ThreatFox IOCs for 2025-02-08
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-08
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related entry titled 'ThreatFox IOCs for 2025-02-08' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under 'type:osint' and tagged with 'tlp:white', indicating that the information is intended for public sharing without restriction. The threat is described as malware, but no specific malware family, variant, or affected software versions are identified. There are no Common Weakness Enumerations (CWEs) or patch links provided, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or detection frequency. The absence of specific indicators of compromise (IOCs) such as hashes, IP addresses, or domains limits detailed technical analysis. Overall, the data appears to be a general update or collection of IOCs related to malware activity as of February 8, 2025, without direct attribution or detailed technical characteristics.
Potential Impact
Given the lack of detailed technical information, specific malware behavior, or targeted vulnerabilities, the potential impact on European organizations is difficult to quantify precisely. However, as a malware-related threat with moderate distribution, it could pose risks including unauthorized access, data exfiltration, disruption of services, or compromise of system integrity if the malware were to be deployed effectively. European organizations, especially those relying on open-source intelligence (OSINT) tools or platforms that might be indirectly related to the threat source, could face increased exposure to malware infections. The absence of known exploits in the wild suggests that immediate risk is limited, but the presence of IOCs indicates ongoing monitoring is necessary. Potential impacts include operational disruption, reputational damage, and financial loss, particularly for sectors with high-value data or critical infrastructure.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: European organizations should integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) and endpoint detection systems to improve early detection of related IOCs. 2. Proactive IOC Hunting: Conduct proactive threat hunting exercises using the latest IOCs from ThreatFox to identify potential infections or suspicious activities within the network. 3. Network Segmentation and Least Privilege: Implement strict network segmentation and enforce least privilege access controls to limit malware lateral movement if an infection occurs. 4. Regular Endpoint and Network Monitoring: Increase monitoring of endpoint behaviors and network traffic anomalies that could indicate malware presence, even in the absence of known signatures. 5. User Awareness and Training: Since no user interaction details are provided, maintain robust user training on phishing and social engineering to reduce infection vectors. 6. Patch Management: Although no patches are linked, maintain up-to-date patching of all systems to reduce exposure to known vulnerabilities that malware might exploit. 7. Incident Response Preparedness: Update incident response plans to include scenarios involving emerging malware threats identified through OSINT sources like ThreatFox.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- domain: check.ouhoi.site
- file: 165.154.224.116
- hash: 443
- url: https://bluemoonland.xyz/mzzkntlintu4ndhl/
- file: 82.153.79.9
- hash: 80
- file: 193.233.84.16
- hash: 80
- file: 103.186.117.61
- hash: 9373
- file: 78.84.239.187
- hash: 8808
- file: 198.23.158.69
- hash: 6606
- file: 179.13.3.202
- hash: 8082
- file: 36.50.134.19
- hash: 80
- file: 174.136.229.54
- hash: 3333
- file: 185.73.125.38
- hash: 443
- url: http://mstrelaz.beget.tech/a32cf900.php
- file: 109.248.151.187
- hash: 49181
- file: 35.158.210.132
- hash: 1337
- file: 3.66.38.117
- hash: 12482
- file: 3.69.157.220
- hash: 12482
- file: 3.69.115.178
- hash: 12482
- file: 52.28.247.255
- hash: 12482
- url: http://703035cm.nyashk.ru/externaleternalvmjavascriptgeneratorlocal.php
- domain: adobe.azurefd.net
- file: 35.177.80.151
- hash: 443
- url: http://web3373.craft-host.ru/javascriptgeo.php
- url: http://cd60197.tw1.ru/l1nc0in.php
- file: 166.88.141.40
- hash: 443
- file: 202.63.172.114
- hash: 47779
- file: 188.126.90.11
- hash: 2404
- file: 185.9.147.244
- hash: 443
- file: 81.17.28.123
- hash: 443
- file: 185.126.34.129
- hash: 6004
- file: 195.211.190.122
- hash: 6606
- file: 217.69.3.25
- hash: 8443
- file: 172.191.149.124
- hash: 8808
- domain: www.mypeaceofpeace.shop
- domain: solofeelings.shop
- file: 37.148.207.247
- hash: 3333
- file: 35.204.207.75
- hash: 4141
- file: 3.250.203.73
- hash: 3333
- file: 146.190.117.195
- hash: 443
- file: 3.72.80.237
- hash: 3333
- file: 212.227.105.79
- hash: 3333
- file: 13.250.55.125
- hash: 443
- file: 47.92.218.111
- hash: 8080
- file: 137.184.125.174
- hash: 3333
- file: 3.91.17.177
- hash: 3333
- file: 8.219.161.236
- hash: 8080
- file: 191.113.97.29
- hash: 8080
- file: 44.201.195.125
- hash: 3333
- file: 34.149.133.80
- hash: 443
- file: 184.82.103.23
- hash: 443
- file: 188.245.179.237
- hash: 3333
- file: 63.176.91.87
- hash: 80
- domain: ool-4573c502.dyn.optonline.net
- file: 134.122.74.160
- hash: 31337
- file: 157.230.225.92
- hash: 31337
- file: 146.190.113.131
- hash: 31337
- file: 194.32.142.49
- hash: 31337
- file: 13.61.151.92
- hash: 37
- file: 3.160.248.236
- hash: 80
- file: 189.40.200.58
- hash: 443
- file: 46.246.6.9
- hash: 9000
- url: http://568327cm.shnyash.ru/trafficwp.php
- file: 54.229.24.123
- hash: 992
- file: 112.242.128.25
- hash: 49153
- url: http://188.130.207.115/e17d80dfc540932e/sqlite3.dll
- url: http://45.156.27.196/1d61ed988ef797f7/mozglue.dll
- url: http://147.45.47.86/12182f9d6e8b5491/vcruntime140.dll
- url: https://check.ouhoi.site/gkcxv.google
- url: https://check.budu.site/
- url: https://check.budu.site/gkcxv.google?i=e3475c87-98a8-4f23-a839-a902062dfa20
- url: https://check.eybiu.site/
- url: https://check.budu.site/gkcxv.google?i=7b88c62d-73f0-4f69-818f-4456aca3fae5
- url: https://check.euuue.site/gkcxv.google?i=01b4fc6e-3540-4717-9806-c19e7485f8ea
- url: https://check.yiui.site/gkcxv.google?i=c4ad26fe-f98d-43ea-b9d6-1091cc6be014
- url: https://check.budu.site/gkcxv.google?i=1bdb82b9-86d9-4358-a730-d1fbdc7481d5
- domain: novermber12.duckdns.org
- domain: novermber12.freeddns.org
- domain: jmvjpwl3o.localto.net
- domain: jakker-udsalg.top
- domain: websitedirectory.top
- domain: warmwhearts.cloud
- domain: hub.unlimitedcashflowevent.com
- domain: ad59t82g.com
- file: 3.66.38.117
- hash: 16230
- file: 147.185.221.25
- hash: 42470
- file: 147.185.221.25
- hash: 51936
- domain: county-organize.gl.at.ply.gg
- domain: sep-reseller.gl.at.ply.gg
- file: 18.156.13.209
- hash: 17223
- file: 18.130.208.155
- hash: 443
- file: 154.9.254.157
- hash: 444
- file: 8.154.18.17
- hash: 12356
- domain: check.uydaa.site
- domain: check.aotoa.site
- file: 64.190.113.45
- hash: 443
- file: 121.40.128.171
- hash: 38001
- file: 8.218.244.117
- hash: 53
- file: 81.10.39.58
- hash: 8888
- file: 2.58.56.94
- hash: 555
- file: 2.58.56.218
- hash: 6606
- file: 88.165.128.145
- hash: 20000
- file: 18.228.40.121
- hash: 4242
- domain: check.yenai.site
- domain: a1077792.xsph.ru
- domain: f1082834.xsph.ru
- domain: sh1goto.org.swtest.ru
- domain: a1082676.xsph.ru
- domain: f1082777.xsph.ru
- domain: disgustingxtta.shop
- domain: majestimowwer.shop
- domain: relymowyiny.shop
- domain: islandtosecod.shop
- domain: vastactionu.shop
- domain: overwrougemny.shop
- domain: pennyspinng.shop
- file: 192.3.0.100
- hash: 443
- url: https://pennyspinng.shop/api
- url: https://overwrougemny.shop/api
- url: https://vastactionu.shop/api
- url: https://relymowyiny.shop/api
- url: https://islandtosecod.shop/api
- url: https://majestimowwer.shop/api
- url: https://disgustingxtta.shop/api
- url: https://greenearoth.cyou/api
- url: https://mixermixedo.click/api
- url: https://ignoredshee.com/api
- file: 154.205.137.139
- hash: 4043
- file: 122.51.65.190
- hash: 4841
- domain: html.hfcxy.cn
- file: 60.205.235.97
- hash: 8001
- file: 39.103.56.140
- hash: 87
- file: 45.144.136.169
- hash: 80
- file: 121.43.131.0
- hash: 50050
- file: 49.0.246.64
- hash: 4444
- file: 54.217.43.187
- hash: 443
- file: 107.174.65.76
- hash: 4444
- file: 206.206.78.27
- hash: 31337
- file: 138.197.165.53
- hash: 31337
- file: 72.5.43.40
- hash: 31337
- file: 91.202.5.79
- hash: 4443
- file: 13.125.69.10
- hash: 4506
- file: 54.95.33.218
- hash: 666
- domain: feedback-both.gl.at.ply.gg
- domain: check.oiwea.site
- file: 80.76.51.164
- hash: 80
- url: http://955792cm.nyashk.ru/imagevideo_httppacketprocessprocessorservercentraldownloads.php
- domain: started-quotations.gl.at.ply.gg
- domain: fund-jacob.gl.at.ply.gg
- url: http://a1080708.xsph.ru/60b2656b.php
- url: http://cg26785.tw1.ru/dbd57405.php
- file: 91.107.253.114
- hash: 443
- domain: check.iavau.site
- file: 208.87.200.85
- hash: 8880
- file: 2.58.56.250
- hash: 2404
- file: 185.196.10.242
- hash: 5552
- file: 191.96.207.70
- hash: 777
- file: 78.179.128.55
- hash: 888
- file: 193.35.17.242
- hash: 8082
- file: 13.244.67.163
- hash: 4242
- file: 34.78.33.28
- hash: 80
- file: 185.185.68.219
- hash: 443
- url: https://tranqnuilserenity.pics/api
- domain: dance-accident.gl.at.ply.gg
- domain: rights-regime.gl.at.ply.gg
- domain: zirushsteal-25920.portmap.host
- domain: private123.duckdns.org
- domain: vewifow477-24147.portmap.host
- domain: programming-identifying.gl.at.ply.gg
- domain: griskid-49933.portmap.host
- domain: search-varies.gl.at.ply.gg
- domain: jungsystem.zapto.org
- file: 45.87.154.103
- hash: 4782
- file: 157.97.11.134
- hash: 9119
- file: 193.161.193.99
- hash: 31740
- file: 84.234.19.36
- hash: 4782
- file: 82.8.90.170
- hash: 6606
- file: 98.218.3.74
- hash: 4782
- file: 100.68.87.21
- hash: 5050
- file: 45.87.154.103
- hash: 5552
- file: 12.75.114.52
- hash: 4782
- file: 185.147.124.146
- hash: 4782
- file: 26.20.187.152
- hash: 4782
- file: 205.234.193.208
- hash: 4782
- file: 98.218.3.74
- hash: 4800
- domain: public-anyway.gl.at.ply.gg
- domain: nfasyn.duckdns.org
- domain: gshvenomgb.twilightparadox.com
- domain: release-diseases.gl.at.ply.gg
- domain: bunnymax.bounceme.net
- domain: gvdfhwrt-24202.portmap.host
- domain: kmdsanarchy.duckdns.org
- domain: dsdgsdfhg-32257.portmap.host
- domain: asyncyam.twilightparadox.com
- domain: bunnymax2.dynathome.net
- domain: asygo.duckdns.org
- domain: enerowins29.duckdns.org
- domain: rtasyn.duckdns.org
- domain: chyanarc.twilightparadox.com
- domain: man3x5.ooguy.com
- domain: eg3x6.giize.com
- url: https://api.telegram.org/bot5019103854:aahucpcsuohfpsmzndwo7zf0kh52dpfsqqc/sendmessage
- url: https://api.telegram.org/bot7510448331:aahcyty6_57dvl2jru6mtciygbce2spzjjg/sendmessage
- url: https://api.telegram.org/bot7874496080:aagupyfnep3wfkcsc3q_wev1owfhhnk_jak/sendmessage
- file: 45.147.7.149
- hash: 7707
- file: 157.97.11.134
- hash: 8080
- file: 45.147.7.149
- hash: 8808
- file: 176.65.142.172
- hash: 4449
- file: 109.248.151.171
- hash: 63393
- file: 105.101.189.52
- hash: 38394
- file: 195.177.94.54
- hash: 4449
- file: 45.147.7.149
- hash: 6606
- domain: usb-transaction.gl.at.ply.gg
- domain: after-sent.gl.at.ply.gg
- domain: cross-real.gl.at.ply.gg
- domain: greatxwill3902.duckdns.org
- domain: dsadsadsadasdasd-50351.portmap.host
- domain: hospital-ireland.gl.at.ply.gg
- domain: dec9402xwoo.duckdns.org
- domain: provides-looksmart.gl.at.ply.gg
- domain: jks2b.duckdns.org
- domain: fax-compliant.gl.at.ply.gg
- domain: such-suspect.gl.at.ply.gg
- domain: download-labs.gl.at.ply.gg
- domain: cnet-prostores.gl.at.ply.gg
- domain: hsd1.in.comcast.net
- domain: server-belarus.gl.at.ply.gg
- domain: negapepe21.duckdns.org
- domain: across-guest.gl.at.ply.gg
- domain: songs-excluding.gl.at.ply.gg
- domain: ip-nonprofit.gl.at.ply.gg
- domain: fat-couple.gl.at.ply.gg
- domain: questions-rendering.gl.at.ply.gg
- domain: contract-released.gl.at.ply.gg
- domain: details-telescope.gl.at.ply.gg
- domain: xwjamie.twilightparadox.com
- domain: greatxw3902.duckdns.org
- domain: safety-h.gl.at.ply.gg
- domain: contract-virus.gl.at.ply.gg
- domain: dvd-crossword.gl.at.ply.gg
- domain: live-heather.gl.at.ply.gg
- domain: therefore-faced.gl.at.ply.gg
- domain: library-sr.gl.at.ply.gg
- domain: well-barbie.gl.at.ply.gg
- domain: also-nr.gl.at.ply.gg
- domain: author-reflects.gl.at.ply.gg
- domain: locations-often.gl.at.ply.gg
- domain: moxhill3902.duckdns.org
- domain: dec9402xwo.duckdns.org
- domain: head-annoying.gl.at.ply.gg
- domain: clear-honors.gl.at.ply.gg
- domain: html-savage.gl.at.ply.gg
- domain: kxwrmf.duckdns.org
- domain: general-vermont.gl.at.ply.gg
- domain: moxwill3902.duckdns.org
- domain: publications-electronic.gl.at.ply.gg
- domain: during-restriction.gl.at.ply.gg
- domain: sellers-spam.gl.at.ply.gg
- domain: surface-toolbox.gl.at.ply.gg
- domain: xmaswooonfortnite-60116.portmap.host
- domain: probably-fields.gl.at.ply.gg
- domain: dec9402xwor.duckdns.org
- domain: dnsdeerrorlehaxor.ddns.net
- domain: co-ar.gl.at.ply.gg
- domain: mox3902.duckdns.org
- domain: google-su.gl.at.ply.gg
- domain: content-jaguar.gl.at.ply.gg
- file: 94.103.125.153
- hash: 1888
- file: 167.88.170.134
- hash: 7000
- file: 217.64.97.31
- hash: 7000
- file: 91.245.159.11
- hash: 23432
- file: 193.161.193.99
- hash: 37264
- file: 176.96.137.181
- hash: 1111
- file: 147.185.221.25
- hash: 48596
- file: 147.185.221.25
- hash: 49967
- file: 79.110.49.32
- hash: 7000
- file: 141.98.157.249
- hash: 5060
- file: 51.6.2.0
- hash: 7000
- file: 108.174.197.90
- hash: 7000
- file: 87.121.86.171
- hash: 7756
- file: 193.161.193.99
- hash: 30448
- file: 95.216.115.242
- hash: 33333
- domain: swiftcode.work
- domain: home.1ztop.work
- domain: veezy.sitev
- domain: bluefish.work
- domain: cast.jutux.work
- domain: giddy.cc
- domain: mtcpmpm.com
- domain: old.1ztop.work
- domain: pixelscast.com
- domain: pixlo.cc
- domain: tvsnapp.com
- domain: www.jolted.vip
- domain: ztword.com
- domain: cxzyr.com
- domain: pccyy.com
- domain: pcxrlback.com
- domain: soyatea.online
- file: 103.145.58.236
- hash: 80
- file: 103.145.58.236
- hash: 443
- file: 174.77.180.50
- hash: 8540
- file: 13.125.69.10
- hash: 3306
- file: 59.224.83.160
- hash: 1604
- file: 5.178.3.137
- hash: 1604
- file: 34.30.154.127
- hash: 31337
- file: 51.44.185.217
- hash: 636
- file: 165.154.224.97
- hash: 8888
- file: 142.161.78.123
- hash: 1926
- file: 116.251.133.7
- hash: 27572
- domain: yeniceri99-24578.portmap.io
- domain: state-franklin.gl.at.ply.gg
- domain: goldbenquasar.boats
- domain: check.yusio.site
- url: http://165.154.224.97:8888/supershell/login/
- domain: durimri.sbs
- file: 5.75.215.154
- hash: 443
- url: https://suitstory.icu/art.php
- domain: suitstory.icu
- domain: additionletter.xyz
- domain: c1.unearnedexpressoutlying.shop
- domain: check.yejuo.site
- domain: txt95.dns05.com
- domain: safewat.pro
- domain: check.giky.site
- url: https://lightffntasy.help/api
- url: https://cozycojrner.cyou/api
- file: 104.214.176.148
- hash: 8888
- file: 68.168.118.3
- hash: 8848
- file: 13.245.230.73
- hash: 6462
- url: http://37.120.238.179/
- url: http://a1080904.xsph.ru/6abfc538.php
- file: 5.231.70.214
- hash: 1252
- file: 159.100.19.137
- hash: 8808
- domain: check.husa.site
- domain: check.xony.site
- file: 121.147.158.132
- hash: 10798
- domain: check.jeka.site
- domain: dnmep.com
- domain: mktflowi.com
- domain: statspoot.com
- domain: analyticcoms.com
- domain: webdevelopers.tools
- file: 138.124.110.255
- hash: 1337
- file: 138.124.110.255
- hash: 999
- file: 138.124.110.255
- hash: 2115
- file: 37.44.238.88
- hash: 443
- url: http://ci07006.tw1.ru/8f720c6d.php
- file: 45.92.216.197
- hash: 443
- file: 104.129.181.103
- hash: 8089
- file: 45.149.241.39
- hash: 4444
- file: 54.196.199.243
- hash: 8808
- file: 78.179.128.55
- hash: 5500
- file: 45.154.98.238
- hash: 4449
- file: 46.246.4.18
- hash: 8000
- file: 43.199.119.135
- hash: 443
- file: 15.222.7.86
- hash: 14125
- file: 23.94.247.46
- hash: 8080
- file: 47.76.174.45
- hash: 443
- file: 93.123.109.163
- hash: 8000
- file: 185.229.9.27
- hash: 465
- file: 15.236.43.82
- hash: 8888
- file: 154.83.16.85
- hash: 60000
- file: 159.65.194.92
- hash: 443
- file: 159.224.83.160
- hash: 1604
- file: 45.77.110.173
- hash: 4443
- domain: asme0534-51572.portmap.host
- file: 217.156.50.170
- hash: 5901
- domain: tricodersvault.duckdns.org
- domain: tricodersvaulting.duckdns.org
- domain: tricodersvaultz.freemyip.com
- domain: welcomeabundance01.duckdns.org
- domain: welcomeabundancenow.duckdns.org
- domain: fazstov-27218.portmap.host
- domain: wednju7d.ddns.net
- file: 154.176.157.95
- hash: 8000
- file: 54.217.43.187
- hash: 80
- url: http://ratts.s07002yx.beget.tech/ee8b11fa.php
- url: http://a1081724.xsph.ru/5b1f58d7.php
ThreatFox IOCs for 2025-02-08
Medium
Published: Sat Feb 08 2025 (02/08/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-08
AI-Powered Analysis
AILast updated: 06/19/2025, 15:32:42 UTC
Technical Analysis
The provided threat intelligence concerns a malware-related entry titled 'ThreatFox IOCs for 2025-02-08' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under 'type:osint' and tagged with 'tlp:white', indicating that the information is intended for public sharing without restriction. The threat is described as malware, but no specific malware family, variant, or affected software versions are identified. There are no Common Weakness Enumerations (CWEs) or patch links provided, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or detection frequency. The absence of specific indicators of compromise (IOCs) such as hashes, IP addresses, or domains limits detailed technical analysis. Overall, the data appears to be a general update or collection of IOCs related to malware activity as of February 8, 2025, without direct attribution or detailed technical characteristics.
Potential Impact
Given the lack of detailed technical information, specific malware behavior, or targeted vulnerabilities, the potential impact on European organizations is difficult to quantify precisely. However, as a malware-related threat with moderate distribution, it could pose risks including unauthorized access, data exfiltration, disruption of services, or compromise of system integrity if the malware were to be deployed effectively. European organizations, especially those relying on open-source intelligence (OSINT) tools or platforms that might be indirectly related to the threat source, could face increased exposure to malware infections. The absence of known exploits in the wild suggests that immediate risk is limited, but the presence of IOCs indicates ongoing monitoring is necessary. Potential impacts include operational disruption, reputational damage, and financial loss, particularly for sectors with high-value data or critical infrastructure.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: European organizations should integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) and endpoint detection systems to improve early detection of related IOCs. 2. Proactive IOC Hunting: Conduct proactive threat hunting exercises using the latest IOCs from ThreatFox to identify potential infections or suspicious activities within the network. 3. Network Segmentation and Least Privilege: Implement strict network segmentation and enforce least privilege access controls to limit malware lateral movement if an infection occurs. 4. Regular Endpoint and Network Monitoring: Increase monitoring of endpoint behaviors and network traffic anomalies that could indicate malware presence, even in the absence of known signatures. 5. User Awareness and Training: Since no user interaction details are provided, maintain robust user training on phishing and social engineering to reduce infection vectors. 6. Patch Management: Although no patches are linked, maintain up-to-date patching of all systems to reduce exposure to known vulnerabilities that malware might exploit. 7. Incident Response Preparedness: Update incident response plans to include scenarios involving emerging malware threats identified through OSINT sources like ThreatFox.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 1c52773b-1db9-4774-b2f9-693d1cd381d2
- Original Timestamp
- 1739059387
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.ouhoi.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainadobe.azurefd.net | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwww.mypeaceofpeace.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsolofeelings.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainool-4573c502.dyn.optonline.net | QakBot botnet C2 domain (confidence level: 100%) | |
domainnovermber12.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainnovermber12.freeddns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainjmvjpwl3o.localto.net | XWorm botnet C2 domain (confidence level: 50%) | |
domainjakker-udsalg.top | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainwebsitedirectory.top | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainwarmwhearts.cloud | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhub.unlimitedcashflowevent.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainad59t82g.com | Winos botnet C2 domain (confidence level: 50%) | |
domaincounty-organize.gl.at.ply.gg | SpyNote botnet C2 domain (confidence level: 50%) | |
domainsep-reseller.gl.at.ply.gg | SpyNote botnet C2 domain (confidence level: 50%) | |
domaincheck.uydaa.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.aotoa.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.yenai.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaina1077792.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1082834.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainsh1goto.org.swtest.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1082676.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1082777.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaindisgustingxtta.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmajestimowwer.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrelymowyiny.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainislandtosecod.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvastactionu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoverwrougemny.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpennyspinng.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhtml.hfcxy.cn | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainfeedback-both.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.oiwea.site | ClearFake payload delivery domain (confidence level: 100%) | |
domainstarted-quotations.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfund-jacob.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincheck.iavau.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaindance-accident.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrights-regime.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainzirushsteal-25920.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainprivate123.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainvewifow477-24147.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainprogramming-identifying.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingriskid-49933.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainsearch-varies.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjungsystem.zapto.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainpublic-anyway.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainnfasyn.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingshvenomgb.twilightparadox.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrelease-diseases.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbunnymax.bounceme.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingvdfhwrt-24202.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainkmdsanarchy.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindsdgsdfhg-32257.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainasyncyam.twilightparadox.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainbunnymax2.dynathome.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainasygo.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainenerowins29.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrtasyn.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainchyanarc.twilightparadox.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainman3x5.ooguy.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaineg3x6.giize.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainusb-transaction.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainafter-sent.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincross-real.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingreatxwill3902.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaindsadsadsadasdasd-50351.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainhospital-ireland.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindec9402xwoo.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainprovides-looksmart.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainjks2b.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainfax-compliant.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsuch-suspect.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindownload-labs.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincnet-prostores.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhsd1.in.comcast.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainserver-belarus.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnegapepe21.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainacross-guest.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsongs-excluding.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainip-nonprofit.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfat-couple.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainquestions-rendering.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincontract-released.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindetails-telescope.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainxwjamie.twilightparadox.com | XWorm botnet C2 domain (confidence level: 100%) | |
domaingreatxw3902.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainsafety-h.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincontract-virus.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindvd-crossword.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlive-heather.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintherefore-faced.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlibrary-sr.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwell-barbie.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainalso-nr.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainauthor-reflects.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlocations-often.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmoxhill3902.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaindec9402xwo.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainhead-annoying.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainclear-honors.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhtml-savage.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainkxwrmf.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaingeneral-vermont.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmoxwill3902.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainpublications-electronic.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainduring-restriction.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsellers-spam.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsurface-toolbox.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainxmaswooonfortnite-60116.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainprobably-fields.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindec9402xwor.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaindnsdeerrorlehaxor.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainco-ar.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmox3902.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domaingoogle-su.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincontent-jaguar.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainswiftcode.work | BADBOX botnet C2 domain (confidence level: 100%) | |
domainhome.1ztop.work | BADBOX botnet C2 domain (confidence level: 100%) | |
domainveezy.sitev | BADBOX botnet C2 domain (confidence level: 100%) | |
domainbluefish.work | BADBOX botnet C2 domain (confidence level: 100%) | |
domaincast.jutux.work | BADBOX botnet C2 domain (confidence level: 100%) | |
domaingiddy.cc | BADBOX botnet C2 domain (confidence level: 100%) | |
domainmtcpmpm.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domainold.1ztop.work | BADBOX botnet C2 domain (confidence level: 100%) | |
domainpixelscast.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domainpixlo.cc | BADBOX botnet C2 domain (confidence level: 100%) | |
domaintvsnapp.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domainwww.jolted.vip | BADBOX botnet C2 domain (confidence level: 100%) | |
domainztword.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domaincxzyr.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domainpccyy.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domainpcxrlback.com | BADBOX botnet C2 domain (confidence level: 100%) | |
domainsoyatea.online | BADBOX botnet C2 domain (confidence level: 100%) | |
domainyeniceri99-24578.portmap.io | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainstate-franklin.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaingoldbenquasar.boats | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincheck.yusio.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaindurimri.sbs | Vidar botnet C2 domain (confidence level: 75%) | |
domainsuitstory.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainadditionletter.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainc1.unearnedexpressoutlying.shop | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaincheck.yejuo.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaintxt95.dns05.com | GobRAT botnet C2 domain (confidence level: 100%) | |
domainsafewat.pro | Vidar botnet C2 domain (confidence level: 75%) | |
domaincheck.giky.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.husa.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.xony.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.jeka.site | ClearFake payload delivery domain (confidence level: 100%) | |
domaindnmep.com | magecart credit card skimming domain (confidence level: 100%) | |
domainmktflowi.com | magecart credit card skimming domain (confidence level: 100%) | |
domainstatspoot.com | magecart credit card skimming domain (confidence level: 100%) | |
domainanalyticcoms.com | magecart credit card skimming domain (confidence level: 100%) | |
domainwebdevelopers.tools | magecart credit card skimming domain (confidence level: 100%) | |
domainasme0534-51572.portmap.host | DCRat botnet C2 domain (confidence level: 50%) | |
domaintricodersvault.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domaintricodersvaulting.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domaintricodersvaultz.freemyip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainwelcomeabundance01.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainwelcomeabundancenow.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainfazstov-27218.portmap.host | SpyNote botnet C2 domain (confidence level: 50%) | |
domainwednju7d.ddns.net | XWorm botnet C2 domain (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file165.154.224.116 | Bashlite botnet C2 server (confidence level: 75%) | |
file82.153.79.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.233.84.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.186.117.61 | Remcos botnet C2 server (confidence level: 100%) | |
file78.84.239.187 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.23.158.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file179.13.3.202 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file36.50.134.19 | MooBot botnet C2 server (confidence level: 100%) | |
file174.136.229.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.73.125.38 | Latrodectus botnet C2 server (confidence level: 75%) | |
file109.248.151.187 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file35.158.210.132 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.66.38.117 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.69.157.220 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.69.115.178 | NjRAT botnet C2 server (confidence level: 100%) | |
file52.28.247.255 | NjRAT botnet C2 server (confidence level: 100%) | |
file35.177.80.151 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file166.88.141.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file202.63.172.114 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file188.126.90.11 | Remcos botnet C2 server (confidence level: 100%) | |
file185.9.147.244 | Sliver botnet C2 server (confidence level: 100%) | |
file81.17.28.123 | Latrodectus botnet C2 server (confidence level: 75%) | |
file185.126.34.129 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file195.211.190.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file217.69.3.25 | PoshC2 botnet C2 server (confidence level: 100%) | |
file172.191.149.124 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file37.148.207.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.204.207.75 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.250.203.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.190.117.195 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.72.80.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.227.105.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.250.55.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.92.218.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.125.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.91.17.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.219.161.236 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.113.97.29 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.201.195.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.149.133.80 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.82.103.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.245.179.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file63.176.91.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.122.74.160 | Sliver botnet C2 server (confidence level: 50%) | |
file157.230.225.92 | Sliver botnet C2 server (confidence level: 50%) | |
file146.190.113.131 | Sliver botnet C2 server (confidence level: 50%) | |
file194.32.142.49 | Sliver botnet C2 server (confidence level: 50%) | |
file13.61.151.92 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.160.248.236 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file189.40.200.58 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file46.246.6.9 | DCRat botnet C2 server (confidence level: 50%) | |
file54.229.24.123 | Unknown malware botnet C2 server (confidence level: 50%) | |
file112.242.128.25 | Mozi botnet C2 server (confidence level: 50%) | |
file3.66.38.117 | SpyNote botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | SpyNote botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | SpyNote botnet C2 server (confidence level: 50%) | |
file18.156.13.209 | XWorm botnet C2 server (confidence level: 50%) | |
file18.130.208.155 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file154.9.254.157 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.154.18.17 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file64.190.113.45 | pupy botnet C2 server (confidence level: 100%) | |
file121.40.128.171 | Sliver botnet C2 server (confidence level: 100%) | |
file8.218.244.117 | ShadowPad botnet C2 server (confidence level: 90%) | |
file81.10.39.58 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.58.56.94 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file2.58.56.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file88.165.128.145 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file18.228.40.121 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file192.3.0.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.205.137.139 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.51.65.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file60.205.235.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.103.56.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.144.136.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.43.131.0 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file49.0.246.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file54.217.43.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.174.65.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.206.78.27 | Sliver botnet C2 server (confidence level: 50%) | |
file138.197.165.53 | Sliver botnet C2 server (confidence level: 50%) | |
file72.5.43.40 | Sliver botnet C2 server (confidence level: 50%) | |
file91.202.5.79 | Unknown malware botnet C2 server (confidence level: 50%) | |
file13.125.69.10 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.95.33.218 | Unknown malware botnet C2 server (confidence level: 50%) | |
file80.76.51.164 | MooBot botnet C2 server (confidence level: 100%) | |
file91.107.253.114 | Meterpreter botnet C2 server (confidence level: 75%) | |
file208.87.200.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.58.56.250 | Remcos botnet C2 server (confidence level: 100%) | |
file185.196.10.242 | Remcos botnet C2 server (confidence level: 100%) | |
file191.96.207.70 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.179.128.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.35.17.242 | Hook botnet C2 server (confidence level: 100%) | |
file13.244.67.163 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file34.78.33.28 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.185.68.219 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file45.87.154.103 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file157.97.11.134 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file84.234.19.36 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file82.8.90.170 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file98.218.3.74 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file100.68.87.21 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.87.154.103 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file12.75.114.52 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.147.124.146 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file26.20.187.152 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file205.234.193.208 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file98.218.3.74 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.147.7.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.97.11.134 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.147.7.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.172 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file109.248.151.171 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file105.101.189.52 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file195.177.94.54 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.147.7.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.103.125.153 | XWorm botnet C2 server (confidence level: 100%) | |
file167.88.170.134 | XWorm botnet C2 server (confidence level: 100%) | |
file217.64.97.31 | XWorm botnet C2 server (confidence level: 100%) | |
file91.245.159.11 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file176.96.137.181 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file79.110.49.32 | XWorm botnet C2 server (confidence level: 100%) | |
file141.98.157.249 | XWorm botnet C2 server (confidence level: 100%) | |
file51.6.2.0 | XWorm botnet C2 server (confidence level: 100%) | |
file108.174.197.90 | XWorm botnet C2 server (confidence level: 100%) | |
file87.121.86.171 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file95.216.115.242 | XWorm botnet C2 server (confidence level: 100%) | |
file103.145.58.236 | BADBOX payload delivery server (confidence level: 100%) | |
file103.145.58.236 | BADBOX payload delivery server (confidence level: 100%) | |
file174.77.180.50 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.125.69.10 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file59.224.83.160 | DarkComet botnet C2 server (confidence level: 50%) | |
file5.178.3.137 | DarkComet botnet C2 server (confidence level: 50%) | |
file34.30.154.127 | Sliver botnet C2 server (confidence level: 50%) | |
file51.44.185.217 | BlackShades botnet C2 server (confidence level: 50%) | |
file165.154.224.97 | Unknown malware botnet C2 server (confidence level: 50%) | |
file142.161.78.123 | Unknown malware botnet C2 server (confidence level: 50%) | |
file116.251.133.7 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file5.75.215.154 | Vidar botnet C2 server (confidence level: 75%) | |
file104.214.176.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.168.118.3 | DCRat botnet C2 server (confidence level: 100%) | |
file13.245.230.73 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file5.231.70.214 | Tsunami botnet C2 server (confidence level: 75%) | |
file159.100.19.137 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file121.147.158.132 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file138.124.110.255 | Unknown malware botnet C2 server (confidence level: 75%) | |
file138.124.110.255 | Unknown malware botnet C2 server (confidence level: 75%) | |
file138.124.110.255 | Unknown malware botnet C2 server (confidence level: 75%) | |
file37.44.238.88 | Mirai botnet C2 server (confidence level: 75%) | |
file45.92.216.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.129.181.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.149.241.39 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.196.199.243 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.179.128.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.154.98.238 | Venom RAT botnet C2 server (confidence level: 100%) | |
file46.246.4.18 | DCRat botnet C2 server (confidence level: 100%) | |
file43.199.119.135 | DCRat botnet C2 server (confidence level: 100%) | |
file15.222.7.86 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file23.94.247.46 | Kaiji botnet C2 server (confidence level: 100%) | |
file47.76.174.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.123.109.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.229.9.27 | BianLian botnet C2 server (confidence level: 100%) | |
file15.236.43.82 | Sliver botnet C2 server (confidence level: 75%) | |
file154.83.16.85 | Unknown malware botnet C2 server (confidence level: 75%) | |
file159.65.194.92 | Cobalt Strike botnet C2 server (confidence level: 90%) | |
file159.224.83.160 | DarkComet botnet C2 server (confidence level: 50%) | |
file45.77.110.173 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file217.156.50.170 | DCRat botnet C2 server (confidence level: 50%) | |
file154.176.157.95 | XWorm botnet C2 server (confidence level: 50%) | |
file54.217.43.187 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9373 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 75%) | |
hash49181 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1337 | NjRAT botnet C2 server (confidence level: 100%) | |
hash12482 | NjRAT botnet C2 server (confidence level: 100%) | |
hash12482 | NjRAT botnet C2 server (confidence level: 100%) | |
hash12482 | NjRAT botnet C2 server (confidence level: 100%) | |
hash12482 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash47779 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 75%) | |
hash6004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4141 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash37 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash9000 | DCRat botnet C2 server (confidence level: 50%) | |
hash992 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash49153 | Mozi botnet C2 server (confidence level: 50%) | |
hash16230 | SpyNote botnet C2 server (confidence level: 50%) | |
hash42470 | SpyNote botnet C2 server (confidence level: 50%) | |
hash51936 | SpyNote botnet C2 server (confidence level: 50%) | |
hash17223 | XWorm botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash12356 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash38001 | Sliver botnet C2 server (confidence level: 100%) | |
hash53 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash20000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4242 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4043 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4841 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4506 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash666 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5552 | Remcos botnet C2 server (confidence level: 100%) | |
hash777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash4242 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9119 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash31740 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6606 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5050 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5552 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4800 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash63393 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash38394 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1888 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash23432 | XWorm botnet C2 server (confidence level: 100%) | |
hash37264 | XWorm botnet C2 server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 100%) | |
hash48596 | XWorm botnet C2 server (confidence level: 100%) | |
hash49967 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5060 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7756 | XWorm botnet C2 server (confidence level: 100%) | |
hash30448 | XWorm botnet C2 server (confidence level: 100%) | |
hash33333 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | BADBOX payload delivery server (confidence level: 100%) | |
hash443 | BADBOX payload delivery server (confidence level: 100%) | |
hash8540 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash3306 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash636 | BlackShades botnet C2 server (confidence level: 50%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1926 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash27572 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 75%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash6462 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1252 | Tsunami botnet C2 server (confidence level: 75%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash10798 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash999 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash2115 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Mirai botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5500 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8000 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash14125 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Kaiji botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash465 | BianLian botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 90%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash5901 | DCRat botnet C2 server (confidence level: 50%) | |
hash8000 | XWorm botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://bluemoonland.xyz/mzzkntlintu4ndhl/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://mstrelaz.beget.tech/a32cf900.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://703035cm.nyashk.ru/externaleternalvmjavascriptgeneratorlocal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://web3373.craft-host.ru/javascriptgeo.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cd60197.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://568327cm.shnyash.ru/trafficwp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://188.130.207.115/e17d80dfc540932e/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://45.156.27.196/1d61ed988ef797f7/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://147.45.47.86/12182f9d6e8b5491/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://check.ouhoi.site/gkcxv.google | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.budu.site/ | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.budu.site/gkcxv.google?i=e3475c87-98a8-4f23-a839-a902062dfa20 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.eybiu.site/ | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.budu.site/gkcxv.google?i=7b88c62d-73f0-4f69-818f-4456aca3fae5 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.euuue.site/gkcxv.google?i=01b4fc6e-3540-4717-9806-c19e7485f8ea | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.yiui.site/gkcxv.google?i=c4ad26fe-f98d-43ea-b9d6-1091cc6be014 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://check.budu.site/gkcxv.google?i=1bdb82b9-86d9-4358-a730-d1fbdc7481d5 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://pennyspinng.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://overwrougemny.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://vastactionu.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://relymowyiny.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://islandtosecod.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://majestimowwer.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://disgustingxtta.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://greenearoth.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://mixermixedo.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ignoredshee.com/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://955792cm.nyashk.ru/imagevideo_httppacketprocessprocessorservercentraldownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1080708.xsph.ru/60b2656b.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://cg26785.tw1.ru/dbd57405.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://tranqnuilserenity.pics/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot5019103854:aahucpcsuohfpsmzndwo7zf0kh52dpfsqqc/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot7510448331:aahcyty6_57dvl2jru6mtciygbce2spzjjg/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot7874496080:aagupyfnep3wfkcsc3q_wev1owfhhnk_jak/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://165.154.224.97:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://suitstory.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://lightffntasy.help/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cozycojrner.cyou/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://37.120.238.179/ | RecordBreaker botnet C2 (confidence level: 100%) | |
urlhttp://a1080904.xsph.ru/6abfc538.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://ci07006.tw1.ru/8f720c6d.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://ratts.s07002yx.beget.tech/ee8b11fa.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1081724.xsph.ru/5b1f58d7.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 682c7dc0e8347ec82d2d6782
Added to database: 5/20/2025, 1:04:00 PM
Last enriched: 6/19/2025, 3:32:42 PM
Last updated: 8/16/2025, 2:39:07 PM
Views: 9
Related Threats
ThreatFox IOCs for 2025-08-18
MediumMalwareTue Aug 19 2025
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumMalwareMon Aug 18 2025
Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.