ThreatFox IOCs for 2025-01-25
Severity: mediumType: malware
ThreatFox IOCs for 2025-01-25
AI Analysis
Technical Summary
The provided threat intelligence report from ThreatFox dated 2025-01-25 details Indicators of Compromise (IOCs) related to a malware threat categorized under 'type:osint'. The report lacks specific affected versions, CWE identifiers, or patch information, and no known exploits in the wild have been reported. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution but limited detailed analysis. The malware is associated with OSINT (Open Source Intelligence) tools or techniques, implying it may be used for reconnaissance or information gathering rather than direct destructive payloads. The absence of detailed technical indicators or attack vectors limits the ability to fully characterize the malware's behavior, infection vectors, or persistence mechanisms. The TLP (Traffic Light Protocol) classification is white, indicating the information is intended for public sharing without restrictions. Overall, this threat appears to be a medium-severity malware primarily focused on OSINT-related activities, with moderate distribution but no current evidence of active exploitation or widespread impact.
Potential Impact
For European organizations, the primary impact of this malware threat lies in potential unauthorized collection and exfiltration of sensitive information through OSINT techniques. This could lead to confidentiality breaches, especially if the malware is used to gather intelligence on corporate assets, intellectual property, or personal data. While the malware does not appear to cause direct disruption to system availability or integrity, the compromise of sensitive data can have downstream effects including reputational damage, regulatory penalties under GDPR, and strategic disadvantages. Given the moderate distribution score, there is a possibility of targeted or opportunistic infections, particularly in sectors where OSINT data is valuable such as finance, defense, and critical infrastructure. The lack of known exploits in the wild suggests the threat is currently more of a latent risk rather than an active widespread campaign, but vigilance is warranted to detect any escalation.
Mitigation Recommendations
1. Enhance network monitoring to detect unusual outbound traffic patterns indicative of data exfiltration, particularly focusing on OSINT-related data flows. 2. Implement strict access controls and data segmentation to limit the exposure of sensitive information that could be targeted by reconnaissance malware. 3. Employ advanced endpoint detection and response (EDR) solutions capable of identifying suspicious OSINT tool behaviors or malware signatures, even in the absence of known IOCs. 4. Conduct regular threat hunting exercises focusing on OSINT-related malware tactics and techniques, leveraging threat intelligence feeds including ThreatFox updates. 5. Train security teams and relevant staff on recognizing OSINT malware indicators and the importance of safeguarding open-source data that could be exploited. 6. Maintain up-to-date asset inventories and ensure all software and OSINT tools are patched and configured securely to reduce attack surface. 7. Collaborate with industry information sharing groups to stay informed about emerging OSINT malware threats and mitigation strategies.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium
Indicators of Compromise
- domain: countefireman.cyou
- domain: emptytoyreor.cyou
- domain: hookmowerz.cyou
- domain: oweshaggyerbe.cyou
- domain: strattchboster.cyou
- domain: oj42315j346ng2134.myvnc.com
- file: 45.88.186.152
- hash: 4782
- file: 190.102.40.205
- hash: 5552
- file: 147.45.44.184
- hash: 4782
- url: https://comtekinc.com/51w3.js
- url: https://comtekinc.com/js.php
- file: 199.127.63.127
- hash: 8041
- domain: mail.mindfulinvoice.online
- file: 154.213.187.4
- hash: 2222
- url: https://gacisosh75.xyz/y2vkndy3otixnjc0/
- file: 139.59.3.62
- hash: 80
- file: 124.156.193.181
- hash: 8443
- file: 104.193.69.138
- hash: 443
- file: 65.38.120.146
- hash: 31337
- file: 107.173.101.225
- hash: 443
- file: 69.197.145.69
- hash: 443
- file: 87.120.113.143
- hash: 888
- file: 213.32.110.136
- hash: 2222
- file: 186.169.53.160
- hash: 11102
- file: 182.60.5.9
- hash: 8090
- file: 182.60.5.9
- hash: 2079
- file: 182.60.5.9
- hash: 88
- file: 182.60.5.9
- hash: 10042
- file: 182.60.5.9
- hash: 1963
- file: 66.78.40.166
- hash: 443
- domain: adviseur-oakk.nl
- file: 139.64.51.82
- hash: 443
- file: 13.212.169.131
- hash: 29745
- domain: ads.it-sharepoint.com
- domain: static.it-sharepoint.com
- file: 39.109.117.51
- hash: 53
- file: 54.144.139.77
- hash: 443
- file: 139.9.188.51
- hash: 443
- file: 84.38.133.193
- hash: 8808
- file: 84.247.162.141
- hash: 443
- domain: autodiscover.fithiphealthy.com
- file: 111.196.130.95
- hash: 8443
- file: 45.61.136.85
- hash: 80
- file: 45.61.136.52
- hash: 80
- file: 195.177.95.66
- hash: 80
- domain: viraluxstore.com
- domain: wy.gyhx.xyz
- domain: l3mon.dailycheapdeals.com
- file: 106.52.176.245
- hash: 3333
- file: 44.220.162.212
- hash: 8080
- file: 13.239.83.148
- hash: 3333
- file: 185.22.155.196
- hash: 3334
- file: 104.155.181.114
- hash: 10443
- file: 3.230.116.0
- hash: 3333
- file: 139.59.25.218
- hash: 3333
- file: 128.199.210.142
- hash: 8081
- file: 143.198.209.25
- hash: 9998
- file: 187.72.219.54
- hash: 443
- file: 35.85.136.22
- hash: 8080
- file: 142.171.211.69
- hash: 443
- file: 185.105.109.183
- hash: 3333
- file: 47.94.101.221
- hash: 3333
- file: 181.32.39.201
- hash: 8080
- file: 37.27.3.34
- hash: 3333
- file: 35.157.231.78
- hash: 80
- file: 35.157.231.78
- hash: 443
- file: 138.199.155.177
- hash: 3333
- file: 52.203.140.27
- hash: 8000
- file: 54.206.227.175
- hash: 443
- file: 31.192.237.102
- hash: 3333
- file: 31.192.237.46
- hash: 3333
- file: 8.134.212.158
- hash: 50050
- file: 94.156.167.138
- hash: 50050
- file: 60.205.227.255
- hash: 31337
- file: 85.90.246.69
- hash: 4443
- file: 94.232.244.62
- hash: 444
- file: 154.61.74.64
- hash: 80
- url: https://116.203.125.44/55f8f885bc7c41c8/sqlite3.dll
- url: http://193.233.134.93/2bbda8fbc3a204ca/vcruntime140.dll
- url: http://45.152.113.10/15a25e53742510fe/vcruntime140.dll
- url: http://64.95.13.166/c262c2557c712ca5/mozglue.dll
- url: http://64.95.13.166/c262c2557c712ca5/vcruntime140.dll
- url: https://trumpclaim.org/5-58324124/
- url: https://trumpclaim.org/file.mp3
- url: http://175.178.123.40:8888/supershell/login
- domain: trumpclaim.org
- url: http://1.94.105.216:8000/supershell/login/
- file: 42.117.80.199
- hash: 1987
- file: 45.141.27.118
- hash: 7777
- file: 85.203.4.227
- hash: 7000
- file: 87.120.114.42
- hash: 7000
- file: 91.211.250.177
- hash: 7000
- file: 102.129.168.25
- hash: 7000
- file: 147.45.47.222
- hash: 3991
- file: 159.100.20.246
- hash: 6382
- file: 185.201.252.121
- hash: 5555
- file: 195.10.205.186
- hash: 6699
- file: 198.7.115.133
- hash: 7772
- file: 207.174.40.240
- hash: 7000
- file: 87.120.115.189
- hash: 2404
- domain: zk-drop.com
- domain: showviteadobe.com
- domain: siste-nytt.com
- domain: indianaroadassist.com
- file: 23.94.139.99
- hash: 65104
- file: 44.201.201.174
- hash: 80
- file: 44.201.201.174
- hash: 443
- file: 213.32.110.136
- hash: 888
- file: 182.60.9.165
- hash: 18333
- file: 182.60.5.9
- hash: 1201
- file: 182.60.5.9
- hash: 5902
- file: 182.60.5.9
- hash: 1000
- file: 182.60.5.9
- hash: 2612
- file: 182.60.5.9
- hash: 11211
- file: 182.60.5.9
- hash: 18444
- file: 85.31.47.59
- hash: 8848
- file: 148.113.165.11
- hash: 4040
- file: 182.60.5.9
- hash: 13434
- file: 172.94.14.88
- hash: 4449
- file: 182.60.5.9
- hash: 832
- file: 182.60.5.9
- hash: 4567
- file: 182.60.5.9
- hash: 771
- file: 182.60.5.9
- hash: 3277
- file: 182.60.5.9
- hash: 8389
- file: 182.60.5.9
- hash: 8020
- file: 182.60.5.9
- hash: 1912
- file: 182.60.5.9
- hash: 3950
- file: 182.60.5.9
- hash: 8008
- file: 182.60.5.9
- hash: 20000
- file: 182.60.5.9
- hash: 8443
- file: 182.60.5.9
- hash: 1080
- file: 182.60.5.9
- hash: 2004
- file: 182.60.5.9
- hash: 101
- file: 182.60.5.9
- hash: 789
- file: 182.60.5.9
- hash: 5900
- file: 201.27.181.65
- hash: 8081
- file: 185.208.156.157
- hash: 443
- domain: ww5.fithiphealthy.com
- file: 196.120.15.148
- hash: 443
- file: 84.154.190.128
- hash: 82
- domain: navylk.webmailarmy.com
- file: 112.16.250.188
- hash: 4506
- file: 147.45.47.167
- hash: 24637
- file: 45.137.81.202
- hash: 443
- file: 64.225.61.173
- hash: 9999
- url: https://karaakcan242.xyz/ntfknjvmntmyoddh/
- url: https://barcelonacokhojdur34.com/ntfknjvmntmyoddh/
- url: https://pejo106gtialsana34.com/ntfknjvmntmyoddh/
- url: https://reksonailemutluol434.com/ntfknjvmntmyoddh/
- url: https://cocolaickeyflen34.com/ntfknjvmntmyoddh/
- file: 182.60.5.9
- hash: 3790
- file: 182.60.5.9
- hash: 3780
- file: 182.60.5.9
- hash: 10250
- file: 182.60.5.9
- hash: 4433
- file: 182.60.5.9
- hash: 8140
- url: http://154.61.74.64/
- file: 124.222.39.154
- hash: 443
- file: 152.136.159.25
- hash: 80
- file: 154.204.177.84
- hash: 443
- file: 182.92.119.172
- hash: 7777
- file: 185.208.159.240
- hash: 56001
- file: 185.196.10.170
- hash: 7000
- file: 3.125.188.168
- hash: 19931
- file: 3.124.67.191
- hash: 19931
- file: 193.181.23.127
- hash: 5555
- url: https://solve.xgnv.org/awjsx.captcha
- domain: solve.xgnv.org
- domain: temp.opal.wtf
- domain: ngoklene.duckdns.org
- domain: 3x3.casacam.net
- domain: coinbasecrashout.ddns.net
- domain: discotek.duckdns.org
- domain: saleselma.freemyip.com
- domain: deadpoolstart2026.duckdns.org
- domain: pctrabajonuevo2.casacam.net
- file: 154.216.20.182
- hash: 8000
- file: 2.56.109.146
- hash: 4449
- file: 20.224.66.176
- hash: 4784
- file: 89.84.63.139
- hash: 6606
- url: https://api.telegram.org/bot7653235193:aaerxt3f2w-qztimivxt1ds_f7pbhdxw3fc/sendmessage
- domain: safe-synopsis.gl.at.ply.gg
- domain: c0mer.publicvm.com
- domain: defined-licenses.gl.at.ply.gg
- domain: up-mixed.gl.at.ply.gg
- domain: story-earthquake.gl.at.ply.gg
- domain: accessories-fame.gl.at.ply.gg
- domain: logo-kerry.gl.at.ply.gg
- domain: why-familiar.gl.at.ply.gg
- domain: jamesbond123123-40026.portmap.host
- domain: warning-found.gl.at.ply.gg
- domain: reference-roll.gl.at.ply.gg
- domain: success-evans.gl.at.ply.gg
- domain: oil-calculated.gl.at.ply.gg
- domain: window-prize.gl.at.ply.gg
- domain: uk-theory.gl.at.ply.gg
- domain: ring-cj.gl.at.ply.gg
- domain: such-five.gl.at.ply.gg
- domain: take-continually.gl.at.ply.gg
- domain: g-submit.gl.at.ply.gg
- domain: window-prize.gl.ply.gg
- domain: christian-betting.gl.at.ply.gg
- domain: cities-annex.gl.at.ply.gg
- domain: wood-matches.gl.at.ply.gg
- domain: you-cigarette.gl.at.ply.gg
- domain: recent-keywords.gl.at.ply.gg
- domain: match-remedies.gl.at.ply.gg
- domain: cost-hughes.gl.at.ply.gg
- domain: look-omega.gl.at.ply.gg
- domain: sanek416-59257.portmap.host
- domain: modified-begun.gl.at.ply.gg
- domain: republic-python.gl.at.ply.gg
- domain: so-trek.gl.at.ply.gg
- domain: built-among.gl.at.ply.gg
- domain: sunday-chronicle.gl.at.ply.gg
- file: 178.173.246.113
- hash: 4444
- file: 95.169.204.123
- hash: 7000
- file: 147.185.221.24
- hash: 35724
- file: 147.185.221.23
- hash: 36343
- file: 194.59.31.87
- hash: 1111
- file: 23.27.201.57
- hash: 7000
- domain: axaxdad.ydns.eu
- domain: meme.linkpc.net
- url: http://147.45.44.190
- domain: recaptha-verify-5q.pages.dev
- file: 156.224.26.29
- hash: 8888
- file: 119.8.116.145
- hash: 4444
- file: 216.128.146.203
- hash: 2404
- file: 13.201.30.7
- hash: 8080
- domain: ecs-121-36-198-211.compute.hwclouds-dns.com
- file: 57.129.65.114
- hash: 4449
- file: 52.89.199.16
- hash: 2004
- file: 154.12.25.152
- hash: 80
- file: 193.200.78.35
- hash: 80
- domain: support.sftech.one
- file: 111.230.5.199
- hash: 2087
- file: 170.64.134.129
- hash: 443
- url: http://cf17360.tw1.ru/l1nc0in.php
- url: https://climepunneddus.com/api
- url: https://flockefaccek.org/api
- url: https://guardeduppe.com/api
- url: https://babberstalek.org/api
- url: https://classyhelped.net/api
- url: https://carrystuppeder.net/api
- url: https://rebuildhurrte.com/api
- domain: climepunneddus.com
- domain: flockefaccek.org
- domain: guardeduppe.com
- domain: babberstalek.org
- domain: classyhelped.net
- domain: carrystuppeder.net
- domain: rebuildhurrte.com
- domain: mint-stealer.sh
- url: http://176.123.1.211/dbdatalifeprivatecdn.php
- url: http://8.210.146.82:18888/supershell/login/
- file: 185.102.172.203
- hash: 5555
- file: 104.234.205.134
- hash: 8808
- file: 199.204.161.37
- hash: 8808
- file: 84.247.162.141
- hash: 9090
- file: 45.94.31.215
- hash: 8808
- file: 117.215.247.241
- hash: 1080
- file: 117.215.247.241
- hash: 3276
- file: 117.215.247.241
- hash: 9201
- file: 117.215.247.241
- hash: 103
- file: 117.215.247.241
- hash: 1311
- file: 117.215.247.241
- hash: 4242
- file: 117.215.247.241
- hash: 7987
- file: 117.215.247.241
- hash: 465
- file: 117.215.247.241
- hash: 2080
- file: 117.215.247.241
- hash: 3499
- file: 117.215.247.241
- hash: 18444
- file: 117.215.247.241
- hash: 554
- file: 117.215.247.241
- hash: 3299
- file: 117.215.247.241
- hash: 5671
- file: 117.215.247.241
- hash: 16652
- file: 117.215.247.241
- hash: 1098
- file: 117.215.247.241
- hash: 2077
- file: 117.215.247.241
- hash: 2266
- file: 117.215.247.241
- hash: 2403
- file: 117.215.247.241
- hash: 4841
- file: 117.215.247.241
- hash: 11101
- file: 117.215.247.241
- hash: 1433
- file: 117.215.247.241
- hash: 6008
- file: 117.215.247.241
- hash: 3035
- file: 117.215.247.241
- hash: 4730
- file: 117.215.247.241
- hash: 9200
- file: 117.215.247.241
- hash: 9768
- file: 117.215.247.241
- hash: 102
- file: 117.215.247.241
- hash: 2087
- file: 117.215.247.241
- hash: 2380
- file: 117.215.247.241
- hash: 3049
- file: 117.215.247.241
- hash: 101
- file: 185.196.8.68
- hash: 80
- file: 156.244.16.227
- hash: 443
- file: 52.197.164.145
- hash: 80
- file: 182.60.5.9
- hash: 4444
- file: 182.60.5.9
- hash: 8009
- file: 182.60.5.9
- hash: 7443
- file: 182.60.5.9
- hash: 8139
- file: 182.60.5.9
- hash: 3001
- file: 182.60.5.9
- hash: 311
- file: 182.60.5.9
- hash: 10000
- file: 118.122.8.154
- hash: 10042
- file: 197.44.133.250
- hash: 6000
- file: 3.34.83.49
- hash: 80
- url: http://93.123.39.132/cdb52cf952e86d4b/sqlite3.dll
- url: http://85.28.47.70/c10a74a0c2f42c12/vcruntime140.dll
- url: http://139.196.206.41:8080/
- domain: dwnwz6ywujerd.cloudfront.net
- domain: cutlej02.top
- url: http://faodrt28.top/index.php
- url: http://cutlej02.top/download.php?file=wapude.exe
- domain: thatsofar.top
- domain: hojex31104-23437.portmap.host
- domain: adventurestoptop.top
- domain: cuproomymis.top
- domain: weighcobbweo.top
- domain: kgbhostpro.duckdns.org
- domain: veronicafola.ddns.net
- domain: jokernjrat.ddns.net
- domain: pics-accessory.gl.at.ply.gg
- file: 176.110.208.212
- hash: 25565
- url: http://pole4udes.ru/externalvideotosecurepacketgeoapiserverwordpressdle.php
- file: 87.120.125.56
- hash: 38241
- file: 87.120.117.141
- hash: 38241
- file: 94.103.125.184
- hash: 3778
- file: 94.103.125.184
- hash: 101
- file: 154.62.226.5
- hash: 3778
- domain: space.richstressop.cloud
- file: 45.139.104.177
- hash: 1995
- domain: bot.floppaonyou.fr
- domain: fantazy.space
- domain: botnet.fantazy.space
- url: http://lginchimfgfckeb.top/t9s1nq4j3lhtr.php
- domain: lginchimfgfckeb.top
- url: http://799615cm.nyashnyash.ru/linecpuprocessorlongpollprotectdbdatalifetemptemporary.php
- file: 193.26.115.238
- hash: 8088
- file: 128.90.113.141
- hash: 5000
- file: 149.102.147.106
- hash: 5505
- file: 117.215.247.241
- hash: 21
- file: 117.215.247.241
- hash: 6324
- file: 117.215.247.241
- hash: 8594
- file: 117.215.247.241
- hash: 17297
- file: 117.215.247.241
- hash: 18577
- file: 117.215.247.241
- hash: 8001
- file: 117.215.247.241
- hash: 17573
- file: 117.215.247.241
- hash: 7474
- file: 117.215.247.241
- hash: 16992
- file: 117.215.247.241
- hash: 5211
- file: 117.215.247.241
- hash: 10470
- file: 117.215.247.241
- hash: 13000
- file: 117.215.247.241
- hash: 771
- file: 117.215.247.241
- hash: 808
- file: 117.215.247.241
- hash: 2628
- file: 117.215.247.241
- hash: 9023
- file: 117.215.247.241
- hash: 9999
- file: 117.215.247.241
- hash: 12824
- file: 117.215.247.241
- hash: 2405
- file: 117.215.247.241
- hash: 7001
- file: 117.215.247.241
- hash: 1963
- file: 117.215.247.241
- hash: 13465
- file: 117.215.247.241
- hash: 19214
- file: 117.215.247.241
- hash: 8080
- file: 117.215.247.241
- hash: 9142
- file: 117.215.247.241
- hash: 11112
- file: 117.215.247.241
- hash: 6575
- file: 117.215.247.241
- hash: 18080
- file: 117.215.247.241
- hash: 3456
- file: 117.215.247.241
- hash: 7028
- file: 117.215.247.241
- hash: 17291
- file: 117.215.247.241
- hash: 1962
- file: 117.215.247.241
- hash: 2454
- file: 117.215.247.241
- hash: 6006
- file: 117.215.247.241
- hash: 18246
- file: 117.215.247.241
- hash: 1244
- file: 117.215.247.241
- hash: 5080
- file: 117.215.247.241
- hash: 9601
- file: 117.215.247.241
- hash: 10260
- file: 117.215.247.241
- hash: 12113
- file: 117.215.247.241
- hash: 1801
- file: 117.215.247.241
- hash: 1883
- file: 117.215.247.241
- hash: 19500
- file: 117.215.247.241
- hash: 5984
- file: 117.215.247.241
- hash: 19263
- file: 117.215.247.241
- hash: 4444
- file: 117.215.247.241
- hash: 5000
- file: 117.215.247.241
- hash: 8636
- domain: updates.e-formsonline.com
- file: 194.102.104.88
- hash: 80
- file: 188.49.61.79
- hash: 443
- file: 54.38.94.225
- hash: 8880
- file: 54.38.94.225
- hash: 8888
- file: 8.222.163.56
- hash: 60000
- file: 192.169.69.26
- hash: 1984
- domain: ns1.nactrace.com
- domain: ns2.nactrace.com
- file: 165.232.122.80
- hash: 53
- file: 18.117.146.34
- hash: 8080
- url: http://188.120.225.2/apidbdlecdntemporary.php
ThreatFox IOCs for 2025-01-25
Medium
Published: Sat Jan 25 2025 (01/25/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-01-25
AI-Powered Analysis
AILast updated: 06/19/2025, 15:49:02 UTC
Technical Analysis
The provided threat intelligence report from ThreatFox dated 2025-01-25 details Indicators of Compromise (IOCs) related to a malware threat categorized under 'type:osint'. The report lacks specific affected versions, CWE identifiers, or patch information, and no known exploits in the wild have been reported. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution but limited detailed analysis. The malware is associated with OSINT (Open Source Intelligence) tools or techniques, implying it may be used for reconnaissance or information gathering rather than direct destructive payloads. The absence of detailed technical indicators or attack vectors limits the ability to fully characterize the malware's behavior, infection vectors, or persistence mechanisms. The TLP (Traffic Light Protocol) classification is white, indicating the information is intended for public sharing without restrictions. Overall, this threat appears to be a medium-severity malware primarily focused on OSINT-related activities, with moderate distribution but no current evidence of active exploitation or widespread impact.
Potential Impact
For European organizations, the primary impact of this malware threat lies in potential unauthorized collection and exfiltration of sensitive information through OSINT techniques. This could lead to confidentiality breaches, especially if the malware is used to gather intelligence on corporate assets, intellectual property, or personal data. While the malware does not appear to cause direct disruption to system availability or integrity, the compromise of sensitive data can have downstream effects including reputational damage, regulatory penalties under GDPR, and strategic disadvantages. Given the moderate distribution score, there is a possibility of targeted or opportunistic infections, particularly in sectors where OSINT data is valuable such as finance, defense, and critical infrastructure. The lack of known exploits in the wild suggests the threat is currently more of a latent risk rather than an active widespread campaign, but vigilance is warranted to detect any escalation.
Mitigation Recommendations
1. Enhance network monitoring to detect unusual outbound traffic patterns indicative of data exfiltration, particularly focusing on OSINT-related data flows. 2. Implement strict access controls and data segmentation to limit the exposure of sensitive information that could be targeted by reconnaissance malware. 3. Employ advanced endpoint detection and response (EDR) solutions capable of identifying suspicious OSINT tool behaviors or malware signatures, even in the absence of known IOCs. 4. Conduct regular threat hunting exercises focusing on OSINT-related malware tactics and techniques, leveraging threat intelligence feeds including ThreatFox updates. 5. Train security teams and relevant staff on recognizing OSINT malware indicators and the importance of safeguarding open-source data that could be exploited. 6. Maintain up-to-date asset inventories and ensure all software and OSINT tools are patched and configured securely to reduce attack surface. 7. Collaborate with industry information sharing groups to stay informed about emerging OSINT malware threats and mitigation strategies.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 055da0eb-b7cc-47d5-9cec-74fd05311b6c
- Original Timestamp
- 1737849788
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincountefireman.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainemptytoyreor.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhookmowerz.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoweshaggyerbe.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstrattchboster.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoj42315j346ng2134.myvnc.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmail.mindfulinvoice.online | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainadviseur-oakk.nl | Havoc botnet C2 domain (confidence level: 100%) | |
domainads.it-sharepoint.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainstatic.it-sharepoint.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainautodiscover.fithiphealthy.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainviraluxstore.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwy.gyhx.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainl3mon.dailycheapdeals.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaintrumpclaim.org | Unknown malware payload delivery domain (confidence level: 50%) | |
domainzk-drop.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainshowviteadobe.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainsiste-nytt.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainindianaroadassist.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainww5.fithiphealthy.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainnavylk.webmailarmy.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsolve.xgnv.org | ClearFake payload delivery domain (confidence level: 75%) | |
domaintemp.opal.wtf | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainngoklene.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain3x3.casacam.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincoinbasecrashout.ddns.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindiscotek.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsaleselma.freemyip.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindeadpoolstart2026.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpctrabajonuevo2.casacam.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsafe-synopsis.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainc0mer.publicvm.com | XWorm botnet C2 domain (confidence level: 100%) | |
domaindefined-licenses.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainup-mixed.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainstory-earthquake.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainaccessories-fame.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlogo-kerry.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwhy-familiar.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainjamesbond123123-40026.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainwarning-found.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainreference-roll.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsuccess-evans.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainoil-calculated.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwindow-prize.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainuk-theory.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainring-cj.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsuch-five.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintake-continually.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaing-submit.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwindow-prize.gl.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainchristian-betting.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincities-annex.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwood-matches.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainyou-cigarette.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainrecent-keywords.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmatch-remedies.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincost-hughes.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlook-omega.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsanek416-59257.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainmodified-begun.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainrepublic-python.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainso-trek.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbuilt-among.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsunday-chronicle.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainaxaxdad.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainmeme.linkpc.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-5q.pages.dev | ClearFake payload delivery domain (confidence level: 75%) | |
domainecs-121-36-198-211.compute.hwclouds-dns.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainsupport.sftech.one | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainclimepunneddus.com | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainflockefaccek.org | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainguardeduppe.com | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbabberstalek.org | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclassyhelped.net | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincarrystuppeder.net | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainrebuildhurrte.com | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmint-stealer.sh | MintStealer botnet C2 domain (confidence level: 100%) | |
domaindwnwz6ywujerd.cloudfront.net | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domaincutlej02.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domainthatsofar.top | Mirai botnet C2 domain (confidence level: 50%) | |
domainhojex31104-23437.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainadventurestoptop.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincuproomymis.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainweighcobbweo.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainkgbhostpro.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainveronicafola.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainjokernjrat.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainpics-accessory.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 100%) | |
domainspace.richstressop.cloud | MooBot botnet C2 domain (confidence level: 100%) | |
domainbot.floppaonyou.fr | Mirai botnet C2 domain (confidence level: 75%) | |
domainfantazy.space | Mirai botnet C2 domain (confidence level: 100%) | |
domainbotnet.fantazy.space | Mirai botnet C2 domain (confidence level: 100%) | |
domainlginchimfgfckeb.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainupdates.e-formsonline.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainns1.nactrace.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.nactrace.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file45.88.186.152 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file190.102.40.205 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file147.45.44.184 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file199.127.63.127 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file154.213.187.4 | Bashlite botnet C2 server (confidence level: 75%) | |
file139.59.3.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.156.193.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.193.69.138 | Sliver botnet C2 server (confidence level: 100%) | |
file65.38.120.146 | Sliver botnet C2 server (confidence level: 100%) | |
file107.173.101.225 | Sliver botnet C2 server (confidence level: 100%) | |
file69.197.145.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.120.113.143 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.32.110.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file186.169.53.160 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.78.40.166 | Havoc botnet C2 server (confidence level: 100%) | |
file139.64.51.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.212.169.131 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file39.109.117.51 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file54.144.139.77 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file139.9.188.51 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file84.38.133.193 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file84.247.162.141 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file111.196.130.95 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file45.61.136.85 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.61.136.52 | Unknown malware botnet C2 server (confidence level: 75%) | |
file195.177.95.66 | Stealc botnet C2 server (confidence level: 100%) | |
file106.52.176.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.220.162.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.239.83.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.22.155.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.155.181.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.230.116.0 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.59.25.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.199.210.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.198.209.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file187.72.219.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.85.136.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file142.171.211.69 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.105.109.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.94.101.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.32.39.201 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.27.3.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.157.231.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.157.231.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.199.155.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.203.140.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.206.227.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.192.237.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.192.237.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.134.212.158 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file94.156.167.138 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file60.205.227.255 | Sliver botnet C2 server (confidence level: 50%) | |
file85.90.246.69 | Unknown malware botnet C2 server (confidence level: 50%) | |
file94.232.244.62 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file154.61.74.64 | Hook botnet C2 server (confidence level: 50%) | |
file42.117.80.199 | XWorm botnet C2 server (confidence level: 100%) | |
file45.141.27.118 | XWorm botnet C2 server (confidence level: 100%) | |
file85.203.4.227 | XWorm botnet C2 server (confidence level: 100%) | |
file87.120.114.42 | XWorm botnet C2 server (confidence level: 100%) | |
file91.211.250.177 | XWorm botnet C2 server (confidence level: 100%) | |
file102.129.168.25 | XWorm botnet C2 server (confidence level: 100%) | |
file147.45.47.222 | XWorm botnet C2 server (confidence level: 100%) | |
file159.100.20.246 | XWorm botnet C2 server (confidence level: 100%) | |
file185.201.252.121 | XWorm botnet C2 server (confidence level: 100%) | |
file195.10.205.186 | XWorm botnet C2 server (confidence level: 100%) | |
file198.7.115.133 | XWorm botnet C2 server (confidence level: 100%) | |
file207.174.40.240 | XWorm botnet C2 server (confidence level: 100%) | |
file87.120.115.189 | Remcos botnet C2 server (confidence level: 100%) | |
file23.94.139.99 | Sliver botnet C2 server (confidence level: 100%) | |
file44.201.201.174 | Sliver botnet C2 server (confidence level: 100%) | |
file44.201.201.174 | Sliver botnet C2 server (confidence level: 100%) | |
file213.32.110.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file182.60.9.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.31.47.59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file148.113.165.11 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.94.14.88 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file201.27.181.65 | Havoc botnet C2 server (confidence level: 100%) | |
file185.208.156.157 | Havoc botnet C2 server (confidence level: 100%) | |
file196.120.15.148 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.154.190.128 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file112.16.250.188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file147.45.47.167 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file45.137.81.202 | DanaBot botnet C2 server (confidence level: 75%) | |
file64.225.61.173 | Sliver botnet C2 server (confidence level: 75%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file124.222.39.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.136.159.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.177.84 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file182.92.119.172 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.159.240 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file185.196.10.170 | XWorm botnet C2 server (confidence level: 100%) | |
file3.125.188.168 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.124.67.191 | NjRAT botnet C2 server (confidence level: 75%) | |
file193.181.23.127 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
file154.216.20.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.56.109.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.224.66.176 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.84.63.139 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.173.246.113 | XWorm botnet C2 server (confidence level: 100%) | |
file95.169.204.123 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.24 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.23 | XWorm botnet C2 server (confidence level: 100%) | |
file194.59.31.87 | XWorm botnet C2 server (confidence level: 100%) | |
file23.27.201.57 | XWorm botnet C2 server (confidence level: 100%) | |
file156.224.26.29 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file119.8.116.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.128.146.203 | Remcos botnet C2 server (confidence level: 100%) | |
file13.201.30.7 | Havoc botnet C2 server (confidence level: 100%) | |
file57.129.65.114 | Venom RAT botnet C2 server (confidence level: 100%) | |
file52.89.199.16 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file154.12.25.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.200.78.35 | Bashlite botnet C2 server (confidence level: 100%) | |
file111.230.5.199 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file170.64.134.129 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.102.172.203 | Mirai botnet C2 server (confidence level: 75%) | |
file104.234.205.134 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file199.204.161.37 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file84.247.162.141 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.94.31.215 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.196.8.68 | Hook botnet C2 server (confidence level: 100%) | |
file156.244.16.227 | Havoc botnet C2 server (confidence level: 100%) | |
file52.197.164.145 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.5.9 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.122.8.154 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file197.44.133.250 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.34.83.49 | Unknown malware botnet C2 server (confidence level: 50%) | |
file176.110.208.212 | NjRAT botnet C2 server (confidence level: 100%) | |
file87.120.125.56 | Mirai botnet C2 server (confidence level: 100%) | |
file87.120.117.141 | Mirai botnet C2 server (confidence level: 100%) | |
file94.103.125.184 | Mirai botnet C2 server (confidence level: 100%) | |
file94.103.125.184 | Mirai botnet C2 server (confidence level: 100%) | |
file154.62.226.5 | Mirai botnet C2 server (confidence level: 100%) | |
file45.139.104.177 | Mirai botnet C2 server (confidence level: 75%) | |
file193.26.115.238 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.141 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file149.102.147.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.215.247.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.102.104.88 | MooBot botnet C2 server (confidence level: 100%) | |
file188.49.61.79 | QakBot botnet C2 server (confidence level: 75%) | |
file54.38.94.225 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file54.38.94.225 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file8.222.163.56 | Viper RAT botnet C2 server (confidence level: 75%) | |
file192.169.69.26 | NjRAT botnet C2 server (confidence level: 100%) | |
file165.232.122.80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file18.117.146.34 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5552 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash11102 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2079 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash88 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10042 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1963 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash29745 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3334 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9998 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash444 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Hook botnet C2 server (confidence level: 50%) | |
hash1987 | XWorm botnet C2 server (confidence level: 100%) | |
hash7777 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash3991 | XWorm botnet C2 server (confidence level: 100%) | |
hash6382 | XWorm botnet C2 server (confidence level: 100%) | |
hash5555 | XWorm botnet C2 server (confidence level: 100%) | |
hash6699 | XWorm botnet C2 server (confidence level: 100%) | |
hash7772 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash65104 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash18333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1201 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5902 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2612 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash11211 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8848 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4040 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash13434 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash832 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4567 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash771 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3277 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8389 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8020 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1912 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3950 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8008 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash20000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2004 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash101 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash789 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5900 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash24637 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash9999 | Sliver botnet C2 server (confidence level: 75%) | |
hash3790 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3780 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10250 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8140 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash56001 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash19931 | NjRAT botnet C2 server (confidence level: 75%) | |
hash19931 | NjRAT botnet C2 server (confidence level: 75%) | |
hash5555 | Unknown Stealer botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4784 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash35724 | XWorm botnet C2 server (confidence level: 100%) | |
hash36343 | XWorm botnet C2 server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2004 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3276 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9201 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash103 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1311 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4242 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7987 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash465 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3499 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash554 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3299 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5671 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash16652 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1098 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2077 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2266 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2403 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4841 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash11101 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6008 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3035 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4730 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9200 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9768 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash102 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2087 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2380 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3049 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash101 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8009 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8139 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3001 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash311 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10000 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10042 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash25565 | NjRAT botnet C2 server (confidence level: 100%) | |
hash38241 | Mirai botnet C2 server (confidence level: 100%) | |
hash38241 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash101 | Mirai botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash1995 | Mirai botnet C2 server (confidence level: 75%) | |
hash8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash21 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6324 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8594 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash17297 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18577 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash17573 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7474 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash16992 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5211 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10470 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash771 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash808 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2628 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9023 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12824 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2405 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1963 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash13465 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19214 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9142 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash11112 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6575 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3456 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7028 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash17291 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1962 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2454 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6006 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash18246 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1244 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9601 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10260 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12113 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1801 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1883 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19500 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5984 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash19263 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8636 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8880 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8888 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash60000 | Viper RAT botnet C2 server (confidence level: 75%) | |
hash1984 | NjRAT botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Meterpreter botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://comtekinc.com/51w3.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://comtekinc.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gacisosh75.xyz/y2vkndy3otixnjc0/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://116.203.125.44/55f8f885bc7c41c8/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://193.233.134.93/2bbda8fbc3a204ca/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.152.113.10/15a25e53742510fe/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://64.95.13.166/c262c2557c712ca5/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://64.95.13.166/c262c2557c712ca5/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://trumpclaim.org/5-58324124/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://trumpclaim.org/file.mp3 | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://175.178.123.40:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://1.94.105.216:8000/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://karaakcan242.xyz/ntfknjvmntmyoddh/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://barcelonacokhojdur34.com/ntfknjvmntmyoddh/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://pejo106gtialsana34.com/ntfknjvmntmyoddh/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://reksonailemutluol434.com/ntfknjvmntmyoddh/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cocolaickeyflen34.com/ntfknjvmntmyoddh/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://154.61.74.64/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://solve.xgnv.org/awjsx.captcha | ClearFake payload delivery URL (confidence level: 75%) | |
urlhttps://api.telegram.org/bot7653235193:aaerxt3f2w-qztimivxt1ds_f7pbhdxw3fc/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://147.45.44.190 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://cf17360.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://climepunneddus.com/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://flockefaccek.org/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://guardeduppe.com/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://babberstalek.org/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://classyhelped.net/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://carrystuppeder.net/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://rebuildhurrte.com/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://176.123.1.211/dbdatalifeprivatecdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://8.210.146.82:18888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://93.123.39.132/cdb52cf952e86d4b/sqlite3.dll | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://85.28.47.70/c10a74a0c2f42c12/vcruntime140.dll | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://139.196.206.41:8080/ | Chaos botnet C2 (confidence level: 50%) | |
urlhttp://faodrt28.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://cutlej02.top/download.php?file=wapude.exe | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://pole4udes.ru/externalvideotosecurepacketgeoapiserverwordpressdle.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://lginchimfgfckeb.top/t9s1nq4j3lhtr.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://799615cm.nyashnyash.ru/linecpuprocessorlongpollprotectdbdatalifetemptemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://188.120.225.2/apidbdlecdntemporary.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc1e8347ec82d2db12d
Added to database: 5/20/2025, 1:04:01 PM
Last enriched: 6/19/2025, 3:49:02 PM
Last updated: 8/15/2025, 11:24:37 PM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-18
MediumMalwareTue Aug 19 2025
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumMalwareMon Aug 18 2025
Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.