ThreatFox IOCs for 2025-02-07
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-07
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-02-07," sourced from ThreatFox and categorized under OSINT (Open Source Intelligence). The report does not specify affected product versions or detailed technical indicators of compromise (IOCs), nor does it list any known exploits in the wild. The threat is assigned a medium severity level by the source, with a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential. The absence of CWE identifiers and patch links indicates that the malware's specific vulnerabilities or exploitation methods are either unknown or not disclosed. The lack of detailed technical data, such as attack vectors, payload behavior, or infection mechanisms, limits the ability to fully characterize the malware. However, given its classification as malware and the presence of OSINT tags, it is likely that this threat involves malicious software that could be detected or tracked through open-source intelligence methods. The absence of known exploits in the wild suggests that active exploitation may not be widespread at this time, but the presence of indicators in ThreatFox implies that the malware or related infrastructure has been observed or collected for analysis. Overall, this threat represents a moderate risk with potential for distribution but limited current impact details.
Potential Impact
For European organizations, the medium severity malware threat could pose risks primarily related to confidentiality and integrity, depending on the malware's capabilities, which are not detailed here. Potential impacts include unauthorized data access, data manipulation, or disruption of services if the malware were to execute successfully. Given the lack of known exploits in the wild, immediate widespread impact is unlikely; however, organizations should remain vigilant as the malware could evolve or be leveraged in targeted attacks. The threat's moderate distribution rating suggests a possibility of propagation, which could affect multiple sectors. European entities involved in critical infrastructure, finance, or government may face increased risk if the malware targets such sectors. The absence of detailed technical information limits precise impact assessment, but the potential for data compromise or operational disruption warrants attention.
Mitigation Recommendations
Given the limited technical details, European organizations should adopt a proactive and layered defense approach. Specific recommendations include: 1) Enhance OSINT monitoring capabilities to detect emerging malware indicators from sources like ThreatFox promptly. 2) Implement advanced endpoint detection and response (EDR) solutions capable of identifying anomalous behaviors associated with unknown malware. 3) Conduct regular threat hunting exercises focusing on malware with medium severity profiles and moderate distribution potential. 4) Maintain up-to-date backups and ensure robust incident response plans are in place to mitigate potential impacts. 5) Increase user awareness training to reduce the risk of malware infection vectors such as phishing or social engineering, even though user interaction requirements are unspecified. 6) Collaborate with national cybersecurity centers and information sharing platforms to receive timely updates and contextual threat intelligence. These measures go beyond generic advice by emphasizing OSINT integration, threat hunting, and inter-organizational collaboration tailored to the nature of this threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: coinomi.is
- domain: trezor-wallet.fr
- url: https://imitrex24.com/fxghx.dll
- domain: nomadsgpirit.top
- url: https://check.zovy.site/gkcxv.google
- domain: check.zovy.site
- domain: zsilvermoonbeam.hair
- url: https://check.aaao.site/gkcxv.google
- domain: check.aaao.site
- url: https://forwardxinspiration.today/api
- url: https://importenptoc.com/api
- domain: asphaltgforest.today
- domain: crowngofthesun.today
- domain: flowerscofjoy.today
- domain: forwardxinspiration.today
- domain: freshlsmell.today
- domain: luminouskmoon.today
- domain: odysskhey.today
- domain: oldjtale.today
- domain: rssianhlandscape.today
- domain: snowzcrystals.today
- domain: basmboozled.top
- domain: cosmwvicfield.top
- domain: gleefuhlcloud.top
- domain: myfsticwave.top
- domain: qfuirkystar.top
- domain: tecghhive.top
- domain: vibranktdream.top
- domain: wandesrlust.top
- domain: zentxropia.top
- domain: echoinggforest.top
- domain: eteherealpath.top
- domain: moornlitcaravan.top
- domain: pixelpottato.top
- domain: pwlayfulwhale.top
- domain: qsorceryrealm.top
- domain: radiantqwuest.top
- domain: spirtitedcanvas.top
- domain: starlimtjourney.top
- domain: learningviewz.click
- domain: mooprescured.click
- domain: dustyretchern.click
- domain: treegoodyjs.click
- domain: kitteprincv.click
- domain: thesishsej.click
- domain: abundantstay.click
- domain: gloverrdiny.click
- domain: evanescentb.click
- domain: facepaprpe.click
- domain: astinosyz.click
- domain: tendyteny.click
- domain: endymakesh.click
- domain: greedymonajs.click
- domain: succeedsofr.click
- domain: carefulldetai.click
- domain: daughecharij.click
- domain: receptivesfii.click
- domain: chairsyummt.click
- domain: crushushutte.click
- domain: babieys271.click
- domain: paym3278hs.click
- domain: majesticholed.click
- domain: soggydetai.click
- domain: forcedryu.click
- domain: resolverdrawz.click
- domain: uprootundse.click
- domain: harmonnyrabik.click
- domain: absentfool.click
- domain: motionswimmy.click
- domain: saddyhotter.click
- domain: brownyctuwh.click
- url: https://stormyclouds.xyz/yte5mzq1zwrkzjy1/
- file: 43.156.239.71
- hash: 443
- file: 69.30.247.252
- hash: 2404
- file: 45.141.84.139
- hash: 54184
- file: 104.194.152.141
- hash: 8443
- file: 185.205.210.59
- hash: 4444
- file: 45.138.16.43
- hash: 8808
- file: 176.65.134.158
- hash: 8089
- file: 67.205.129.1
- hash: 8089
- file: 50.85.82.218
- hash: 443
- file: 34.229.143.231
- hash: 80
- file: 154.12.25.226
- hash: 8080
- file: 51.20.69.43
- hash: 2052
- file: 54.191.194.56
- hash: 4444
- file: 13.61.7.218
- hash: 443
- file: 193.56.23.80
- hash: 3333
- url: http://219.155.223.181:43144/mozi.m
- url: https://check.ueyu.site/gkcxv.google
- domain: check.ueyu.site
- domain: fivell5th.top
- domain: a0984458.xsph.ru
- domain: cp52181.tw1.ru
- domain: cozyhomevpibes.cyou
- file: 43.153.34.95
- hash: 443
- file: 43.153.34.95
- hash: 80
- file: 94.159.113.33
- hash: 443
- file: 31.209.14.46
- hash: 55555
- file: 192.129.178.61
- hash: 5123
- file: 143.244.212.202
- hash: 443
- file: 45.138.16.50
- hash: 80
- file: 178.215.224.247
- hash: 2222
- file: 178.215.224.247
- hash: 4444
- file: 51.38.119.244
- hash: 7707
- file: 51.38.119.244
- hash: 8808
- file: 156.253.228.27
- hash: 8089
- file: 31.13.224.229
- hash: 2025
- file: 69.4.232.1
- hash: 25565
- file: 13.125.59.142
- hash: 46342
- file: 13.126.245.58
- hash: 9301
- file: 13.126.245.58
- hash: 101
- file: 13.126.245.58
- hash: 2701
- file: 94.154.35.46
- hash: 80
- file: 172.247.194.229
- hash: 26352
- file: 172.247.194.228
- hash: 26352
- file: 36.50.135.137
- hash: 80
- file: 38.180.142.165
- hash: 8080
- file: 85.239.54.99
- hash: 3783
- file: 101.35.45.108
- hash: 50001
- file: 39.106.55.127
- hash: 83
- file: 141.164.46.40
- hash: 443
- domain: amazingsoulpeace.shop
- file: 82.115.18.229
- hash: 443
- domain: mail.195-230-22-20.cprapid.com
- file: 91.209.135.202
- hash: 4000
- file: 13.55.187.48
- hash: 443
- file: 181.32.33.102
- hash: 8080
- file: 3.110.217.102
- hash: 443
- file: 124.43.130.181
- hash: 3333
- file: 104.236.120.64
- hash: 8080
- file: 54.204.193.142
- hash: 443
- file: 170.64.170.31
- hash: 443
- file: 3.12.160.158
- hash: 8080
- file: 13.127.121.38
- hash: 443
- file: 20.64.170.184
- hash: 443
- file: 13.233.140.90
- hash: 3333
- file: 13.48.42.242
- hash: 3333
- file: 41.111.9.7
- hash: 443
- url: https://check.eiau.site/gkcxv.google
- domain: check.eiau.site
- url: https://check.ouyo.site/gkcxv.google
- domain: check.ouyo.site
- domain: gamdaan.duckdns.org
- file: 94.156.105.55
- hash: 2345
- url: http://77.239.101.217/f60898bca117b180.php
- domain: mixermixedo.click
- domain: quotedjizwe.cyou
- domain: marchhappen.cyou
- domain: w0rdergen1.cyou
- url: http://222.189.122.225:32849/mozi.m
- file: 24.112.49.153
- hash: 5051
- file: 213.0.57.229
- hash: 6000
- file: 3.26.222.89
- hash: 4321
- file: 18.195.252.109
- hash: 4444
- file: 80.78.24.144
- hash: 4443
- file: 81.70.200.232
- hash: 10081
- file: 148.66.22.195
- hash: 443
- file: 45.147.7.149
- hash: 1337
- file: 15.236.18.88
- hash: 3590
- file: 3.26.178.179
- hash: 5009
- file: 157.10.12.107
- hash: 38080
- url: http://5.42.92.215/a5a762673348bc06/vcruntime140.dll
- url: http://179.43.142.99/6bad8dda11fd59df/vcruntime140.dll
- url: http://91.214.78.178/094d58d3b8547ded/sqlite3.dll
- url: http://67.205.129.1/
- domain: nonox.duckdns.org
- domain: uptimebot.kozow.com
- domain: respect-hits.gl.at.ply.gg
- domain: cta.berlmember.com
- domain: bordflattuo.top
- domain: cosmicarlray.pics
- domain: hiddenorcphard.hair
- domain: soulvlight.cloud
- domain: vwibrantwonders.rest
- domain: ceo.cowholesaling.com
- domain: check.ooia.site
- file: 194.59.31.33
- hash: 3191
- file: 24.199.109.180
- hash: 8080
- file: 123.11.254.147
- hash: 5873
- file: 136.0.157.45
- hash: 8808
- file: 195.177.95.232
- hash: 8808
- file: 52.212.234.248
- hash: 10443
- domain: ec2-15-223-185-126.ca-central-1.compute.amazonaws.com
- file: 165.73.253.35
- hash: 7000
- file: 85.202.163.151
- hash: 80
- file: 172.247.194.226
- hash: 26352
- file: 172.247.194.230
- hash: 26352
- file: 104.238.35.179
- hash: 8081
- url: https://scionoutmatchsmoked.shop/b313d4a4588bd2e7bc9ece877caba58a.png
- domain: scionoutmatchsmoked.shop
- file: 8.154.33.167
- hash: 81
- file: 1.117.65.64
- hash: 4444
- file: 193.161.193.99
- hash: 35024
- url: https://check.ooia.site/gkcxv.google
- file: 188.48.68.191
- hash: 995
- file: 70.31.125.100
- hash: 2222
- file: 78.111.89.86
- hash: 443
- file: 91.84.106.171
- hash: 443
- url: http://723486cm.nyashnyash.ru/httpapidownloads.php
- file: 172.245.191.97
- hash: 9999
- file: 104.219.214.206
- hash: 8008
- url: http://iejkbmggndnekad.top/1.php
- domain: check.ooyu.site
- url: http://a1081338.xsph.ru/6d4b10b1.php
- domain: check.auyo.site
- domain: check.yiyy.site
- domain: greenearoth.cyou
- domain: windpull.cyou
- file: 47.109.201.173
- hash: 8888
- url: http://touxzw.ir/jay/five/fre.php
- file: 91.222.173.149
- hash: 80
- domain: cnc.axonstress.fun
- domain: panel.deewpn.com
- domain: meme7.work.gd
- url: http://185.215.113.115/68b591d6548ec281/sqlite3.dll
- url: http://45.156.25.217/9ecaafe9aa22454a/sqlite3.dll
- url: http://185.219.81.41/6c1fe9b1ecc843b4/sqlite3.dll
- url: https://172.86.70.117/58edf5f2a726adf8/sqlite3.dll
- url: https://check.ooyu.site/
- url: https://check.auyo.site/
- url: https://check.yiui.site/gkcxv.google?i=c0b6fb47-ef83-415e-bbf1-61dea66be1f3
- url: https://check.yiyy.site/
- url: https://check.cvdub.site/gkcxv.google?i=de885d54-bfcd-47e2-a0d8-43054753663f
- url: https://check.cvdub.site/gkcxv.google?i=188c2a1a-bf4e-4c2b-9d63-60407f338d12
- url: https://check.cvdub.site/gkcxv.google?i=0e8bb4ba-1c00-4581-a976-8f86083269f1
- domain: check.yiui.site
- file: 24.199.109.180
- hash: 443
- file: 107.175.209.187
- hash: 9000
- file: 195.211.190.122
- hash: 7707
- file: 2.58.56.94
- hash: 6606
- file: 191.96.166.74
- hash: 8808
- file: 178.215.224.248
- hash: 4444
- file: 15.157.62.240
- hash: 33332
- file: 91.209.135.198
- hash: 4000
- file: 45.32.217.138
- hash: 80
- domain: recaptha-verify-1n.pages.dev
- domain: recaptha-verify-4z.pages.dev
- domain: recaptha-verify-7u.pages.dev
- domain: recaptha-verify-c1.pages.dev
- domain: recaptha-verify-3m.pages.dev
- domain: recaptha-verify-2w.pages.dev
- domain: recaptha-verify-q3.pages.dev
- domain: recaptcha-dns-o5.pages.dev
- domain: recaptcha-dns-d9.pages.dev
- domain: recaptha-verify-9o.pages.dev
- domain: recaptcha-0d-verify.pages.dev
- domain: recaptha-verify-7y.pages.dev
- domain: dns-resolver-es8.pages.dev
- domain: ip-provider.pages.dev
- domain: backup-xvc.pages.dev
- domain: microsoft-dns-reload-1n.pages.dev
- file: 195.133.92.192
- hash: 443
- domain: recaptha-verify-6l.pages.dev
- domain: check.jime.site
- file: 147.185.221.25
- hash: 47140
- domain: check.byzi.site
- url: http://necobox.ru/l1nc0in.php
- file: 137.184.76.59
- hash: 10000
- url: http://touxzw.ir/jay/five/pvqdq929bsx_a_d_m1n_a.php
- url: http://127.0.0.1:443/wmg2
- file: 88.119.165.46
- hash: 5164
- file: 88.119.165.46
- hash: 4000
- file: 172.245.208.17
- hash: 1070
- domain: diegoserranova7208i23v32uy82u.duckdns.org
- domain: papersmoneygang.store
- file: 192.169.69.26
- hash: 1070
- file: 192.169.69.26
- hash: 5023
- file: 45.141.26.59
- hash: 8088
- file: 66.118.245.221
- hash: 3333
- file: 89.23.102.30
- hash: 1488
- file: 91.219.236.248
- hash: 7000
- file: 110.74.212.221
- hash: 5556
- file: 137.184.74.73
- hash: 5000
- file: 144.126.151.243
- hash: 7000
- file: 157.20.182.169
- hash: 1515
- file: 185.196.10.213
- hash: 7000
- file: 185.224.0.222
- hash: 7000
- file: 193.233.113.143
- hash: 7777
- file: 208.91.189.69
- hash: 7000
- hash: fe1687c0e886d6fef7c5a135a54a7147214812b9cbf2952aeddb4838f1407a23
- hash: 3d12638e57870c22df143418a2adfead
- file: 83.229.86.210
- hash: 4449
- file: 85.209.128.208
- hash: 4449
- file: 87.120.127.37
- hash: 7707
- file: 176.65.137.182
- hash: 4449
- file: 149.56.76.26
- hash: 80
- file: 149.56.76.26
- hash: 443
- domain: ukrtelcom.com
- domain: ukrtelecom.eu
- file: 185.243.99.17
- hash: 443
- url: https://digittaldreams.cyou/api
- url: http://79.110.49.155/cyb1/index.php
- file: 45.202.32.101
- hash: 8000
- domain: check.aeiee.site
- file: 80.66.75.11
- hash: 483
- domain: check.aoouu.site
- domain: check.oyiui.site
- domain: activheharmony.cyou
- domain: ahealthychoices.cyou
- domain: bwrightfuture.cyou
- domain: chillyvibesonlyv.cyou
- domain: coeoltechhub.cyou
- domain: cozycojrner.cyou
- domain: crerativeoutlook.cyou
- domain: culinarkydelight.cyou
- domain: digitalwoanderlust.cyou
- domain: digittaldreams.cyou
- domain: drdeambigtoday.cyou
- domain: ecofrieindlypath.cyou
- domain: ewndlesspossibilities.cyou
- domain: exxploretheworld.cyou
- domain: frershstart.cyou
- domain: glofbalexplorer.cyou
- domain: hapvpinesshub.cyou
- domain: inespiringvisions.cyou
- domain: innovyativespace.cyou
- domain: joyfuljouroney.cyou
- domain: jsoyfulcreativity.cyou
- domain: lovingkilndness.cyou
- domain: luxutriousliving.cyou
- domain: mindbfulmoments.cyou
- domain: minfdfulmovement.cyou
- domain: modernakdventure.cyou
- domain: playfuulspirits.cyou
- domain: qcleveridea.cyou
- domain: qsunnydaysahead.cyou
- domain: simpleuliving.cyou
- domain: smartsjolutions.cyou
- domain: styvlishbrowsing.cyou
- domain: techsamvvycommunity.cyou
- domain: timeglessbeauty.cyou
- domain: travelaidventure.cyou
- domain: uniqueexpperience.cyou
- domain: uxrbanescape.cyou
- domain: vsibrantlife.cyou
- domain: wecllnessinsight.cyou
- domain: znatureconnect.cyou
- domain: zthrivingcommunity.cyou
- domain: check.oeuia.site
- domain: ambigtiousgoals.cyou
- domain: aradiantjourney.cyou
- domain: ardtfuldesign.cyou
- domain: artisticlexpressions.cyou
- domain: bookinshworld.cyou
- domain: brcilliantideas.cyou
- domain: uplifhtingstories.cyou
- domain: firnbeastte.top
- domain: immenseclosed.top
- domain: leavefleeffe.top
- domain: lowlywounde.top
- domain: nutrioutimpe.top
- domain: oppositercw.top
- domain: superficialtk.top
- domain: check.aiaui.site
- url: https://pilulespascher.top/work/original.js
- domain: pilulespascher.top
- url: https://pilulespascher.top/work/index.php
- url: https://pilulespascher.top/work/file.php
- url: https://lakestreetsolar.com/33.zip
- file: 5.181.159.62
- hash: 443
- domain: fallyjellyui.click
- domain: glitterywearz.click
- domain: washysmenn.click
- domain: cheeerfulharbor.rest
- domain: ethereailvoyage.rest
- domain: losrtparadise.rest
- domain: playfumlgecko.rest
- domain: raditantflower.rest
- domain: sunnyyserenade.rest
- domain: tranquilcove.rest
- domain: whimsiucalwishes.rest
- domain: check.euuue.site
- url: https://cozyhomevpibes.cyou/api
- file: 59.110.136.135
- hash: 5443
- file: 91.151.89.109
- hash: 8808
- file: 78.179.128.55
- hash: 2004
- file: 179.100.49.224
- hash: 5000
- file: 179.111.55.98
- hash: 7000
- file: 45.61.151.96
- hash: 37901
- domain: check.oeoou.site
- domain: fitnessaddictstop.top
- domain: check.budu.site
- url: http://45.115.89.110:37918/mozi.m
- domain: mac-only.site
- file: 172.212.166.30
- hash: 443
- file: 159.75.164.33
- hash: 32222
- file: 101.35.235.124
- hash: 50050
- file: 156.224.19.17
- hash: 50050
- file: 184.169.215.70
- hash: 4949
- file: 3.93.24.229
- hash: 6667
- file: 185.247.224.119
- hash: 31337
- file: 54.153.235.52
- hash: 4063
- url: https://telback.com/5t5y.js
- domain: telback.com
- url: https://telback.com/js.php
- url: http://emildeeeabebggm.top/1.php
- url: https://check.euuue.site/gkcxv.google?i=e0a285fb-d3c0-4a94-ba37-85292479a0da
- url: https://check.byzi.site/gkcxv.google
- url: https://check.byzi.site/gkcxv.google?i=afd3bdce-bad6-4613-95c8-9dfaac5cfb54
- url: http://185.215.113.115/68b591d6548ec281/mozglue.dll
- url: http://188.130.207.115/e17d80dfc540932e/mozglue.dll
- url: http://45.156.27.196/1d61ed988ef797f7/vcruntime140.dll
- url: http://45.156.27.196/1d61ed988ef797f7/sqlite3.dll
- url: http://45.156.25.217/9ecaafe9aa22454a/vcruntime140.dll
- url: http://179.43.162.125/ac1767bd0d56c4c8/sqlite3.dll
- url: https://touxzw.ir/jay/five/pvqdq929bsx_a_d_m1n_a.php
- url: http://www.0d8250a16e1.xyz/c07e/
- url: http://www.88av2908.xyz/c07e/
- url: http://www.aatahmineh6.info/c07e/
- url: http://www.ages-community-pravites.cloud/c07e/
- url: http://www.ango.xyz/c07e/
- url: http://www.anguage-courses-26145.bond/c07e/
- url: http://www.appyspuppys.store/c07e/
- url: http://www.arehouse-inventory-98063.bond/c07e/
- url: http://www.arehouse-work-best-in.today/c07e/
- url: http://www.ayday.today/c07e/
- url: http://www.commerce-14480.bond/c07e/
- url: http://www.dcvrt.xyz/c07e/
- url: http://www.dtofuhouse.shop/c07e/
- url: http://www.edical-services-34002.bond/c07e/
- url: http://www.efi-5.vip/c07e/
- url: http://www.efiadvisor.net/c07e/
- url: http://www.elwincoastalcarpets.net/c07e/
- url: http://www.fza.xyz/c07e/
- url: http://www.gm2.biz/c07e/
- url: http://www.hanes.shop/c07e/
- url: http://www.hebsidecollective.online/c07e/
- url: http://www.hestudentcompass.net/c07e/
- url: http://www.igitalskool.net/c07e/
- url: http://www.inglesdatingcourse2.today/c07e/
- url: http://www.ityheaven.webcam/c07e/
- url: http://www.itytkam.store/c07e/
- url: http://www.iu-vera-protezione.net/c07e/
- url: http://www.ivechatapps-8450599.zone/c07e/
- url: http://www.ivejasmin.photos/c07e/
- url: http://www.iztrip.xyz/c07e/
- url: http://www.jvdn.online/c07e/
- url: http://www.k76.lat/c07e/
- url: http://www.kslot777wow.net/c07e/
- url: http://www.l-apartments-for-rent-9n.bond/c07e/
- url: http://www.laquepsoriasishelp.today/c07e/
- url: http://www.lara-stefano-wedding.info/c07e/
- url: http://www.nfluencer-marketing-33606.bond/c07e/
- url: http://www.nfluencer-marketing-41961.bond/c07e/
- url: http://www.nline-advertising-76975.bond/c07e/
- url: http://www.odspace.xyz/c07e/
- url: http://www.ong-ya.info/c07e/
- url: http://www.ontosesfericosmpaggoonline.xyz/c07e/
- url: http://www.ortgage-44158.bond/c07e/
- url: http://www.ostto.net/c07e/
- url: http://www.otorcycle-bikes-price.today/c07e/
- url: http://www.otorcycle-loans-50524.bond/c07e/
- url: http://www.pkbike.shop/c07e/
- url: http://www.pnsubscription.tech/c07e/
- url: http://www.pps-36972.bond/c07e/
- url: http://www.pr8o4gu.xyz/c07e/
- url: http://www.qhealth.net/c07e/
- url: http://www.ragrantdelightsco.online/c07e/
- url: http://www.recisiongyn.net/c07e/
- url: http://www.riafactor.xyz/c07e/
- url: http://www.rightgroup.xyz/c07e/
- url: http://www.s-hoteles-en-benidorm-9n.today/c07e/
- url: http://www.sedlaptopsit.today/c07e/
- url: http://www.sxnjkai.icu/c07e/
- url: http://www.t45nj.net/c07e/
- url: http://www.toffer.xyz/c07e/
- url: http://www.utomation-tools-88072.bond/c07e/
- url: http://www.vaxmobile.solutions/c07e/
- url: http://www.viora.net/c07e/
- url: http://www.yememecoin.online/c07e/
- url: http://www.ystudy.tech/c07e/
- domain: www.0d8250a16e1.xyz
- domain: www.88av2908.xyz
- domain: www.aatahmineh6.info
- domain: www.ages-community-pravites.cloud
- domain: www.ango.xyz
- domain: www.anguage-courses-26145.bond
- domain: www.appyspuppys.store
- domain: www.arehouse-inventory-98063.bond
- domain: www.arehouse-work-best-in.today
- domain: www.ayday.today
- domain: www.commerce-14480.bond
- domain: www.dcvrt.xyz
- domain: www.dtofuhouse.shop
- domain: www.edical-services-34002.bond
- domain: www.efi-5.vip
- domain: www.efiadvisor.net
- domain: www.elwincoastalcarpets.net
- domain: www.fza.xyz
- domain: www.gm2.biz
- domain: www.hanes.shop
- domain: www.hebsidecollective.online
- domain: www.hestudentcompass.net
- domain: www.igitalskool.net
- domain: www.inglesdatingcourse2.today
- domain: www.ityheaven.webcam
- domain: www.itytkam.store
- domain: www.iu-vera-protezione.net
- domain: www.ivechatapps-8450599.zone
- domain: www.ivejasmin.photos
- domain: www.iztrip.xyz
- domain: www.jvdn.online
- domain: www.k76.lat
- domain: www.kslot777wow.net
- domain: www.l-apartments-for-rent-9n.bond
- domain: www.laquepsoriasishelp.today
- domain: www.lara-stefano-wedding.info
- domain: www.nfluencer-marketing-33606.bond
- domain: www.nfluencer-marketing-41961.bond
- domain: www.nline-advertising-76975.bond
- domain: www.odspace.xyz
- domain: www.ong-ya.info
- domain: www.ontosesfericosmpaggoonline.xyz
- domain: www.ortgage-44158.bond
- domain: www.ostto.net
- domain: www.otorcycle-bikes-price.today
- domain: www.otorcycle-loans-50524.bond
- domain: www.pkbike.shop
- domain: www.pnsubscription.tech
- domain: www.pps-36972.bond
- domain: www.pr8o4gu.xyz
- domain: www.qhealth.net
- domain: www.ragrantdelightsco.online
- domain: www.recisiongyn.net
- domain: www.riafactor.xyz
- domain: www.rightgroup.xyz
- domain: www.s-hoteles-en-benidorm-9n.today
- domain: www.sedlaptopsit.today
- domain: www.sxnjkai.icu
- domain: www.t45nj.net
- domain: www.toffer.xyz
- domain: www.utomation-tools-88072.bond
- domain: www.vaxmobile.solutions
- domain: www.viora.net
- domain: www.yememecoin.online
- domain: www.ystudy.tech
- domain: staff-tunisia.gl.at.ply.gg
- domain: hdfctop.duckdns.org
- url: http://a1080505.xsph.ru/a227bf08.php
- file: 192.210.222.81
- hash: 443
- file: 195.200.28.33
- hash: 22574
- file: 185.245.106.67
- hash: 11690
- url: https://browser-storage.com/install.sh
- domain: browser-storage.com
- file: 138.201.207.116
- hash: 443
- file: 185.157.213.253
- hash: 19771
- file: 104.194.152.141
- hash: 80
- file: 164.92.164.246
- hash: 443
- file: 186.169.72.217
- hash: 2404
- file: 185.196.8.98
- hash: 7920
- file: 189.188.247.61
- hash: 8883
- file: 85.209.128.225
- hash: 7777
- file: 45.138.16.50
- hash: 6000
- file: 2.58.56.218
- hash: 8808
- file: 157.90.192.89
- hash: 15648
- file: 102.117.171.152
- hash: 7443
- file: 4.157.247.247
- hash: 443
- file: 46.246.4.19
- hash: 8000
- file: 111.196.128.217
- hash: 8443
- domain: check.eybiu.site
- domain: atranquilwilderness.hair
- file: 154.29.138.235
- hash: 443
- file: 195.35.120.2
- hash: 443
- domain: dns1.worldt.online
- domain: ns1.ddporn.top
- domain: ns1.lumeala.com
- domain: ns2.ddporn.top
- file: 142.171.183.8
- hash: 53
- file: 149.28.134.118
- hash: 53
- file: 34.204.249.62
- hash: 53
- file: 46.19.67.137
- hash: 53
- file: 194.36.190.28
- hash: 31337
- file: 13.230.72.86
- hash: 31337
- file: 3.93.24.229
- hash: 17
- file: 54.248.204.127
- hash: 7634
- file: 2.58.56.94
- hash: 7001
- url: http://623127cm.nyashk.ru/linuxwindows.php
- url: http://deniszuz.beget.tech/0c424128.php
ThreatFox IOCs for 2025-02-07
Medium
Published: Fri Feb 07 2025 (02/07/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-07
AI-Powered Analysis
AILast updated: 06/19/2025, 15:50:42 UTC
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-02-07," sourced from ThreatFox and categorized under OSINT (Open Source Intelligence). The report does not specify affected product versions or detailed technical indicators of compromise (IOCs), nor does it list any known exploits in the wild. The threat is assigned a medium severity level by the source, with a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential. The absence of CWE identifiers and patch links indicates that the malware's specific vulnerabilities or exploitation methods are either unknown or not disclosed. The lack of detailed technical data, such as attack vectors, payload behavior, or infection mechanisms, limits the ability to fully characterize the malware. However, given its classification as malware and the presence of OSINT tags, it is likely that this threat involves malicious software that could be detected or tracked through open-source intelligence methods. The absence of known exploits in the wild suggests that active exploitation may not be widespread at this time, but the presence of indicators in ThreatFox implies that the malware or related infrastructure has been observed or collected for analysis. Overall, this threat represents a moderate risk with potential for distribution but limited current impact details.
Potential Impact
For European organizations, the medium severity malware threat could pose risks primarily related to confidentiality and integrity, depending on the malware's capabilities, which are not detailed here. Potential impacts include unauthorized data access, data manipulation, or disruption of services if the malware were to execute successfully. Given the lack of known exploits in the wild, immediate widespread impact is unlikely; however, organizations should remain vigilant as the malware could evolve or be leveraged in targeted attacks. The threat's moderate distribution rating suggests a possibility of propagation, which could affect multiple sectors. European entities involved in critical infrastructure, finance, or government may face increased risk if the malware targets such sectors. The absence of detailed technical information limits precise impact assessment, but the potential for data compromise or operational disruption warrants attention.
Mitigation Recommendations
Given the limited technical details, European organizations should adopt a proactive and layered defense approach. Specific recommendations include: 1) Enhance OSINT monitoring capabilities to detect emerging malware indicators from sources like ThreatFox promptly. 2) Implement advanced endpoint detection and response (EDR) solutions capable of identifying anomalous behaviors associated with unknown malware. 3) Conduct regular threat hunting exercises focusing on malware with medium severity profiles and moderate distribution potential. 4) Maintain up-to-date backups and ensure robust incident response plans are in place to mitigate potential impacts. 5) Increase user awareness training to reduce the risk of malware infection vectors such as phishing or social engineering, even though user interaction requirements are unspecified. 6) Collaborate with national cybersecurity centers and information sharing platforms to receive timely updates and contextual threat intelligence. These measures go beyond generic advice by emphasizing OSINT integration, threat hunting, and inter-organizational collaboration tailored to the nature of this threat.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 6baa1106-aaad-4eab-b1ca-2da145bd862d
- Original Timestamp
- 1738972987
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincoinomi.is | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintrezor-wallet.fr | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnomadsgpirit.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.zovy.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainzsilvermoonbeam.hair | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.aaao.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainasphaltgforest.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrowngofthesun.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainflowerscofjoy.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainforwardxinspiration.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfreshlsmell.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainluminouskmoon.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainodysskhey.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoldjtale.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrssianhlandscape.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsnowzcrystals.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbasmboozled.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincosmwvicfield.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingleefuhlcloud.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmyfsticwave.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqfuirkystar.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintecghhive.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvibranktdream.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwandesrlust.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzentxropia.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainechoinggforest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaineteherealpath.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmoornlitcaravan.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpixelpottato.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpwlayfulwhale.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqsorceryrealm.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainradiantqwuest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainspirtitedcanvas.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstarlimtjourney.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlearningviewz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmooprescured.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindustyretchern.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintreegoodyjs.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkitteprincv.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthesishsej.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainabundantstay.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingloverrdiny.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainevanescentb.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfacepaprpe.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastinosyz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintendyteny.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainendymakesh.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingreedymonajs.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsucceedsofr.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincarefulldetai.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindaughecharij.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainreceptivesfii.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchairsyummt.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrushushutte.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbabieys271.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpaym3278hs.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmajesticholed.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsoggydetai.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainforcedryu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainresolverdrawz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuprootundse.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainharmonnyrabik.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainabsentfool.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmotionswimmy.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsaddyhotter.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbrownyctuwh.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.ueyu.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainfivell5th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaina0984458.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincp52181.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincozyhomevpibes.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainamazingsoulpeace.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmail.195-230-22-20.cprapid.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.eiau.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.ouyo.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaingamdaan.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainmixermixedo.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainquotedjizwe.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmarchhappen.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainw0rdergen1.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnonox.duckdns.org | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainuptimebot.kozow.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainrespect-hits.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincta.berlmember.com | Unknown Stealer payload delivery domain (confidence level: 50%) | |
domainbordflattuo.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincosmicarlray.pics | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhiddenorcphard.hair | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsoulvlight.cloud | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainvwibrantwonders.rest | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainceo.cowholesaling.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaincheck.ooia.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainec2-15-223-185-126.ca-central-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainscionoutmatchsmoked.shop | Vidar botnet C2 domain (confidence level: 100%) | |
domaincheck.ooyu.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.auyo.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.yiyy.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaingreenearoth.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwindpull.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincnc.axonstress.fun | Mirai botnet C2 domain (confidence level: 50%) | |
domainpanel.deewpn.com | Mirai botnet C2 domain (confidence level: 50%) | |
domainmeme7.work.gd | Remcos botnet C2 domain (confidence level: 50%) | |
domaincheck.yiui.site | ClearFake payload delivery domain (confidence level: 50%) | |
domainrecaptha-verify-1n.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-4z.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-7u.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-c1.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-3m.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-2w.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-q3.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptcha-dns-o5.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptcha-dns-d9.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-9o.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptcha-0d-verify.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-7y.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domaindns-resolver-es8.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainip-provider.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainbackup-xvc.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainmicrosoft-dns-reload-1n.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domainrecaptha-verify-6l.pages.dev | ClearFake botnet C2 domain (confidence level: 100%) | |
domaincheck.jime.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.byzi.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaindiegoserranova7208i23v32uy82u.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainpapersmoneygang.store | Remcos botnet C2 domain (confidence level: 100%) | |
domainukrtelcom.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainukrtelecom.eu | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.aeiee.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.aoouu.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.oyiui.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainactivheharmony.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainahealthychoices.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbwrightfuture.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainchillyvibesonlyv.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincoeoltechhub.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincozycojrner.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrerativeoutlook.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainculinarkydelight.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindigitalwoanderlust.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindigittaldreams.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindrdeambigtoday.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainecofrieindlypath.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainewndlesspossibilities.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainexxploretheworld.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfrershstart.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainglofbalexplorer.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhapvpinesshub.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininespiringvisions.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininnovyativespace.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjoyfuljouroney.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjsoyfulcreativity.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlovingkilndness.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainluxutriousliving.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmindbfulmoments.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainminfdfulmovement.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmodernakdventure.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainplayfuulspirits.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqcleveridea.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqsunnydaysahead.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsimpleuliving.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsmartsjolutions.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstyvlishbrowsing.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintechsamvvycommunity.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintimeglessbeauty.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintravelaidventure.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuniqueexpperience.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuxrbanescape.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvsibrantlife.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwecllnessinsight.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainznatureconnect.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzthrivingcommunity.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.oeuia.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainambigtiousgoals.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaradiantjourney.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainardtfuldesign.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainartisticlexpressions.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbookinshworld.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbrcilliantideas.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuplifhtingstories.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfirnbeastte.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainimmenseclosed.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainleavefleeffe.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlowlywounde.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnutrioutimpe.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoppositercw.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsuperficialtk.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.aiaui.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainpilulespascher.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainfallyjellyui.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainglitterywearz.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwashysmenn.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheeerfulharbor.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainethereailvoyage.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlosrtparadise.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainplayfumlgecko.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainraditantflower.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsunnyyserenade.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintranquilcove.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwhimsiucalwishes.rest | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.euuue.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.oeoou.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainfitnessaddictstop.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.budu.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainmac-only.site | AMOS botnet C2 domain (confidence level: 100%) | |
domaintelback.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainwww.0d8250a16e1.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.88av2908.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.aatahmineh6.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ages-community-pravites.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ango.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.anguage-courses-26145.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.appyspuppys.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arehouse-inventory-98063.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arehouse-work-best-in.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ayday.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.commerce-14480.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dcvrt.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dtofuhouse.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.edical-services-34002.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.efi-5.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.efiadvisor.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.elwincoastalcarpets.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.fza.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gm2.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hanes.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hebsidecollective.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hestudentcompass.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.igitalskool.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.inglesdatingcourse2.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ityheaven.webcam | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.itytkam.store | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iu-vera-protezione.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ivechatapps-8450599.zone | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ivejasmin.photos | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iztrip.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.jvdn.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.k76.lat | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.kslot777wow.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.l-apartments-for-rent-9n.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.laquepsoriasishelp.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lara-stefano-wedding.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nfluencer-marketing-33606.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nfluencer-marketing-41961.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nline-advertising-76975.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.odspace.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ong-ya.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ontosesfericosmpaggoonline.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ortgage-44158.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ostto.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.otorcycle-bikes-price.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.otorcycle-loans-50524.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pkbike.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pnsubscription.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pps-36972.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pr8o4gu.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.qhealth.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ragrantdelightsco.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.recisiongyn.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.riafactor.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rightgroup.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.s-hoteles-en-benidorm-9n.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.sedlaptopsit.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.sxnjkai.icu | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.t45nj.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.toffer.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.utomation-tools-88072.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.vaxmobile.solutions | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.viora.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.yememecoin.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ystudy.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainstaff-tunisia.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 50%) | |
domainhdfctop.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainbrowser-storage.com | AMOS botnet C2 domain (confidence level: 100%) | |
domaincheck.eybiu.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainatranquilwilderness.hair | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindns1.worldt.online | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.ddporn.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.lumeala.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.ddporn.top | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://imitrex24.com/fxghx.dll | Latrodectus payload delivery URL (confidence level: 100%) | |
urlhttps://check.zovy.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.aaao.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://forwardxinspiration.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://importenptoc.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://stormyclouds.xyz/yte5mzq1zwrkzjy1/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://219.155.223.181:43144/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://check.ueyu.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.eiau.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.ouyo.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://77.239.101.217/f60898bca117b180.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://222.189.122.225:32849/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://5.42.92.215/a5a762673348bc06/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://179.43.142.99/6bad8dda11fd59df/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://91.214.78.178/094d58d3b8547ded/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://67.205.129.1/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://scionoutmatchsmoked.shop/b313d4a4588bd2e7bc9ece877caba58a.png | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://check.ooia.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://723486cm.nyashnyash.ru/httpapidownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://iejkbmggndnekad.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://a1081338.xsph.ru/6d4b10b1.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://touxzw.ir/jay/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://185.215.113.115/68b591d6548ec281/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.156.25.217/9ecaafe9aa22454a/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://185.219.81.41/6c1fe9b1ecc843b4/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://172.86.70.117/58edf5f2a726adf8/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://check.ooyu.site/ | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.auyo.site/ | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.yiui.site/gkcxv.google?i=c0b6fb47-ef83-415e-bbf1-61dea66be1f3 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.yiyy.site/ | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.cvdub.site/gkcxv.google?i=de885d54-bfcd-47e2-a0d8-43054753663f | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.cvdub.site/gkcxv.google?i=188c2a1a-bf4e-4c2b-9d63-60407f338d12 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.cvdub.site/gkcxv.google?i=0e8bb4ba-1c00-4581-a976-8f86083269f1 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttp://necobox.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://touxzw.ir/jay/five/pvqdq929bsx_a_d_m1n_a.php | LokiBot botnet C2 (confidence level: 100%) | |
urlhttp://127.0.0.1:443/wmg2 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://digittaldreams.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://79.110.49.155/cyb1/index.php | Azorult botnet C2 (confidence level: 75%) | |
urlhttps://pilulespascher.top/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://pilulespascher.top/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://pilulespascher.top/work/file.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://lakestreetsolar.com/33.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cozyhomevpibes.cyou/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://45.115.89.110:37918/mozi.m | Mozi payload delivery URL (confidence level: 75%) | |
urlhttps://telback.com/5t5y.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://telback.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://emildeeeabebggm.top/1.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.euuue.site/gkcxv.google?i=e0a285fb-d3c0-4a94-ba37-85292479a0da | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.byzi.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.byzi.site/gkcxv.google?i=afd3bdce-bad6-4613-95c8-9dfaac5cfb54 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttp://185.215.113.115/68b591d6548ec281/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://188.130.207.115/e17d80dfc540932e/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.156.27.196/1d61ed988ef797f7/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.156.27.196/1d61ed988ef797f7/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.156.25.217/9ecaafe9aa22454a/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://179.43.162.125/ac1767bd0d56c4c8/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://touxzw.ir/jay/five/pvqdq929bsx_a_d_m1n_a.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttp://www.0d8250a16e1.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.88av2908.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aatahmineh6.info/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ages-community-pravites.cloud/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ango.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.anguage-courses-26145.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.appyspuppys.store/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-inventory-98063.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arehouse-work-best-in.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ayday.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.commerce-14480.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dcvrt.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dtofuhouse.shop/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.edical-services-34002.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.efi-5.vip/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.efiadvisor.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.elwincoastalcarpets.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.fza.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gm2.biz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hanes.shop/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hebsidecollective.online/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hestudentcompass.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.igitalskool.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inglesdatingcourse2.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ityheaven.webcam/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.itytkam.store/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iu-vera-protezione.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ivechatapps-8450599.zone/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ivejasmin.photos/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iztrip.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jvdn.online/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.k76.lat/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.kslot777wow.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.l-apartments-for-rent-9n.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.laquepsoriasishelp.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lara-stefano-wedding.info/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfluencer-marketing-33606.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nfluencer-marketing-41961.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nline-advertising-76975.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.odspace.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ong-ya.info/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ontosesfericosmpaggoonline.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ortgage-44158.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ostto.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.otorcycle-bikes-price.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.otorcycle-loans-50524.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pkbike.shop/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pnsubscription.tech/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pps-36972.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pr8o4gu.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.qhealth.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ragrantdelightsco.online/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.recisiongyn.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.riafactor.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rightgroup.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.s-hoteles-en-benidorm-9n.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sedlaptopsit.today/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sxnjkai.icu/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.t45nj.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.toffer.xyz/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.utomation-tools-88072.bond/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vaxmobile.solutions/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.viora.net/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.yememecoin.online/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ystudy.tech/c07e/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://a1080505.xsph.ru/a227bf08.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://browser-storage.com/install.sh | AMOS botnet C2 (confidence level: 100%) | |
urlhttp://623127cm.nyashk.ru/linuxwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://deniszuz.beget.tech/0c424128.php | DCRat botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file43.156.239.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file69.30.247.252 | Remcos botnet C2 server (confidence level: 100%) | |
file45.141.84.139 | pupy botnet C2 server (confidence level: 100%) | |
file104.194.152.141 | pupy botnet C2 server (confidence level: 100%) | |
file185.205.210.59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.134.158 | Hook botnet C2 server (confidence level: 100%) | |
file67.205.129.1 | Hook botnet C2 server (confidence level: 100%) | |
file50.85.82.218 | Havoc botnet C2 server (confidence level: 100%) | |
file34.229.143.231 | Havoc botnet C2 server (confidence level: 100%) | |
file154.12.25.226 | DCRat botnet C2 server (confidence level: 100%) | |
file51.20.69.43 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.191.194.56 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.61.7.218 | PoshC2 botnet C2 server (confidence level: 100%) | |
file193.56.23.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.153.34.95 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.153.34.95 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file94.159.113.33 | Matanbuchus botnet C2 server (confidence level: 60%) | |
file31.209.14.46 | DarkComet botnet C2 server (confidence level: 100%) | |
file192.129.178.61 | Remcos botnet C2 server (confidence level: 100%) | |
file143.244.212.202 | Sliver botnet C2 server (confidence level: 100%) | |
file45.138.16.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.215.224.247 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.215.224.247 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.38.119.244 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.38.119.244 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file156.253.228.27 | Hook botnet C2 server (confidence level: 100%) | |
file31.13.224.229 | Venom RAT botnet C2 server (confidence level: 100%) | |
file69.4.232.1 | DCRat botnet C2 server (confidence level: 100%) | |
file13.125.59.142 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.126.245.58 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.126.245.58 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.126.245.58 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.154.35.46 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file172.247.194.229 | Kaiji botnet C2 server (confidence level: 100%) | |
file172.247.194.228 | Kaiji botnet C2 server (confidence level: 100%) | |
file36.50.135.137 | MooBot botnet C2 server (confidence level: 100%) | |
file38.180.142.165 | Chaos botnet C2 server (confidence level: 100%) | |
file85.239.54.99 | BianLian botnet C2 server (confidence level: 100%) | |
file101.35.45.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.106.55.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file141.164.46.40 | Sliver botnet C2 server (confidence level: 90%) | |
file82.115.18.229 | Havoc botnet C2 server (confidence level: 100%) | |
file91.209.135.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.55.187.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.32.33.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.110.217.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.43.130.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.236.120.64 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.204.193.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file170.64.170.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.12.160.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.127.121.38 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.64.170.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.233.140.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.48.42.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.111.9.7 | QakBot botnet C2 server (confidence level: 100%) | |
file94.156.105.55 | Remcos botnet C2 server (confidence level: 75%) | |
file24.112.49.153 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file213.0.57.229 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.26.222.89 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file18.195.252.109 | Unknown malware botnet C2 server (confidence level: 50%) | |
file80.78.24.144 | Unknown malware payload delivery server (confidence level: 75%) | |
file81.70.200.232 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file148.66.22.195 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.147.7.149 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file15.236.18.88 | BlackShades botnet C2 server (confidence level: 50%) | |
file3.26.178.179 | Unknown malware botnet C2 server (confidence level: 50%) | |
file157.10.12.107 | Mozi botnet C2 server (confidence level: 50%) | |
file194.59.31.33 | Remcos botnet C2 server (confidence level: 100%) | |
file24.199.109.180 | Sliver botnet C2 server (confidence level: 100%) | |
file123.11.254.147 | Unknown malware botnet C2 server (confidence level: 100%) | |
file136.0.157.45 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file195.177.95.232 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file52.212.234.248 | Havoc botnet C2 server (confidence level: 100%) | |
file165.73.253.35 | Venom RAT botnet C2 server (confidence level: 100%) | |
file85.202.163.151 | ERMAC botnet C2 server (confidence level: 100%) | |
file172.247.194.226 | Kaiji botnet C2 server (confidence level: 100%) | |
file172.247.194.230 | Kaiji botnet C2 server (confidence level: 100%) | |
file104.238.35.179 | BianLian botnet C2 server (confidence level: 100%) | |
file8.154.33.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.117.65.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file188.48.68.191 | QakBot botnet C2 server (confidence level: 75%) | |
file70.31.125.100 | QakBot botnet C2 server (confidence level: 75%) | |
file78.111.89.86 | DanaBot botnet C2 server (confidence level: 75%) | |
file91.84.106.171 | DanaBot botnet C2 server (confidence level: 75%) | |
file172.245.191.97 | Meterpreter botnet C2 server (confidence level: 75%) | |
file104.219.214.206 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.109.201.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.222.173.149 | DarkGate botnet C2 server (confidence level: 75%) | |
file24.199.109.180 | Sliver botnet C2 server (confidence level: 100%) | |
file107.175.209.187 | Sliver botnet C2 server (confidence level: 100%) | |
file195.211.190.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.58.56.94 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file191.96.166.74 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.215.224.248 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file15.157.62.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file91.209.135.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.32.217.138 | MimiKatz botnet C2 server (confidence level: 100%) | |
file195.133.92.192 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file147.185.221.25 | NjRAT botnet C2 server (confidence level: 100%) | |
file137.184.76.59 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file88.119.165.46 | SystemBC botnet C2 server (confidence level: 75%) | |
file88.119.165.46 | SystemBC botnet C2 server (confidence level: 75%) | |
file172.245.208.17 | Remcos botnet C2 server (confidence level: 75%) | |
file192.169.69.26 | Remcos botnet C2 server (confidence level: 75%) | |
file192.169.69.26 | Remcos botnet C2 server (confidence level: 75%) | |
file45.141.26.59 | XWorm botnet C2 server (confidence level: 75%) | |
file66.118.245.221 | XWorm botnet C2 server (confidence level: 75%) | |
file89.23.102.30 | XWorm botnet C2 server (confidence level: 75%) | |
file91.219.236.248 | XWorm botnet C2 server (confidence level: 75%) | |
file110.74.212.221 | XWorm botnet C2 server (confidence level: 75%) | |
file137.184.74.73 | XWorm botnet C2 server (confidence level: 75%) | |
file144.126.151.243 | XWorm botnet C2 server (confidence level: 75%) | |
file157.20.182.169 | XWorm botnet C2 server (confidence level: 75%) | |
file185.196.10.213 | XWorm botnet C2 server (confidence level: 75%) | |
file185.224.0.222 | XWorm botnet C2 server (confidence level: 75%) | |
file193.233.113.143 | XWorm botnet C2 server (confidence level: 75%) | |
file208.91.189.69 | XWorm botnet C2 server (confidence level: 75%) | |
file83.229.86.210 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file85.209.128.208 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file87.120.127.37 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file176.65.137.182 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file149.56.76.26 | Unknown malware botnet C2 server (confidence level: 75%) | |
file149.56.76.26 | Unknown malware botnet C2 server (confidence level: 75%) | |
file185.243.99.17 | Unknown malware botnet C2 server (confidence level: 75%) | |
file45.202.32.101 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file80.66.75.11 | Tofsee botnet C2 server (confidence level: 100%) | |
file5.181.159.62 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file59.110.136.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.151.89.109 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.179.128.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file179.100.49.224 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file179.111.55.98 | Venom RAT botnet C2 server (confidence level: 100%) | |
file45.61.151.96 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file172.212.166.30 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file159.75.164.33 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file101.35.235.124 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file156.224.19.17 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file184.169.215.70 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.93.24.229 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file185.247.224.119 | Sliver botnet C2 server (confidence level: 50%) | |
file54.153.235.52 | Unknown malware botnet C2 server (confidence level: 50%) | |
file192.210.222.81 | DanaBot botnet C2 server (confidence level: 100%) | |
file195.200.28.33 | GhostSocks botnet C2 server (confidence level: 100%) | |
file185.245.106.67 | GhostSocks botnet C2 server (confidence level: 100%) | |
file138.201.207.116 | AMOS botnet C2 server (confidence level: 100%) | |
file185.157.213.253 | GhostSocks botnet C2 server (confidence level: 100%) | |
file104.194.152.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file164.92.164.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file186.169.72.217 | Remcos botnet C2 server (confidence level: 100%) | |
file185.196.8.98 | Remcos botnet C2 server (confidence level: 100%) | |
file189.188.247.61 | Sliver botnet C2 server (confidence level: 100%) | |
file85.209.128.225 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.138.16.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.58.56.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.90.192.89 | SectopRAT botnet C2 server (confidence level: 100%) | |
file102.117.171.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.157.247.247 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.4.19 | DCRat botnet C2 server (confidence level: 100%) | |
file111.196.128.217 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file154.29.138.235 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file195.35.120.2 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file142.171.183.8 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file149.28.134.118 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file34.204.249.62 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file46.19.67.137 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file194.36.190.28 | Sliver botnet C2 server (confidence level: 50%) | |
file13.230.72.86 | Sliver botnet C2 server (confidence level: 50%) | |
file3.93.24.229 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.248.204.127 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file2.58.56.94 | AsyncRAT botnet C2 server (confidence level: 50%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash54184 | pupy botnet C2 server (confidence level: 100%) | |
hash8443 | pupy botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash2052 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4444 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 60%) | |
hash55555 | DarkComet botnet C2 server (confidence level: 100%) | |
hash5123 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash2025 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash25565 | DCRat botnet C2 server (confidence level: 100%) | |
hash46342 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9301 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash101 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2701 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash26352 | Kaiji botnet C2 server (confidence level: 100%) | |
hash26352 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash3783 | BianLian botnet C2 server (confidence level: 100%) | |
hash50001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash2345 | Remcos botnet C2 server (confidence level: 75%) | |
hash5051 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4321 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware payload delivery server (confidence level: 75%) | |
hash10081 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash3590 | BlackShades botnet C2 server (confidence level: 50%) | |
hash5009 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash38080 | Mozi botnet C2 server (confidence level: 50%) | |
hash3191 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash10443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash26352 | Kaiji botnet C2 server (confidence level: 100%) | |
hash26352 | Kaiji botnet C2 server (confidence level: 100%) | |
hash8081 | BianLian botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash35024 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash9999 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8008 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | DarkGate botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | Sliver botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash33332 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash47140 | NjRAT botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash5164 | SystemBC botnet C2 server (confidence level: 75%) | |
hash4000 | SystemBC botnet C2 server (confidence level: 75%) | |
hash1070 | Remcos botnet C2 server (confidence level: 75%) | |
hash1070 | Remcos botnet C2 server (confidence level: 75%) | |
hash5023 | Remcos botnet C2 server (confidence level: 75%) | |
hash8088 | XWorm botnet C2 server (confidence level: 75%) | |
hash3333 | XWorm botnet C2 server (confidence level: 75%) | |
hash1488 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash5556 | XWorm botnet C2 server (confidence level: 75%) | |
hash5000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash1515 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash7777 | XWorm botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hashfe1687c0e886d6fef7c5a135a54a7147214812b9cbf2952aeddb4838f1407a23 | Kimsuky payload (confidence level: 100%) | |
hash3d12638e57870c22df143418a2adfead | SideWinder payload (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash483 | Tofsee botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash37901 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash32222 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4949 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6667 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4063 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash22574 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash11690 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash443 | AMOS botnet C2 server (confidence level: 100%) | |
hash19771 | GhostSocks botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7920 | Remcos botnet C2 server (confidence level: 100%) | |
hash8883 | Sliver botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15648 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8000 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash17 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash7634 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash7001 | AsyncRAT botnet C2 server (confidence level: 50%) |
Threat ID: 682c7dc0e8347ec82d2d6c5f
Added to database: 5/20/2025, 1:04:00 PM
Last enriched: 6/19/2025, 3:50:42 PM
Last updated: 8/16/2025, 5:25:31 AM
Views: 13
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.