Skip to main content

ThreatFox IOCs for 2025-02-08

Medium
Published: Sat Feb 08 2025 (02/08/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-02-08

AI-Powered Analysis

AILast updated: 06/19/2025, 15:32:42 UTC

Technical Analysis

The provided threat intelligence concerns a malware-related entry titled 'ThreatFox IOCs for 2025-02-08' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under 'type:osint' and tagged with 'tlp:white', indicating that the information is intended for public sharing without restriction. The threat is described as malware, but no specific malware family, variant, or affected software versions are identified. There are no Common Weakness Enumerations (CWEs) or patch links provided, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or detection frequency. The absence of specific indicators of compromise (IOCs) such as hashes, IP addresses, or domains limits detailed technical analysis. Overall, the data appears to be a general update or collection of IOCs related to malware activity as of February 8, 2025, without direct attribution or detailed technical characteristics.

Potential Impact

Given the lack of detailed technical information, specific malware behavior, or targeted vulnerabilities, the potential impact on European organizations is difficult to quantify precisely. However, as a malware-related threat with moderate distribution, it could pose risks including unauthorized access, data exfiltration, disruption of services, or compromise of system integrity if the malware were to be deployed effectively. European organizations, especially those relying on open-source intelligence (OSINT) tools or platforms that might be indirectly related to the threat source, could face increased exposure to malware infections. The absence of known exploits in the wild suggests that immediate risk is limited, but the presence of IOCs indicates ongoing monitoring is necessary. Potential impacts include operational disruption, reputational damage, and financial loss, particularly for sectors with high-value data or critical infrastructure.

Mitigation Recommendations

1. Enhance Threat Intelligence Integration: European organizations should integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) and endpoint detection systems to improve early detection of related IOCs. 2. Proactive IOC Hunting: Conduct proactive threat hunting exercises using the latest IOCs from ThreatFox to identify potential infections or suspicious activities within the network. 3. Network Segmentation and Least Privilege: Implement strict network segmentation and enforce least privilege access controls to limit malware lateral movement if an infection occurs. 4. Regular Endpoint and Network Monitoring: Increase monitoring of endpoint behaviors and network traffic anomalies that could indicate malware presence, even in the absence of known signatures. 5. User Awareness and Training: Since no user interaction details are provided, maintain robust user training on phishing and social engineering to reduce infection vectors. 6. Patch Management: Although no patches are linked, maintain up-to-date patching of all systems to reduce exposure to known vulnerabilities that malware might exploit. 7. Incident Response Preparedness: Update incident response plans to include scenarios involving emerging malware threats identified through OSINT sources like ThreatFox.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
1c52773b-1db9-4774-b2f9-693d1cd381d2
Original Timestamp
1739059387

Indicators of Compromise

Domain

ValueDescriptionCopy
domaincheck.ouhoi.site
ClearFake payload delivery domain (confidence level: 100%)
domainadobe.azurefd.net
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.mypeaceofpeace.shop
Unknown malware botnet C2 domain (confidence level: 100%)
domainsolofeelings.shop
Unknown malware botnet C2 domain (confidence level: 100%)
domainool-4573c502.dyn.optonline.net
QakBot botnet C2 domain (confidence level: 100%)
domainnovermber12.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainnovermber12.freeddns.org
Remcos botnet C2 domain (confidence level: 50%)
domainjmvjpwl3o.localto.net
XWorm botnet C2 domain (confidence level: 50%)
domainjakker-udsalg.top
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainwebsitedirectory.top
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainwarmwhearts.cloud
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhub.unlimitedcashflowevent.com
FAKEUPDATES payload delivery domain (confidence level: 50%)
domainad59t82g.com
Winos botnet C2 domain (confidence level: 50%)
domaincounty-organize.gl.at.ply.gg
SpyNote botnet C2 domain (confidence level: 50%)
domainsep-reseller.gl.at.ply.gg
SpyNote botnet C2 domain (confidence level: 50%)
domaincheck.uydaa.site
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.aotoa.site
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.yenai.site
ClearFake payload delivery domain (confidence level: 100%)
domaina1077792.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1082834.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainsh1goto.org.swtest.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1082676.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1082777.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaindisgustingxtta.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmajestimowwer.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrelymowyiny.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainislandtosecod.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainvastactionu.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainoverwrougemny.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpennyspinng.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhtml.hfcxy.cn
Unknown malware botnet C2 domain (confidence level: 100%)
domainfeedback-both.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincheck.oiwea.site
ClearFake payload delivery domain (confidence level: 100%)
domainstarted-quotations.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfund-jacob.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincheck.iavau.site
ClearFake payload delivery domain (confidence level: 100%)
domaindance-accident.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainrights-regime.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainzirushsteal-25920.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainprivate123.duckdns.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domainvewifow477-24147.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainprogramming-identifying.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domaingriskid-49933.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainsearch-varies.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainjungsystem.zapto.org
Quasar RAT botnet C2 domain (confidence level: 100%)
domainpublic-anyway.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 100%)
domainnfasyn.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaingshvenomgb.twilightparadox.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainrelease-diseases.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbunnymax.bounceme.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domaingvdfhwrt-24202.portmap.host
AsyncRAT botnet C2 domain (confidence level: 100%)
domainkmdsanarchy.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindsdgsdfhg-32257.portmap.host
AsyncRAT botnet C2 domain (confidence level: 100%)
domainasyncyam.twilightparadox.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbunnymax2.dynathome.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainasygo.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainenerowins29.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainrtasyn.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainchyanarc.twilightparadox.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainman3x5.ooguy.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaineg3x6.giize.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainusb-transaction.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainafter-sent.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincross-real.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaingreatxwill3902.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaindsadsadsadasdasd-50351.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainhospital-ireland.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindec9402xwoo.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainprovides-looksmart.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainjks2b.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainfax-compliant.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsuch-suspect.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindownload-labs.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincnet-prostores.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainhsd1.in.comcast.net
XWorm botnet C2 domain (confidence level: 100%)
domainserver-belarus.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainnegapepe21.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainacross-guest.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsongs-excluding.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainip-nonprofit.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfat-couple.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainquestions-rendering.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincontract-released.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindetails-telescope.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainxwjamie.twilightparadox.com
XWorm botnet C2 domain (confidence level: 100%)
domaingreatxw3902.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainsafety-h.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincontract-virus.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindvd-crossword.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlive-heather.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaintherefore-faced.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlibrary-sr.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainwell-barbie.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainalso-nr.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainauthor-reflects.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlocations-often.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmoxhill3902.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaindec9402xwo.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainhead-annoying.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainclear-honors.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainhtml-savage.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainkxwrmf.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaingeneral-vermont.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmoxwill3902.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainpublications-electronic.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainduring-restriction.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsellers-spam.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsurface-toolbox.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainxmaswooonfortnite-60116.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainprobably-fields.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindec9402xwor.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaindnsdeerrorlehaxor.ddns.net
XWorm botnet C2 domain (confidence level: 100%)
domainco-ar.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmox3902.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domaingoogle-su.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincontent-jaguar.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainswiftcode.work
BADBOX botnet C2 domain (confidence level: 100%)
domainhome.1ztop.work
BADBOX botnet C2 domain (confidence level: 100%)
domainveezy.sitev
BADBOX botnet C2 domain (confidence level: 100%)
domainbluefish.work
BADBOX botnet C2 domain (confidence level: 100%)
domaincast.jutux.work
BADBOX botnet C2 domain (confidence level: 100%)
domaingiddy.cc
BADBOX botnet C2 domain (confidence level: 100%)
domainmtcpmpm.com
BADBOX botnet C2 domain (confidence level: 100%)
domainold.1ztop.work
BADBOX botnet C2 domain (confidence level: 100%)
domainpixelscast.com
BADBOX botnet C2 domain (confidence level: 100%)
domainpixlo.cc
BADBOX botnet C2 domain (confidence level: 100%)
domaintvsnapp.com
BADBOX botnet C2 domain (confidence level: 100%)
domainwww.jolted.vip
BADBOX botnet C2 domain (confidence level: 100%)
domainztword.com
BADBOX botnet C2 domain (confidence level: 100%)
domaincxzyr.com
BADBOX botnet C2 domain (confidence level: 100%)
domainpccyy.com
BADBOX botnet C2 domain (confidence level: 100%)
domainpcxrlback.com
BADBOX botnet C2 domain (confidence level: 100%)
domainsoyatea.online
BADBOX botnet C2 domain (confidence level: 100%)
domainyeniceri99-24578.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainstate-franklin.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaingoldbenquasar.boats
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincheck.yusio.site
ClearFake payload delivery domain (confidence level: 100%)
domaindurimri.sbs
Vidar botnet C2 domain (confidence level: 75%)
domainsuitstory.icu
Unknown Loader botnet C2 domain (confidence level: 100%)
domainadditionletter.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domainc1.unearnedexpressoutlying.shop
Lumma Stealer payload delivery domain (confidence level: 100%)
domaincheck.yejuo.site
ClearFake payload delivery domain (confidence level: 100%)
domaintxt95.dns05.com
GobRAT botnet C2 domain (confidence level: 100%)
domainsafewat.pro
Vidar botnet C2 domain (confidence level: 75%)
domaincheck.giky.site
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.husa.site
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.xony.site
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.jeka.site
ClearFake payload delivery domain (confidence level: 100%)
domaindnmep.com
magecart credit card skimming domain (confidence level: 100%)
domainmktflowi.com
magecart credit card skimming domain (confidence level: 100%)
domainstatspoot.com
magecart credit card skimming domain (confidence level: 100%)
domainanalyticcoms.com
magecart credit card skimming domain (confidence level: 100%)
domainwebdevelopers.tools
magecart credit card skimming domain (confidence level: 100%)
domainasme0534-51572.portmap.host
DCRat botnet C2 domain (confidence level: 50%)
domaintricodersvault.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domaintricodersvaulting.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domaintricodersvaultz.freemyip.com
Remcos botnet C2 domain (confidence level: 50%)
domainwelcomeabundance01.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainwelcomeabundancenow.duckdns.org
Remcos botnet C2 domain (confidence level: 50%)
domainfazstov-27218.portmap.host
SpyNote botnet C2 domain (confidence level: 50%)
domainwednju7d.ddns.net
XWorm botnet C2 domain (confidence level: 50%)

File

ValueDescriptionCopy
file165.154.224.116
Bashlite botnet C2 server (confidence level: 75%)
file82.153.79.9
Cobalt Strike botnet C2 server (confidence level: 100%)
file193.233.84.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.186.117.61
Remcos botnet C2 server (confidence level: 100%)
file78.84.239.187
AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.158.69
AsyncRAT botnet C2 server (confidence level: 100%)
file179.13.3.202
Quasar RAT botnet C2 server (confidence level: 100%)
file36.50.134.19
MooBot botnet C2 server (confidence level: 100%)
file174.136.229.54
Unknown malware botnet C2 server (confidence level: 100%)
file185.73.125.38
Latrodectus botnet C2 server (confidence level: 75%)
file109.248.151.187
AsyncRAT botnet C2 server (confidence level: 100%)
file35.158.210.132
NjRAT botnet C2 server (confidence level: 100%)
file3.66.38.117
NjRAT botnet C2 server (confidence level: 100%)
file3.69.157.220
NjRAT botnet C2 server (confidence level: 100%)
file3.69.115.178
NjRAT botnet C2 server (confidence level: 100%)
file52.28.247.255
NjRAT botnet C2 server (confidence level: 100%)
file35.177.80.151
Cobalt Strike botnet C2 server (confidence level: 75%)
file166.88.141.40
Cobalt Strike botnet C2 server (confidence level: 100%)
file202.63.172.114
Ghost RAT botnet C2 server (confidence level: 100%)
file188.126.90.11
Remcos botnet C2 server (confidence level: 100%)
file185.9.147.244
Sliver botnet C2 server (confidence level: 100%)
file81.17.28.123
Latrodectus botnet C2 server (confidence level: 75%)
file185.126.34.129
AsyncRAT botnet C2 server (confidence level: 100%)
file195.211.190.122
AsyncRAT botnet C2 server (confidence level: 100%)
file217.69.3.25
PoshC2 botnet C2 server (confidence level: 100%)
file172.191.149.124
AsyncRAT botnet C2 server (confidence level: 100%)
file37.148.207.247
Unknown malware botnet C2 server (confidence level: 100%)
file35.204.207.75
Unknown malware botnet C2 server (confidence level: 100%)
file3.250.203.73
Unknown malware botnet C2 server (confidence level: 100%)
file146.190.117.195
Unknown malware botnet C2 server (confidence level: 100%)
file3.72.80.237
Unknown malware botnet C2 server (confidence level: 100%)
file212.227.105.79
Unknown malware botnet C2 server (confidence level: 100%)
file13.250.55.125
Unknown malware botnet C2 server (confidence level: 100%)
file47.92.218.111
Unknown malware botnet C2 server (confidence level: 100%)
file137.184.125.174
Unknown malware botnet C2 server (confidence level: 100%)
file3.91.17.177
Unknown malware botnet C2 server (confidence level: 100%)
file8.219.161.236
Unknown malware botnet C2 server (confidence level: 100%)
file191.113.97.29
Unknown malware botnet C2 server (confidence level: 100%)
file44.201.195.125
Unknown malware botnet C2 server (confidence level: 100%)
file34.149.133.80
Unknown malware botnet C2 server (confidence level: 100%)
file184.82.103.23
Unknown malware botnet C2 server (confidence level: 100%)
file188.245.179.237
Unknown malware botnet C2 server (confidence level: 100%)
file63.176.91.87
Unknown malware botnet C2 server (confidence level: 100%)
file134.122.74.160
Sliver botnet C2 server (confidence level: 50%)
file157.230.225.92
Sliver botnet C2 server (confidence level: 50%)
file146.190.113.131
Sliver botnet C2 server (confidence level: 50%)
file194.32.142.49
Sliver botnet C2 server (confidence level: 50%)
file13.61.151.92
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.160.248.236
Xtreme RAT botnet C2 server (confidence level: 50%)
file189.40.200.58
Ghost RAT botnet C2 server (confidence level: 50%)
file46.246.6.9
DCRat botnet C2 server (confidence level: 50%)
file54.229.24.123
Unknown malware botnet C2 server (confidence level: 50%)
file112.242.128.25
Mozi botnet C2 server (confidence level: 50%)
file3.66.38.117
SpyNote botnet C2 server (confidence level: 50%)
file147.185.221.25
SpyNote botnet C2 server (confidence level: 50%)
file147.185.221.25
SpyNote botnet C2 server (confidence level: 50%)
file18.156.13.209
XWorm botnet C2 server (confidence level: 50%)
file18.130.208.155
Cobalt Strike botnet C2 server (confidence level: 50%)
file154.9.254.157
Cobalt Strike botnet C2 server (confidence level: 50%)
file8.154.18.17
Cobalt Strike botnet C2 server (confidence level: 50%)
file64.190.113.45
pupy botnet C2 server (confidence level: 100%)
file121.40.128.171
Sliver botnet C2 server (confidence level: 100%)
file8.218.244.117
ShadowPad botnet C2 server (confidence level: 90%)
file81.10.39.58
AsyncRAT botnet C2 server (confidence level: 100%)
file2.58.56.94
AsyncRAT botnet C2 server (confidence level: 100%)
file2.58.56.218
AsyncRAT botnet C2 server (confidence level: 100%)
file88.165.128.145
Quasar RAT botnet C2 server (confidence level: 100%)
file18.228.40.121
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file192.3.0.100
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.205.137.139
Unknown malware botnet C2 server (confidence level: 100%)
file122.51.65.190
Unknown malware botnet C2 server (confidence level: 100%)
file60.205.235.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.103.56.140
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.144.136.169
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.43.131.0
Cobalt Strike botnet C2 server (confidence level: 50%)
file49.0.246.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file54.217.43.187
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.65.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file206.206.78.27
Sliver botnet C2 server (confidence level: 50%)
file138.197.165.53
Sliver botnet C2 server (confidence level: 50%)
file72.5.43.40
Sliver botnet C2 server (confidence level: 50%)
file91.202.5.79
Unknown malware botnet C2 server (confidence level: 50%)
file13.125.69.10
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.95.33.218
Unknown malware botnet C2 server (confidence level: 50%)
file80.76.51.164
MooBot botnet C2 server (confidence level: 100%)
file91.107.253.114
Meterpreter botnet C2 server (confidence level: 75%)
file208.87.200.85
Cobalt Strike botnet C2 server (confidence level: 100%)
file2.58.56.250
Remcos botnet C2 server (confidence level: 100%)
file185.196.10.242
Remcos botnet C2 server (confidence level: 100%)
file191.96.207.70
AsyncRAT botnet C2 server (confidence level: 100%)
file78.179.128.55
AsyncRAT botnet C2 server (confidence level: 100%)
file193.35.17.242
Hook botnet C2 server (confidence level: 100%)
file13.244.67.163
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.78.33.28
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.185.68.219
FAKEUPDATES payload delivery server (confidence level: 100%)
file45.87.154.103
Quasar RAT botnet C2 server (confidence level: 100%)
file157.97.11.134
Quasar RAT botnet C2 server (confidence level: 100%)
file193.161.193.99
Quasar RAT botnet C2 server (confidence level: 100%)
file84.234.19.36
Quasar RAT botnet C2 server (confidence level: 100%)
file82.8.90.170
Quasar RAT botnet C2 server (confidence level: 100%)
file98.218.3.74
Quasar RAT botnet C2 server (confidence level: 100%)
file100.68.87.21
Quasar RAT botnet C2 server (confidence level: 100%)
file45.87.154.103
Quasar RAT botnet C2 server (confidence level: 100%)
file12.75.114.52
Quasar RAT botnet C2 server (confidence level: 100%)
file185.147.124.146
Quasar RAT botnet C2 server (confidence level: 100%)
file26.20.187.152
Quasar RAT botnet C2 server (confidence level: 100%)
file205.234.193.208
Quasar RAT botnet C2 server (confidence level: 100%)
file98.218.3.74
Quasar RAT botnet C2 server (confidence level: 100%)
file45.147.7.149
AsyncRAT botnet C2 server (confidence level: 100%)
file157.97.11.134
AsyncRAT botnet C2 server (confidence level: 100%)
file45.147.7.149
AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.142.172
AsyncRAT botnet C2 server (confidence level: 100%)
file109.248.151.171
AsyncRAT botnet C2 server (confidence level: 100%)
file105.101.189.52
AsyncRAT botnet C2 server (confidence level: 100%)
file195.177.94.54
AsyncRAT botnet C2 server (confidence level: 100%)
file45.147.7.149
AsyncRAT botnet C2 server (confidence level: 100%)
file94.103.125.153
XWorm botnet C2 server (confidence level: 100%)
file167.88.170.134
XWorm botnet C2 server (confidence level: 100%)
file217.64.97.31
XWorm botnet C2 server (confidence level: 100%)
file91.245.159.11
XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file176.96.137.181
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.25
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.25
XWorm botnet C2 server (confidence level: 100%)
file79.110.49.32
XWorm botnet C2 server (confidence level: 100%)
file141.98.157.249
XWorm botnet C2 server (confidence level: 100%)
file51.6.2.0
XWorm botnet C2 server (confidence level: 100%)
file108.174.197.90
XWorm botnet C2 server (confidence level: 100%)
file87.121.86.171
XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 100%)
file95.216.115.242
XWorm botnet C2 server (confidence level: 100%)
file103.145.58.236
BADBOX payload delivery server (confidence level: 100%)
file103.145.58.236
BADBOX payload delivery server (confidence level: 100%)
file174.77.180.50
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.125.69.10
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file59.224.83.160
DarkComet botnet C2 server (confidence level: 50%)
file5.178.3.137
DarkComet botnet C2 server (confidence level: 50%)
file34.30.154.127
Sliver botnet C2 server (confidence level: 50%)
file51.44.185.217
BlackShades botnet C2 server (confidence level: 50%)
file165.154.224.97
Unknown malware botnet C2 server (confidence level: 50%)
file142.161.78.123
Unknown malware botnet C2 server (confidence level: 50%)
file116.251.133.7
Nanocore RAT botnet C2 server (confidence level: 50%)
file5.75.215.154
Vidar botnet C2 server (confidence level: 75%)
file104.214.176.148
Unknown malware botnet C2 server (confidence level: 100%)
file68.168.118.3
DCRat botnet C2 server (confidence level: 100%)
file13.245.230.73
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file5.231.70.214
Tsunami botnet C2 server (confidence level: 75%)
file159.100.19.137
AsyncRAT botnet C2 server (confidence level: 75%)
file121.147.158.132
Ghost RAT botnet C2 server (confidence level: 100%)
file138.124.110.255
Unknown malware botnet C2 server (confidence level: 75%)
file138.124.110.255
Unknown malware botnet C2 server (confidence level: 75%)
file138.124.110.255
Unknown malware botnet C2 server (confidence level: 75%)
file37.44.238.88
Mirai botnet C2 server (confidence level: 75%)
file45.92.216.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.129.181.103
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.149.241.39
AsyncRAT botnet C2 server (confidence level: 100%)
file54.196.199.243
AsyncRAT botnet C2 server (confidence level: 100%)
file78.179.128.55
AsyncRAT botnet C2 server (confidence level: 100%)
file45.154.98.238
Venom RAT botnet C2 server (confidence level: 100%)
file46.246.4.18
DCRat botnet C2 server (confidence level: 100%)
file43.199.119.135
DCRat botnet C2 server (confidence level: 100%)
file15.222.7.86
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file23.94.247.46
Kaiji botnet C2 server (confidence level: 100%)
file47.76.174.45
Unknown malware botnet C2 server (confidence level: 100%)
file93.123.109.163
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.229.9.27
BianLian botnet C2 server (confidence level: 100%)
file15.236.43.82
Sliver botnet C2 server (confidence level: 75%)
file154.83.16.85
Unknown malware botnet C2 server (confidence level: 75%)
file159.65.194.92
Cobalt Strike botnet C2 server (confidence level: 90%)
file159.224.83.160
DarkComet botnet C2 server (confidence level: 50%)
file45.77.110.173
Unknown RAT botnet C2 server (confidence level: 50%)
file217.156.50.170
DCRat botnet C2 server (confidence level: 50%)
file154.176.157.95
XWorm botnet C2 server (confidence level: 50%)
file54.217.43.187
Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash443
Bashlite botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9373
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8082
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash49181
AsyncRAT botnet C2 server (confidence level: 100%)
hash1337
NjRAT botnet C2 server (confidence level: 100%)
hash12482
NjRAT botnet C2 server (confidence level: 100%)
hash12482
NjRAT botnet C2 server (confidence level: 100%)
hash12482
NjRAT botnet C2 server (confidence level: 100%)
hash12482
NjRAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash47779
Ghost RAT botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Latrodectus botnet C2 server (confidence level: 75%)
hash6004
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash8443
PoshC2 botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4141
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash37
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80
Xtreme RAT botnet C2 server (confidence level: 50%)
hash443
Ghost RAT botnet C2 server (confidence level: 50%)
hash9000
DCRat botnet C2 server (confidence level: 50%)
hash992
Unknown malware botnet C2 server (confidence level: 50%)
hash49153
Mozi botnet C2 server (confidence level: 50%)
hash16230
SpyNote botnet C2 server (confidence level: 50%)
hash42470
SpyNote botnet C2 server (confidence level: 50%)
hash51936
SpyNote botnet C2 server (confidence level: 50%)
hash17223
XWorm botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash444
Cobalt Strike botnet C2 server (confidence level: 50%)
hash12356
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash38001
Sliver botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 90%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash555
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash20000
Quasar RAT botnet C2 server (confidence level: 100%)
hash4242
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4043
Unknown malware botnet C2 server (confidence level: 100%)
hash4841
Unknown malware botnet C2 server (confidence level: 100%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash87
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash4443
Unknown malware botnet C2 server (confidence level: 50%)
hash4506
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash666
Unknown malware botnet C2 server (confidence level: 50%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash8880
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash5552
Remcos botnet C2 server (confidence level: 100%)
hash777
AsyncRAT botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash8082
Hook botnet C2 server (confidence level: 100%)
hash4242
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash9119
Quasar RAT botnet C2 server (confidence level: 100%)
hash31740
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash6606
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash5050
Quasar RAT botnet C2 server (confidence level: 100%)
hash5552
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash4800
Quasar RAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash8080
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash63393
AsyncRAT botnet C2 server (confidence level: 100%)
hash38394
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash1888
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash23432
XWorm botnet C2 server (confidence level: 100%)
hash37264
XWorm botnet C2 server (confidence level: 100%)
hash1111
XWorm botnet C2 server (confidence level: 100%)
hash48596
XWorm botnet C2 server (confidence level: 100%)
hash49967
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash5060
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7756
XWorm botnet C2 server (confidence level: 100%)
hash30448
XWorm botnet C2 server (confidence level: 100%)
hash33333
XWorm botnet C2 server (confidence level: 100%)
hash80
BADBOX payload delivery server (confidence level: 100%)
hash443
BADBOX payload delivery server (confidence level: 100%)
hash8540
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3306
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash636
BlackShades botnet C2 server (confidence level: 50%)
hash8888
Unknown malware botnet C2 server (confidence level: 50%)
hash1926
Unknown malware botnet C2 server (confidence level: 50%)
hash27572
Nanocore RAT botnet C2 server (confidence level: 50%)
hash443
Vidar botnet C2 server (confidence level: 75%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8848
DCRat botnet C2 server (confidence level: 100%)
hash6462
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1252
Tsunami botnet C2 server (confidence level: 75%)
hash8808
AsyncRAT botnet C2 server (confidence level: 75%)
hash10798
Ghost RAT botnet C2 server (confidence level: 100%)
hash1337
Unknown malware botnet C2 server (confidence level: 75%)
hash999
Unknown malware botnet C2 server (confidence level: 75%)
hash2115
Unknown malware botnet C2 server (confidence level: 75%)
hash443
Mirai botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash5500
AsyncRAT botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash8000
DCRat botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash14125
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
Kaiji botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash465
BianLian botnet C2 server (confidence level: 100%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 90%)
hash1604
DarkComet botnet C2 server (confidence level: 50%)
hash4443
Unknown RAT botnet C2 server (confidence level: 50%)
hash5901
DCRat botnet C2 server (confidence level: 50%)
hash8000
XWorm botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://bluemoonland.xyz/mzzkntlintu4ndhl/
Coper botnet C2 (confidence level: 100%)
urlhttp://mstrelaz.beget.tech/a32cf900.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://703035cm.nyashk.ru/externaleternalvmjavascriptgeneratorlocal.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://web3373.craft-host.ru/javascriptgeo.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://cd60197.tw1.ru/l1nc0in.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://568327cm.shnyash.ru/trafficwp.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://188.130.207.115/e17d80dfc540932e/sqlite3.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://45.156.27.196/1d61ed988ef797f7/mozglue.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://147.45.47.86/12182f9d6e8b5491/vcruntime140.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttps://check.ouhoi.site/gkcxv.google
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.budu.site/
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.budu.site/gkcxv.google?i=e3475c87-98a8-4f23-a839-a902062dfa20
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.eybiu.site/
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.budu.site/gkcxv.google?i=7b88c62d-73f0-4f69-818f-4456aca3fae5
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.euuue.site/gkcxv.google?i=01b4fc6e-3540-4717-9806-c19e7485f8ea
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.yiui.site/gkcxv.google?i=c4ad26fe-f98d-43ea-b9d6-1091cc6be014
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://check.budu.site/gkcxv.google?i=1bdb82b9-86d9-4358-a730-d1fbdc7481d5
ClearFake payload delivery URL (confidence level: 50%)
urlhttps://pennyspinng.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://overwrougemny.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://vastactionu.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://relymowyiny.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://islandtosecod.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://majestimowwer.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://disgustingxtta.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://greenearoth.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://mixermixedo.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://ignoredshee.com/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://955792cm.nyashk.ru/imagevideo_httppacketprocessprocessorservercentraldownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1080708.xsph.ru/60b2656b.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://cg26785.tw1.ru/dbd57405.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://tranqnuilserenity.pics/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot5019103854:aahucpcsuohfpsmzndwo7zf0kh52dpfsqqc/sendmessage
AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7510448331:aahcyty6_57dvl2jru6mtciygbce2spzjjg/sendmessage
AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7874496080:aagupyfnep3wfkcsc3q_wev1owfhhnk_jak/sendmessage
AsyncRAT botnet C2 (confidence level: 100%)
urlhttp://165.154.224.97:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://suitstory.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://lightffntasy.help/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cozycojrner.cyou/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://37.120.238.179/
RecordBreaker botnet C2 (confidence level: 100%)
urlhttp://a1080904.xsph.ru/6abfc538.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://ci07006.tw1.ru/8f720c6d.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://ratts.s07002yx.beget.tech/ee8b11fa.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://a1081724.xsph.ru/5b1f58d7.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 682c7dc0e8347ec82d2d6782

Added to database: 5/20/2025, 1:04:00 PM

Last enriched: 6/19/2025, 3:32:42 PM

Last updated: 8/16/2025, 2:39:07 PM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats