ThreatFox IOCs for 2025-01-12
Severity: mediumType: malware
ThreatFox IOCs for 2025-01-12
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-01-12." This threat entry appears to be a collection or update of Indicators of Compromise (IOCs) sourced from ThreatFox, a platform known for sharing threat intelligence data, particularly related to malware and cyber threats. The threat is categorized under 'malware' and tagged as 'type:osint,' indicating that the data is primarily open-source intelligence rather than a specific exploit or vulnerability targeting a particular software product. No specific affected versions or products are listed, suggesting that this is a general intelligence update rather than a targeted vulnerability disclosure. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and dissemination. There are no known exploits in the wild associated with this threat at the time of publication (January 12, 2025). The absence of Common Weakness Enumerations (CWEs) and patch links further supports that this is an intelligence report rather than a vulnerability advisory. The lack of indicators in the provided data limits the ability to identify specific malware families, attack vectors, or tactics, techniques, and procedures (TTPs). Overall, this entry serves as a situational awareness update for cybersecurity professionals to monitor potential emerging threats based on shared IOCs, but it does not describe an active or confirmed exploit or malware campaign.
Potential Impact
Given the nature of this threat as an OSINT-based IOC update without specific affected products or confirmed exploits, the direct impact on European organizations is currently limited. However, the dissemination of such intelligence can be critical for early detection and prevention of malware infections. European organizations that rely heavily on threat intelligence feeds and proactive security monitoring may benefit from integrating these IOCs into their detection systems to identify potential malicious activity early. The medium severity rating suggests a moderate risk, possibly due to the potential for these IOCs to be linked to emerging malware campaigns in the future. If these IOCs correspond to malware targeting critical infrastructure, financial institutions, or government entities, the impact could escalate. However, without concrete exploit data or affected systems, the immediate risk to confidentiality, integrity, and availability remains low to medium. Organizations should remain vigilant but not expect widespread disruption solely based on this report.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds and correlate these IOCs with internal logs to identify any early signs of compromise. 3. Conduct targeted threat hunting exercises focusing on behaviors associated with malware infections, even if specific malware families are not identified. 4. Maintain robust network segmentation and least privilege access controls to limit potential lateral movement if malware is detected. 5. Educate security teams on interpreting OSINT-based IOC updates and incorporating them into incident response workflows. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share findings and receive updated intelligence. 7. Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, strong authentication mechanisms, and continuous monitoring rather than product-specific mitigations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 87.120.125.55
- hash: 8001
- file: 15.236.186.87
- hash: 771
- file: 3.35.176.45
- hash: 1023
- domain: leechon.hackcrack.io
- url: https://beliefbidu.cyou/api
- url: https://shitwavvez.cyou/api
- url: https://goldyhanders.cyou/api
- url: https://grandfathezz.cyou/api
- url: https://jubbenjusk.biz/api
- url: https://sailstrangej.cyou/api
- file: 156.238.227.41
- hash: 80
- file: 45.221.99.49
- hash: 443
- file: 179.15.136.6
- hash: 2404
- file: 207.32.218.117
- hash: 2404
- file: 35.180.197.75
- hash: 8080
- file: 163.5.112.189
- hash: 8808
- file: 178.215.224.100
- hash: 8808
- file: 141.95.114.228
- hash: 8808
- file: 154.216.19.54
- hash: 8808
- domain: www.g.mllcrosoft.com
- file: 2.59.162.144
- hash: 2000
- file: 52.87.248.40
- hash: 80
- file: 185.239.48.114
- hash: 27700
- url: http://480344cm.renyash.ru/linesecureupdateprocessdefaulttestpublicuploadstemporary.php
- url: http://886972cm.renyash.ru/externalimage.php
- file: 35.157.111.131
- hash: 19931
- file: 3.68.56.232
- hash: 19931
- file: 3.126.224.214
- hash: 19931
- url: http://a1070463.xsph.ru/l1nc0in.php
- url: http://takiqskiqg.temp.swtest.ru/93909afe.php
- file: 117.50.47.141
- hash: 801
- url: http://62.60.226.62/auth/login
- file: 178.215.236.227
- hash: 4411
- file: 88.243.168.51
- hash: 2003
- file: 102.117.168.17
- hash: 7443
- file: 179.95.199.110
- hash: 9990
- file: 193.149.129.155
- hash: 80
- domain: zcbcpapp.com
- domain: ecs-121-36-222-101.compute.hwclouds-dns.com
- file: 207.231.111.82
- hash: 3002
- file: 77.73.68.51
- hash: 443
- file: 77.73.68.51
- hash: 5000
- file: 194.146.39.98
- hash: 80
- file: 8.135.237.16
- hash: 60000
- file: 113.44.160.73
- hash: 60000
- file: 64.23.248.138
- hash: 3333
- file: 185.119.90.224
- hash: 8443
- file: 146.19.212.19
- hash: 50103
- file: 194.163.145.210
- hash: 3333
- file: 159.65.46.86
- hash: 3333
- file: 62.234.79.98
- hash: 3333
- file: 39.99.38.45
- hash: 8181
- file: 44.233.242.141
- hash: 80
- file: 44.233.242.141
- hash: 443
- domain: corepatchcraft.com
- url: http://172.36.0.102:53937/mozi.m
- file: 43.128.141.78
- hash: 8888
- file: 107.148.149.107
- hash: 2015
- file: 192.238.132.117
- hash: 4433
- file: 128.90.113.97
- hash: 9001
- file: 178.73.192.19
- hash: 9002
- file: 109.91.159.213
- hash: 31337
- file: 213.238.180.13
- hash: 1604
- file: 87.120.125.55
- hash: 8087
- file: 178.255.222.6
- hash: 80
- file: 123.60.184.253
- hash: 8080
- file: 189.1.216.88
- hash: 80
- file: 47.76.173.111
- hash: 80
- file: 185.49.69.101
- hash: 80
- file: 112.74.184.37
- hash: 58203
- file: 79.110.49.232
- hash: 2404
- file: 31.58.169.105
- hash: 8808
- file: 88.243.168.51
- hash: 1000
- file: 172.232.170.66
- hash: 7707
- file: 193.26.115.190
- hash: 443
- domain: vscodeapp.com
- file: 171.232.56.200
- hash: 5001
- file: 18.175.181.75
- hash: 13610
- url: http://91.211.249.46/3vmapi/8/poll2generatorpython/imagepiperequestsecureprocesswppublic.php
- file: 104.248.123.182
- hash: 443
- file: 2.88.114.116
- hash: 995
- file: 185.222.58.254
- hash: 55615
- file: 27.124.21.211
- hash: 4433
- file: 64.190.113.229
- hash: 443
- domain: awake-weaves.cyou
- domain: cycahao.shop
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- url: https://pastebin.com/raw/2cczjeh5
- domain: 24.ip.gl.ply.gg
- domain: 25.ip.gl.ply.gg
- domain: awiero-42728.portmap.host
- domain: plan-view.gl.at.ply.gg
- domain: sale-er.gl.at.ply.gg
- domain: studio-teaching.gl.at.ply.gg
- domain: shall-respectively.gl.at.ply.gg
- domain: alemania2020.duckdns.org
- domain: apleegodfivem.ddns.net
- domain: mbaper-28496.portmap.host
- domain: augustinevegas-31173.portmap.host
- file: 185.215.113.48
- hash: 40555
- domain: mbaper-28496.portmap.host
- domain: studies-gotta.gl.at.ply.gg
- domain: drlas.duckdns.org
- domain: mbaper-28496.portmap.host
- domain: studies-gotta.gl.at.ply.gg
- domain: testedark.writesthisblog.com
- url: https://drive.google.com/uc?export=download&id=1q1hljnxz_p_tyycznv-k_vqi6eknq_bc
- url: https://persianlanguageonline.com/karin_qlzwvjicte239.bin
- domain: awake-weaves.cyou
- domain: brendon-sharjen.biz
- domain: covery-mover.biz
- domain: dare-curbys.biz
- domain: dwell-exclaim.biz
- domain: formy-spill.biz
- domain: impend-differ.biz
- domain: ingreem-eilish.biz
- domain: print-vexer.biz
- domain: se-blurry.biz
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- domain: zinc-sneark.biz
- url: https://t.me/anbsh26
- url: https://t.me/anbshaa
- url: https://t.me/anbshbb
- domain: gallery-deadly.gl.at.ply.gg
- domain: nooneno.ddns.net
- domain: sat-triumph.gl.at.ply.gg
- domain: anthonyngati.ddns.net
- domain: augustinevegas-31173.portmap.host
- domain: ef3243fsert34.ddns.net
- domain: hiimbob.ddnsking.com
- domain: jordiek1d.ddns.net
- domain: nukedrust-59850.portmap.host
- url: http://teletop.top/viopmanxpro
- url: https://t.me/viopmanxpro
- url: http://28954cm.darkproducts.ru/l1nc0in.php
- domain: decmainserver.webredirect.org
- domain: juanosorio.loseyourip.com
- domain: rras.duckdns.org
- domain: around-surprise.gl.at.ply.gg
- domain: awiero-42728.portmap.host
- domain: button-utah.gl.at.ply.gg
- domain: female-hills.gl.at.ply.gg
- domain: plan-view.gl.at.ply.gg
- domain: sale-er.gl.at.ply.gg
- domain: speed-janet.gl.at.ply.gg
- domain: studio-teaching.gl.at.ply.gg
- url: https://pastebin.com/raw/gjdyupbz
- domain: shall-respectively.gl.at.ply.gg
- domain: sleepyyasian-37412.portmap.host
- domain: 066661a23.buzz
- domain: 11-14-6b333331.shop
- domain: 1101dypxb.autos
- domain: 1156.net
- domain: 1244.pizza
- domain: 200mzeus.store
- domain: 3233.pizza
- domain: 3ff.lat
- domain: 3s0jm.xyz
- domain: 410.lat
- domain: 4cw.lat
- domain: 6485.loan
- domain: 7849.plus
- domain: 7ihyh.shop
- domain: 88977.club
- domain: 8betpragmatic.store
- domain: aahoma-inter5.rest
- domain: aatara1.info
- domain: abviehar.biz
- domain: acrebleu.xyz
- domain: agaviet59.shop
- domain: agdabvbux.net
- domain: agiclime.pro
- domain: aisui.icu
- domain: alacticinvesting.world
- domain: ammamiaitalia.net
- domain: amsexgirls.website
- domain: anostrastoria.net
- domain: arehouse-inventory-23414.bond
- domain: arehouse-inventory-39846.bond
- domain: arehouse-inventory-94254.bond
- domain: ashesbylainez.net
- domain: ashimono.studio
- domain: asteri-grandavenue.info
- domain: ataract-surgery-54329.bond
- domain: bsidiansurvival.shop
- domain: bthbt.info
- domain: ceqne.vip
- domain: coplus.market
- domain: ctinoco.xyz
- domain: ealprize.casino
- domain: earch-solar-installer-top.today
- domain: earehspremierbody.net
- domain: eat-pumps-31610.bond
- domain: echviz.xyz
- domain: ele88.buzz
- domain: endown.graphics
- domain: enewebsolutions.online
- domain: ental-implants-25513.bond
- domain: ental-implants-67768.bond
- domain: ershwin.xyz
- domain: erzog.fun
- domain: estionprojetsccpm.online
- domain: estoremylawn.info
- domain: etail360solution.xyz
- domain: etworkconnect.xyz
- domain: g6fqz07uyhlgwxf.shop
- domain: grsm.net
- domain: harepoint.legal
- domain: healchemists.xyz
- domain: heempireofi.net
- domain: hetopgraded.shop
- domain: hingsilike.xyz
- domain: hopsphereviral.store
- domain: iautomation.online
- domain: icovideo.zone
- domain: idzev.shop
- domain: iefuwqi.shop
- domain: ijibato.net
- domain: ikings-valhala-lordfilm.store
- domain: illamarinarv.net
- domain: inhngoc.webcam
- domain: inomiya-furemachi.net
- domain: inyurlapp.sbs
- domain: irrorbd.online
- domain: irvasenitpalvelut.online
- domain: isa-sponsored-jobs-8726311.live
- domain: itadelohrana.store
- domain: itchen-remodeling-41686.bond
- domain: jfghnxnvdfgh.icu
- domain: laimdeep.cyou
- domain: laimdeep.fyi
- domain: lax.xyz
- domain: lazeworld.shop
- domain: lbdoanhnhan.net
- domain: lkpiou.xyz
- domain: lown.bond
- domain: lsuits.shop
- domain: lueticks.shop
- domain: lwaset.net
- domain: m1744.xyz
- domain: m235a.net
- domain: my66.fun
- domain: nalyzator.fun
- domain: nderwater-corporation.net
- domain: nfluencer-marketing-21638.bond
- domain: nfluencer-marketing-41832.bond
- domain: nfoyl.xyz
- domain: ng501.website
- domain: nityyoga.life
- domain: nline-advertising-19201.bond
- domain: nline-gaming-56806.bond
- domain: ntentwicket.asia
- domain: nytymeoccassions.store
- domain: octor-who-lordfilm.store
- domain: ocubox.xyz
- domain: oftware-download-37623.bond
- domain: oftware-engineering-27699.bond
- domain: oig.xyz
- domain: okoresmi.life
- domain: oksa.life
- domain: olvy.stream
- domain: om-exchange-nft370213.sbs
- domain: ome-remodeling-83980.bond
- domain: omestur.online
- domain: omptables.xyz
- domain: ondpc.pro
- domain: onghu888.xyz
- domain: onitoring-devices-18459.bond
- domain: onitoring-devices-97381.bond
- domain: ontenbully.shop
- domain: oofcarpenternearme-jp.xyz
- domain: oofighters.xyz
- domain: oofing-jobs-29700.bond
- domain: oofing-jobs-74429.bond
- domain: oppe.fun
- domain: oratrading.best
- domain: orevitals.store
- domain: orklift-jobs-76114.bond
- domain: orldsbestshoppingmall.online
- domain: ots.store
- domain: ovapioli.tech
- domain: ovevibes.xyz
- domain: owardstheturf.online
- domain: p82520.icu
- domain: pahn.xyz
- domain: pps-27859.bond
- domain: psoftware.xyz
- domain: pwtpv.info
- domain: q33.lat
- domain: qweemaildwqfewew.live
- domain: randplatform.xyz
- domain: rchaea.pro
- domain: rconsultant.xyz
- domain: reativesos.studio
- domain: reedomcycleparts.shop
- domain: rh799295w.vip
- domain: rhx.lat
- domain: rimehealthlabs.online
- domain: ronusdt.one
- domain: roublevictimize.asia
- domain: rrm.lat
- domain: ruck-driver-jobs-58337.bond
- domain: ruck-driver-jobs-86708.bond
- domain: ruck-driver-training-44635.bond
- domain: rumpchiefofstaff.store
- domain: rwebsolution.tech
- domain: sbank.homes
- domain: sbx.tech
- domain: sphalt-jobs-98701.bond
- domain: ssiilbio.shop
- domain: strange.store
- domain: styvd.xyz
- domain: su41k7v.xyz
- domain: svc.lat
- domain: sychology-degree-92767.bond
- domain: tarhub.website
- domain: tartupapps.cloud
- domain: tel.xyz
- domain: tg88biz.icu
- domain: tiwebu.info
- domain: tudentcare.xyz
- domain: tyleyourvibe.shop
- domain: u-thiensu.online
- domain: ujas.cloud
- domain: ukusindo4dpools.net
- domain: umpstartsplus.website
- domain: undialluzecasa.online
- domain: untech.tech
- domain: usiness-printer-69123.bond
- domain: ut-mastera-remstir.online
- domain: utecak.shop
- domain: utomation-tools-86423.bond
- domain: utsidetheguardrails.net
- domain: vintoken.xyz
- domain: vorachem.xyz
- domain: winomore.net
- domain: xocivo.info
- domain: yblinds.xyz
- domain: yeverydayessentials.store
- domain: yhbvc.xyz
- domain: yltcoventures.net
- url: http://www.066661a23.buzz/a02d/
- url: http://www.11-14-6b333331.shop/x07y/
- url: http://www.1101dypxb.autos/pp11/
- url: http://www.1156.net/pp11/
- url: http://www.1244.pizza/pp11/
- url: http://www.200mzeus.store/x07y/
- url: http://www.3233.pizza/x07y/
- url: http://www.3ff.lat/x07y/
- url: http://www.3s0jm.xyz/x07y/
- url: http://www.410.lat/x07y/
- url: http://www.4cw.lat/a02d/
- url: http://www.6485.loan/pp11/
- url: http://www.7849.plus/pp11/
- url: http://www.7ihyh.shop/pp11/
- url: http://www.8435.pizza/a02d/
- url: http://www.88977.club/a02d/
- url: http://www.8betpragmatic.store/a02d/
- url: http://www.aahoma-inter5.rest/x07y/
- url: http://www.aatara1.info/x07y/
- url: http://www.abviehar.biz/pp11/
- url: http://www.acrebleu.xyz/x07y/
- url: http://www.agaviet59.shop/a02d/
- url: http://www.agdabvbux.net/pp11/
- url: http://www.agiclime.pro/a02d/
- url: http://www.aisui.icu/pp11/
- url: http://www.alacticinvesting.world/pp11/
- url: http://www.ammamiaitalia.net/a02d/
- url: http://www.amsexgirls.website/a02d/
- url: http://www.anostrastoria.net/x07y/
- url: http://www.arehouse-inventory-23414.bond/x07y/
- url: http://www.arehouse-inventory-39846.bond/pp11/
- url: http://www.arehouse-inventory-94254.bond/pp11/
- url: http://www.ashesbylainez.net/x07y/
- url: http://www.ashimono.studio/pp11/
- url: http://www.asteri-grandavenue.info/pp11/
- url: http://www.ataract-surgery-54329.bond/x07y/
- url: http://www.bsidiansurvival.shop/a02d/
- url: http://www.bthbt.info/x07y/
- url: http://www.ceqne.vip/a02d/
- url: http://www.coplus.market/a02d/
- url: http://www.ctinoco.xyz/x07y/
- url: http://www.ealprize.casino/pp11/
- url: http://www.earch-solar-installer-top.today/a02d/
- url: http://www.earehspremierbody.net/x07y/
- url: http://www.eat-pumps-31610.bond/a02d/
- url: http://www.echviz.xyz/x07y/
- url: http://www.ele88.buzz/x07y/
- url: http://www.endown.graphics/a02d/
- url: http://www.enewebsolutions.online/a02d/
- url: http://www.ental-implants-25513.bond/x07y/
- url: http://www.ental-implants-67768.bond/x07y/
- url: http://www.ershwin.xyz/pp11/
- url: http://www.erzog.fun/a02d/
- url: http://www.estionprojetsccpm.online/a02d/
- url: http://www.estoremylawn.info/pp11/
- url: http://www.etail360solution.xyz/pp11/
- url: http://www.ethelcollege.live/pp11/
- url: http://www.etworkconnect.xyz/pp11/
- url: http://www.g6fqz07uyhlgwxf.shop/x07y/
- url: http://www.grsm.net/pp11/
- url: http://www.harepoint.legal/a02d/
- url: http://www.healchemists.xyz/a02d/
- url: http://www.heempireofi.net/pp11/
- url: http://www.hetopgraded.shop/x07y/
- url: http://www.hingsilike.xyz/pp11/
- url: http://www.hopsphereviral.store/x07y/
- url: http://www.iautomation.online/x07y/
- url: http://www.icovideo.zone/pp11/
- url: http://www.idzev.shop/a02d/
- url: http://www.iefuwqi.shop/pp11/
- url: http://www.ijibato.net/pp11/
- url: http://www.ikings-valhala-lordfilm.store/x07y/
- url: http://www.illamarinarv.net/pp11/
- url: http://www.inhngoc.webcam/a02d/
- url: http://www.inomiya-furemachi.net/x07y/
- url: http://www.inyurlapp.sbs/pp11/
- url: http://www.irrorbd.online/a02d/
- url: http://www.irvasenitpalvelut.online/a02d/
- url: http://www.isa-sponsored-jobs-8726311.live/x07y/
- url: http://www.itadelohrana.store/x07y/
- url: http://www.itchen-remodeling-41686.bond/a02d/
- url: http://www.jfghnxnvdfgh.icu/a02d/
- url: http://www.katewarehousel.shop/x07y/
- url: http://www.laimdeep.cyou/pp11/
- url: http://www.laimdeep.fyi/x07y/
- url: http://www.lax.xyz/x07y/
- url: http://www.lazeworld.shop/pp11/
- url: http://www.lbdoanhnhan.net/a02d/
- url: http://www.lkpiou.xyz/x07y/
- url: http://www.lown.bond/a02d/
- url: http://www.lsuits.shop/x07y/
- url: http://www.lueticks.shop/a02d/
- url: http://www.lwaset.net/x07y/
- url: http://www.m1744.xyz/pp11/
- url: http://www.m235a.net/a02d/
- url: http://www.my66.fun/x07y/
- url: http://www.nalyzator.fun/a02d/
- url: http://www.nderwater-corporation.net/pp11/
- url: http://www.nfluencer-marketing-21638.bond/pp11/
- url: http://www.nfluencer-marketing-41832.bond/a02d/
- url: http://www.nfoyl.xyz/a02d/
- url: http://www.ng501.website/x07y/
- url: http://www.nityyoga.life/x07y/
- url: http://www.nline-advertising-19201.bond/pp11/
- url: http://www.nline-gaming-56806.bond/x07y/
- url: http://www.ntentwicket.asia/x07y/
- url: http://www.nytymeoccassions.store/a02d/
- url: http://www.octor-who-lordfilm.store/x07y/
- url: http://www.ocubox.xyz/a02d/
- url: http://www.oftware-download-37623.bond/a02d/
- url: http://www.oftware-engineering-27699.bond/a02d/
- url: http://www.oig.xyz/pp11/
- url: http://www.okoresmi.life/x07y/
- url: http://www.oksa.life/x07y/
- url: http://www.olvy.stream/pp11/
- url: http://www.om-exchange-nft370213.sbs/a02d/
- url: http://www.ome-remodeling-83980.bond/pp11/
- url: http://www.omestur.online/a02d/
- url: http://www.omptables.xyz/a02d/
- url: http://www.ondpc.pro/pp11/
- url: http://www.onghu888.xyz/pp11/
- url: http://www.onitoring-devices-18459.bond/x07y/
- url: http://www.onitoring-devices-97381.bond/x07y/
- url: http://www.ontenbully.shop/a02d/
- url: http://www.oofcarpenternearme-jp.xyz/a02d/
- url: http://www.oofighters.xyz/a02d/
- url: http://www.oofing-jobs-29700.bond/a02d/
- url: http://www.oofing-jobs-74429.bond/a02d/
- url: http://www.oppe.fun/pp11/
- url: http://www.oratrading.best/a02d/
- url: http://www.orevitals.store/x07y/
- url: http://www.orklift-jobs-76114.bond/a02d/
- url: http://www.orldsbestshoppingmall.online/pp11/
- url: http://www.ots.store/x07y/
- url: http://www.ovapioli.tech/pp11/
- url: http://www.ovevibes.xyz/a02d/
- url: http://www.owardstheturf.online/pp11/
- url: http://www.p82520.icu/x07y/
- url: http://www.pahn.xyz/pp11/
- url: http://www.pps-27859.bond/pp11/
- url: http://www.psoftware.xyz/x07y/
- url: http://www.pwtpv.info/pp11/
- url: http://www.q33.lat/a02d/
- url: http://www.qweemaildwqfewew.live/a02d/
- url: http://www.randplatform.xyz/x07y/
- url: http://www.rchaea.pro/pp11/
- url: http://www.rconsultant.xyz/x07y/
- url: http://www.reativesos.studio/a02d/
- url: http://www.reedomcycleparts.shop/x07y/
- url: http://www.rh799295w.vip/a02d/
- url: http://www.rhx.lat/pp11/
- url: http://www.rimehealthlabs.online/pp11/
- url: http://www.ronusdt.one/pp11/
- url: http://www.roublevictimize.asia/x07y/
- url: http://www.rrm.lat/a02d/
- url: http://www.ruck-driver-jobs-58337.bond/a02d/
- url: http://www.ruck-driver-jobs-86708.bond/a02d/
- url: http://www.ruck-driver-training-44635.bond/x07y/
- url: http://www.rumpchiefofstaff.store/a02d/
- url: http://www.rwebsolution.tech/pp11/
- url: http://www.sbank.homes/pp11/
- url: http://www.sbx.tech/x07y/
- url: http://www.sphalt-jobs-98701.bond/x07y/
- url: http://www.ssiilbio.shop/pp11/
- url: http://www.strange.store/a02d/
- url: http://www.styvd.xyz/pp11/
- url: http://www.su41k7v.xyz/x07y/
- url: http://www.svc.lat/x07y/
- url: http://www.sychology-degree-92767.bond/a02d/
- url: http://www.tarhub.website/x07y/
- url: http://www.tartupapps.cloud/pp11/
- url: http://www.tel.xyz/pp11/
- url: http://www.tg88biz.icu/pp11/
- url: http://www.tiwebu.info/a02d/
- url: http://www.tudentcare.xyz/pp11/
- url: http://www.tyleyourvibe.shop/a02d/
- url: http://www.u-thiensu.online/a02d/
- url: http://www.ujas.cloud/pp11/
- url: http://www.ukusindo4dpools.net/a02d/
- url: http://www.umpstartsplus.website/pp11/
- url: http://www.undialluzecasa.online/pp11/
- url: http://www.untech.tech/x07y/
- url: http://www.usiness-printer-69123.bond/pp11/
- url: http://www.ut-mastera-remstir.online/x07y/
- url: http://www.utecak.shop/x07y/
- url: http://www.utomation-tools-86423.bond/x07y/
- url: http://www.utsidetheguardrails.net/x07y/
- url: http://www.vintoken.xyz/pp11/
- url: http://www.vorachem.xyz/a02d/
- url: http://www.winomore.net/pp11/
- url: http://www.xocivo.info/x07y/
- url: http://www.yblinds.xyz/a02d/
- url: http://www.yeverydayessentials.store/x07y/
- url: http://www.yhbvc.xyz/a02d/
- url: http://www.yltcoventures.net/pp11/
- url: http://www.11-14-6b333331.shop/x07y/
- url: http://www.aahoma-inter5.rest/x07y/
- url: http://www.arehouse-inventory-23414.bond/x07y/
- url: http://www.arehouse-inventory-39846.bond/pp11/
- url: http://www.arehouse-inventory-94254.bond/pp11/
- url: http://www.asteri-grandavenue.info/pp11/
- url: http://www.ataract-surgery-54329.bond/x07y/
- url: http://www.earch-solar-installer-top.today/a02d/
- url: http://www.eat-pumps-31610.bond/a02d/
- url: http://www.ental-implants-25513.bond/x07y/
- url: http://www.ental-implants-67768.bond/x07y/
- url: http://www.ikings-valhala-lordfilm.store/x07y/
- url: http://www.inomiya-furemachi.net/x07y/
- url: http://www.isa-sponsored-jobs-8726311.live/x07y/
- url: http://www.itchen-remodeling-41686.bond/a02d/
- url: http://www.nderwater-corporation.net/pp11/
- url: http://www.nfluencer-marketing-21638.bond/pp11/
- url: http://www.nfluencer-marketing-41832.bond/a02d/
- url: http://www.nline-advertising-19201.bond/pp11/
- url: http://www.nline-gaming-56806.bond/x07y/
- url: http://www.octor-who-lordfilm.store/x07y/
- url: http://www.oftware-download-37623.bond/a02d/
- url: http://www.oftware-engineering-27699.bond/a02d/
- url: http://www.om-exchange-nft370213.sbs/a02d/
- url: http://www.ome-remodeling-83980.bond/pp11/
- url: http://www.onitoring-devices-18459.bond/x07y/
- url: http://www.onitoring-devices-97381.bond/x07y/
- url: http://www.oofcarpenternearme-jp.xyz/a02d/
- url: http://www.oofing-jobs-29700.bond/a02d/
- url: http://www.oofing-jobs-74429.bond/a02d/
- url: http://www.orklift-jobs-76114.bond/a02d/
- url: http://www.pps-27859.bond/pp11/
- url: http://www.ruck-driver-jobs-58337.bond/a02d/
- url: http://www.ruck-driver-jobs-86708.bond/a02d/
- url: http://www.ruck-driver-training-44635.bond/x07y/
- url: http://www.sphalt-jobs-98701.bond/x07y/
- url: http://www.sychology-degree-92767.bond/a02d/
- url: http://www.u-thiensu.online/a02d/
- url: http://www.usiness-printer-69123.bond/pp11/
- url: http://www.ut-mastera-remstir.online/x07y/
- url: http://www.utomation-tools-86423.bond/x07y/
- url: http://artemcw8.beget.tech/l1nc0in.php
- file: 27.124.6.137
- hash: 13651
- file: 39.100.75.168
- hash: 8080
- file: 45.200.148.89
- hash: 2404
- file: 45.149.241.239
- hash: 3002
- file: 23.94.126.198
- hash: 8808
- file: 51.89.190.24
- hash: 8808
- file: 87.120.116.169
- hash: 6606
- file: 69.48.204.229
- hash: 7707
- file: 23.254.226.214
- hash: 8808
- file: 51.79.171.171
- hash: 6606
- file: 51.79.171.171
- hash: 7707
- file: 192.3.238.130
- hash: 6606
- file: 192.3.238.130
- hash: 7707
- file: 103.123.4.233
- hash: 27697
- domain: img6.microsoft.upgrade1.zip
- file: 171.232.56.200
- hash: 6000
- file: 43.206.116.52
- hash: 44818
- file: 66.29.149.197
- hash: 1337
- domain: drrugs.xyz
- file: 87.120.115.8
- hash: 7777
- file: 106.14.145.1
- hash: 80
- file: 3.76.191.166
- hash: 80
- file: 103.51.145.111
- hash: 31337
- file: 203.171.25.133
- hash: 31337
- url: http://ca54823.tw1.ru/ac378ba3.php
- url: https://feerdaiks.biz/api
- url: https://unbecoming.shop/api
- url: https://91.103.252.143/522d6f9280951d7f.php
- url: https://45.9.74.182/b7djsdcpcz/index.php
- url: https://77.83.175.91/18e58bd9b3a5293b/vcruntime140.dll
- url: http://147.45.44.190/dace046278f1f1ba/mozglue.dll
- url: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
- url: http://5.181.2.121/e435f67f5361413d/vcruntime140.dll
- url: http://5.181.2.121/e435f67f5361413d/mozglue.dll
- url: http://5.188.86.231/20bec3f306af6847/mozglue.dll
- url: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
- url: http://5.181.2.121/e435f67f5361413d/sqlite3.dll
- url: http://95.215.204.182/dcace648038981df/mozglue.dll
- domain: awake-weaves.cyou
- domain: sordid-snaked.cyou
- domain: wrathful-jammy.cyou
- domain: awiero-42728.portmap.hosh
- domain: plan-view.gl.at.ply.gg
- domain: right-cleared.gl.at.ply.gg
- domain: sale-er.gl.at.ply.gg
- domain: storage-plugin.gl.at.ply.gg
- domain: studio-teaching.gl.at.ply.gg
- domain: shall-respectively.gl.at.ply.gg
- file: 88.243.168.51
- hash: 2004
- domain: nftgamewatch.info
- file: 209.94.56.39
- hash: 8000
- url: https://staticmaxepress.com/updater2.php
- url: http://diebinjmajbkhhg.top/u5jva0hyf2htr.php
- url: http://jjdgdeffjimfgne.top/752j36n9lxhtr.php
- domain: looklook13.fucklgf.sbs
- hash: d14ec0d9f4c265174c54d0f949e006ea
- hash: 74000c8b8ecf16e84575e79f7ba006f0
- hash: 61d7585b5702d195bc35e0be2f75915c
- hash: 2456fdd65bc48203815f22e444d78fb0
- hash: 54e383ca658ebd3caaf586f032f1c401
- hash: 039f85a7670428430274476cbe733db4
- hash: c8dd54784fb1b6cbd16cec060487fb8f
- hash: ca8ff8fb255a47d4be94af4ee3327c07
- hash: f7a3a35cde86dc89bc76dbb59d5ce6de
- file: 150.138.72.39
- hash: 3307
- url: http://kosta65f.beget.tech/ec5d8107.php
- url: http://80.66.81.173/1/9dbwindowswindows/2/windows21cdn/basedb9/processorgeopollprocess/phppoll7temporary/providerpollhttpprocessflowerasyncdle.php
- file: 123.57.30.209
- hash: 4444
- file: 212.32.249.39
- hash: 8443
- file: 103.229.81.203
- hash: 8808
- file: 172.178.66.209
- hash: 80
- file: 154.12.253.45
- hash: 8808
- file: 88.243.168.51
- hash: 888
- file: 201.27.180.102
- hash: 8081
- file: 13.229.49.238
- hash: 443
- domain: 146.68.10.185.ro.ovo.sc
- file: 16.171.234.49
- hash: 2077
- url: http://ezrar.atwebpages.com/9c05f0b9.php
- domain: tenb10ht.top
- domain: thretenb13pt.top
- domain: elevenb11pt.top
- domain: fiveb5ht.top
- domain: cl41253.tw1.ru
- domain: f1071409.xsph.ru
- domain: lolkeky8.beget.tech
- domain: ck25000.tw1.ru
- domain: a1073086.xsph.ru
- domain: a1073080.xsph.ru
- domain: s1mpld00.beget.tech
- domain: web4200.craft-host.ru
- domain: knotgloosi.shop
- domain: didacticwllo.shop
- domain: abandonbubbke.shop
- domain: getflashygai.shop
- domain: kitealivejz.shop
- domain: cabbagebettys.shop
- domain: joinmilkeu.shop
- domain: unbecoming.shop
- domain: cravebzestysu.shop
- domain: chasedamagee.click
- domain: receivefishe.click
- domain: peacebrothez.click
- domain: noiselessreis.click
- domain: bustlingwakef.click
- domain: degreehourz.click
- domain: washytortt.click
- domain: bringybooky.click
- domain: adjoininstiff.click
- domain: goldyhanders.cyou
- domain: tackyguarrd.cyou
- domain: rhetoricakue.cyou
- domain: sailstrangej.cyou
- domain: grandfathezz.cyou
- domain: beliefbidu.cyou
- domain: shitwavvez.cyou
- domain: magnifudizy.cyou
- domain: deprivedsna.cyou
- domain: seatobeyue.cyou
- domain: changeablemagent.cyou
- domain: feerdaiks.biz
- domain: jubbenjusk.biz
- domain: finickypwk.lat
- domain: savorraiykj.lat
- domain: miniatureyu.lat
- domain: bloodyswif.lat
- domain: shoefeatthe.lat
- domain: leggelatez.lat
- domain: washyceehsu.lat
- domain: kickykiduz.lat
- domain: plodnittpw.lat
- url: https://plodnittpw.lat/api
- url: https://kickykiduz.lat/api
- url: https://washyceehsu.lat/api
- url: https://leggelatez.lat/api
- url: https://shoefeatthe.lat/api
- url: https://bloodyswif.lat/api
- url: https://miniatureyu.lat/api
- url: https://savorraiykj.lat/api
- url: https://finickypwk.lat/api
- url: https://changeablemagent.cyou/api
- url: https://deprivedsna.cyou/api
- url: https://seatobeyue.cyou/api
- url: https://magnifudizy.cyou/api
- url: https://tackyguarrd.cyou/api
- url: https://adjoininstiff.click/api
- url: https://bringybooky.click/api
- url: https://washytortt.click/api
- url: https://degreehourz.click/api
- url: https://bustlingwakef.click/api
- url: https://noiselessreis.click/api
- url: https://peacebrothez.click/api
- url: https://receivefishe.click/api
- url: https://chasedamagee.click/api
- url: https://cravebzestysu.shop/api
- url: https://joinmilkeu.shop/api
- url: https://cabbagebettys.shop/api
- url: https://kitealivejz.shop/api
- url: https://getflashygai.shop/api
- url: https://abandonbubbke.shop/api
- url: https://didacticwllo.shop/api
- url: https://knotgloosi.shop/api
- file: 13.244.98.71
- hash: 513
- file: 140.99.97.165
- hash: 1177
- file: 54.193.51.242
- hash: 19
- domain: misha-lomonosov.com
- url: https://misha-lomonosov.com/api
- domain: elevenb11ht.top
- domain: eleveni11sr.top
- domain: home.elevenb11ht.top
- domain: threteni13sr.top
- domain: twelvb12ht.top
- domain: twelvei12sr.top
- domain: twentenb20ht.top
- domain: fortenb14ht.top
- domain: home.eleveni11sr.top
- domain: teni10sr.top
- domain: thretenb13ht.top
- domain: twentenb20pt.top
- domain: home.tenb10ht.top
- domain: home.thretenb13pt.top
- domain: home.elevenb11pt.top
- domain: home.fiveb5ht.top
- domain: eiti8sr.top
- domain: home.sixb6pt.top
- domain: neinb8ht.top
- domain: neinib9ht.top
- domain: oneb1ht.top
- domain: sixb6ht.top
- domain: sixb6pt.top
- domain: sixi6sr.top
- domain: eitb8pt.top
- domain: home.neinb8ht.top
- domain: home.neini9sr.top
- domain: home.onei1sr.top
- domain: neini9sr.top
- domain: onei1sr.top
- file: 46.246.131.71
- hash: 995
- domain: reset-github.com
- file: 154.216.16.41
- hash: 7000
- domain: adilfgilitter-22453.portmap.host
- domain: blhwlxzgy.localto.net
- file: 18.254.144.4
- hash: 53
- file: 147.185.221.22
- hash: 46682
- file: 147.50.253.6
- hash: 9997
- url: http://parcelinn.com/wp-content/images/index.php
- file: 27.50.63.8
- hash: 4433
- file: 54.38.53.241
- hash: 444
ThreatFox IOCs for 2025-01-12
Medium
Published: Sun Jan 12 2025 (01/12/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-01-12
AI-Powered Analysis
AILast updated: 06/19/2025, 16:19:43 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-01-12." This threat entry appears to be a collection or update of Indicators of Compromise (IOCs) sourced from ThreatFox, a platform known for sharing threat intelligence data, particularly related to malware and cyber threats. The threat is categorized under 'malware' and tagged as 'type:osint,' indicating that the data is primarily open-source intelligence rather than a specific exploit or vulnerability targeting a particular software product. No specific affected versions or products are listed, suggesting that this is a general intelligence update rather than a targeted vulnerability disclosure. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and dissemination. There are no known exploits in the wild associated with this threat at the time of publication (January 12, 2025). The absence of Common Weakness Enumerations (CWEs) and patch links further supports that this is an intelligence report rather than a vulnerability advisory. The lack of indicators in the provided data limits the ability to identify specific malware families, attack vectors, or tactics, techniques, and procedures (TTPs). Overall, this entry serves as a situational awareness update for cybersecurity professionals to monitor potential emerging threats based on shared IOCs, but it does not describe an active or confirmed exploit or malware campaign.
Potential Impact
Given the nature of this threat as an OSINT-based IOC update without specific affected products or confirmed exploits, the direct impact on European organizations is currently limited. However, the dissemination of such intelligence can be critical for early detection and prevention of malware infections. European organizations that rely heavily on threat intelligence feeds and proactive security monitoring may benefit from integrating these IOCs into their detection systems to identify potential malicious activity early. The medium severity rating suggests a moderate risk, possibly due to the potential for these IOCs to be linked to emerging malware campaigns in the future. If these IOCs correspond to malware targeting critical infrastructure, financial institutions, or government entities, the impact could escalate. However, without concrete exploit data or affected systems, the immediate risk to confidentiality, integrity, and availability remains low to medium. Organizations should remain vigilant but not expect widespread disruption solely based on this report.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) systems and Endpoint Detection and Response (EDR) tools to enhance detection capabilities. 2. Regularly update threat intelligence feeds and correlate these IOCs with internal logs to identify any early signs of compromise. 3. Conduct targeted threat hunting exercises focusing on behaviors associated with malware infections, even if specific malware families are not identified. 4. Maintain robust network segmentation and least privilege access controls to limit potential lateral movement if malware is detected. 5. Educate security teams on interpreting OSINT-based IOC updates and incorporating them into incident response workflows. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share findings and receive updated intelligence. 7. Since no patches or specific vulnerabilities are identified, focus on general best practices such as timely software updates, strong authentication mechanisms, and continuous monitoring rather than product-specific mitigations.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e2c096cc-79a9-4481-90e1-67cebe1794de
- Original Timestamp
- 1736726585
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file87.120.125.55 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file15.236.186.87 | BlackShades botnet C2 server (confidence level: 50%) | |
file3.35.176.45 | Unknown malware botnet C2 server (confidence level: 50%) | |
file156.238.227.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.221.99.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.15.136.6 | Remcos botnet C2 server (confidence level: 100%) | |
file207.32.218.117 | Remcos botnet C2 server (confidence level: 100%) | |
file35.180.197.75 | Sliver botnet C2 server (confidence level: 100%) | |
file163.5.112.189 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.215.224.100 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file141.95.114.228 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.216.19.54 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.59.162.144 | Venom RAT botnet C2 server (confidence level: 100%) | |
file52.87.248.40 | Chaos botnet C2 server (confidence level: 100%) | |
file185.239.48.114 | BianLian botnet C2 server (confidence level: 100%) | |
file35.157.111.131 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.68.56.232 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.126.224.214 | NjRAT botnet C2 server (confidence level: 75%) | |
file117.50.47.141 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file178.215.236.227 | NjRAT botnet C2 server (confidence level: 100%) | |
file88.243.168.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.168.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file179.95.199.110 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file193.149.129.155 | Unknown malware botnet C2 server (confidence level: 75%) | |
file207.231.111.82 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file77.73.68.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.73.68.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.146.39.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.135.237.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.44.160.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.23.248.138 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.119.90.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.19.212.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.163.145.210 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.65.46.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.234.79.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.99.38.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.233.242.141 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.233.242.141 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.128.141.78 | ValleyRAT botnet C2 server (confidence level: 75%) | |
file107.148.149.107 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file192.238.132.117 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.97 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file178.73.192.19 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file109.91.159.213 | Sliver botnet C2 server (confidence level: 50%) | |
file213.238.180.13 | DarkComet botnet C2 server (confidence level: 50%) | |
file87.120.125.55 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file178.255.222.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.60.184.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.1.216.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.76.173.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.49.69.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file112.74.184.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.110.49.232 | Remcos botnet C2 server (confidence level: 100%) | |
file31.58.169.105 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file88.243.168.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.232.170.66 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.26.115.190 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file171.232.56.200 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.175.181.75 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file104.248.123.182 | Sliver botnet C2 server (confidence level: 75%) | |
file2.88.114.116 | QakBot botnet C2 server (confidence level: 75%) | |
file185.222.58.254 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file27.124.21.211 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file64.190.113.229 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file185.215.113.48 | Phorpiex botnet C2 server (confidence level: 50%) | |
file27.124.6.137 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file39.100.75.168 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.200.148.89 | Remcos botnet C2 server (confidence level: 100%) | |
file45.149.241.239 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.94.126.198 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.89.190.24 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.116.169 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file69.48.204.229 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.254.226.214 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.79.171.171 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.79.171.171 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.238.130 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.3.238.130 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.123.4.233 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file171.232.56.200 | Venom RAT botnet C2 server (confidence level: 100%) | |
file43.206.116.52 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file66.29.149.197 | Bashlite botnet C2 server (confidence level: 100%) | |
file87.120.115.8 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file106.14.145.1 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file3.76.191.166 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.51.145.111 | Sliver botnet C2 server (confidence level: 50%) | |
file203.171.25.133 | Sliver botnet C2 server (confidence level: 50%) | |
file88.243.168.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file209.94.56.39 | MimiKatz botnet C2 server (confidence level: 100%) | |
file150.138.72.39 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file123.57.30.209 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.32.249.39 | Remcos botnet C2 server (confidence level: 100%) | |
file103.229.81.203 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.178.66.209 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file154.12.253.45 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file88.243.168.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file201.27.180.102 | Havoc botnet C2 server (confidence level: 100%) | |
file13.229.49.238 | Havoc botnet C2 server (confidence level: 100%) | |
file16.171.234.49 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.244.98.71 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file140.99.97.165 | NjRAT botnet C2 server (confidence level: 50%) | |
file54.193.51.242 | Unknown malware botnet C2 server (confidence level: 50%) | |
file46.246.131.71 | QakBot botnet C2 server (confidence level: 75%) | |
file154.216.16.41 | XWorm botnet C2 server (confidence level: 100%) | |
file18.254.144.4 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file147.185.221.22 | XWorm botnet C2 server (confidence level: 100%) | |
file147.50.253.6 | NjRAT botnet C2 server (confidence level: 100%) | |
file27.50.63.8 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file54.38.53.241 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8001 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash771 | BlackShades botnet C2 server (confidence level: 50%) | |
hash1023 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Chaos botnet C2 server (confidence level: 100%) | |
hash27700 | BianLian botnet C2 server (confidence level: 100%) | |
hash19931 | NjRAT botnet C2 server (confidence level: 75%) | |
hash19931 | NjRAT botnet C2 server (confidence level: 75%) | |
hash19931 | NjRAT botnet C2 server (confidence level: 75%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4411 | NjRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash3002 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash50103 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8181 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 75%) | |
hash2015 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash4433 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9001 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash9002 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash8087 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash58203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash13610 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash4433 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash40555 | Phorpiex botnet C2 server (confidence level: 50%) | |
hash13651 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash3002 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash27697 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash44818 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1337 | Bashlite botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hashd14ec0d9f4c265174c54d0f949e006ea | Unknown malware payload (confidence level: 50%) | |
hash74000c8b8ecf16e84575e79f7ba006f0 | Unknown malware payload (confidence level: 50%) | |
hash61d7585b5702d195bc35e0be2f75915c | Unknown malware payload (confidence level: 50%) | |
hash2456fdd65bc48203815f22e444d78fb0 | Unknown malware payload (confidence level: 50%) | |
hash54e383ca658ebd3caaf586f032f1c401 | Unknown malware payload (confidence level: 50%) | |
hash039f85a7670428430274476cbe733db4 | Unknown malware payload (confidence level: 50%) | |
hashc8dd54784fb1b6cbd16cec060487fb8f | Unknown malware payload (confidence level: 50%) | |
hashca8ff8fb255a47d4be94af4ee3327c07 | Unknown malware payload (confidence level: 50%) | |
hashf7a3a35cde86dc89bc76dbb59d5ce6de | Unknown malware payload (confidence level: 50%) | |
hash3307 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2077 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash513 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash19 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash46682 | XWorm botnet C2 server (confidence level: 100%) | |
hash9997 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4433 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash444 | Meterpreter botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainleechon.hackcrack.io | NjRAT botnet C2 domain (confidence level: 75%) | |
domainwww.g.mllcrosoft.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainzcbcpapp.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainecs-121-36-222-101.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincorepatchcraft.com | Matanbuchus botnet C2 domain (confidence level: 100%) | |
domainvscodeapp.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincycahao.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domain24.ip.gl.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domain25.ip.gl.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainawiero-42728.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainplan-view.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsale-er.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainstudio-teaching.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainshall-respectively.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainalemania2020.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainapleegodfivem.ddns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainmbaper-28496.portmap.host | RedLine Stealer botnet C2 domain (confidence level: 50%) | |
domainaugustinevegas-31173.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainmbaper-28496.portmap.host | DCRat botnet C2 domain (confidence level: 50%) | |
domainstudies-gotta.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domaindrlas.duckdns.org | DCRat botnet C2 domain (confidence level: 50%) | |
domainmbaper-28496.portmap.host | DCRat botnet C2 domain (confidence level: 50%) | |
domainstudies-gotta.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domaintestedark.writesthisblog.com | DCRat botnet C2 domain (confidence level: 50%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbrendon-sharjen.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincovery-mover.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindare-curbys.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindwell-exclaim.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainformy-spill.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainimpend-differ.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainingreem-eilish.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainprint-vexer.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainse-blurry.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainzinc-sneark.biz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaingallery-deadly.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 50%) | |
domainnooneno.ddns.net | NjRAT botnet C2 domain (confidence level: 50%) | |
domainsat-triumph.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 50%) | |
domainanthonyngati.ddns.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainaugustinevegas-31173.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainef3243fsert34.ddns.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainhiimbob.ddnsking.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainjordiek1d.ddns.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainnukedrust-59850.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaindecmainserver.webredirect.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainjuanosorio.loseyourip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainrras.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainaround-surprise.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainawiero-42728.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainbutton-utah.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainfemale-hills.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainplan-view.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsale-er.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainspeed-janet.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainstudio-teaching.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainshall-respectively.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsleepyyasian-37412.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domain066661a23.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domain11-14-6b333331.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domain1101dypxb.autos | Formbook botnet C2 domain (confidence level: 50%) | |
domain1156.net | Formbook botnet C2 domain (confidence level: 50%) | |
domain1244.pizza | Formbook botnet C2 domain (confidence level: 50%) | |
domain200mzeus.store | Formbook botnet C2 domain (confidence level: 50%) | |
domain3233.pizza | Formbook botnet C2 domain (confidence level: 50%) | |
domain3ff.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domain3s0jm.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domain410.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domain4cw.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domain6485.loan | Formbook botnet C2 domain (confidence level: 50%) | |
domain7849.plus | Formbook botnet C2 domain (confidence level: 50%) | |
domain7ihyh.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domain88977.club | Formbook botnet C2 domain (confidence level: 50%) | |
domain8betpragmatic.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainaahoma-inter5.rest | Formbook botnet C2 domain (confidence level: 50%) | |
domainaatara1.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainabviehar.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainacrebleu.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainagaviet59.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainagdabvbux.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainagiclime.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainaisui.icu | Formbook botnet C2 domain (confidence level: 50%) | |
domainalacticinvesting.world | Formbook botnet C2 domain (confidence level: 50%) | |
domainammamiaitalia.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainamsexgirls.website | Formbook botnet C2 domain (confidence level: 50%) | |
domainanostrastoria.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainarehouse-inventory-23414.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainarehouse-inventory-39846.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainarehouse-inventory-94254.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainashesbylainez.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainashimono.studio | Formbook botnet C2 domain (confidence level: 50%) | |
domainasteri-grandavenue.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainataract-surgery-54329.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainbsidiansurvival.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainbthbt.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainceqne.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domaincoplus.market | Formbook botnet C2 domain (confidence level: 50%) | |
domainctinoco.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainealprize.casino | Formbook botnet C2 domain (confidence level: 50%) | |
domainearch-solar-installer-top.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainearehspremierbody.net | Formbook botnet C2 domain (confidence level: 50%) | |
domaineat-pumps-31610.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainechviz.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainele88.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domainendown.graphics | Formbook botnet C2 domain (confidence level: 50%) | |
domainenewebsolutions.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainental-implants-25513.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainental-implants-67768.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainershwin.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainerzog.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainestionprojetsccpm.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainestoremylawn.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainetail360solution.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainetworkconnect.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domaing6fqz07uyhlgwxf.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domaingrsm.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainharepoint.legal | Formbook botnet C2 domain (confidence level: 50%) | |
domainhealchemists.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainheempireofi.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainhetopgraded.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainhingsilike.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainhopsphereviral.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainiautomation.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainicovideo.zone | Formbook botnet C2 domain (confidence level: 50%) | |
domainidzev.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainiefuwqi.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainijibato.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainikings-valhala-lordfilm.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainillamarinarv.net | Formbook botnet C2 domain (confidence level: 50%) | |
domaininhngoc.webcam | Formbook botnet C2 domain (confidence level: 50%) | |
domaininomiya-furemachi.net | Formbook botnet C2 domain (confidence level: 50%) | |
domaininyurlapp.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainirrorbd.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainirvasenitpalvelut.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainisa-sponsored-jobs-8726311.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainitadelohrana.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainitchen-remodeling-41686.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainjfghnxnvdfgh.icu | Formbook botnet C2 domain (confidence level: 50%) | |
domainlaimdeep.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainlaimdeep.fyi | Formbook botnet C2 domain (confidence level: 50%) | |
domainlax.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainlazeworld.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainlbdoanhnhan.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainlkpiou.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainlown.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainlsuits.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainlueticks.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainlwaset.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainm1744.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainm235a.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainmy66.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainnalyzator.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainnderwater-corporation.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainnfluencer-marketing-21638.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainnfluencer-marketing-41832.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainnfoyl.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainng501.website | Formbook botnet C2 domain (confidence level: 50%) | |
domainnityyoga.life | Formbook botnet C2 domain (confidence level: 50%) | |
domainnline-advertising-19201.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainnline-gaming-56806.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainntentwicket.asia | Formbook botnet C2 domain (confidence level: 50%) | |
domainnytymeoccassions.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainoctor-who-lordfilm.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainocubox.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainoftware-download-37623.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainoftware-engineering-27699.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainoig.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainokoresmi.life | Formbook botnet C2 domain (confidence level: 50%) | |
domainoksa.life | Formbook botnet C2 domain (confidence level: 50%) | |
domainolvy.stream | Formbook botnet C2 domain (confidence level: 50%) | |
domainom-exchange-nft370213.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainome-remodeling-83980.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainomestur.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainomptables.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainondpc.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainonghu888.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainonitoring-devices-18459.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainonitoring-devices-97381.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainontenbully.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainoofcarpenternearme-jp.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainoofighters.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainoofing-jobs-29700.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainoofing-jobs-74429.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainoppe.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainoratrading.best | Formbook botnet C2 domain (confidence level: 50%) | |
domainorevitals.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainorklift-jobs-76114.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainorldsbestshoppingmall.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainots.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainovapioli.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainovevibes.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainowardstheturf.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainp82520.icu | Formbook botnet C2 domain (confidence level: 50%) | |
domainpahn.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainpps-27859.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainpsoftware.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainpwtpv.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainq33.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domainqweemaildwqfewew.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainrandplatform.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainrchaea.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainrconsultant.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainreativesos.studio | Formbook botnet C2 domain (confidence level: 50%) | |
domainreedomcycleparts.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainrh799295w.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainrhx.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domainrimehealthlabs.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainronusdt.one | Formbook botnet C2 domain (confidence level: 50%) | |
domainroublevictimize.asia | Formbook botnet C2 domain (confidence level: 50%) | |
domainrrm.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domainruck-driver-jobs-58337.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainruck-driver-jobs-86708.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainruck-driver-training-44635.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainrumpchiefofstaff.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainrwebsolution.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainsbank.homes | Formbook botnet C2 domain (confidence level: 50%) | |
domainsbx.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainsphalt-jobs-98701.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainssiilbio.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainstrange.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainstyvd.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainsu41k7v.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainsvc.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domainsychology-degree-92767.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domaintarhub.website | Formbook botnet C2 domain (confidence level: 50%) | |
domaintartupapps.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domaintel.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domaintg88biz.icu | Formbook botnet C2 domain (confidence level: 50%) | |
domaintiwebu.info | Formbook botnet C2 domain (confidence level: 50%) | |
domaintudentcare.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domaintyleyourvibe.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainu-thiensu.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainujas.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainukusindo4dpools.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainumpstartsplus.website | Formbook botnet C2 domain (confidence level: 50%) | |
domainundialluzecasa.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainuntech.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainusiness-printer-69123.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainut-mastera-remstir.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainutecak.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainutomation-tools-86423.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainutsidetheguardrails.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainvintoken.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainvorachem.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwinomore.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainxocivo.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainyblinds.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainyeverydayessentials.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainyhbvc.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainyltcoventures.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainimg6.microsoft.upgrade1.zip | Havoc botnet C2 domain (confidence level: 100%) | |
domaindrrugs.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainawake-weaves.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsordid-snaked.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainwrathful-jammy.cyou | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainawiero-42728.portmap.hosh | XWorm botnet C2 domain (confidence level: 50%) | |
domainplan-view.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainright-cleared.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsale-er.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainstorage-plugin.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainstudio-teaching.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainshall-respectively.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainnftgamewatch.info | Hook botnet C2 domain (confidence level: 100%) | |
domainlooklook13.fucklgf.sbs | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain146.68.10.185.ro.ovo.sc | Havoc botnet C2 domain (confidence level: 100%) | |
domaintenb10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthretenb13pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainelevenb11pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfiveb5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincl41253.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1071409.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainlolkeky8.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainck25000.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1073086.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1073080.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domains1mpld00.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainweb4200.craft-host.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainknotgloosi.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindidacticwllo.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainabandonbubbke.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingetflashygai.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkitealivejz.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincabbagebettys.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjoinmilkeu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunbecoming.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincravebzestysu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchasedamagee.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainreceivefishe.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpeacebrothez.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnoiselessreis.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbustlingwakef.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindegreehourz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwashytortt.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbringybooky.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainadjoininstiff.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingoldyhanders.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintackyguarrd.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrhetoricakue.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsailstrangej.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingrandfathezz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbeliefbidu.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshitwavvez.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmagnifudizy.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindeprivedsna.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainseatobeyue.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchangeablemagent.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfeerdaiks.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjubbenjusk.biz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfinickypwk.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsavorraiykj.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainminiatureyu.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbloodyswif.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainshoefeatthe.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainleggelatez.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwashyceehsu.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkickykiduz.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainplodnittpw.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmisha-lomonosov.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainelevenb11ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineleveni11sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.elevenb11ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthreteni13sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwelvb12ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwelvei12sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwentenb20ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfortenb14ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.eleveni11sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainteni10sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthretenb13ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwentenb20pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.tenb10ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.thretenb13pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.elevenb11pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.fiveb5ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineiti8sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.sixb6pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinb8ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneinib9ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainoneb1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixb6ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixb6pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixi6sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineitb8pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.neinb8ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.neini9sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainhome.onei1sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneini9sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonei1sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainreset-github.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainadilfgilitter-22453.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainblhwlxzgy.localto.net | XWorm botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://beliefbidu.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://shitwavvez.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://goldyhanders.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://grandfathezz.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://jubbenjusk.biz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sailstrangej.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://480344cm.renyash.ru/linesecureupdateprocessdefaulttestpublicuploadstemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://886972cm.renyash.ru/externalimage.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1070463.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://takiqskiqg.temp.swtest.ru/93909afe.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://62.60.226.62/auth/login | Meduza Stealer botnet C2 (confidence level: 100%) | |
urlhttp://172.36.0.102:53937/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://91.211.249.46/3vmapi/8/poll2generatorpython/imagepiperequestsecureprocesswppublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/2cczjeh5 | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://drive.google.com/uc?export=download&id=1q1hljnxz_p_tyycznv-k_vqi6eknq_bc | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://persianlanguageonline.com/karin_qlzwvjicte239.bin | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://t.me/anbsh26 | Medusa botnet C2 (confidence level: 50%) | |
urlhttps://t.me/anbshaa | Medusa botnet C2 (confidence level: 50%) | |
urlhttps://t.me/anbshbb | Medusa botnet C2 (confidence level: 50%) | |
urlhttp://teletop.top/viopmanxpro | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/viopmanxpro | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://28954cm.darkproducts.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/gjdyupbz | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://www.066661a23.buzz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.11-14-6b333331.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.1101dypxb.autos/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.1156.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.1244.pizza/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.200mzeus.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.3233.pizza/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.3ff.lat/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.3s0jm.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.410.lat/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4cw.lat/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.6485.loan/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.7849.plus/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.7ihyh.shop/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.8435.pizza/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.88977.club/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.8betpragmatic.store/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aahoma-inter5.rest/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aatara1.info/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.abviehar.biz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.acrebleu.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.agaviet59.shop/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.agdabvbux.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.agiclime.pro/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aisui.icu/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alacticinvesting.world/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ammamiaitalia.net/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.amsexgirls.website/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.anostrastoria.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-23414.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-39846.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-94254.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ashesbylainez.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ashimono.studio/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.asteri-grandavenue.info/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ataract-surgery-54329.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bsidiansurvival.shop/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bthbt.info/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ceqne.vip/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.coplus.market/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ctinoco.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ealprize.casino/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.earch-solar-installer-top.today/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.earehspremierbody.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eat-pumps-31610.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.echviz.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ele88.buzz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.endown.graphics/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.enewebsolutions.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ental-implants-25513.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ental-implants-67768.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ershwin.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.erzog.fun/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.estionprojetsccpm.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.estoremylawn.info/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.etail360solution.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ethelcollege.live/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.etworkconnect.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.g6fqz07uyhlgwxf.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.grsm.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.harepoint.legal/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.healchemists.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.heempireofi.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hetopgraded.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hingsilike.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hopsphereviral.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iautomation.online/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.icovideo.zone/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.idzev.shop/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iefuwqi.shop/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ijibato.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ikings-valhala-lordfilm.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.illamarinarv.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inhngoc.webcam/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inomiya-furemachi.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inyurlapp.sbs/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.irrorbd.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.irvasenitpalvelut.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.isa-sponsored-jobs-8726311.live/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.itadelohrana.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.itchen-remodeling-41686.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jfghnxnvdfgh.icu/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.katewarehousel.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.laimdeep.cyou/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.laimdeep.fyi/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lax.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lazeworld.shop/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lbdoanhnhan.net/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lkpiou.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lown.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lsuits.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lueticks.shop/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lwaset.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.m1744.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.m235a.net/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.my66.fun/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nalyzator.fun/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nderwater-corporation.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfluencer-marketing-21638.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfluencer-marketing-41832.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfoyl.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ng501.website/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nityyoga.life/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-advertising-19201.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-gaming-56806.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ntentwicket.asia/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nytymeoccassions.store/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.octor-who-lordfilm.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ocubox.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oftware-download-37623.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oftware-engineering-27699.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oig.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.okoresmi.life/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oksa.life/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.olvy.stream/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.om-exchange-nft370213.sbs/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ome-remodeling-83980.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.omestur.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.omptables.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ondpc.pro/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.onghu888.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.onitoring-devices-18459.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.onitoring-devices-97381.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ontenbully.shop/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofcarpenternearme-jp.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofighters.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofing-jobs-29700.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofing-jobs-74429.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oppe.fun/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oratrading.best/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orevitals.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orklift-jobs-76114.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orldsbestshoppingmall.online/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ots.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ovapioli.tech/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ovevibes.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.owardstheturf.online/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.p82520.icu/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pahn.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pps-27859.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.psoftware.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pwtpv.info/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.q33.lat/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.qweemaildwqfewew.live/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.randplatform.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rchaea.pro/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rconsultant.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.reativesos.studio/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.reedomcycleparts.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rh799295w.vip/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rhx.lat/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rimehealthlabs.online/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ronusdt.one/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.roublevictimize.asia/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rrm.lat/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ruck-driver-jobs-58337.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ruck-driver-jobs-86708.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ruck-driver-training-44635.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rumpchiefofstaff.store/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rwebsolution.tech/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sbank.homes/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sbx.tech/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sphalt-jobs-98701.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ssiilbio.shop/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.strange.store/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.styvd.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.su41k7v.xyz/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.svc.lat/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sychology-degree-92767.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tarhub.website/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tartupapps.cloud/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tel.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tg88biz.icu/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tiwebu.info/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tudentcare.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tyleyourvibe.shop/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.u-thiensu.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ujas.cloud/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ukusindo4dpools.net/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.umpstartsplus.website/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.undialluzecasa.online/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.untech.tech/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.usiness-printer-69123.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ut-mastera-remstir.online/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utecak.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utomation-tools-86423.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utsidetheguardrails.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vintoken.xyz/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vorachem.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.winomore.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xocivo.info/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.yblinds.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.yeverydayessentials.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.yhbvc.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.yltcoventures.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.11-14-6b333331.shop/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aahoma-inter5.rest/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-23414.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-39846.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-94254.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.asteri-grandavenue.info/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ataract-surgery-54329.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.earch-solar-installer-top.today/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eat-pumps-31610.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ental-implants-25513.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ental-implants-67768.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ikings-valhala-lordfilm.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inomiya-furemachi.net/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.isa-sponsored-jobs-8726311.live/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.itchen-remodeling-41686.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nderwater-corporation.net/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfluencer-marketing-21638.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfluencer-marketing-41832.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-advertising-19201.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-gaming-56806.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.octor-who-lordfilm.store/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oftware-download-37623.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oftware-engineering-27699.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.om-exchange-nft370213.sbs/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ome-remodeling-83980.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.onitoring-devices-18459.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.onitoring-devices-97381.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofcarpenternearme-jp.xyz/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofing-jobs-29700.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oofing-jobs-74429.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orklift-jobs-76114.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pps-27859.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ruck-driver-jobs-58337.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ruck-driver-jobs-86708.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ruck-driver-training-44635.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sphalt-jobs-98701.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sychology-degree-92767.bond/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.u-thiensu.online/a02d/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.usiness-printer-69123.bond/pp11/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ut-mastera-remstir.online/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utomation-tools-86423.bond/x07y/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://artemcw8.beget.tech/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://ca54823.tw1.ru/ac378ba3.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://feerdaiks.biz/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://unbecoming.shop/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://91.103.252.143/522d6f9280951d7f.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://45.9.74.182/b7djsdcpcz/index.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://77.83.175.91/18e58bd9b3a5293b/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://147.45.44.190/dace046278f1f1ba/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://185.215.113.206/68b591d6548ec281/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://5.181.2.121/e435f67f5361413d/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://5.181.2.121/e435f67f5361413d/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://5.188.86.231/20bec3f306af6847/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://185.215.113.206/68b591d6548ec281/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://5.181.2.121/e435f67f5361413d/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://95.215.204.182/dcace648038981df/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://staticmaxepress.com/updater2.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttp://diebinjmajbkhhg.top/u5jva0hyf2htr.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://jjdgdeffjimfgne.top/752j36n9lxhtr.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://kosta65f.beget.tech/ec5d8107.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://80.66.81.173/1/9dbwindowswindows/2/windows21cdn/basedb9/processorgeopollprocess/phppoll7temporary/providerpollhttpprocessflowerasyncdle.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://ezrar.atwebpages.com/9c05f0b9.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://plodnittpw.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kickykiduz.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://washyceehsu.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://leggelatez.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://shoefeatthe.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bloodyswif.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://miniatureyu.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://savorraiykj.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://finickypwk.lat/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://changeablemagent.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://deprivedsna.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://seatobeyue.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://magnifudizy.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tackyguarrd.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://adjoininstiff.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bringybooky.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://washytortt.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://degreehourz.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bustlingwakef.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://noiselessreis.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://peacebrothez.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://receivefishe.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://chasedamagee.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cravebzestysu.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://joinmilkeu.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cabbagebettys.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kitealivejz.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://getflashygai.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://abandonbubbke.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://didacticwllo.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://knotgloosi.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://misha-lomonosov.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://parcelinn.com/wp-content/images/index.php | Azorult botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc2e8347ec82d2df9b6
Added to database: 5/20/2025, 1:04:02 PM
Last enriched: 6/19/2025, 4:19:43 PM
Last updated: 8/8/2025, 3:43:00 PM
Views: 8
Related Threats
A New Threat Actor Targeting Geopolitical Hotbeds
MediumMalwareTue Aug 12 2025
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
MediumMalwareTue Aug 12 2025
Russian-Linked Curly COMrades Deploy New MucorAgent Malware in Europe
MediumMalwareTue Aug 12 2025
Interlock Ransomware Group Leaks 43GB of Data in City of St. Paul Cyberattack
MediumMalwareTue Aug 12 2025
ThreatFox IOCs for 2025-08-11
MediumMalwareTue Aug 12 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.