ThreatFox IOCs for 2025-02-05
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-05
AI Analysis
Technical Summary
The provided information pertains to a malware threat identified as 'ThreatFox IOCs for 2025-02-05,' sourced from ThreatFox, a platform known for sharing threat intelligence indicators of compromise (IOCs). The threat is categorized under 'malware' with a focus on OSINT (Open Source Intelligence) tools or data, as indicated by the product tag 'osint.' There are no specific affected software versions or products listed, suggesting that this threat may be related to general malware activity or a collection of IOCs rather than a targeted vulnerability in a particular software product. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and distribution. No known exploits in the wild have been reported, and no patch links or CWE identifiers are provided, indicating that this is likely an intelligence report on malware indicators rather than a newly discovered exploit or vulnerability. The absence of indicators in the provided data limits the ability to analyze specific attack vectors or malware behaviors. The threat is tagged with 'tlp:white,' meaning the information is intended for public sharing without restriction. Overall, this appears to be a medium-severity malware threat report focusing on IOCs relevant for early February 2025, intended to inform security teams about potential malware activity patterns rather than a direct, active exploit targeting specific systems.
Potential Impact
For European organizations, the impact of this malware threat is currently assessed as medium due to the lack of specific exploit details or targeted vulnerabilities. Since the threat relates to OSINT and malware IOCs without identified active exploits, the immediate risk to confidentiality, integrity, or availability is moderate. However, organizations relying heavily on OSINT tools or those that integrate threat intelligence feeds similar to ThreatFox may face increased exposure if these IOCs correspond to emerging malware campaigns. The absence of known exploits in the wild reduces the likelihood of immediate widespread disruption, but the presence of malware IOCs indicates potential reconnaissance or preparatory stages of an attack. European entities in sectors such as finance, critical infrastructure, and government could be indirectly affected if adversaries leverage these IOCs to tailor attacks. Additionally, the medium severity suggests that while the threat is not critical, it warrants attention to prevent escalation or exploitation in the future.
Mitigation Recommendations
Given the nature of this threat as an IOC report without specific exploit details, European organizations should focus on enhancing their threat intelligence integration and proactive detection capabilities. Practical steps include: 1) Incorporate the latest ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activity. 2) Conduct regular threat hunting exercises using updated IOCs to identify potential infections or suspicious behaviors early. 3) Ensure OSINT tools and threat intelligence platforms are securely configured and regularly updated to avoid supply chain risks. 4) Train security analysts to interpret and act upon IOC data effectively, emphasizing correlation with internal logs and network traffic. 5) Implement network segmentation and strict access controls to limit malware propagation if detected. 6) Maintain robust backup and recovery procedures to mitigate potential impact on data availability. These measures go beyond generic advice by emphasizing integration of specific IOC data, active threat hunting, and secure OSINT tool management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: check.repw.run
- url: https://check.repw.run/gkcxv.google
- file: 147.185.221.24
- hash: 24206
- file: 147.185.221.22
- hash: 40639
- domain: mj2025.ddns.net
- domain: good-engaged.at.playit.gg
- domain: supportinformtion.serveirc.com
- domain: agdsagds.kro.kr
- url: http://broadflame.site/index.php
- url: https://116.202.5.153/
- file: 109.107.140.195
- hash: 6443
- file: 178.73.192.6
- hash: 2404
- file: 195.177.95.222
- hash: 2404
- file: 185.199.224.91
- hash: 2404
- file: 45.145.42.103
- hash: 2404
- file: 64.227.2.237
- hash: 443
- file: 197.2.31.108
- hash: 1177
- file: 182.114.200.213
- hash: 5873
- file: 191.96.207.98
- hash: 6606
- file: 5.252.178.137
- hash: 443
- file: 68.183.113.240
- hash: 443
- file: 186.169.57.33
- hash: 1000
- file: 186.169.52.131
- hash: 8090
- file: 34.222.21.132
- hash: 54240
- file: 13.125.80.32
- hash: 4730
- file: 52.53.243.107
- hash: 8090
- domain: u1.praisingtummyunless.shop
- domain: check.repw.run
- url: http://80.64.30.238/evix.xll
- file: 94.156.166.171
- hash: 80
- file: 116.205.98.214
- hash: 81
- file: 51.89.158.68
- hash: 222
- file: 51.89.158.68
- hash: 2222
- file: 103.245.231.10
- hash: 80
- file: 80.76.51.139
- hash: 8089
- domain: 78.153.130.17.sslip.io
- file: 185.229.237.139
- hash: 80
- file: 45.150.34.31
- hash: 443
- file: 68.69.186.30
- hash: 80
- file: 87.251.78.37
- hash: 4000
- file: 46.153.112.54
- hash: 443
- url: http://gate.anonzone.com/api.php
- domain: www.gallant-pike.45-77-153-108.plesk.page
- domain: elevatorretreat.shop
- domain: phoenixsoulpeace.shop
- domain: server-5-252-178-137.da.direct
- file: 195.177.95.241
- hash: 8443
- file: 138.199.193.216
- hash: 5000
- file: 44.210.33.181
- hash: 443
- file: 51.75.19.116
- hash: 3333
- file: 65.1.231.40
- hash: 3333
- file: 172.105.40.64
- hash: 443
- file: 16.170.244.187
- hash: 3333
- file: 3.142.35.219
- hash: 3333
- file: 172.105.58.88
- hash: 443
- file: 18.189.123.21
- hash: 8443
- file: 35.157.43.230
- hash: 80
- file: 193.56.23.80
- hash: 8080
- file: 35.174.207.213
- hash: 8080
- file: 168.75.71.205
- hash: 3333
- file: 100.20.31.172
- hash: 443
- file: 138.68.75.190
- hash: 443
- file: 138.199.162.191
- hash: 443
- file: 185.82.218.150
- hash: 3333
- file: 54.227.172.218
- hash: 3333
- file: 35.240.140.118
- hash: 3456
- file: 128.199.179.234
- hash: 4443
- file: 49.12.10.133
- hash: 443
- file: 83.229.120.165
- hash: 28888
- file: 74.226.247.135
- hash: 80
- hash: 8827ac9f2fd46f34170be51f1fe47baf
- hash: aaf295f600b8d6b211880e458dac8350
- hash: 9a5ff344263aa79121b60730ebbc201d
- hash: 2918b9ddaf12a57f6710c07515b27a8b
- hash: 95f6de7442e040fb10547140a05ddd45
- hash: bff3fdbff0a5d4aa1c03f7982c968e54
- hash: e44eb48c7f72ffac5af3c7a37bf80587
- hash: b0a59e8b365962c73da486bccc361354
- hash: 302f76897e4e5c8c98a52a38c4c98443
- hash: 503f112e243519a1b9e0344499561908
- hash: 604ea52ac70d5189504788be828d1589
- hash: ec0a65af65cc430ed6feb769f92edb6f
- hash: 892c3dd7315ccbad1967c7d99f1de756
- hash: 203f7cfbf22b30408591e6148f5978350676268b
- hash: a25dff88aeeaaf9f956446151a9d786495e2c546
- hash: aa172bdccb8c14f53c059c8433c539049b6c2cdd
- hash: 7da429f6d2cdd8a63b3930074797b990c02dc108
- hash: 7e07765bf8ee2d0b2233039623016d6dfb610a6d
- hash: 828a323b92b24caa5f5e3eff438db4556d15f215
- hash: 831cdcde47b4edbe27524085a6706fbfb9526cef
- hash: 8667078a88dae5471f50473a332f6c80b583d3de
- hash: dba1454fbea1dd917712fbece9d6725244119f83
- hash: e876ba6e23e09206f358dbd3a3642a7fd311bb22
- hash: 17e3906f6c4c97b6f5d10e0e0e7f2a2e2c97ca54
- hash: 2e51218985afcaa18eadc5775e6b374c78e2d85f
- hash: de3f83af6897a124d1e85a65818a80570b33c47c
- hash: 388ac48764927fa353328104d5a32ad825af51ce
- hash: 1a28013e4343fddf13e5c721f91970e942073b88
- hash: 3e16c6489bac4ac2d76c555eb1c263cd7e92c9a5
- hash: 76e3cb7be778f22d207623ce1907c1659f2c8215
- hash: b0caf49884d68f72d2a62aa32d5edf0e79fd9de1
- hash: bd73a1c03c24a8cdd744d8a513ae8d2ddfa2de5f
- hash: ccac0f0ba463c414b26ba67b5a3ddaabdef6d371
- hash: d8245cdf6f51216f29a71f25e70de827186bdf71
- hash: b071fbd9c42ff660e3f240e1921533e40f0067eb
- hash: ee7a557347a10f74696dc19512ccc5fcfca77bc5
- domain: zoom.callservice.us
- domain: check.puvt.run
- file: 138.124.90.180
- hash: 80
- url: https://check.puvt.run/gkcxv.google
- url: https://proxyyy.pages.dev/favicon.ico
- url: https://185.215.113.16/jo89ku7d/login.php
- url: http://103.245.231.10/
- file: 105.101.179.169
- hash: 38672
- domain: certain-advanced.gl.at.ply.gg
- domain: discussion-ix.gl.at.ply.gg
- url: http://www.yrshire.xyz/k15k/
- domain: alhocobser.digital
- domain: natureinspirged.top
- domain: newsite.iapmd.org
- file: 185.140.53.117
- hash: 1985
- url: https://check.jefx.shop/gkcxv.google
- domain: check.jefx.shop
- domain: breakingthroughs.freemyip.com
- domain: travelingwealth.duckdns.org
- file: 172.111.137.101
- hash: 3890
- url: http://fly.storage.tigris.dev/zangaroo/zingaloobilo-funaround-next.html
- domain: check.pylo.site
- url: https://check.pylo.site/gkcxv.google
- domain: check.zyfu.site
- file: 124.71.237.28
- hash: 80
- file: 180.140.176.40
- hash: 8443
- file: 185.208.158.2
- hash: 2404
- file: 192.3.146.173
- hash: 465
- file: 146.190.113.131
- hash: 443
- file: 78.179.128.55
- hash: 3000
- file: 178.208.169.232
- hash: 8808
- file: 62.60.248.28
- hash: 1604
- file: 194.87.31.69
- hash: 80
- url: https://check.zyfu.site/gkcxv.google
- file: 103.68.195.70
- hash: 80
- file: 198.23.136.134
- hash: 8888
- url: https://check.wozy.site/gkcxv.google
- domain: check.wozy.site
- url: https://video-leech.xyz/api
- url: https://fangyevasive.shop/api
- url: https://dwriftycloud.pics/api
- file: 107.174.95.172
- hash: 8080
- file: 136.0.8.169
- hash: 443
- domain: strows.info
- domain: ssdru.info
- file: 198.134.107.41
- hash: 443
- file: 89.208.113.56
- hash: 8888
- file: 38.240.36.233
- hash: 1912
- url: https://check.xyms.run/gkcxv.google
- domain: check.xyms.run
- domain: check.hobx.run
- url: http://cm38152.tw1.ru/l1nc0in.php
- url: https://check.hobx.run/gkcxv.google
- url: https://viagrapillerpris.top/work/original.js
- url: https://viagrapillerpris.top/work/index.php
- url: https://viagrapillerpris.top/work/files.php
- domain: check.pesa.run
- domain: check.munz.run
- domain: check.lyvc.run
- domain: check.socu.run
- domain: check.tugy.run
- domain: check.vyrh.run
- domain: check.xecy.run
- file: 104.21.80.1
- hash: 80
- file: 204.95.99.26
- hash: 5552
- url: https://plafyfulsunbeam.boats/api
- url: https://hopeefreamed.com/api
- url: http://138.124.90.180/
- file: 3.25.140.14
- hash: 264
- file: 5.205.216.100
- hash: 6001
- file: 82.202.173.167
- hash: 8083
- domain: rooom.zapto.org
- domain: creatednewauthorstarting.duckdns.org
- domain: access-expenses.gl.at.ply.gg
- url: http://hotfriction.xyz/lkoo.php
- domain: hotfriction.xyz
- domain: summerbag.icu
- url: http://irubix.ir/wp-content/images/fre.php
- file: 74.50.94.175
- hash: 9992
- file: 74.50.94.175
- hash: 7032
- domain: check.guhv.run
- file: 141.98.197.31
- hash: 6443
- file: 121.43.131.0
- hash: 8888
- file: 192.3.146.173
- hash: 1243
- file: 192.3.146.173
- hash: 14645
- url: https://actpisalnplay.cyou/vywx/
- url: https://bitcoinvendor.xyz/mnh7/
- url: https://blockchainuniverse.xyz/qr9s/
- url: https://cheapwil.shop/ekxu/
- url: https://condition.studio/fo9s/
- url: https://freshrizon.life/ds8w/
- url: https://garfo.xyz/gsph/
- url: https://kpilal.info/nais/
- url: https://shibbets.xyz/ynbe/
- url: https://vivamente.shop/z22v/
- file: 176.65.144.162
- hash: 8808
- file: 205.234.181.253
- hash: 8008
- file: 45.125.66.29
- hash: 8808
- file: 45.125.66.29
- hash: 9090
- file: 103.245.231.10
- hash: 8089
- file: 181.162.143.10
- hash: 8080
- file: 156.244.6.101
- hash: 443
- file: 199.247.17.239
- hash: 7000
- url: https://check.guhv.run/gkcxv.google
- file: 147.45.71.230
- hash: 41593
- file: 138.124.53.206
- hash: 2718
- file: 172.245.208.17
- hash: 14645
- url: http://37.220.0.54/1448/logs/fre.php
- url: http://storeagroculturnaya.ru/index.php
- domain: storeagroculturnaya.ru
- file: 13.48.129.198
- hash: 7777
- domain: check.reqy.digital
- domain: check.beft.run
- domain: check.vukh.run
- domain: check.volp.run
- domain: check.qekr.run
- file: 65.108.80.58
- hash: 443
- file: 212.104.133.72
- hash: 443
- file: 216.245.184.170
- hash: 443
- domain: clubfleetwood.com
- domain: ikun.blacktelson.cloudns.ch
- domain: microsaft.club
- url: https://lifewis.com/3w1q.js
- domain: lifewis.com
- url: https://lifewis.com/js.php
- url: https://vdrdid.shop/work/original.js
- domain: vdrdid.shop
- url: https://vdrdid.shop/work/index.php
- url: https://vdrdid.shop/work/file.php
- url: https://lakestreetsolar.com/1.zip
- domain: check.gity.site
- url: https://check.gity.site/gkcxv.google
- url: https://youarewatched.fun/api/get/dll
- url: https://youarewatched.fun/api/get/zipplus
- url: https://skeletonwatcher.rest/api/get/inj
- domain: youarewatched.fun
- url: https://beggis.lol/
- domain: beggis.lol
- file: 5.75.214.119
- hash: 443
- domain: tarneps.top
- domain: z72aoe50.com
- domain: qryyueeriberto.com
- domain: kuu15austin21.com
- domain: v15zxnapoleonln.com
- domain: wxts86squom.com
- url: https://daylightlights.xyz
- domain: getratted.no-ip.info
- domain: zerocyber.no-ip.biz
- domain: kiberdrocher.no-ip.org
- domain: pruebadante.no-ip.org
- domain: furybotz420.no-ip.biz
- domain: rsgpsphat.no-ip.biz
- domain: shakur.dyndns.biz
- domain: viotto.no-ip.org
- domain: henryshadowrod.no-ip.org
- domain: sabr.no-ip.org
- domain: srx-server.dyndns-ip.com
- domain: cosmikfucku.no-ip.biz
- domain: winactivation.dnsalias.com
- domain: vittimaproject.no-ip.org
- domain: zerozam.no-ip.info
- domain: martins147.no-ip.org
- domain: xdarkpoi.no-ip.biz
- domain: motumbox.no-ip.org
- domain: kannshost.no-ip.biz
- domain: mikeyboii11.no-ip.biz
- domain: moeckel.zapto.org
- domain: sparkyisgay.no-ip.info
- domain: jaafar-2010.no-ip.biz
- domain: natashale1.no-ip.biz
- domain: xurplecg.no-ip.biz
- domain: foryou00.dyndns.org
- domain: zerozam.no-ip.org
- domain: imene-rock.no-ip.biz
- domain: kalash2r.no-ip.biz
- domain: rsmills.no-ip.org
- domain: ekremradar.no-ip.biz
- domain: reverse.dvrdns.org
- domain: hala.no-ip.biz
- domain: merkmerklol.no-ip.biz
- domain: kepkep1.no-ip.org
- domain: bagnag2.no-ip.biz
- domain: galeradajhon.no-ip.biz
- domain: pay11301.no-ip.biz
- domain: jjhit22.servebeer.com
- domain: martinote.no-ip.biz
- domain: kamikaze28.no-ip.org
- domain: drnoob.no-ip.org
- domain: itrulycareping.no-ip.biz
- domain: miglio.no-ip.com
- domain: r3d4ss.no-ip.biz
- domain: darkcometrat.no-ip.biz
- domain: hackforlive.no-ip.biz
- domain: merde-dofus2.zapto.org
- domain: jonyjames.no-ip.biz
- domain: hackforumuser.no-ip.biz
- domain: cybergates97.no-ip.biz
- file: 84.240.10.41
- hash: 82
- file: 84.240.10.41
- hash: 81
- file: 84.54.205.92
- hash: 81
- file: 41.227.44.136
- hash: 81
- file: 194.37.80.234
- hash: 666
- file: 193.233.203.30
- hash: 666
- file: 147.45.78.4
- hash: 999
- file: 45.87.246.149
- hash: 4258
- file: 15.204.128.30
- hash: 6149
- file: 217.61.113.40
- hash: 666
- file: 24.199.116.85
- hash: 4258
- file: 185.237.15.131
- hash: 666
- domain: 11hawler.zapto.org
- domain: tvirus.no-ip.info
- domain: shakro.zapto.org
- domain: wtfisgoingonman.no-ip.biz
- domain: shakro.no-ip.info
- domain: larissa.no-ip.biz
- domain: takportal.net
- domain: shvanberzan.no-ip.info
- domain: halimaw15.zapto.org
- domain: iratskids.zapto.org
- domain: hakan111.zapto.org
- domain: mori.giize.com
- domain: secure-box.zapto.org
- domain: sepha.ddns.net
- domain: skittle.no-ip.org
- file: 195.174.165.144
- hash: 1604
- file: 147.45.116.68
- hash: 443
- file: 195.211.190.122
- hash: 8808
- file: 51.89.158.68
- hash: 888
- file: 85.31.47.104
- hash: 555
- file: 51.38.119.244
- hash: 6606
- file: 203.159.90.115
- hash: 80
- file: 177.71.130.31
- hash: 20545
- file: 103.162.208.5
- hash: 2095
- file: 31.130.148.231
- hash: 443
- file: 199.247.17.239
- hash: 4449
- file: 70.18.38.56
- hash: 25565
- file: 38.55.138.146
- hash: 8880
- file: 160.119.251.40
- hash: 8443
- file: 162.33.179.99
- hash: 1433
- url: https://check.djtvx.online/gkcxv.google
- domain: check.djtvx.online
- file: 103.130.214.198
- hash: 666
- domain: host85500.info
- file: 45.93.9.167
- hash: 15322
- file: 45.149.241.35
- hash: 3608
- file: 185.121.233.152
- hash: 20232
- url: http://hkdecchgkhgleal.top/1.php
- domain: microsoft.no-ip.biz
- url: http://91.214.78.88/vmsecureservertrafficwptemp.php
- file: 101.37.162.62
- hash: 9205
- file: 205.234.181.253
- hash: 4444
- file: 110.43.68.225
- hash: 10001
- file: 42.157.163.147
- hash: 10001
- url: http://45.200.149.43/9e16d717fbeceda0/vcruntime140.dll
- url: http://45.200.149.45/9e16d717fbeceda0/vcruntime140.dll
- url: https://185.215.113.16/fru7nk9/login.php
- url: http://203.159.90.115/
- url: http://www.71401.shop/g43m/
- url: http://www.8328.shop/g43m/
- url: http://www.917183.club/g43m/
- url: http://www.939951.xyz/g43m/
- url: http://www.alistika.info/g43m/
- url: http://www.alooytv17.shop/g43m/
- url: http://www.astral.directory/g43m/
- url: http://www.auslift.equipment/g43m/
- url: http://www.bakalaomemeapps.xyz/g43m/
- url: http://www.bujangjp-gtm.xyz/g43m/
- url: http://www.chicprotect.shop/g43m/
- url: http://www.comitatogroscavallo.info/g43m/
- url: http://www.contract-jobs-82251.bond/g43m/
- url: http://www.cpt1025.top/g43m/
- url: http://www.dental-implants-26269.bond/g43m/
- url: http://www.dnregistry.net/g43m/
- url: http://www.eepthought.social/g43m/
- url: http://www.engagementrings-ar-271129.today/g43m/
- url: http://www.esperanza.live/g43m/
- url: http://www.euweb.shop/g43m/
- url: http://www.exusintelligence.xyz/g43m/
- url: http://www.fyw.info/g43m/
- url: http://www.glovesforboxes.shop/g43m/
- url: http://www.gmn089.top/g43m/
- url: http://www.growing.digital/g43m/
- url: http://www.heavydutyweld.shop/g43m/
- url: http://www.hjrdz.xyz/g43m/
- url: http://www.home-remodeling-54747.bond/g43m/
- url: http://www.hwamk91b7bgpkjob.xyz/g43m/
- url: http://www.influencer-marketing-24346.bond/g43m/
- url: http://www.j0g8d.skin/g43m/
- url: http://www.jiuse1889.xyz/g43m/
- url: http://www.junepages.online/g43m/
- url: http://www.kronoseletronicos.online/g43m/
- url: http://www.kruzhka-tut.online/g43m/
- url: http://www.lawnwonder.store/g43m/
- url: http://www.liberateyoursoul.net/g43m/
- url: http://www.loanplan.xyz/g43m/
- url: http://www.make-money-online-55635.bond/g43m/
- url: http://www.mlrgarments.net/g43m/
- url: http://www.msdvo45e.top/g43m/
- url: http://www.news-xzurufo.xyz/g43m/
- url: http://www.oncasino.xyz/g43m/
- url: http://www.online-advertising-96729.bond/g43m/
- url: http://www.osipovs.digital/g43m/
- url: http://www.pasanghoki3.homes/g43m/
- url: http://www.pgflow.cloud/g43m/
- url: http://www.qpb5vwhgmlfapfka.cyou/g43m/
- url: http://www.roamer.social/g43m/
- url: http://www.rumseysabinsargos.cloud/g43m/
- url: http://www.senior-living-17169.bond/g43m/
- url: http://www.sipoja.shop/g43m/
- url: http://www.smarminds.xyz/g43m/
- url: http://www.spotifyi.vip/g43m/
- url: http://www.staplerl.shop/g43m/
- url: http://www.swirlstakedtawkee.cloud/g43m/
- url: http://www.t7wghnrpj3c6m.buzz/g43m/
- url: http://www.vxgjhgbx.top/g43m/
- url: http://www.whisps.cloud/g43m/
- url: http://www.wq9915.cyou/g43m/
- url: http://www.wvyzvej7f.xyz/g43m/
- url: http://www.xxtoexy001.sbs/g43m/
- url: http://www.ytmp3.town/g43m/
- url: http://www.yugen4dno1.art/g43m/
- url: http://www.zycr.shop/g43m/
- domain: www.71401.shop
- domain: www.8328.shop
- domain: www.917183.club
- domain: www.939951.xyz
- domain: www.alistika.info
- domain: www.alooytv17.shop
- domain: www.astral.directory
- domain: www.auslift.equipment
- domain: www.bakalaomemeapps.xyz
- domain: www.bujangjp-gtm.xyz
- domain: www.chicprotect.shop
- domain: www.comitatogroscavallo.info
- domain: www.contract-jobs-82251.bond
- domain: www.cpt1025.top
- domain: www.dental-implants-26269.bond
- domain: www.dnregistry.net
- domain: www.eepthought.social
- domain: www.engagementrings-ar-271129.today
- domain: www.esperanza.live
- domain: www.euweb.shop
- domain: www.exusintelligence.xyz
- domain: www.fyw.info
- domain: www.glovesforboxes.shop
- domain: www.gmn089.top
- domain: www.growing.digital
- domain: www.heavydutyweld.shop
- domain: www.hjrdz.xyz
- domain: www.home-remodeling-54747.bond
- domain: www.hwamk91b7bgpkjob.xyz
- domain: www.influencer-marketing-24346.bond
- domain: www.j0g8d.skin
- domain: www.jiuse1889.xyz
- domain: www.junepages.online
- domain: www.kronoseletronicos.online
- domain: www.kruzhka-tut.online
- domain: www.lawnwonder.store
- domain: www.liberateyoursoul.net
- domain: www.loanplan.xyz
- domain: www.make-money-online-55635.bond
- domain: www.mlrgarments.net
- domain: www.msdvo45e.top
- domain: www.news-xzurufo.xyz
- domain: www.oncasino.xyz
- domain: www.online-advertising-96729.bond
- domain: www.osipovs.digital
- domain: www.pasanghoki3.homes
- domain: www.pgflow.cloud
- domain: www.qpb5vwhgmlfapfka.cyou
- domain: www.roamer.social
- domain: www.rumseysabinsargos.cloud
- domain: www.senior-living-17169.bond
- domain: www.sipoja.shop
- domain: www.smarminds.xyz
- domain: www.spotifyi.vip
- domain: www.staplerl.shop
- domain: www.swirlstakedtawkee.cloud
- domain: www.t7wghnrpj3c6m.buzz
- domain: www.vxgjhgbx.top
- domain: www.whisps.cloud
- domain: www.wq9915.cyou
- domain: www.wvyzvej7f.xyz
- domain: www.xxtoexy001.sbs
- domain: www.ytmp3.town
- domain: www.yugen4dno1.art
- domain: www.zycr.shop
- file: 102.43.247.109
- hash: 2525
- url: https://pastebin.com/raw/f8zyeb1m
- domain: feedback-dow.gl.at.ply.gg
- file: 147.185.221.25
- hash: 51330
- url: https://weixe.ir/txt/rw1eblwswwfwzzx.exe
- url: http://47.90.208.22:8888/supershell/login/
- hash: 6c706df697ad8dc8f0867a4f65817216
- domain: gso2.mail163.info
- file: 102.158.1.30
- hash: 1177
- file: 185.73.124.238
- hash: 443
- file: 79.110.49.32
- hash: 2404
- file: 213.152.187.200
- hash: 32491
- file: 186.169.57.33
- hash: 2404
- file: 172.174.131.78
- hash: 443
- file: 94.159.113.222
- hash: 80
- file: 163.5.32.231
- hash: 8808
- file: 78.179.128.55
- hash: 8808
- file: 78.179.128.55
- hash: 20000
- file: 194.233.73.173
- hash: 37443
- domain: api.runeverse.tools
- file: 172.247.194.227
- hash: 26352
- file: 15.235.149.57
- hash: 8080
- file: 5.34.214.137
- hash: 80
- file: 91.245.255.27
- hash: 8443
- file: 101.201.118.20
- hash: 8099
- file: 5.180.174.191
- hash: 31337
- file: 65.38.120.136
- hash: 1690
- file: 1.161.70.180
- hash: 443
- file: 146.190.113.131
- hash: 8888
- file: 217.160.192.139
- hash: 8888
- file: 119.91.243.146
- hash: 443
- file: 185.73.124.238
- hash: 80
- file: 20.74.209.192
- hash: 443
- file: 144.217.253.149
- hash: 443
ThreatFox IOCs for 2025-02-05
Medium
Published: Wed Feb 05 2025 (02/05/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-05
AI-Powered Analysis
AILast updated: 06/19/2025, 15:49:58 UTC
Technical Analysis
The provided information pertains to a malware threat identified as 'ThreatFox IOCs for 2025-02-05,' sourced from ThreatFox, a platform known for sharing threat intelligence indicators of compromise (IOCs). The threat is categorized under 'malware' with a focus on OSINT (Open Source Intelligence) tools or data, as indicated by the product tag 'osint.' There are no specific affected software versions or products listed, suggesting that this threat may be related to general malware activity or a collection of IOCs rather than a targeted vulnerability in a particular software product. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and distribution. No known exploits in the wild have been reported, and no patch links or CWE identifiers are provided, indicating that this is likely an intelligence report on malware indicators rather than a newly discovered exploit or vulnerability. The absence of indicators in the provided data limits the ability to analyze specific attack vectors or malware behaviors. The threat is tagged with 'tlp:white,' meaning the information is intended for public sharing without restriction. Overall, this appears to be a medium-severity malware threat report focusing on IOCs relevant for early February 2025, intended to inform security teams about potential malware activity patterns rather than a direct, active exploit targeting specific systems.
Potential Impact
For European organizations, the impact of this malware threat is currently assessed as medium due to the lack of specific exploit details or targeted vulnerabilities. Since the threat relates to OSINT and malware IOCs without identified active exploits, the immediate risk to confidentiality, integrity, or availability is moderate. However, organizations relying heavily on OSINT tools or those that integrate threat intelligence feeds similar to ThreatFox may face increased exposure if these IOCs correspond to emerging malware campaigns. The absence of known exploits in the wild reduces the likelihood of immediate widespread disruption, but the presence of malware IOCs indicates potential reconnaissance or preparatory stages of an attack. European entities in sectors such as finance, critical infrastructure, and government could be indirectly affected if adversaries leverage these IOCs to tailor attacks. Additionally, the medium severity suggests that while the threat is not critical, it warrants attention to prevent escalation or exploitation in the future.
Mitigation Recommendations
Given the nature of this threat as an IOC report without specific exploit details, European organizations should focus on enhancing their threat intelligence integration and proactive detection capabilities. Practical steps include: 1) Incorporate the latest ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to improve detection of related malware activity. 2) Conduct regular threat hunting exercises using updated IOCs to identify potential infections or suspicious behaviors early. 3) Ensure OSINT tools and threat intelligence platforms are securely configured and regularly updated to avoid supply chain risks. 4) Train security analysts to interpret and act upon IOC data effectively, emphasizing correlation with internal logs and network traffic. 5) Implement network segmentation and strict access controls to limit malware propagation if detected. 6) Maintain robust backup and recovery procedures to mitigate potential impact on data availability. These measures go beyond generic advice by emphasizing integration of specific IOC data, active threat hunting, and secure OSINT tool management.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- b3552afc-ec02-453c-98b6-f80cad694f5b
- Original Timestamp
- 1738800187
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.repw.run | ClearFake payload delivery domain (confidence level: 100%) | |
domainmj2025.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domaingood-engaged.at.playit.gg | NjRAT botnet C2 domain (confidence level: 100%) | |
domainsupportinformtion.serveirc.com | NjRAT botnet C2 domain (confidence level: 100%) | |
domainagdsagds.kro.kr | NjRAT botnet C2 domain (confidence level: 100%) | |
domainu1.praisingtummyunless.shop | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.repw.run | ClearFake botnet C2 domain (confidence level: 100%) | |
domain78.153.130.17.sslip.io | Hook botnet C2 domain (confidence level: 100%) | |
domainwww.gallant-pike.45-77-153-108.plesk.page | ShadowPad botnet C2 domain (confidence level: 90%) | |
domainelevatorretreat.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainphoenixsoulpeace.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainserver-5-252-178-137.da.direct | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainzoom.callservice.us | FlexibleFerret botnet C2 domain (confidence level: 50%) | |
domaincheck.puvt.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincertain-advanced.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaindiscussion-ix.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainalhocobser.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainnatureinspirged.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainnewsite.iapmd.org | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaincheck.jefx.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domainbreakingthroughs.freemyip.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintravelingwealth.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincheck.pylo.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.zyfu.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.wozy.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainstrows.info | Kimsuky botnet C2 domain (confidence level: 75%) | |
domainssdru.info | Kimsuky botnet C2 domain (confidence level: 75%) | |
domaincheck.xyms.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.hobx.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.pesa.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.munz.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.lyvc.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.socu.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.tugy.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.vyrh.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.xecy.run | ClearFake payload delivery domain (confidence level: 100%) | |
domainrooom.zapto.org | NjRAT botnet C2 domain (confidence level: 50%) | |
domaincreatednewauthorstarting.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainaccess-expenses.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainhotfriction.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsummerbag.icu | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.guhv.run | ClearFake payload delivery domain (confidence level: 100%) | |
domainstoreagroculturnaya.ru | SmokeLoader botnet C2 domain (confidence level: 100%) | |
domaincheck.reqy.digital | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.beft.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.vukh.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.volp.run | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.qekr.run | ClearFake payload delivery domain (confidence level: 100%) | |
domainclubfleetwood.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainikun.blacktelson.cloudns.ch | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmicrosaft.club | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainlifewis.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainvdrdid.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.gity.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainyouarewatched.fun | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainbeggis.lol | Vidar botnet C2 domain (confidence level: 100%) | |
domaintarneps.top | Gozi botnet C2 domain (confidence level: 100%) | |
domainz72aoe50.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainqryyueeriberto.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainkuu15austin21.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainv15zxnapoleonln.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainwxts86squom.com | Gozi botnet C2 domain (confidence level: 100%) | |
domaingetratted.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzerocyber.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkiberdrocher.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainpruebadante.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfurybotz420.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrsgpsphat.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainshakur.dyndns.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainviotto.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhenryshadowrod.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsabr.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsrx-server.dyndns-ip.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincosmikfucku.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainwinactivation.dnsalias.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainvittimaproject.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzerozam.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmartins147.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxdarkpoi.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmotumbox.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkannshost.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmikeyboii11.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmoeckel.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsparkyisgay.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjaafar-2010.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnatashale1.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxurplecg.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainforyou00.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzerozam.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainimene-rock.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkalash2r.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrsmills.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainekremradar.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainreverse.dvrdns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhala.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmerkmerklol.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkepkep1.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbagnag2.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingaleradajhon.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainpay11301.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjjhit22.servebeer.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmartinote.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkamikaze28.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindrnoob.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainitrulycareping.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmiglio.no-ip.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainr3d4ss.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindarkcometrat.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhackforlive.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmerde-dofus2.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjonyjames.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhackforumuser.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincybergates97.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domain11hawler.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintvirus.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainshakro.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwtfisgoingonman.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainshakro.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainlarissa.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintakportal.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainshvanberzan.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhalimaw15.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainiratskids.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhakan111.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmori.giize.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsecure-box.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsepha.ddns.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainskittle.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincheck.djtvx.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainhost85500.info | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmicrosoft.no-ip.biz | Xtreme RAT botnet C2 domain (confidence level: 100%) | |
domainwww.71401.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.8328.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.917183.club | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.939951.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.alistika.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.alooytv17.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.astral.directory | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.auslift.equipment | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bakalaomemeapps.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bujangjp-gtm.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.chicprotect.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.comitatogroscavallo.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.contract-jobs-82251.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.cpt1025.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dental-implants-26269.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dnregistry.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eepthought.social | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.engagementrings-ar-271129.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.esperanza.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.euweb.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.exusintelligence.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.fyw.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.glovesforboxes.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gmn089.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.growing.digital | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.heavydutyweld.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hjrdz.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.home-remodeling-54747.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hwamk91b7bgpkjob.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.influencer-marketing-24346.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.j0g8d.skin | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.jiuse1889.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.junepages.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.kronoseletronicos.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.kruzhka-tut.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lawnwonder.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.liberateyoursoul.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.loanplan.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.make-money-online-55635.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mlrgarments.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.msdvo45e.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.news-xzurufo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oncasino.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.online-advertising-96729.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.osipovs.digital | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pasanghoki3.homes | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pgflow.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.qpb5vwhgmlfapfka.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.roamer.social | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rumseysabinsargos.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.senior-living-17169.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.sipoja.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.smarminds.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.spotifyi.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.staplerl.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.swirlstakedtawkee.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.t7wghnrpj3c6m.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.vxgjhgbx.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.whisps.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wq9915.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wvyzvej7f.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.xxtoexy001.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ytmp3.town | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.yugen4dno1.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zycr.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainfeedback-dow.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaingso2.mail163.info | SideWinder botnet C2 domain (confidence level: 100%) | |
domainapi.runeverse.tools | Hook botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.repw.run/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://broadflame.site/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttps://116.202.5.153/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://80.64.30.238/evix.xll | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://gate.anonzone.com/api.php | Agent Tesla botnet C2 (confidence level: 100%) | |
urlhttps://check.puvt.run/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://proxyyy.pages.dev/favicon.ico | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://185.215.113.16/jo89ku7d/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttp://103.245.231.10/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://www.yrshire.xyz/k15k/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://check.jefx.shop/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://fly.storage.tigris.dev/zangaroo/zingaloobilo-funaround-next.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://check.pylo.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.zyfu.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.wozy.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://video-leech.xyz/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fangyevasive.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dwriftycloud.pics/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.xyms.run/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://cm38152.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.hobx.run/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://viagrapillerpris.top/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://viagrapillerpris.top/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://viagrapillerpris.top/work/files.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://plafyfulsunbeam.boats/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hopeefreamed.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://138.124.90.180/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://hotfriction.xyz/lkoo.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://irubix.ir/wp-content/images/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://actpisalnplay.cyou/vywx/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://bitcoinvendor.xyz/mnh7/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://blockchainuniverse.xyz/qr9s/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://cheapwil.shop/ekxu/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://condition.studio/fo9s/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://freshrizon.life/ds8w/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://garfo.xyz/gsph/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://kpilal.info/nais/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://shibbets.xyz/ynbe/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://vivamente.shop/z22v/ | Formbook botnet C2 (confidence level: 100%) | |
urlhttps://check.guhv.run/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://37.220.0.54/1448/logs/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://storeagroculturnaya.ru/index.php | SmokeLoader botnet C2 (confidence level: 100%) | |
urlhttps://lifewis.com/3w1q.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://lifewis.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://vdrdid.shop/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://vdrdid.shop/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://vdrdid.shop/work/file.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://lakestreetsolar.com/1.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.gity.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://youarewatched.fun/api/get/dll | Unknown Stealer botnet C2 (confidence level: 50%) | |
urlhttps://youarewatched.fun/api/get/zipplus | Unknown Stealer botnet C2 (confidence level: 50%) | |
urlhttps://skeletonwatcher.rest/api/get/inj | Unknown Stealer botnet C2 (confidence level: 50%) | |
urlhttps://beggis.lol/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://daylightlights.xyz | Gozi botnet C2 (confidence level: 100%) | |
urlhttps://check.djtvx.online/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://hkdecchgkhgleal.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://91.214.78.88/vmsecureservertrafficwptemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://45.200.149.43/9e16d717fbeceda0/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.200.149.45/9e16d717fbeceda0/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://185.215.113.16/fru7nk9/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttp://203.159.90.115/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://www.71401.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.8328.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.917183.club/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.939951.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alistika.info/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alooytv17.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.astral.directory/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.auslift.equipment/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bakalaomemeapps.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bujangjp-gtm.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.chicprotect.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.comitatogroscavallo.info/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.contract-jobs-82251.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.cpt1025.top/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dental-implants-26269.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dnregistry.net/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eepthought.social/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.engagementrings-ar-271129.today/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.esperanza.live/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.euweb.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.exusintelligence.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.fyw.info/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.glovesforboxes.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gmn089.top/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.growing.digital/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.heavydutyweld.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hjrdz.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.home-remodeling-54747.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hwamk91b7bgpkjob.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.influencer-marketing-24346.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.j0g8d.skin/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jiuse1889.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.junepages.online/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kronoseletronicos.online/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kruzhka-tut.online/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lawnwonder.store/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.liberateyoursoul.net/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.loanplan.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.make-money-online-55635.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mlrgarments.net/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.msdvo45e.top/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.news-xzurufo.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oncasino.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.online-advertising-96729.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.osipovs.digital/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pasanghoki3.homes/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pgflow.cloud/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.qpb5vwhgmlfapfka.cyou/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.roamer.social/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rumseysabinsargos.cloud/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.senior-living-17169.bond/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sipoja.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.smarminds.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.spotifyi.vip/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.staplerl.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.swirlstakedtawkee.cloud/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.t7wghnrpj3c6m.buzz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vxgjhgbx.top/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.whisps.cloud/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wq9915.cyou/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wvyzvej7f.xyz/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xxtoexy001.sbs/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ytmp3.town/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.yugen4dno1.art/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zycr.shop/g43m/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/f8zyeb1m | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://weixe.ir/txt/rw1eblwswwfwzzx.exe | Loki Password Stealer (PWS) payload delivery URL (confidence level: 50%) | |
urlhttp://47.90.208.22:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file147.185.221.24 | NjRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.22 | NjRAT botnet C2 server (confidence level: 100%) | |
file109.107.140.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.73.192.6 | Remcos botnet C2 server (confidence level: 100%) | |
file195.177.95.222 | Remcos botnet C2 server (confidence level: 100%) | |
file185.199.224.91 | Remcos botnet C2 server (confidence level: 100%) | |
file45.145.42.103 | Remcos botnet C2 server (confidence level: 100%) | |
file64.227.2.237 | Sliver botnet C2 server (confidence level: 100%) | |
file197.2.31.108 | NjRAT botnet C2 server (confidence level: 75%) | |
file182.114.200.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.96.207.98 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.252.178.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.183.113.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.169.57.33 | DCRat botnet C2 server (confidence level: 100%) | |
file186.169.52.131 | DCRat botnet C2 server (confidence level: 100%) | |
file34.222.21.132 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.125.80.32 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.53.243.107 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.156.166.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.205.98.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.89.158.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.89.158.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.245.231.10 | Hook botnet C2 server (confidence level: 100%) | |
file80.76.51.139 | Hook botnet C2 server (confidence level: 100%) | |
file185.229.237.139 | Venom RAT botnet C2 server (confidence level: 100%) | |
file45.150.34.31 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file68.69.186.30 | MooBot botnet C2 server (confidence level: 100%) | |
file87.251.78.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.153.112.54 | NjRAT botnet C2 server (confidence level: 100%) | |
file195.177.95.241 | DCRat botnet C2 server (confidence level: 100%) | |
file138.199.193.216 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.210.33.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.75.19.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.1.231.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.40.64 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.170.244.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.142.35.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.58.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.189.123.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.157.43.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.56.23.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.174.207.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.75.71.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file100.20.31.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.68.75.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.199.162.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.82.218.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.227.172.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.240.140.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.199.179.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.12.10.133 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.229.120.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.226.247.135 | Octopus botnet C2 server (confidence level: 100%) | |
file138.124.90.180 | Hook botnet C2 server (confidence level: 50%) | |
file105.101.179.169 | DCRat botnet C2 server (confidence level: 50%) | |
file185.140.53.117 | DarkComet botnet C2 server (confidence level: 50%) | |
file172.111.137.101 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file124.71.237.28 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file180.140.176.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.158.2 | Remcos botnet C2 server (confidence level: 100%) | |
file192.3.146.173 | Remcos botnet C2 server (confidence level: 100%) | |
file146.190.113.131 | Sliver botnet C2 server (confidence level: 100%) | |
file78.179.128.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.208.169.232 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.60.248.28 | DCRat botnet C2 server (confidence level: 100%) | |
file194.87.31.69 | Stealc botnet C2 server (confidence level: 100%) | |
file103.68.195.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.23.136.134 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.95.172 | Sliver botnet C2 server (confidence level: 75%) | |
file136.0.8.169 | DanaBot botnet C2 server (confidence level: 75%) | |
file198.134.107.41 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file89.208.113.56 | Sliver botnet C2 server (confidence level: 75%) | |
file38.240.36.233 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.21.80.1 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
file204.95.99.26 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.25.140.14 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file5.205.216.100 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file82.202.173.167 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file74.50.94.175 | Kimsuky botnet C2 server (confidence level: 75%) | |
file74.50.94.175 | Kimsuky botnet C2 server (confidence level: 75%) | |
file141.98.197.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.43.131.0 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.3.146.173 | Remcos botnet C2 server (confidence level: 100%) | |
file192.3.146.173 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.144.162 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file205.234.181.253 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.125.66.29 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.125.66.29 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.245.231.10 | Hook botnet C2 server (confidence level: 100%) | |
file181.162.143.10 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file156.244.6.101 | Havoc botnet C2 server (confidence level: 100%) | |
file199.247.17.239 | Venom RAT botnet C2 server (confidence level: 100%) | |
file147.45.71.230 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
file138.124.53.206 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
file172.245.208.17 | Remcos botnet C2 server (confidence level: 75%) | |
file13.48.129.198 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file65.108.80.58 | Unknown malware botnet C2 server (confidence level: 75%) | |
file212.104.133.72 | Unknown malware botnet C2 server (confidence level: 75%) | |
file216.245.184.170 | Unknown malware botnet C2 server (confidence level: 75%) | |
file5.75.214.119 | Vidar botnet C2 server (confidence level: 100%) | |
file84.240.10.41 | CyberGate botnet C2 server (confidence level: 100%) | |
file84.240.10.41 | CyberGate botnet C2 server (confidence level: 100%) | |
file84.54.205.92 | CyberGate botnet C2 server (confidence level: 100%) | |
file41.227.44.136 | CyberGate botnet C2 server (confidence level: 100%) | |
file194.37.80.234 | Bashlite botnet C2 server (confidence level: 100%) | |
file193.233.203.30 | Bashlite botnet C2 server (confidence level: 100%) | |
file147.45.78.4 | Bashlite botnet C2 server (confidence level: 100%) | |
file45.87.246.149 | Bashlite botnet C2 server (confidence level: 100%) | |
file15.204.128.30 | Bashlite botnet C2 server (confidence level: 100%) | |
file217.61.113.40 | Bashlite botnet C2 server (confidence level: 100%) | |
file24.199.116.85 | Bashlite botnet C2 server (confidence level: 100%) | |
file185.237.15.131 | Bashlite botnet C2 server (confidence level: 100%) | |
file195.174.165.144 | DarkComet botnet C2 server (confidence level: 100%) | |
file147.45.116.68 | Sliver botnet C2 server (confidence level: 100%) | |
file195.211.190.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.89.158.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file85.31.47.104 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.38.119.244 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file203.159.90.115 | Hook botnet C2 server (confidence level: 100%) | |
file177.71.130.31 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file103.162.208.5 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file31.130.148.231 | Havoc botnet C2 server (confidence level: 100%) | |
file199.247.17.239 | Venom RAT botnet C2 server (confidence level: 100%) | |
file70.18.38.56 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file38.55.138.146 | Chaos botnet C2 server (confidence level: 100%) | |
file160.119.251.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file162.33.179.99 | BianLian botnet C2 server (confidence level: 100%) | |
file103.130.214.198 | Bashlite botnet C2 server (confidence level: 75%) | |
file45.93.9.167 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.149.241.35 | STRRAT botnet C2 server (confidence level: 100%) | |
file185.121.233.152 | GhostSocks botnet C2 server (confidence level: 100%) | |
file101.37.162.62 | Unknown malware botnet C2 server (confidence level: 50%) | |
file205.234.181.253 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file110.43.68.225 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file42.157.163.147 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file102.43.247.109 | NjRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 50%) | |
file102.158.1.30 | NjRAT botnet C2 server (confidence level: 100%) | |
file185.73.124.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file79.110.49.32 | Remcos botnet C2 server (confidence level: 100%) | |
file213.152.187.200 | Remcos botnet C2 server (confidence level: 100%) | |
file186.169.57.33 | Remcos botnet C2 server (confidence level: 100%) | |
file172.174.131.78 | Sliver botnet C2 server (confidence level: 100%) | |
file94.159.113.222 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file163.5.32.231 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.179.128.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.179.128.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file194.233.73.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.247.194.227 | Kaiji botnet C2 server (confidence level: 100%) | |
file15.235.149.57 | Bashlite botnet C2 server (confidence level: 100%) | |
file5.34.214.137 | Bashlite botnet C2 server (confidence level: 100%) | |
file91.245.255.27 | BianLian botnet C2 server (confidence level: 100%) | |
file101.201.118.20 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file5.180.174.191 | Sliver botnet C2 server (confidence level: 50%) | |
file65.38.120.136 | DarkComet botnet C2 server (confidence level: 50%) | |
file1.161.70.180 | QakBot botnet C2 server (confidence level: 75%) | |
file146.190.113.131 | Sliver botnet C2 server (confidence level: 75%) | |
file217.160.192.139 | Sliver botnet C2 server (confidence level: 75%) | |
file119.91.243.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.73.124.238 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file20.74.209.192 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file144.217.253.149 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash24206 | NjRAT botnet C2 server (confidence level: 100%) | |
hash40639 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 75%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1000 | DCRat botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash54240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4730 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8090 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NjRAT botnet C2 server (confidence level: 100%) | |
hash8443 | DCRat botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3456 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash28888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Octopus botnet C2 server (confidence level: 100%) | |
hash8827ac9f2fd46f34170be51f1fe47baf | Akira payload (confidence level: 50%) | |
hashaaf295f600b8d6b211880e458dac8350 | Akira payload (confidence level: 50%) | |
hash9a5ff344263aa79121b60730ebbc201d | Akira payload (confidence level: 50%) | |
hash2918b9ddaf12a57f6710c07515b27a8b | Akira payload (confidence level: 50%) | |
hash95f6de7442e040fb10547140a05ddd45 | Akira payload (confidence level: 50%) | |
hashbff3fdbff0a5d4aa1c03f7982c968e54 | Akira payload (confidence level: 50%) | |
hashe44eb48c7f72ffac5af3c7a37bf80587 | Akira payload (confidence level: 50%) | |
hashb0a59e8b365962c73da486bccc361354 | Akira payload (confidence level: 50%) | |
hash302f76897e4e5c8c98a52a38c4c98443 | Akira payload (confidence level: 50%) | |
hash503f112e243519a1b9e0344499561908 | Akira payload (confidence level: 50%) | |
hash604ea52ac70d5189504788be828d1589 | Akira payload (confidence level: 50%) | |
hashec0a65af65cc430ed6feb769f92edb6f | Akira payload (confidence level: 50%) | |
hash892c3dd7315ccbad1967c7d99f1de756 | Akira payload (confidence level: 50%) | |
hash203f7cfbf22b30408591e6148f5978350676268b | FlexibleFerret payload (confidence level: 50%) | |
hasha25dff88aeeaaf9f956446151a9d786495e2c546 | FlexibleFerret payload (confidence level: 50%) | |
hashaa172bdccb8c14f53c059c8433c539049b6c2cdd | FlexibleFerret payload (confidence level: 50%) | |
hash7da429f6d2cdd8a63b3930074797b990c02dc108 | FlexibleFerret payload (confidence level: 50%) | |
hash7e07765bf8ee2d0b2233039623016d6dfb610a6d | FlexibleFerret payload (confidence level: 50%) | |
hash828a323b92b24caa5f5e3eff438db4556d15f215 | FlexibleFerret payload (confidence level: 50%) | |
hash831cdcde47b4edbe27524085a6706fbfb9526cef | FlexibleFerret payload (confidence level: 50%) | |
hash8667078a88dae5471f50473a332f6c80b583d3de | FlexibleFerret payload (confidence level: 50%) | |
hashdba1454fbea1dd917712fbece9d6725244119f83 | FlexibleFerret payload (confidence level: 50%) | |
hashe876ba6e23e09206f358dbd3a3642a7fd311bb22 | FlexibleFerret payload (confidence level: 50%) | |
hash17e3906f6c4c97b6f5d10e0e0e7f2a2e2c97ca54 | FlexibleFerret payload (confidence level: 50%) | |
hash2e51218985afcaa18eadc5775e6b374c78e2d85f | FlexibleFerret payload (confidence level: 50%) | |
hashde3f83af6897a124d1e85a65818a80570b33c47c | FlexibleFerret payload (confidence level: 50%) | |
hash388ac48764927fa353328104d5a32ad825af51ce | FlexibleFerret payload (confidence level: 50%) | |
hash1a28013e4343fddf13e5c721f91970e942073b88 | FlexibleFerret payload (confidence level: 50%) | |
hash3e16c6489bac4ac2d76c555eb1c263cd7e92c9a5 | FlexibleFerret payload (confidence level: 50%) | |
hash76e3cb7be778f22d207623ce1907c1659f2c8215 | FlexibleFerret payload (confidence level: 50%) | |
hashb0caf49884d68f72d2a62aa32d5edf0e79fd9de1 | FlexibleFerret payload (confidence level: 50%) | |
hashbd73a1c03c24a8cdd744d8a513ae8d2ddfa2de5f | FlexibleFerret payload (confidence level: 50%) | |
hashccac0f0ba463c414b26ba67b5a3ddaabdef6d371 | FlexibleFerret payload (confidence level: 50%) | |
hashd8245cdf6f51216f29a71f25e70de827186bdf71 | FlexibleFerret payload (confidence level: 50%) | |
hashb071fbd9c42ff660e3f240e1921533e40f0067eb | FlexibleFerret payload (confidence level: 50%) | |
hashee7a557347a10f74696dc19512ccc5fcfca77bc5 | FlexibleFerret payload (confidence level: 50%) | |
hash80 | Hook botnet C2 server (confidence level: 50%) | |
hash38672 | DCRat botnet C2 server (confidence level: 50%) | |
hash1985 | DarkComet botnet C2 server (confidence level: 50%) | |
hash3890 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash465 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1604 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash264 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8083 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9992 | Kimsuky botnet C2 server (confidence level: 75%) | |
hash7032 | Kimsuky botnet C2 server (confidence level: 75%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1243 | Remcos botnet C2 server (confidence level: 100%) | |
hash14645 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8008 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash41593 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
hash2718 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
hash14645 | Remcos botnet C2 server (confidence level: 75%) | |
hash7777 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash82 | CyberGate botnet C2 server (confidence level: 100%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 100%) | |
hash999 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4258 | Bashlite botnet C2 server (confidence level: 100%) | |
hash6149 | Bashlite botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4258 | Bashlite botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash20545 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2095 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash25565 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash8880 | Chaos botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1433 | BianLian botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash15322 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash3608 | STRRAT botnet C2 server (confidence level: 100%) | |
hash20232 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash2525 | NjRAT botnet C2 server (confidence level: 50%) | |
hash51330 | XWorm botnet C2 server (confidence level: 50%) | |
hash6c706df697ad8dc8f0867a4f65817216 | SideWinder payload (confidence level: 100%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash32491 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash37443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash26352 | Kaiji botnet C2 server (confidence level: 100%) | |
hash8080 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8443 | BianLian botnet C2 server (confidence level: 100%) | |
hash8099 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1690 | DarkComet botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | NjRAT botnet C2 server (confidence level: 100%) |
Threat ID: 682c7dc0e8347ec82d2d69ac
Added to database: 5/20/2025, 1:04:00 PM
Last enriched: 6/19/2025, 3:49:58 PM
Last updated: 8/17/2025, 3:01:53 PM
Views: 37
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.