedrive.upgrade1.zip
- domain: res.microsoft.upgrade1.zip
- domain: csp.upgrade1.zip
- domain: g.mllcrosoft.com
- domain: device.login.microsoft-onedrive.upgrade1.zip
- domain: ssl.microsoft.upgrade1.zip
- domain: www.mllcrosoft.com
- domain: microsoft.upgrade1.zip
- domain: reporting.upgrade1.zip
- file: 116.2.180.189
- hash: 7443
- file: 195.2.73.29
- hash: 80
- file: 185.245.183.74
- hash: 443
- file: 76.71.30.145
- hash: 80
- file: 79.110.49.160
- hash: 60000
- file: 172.96.172.111
- hash: 60000
- file: 206.119.178.163
- hash: 60000
- file: 62.146.232.94
- hash: 60000
- file: 95.216.211.124
- hash: 3333
- file: 2.59.22.50
- hash: 3333
- file: 145.239.197.144
- hash: 3333
- file: 124.220.14.86
- hash: 9205
- file: 62.164.222.99
- hash: 8081
- file: 54.81.95.159
- hash: 3333
- file: 34.95.235.69
- hash: 3333
- file: 122.155.16.130
- hash: 3333
- file: 77.105.137.76
- hash: 3333
- file: 159.223.140.124
- hash: 3333
- file: 18.192.206.155
- hash: 3333
- file: 49.13.167.67
- hash: 3333
- file: 78.46.177.92
- hash: 443
- url: http://a1060905.xsph.ru/l1nc0in.php
- file: 38.49.56.2
- hash: 56003
- file: 38.49.56.2
- hash: 56004
- file: 38.49.56.2
- hash: 56005
- domain: zone.ebuilderssource.com
- file: 148.135.113.78
- hash: 443
- file: 103.99.133.77
- hash: 443
- file: 92.112.180.157
- hash: 7777
- file: 38.147.187.13
- hash: 8088
- file: 147.45.47.69
- hash: 4433
- file: 3.109.51.37
- hash: 443
- file: 74.249.192.132
- hash: 443
- file: 47.236.0.82
- hash: 443
- file: 75.134.200.134
- hash: 9898
- url: http://337703cm.n9sh.top/basecentral.php
- url: https://yokesandusj.sbs/api
- url: https://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html
- url: https://glowscarrytsv.sbs/api
- url: http://cloudewahsj.shop/api
- url: http://sos-at-vie-1.exo.io/sotbuck/next/step/have-to-pass-this-step.html
- url: https://sos-ch-gva-2.exo.io/ready/seah/continue/have-to-pass-this-step.html
- url: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html
- url: http://trk.zoningweb.com/67755e26b1a828e7fb869370
- url: http://generatorauc.pro/676532b046cfbdecfd800dbf?c=acqxewe6xguaa4acaedcfwaoaaaaaaar
- file: 216.9.224.157
- hash: 7707
- file: 77.90.22.45
- hash: 5552
- file: 77.90.22.45
- hash: 15352
- file: 189.1.244.101
- hash: 7777
- file: 81.161.238.107
- hash: 2404
- file: 194.59.30.156
- hash: 31337
- domain: cvannieuwburg.nl
- domain: thirttj13vs.top
- domain: eleventj11vs.top
- domain: fivetj5vs.top
- domain: cu00054.tw1.ru
- domain: a1071370.xsph.ru
- domain: f1071349.xsph.ru
- domain: a1071196.xsph.ru
- domain: a0914338.xsph.ru
- domain: ffdgsmsw.beget.tech
- domain: a1060905.xsph.ru
- domain: vadgko6t.beget.tech
- domain: rsakinc8.beget.tech
- domain: rsakinmu.beget.tech
- domain: f1068822.xsph.ru
- domain: a1068004.xsph.ru
- domain: a1067494.xsph.ru
- domain: a1067376.xsph.ru
- domain: a1063331.xsph.ru
- domain: f0885664.xsph.ru
- domain: a1070985.xsph.ru
- domain: 501799.prohoster.biz
- domain: arabna4a.beget.tech
- domain: zeromaee.beget.tech
- domain: heneyelijhr.click
- domain: traygullibalkerj.click
- domain: exchangecumb.click
- domain: giverlevekj.click
- domain: islandbreadyu.click
- domain: dreamlonggev.click
- domain: aloofysofar.click
- domain: spottercurvei.click
- domain: swiftstringjuo.click
- domain: cutefingeuker.click
- domain: shockingrefle.click
- domain: ugliesttabke.click
- domain: sloppymisskr.click
- domain: censeractersj.click
- domain: deletteproposez.click
- domain: passhudmrue.click
- domain: antssneakr.click
- domain: regularlavhis.click
- domain: bluedlsahwi.click
- domain: diseasecooky.click
- domain: titleviewvv.click
- domain: lushgammyjs.click
- domain: lastlossunbag.click
- domain: appliacnwatter.click
- domain: wrongyfallyk.click
- domain: rainywearyrs.cyou
- domain: healbewilk.cyou
- domain: home.thirttj13vs.top
- domain: forjjf4pt.top
- domain: home.eightj8vs.top
- domain: home.eleventj11vs.top
- domain: home.ninetj9vs.top
- domain: home.tentj10ht.top
- domain: home.tentj10vs.top
- domain: ninetj9vs.top
- domain: sixtj6vs.top
- domain: tentj10vs.top
- domain: thirttj13ht.top
- domain: eightj8vs.top
- domain: home.forjjf4pt.top
- domain: home.fivetj5vs.top
- domain: home.ninetj9vt.top
- url: https://healbewilk.cyou/api
- url: https://rainywearyrs.cyou/api
- url: https://wrongyfallyk.click/api
- url: https://appliacnwatter.click/api
- url: https://lastlossunbag.click/api
- url: https://lushgammyjs.click/api
- url: https://titleviewvv.click/api
- url: https://diseasecooky.click/api
- url: https://bluedlsahwi.click/api
- url: https://regularlavhis.click/api
- url: https://antssneakr.click/api
- url: https://passhudmrue.click/api
- url: https://deletteproposez.click/api
- url: https://censeractersj.click/api
- url: https://sloppymisskr.click/api
- url: https://ugliesttabke.click/api
- url: https://shockingrefle.click/api
- url: https://cutefingeuker.click/api
- url: https://swiftstringjuo.click/api
- url: https://spottercurvei.click/api
- url: https://aloofysofar.click/api
- url: https://dreamlonggev.click/api
- url: https://islandbreadyu.click/api
- url: https://giverlevekj.click/api
- url: https://exchangecumb.click/api
- url: https://traygullibalkerj.click/api
- url: https://heneyelijhr.click/api
- url: https://grooveoiy.cyou/api
- file: 193.161.193.99
- hash: 59950
- domain: umso-59950.portmap.host
- url: http://bfhdkgmmhdbikgj.top/1.php
- url: https://siffinisherz.sbs/api
- url: https://palmsizehelis.com/updater2.php
- file: 194.32.142.21
- hash: 31337
- file: 118.25.85.198
- hash: 2222
- file: 201.95.84.40
- hash: 8081
- url: https://netgenius.life/work/original.js
- domain: netgenius.life
- url: https://netgenius.life/work/index.php
- url: https://netgenius.life/work/download.php
- url: https://185.219.81.132/4f85e0bfc60adccc/mozglue.dll
- url: https://ganhogosi.xyz/bbbb.zip
- url: https://185.219.81.132/4f85e0bfc60adccc/sqlite3.dll
- url: https://185.219.81.132/4f85e0bfc60adccc/vcruntime140.dll
- file: 194.180.191.24
- hash: 443
- url: http://178.22.31.134/cb8373ac6348bc41/sqlite3.dll
- url: https://91.103.253.18/1655d0b0e8ecab2d.php
- file: 134.122.155.39
- hash: 15091
- file: 190.123.44.73
- hash: 1995
- file: 77.111.101.78
- hash: 1995
- domain: chmod0777kk.com
- url: https://ecrut.com/5r8k.js
- domain: ecrut.com
- url: https://ecrut.com/js.php
- url: https://81.200.146.58/linewindowstrack.php
- url: http://77.105.164.106/263ff79562167f22/vcruntime140.dll
- url: http://175.107.1.154:44402/mozi.m
- url: http://154.21.200.151:8888/supershell/login/
- file: 154.21.200.151
- hash: 8888
- file: 38.14.255.134
- hash: 2052
- file: 113.45.177.211
- hash: 81
- file: 93.113.25.206
- hash: 443
- domain: twelve12vs.top
- domain: a1071664.xsph.ru
- domain: a1071470.xsph.ru
- domain: cl04317.tw1.ru
- domain: a1071602.xsph.ru
- domain: f1070781.xsph.ru
- domain: baallsn3.beget.tech
- domain: a1071290.xsph.ru
- domain: carveforutune.click
- domain: paymommenro.click
- domain: grooveoiy.cyou
- domain: siffinisherz.sbs
- domain: yokesandusj.sbs
- domain: glowscarrytsv.sbs
- domain: cellardesiresso.sbs
- domain: quitaffternav.sbs
- domain: swingybeattyz.sbs
- domain: movespendys.sbs
- domain: leg-sate-boat.sbs
- domain: song-ritzy.sbs
- domain: wrench-creter.sbs
- domain: looky-marked.sbs
- domain: copper-replace.sbs
- domain: record-envyp.sbs
- domain: preside-comforter.sbs
- domain: plastic-mitten.sbs
- domain: hallowed-noisy.sbs
- domain: slam-whipp.sbs
- domain: savvy-steereo.sbs
- domain: blade-govern.sbs
- domain: story-tense-faz.sbs
- domain: disobey-curly.sbs
- domain: motion-treesz.sbs
- file: 206.238.179.114
- hash: 8088
- domain: fivt15vs.top
- url: https://motion-treesz.sbs/api
- url: https://disobey-curly.sbs/api
- url: https://story-tense-faz.sbs/api
- url: https://blade-govern.sbs/api
- url: https://savvy-steereo.sbs/api
- url: https://slam-whipp.sbs/api
- url: https://hallowed-noisy.sbs/api
- url: https://plastic-mitten.sbs/api
- url: https://preside-comforter.sbs/api
- url: https://record-envyp.sbs/api
- url: https://copper-replace.sbs/api
- url: https://looky-marked.sbs/api
- url: https://wrench-creter.sbs/api
- url: https://song-ritzy.sbs/api
- url: https://leg-sate-boat.sbs/api
- url: https://movespendys.sbs/api
- url: https://quitaffternav.sbs/api
- url: https://paymommenro.click/api
- url: https://carveforutune.click/api
ThreatFox IOCs for 2025-01-06
Medium
Published: Mon Jan 06 2025 (01/06/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-01-06
AI-Powered Analysis
AILast updated: 06/19/2025, 15:46:56 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on January 6, 2025, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with open-source intelligence (OSINT) activities. However, the data lacks specific details about the malware family, attack vectors, affected software versions, or technical exploitation mechanisms. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned. There are no known exploits in the wild linked to these IOCs, and no Common Weakness Enumerations (CWEs) or patch information is provided. The absence of detailed technical indicators, such as hashes, IP addresses, or domains, limits the ability to perform a granular technical analysis. The threat appears to be in an early or observational stage, primarily serving as intelligence for monitoring rather than an active, widespread attack campaign. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable without restriction. Overall, this threat intelligence entry represents a medium-level malware-related concern based on OSINT data, with limited actionable technical specifics at this time.
Potential Impact
Given the lack of detailed technical information and the absence of known exploits in the wild, the immediate impact on European organizations is likely limited. However, the presence of malware-related IOCs in OSINT suggests potential reconnaissance or preparatory activities by threat actors. European organizations, especially those relying heavily on OSINT tools or platforms, could face increased risk if these IOCs correlate with emerging malware campaigns. Potential impacts include unauthorized data access, disruption of services, or infiltration attempts if the malware evolves or is leveraged in targeted attacks. The medium severity rating implies moderate risk, with possible confidentiality and integrity impacts if exploited. Availability impacts appear less likely given the current data. Organizations in sectors with high exposure to OSINT data or those involved in intelligence, defense, or critical infrastructure may be more sensitive to this threat vector.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Organizations should integrate these IOCs into their threat intelligence platforms and continuously monitor for any related activity within their networks. 2. Validate and Enrich IOCs: Since the provided IOCs are sparse, security teams should seek additional context from ThreatFox or other intelligence sources to enrich detection capabilities. 3. Network Segmentation: Limit exposure of critical systems to external OSINT-related data feeds to reduce potential attack surfaces. 4. Endpoint Protection: Deploy advanced endpoint detection and response (EDR) solutions capable of identifying anomalous behavior potentially linked to emerging malware. 5. User Awareness: Train staff on the risks associated with OSINT tools and the importance of verifying sources to prevent inadvertent exposure to malicious content. 6. Incident Response Preparedness: Update incident response plans to include scenarios involving OSINT-related malware threats, ensuring rapid containment and remediation. 7. Collaboration: Engage with European cybersecurity information sharing organizations to stay updated on evolving threats related to these IOCs.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 84b66ac0-0c45-426e-b782-260a213ba691
- Original Timestamp
- 1736208186
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file142.202.82.250 | pupy botnet C2 server (confidence level: 75%) | |
file168.119.49.202 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file168.119.49.202 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file62.128.222.130 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file62.128.222.130 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file62.128.222.130 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file136.144.176.192 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file136.144.176.192 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file129.187.125.15 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file129.187.125.15 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file141.138.136.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file141.138.136.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file134.60.76.192 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file134.60.76.192 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.194.236.52 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.194.236.52 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file138.201.175.216 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file208.93.103.123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file208.93.103.123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file208.93.103.252 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file208.93.103.252 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file154.201.68.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.68.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.68.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.119.178.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.94.36.151 | Remcos botnet C2 server (confidence level: 100%) | |
file163.5.32.49 | Remcos botnet C2 server (confidence level: 100%) | |
file45.11.77.153 | pupy botnet C2 server (confidence level: 100%) | |
file87.120.112.38 | Sliver botnet C2 server (confidence level: 100%) | |
file87.120.116.89 | Sliver botnet C2 server (confidence level: 100%) | |
file20.117.118.95 | Sliver botnet C2 server (confidence level: 100%) | |
file54.69.132.108 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file54.69.132.108 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file13.75.71.8 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file13.75.71.8 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file213.108.110.219 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file213.108.110.219 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.178.68.157 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.178.68.157 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.178.68.157 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.178.68.157 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file172.67.161.31 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file61.140.45.63 | Sliver botnet C2 server (confidence level: 100%) | |
file47.109.142.20 | Sliver botnet C2 server (confidence level: 100%) | |
file91.160.181.237 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file47.242.37.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.43.163.22 | Sliver botnet C2 server (confidence level: 100%) | |
file172.232.62.81 | Sliver botnet C2 server (confidence level: 100%) | |
file193.83.228.180 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.125.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file69.166.230.99 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.104 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.243.46.129 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.156.167.42 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.66.4.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.107.219.231 | Hook botnet C2 server (confidence level: 100%) | |
file91.107.219.231 | Hook botnet C2 server (confidence level: 100%) | |
file23.94.153.130 | Hook botnet C2 server (confidence level: 100%) | |
file116.2.180.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.2.73.29 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.245.183.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file76.71.30.145 | Unknown malware botnet C2 server (confidence level: 100%) | |
file79.110.49.160 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.96.172.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.119.178.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.146.232.94 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.216.211.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file2.59.22.50 | Unknown malware botnet C2 server (confidence level: 100%) | |
file145.239.197.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.220.14.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.164.222.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.81.95.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.95.235.69 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.155.16.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.105.137.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.223.140.124 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.192.206.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.13.167.67 | Unknown malware botnet C2 server (confidence level: 100%) | |
file78.46.177.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.49.56.2 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file38.49.56.2 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file38.49.56.2 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file148.135.113.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.99.133.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file92.112.180.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.147.187.13 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.45.47.69 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file3.109.51.37 | Unknown malware botnet C2 server (confidence level: 50%) | |
file74.249.192.132 | Unknown malware botnet C2 server (confidence level: 50%) | |
file47.236.0.82 | NjRAT botnet C2 server (confidence level: 50%) | |
file75.134.200.134 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file216.9.224.157 | XWorm botnet C2 server (confidence level: 100%) | |
file77.90.22.45 | NjRAT botnet C2 server (confidence level: 100%) | |
file77.90.22.45 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file189.1.244.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.161.238.107 | Remcos botnet C2 server (confidence level: 100%) | |
file194.59.30.156 | Sliver botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file194.32.142.21 | Sliver botnet C2 server (confidence level: 50%) | |
file118.25.85.198 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file201.95.84.40 | Havoc botnet C2 server (confidence level: 50%) | |
file194.180.191.24 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file134.122.155.39 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file190.123.44.73 | MooBot botnet C2 server (confidence level: 100%) | |
file77.111.101.78 | MooBot botnet C2 server (confidence level: 100%) | |
file154.21.200.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.14.255.134 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.177.211 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file93.113.25.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.238.179.114 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash9000 | pupy botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash81 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash50337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8081 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash2376 | Sliver botnet C2 server (confidence level: 100%) | |
hash2376 | Sliver botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7581 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash56004 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash56005 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | NjRAT botnet C2 server (confidence level: 50%) | |
hash9898 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash7707 | XWorm botnet C2 server (confidence level: 100%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15352 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash59950 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash2222 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8081 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash15091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1995 | MooBot botnet C2 server (confidence level: 100%) | |
hash1995 | MooBot botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2052 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainlanhub.dreamhack-leipzig.de | DeimosC2 botnet C2 domain (confidence level: 75%) | |
domainilyasautotech.com.au | Loki Password Stealer (PWS) botnet C2 domain (confidence level: 75%) | |
domaincfffee.sbs | Vidar botnet C2 domain (confidence level: 100%) | |
domainwww.laboursupplychains-za.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainmypajnel.x24hr.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaingate.0xbot.cc | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain64.176.65.49.sslip.io | ShadowPad botnet C2 domain (confidence level: 90%) | |
domain64-176-59-232.ipv4.staticdns3.io | ShadowPad botnet C2 domain (confidence level: 90%) | |
domainvmi2262496.contaboserver.net | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwebdisk.sumup.live | Hook botnet C2 domain (confidence level: 100%) | |
domainnice-raman.154-216-18-93.plesk.page | Hook botnet C2 domain (confidence level: 100%) | |
domainssl.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainreporting.microsoft-onedrive.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainres.microsoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domaincsp.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domaing.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaindevice.login.microsoft-onedrive.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainssl.microsoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainmicrosoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainreporting.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domainzone.ebuilderssource.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincvannieuwburg.nl | DUCKTAIL botnet C2 domain (confidence level: 100%) | |
domainthirttj13vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineleventj11vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivetj5vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincu00054.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1071370.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1071349.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1071196.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina0914338.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainffdgsmsw.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1060905.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainvadgko6t.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainrsakinc8.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainrsakinmu.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1068822.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1068004.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1067494.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1067376.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1063331.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf0885664.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1070985.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domain501799.prohoster.biz | DCRat botnet C2 domain (confidence level: 100%) | |
domainarabna4a.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainzeromaee.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainheneyelijhr.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintraygullibalkerj.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainexchangecumb.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingiverlevekj.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainislandbreadyu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindreamlonggev.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaloofysofar.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainspottercurvei.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainswiftstringjuo.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincutefingeuker.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshockingrefle.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainugliesttabke.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsloppymisskr.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincenseractersj.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindeletteproposez.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpasshudmrue.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainantssneakr.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainregularlavhis.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbluedlsahwi.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindiseasecooky.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintitleviewvv.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlushgammyjs.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlastlossunbag.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainappliacnwatter.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrongyfallyk.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrainywearyrs.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhealbewilk.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhome.thirttj13vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainforjjf4pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.eightj8vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.eleventj11vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.ninetj9vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.tentj10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.tentj10vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainninetj9vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixtj6vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintentj10vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthirttj13ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightj8vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.forjjf4pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.fivetj5vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.ninetj9vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainumso-59950.portmap.host | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainnetgenius.life | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainchmod0777kk.com | MooBot botnet C2 domain (confidence level: 100%) | |
domainecrut.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaintwelve12vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaina1071664.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1071470.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincl04317.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1071602.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1070781.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainbaallsn3.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1071290.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincarveforutune.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpaymommenro.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingrooveoiy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsiffinisherz.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainyokesandusj.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainglowscarrytsv.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincellardesiresso.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainquitaffternav.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainswingybeattyz.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmovespendys.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainleg-sate-boat.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsong-ritzy.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwrench-creter.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlooky-marked.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincopper-replace.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrecord-envyp.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpreside-comforter.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainplastic-mitten.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhallowed-noisy.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainslam-whipp.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsavvy-steereo.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainblade-govern.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstory-tense-faz.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindisobey-curly.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmotion-treesz.sbs | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfivt15vs.top | CryptBot botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://117.209.89.239:39944/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://a1060905.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://337703cm.n9sh.top/basecentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://yokesandusj.sbs/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev/captcha-verify-approvals-system.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://glowscarrytsv.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://cloudewahsj.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://sos-at-vie-1.exo.io/sotbuck/next/step/have-to-pass-this-step.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://sos-ch-gva-2.exo.io/ready/seah/continue/have-to-pass-this-step.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://trk.zoningweb.com/67755e26b1a828e7fb869370 | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttp://generatorauc.pro/676532b046cfbdecfd800dbf?c=acqxewe6xguaa4acaedcfwaoaaaaaaar | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://healbewilk.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rainywearyrs.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrongyfallyk.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://appliacnwatter.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lastlossunbag.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lushgammyjs.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://titleviewvv.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://diseasecooky.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bluedlsahwi.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://regularlavhis.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://antssneakr.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://passhudmrue.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://deletteproposez.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://censeractersj.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sloppymisskr.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ugliesttabke.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://shockingrefle.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cutefingeuker.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://swiftstringjuo.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://spottercurvei.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://aloofysofar.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dreamlonggev.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://islandbreadyu.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://giverlevekj.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://exchangecumb.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://traygullibalkerj.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://heneyelijhr.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://grooveoiy.cyou/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://bfhdkgmmhdbikgj.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://siffinisherz.sbs/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://palmsizehelis.com/updater2.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttps://netgenius.life/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://netgenius.life/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://netgenius.life/work/download.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://185.219.81.132/4f85e0bfc60adccc/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://ganhogosi.xyz/bbbb.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://185.219.81.132/4f85e0bfc60adccc/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://185.219.81.132/4f85e0bfc60adccc/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://178.22.31.134/cb8373ac6348bc41/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://91.103.253.18/1655d0b0e8ecab2d.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://ecrut.com/5r8k.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ecrut.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://81.200.146.58/linewindowstrack.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://77.105.164.106/263ff79562167f22/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://175.107.1.154:44402/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://154.21.200.151:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://motion-treesz.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://disobey-curly.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://story-tense-faz.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://blade-govern.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://savvy-steereo.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://slam-whipp.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hallowed-noisy.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://plastic-mitten.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://preside-comforter.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://record-envyp.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://copper-replace.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://looky-marked.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wrench-creter.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://song-ritzy.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://leg-sate-boat.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://movespendys.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://quitaffternav.sbs/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://paymommenro.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://carveforutune.click/api | Lumma Stealer botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc2e8347ec82d2e0fdd
Added to database: 5/20/2025, 1:04:02 PM
Last enriched: 6/19/2025, 3:46:56 PM
Last updated: 7/25/2025, 9:18:10 PM
Views: 10
Related Threats
ThreatFox IOCs for 2025-08-10
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-09
MediumMalwareSun Aug 10 2025
Embargo Ransomware nets $34.2M in crypto since April 2024
MediumMalwareSat Aug 09 2025
ThreatFox IOCs for 2025-08-08
MediumMalwareSat Aug 09 2025
Efimer Trojan delivered via email and hacked WordPress websites
MediumMalwareFri Aug 08 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.