ThreatFox IOCs for 2025-02-16
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-16
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-02-16," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the distribution or delivery of malicious payloads potentially detected or analyzed through open-source intelligence methods. However, the details are limited, with no specific affected software versions, no known exploits in the wild, and no patches available, suggesting this is either a newly identified threat or a collection of IOCs without an associated active exploit campaign at the time of publication. The threat level is rated as medium, with a threatLevel metric of 2 and distribution metric of 3, implying moderate dissemination or detection frequency. The absence of CWEs (Common Weakness Enumerations) and technical specifics limits the ability to pinpoint exact attack vectors or vulnerabilities exploited. The lack of indicators in the report further constrains detailed technical analysis. Given the nature of OSINT and network activity tags, this threat likely involves reconnaissance or initial stages of malware delivery, possibly through network-based vectors or social engineering, but no direct evidence supports exploitation or compromise. The payload delivery tag suggests that the threat involves mechanisms to deliver malicious code, which could be used in subsequent stages of an attack chain. Overall, this threat appears to be an intelligence artifact highlighting potential or emerging malware activity rather than a fully developed or actively exploited malware campaign at the time of reporting.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and lack of confirmed active exploitation. The threat’s association with OSINT and network activity suggests potential risks related to reconnaissance and initial compromise attempts, which could lead to unauthorized access, data exfiltration, or disruption if payload delivery succeeds. However, without specific affected products or vulnerabilities, the direct impact remains uncertain. European entities with extensive network exposure or those involved in critical infrastructure, finance, or government sectors should remain vigilant, as these sectors are often targeted for reconnaissance and initial payload delivery in broader attack campaigns. The absence of known exploits and patches indicates that organizations may not yet face immediate exploitation risks but should consider this threat as an early warning. If the threat evolves or is combined with other vulnerabilities, it could escalate to more severe impacts affecting confidentiality, integrity, and availability of systems and data.
Mitigation Recommendations
Given the limited technical details and absence of patches, European organizations should focus on proactive detection and prevention strategies tailored to OSINT-related and network-based threats. Specific recommendations include: 1) Enhancing network monitoring to detect unusual or suspicious network activity indicative of reconnaissance or payload delivery attempts, using advanced intrusion detection/prevention systems (IDS/IPS) with updated threat intelligence feeds. 2) Implementing strict email and web filtering policies to block potential payload delivery vectors, including sandboxing attachments and URLs. 3) Conducting regular threat hunting exercises leveraging OSINT sources to identify emerging IOCs and adapting defenses accordingly. 4) Ensuring robust endpoint protection with behavioral analysis capabilities to detect and quarantine unknown or suspicious payloads. 5) Training staff on recognizing social engineering tactics that may facilitate payload delivery. 6) Maintaining up-to-date asset inventories and network segmentation to limit lateral movement if initial compromise occurs. 7) Collaborating with national and European cybersecurity centers to share intelligence and receive timely alerts about evolving threats. These measures go beyond generic advice by emphasizing OSINT integration, proactive threat hunting, and network-level defenses specific to the threat’s characteristics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 31.171.131.83
- hash: 1995
- file: 31.59.131.238
- hash: 3778
- domain: aesthzeticday.top
- domain: ampklevision.top
- domain: blisksfulfuture.top
- domain: blissfzuljourney.top
- domain: brhightfusion.top
- domain: calhmhaven.top
- domain: cherikshedideas.top
- domain: cherishzmoments.top
- domain: creatiyvegroove.top
- domain: dreamcrazfters.top
- domain: dreamekrspace.top
- domain: elysianfizelds.top
- domain: embracekchange.top
- domain: flourishklife.top
- domain: flouriszhzozne.top
- domain: glowpathy.top
- domain: graqcefulstep.top
- domain: gratefulhkeart.top
- domain: happyhquest.top
- domain: hopeqfulhearts.top
- domain: ideasphark.top
- domain: inspiqredminds.top
- domain: jololyquest.top
- domain: joyousqvibes.top
- domain: kindredqspirits.top
- domain: lnovewave.top
- domain: luminousqpath.top
- domain: mqindfuljourney.top
- domain: naqturewisdom.top
- domain: nexntvision.top
- domain: oceanbreoeze.top
- domain: opuqlentnest.top
- domain: peacqegfulmind.top
- domain: peakaspiroe.top
- domain: quietreverie.top
- domain: quiwetwaveso.top
- domain: radiantnpulse.top
- domain: rgadiantsoul.top
- domain: riqsingstaro.top
- domain: segrenewaves.top
- domain: thwrivenest.top
- domain: tragnquilgrove.top
- domain: truenorthn.top
- domain: uniggvgersaljoy.top
- domain: uniwtysphere.top
- domain: uyniquequest.top
- domain: vigbragntflow.top
- domain: visiwonarypath.top
- domain: wkanderlustpath.top
- domain: wzonderfield.top
- domain: xpzloreideas.top
- domain: youzrjoyfulplace.top
- domain: zekalousspirit.top
- domain: zenfylare.top
- domain: zephzyrcloud.top
- domain: aheadrarry.help
- domain: contributioninspection.info
- domain: dreamerfruits.cloud
- file: 42.235.154.113
- hash: 52266
- file: 59.95.85.40
- hash: 54677
- file: 120.61.68.97
- hash: 50907
- file: 117.215.249.82
- hash: 60479
- file: 59.88.140.173
- hash: 38095
- file: 61.2.151.2
- hash: 53491
- file: 102.33.80.182
- hash: 55097
- file: 103.207.124.49
- hash: 46918
- file: 60.189.244.224
- hash: 57217
- file: 103.247.52.197
- hash: 54146
- file: 119.116.36.65
- hash: 40937
- file: 103.207.125.52
- hash: 52052
- file: 45.178.250.90
- hash: 10012
- file: 110.182.251.206
- hash: 48030
- file: 59.97.255.106
- hash: 41489
- file: 190.110.176.83
- hash: 34928
- file: 185.248.12.129
- hash: 53782
- file: 178.245.232.95
- hash: 41311
- file: 222.136.140.83
- hash: 42846
- file: 27.153.201.216
- hash: 52132
- file: 175.151.249.161
- hash: 57469
- file: 103.203.72.139
- hash: 54517
- file: 103.207.125.5
- hash: 60171
- file: 221.225.231.34
- hash: 51688
- file: 45.164.177.102
- hash: 11462
- file: 115.55.63.117
- hash: 56833
- file: 59.99.220.103
- hash: 58712
- file: 211.148.104.167
- hash: 52824
- file: 103.203.72.227
- hash: 35974
- file: 103.199.180.156
- hash: 41217
- file: 117.221.50.51
- hash: 41440
- file: 103.98.38.173
- hash: 56392
- file: 103.98.38.150
- hash: 54377
- file: 192.10.163.76
- hash: 41479
- file: 45.164.177.171
- hash: 11875
- file: 219.157.59.83
- hash: 42100
- file: 1.70.127.236
- hash: 50363
- file: 117.209.89.62
- hash: 57875
- file: 103.199.202.192
- hash: 34560
- file: 223.8.213.139
- hash: 59247
- file: 175.107.2.115
- hash: 39790
- file: 202.66.165.57
- hash: 37801
- file: 117.211.37.103
- hash: 47570
- file: 117.211.215.108
- hash: 54426
- file: 191.29.133.216
- hash: 39840
- file: 182.121.252.121
- hash: 56583
- file: 103.207.125.55
- hash: 59495
- file: 117.215.139.182
- hash: 51124
- file: 172.38.0.225
- hash: 57458
- file: 119.143.165.164
- hash: 49382
- file: 61.52.54.208
- hash: 47257
- file: 115.58.95.45
- hash: 36272
- file: 115.60.22.211
- hash: 6288
- file: 42.235.171.56
- hash: 58076
- file: 103.208.230.41
- hash: 42929
- file: 115.55.223.75
- hash: 46811
- file: 121.237.167.31
- hash: 52360
- file: 125.41.2.112
- hash: 57140
- file: 59.88.19.247
- hash: 47235
- file: 103.199.200.252
- hash: 50618
- file: 117.206.73.192
- hash: 60308
- file: 103.247.6.98
- hash: 48449
- file: 42.232.82.206
- hash: 32807
- file: 117.197.225.182
- hash: 45108
- file: 109.106.142.43
- hash: 63571
- file: 45.164.177.197
- hash: 10761
- file: 42.238.244.143
- hash: 48953
- file: 182.117.26.62
- hash: 32987
- file: 45.164.177.162
- hash: 11406
- file: 125.106.32.67
- hash: 33860
- file: 59.89.217.42
- hash: 59628
- file: 117.209.83.6
- hash: 35134
- file: 125.62.199.32
- hash: 47483
- file: 183.240.211.144
- hash: 36008
- file: 123.5.127.175
- hash: 49108
- file: 27.0.217.195
- hash: 40090
- file: 102.33.105.87
- hash: 52893
- file: 59.91.90.29
- hash: 51476
- file: 59.182.111.124
- hash: 39264
- file: 117.248.162.244
- hash: 32769
- file: 112.246.113.161
- hash: 33031
- file: 59.93.130.217
- hash: 56601
- file: 117.255.185.229
- hash: 53335
- file: 123.9.47.122
- hash: 50013
- file: 115.55.224.32
- hash: 52276
- file: 117.254.96.59
- hash: 42843
- file: 175.147.153.77
- hash: 56158
- file: 117.209.3.106
- hash: 60251
- file: 182.124.34.64
- hash: 59215
- file: 117.248.161.189
- hash: 60409
- file: 59.99.210.136
- hash: 37742
- file: 211.223.79.89
- hash: 54774
- domain: check.gaxfd.icu
- url: https://check.gaxfd.icu/gkcxv.google
- url: https://u1.sulkuntie.shop/guajira.mp3
- url: https://sunsetvale.xyz/mdqyztc1mju5mjzi/
- url: https://frozenpeak.xyz/ndi3yjdmytrlzjy3/
- file: 194.5.249.178
- hash: 443
- file: 115.120.250.85
- hash: 443
- file: 196.251.73.85
- hash: 50337
- file: 152.32.253.15
- hash: 8888
- file: 45.87.173.96
- hash: 2404
- file: 212.162.155.84
- hash: 8808
- file: 107.175.48.5
- hash: 8808
- file: 185.49.126.245
- hash: 8808
- file: 23.94.126.207
- hash: 8808
- file: 23.94.126.207
- hash: 7707
- file: 185.49.126.52
- hash: 7707
- file: 191.96.207.75
- hash: 8808
- file: 45.88.186.26
- hash: 8808
- file: 45.88.186.26
- hash: 6606
- file: 73.135.172.24
- hash: 7443
- file: 191.19.117.87
- hash: 5000
- file: 186.249.218.242
- hash: 443
- file: 5.178.3.137
- hash: 4449
- file: 88.17.119.80
- hash: 443
- file: 13.245.117.46
- hash: 19999
- file: 15.228.201.119
- hash: 5984
- file: 15.228.201.119
- hash: 54284
- file: 45.147.176.188
- hash: 443
- file: 20.199.76.181
- hash: 80
- file: 196.119.150.206
- hash: 10000
- file: 172.179.236.95
- hash: 55443
- url: http://800811cm.nyashk.ru/eternalimageauthdblinuxwindowsuniversal.php
- url: http://123.58.220.204:8888/supershell/login/
- file: 138.199.162.81
- hash: 1863
- file: 194.59.31.111
- hash: 46167
- file: 104.250.169.100
- hash: 3191
- file: 101.37.150.185
- hash: 8443
- file: 5.83.218.75
- hash: 443
- file: 185.49.126.235
- hash: 2004
- file: 185.49.126.235
- hash: 8808
- file: 20.249.208.141
- hash: 443
- file: 20.92.165.192
- hash: 443
- file: 15.197.85.250
- hash: 10081
- file: 185.74.222.38
- hash: 8080
- file: 54.183.176.59
- hash: 30534
- file: 209.97.146.219
- hash: 5060
- file: 45.63.24.192
- hash: 7443
- file: 45.94.31.85
- hash: 80
- file: 37.60.238.252
- hash: 50000
- file: 74.249.102.229
- hash: 443
- file: 121.4.218.215
- hash: 60000
- file: 3.90.0.40
- hash: 3333
- file: 174.138.57.195
- hash: 3333
- file: 52.57.36.62
- hash: 80
- file: 52.57.36.62
- hash: 443
- file: 137.184.106.200
- hash: 3333
- file: 47.239.2.3
- hash: 82
- file: 13.200.23.247
- hash: 443
- file: 52.28.140.148
- hash: 443
- file: 91.198.220.226
- hash: 3333
- file: 52.63.165.154
- hash: 443
- file: 13.39.13.30
- hash: 2807
- file: 3.142.83.61
- hash: 8082
- file: 47.101.188.111
- hash: 3333
- file: 82.165.110.142
- hash: 3333
- file: 206.189.56.251
- hash: 3333
- file: 84.238.59.38
- hash: 3333
- file: 116.204.34.3
- hash: 31337
- file: 37.27.87.24
- hash: 31337
- file: 96.9.124.213
- hash: 31337
- file: 47.129.248.32
- hash: 44158
- file: 57.158.24.35
- hash: 443
- domain: msiserver.net
- domain: bz-frnd1.ydns.eu
- domain: systcisd.ddnsking.com
- url: https://pastebin.com/raw/gu7qawaq
- domain: images-hunting.gl.at.ply.gg
- domain: not-warm.gl.at.ply.gg
- file: 147.185.221.25
- hash: 63018
- file: 37.235.55.18
- hash: 4567
- file: 31.171.131.21
- hash: 80
- file: 15.235.166.83
- hash: 8443
- file: 15.236.210.224
- hash: 9201
- file: 161.35.40.73
- hash: 8888
- file: 185.195.106.81
- hash: 8888
- file: 193.26.115.89
- hash: 40056
- file: 216.235.95.100
- hash: 10000
- file: 216.235.95.100
- hash: 10260
- file: 216.235.95.100
- hash: 10314
- file: 216.235.95.100
- hash: 10480
- file: 216.235.95.100
- hash: 11103
- file: 216.235.95.100
- hash: 11128
- file: 216.235.95.100
- hash: 13072
- file: 216.235.95.100
- hash: 14470
- file: 216.235.95.100
- hash: 14974
- file: 216.235.95.100
- hash: 15302
- file: 216.235.95.100
- hash: 15443
- file: 216.235.95.100
- hash: 16192
- file: 216.235.95.100
- hash: 16991
- file: 216.235.95.100
- hash: 18246
- file: 216.235.95.100
- hash: 18665
- file: 216.235.95.100
- hash: 19432
- file: 216.235.95.100
- hash: 19925
- file: 216.235.95.100
- hash: 20546
- file: 216.235.95.100
- hash: 22368
- file: 216.235.95.100
- hash: 23890
- file: 216.235.95.100
- hash: 24893
- file: 216.235.95.100
- hash: 26034
- file: 216.235.95.100
- hash: 26791
- file: 216.235.95.100
- hash: 27807
- file: 216.235.95.100
- hash: 28866
- file: 216.235.95.100
- hash: 29024
- file: 216.235.95.100
- hash: 29783
- file: 216.235.95.100
- hash: 29911
- file: 216.235.95.100
- hash: 30699
- file: 216.235.95.100
- hash: 31095
- file: 216.235.95.100
- hash: 3128
- file: 216.235.95.100
- hash: 31307
- file: 216.235.95.100
- hash: 31830
- file: 216.235.95.100
- hash: 6825
- file: 89.117.72.46
- hash: 8888
- file: 95.164.55.3
- hash: 443
- domain: check.piqcz.icu
- url: https://check.piqcz.icu/gkcxv.google
- url: https://intentionalklife.top/api
- url: https://hopefulpatkh.top/api
- file: 80.78.24.94
- hash: 8085
- file: 95.163.64.151
- hash: 443
- file: 64.188.99.4
- hash: 443
- file: 198.98.48.4
- hash: 8888
- file: 50.114.115.207
- hash: 6606
- file: 185.49.126.166
- hash: 2004
- file: 149.102.147.106
- hash: 1000
- file: 162.244.210.40
- hash: 8808
- file: 102.117.173.23
- hash: 7443
- file: 150.158.45.167
- hash: 14782
- file: 35.180.228.21
- hash: 591
- file: 156.238.230.224
- hash: 3333
- domain: you-insk-bad.pages.dev
- url: https://you-insk-bad.pages.dev/
- domain: fresh-orange-juice.pages.dev
- url: https://fresh-orange-juice.pages.dev/
- url: https://ads.green-pickle-jo.shop/1.m4a
- domain: ads.green-pickle-jo.shop
- domain: fivexc5vs.top
- domain: fivejj5sr.top
- domain: f1086012.xsph.ru
- domain: jocer66c.beget.tech
- domain: f1085679.xsph.ru
- domain: jocer66c.be
- domain: f1085892.xsph.ru
- domain: cz34019.tw1.ru
- domain: ickyseeky.shop
- domain: abnormasik.click
- file: 185.102.75.120
- hash: 80
- domain: onevd1sb.top
- domain: onevd1vs.top
- domain: threvd3vt.top
- domain: twovd2vt.top
- domain: threvd3sb.top
- domain: twovd2sb.top
- domain: onevd1pt.top
- domain: onevd1ht.top
- domain: threvd3ht.top
- domain: onevd1sr.top
- domain: twov2pn.top
- domain: 2qjhb2csdk7kr.cfc-execute.bj.baidubce.com
- domain: a3dkg2aaaa.westus2.cloudapp.azure.com
- domain: bigtest.procheckup.com
- domain: douyin.wwvvdouyin.cc
- domain: great-wherever.gl.at.ply.gg
- domain: x0jlj7s1ibdosewoq029prs9.duckdns.org
- domain: supersender.top
- domain: favor.ydns.eu
- domain: seratospm.giize.com
- domain: sfsdtgeds-34641.portmap.host
- domain: dgfsdfsdfsdf-60631.portmap.host
- domain: rhgdsg-46696.portmap.host
- domain: vendasdecasas.online
- domain: francoislouis712.duckdns.org
- domain: franclouis882.duckdns.org
- file: 149.88.73.200
- hash: 8856
- file: 176.65.141.235
- hash: 4449
- file: 176.67.81.11
- hash: 443
- file: 193.161.193.99
- hash: 56266
- file: 147.185.221.26
- hash: 1125
- file: 27.124.4.150
- hash: 51311
- url: https://api.telegram.org/bot7926380598:aafjrd_ca7fbaplbmehsa_vrzjuzjwdmlws/sendmessage
- url: https://api.telegram.org/bot6118451923:aae5b-pwqciyrwostvi2hwoqu2xjltg2ida/sendmessage
- domain: mar-contest.gl.at.ply.gg
- domain: table-goals.gl.at.ply.gg
- domain: sony-duties.gl.at.ply.gg
- domain: benefits-lift.gl.at.ply.gg
- domain: ip-definitely.gl.at.ply.gg
- domain: last-would.gl.at.ply.gg
- domain: gedsdg-63727.portmap.host
- domain: so-pad.gl.at.ply.gg
- domain: without-affecting.gl.at.ply.gg
- domain: western-bright.gl.at.ply.gg
- domain: heart-colleges.gl.at.ply.gg
- domain: aerd-47210.portmap.host
- domain: have-process.gl.at.ply.gg
- domain: present-seeds.gl.at.ply.gg
- domain: airport-reporter.gl.at.ply.gg
- domain: item-gnu.gl.at.ply.gg
- domain: germany-animal.gl.at.ply.gg
- domain: asked-jd.gl.at.ply.gg
- domain: news-cultures.gl.at.ply.gg
- domain: letter-diamonds.gl.at.ply.gg
- domain: drive-barcelona.gl.at.ply.gg
- domain: el-norm.gl.at.ply.gg
- domain: lead-passage.gl.at.ply.gg
- domain: 1305-36961.portmap.host
- domain: conference-std.gl.at.ply.gg
- domain: model-virtually.gl.at.ply.gg
- domain: agentwoo-37720.portmap.host
- domain: agentwoo-62626.portmap.host
- domain: net-enable.gl.at.ply.gg
- domain: support-mere.gl.at.ply.gg
- domain: evilcoder-62402.portmap.host
- domain: skidderhay-32934.portmap.host
- domain: administration-till.gl.at.ply.gg
- domain: battery-mercedes.gl.at.ply.gg
- domain: blog-competitive.gl.at.ply.gg
- domain: distribution-nicaragua.gl.at.ply.gg
- domain: features-exclude.gl.at.ply.gg
- domain: data-save.gl.at.ply.gg
- domain: trust-sri.gl.at.ply.gg
- domain: changes-collection.gl.at.ply.gg
- domain: papers-legendary.gl.at.ply.gg
- domain: quote-symposium.gl.at.ply.gg
- domain: pinkippp.com
- domain: mrn0name-40574.portmap.host
- domain: greater-districts.gl.at.ply.gg
- domain: dsgsdg-45723.portmap.host
- domain: industry-ratings.gl.at.ply.gg
- domain: worldwide-serial.gl.at.ply.gg
- domain: opmans-48990.portmap.host
- domain: plugins-41446.portmap.host
- domain: flash-affordable.gl.at.ply.gg
- domain: journal-maui.gl.at.ply.gg
- domain: mb-them.gl.at.ply.gg
- domain: richard-stuck.gl.at.ply.gg
- domain: beautiful-microphone.gl.at.ply.gg
- domain: wuya-nsw.xyz
- domain: match-os.gl.at.ply.gg
- domain: color-electric.gl.at.ply.gg
- domain: council-boc.gl.at.ply.gg
- domain: child-antibody.gl.at.ply.gg
- domain: discussion-levy.gl.at.ply.gg
- domain: against-generator.gl.at.ply.gg
- domain: name-perception.gl.at.ply.gg
- domain: package-mother.gl.at.ply.gg
- domain: gifts-highs.gl.at.ply.gg
- domain: set-reduces.gl.at.ply.gg
- domain: md-fort.gl.at.ply.gg
- domain: clxp-34730.portmap.host
- domain: sddgdsfgeds-43448.portmap.host
- domain: sports-lows.gl.at.ply.gg
- domain: choose-surgeons.gl.at.ply.gg
- domain: nowayjose-61162.portmap.host
- file: 147.185.221.19
- hash: 18254
- file: 138.124.58.209
- hash: 5555
- file: 76.141.203.171
- hash: 1194
- file: 193.161.193.9
- hash: 1194
- file: 54.224.176.231
- hash: 2632
- file: 88.127.230.152
- hash: 49155
- file: 193.161.193.99
- hash: 24703
- file: 45.88.91.186
- hash: 1234
- file: 46.146.38.35
- hash: 7000
- file: 20.193.152.212
- hash: 3392
- file: 195.177.94.19
- hash: 7000
- file: 89.31.122.116
- hash: 1123
- file: 207.32.218.133
- hash: 7234
- file: 185.241.208.60
- hash: 7000
- file: 46.8.194.220
- hash: 7771
- file: 147.185.221.25
- hash: 61522
- file: 176.65.134.31
- hash: 7000
- file: 147.185.221.23
- hash: 31659
- file: 193.161.193.88
- hash: 7000
- file: 37.114.39.23
- hash: 5555
- file: 64.7.198.74
- hash: 7000
- file: 93.80.32.255
- hash: 7000
- file: 172.245.20.209
- hash: 7000
- file: 147.185.221.25
- hash: 59366
- file: 147.185.221.25
- hash: 64820
- file: 195.177.94.204
- hash: 7000
- domain: benhenry2234.zapto.org
- domain: xbbxzqaw.ddns.net
- domain: ugobelube.duckdns.org
- domain: kavemarb99juyet5.duckdns.org
- domain: kavemarb99juyet1.duckdns.org
- domain: kavemarb99juyet3.duckdns.org
- domain: supersoftin.duckdns.org
- domain: kavemarb99juyet4.duckdns.org
- domain: netwin66wow.duckdns.org
- domain: kavemarb99juyet6.duckdns.org
- domain: kavemarb99juyet2.duckdns.org
- domain: naps.is-into-games.com
- file: 188.127.225.33
- hash: 5637
- file: 198.135.50.224
- hash: 53648
- file: 5.45.67.76
- hash: 1212
- file: 23.94.82.22
- hash: 5890
- domain: updateservice.linkpc.net
- domain: njratcrackbiden.zapto.org
- domain: nj1994.duckdns.org
- domain: updatservice3457.ddns.net
- domain: sampop.linkpc.net
- domain: mk.babyisis.com.br
- domain: alahacker.no-ip.org
- domain: chromasvaldo.ddns.net
- file: 95.27.4.238
- hash: 28015
- url: http://home.twntjj20sr.top/kqeaovfurhdhtcpfrfme15
- url: http://home.elvnjj1sr.top/pekvtmslvrbvfmwtjqva17
- url: http://home.fivepp5sb.top/joleplgszibrhlkjbqyx17
- url: http://home.thrtjj13sr.top/eqljmjryixwlxpguliyp16
- url: http://home.fortth14ht.top/ntrmovgoaovbjpksulkp13
- url: http://home.elvnpp11sb.top/pbeokzppuoamimahvrmg11
- url: http://home.elvnuuu11pn.top/ulvjakqlxazlgwxqjbuu04
- url: http://home.elvnhh11pn.top/ziudfupkeorigmpcoxua1738611128
- file: 158.101.117.24
- hash: 4782
- domain: baranreis123.ddns.net
- domain: fbkeys.myftp.org
- domain: hackbertthebrain.no-ip.biz
- domain: heker47.sytes.net
- domain: bra1.no-ip.info
- domain: nour1003.zapto.org
- domain: lalelulalei.no-ip.org
- domain: itsthetruth.no-ip.biz
- domain: robdark.dyndns.org
- domain: slaverat.no-ip.biz
- domain: greeting.zapto.org
- domain: goodconnection.no-ip.biz
- domain: azooze96.no-ip.biz
- domain: aidengz.no-ip.biz
- domain: total-free.no-ip.info
- domain: crush31.no-ip.info
- domain: talha.no-ip.info
- domain: layla.no-ip.biz
- domain: fickenman.no-ip.biz
- domain: genelev.sytes.net
- domain: waitforme.no-ip.org
- domain: blacktiger05.no-ip.biz
- domain: 504487l.zapto.org
- domain: xtreempje.no-ip.biz
- domain: samir.servehalflife.com
- domain: knightrider1.no-ip.org
- domain: cairneyss.no-ip.biz
- domain: shanison.no-ip.org
- domain: cyber123.zapto.org
- domain: h3nry.no-ip.biz
- domain: fhlogs1.no-ip.biz
- domain: hackring-king.no-ip.info
- domain: paxromana.no-ip.org
- domain: bara1994.zapto.org
- domain: indigo4real34.no-ip.biz
- domain: yabouheli.no-ip.biz
- domain: oramkoburamako2.no-ip.biz
- domain: ivanamaa.no-ip.biz
- domain: darkhaked1234.zapto.org
- domain: remotehokben.no-ip.org
- domain: malthegreat.zapto.org
- domain: m0eslem.no-ip.biz
- domain: icqservice.serveirc.com
- domain: cyberga4teh5cking.no-ip.org
- domain: cooperr.no-ip.biz
- domain: loto.zapto.org
- domain: naconjo.no-ip.biz
- domain: blackwalllie.no-ip.info
- domain: vivahopy1.sytes.net
- domain: stiuvert.no-ip.biz
- domain: hmssal7ob.no-ip.biz
- domain: wardy94.no-ip.biz
- domain: popodepepe.zapto.org
- domain: hackguner.zapto.org
- domain: seki111.no-ip.info
- domain: javaupdater.servehttp.com
- domain: ewfewf.zapto.org
- domain: updater200.no-ip.biz
- domain: hackernabli.no-ip.org
- domain: newhome.homelinux.com
- domain: sagegc.zapto.org
- domain: shitheads.no-ip.com
- domain: ugandascape.no-ip.biz
- domain: dainius1122.no-ip.biz
- domain: anmelden1231.zapto.org
- domain: deniszhack.no-ip.org
- domain: aravind11301.no-ip.info
- domain: cfyserver.sytes.net
- domain: karizma05.no-ip.biz
- domain: jillnet.hopto.org
- domain: xspas.no-ip.biz
- domain: myserverfree.no-ip.org
- domain: zagkorat.no-ip.biz
- domain: securex812.no-ip.info
- domain: glorty1.no-ip.biz
- domain: xxben240xx.no-ip.biz
- domain: thanhhoai.no-ip.org
- domain: smel45454.no-ip.biz
- domain: ifp2011.no-ip.info
- domain: retchard.no-ip.org
- domain: ownedyou1125.no-ip.org
- domain: h2x2.myftp.biz
- domain: metus1337.zapto.org
- domain: flapdrolyordi.zapto.org
- domain: volemal.zapto.org
- domain: random1p.no-ip.biz
- domain: system30.servegame.com
- domain: testgivi.no-ip.biz
- domain: showonnnnn.no-ip.info
- domain: s3ds3ood2010.no-ip.biz
- domain: funtoushe-77.zapto.org
- domain: adminftp.ftpaccess.cc
- domain: maier-maxi.zapto.org
- file: 195.189.238.68
- hash: 81
- file: 178.49.37.59
- hash: 6112
- file: 117.204.52.77
- hash: 84
- file: 5.71.212.194
- hash: 81
- file: 185.224.0.239
- hash: 666
- file: 82.153.138.142
- hash: 12345
- domain: tylerb0ss.no-ip.org
- domain: zooma151.no-ip.org
- domain: raul1115.no-ip.org
- domain: sourcegen.no-ip.biz
- domain: ghoststarcraft.no-ip.info
- domain: 75as4d53a1sd.zapto.org
- domain: cerebrius.zapto.org
- domain: blackzx.no-ip.biz
- domain: matt.no-ip.biz
- domain: moehome.dyndns.org
- domain: mylovely.zapto.org
- domain: daniele2.no-ip.info
- domain: asm296.no-ip.biz
- domain: garcon.no-ip.biz
- domain: adsa123.no-ip.info
- domain: cl0m3nt.no-ip.biz
- domain: taping.duckdns.org
- domain: romhacker.no-ip.biz
- domain: darkserver.no-ip.info
- domain: rabun95.no-ip.biz
- domain: kromoz23.no-ip.biz
- domain: cruee.no-ip.biz
- domain: sbregar.zapto.org
- domain: trinydarkcomet.no-ip.biz
- domain: jacker.no-ip.info
- domain: retards.zapto.org
- domain: sahli.no-ip.org
- domain: meexonline.no-ip.org
- domain: norgledys.no-ip.org
- domain: socold.no-ip.org
- domain: ace369258147.no-ip.biz
- domain: iamusinganoip.no-ip.org
- domain: pointblankv1.duckdns.org
- domain: xmgx.no-ip.biz
- domain: blackzx.no-ip.org
- domain: r3xr3g1s.no-ip.info
- domain: welljack.no-ip.biz
- domain: arsene.no-ip.org
- domain: ygo.no-ip.info
- domain: w0xx-24.no-ip.biz
- domain: sonykuccio.no-ip.biz
- domain: leethackers.no-ip.biz
- domain: cybertechnologyinc.no-ip.biz
- domain: glhacker.zapto.org
- domain: tommyhf.no-ip.biz
- domain: omerexpert.no-ip.biz
- domain: inworld.vip.sh
- domain: sprk.no-ip.biz
- domain: destructoid.no-ip.biz
- domain: ka8evdei.no-ip.info
- domain: zackzm.zapto.org
- domain: winrarsfx.zapto.org
- domain: edog778.no-ip.biz
- domain: uoku.sytes.net
- domain: r-wlany.no-ip.org
- domain: turkuhacker70.no-ip.org
- domain: 357hftphhm.no-ip.org
- domain: serverbudau.no-ip.org
- domain: fingers.no-ip.biz
- domain: williamm.no-ip.org
- domain: forum.3utilities.com
- domain: googler.3utilities.com
- domain: oox.no-ip.org
- domain: hoszelaar.no-ip.org
- domain: leethost.no-ip.org
- domain: cgdutchn00bz.no-ip.biz
- domain: etclan.no-ip.org
- domain: hackman.no-ip.org
- domain: r3c0n.no-ip.org
- domain: omaromar.zapto.org
- domain: gniewkowiec0359.zapto.org
- domain: mrlokoniqq.no-ip.org
- domain: misteryou79.no-ip.org
- domain: face005.zapto.org
- domain: lololol.hopto.org
- domain: arpej.duckdns.org
- domain: welljacker.no-ip.org
- domain: foxiland.no-ip.info
- domain: bsserver1337.no-ip.biz
- domain: winrarsfx.linkpc.net
- file: 184.77.150.121
- hash: 1604
- file: 213.190.57.17
- hash: 4411
- file: 92.73.139.121
- hash: 3460
- file: 130.193.142.41
- hash: 1604
- file: 193.242.166.48
- hash: 1605
- file: 109.236.61.60
- hash: 1604
- file: 81.220.71.93
- hash: 1604
- file: 68.144.181.57
- hash: 999
- file: 69.243.133.201
- hash: 100
- file: 20.0.106.6
- hash: 80
- domain: onev1sb.top
- file: 47.239.165.225
- hash: 8443
- domain: forz4pt.top
- domain: onev1pt.top
- domain: forbz4sr.top
- domain: onev1sr.top
- domain: twov2sr.top
- domain: onexv1pn.top
- domain: forbz4pn.top
- domain: onexv1vs.top
- domain: twoxv2pt.top
- domain: sixxv6pt.top
- domain: onexv1pt.top
- domain: twoxv2sr.top
- domain: threxv3sr.top
- domain: fivexv5sr.top
- domain: onexv1sr.top
- domain: sixxv6sr.top
- domain: onexc1pn.top
- domain: threq3pn.top
- domain: sixxc6pn.top
- domain: twoxc2pn.top
- domain: fivexx5pn.top
- domain: sixxc6pt.top
- domain: twoxc2pt.top
- domain: sixxc6vt.top
- domain: twoxc2vt.top
- domain: fivexx5vt.top
- domain: onexc1vt.top
- domain: threxx3vt.top
- domain: neizx9vs.top
- domain: onezc1vs.top
- domain: sixzx6vs.top
- domain: twozx2vs.top
- domain: thrtuu13pn.top
- domain: thrtjj13sr.top
- domain: fiveuu5pn.top
- domain: frtnjj14sr.top
- domain: tenpp10sb.top
- url: https://ickyseeky.shop/api
- url: https://abnormasik.click/api
- file: 47.129.34.49
- hash: 80
- file: 119.8.38.62
- hash: 7777
- domain: check.kaqpw.icu
- url: https://peactefulpath.top/api
- domain: peactefulpath.top
- url: https://check.kaqpw.icu/gkcxv.google
- url: https://jookerkslxsafkr.xyz/api
- domain: ads.green-pickle-jo.shop
- domain: sqairs.com
- url: https://sqairs.com/macshare.php
- file: 91.212.166.54
- hash: 443
- domain: festalferalweek.online
- domain: check.zuzcq.icu
- file: 216.122.166.17
- hash: 8237
- file: 92.255.85.36
- hash: 15847
- file: 92.255.85.36
- hash: 9000
- url: https://check.zuzcq.icu/gkcxv.google
- domain: check.revrb.icu
- url: https://check.revrb.icu/gkcxv.google
- domain: check.gyhxr.icu
- url: https://check.gyhxr.icu/gkcxv.google
- domain: check.tusmh.icu
- url: https://check.tusmh.icu/gkcxv.google
- url: http://a0768683.xsph.ru/_defaultwindows.php
- file: 64.95.11.106
- hash: 31337
- file: 174.138.78.76
- hash: 31337
- file: 45.9.148.62
- hash: 31337
- file: 66.228.32.147
- hash: 31337
- file: 18.134.95.174
- hash: 3306
- file: 194.87.68.243
- hash: 10134
- url: https://radiatntideas.top/api
- url: http://37.60.238.252:50000/
- url: https://www.iq-insitute.org/
- domain: digitalservice.ddnsguru.com
- domain: check.mojtf.icu
- url: https://check.mojtf.icu/gkcxv.google
- domain: check.reqpn.icu
- url: https://check.reqpn.icu/gkcxv.google
- file: 45.11.92.73
- hash: 56999
- domain: b.gewrye.shop
- file: 172.111.244.104
- hash: 8347
- file: 154.30.3.134
- hash: 31415
- file: 109.248.162.19
- hash: 443
- file: 3.70.11.235
- hash: 7723
- domain: check.powqg.icu
- url: https://check.powqg.icu/gkcxv.google
- url: https://u1.giddinessrebirth.shop/guajira.mp3
- domain: u1.giddinessrebirth.shop
- file: 144.172.73.45
- hash: 9931
- url: http://136601cm.shnyash.ru/pythonlinuxuploads.php
- file: 88.244.209.174
- hash: 3333
- domain: check.hivrv.icu
- url: https://check.hivrv.icu/gkcxv.google
- domain: check.qyfmx.icu
- url: https://check.qyfmx.icu/gkcxv.google
- url: https://healthyhabixts.tech/api
- url: https://swiftvantage.online/art.php
- domain: check.fimdp.icu
- url: https://check.fimdp.icu/gkcxv.google
- file: 45.93.20.15
- hash: 15666
- file: 92.118.112.199
- hash: 443
- file: 92.118.112.200
- hash: 443
- domain: check.zibzr.icu
- url: https://check.zibzr.icu/gkcxv.google
- url: http://59.95.95.87:33776/mozi.m
- file: 20.40.99.133
- hash: 8080
- file: 185.49.126.166
- hash: 7707
- file: 103.68.251.174
- hash: 4433
- file: 82.153.79.9
- hash: 443
- file: 13.40.37.82
- hash: 21
- file: 13.251.129.9
- hash: 2079
- file: 45.94.31.85
- hash: 8080
- domain: check.goccb.icu
- url: https://check.goccb.icu/gkcxv.google
- domain: check.qoqsn.icu
- url: https://check.qoqsn.icu/gkcxv.google
- url: http://20.74.209.192:4443/unhr
- file: 13.224.101.73
- hash: 443
- file: 159.138.20.150
- hash: 60000
- file: 172.111.160.2
- hash: 443
- file: 216.235.95.100
- hash: 10252
- file: 216.235.95.100
- hash: 11755
- file: 216.235.95.100
- hash: 17603
- file: 216.235.95.100
- hash: 18244
- file: 216.235.95.100
- hash: 23820
- file: 216.235.95.100
- hash: 24220
- file: 216.235.95.100
- hash: 25486
- file: 216.235.95.100
- hash: 26193
- file: 216.235.95.100
- hash: 27506
- file: 216.235.95.100
- hash: 28015
- file: 216.235.95.100
- hash: 28911
- file: 216.235.95.100
- hash: 29016
- file: 216.235.95.100
- hash: 29924
- file: 216.235.95.100
- hash: 30358
- file: 216.235.95.100
- hash: 3116
- file: 64.188.99.4
- hash: 8888
- domain: dasdv1.service1921.club
- domain: numbers-insights.gl.at.ply.gg
- domain: h4x000r.duckdns.org
- domain: global-bibliographic.gl.at.ply.gg
- domain: network.dhcpclient.com
- file: 20.40.99.133
- hash: 80
- file: 147.185.221.25
- hash: 65218
ThreatFox IOCs for 2025-02-16
Medium
Published: Sun Feb 16 2025 (02/16/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-16
AI-Powered Analysis
AILast updated: 06/18/2025, 08:20:27 UTC
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-02-16," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the distribution or delivery of malicious payloads potentially detected or analyzed through open-source intelligence methods. However, the details are limited, with no specific affected software versions, no known exploits in the wild, and no patches available, suggesting this is either a newly identified threat or a collection of IOCs without an associated active exploit campaign at the time of publication. The threat level is rated as medium, with a threatLevel metric of 2 and distribution metric of 3, implying moderate dissemination or detection frequency. The absence of CWEs (Common Weakness Enumerations) and technical specifics limits the ability to pinpoint exact attack vectors or vulnerabilities exploited. The lack of indicators in the report further constrains detailed technical analysis. Given the nature of OSINT and network activity tags, this threat likely involves reconnaissance or initial stages of malware delivery, possibly through network-based vectors or social engineering, but no direct evidence supports exploitation or compromise. The payload delivery tag suggests that the threat involves mechanisms to deliver malicious code, which could be used in subsequent stages of an attack chain. Overall, this threat appears to be an intelligence artifact highlighting potential or emerging malware activity rather than a fully developed or actively exploited malware campaign at the time of reporting.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and lack of confirmed active exploitation. The threat’s association with OSINT and network activity suggests potential risks related to reconnaissance and initial compromise attempts, which could lead to unauthorized access, data exfiltration, or disruption if payload delivery succeeds. However, without specific affected products or vulnerabilities, the direct impact remains uncertain. European entities with extensive network exposure or those involved in critical infrastructure, finance, or government sectors should remain vigilant, as these sectors are often targeted for reconnaissance and initial payload delivery in broader attack campaigns. The absence of known exploits and patches indicates that organizations may not yet face immediate exploitation risks but should consider this threat as an early warning. If the threat evolves or is combined with other vulnerabilities, it could escalate to more severe impacts affecting confidentiality, integrity, and availability of systems and data.
Mitigation Recommendations
Given the limited technical details and absence of patches, European organizations should focus on proactive detection and prevention strategies tailored to OSINT-related and network-based threats. Specific recommendations include: 1) Enhancing network monitoring to detect unusual or suspicious network activity indicative of reconnaissance or payload delivery attempts, using advanced intrusion detection/prevention systems (IDS/IPS) with updated threat intelligence feeds. 2) Implementing strict email and web filtering policies to block potential payload delivery vectors, including sandboxing attachments and URLs. 3) Conducting regular threat hunting exercises leveraging OSINT sources to identify emerging IOCs and adapting defenses accordingly. 4) Ensuring robust endpoint protection with behavioral analysis capabilities to detect and quarantine unknown or suspicious payloads. 5) Training staff on recognizing social engineering tactics that may facilitate payload delivery. 6) Maintaining up-to-date asset inventories and network segmentation to limit lateral movement if initial compromise occurs. 7) Collaborating with national and European cybersecurity centers to share intelligence and receive timely alerts about evolving threats. These measures go beyond generic advice by emphasizing OSINT integration, proactive threat hunting, and network-level defenses specific to the threat’s characteristics.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- faf54813-a791-4ff9-b3ea-edad47872f09
- Original Timestamp
- 1739750586
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file31.171.131.83 | Mirai botnet C2 server (confidence level: 75%) | |
file31.59.131.238 | Mirai botnet C2 server (confidence level: 75%) | |
file42.235.154.113 | Mirai payload delivery server (confidence level: 100%) | |
file59.95.85.40 | Mirai payload delivery server (confidence level: 100%) | |
file120.61.68.97 | Mirai payload delivery server (confidence level: 100%) | |
file117.215.249.82 | Mirai payload delivery server (confidence level: 100%) | |
file59.88.140.173 | Mirai payload delivery server (confidence level: 100%) | |
file61.2.151.2 | Mirai payload delivery server (confidence level: 100%) | |
file102.33.80.182 | Mirai payload delivery server (confidence level: 100%) | |
file103.207.124.49 | Mirai payload delivery server (confidence level: 100%) | |
file60.189.244.224 | Mirai payload delivery server (confidence level: 100%) | |
file103.247.52.197 | Mirai payload delivery server (confidence level: 100%) | |
file119.116.36.65 | Mirai payload delivery server (confidence level: 100%) | |
file103.207.125.52 | Mirai payload delivery server (confidence level: 100%) | |
file45.178.250.90 | Mirai payload delivery server (confidence level: 100%) | |
file110.182.251.206 | Mirai payload delivery server (confidence level: 100%) | |
file59.97.255.106 | Mirai payload delivery server (confidence level: 100%) | |
file190.110.176.83 | Mirai payload delivery server (confidence level: 100%) | |
file185.248.12.129 | Mirai payload delivery server (confidence level: 100%) | |
file178.245.232.95 | Mirai payload delivery server (confidence level: 100%) | |
file222.136.140.83 | Mirai payload delivery server (confidence level: 100%) | |
file27.153.201.216 | Mirai payload delivery server (confidence level: 100%) | |
file175.151.249.161 | Mirai payload delivery server (confidence level: 100%) | |
file103.203.72.139 | Mirai payload delivery server (confidence level: 100%) | |
file103.207.125.5 | Mirai payload delivery server (confidence level: 100%) | |
file221.225.231.34 | Mirai payload delivery server (confidence level: 100%) | |
file45.164.177.102 | Mirai payload delivery server (confidence level: 100%) | |
file115.55.63.117 | Mirai payload delivery server (confidence level: 100%) | |
file59.99.220.103 | Mirai payload delivery server (confidence level: 100%) | |
file211.148.104.167 | Mirai payload delivery server (confidence level: 100%) | |
file103.203.72.227 | Mirai payload delivery server (confidence level: 100%) | |
file103.199.180.156 | Mirai payload delivery server (confidence level: 100%) | |
file117.221.50.51 | Mirai payload delivery server (confidence level: 100%) | |
file103.98.38.173 | Mirai payload delivery server (confidence level: 100%) | |
file103.98.38.150 | Mirai payload delivery server (confidence level: 100%) | |
file192.10.163.76 | Mirai payload delivery server (confidence level: 100%) | |
file45.164.177.171 | Mirai payload delivery server (confidence level: 100%) | |
file219.157.59.83 | Mirai payload delivery server (confidence level: 100%) | |
file1.70.127.236 | Mirai payload delivery server (confidence level: 100%) | |
file117.209.89.62 | Mirai payload delivery server (confidence level: 100%) | |
file103.199.202.192 | Mirai payload delivery server (confidence level: 100%) | |
file223.8.213.139 | Mirai payload delivery server (confidence level: 100%) | |
file175.107.2.115 | Mirai payload delivery server (confidence level: 100%) | |
file202.66.165.57 | Mirai payload delivery server (confidence level: 100%) | |
file117.211.37.103 | Mirai payload delivery server (confidence level: 100%) | |
file117.211.215.108 | Mirai payload delivery server (confidence level: 100%) | |
file191.29.133.216 | Mirai payload delivery server (confidence level: 100%) | |
file182.121.252.121 | Mirai payload delivery server (confidence level: 100%) | |
file103.207.125.55 | Mirai payload delivery server (confidence level: 100%) | |
file117.215.139.182 | Mirai payload delivery server (confidence level: 100%) | |
file172.38.0.225 | Mirai payload delivery server (confidence level: 100%) | |
file119.143.165.164 | Mirai payload delivery server (confidence level: 100%) | |
file61.52.54.208 | Mirai payload delivery server (confidence level: 100%) | |
file115.58.95.45 | Mirai payload delivery server (confidence level: 100%) | |
file115.60.22.211 | Mirai payload delivery server (confidence level: 100%) | |
file42.235.171.56 | Mirai payload delivery server (confidence level: 100%) | |
file103.208.230.41 | Mirai payload delivery server (confidence level: 100%) | |
file115.55.223.75 | Mirai payload delivery server (confidence level: 100%) | |
file121.237.167.31 | Mirai payload delivery server (confidence level: 100%) | |
file125.41.2.112 | Mirai payload delivery server (confidence level: 100%) | |
file59.88.19.247 | Mirai payload delivery server (confidence level: 100%) | |
file103.199.200.252 | Mirai payload delivery server (confidence level: 100%) | |
file117.206.73.192 | Mirai payload delivery server (confidence level: 100%) | |
file103.247.6.98 | Mirai payload delivery server (confidence level: 100%) | |
file42.232.82.206 | Mirai payload delivery server (confidence level: 100%) | |
file117.197.225.182 | Mirai payload delivery server (confidence level: 100%) | |
file109.106.142.43 | Mirai payload delivery server (confidence level: 100%) | |
file45.164.177.197 | Mirai payload delivery server (confidence level: 100%) | |
file42.238.244.143 | Mirai payload delivery server (confidence level: 100%) | |
file182.117.26.62 | Mirai payload delivery server (confidence level: 100%) | |
file45.164.177.162 | Mirai payload delivery server (confidence level: 100%) | |
file125.106.32.67 | Mirai payload delivery server (confidence level: 100%) | |
file59.89.217.42 | Mirai payload delivery server (confidence level: 100%) | |
file117.209.83.6 | Mirai payload delivery server (confidence level: 100%) | |
file125.62.199.32 | Mirai payload delivery server (confidence level: 100%) | |
file183.240.211.144 | Mirai payload delivery server (confidence level: 100%) | |
file123.5.127.175 | Mirai payload delivery server (confidence level: 100%) | |
file27.0.217.195 | Mirai payload delivery server (confidence level: 100%) | |
file102.33.105.87 | Mirai payload delivery server (confidence level: 100%) | |
file59.91.90.29 | Mirai payload delivery server (confidence level: 100%) | |
file59.182.111.124 | Mirai payload delivery server (confidence level: 100%) | |
file117.248.162.244 | Mirai payload delivery server (confidence level: 100%) | |
file112.246.113.161 | Mirai payload delivery server (confidence level: 100%) | |
file59.93.130.217 | Mirai payload delivery server (confidence level: 100%) | |
file117.255.185.229 | Mirai payload delivery server (confidence level: 100%) | |
file123.9.47.122 | Mirai payload delivery server (confidence level: 100%) | |
file115.55.224.32 | Mirai payload delivery server (confidence level: 100%) | |
file117.254.96.59 | Mirai payload delivery server (confidence level: 100%) | |
file175.147.153.77 | Mirai payload delivery server (confidence level: 100%) | |
file117.209.3.106 | Mirai payload delivery server (confidence level: 100%) | |
file182.124.34.64 | Mirai payload delivery server (confidence level: 100%) | |
file117.248.161.189 | Mirai payload delivery server (confidence level: 100%) | |
file59.99.210.136 | Mirai payload delivery server (confidence level: 100%) | |
file211.223.79.89 | Mirai payload delivery server (confidence level: 100%) | |
file194.5.249.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.120.250.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.73.85 | Sliver botnet C2 server (confidence level: 100%) | |
file152.32.253.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.87.173.96 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file212.162.155.84 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file107.175.48.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.49.126.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.94.126.207 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.94.126.207 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.49.126.52 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file191.96.207.75 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.88.186.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.88.186.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file73.135.172.24 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.19.117.87 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file186.249.218.242 | Havoc botnet C2 server (confidence level: 100%) | |
file5.178.3.137 | Venom RAT botnet C2 server (confidence level: 100%) | |
file88.17.119.80 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.245.117.46 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.228.201.119 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.228.201.119 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.147.176.188 | PoshC2 botnet C2 server (confidence level: 100%) | |
file20.199.76.181 | ERMAC botnet C2 server (confidence level: 100%) | |
file196.119.150.206 | NjRAT botnet C2 server (confidence level: 100%) | |
file172.179.236.95 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file138.199.162.81 | DarkComet botnet C2 server (confidence level: 100%) | |
file194.59.31.111 | Remcos botnet C2 server (confidence level: 100%) | |
file104.250.169.100 | Remcos botnet C2 server (confidence level: 100%) | |
file101.37.150.185 | Sliver botnet C2 server (confidence level: 100%) | |
file5.83.218.75 | Sliver botnet C2 server (confidence level: 100%) | |
file185.49.126.235 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.49.126.235 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.249.208.141 | Havoc botnet C2 server (confidence level: 100%) | |
file20.92.165.192 | Havoc botnet C2 server (confidence level: 100%) | |
file15.197.85.250 | Kaiji botnet C2 server (confidence level: 100%) | |
file185.74.222.38 | Bashlite botnet C2 server (confidence level: 100%) | |
file54.183.176.59 | BianLian botnet C2 server (confidence level: 100%) | |
file209.97.146.219 | BianLian botnet C2 server (confidence level: 100%) | |
file45.63.24.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.94.31.85 | Hook botnet C2 server (confidence level: 100%) | |
file37.60.238.252 | Hook botnet C2 server (confidence level: 100%) | |
file74.249.102.229 | Havoc botnet C2 server (confidence level: 100%) | |
file121.4.218.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.90.0.40 | Unknown malware botnet C2 server (confidence level: 100%) | |
file174.138.57.195 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.57.36.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.57.36.62 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.106.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.239.2.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.200.23.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.28.140.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.198.220.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.63.165.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.39.13.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.142.83.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.101.188.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.165.110.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.189.56.251 | Unknown malware botnet C2 server (confidence level: 50%) | |
file84.238.59.38 | Unknown malware botnet C2 server (confidence level: 50%) | |
file116.204.34.3 | Sliver botnet C2 server (confidence level: 50%) | |
file37.27.87.24 | Sliver botnet C2 server (confidence level: 50%) | |
file96.9.124.213 | Sliver botnet C2 server (confidence level: 50%) | |
file47.129.248.32 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file57.158.24.35 | Havoc botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 50%) | |
file37.235.55.18 | NjRAT botnet C2 server (confidence level: 100%) | |
file31.171.131.21 | MooBot botnet C2 server (confidence level: 100%) | |
file15.235.166.83 | Sliver botnet C2 server (confidence level: 75%) | |
file15.236.210.224 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file161.35.40.73 | Sliver botnet C2 server (confidence level: 75%) | |
file185.195.106.81 | Sliver botnet C2 server (confidence level: 75%) | |
file193.26.115.89 | Havoc botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file89.117.72.46 | Sliver botnet C2 server (confidence level: 75%) | |
file95.164.55.3 | DanaBot botnet C2 server (confidence level: 75%) | |
file80.78.24.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.163.64.151 | Sliver botnet C2 server (confidence level: 100%) | |
file64.188.99.4 | Sliver botnet C2 server (confidence level: 100%) | |
file198.98.48.4 | Unknown malware botnet C2 server (confidence level: 100%) | |
file50.114.115.207 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.49.126.166 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file149.102.147.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file162.244.210.40 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.173.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file150.158.45.167 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file35.180.228.21 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file156.238.230.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.102.75.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.88.73.200 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.141.235 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.67.81.11 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file27.124.4.150 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.19 | XWorm botnet C2 server (confidence level: 100%) | |
file138.124.58.209 | XWorm botnet C2 server (confidence level: 100%) | |
file76.141.203.171 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.9 | XWorm botnet C2 server (confidence level: 100%) | |
file54.224.176.231 | XWorm botnet C2 server (confidence level: 100%) | |
file88.127.230.152 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file45.88.91.186 | XWorm botnet C2 server (confidence level: 100%) | |
file46.146.38.35 | XWorm botnet C2 server (confidence level: 100%) | |
file20.193.152.212 | XWorm botnet C2 server (confidence level: 100%) | |
file195.177.94.19 | XWorm botnet C2 server (confidence level: 100%) | |
file89.31.122.116 | XWorm botnet C2 server (confidence level: 100%) | |
file207.32.218.133 | XWorm botnet C2 server (confidence level: 100%) | |
file185.241.208.60 | XWorm botnet C2 server (confidence level: 100%) | |
file46.8.194.220 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file176.65.134.31 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.23 | XWorm botnet C2 server (confidence level: 100%) | |
file193.161.193.88 | XWorm botnet C2 server (confidence level: 100%) | |
file37.114.39.23 | XWorm botnet C2 server (confidence level: 100%) | |
file64.7.198.74 | XWorm botnet C2 server (confidence level: 100%) | |
file93.80.32.255 | XWorm botnet C2 server (confidence level: 100%) | |
file172.245.20.209 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 100%) | |
file195.177.94.204 | XWorm botnet C2 server (confidence level: 100%) | |
file188.127.225.33 | Remcos botnet C2 server (confidence level: 100%) | |
file198.135.50.224 | Remcos botnet C2 server (confidence level: 100%) | |
file5.45.67.76 | Remcos botnet C2 server (confidence level: 100%) | |
file23.94.82.22 | Remcos botnet C2 server (confidence level: 100%) | |
file95.27.4.238 | NjRAT botnet C2 server (confidence level: 100%) | |
file158.101.117.24 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file195.189.238.68 | CyberGate botnet C2 server (confidence level: 100%) | |
file178.49.37.59 | CyberGate botnet C2 server (confidence level: 100%) | |
file117.204.52.77 | CyberGate botnet C2 server (confidence level: 100%) | |
file5.71.212.194 | CyberGate botnet C2 server (confidence level: 100%) | |
file185.224.0.239 | Bashlite botnet C2 server (confidence level: 100%) | |
file82.153.138.142 | Bashlite botnet C2 server (confidence level: 100%) | |
file184.77.150.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file213.190.57.17 | DarkComet botnet C2 server (confidence level: 100%) | |
file92.73.139.121 | DarkComet botnet C2 server (confidence level: 100%) | |
file130.193.142.41 | DarkComet botnet C2 server (confidence level: 100%) | |
file193.242.166.48 | DarkComet botnet C2 server (confidence level: 100%) | |
file109.236.61.60 | DarkComet botnet C2 server (confidence level: 100%) | |
file81.220.71.93 | DarkComet botnet C2 server (confidence level: 100%) | |
file68.144.181.57 | DarkComet botnet C2 server (confidence level: 100%) | |
file69.243.133.201 | DarkComet botnet C2 server (confidence level: 100%) | |
file20.0.106.6 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.239.165.225 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.129.34.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.8.38.62 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.212.166.54 | AMOS botnet C2 server (confidence level: 75%) | |
file216.122.166.17 | Antidot botnet C2 server (confidence level: 75%) | |
file92.255.85.36 | SectopRAT botnet C2 server (confidence level: 75%) | |
file92.255.85.36 | SectopRAT botnet C2 server (confidence level: 75%) | |
file64.95.11.106 | Sliver botnet C2 server (confidence level: 50%) | |
file174.138.78.76 | Sliver botnet C2 server (confidence level: 50%) | |
file45.9.148.62 | Sliver botnet C2 server (confidence level: 50%) | |
file66.228.32.147 | Sliver botnet C2 server (confidence level: 50%) | |
file18.134.95.174 | BlackShades botnet C2 server (confidence level: 50%) | |
file194.87.68.243 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file45.11.92.73 | MooBot botnet C2 server (confidence level: 100%) | |
file172.111.244.104 | Remcos botnet C2 server (confidence level: 100%) | |
file154.30.3.134 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file109.248.162.19 | Havoc botnet C2 server (confidence level: 100%) | |
file3.70.11.235 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file144.172.73.45 | Mirai botnet C2 server (confidence level: 75%) | |
file88.244.209.174 | NjRAT botnet C2 server (confidence level: 100%) | |
file45.93.20.15 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file92.118.112.199 | DanaBot botnet C2 server (confidence level: 100%) | |
file92.118.112.200 | DanaBot botnet C2 server (confidence level: 100%) | |
file20.40.99.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.49.126.166 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.68.251.174 | Havoc botnet C2 server (confidence level: 100%) | |
file82.153.79.9 | Havoc botnet C2 server (confidence level: 100%) | |
file13.40.37.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.251.129.9 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.94.31.85 | ERMAC botnet C2 server (confidence level: 100%) | |
file13.224.101.73 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file159.138.20.150 | Unknown malware botnet C2 server (confidence level: 75%) | |
file172.111.160.2 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file216.235.95.100 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file64.188.99.4 | Sliver botnet C2 server (confidence level: 75%) | |
file20.40.99.133 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file147.185.221.25 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1995 | Mirai botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash52266 | Mirai payload delivery server (confidence level: 100%) | |
hash54677 | Mirai payload delivery server (confidence level: 100%) | |
hash50907 | Mirai payload delivery server (confidence level: 100%) | |
hash60479 | Mirai payload delivery server (confidence level: 100%) | |
hash38095 | Mirai payload delivery server (confidence level: 100%) | |
hash53491 | Mirai payload delivery server (confidence level: 100%) | |
hash55097 | Mirai payload delivery server (confidence level: 100%) | |
hash46918 | Mirai payload delivery server (confidence level: 100%) | |
hash57217 | Mirai payload delivery server (confidence level: 100%) | |
hash54146 | Mirai payload delivery server (confidence level: 100%) | |
hash40937 | Mirai payload delivery server (confidence level: 100%) | |
hash52052 | Mirai payload delivery server (confidence level: 100%) | |
hash10012 | Mirai payload delivery server (confidence level: 100%) | |
hash48030 | Mirai payload delivery server (confidence level: 100%) | |
hash41489 | Mirai payload delivery server (confidence level: 100%) | |
hash34928 | Mirai payload delivery server (confidence level: 100%) | |
hash53782 | Mirai payload delivery server (confidence level: 100%) | |
hash41311 | Mirai payload delivery server (confidence level: 100%) | |
hash42846 | Mirai payload delivery server (confidence level: 100%) | |
hash52132 | Mirai payload delivery server (confidence level: 100%) | |
hash57469 | Mirai payload delivery server (confidence level: 100%) | |
hash54517 | Mirai payload delivery server (confidence level: 100%) | |
hash60171 | Mirai payload delivery server (confidence level: 100%) | |
hash51688 | Mirai payload delivery server (confidence level: 100%) | |
hash11462 | Mirai payload delivery server (confidence level: 100%) | |
hash56833 | Mirai payload delivery server (confidence level: 100%) | |
hash58712 | Mirai payload delivery server (confidence level: 100%) | |
hash52824 | Mirai payload delivery server (confidence level: 100%) | |
hash35974 | Mirai payload delivery server (confidence level: 100%) | |
hash41217 | Mirai payload delivery server (confidence level: 100%) | |
hash41440 | Mirai payload delivery server (confidence level: 100%) | |
hash56392 | Mirai payload delivery server (confidence level: 100%) | |
hash54377 | Mirai payload delivery server (confidence level: 100%) | |
hash41479 | Mirai payload delivery server (confidence level: 100%) | |
hash11875 | Mirai payload delivery server (confidence level: 100%) | |
hash42100 | Mirai payload delivery server (confidence level: 100%) | |
hash50363 | Mirai payload delivery server (confidence level: 100%) | |
hash57875 | Mirai payload delivery server (confidence level: 100%) | |
hash34560 | Mirai payload delivery server (confidence level: 100%) | |
hash59247 | Mirai payload delivery server (confidence level: 100%) | |
hash39790 | Mirai payload delivery server (confidence level: 100%) | |
hash37801 | Mirai payload delivery server (confidence level: 100%) | |
hash47570 | Mirai payload delivery server (confidence level: 100%) | |
hash54426 | Mirai payload delivery server (confidence level: 100%) | |
hash39840 | Mirai payload delivery server (confidence level: 100%) | |
hash56583 | Mirai payload delivery server (confidence level: 100%) | |
hash59495 | Mirai payload delivery server (confidence level: 100%) | |
hash51124 | Mirai payload delivery server (confidence level: 100%) | |
hash57458 | Mirai payload delivery server (confidence level: 100%) | |
hash49382 | Mirai payload delivery server (confidence level: 100%) | |
hash47257 | Mirai payload delivery server (confidence level: 100%) | |
hash36272 | Mirai payload delivery server (confidence level: 100%) | |
hash6288 | Mirai payload delivery server (confidence level: 100%) | |
hash58076 | Mirai payload delivery server (confidence level: 100%) | |
hash42929 | Mirai payload delivery server (confidence level: 100%) | |
hash46811 | Mirai payload delivery server (confidence level: 100%) | |
hash52360 | Mirai payload delivery server (confidence level: 100%) | |
hash57140 | Mirai payload delivery server (confidence level: 100%) | |
hash47235 | Mirai payload delivery server (confidence level: 100%) | |
hash50618 | Mirai payload delivery server (confidence level: 100%) | |
hash60308 | Mirai payload delivery server (confidence level: 100%) | |
hash48449 | Mirai payload delivery server (confidence level: 100%) | |
hash32807 | Mirai payload delivery server (confidence level: 100%) | |
hash45108 | Mirai payload delivery server (confidence level: 100%) | |
hash63571 | Mirai payload delivery server (confidence level: 100%) | |
hash10761 | Mirai payload delivery server (confidence level: 100%) | |
hash48953 | Mirai payload delivery server (confidence level: 100%) | |
hash32987 | Mirai payload delivery server (confidence level: 100%) | |
hash11406 | Mirai payload delivery server (confidence level: 100%) | |
hash33860 | Mirai payload delivery server (confidence level: 100%) | |
hash59628 | Mirai payload delivery server (confidence level: 100%) | |
hash35134 | Mirai payload delivery server (confidence level: 100%) | |
hash47483 | Mirai payload delivery server (confidence level: 100%) | |
hash36008 | Mirai payload delivery server (confidence level: 100%) | |
hash49108 | Mirai payload delivery server (confidence level: 100%) | |
hash40090 | Mirai payload delivery server (confidence level: 100%) | |
hash52893 | Mirai payload delivery server (confidence level: 100%) | |
hash51476 | Mirai payload delivery server (confidence level: 100%) | |
hash39264 | Mirai payload delivery server (confidence level: 100%) | |
hash32769 | Mirai payload delivery server (confidence level: 100%) | |
hash33031 | Mirai payload delivery server (confidence level: 100%) | |
hash56601 | Mirai payload delivery server (confidence level: 100%) | |
hash53335 | Mirai payload delivery server (confidence level: 100%) | |
hash50013 | Mirai payload delivery server (confidence level: 100%) | |
hash52276 | Mirai payload delivery server (confidence level: 100%) | |
hash42843 | Mirai payload delivery server (confidence level: 100%) | |
hash56158 | Mirai payload delivery server (confidence level: 100%) | |
hash60251 | Mirai payload delivery server (confidence level: 100%) | |
hash59215 | Mirai payload delivery server (confidence level: 100%) | |
hash60409 | Mirai payload delivery server (confidence level: 100%) | |
hash37742 | Mirai payload delivery server (confidence level: 100%) | |
hash54774 | Mirai payload delivery server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash19999 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5984 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash54284 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) | |
hash55443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash1863 | DarkComet botnet C2 server (confidence level: 100%) | |
hash46167 | Remcos botnet C2 server (confidence level: 100%) | |
hash3191 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash10081 | Kaiji botnet C2 server (confidence level: 100%) | |
hash8080 | Bashlite botnet C2 server (confidence level: 100%) | |
hash30534 | BianLian botnet C2 server (confidence level: 100%) | |
hash5060 | BianLian botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash50000 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash82 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2807 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash44158 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash63018 | XWorm botnet C2 server (confidence level: 50%) | |
hash4567 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash9201 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash40056 | Havoc botnet C2 server (confidence level: 75%) | |
hash10000 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10260 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10314 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10480 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash11103 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash11128 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash13072 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash14470 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash14974 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash15302 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash15443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash16192 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash16991 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash18246 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash18665 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash19432 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash19925 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash20546 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash22368 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash23890 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash24893 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash26034 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash26791 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash27807 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash28866 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash29024 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash29783 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash29911 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30699 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash31095 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash3128 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash31307 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash31830 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash6825 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash8085 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash14782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash591 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8856 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56266 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash51311 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash18254 | XWorm botnet C2 server (confidence level: 100%) | |
hash5555 | XWorm botnet C2 server (confidence level: 100%) | |
hash1194 | XWorm botnet C2 server (confidence level: 100%) | |
hash1194 | XWorm botnet C2 server (confidence level: 100%) | |
hash2632 | XWorm botnet C2 server (confidence level: 100%) | |
hash49155 | XWorm botnet C2 server (confidence level: 100%) | |
hash24703 | XWorm botnet C2 server (confidence level: 100%) | |
hash1234 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash3392 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1123 | XWorm botnet C2 server (confidence level: 100%) | |
hash7234 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7771 | XWorm botnet C2 server (confidence level: 100%) | |
hash61522 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash31659 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5555 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash59366 | XWorm botnet C2 server (confidence level: 100%) | |
hash64820 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5637 | Remcos botnet C2 server (confidence level: 100%) | |
hash53648 | Remcos botnet C2 server (confidence level: 100%) | |
hash1212 | Remcos botnet C2 server (confidence level: 100%) | |
hash5890 | Remcos botnet C2 server (confidence level: 100%) | |
hash28015 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash6112 | CyberGate botnet C2 server (confidence level: 100%) | |
hash84 | CyberGate botnet C2 server (confidence level: 100%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash666 | Bashlite botnet C2 server (confidence level: 100%) | |
hash12345 | Bashlite botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash4411 | DarkComet botnet C2 server (confidence level: 100%) | |
hash3460 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1605 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash999 | DarkComet botnet C2 server (confidence level: 100%) | |
hash100 | DarkComet botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | AMOS botnet C2 server (confidence level: 75%) | |
hash8237 | Antidot botnet C2 server (confidence level: 75%) | |
hash15847 | SectopRAT botnet C2 server (confidence level: 75%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash3306 | BlackShades botnet C2 server (confidence level: 50%) | |
hash10134 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash56999 | MooBot botnet C2 server (confidence level: 100%) | |
hash8347 | Remcos botnet C2 server (confidence level: 100%) | |
hash31415 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7723 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9931 | Mirai botnet C2 server (confidence level: 75%) | |
hash3333 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15666 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4433 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash21 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2079 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10252 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash11755 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash17603 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash18244 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash23820 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash24220 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash25486 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash26193 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash27506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash28015 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash28911 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash29016 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash29924 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30358 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash3116 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash65218 | NjRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainaesthzeticday.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainampklevision.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainblisksfulfuture.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainblissfzuljourney.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbrhightfusion.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincalhmhaven.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincherikshedideas.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincherishzmoments.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincreatiyvegroove.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindreamcrazfters.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindreamekrspace.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainelysianfizelds.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainembracekchange.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainflourishklife.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainflouriszhzozne.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainglowpathy.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingraqcefulstep.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingratefulhkeart.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhappyhquest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhopeqfulhearts.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainideasphark.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininspiqredminds.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjololyquest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjoyousqvibes.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkindredqspirits.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlnovewave.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainluminousqpath.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmqindfuljourney.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnaqturewisdom.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnexntvision.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoceanbreoeze.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainopuqlentnest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpeacqegfulmind.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpeakaspiroe.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainquietreverie.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainquiwetwaveso.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainradiantnpulse.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrgadiantsoul.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainriqsingstaro.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsegrenewaves.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthwrivenest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintragnquilgrove.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintruenorthn.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuniggvgersaljoy.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuniwtysphere.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuyniquequest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvigbragntflow.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvisiwonarypath.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwkanderlustpath.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwzonderfield.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainxpzloreideas.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainyouzrjoyfulplace.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzekalousspirit.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzenfylare.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzephzyrcloud.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaheadrarry.help | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincontributioninspection.info | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindreamerfruits.cloud | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.gaxfd.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmsiserver.net | NjRAT botnet C2 domain (confidence level: 50%) | |
domainbz-frnd1.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainsystcisd.ddnsking.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainimages-hunting.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainnot-warm.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.piqcz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainyou-insk-bad.pages.dev | Vidar botnet C2 domain (confidence level: 100%) | |
domainfresh-orange-juice.pages.dev | Vidar botnet C2 domain (confidence level: 100%) | |
domainads.green-pickle-jo.shop | Vidar botnet C2 domain (confidence level: 100%) | |
domainfivexc5vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivejj5sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainf1086012.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainjocer66c.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1085679.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainjocer66c.be | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1085892.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincz34019.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainickyseeky.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainabnormasik.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainonevd1sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonevd1vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrevd3vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwovd2vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrevd3sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwovd2sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonevd1pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonevd1ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrevd3ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonevd1sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwov2pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domain2qjhb2csdk7kr.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaina3dkg2aaaa.westus2.cloudapp.azure.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainbigtest.procheckup.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindouyin.wwvvdouyin.cc | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaingreat-wherever.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainx0jlj7s1ibdosewoq029prs9.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsupersender.top | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfavor.ydns.eu | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainseratospm.giize.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsfsdtgeds-34641.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindgfsdfsdfsdf-60631.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrhgdsg-46696.portmap.host | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvendasdecasas.online | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfrancoislouis712.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfranclouis882.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmar-contest.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintable-goals.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsony-duties.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbenefits-lift.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainip-definitely.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlast-would.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingedsdg-63727.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainso-pad.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwithout-affecting.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwestern-bright.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainheart-colleges.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainaerd-47210.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainhave-process.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpresent-seeds.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainairport-reporter.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainitem-gnu.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingermany-animal.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainasked-jd.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnews-cultures.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainletter-diamonds.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindrive-barcelona.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainel-norm.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainlead-passage.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domain1305-36961.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainconference-std.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmodel-virtually.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainagentwoo-37720.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainagentwoo-62626.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainnet-enable.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsupport-mere.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainevilcoder-62402.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainskidderhay-32934.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainadministration-till.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbattery-mercedes.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainblog-competitive.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindistribution-nicaragua.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfeatures-exclude.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindata-save.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaintrust-sri.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainchanges-collection.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpapers-legendary.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainquote-symposium.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpinkippp.com | XWorm botnet C2 domain (confidence level: 100%) | |
domainmrn0name-40574.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaingreater-districts.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindsgsdg-45723.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainindustry-ratings.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainworldwide-serial.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainopmans-48990.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainplugins-41446.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainflash-affordable.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainjournal-maui.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmb-them.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainrichard-stuck.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbeautiful-microphone.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwuya-nsw.xyz | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmatch-os.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincolor-electric.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincouncil-boc.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainchild-antibody.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindiscussion-levy.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainagainst-generator.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainname-perception.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpackage-mother.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingifts-highs.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainset-reduces.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmd-fort.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainclxp-34730.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainsddgdsfgeds-43448.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainsports-lows.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainchoose-surgeons.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainnowayjose-61162.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainbenhenry2234.zapto.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainxbbxzqaw.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainugobelube.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkavemarb99juyet5.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkavemarb99juyet1.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkavemarb99juyet3.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainsupersoftin.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkavemarb99juyet4.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainnetwin66wow.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkavemarb99juyet6.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainkavemarb99juyet2.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainnaps.is-into-games.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainupdateservice.linkpc.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainnjratcrackbiden.zapto.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainnj1994.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainupdatservice3457.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainsampop.linkpc.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainmk.babyisis.com.br | NjRAT botnet C2 domain (confidence level: 100%) | |
domainalahacker.no-ip.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainchromasvaldo.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainbaranreis123.ddns.net | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainfbkeys.myftp.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhackbertthebrain.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainheker47.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbra1.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnour1003.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlalelulalei.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainitsthetruth.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrobdark.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainslaverat.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingreeting.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingoodconnection.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainazooze96.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainaidengz.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintotal-free.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincrush31.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintalha.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlayla.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfickenman.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingenelev.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainwaitforme.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainblacktiger05.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domain504487l.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxtreempje.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsamir.servehalflife.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainknightrider1.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincairneyss.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainshanison.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincyber123.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainh3nry.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfhlogs1.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhackring-king.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainpaxromana.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbara1994.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainindigo4real34.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainyabouheli.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainoramkoburamako2.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainivanamaa.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindarkhaked1234.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainremotehokben.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmalthegreat.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainm0eslem.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainicqservice.serveirc.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincyberga4teh5cking.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincooperr.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainloto.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnaconjo.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainblackwalllie.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainvivahopy1.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainstiuvert.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhmssal7ob.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainwardy94.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainpopodepepe.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhackguner.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainseki111.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjavaupdater.servehttp.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainewfewf.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainupdater200.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhackernabli.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnewhome.homelinux.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsagegc.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainshitheads.no-ip.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainugandascape.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindainius1122.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainanmelden1231.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindeniszhack.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainaravind11301.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincfyserver.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkarizma05.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjillnet.hopto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxspas.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmyserverfree.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzagkorat.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsecurex812.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainglorty1.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxxben240xx.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainthanhhoai.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsmel45454.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainifp2011.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainretchard.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainownedyou1125.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainh2x2.myftp.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmetus1337.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainflapdrolyordi.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainvolemal.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrandom1p.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsystem30.servegame.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintestgivi.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainshowonnnnn.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domains3ds3ood2010.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfuntoushe-77.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainadminftp.ftpaccess.cc | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmaier-maxi.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintylerb0ss.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainzooma151.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainraul1115.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsourcegen.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainghoststarcraft.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domain75as4d53a1sd.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincerebrius.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainblackzx.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmatt.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmoehome.dyndns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmylovely.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaindaniele2.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainasm296.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaingarcon.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainadsa123.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincl0m3nt.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintaping.duckdns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainromhacker.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaindarkserver.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainrabun95.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkromoz23.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincruee.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsbregar.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintrinydarkcomet.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainjacker.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainretards.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsahli.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmeexonline.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainnorgledys.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsocold.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainace369258147.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainiamusinganoip.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainpointblankv1.duckdns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainxmgx.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainblackzx.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainr3xr3g1s.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwelljack.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainarsene.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainygo.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainw0xx-24.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsonykuccio.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainleethackers.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincybertechnologyinc.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainglhacker.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintommyhf.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainomerexpert.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaininworld.vip.sh | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsprk.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaindestructoid.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainka8evdei.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainzackzm.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwinrarsfx.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainedog778.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainuoku.sytes.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainr-wlany.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainturkuhacker70.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domain357hftphhm.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainserverbudau.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainfingers.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwilliamm.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainforum.3utilities.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domaingoogler.3utilities.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domainoox.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhoszelaar.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainleethost.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincgdutchn00bz.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainetclan.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhackman.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainr3c0n.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainomaromar.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaingniewkowiec0359.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmrlokoniqq.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmisteryou79.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainface005.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainlololol.hopto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainarpej.duckdns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwelljacker.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainfoxiland.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainbsserver1337.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwinrarsfx.linkpc.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainonev1sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainforz4pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonev1pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainforbz4sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonev1sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwov2sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonexv1pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainforbz4pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonexv1vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwoxv2pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixxv6pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonexv1pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwoxv2sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrexv3sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivexv5sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonexv1sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixxv6sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonexc1pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthreq3pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixxc6pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwoxc2pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivexx5pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixxc6pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwoxc2pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixxc6vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwoxc2vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivexx5vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonexc1vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrexx3vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainneizx9vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonezc1vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixzx6vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwozx2vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrtuu13pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrtjj13sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfiveuu5pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfrtnjj14sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenpp10sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincheck.kaqpw.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeactefulpath.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainads.green-pickle-jo.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domainsqairs.com | AMOS botnet C2 domain (confidence level: 100%) | |
domainfestalferalweek.online | Antidot botnet C2 domain (confidence level: 100%) | |
domaincheck.zuzcq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.revrb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.gyhxr.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.tusmh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindigitalservice.ddnsguru.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincheck.mojtf.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.reqpn.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainb.gewrye.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.powqg.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.giddinessrebirth.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.hivrv.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.qyfmx.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.fimdp.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.zibzr.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.goccb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.qoqsn.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindasdv1.service1921.club | Mirai botnet C2 domain (confidence level: 50%) | |
domainnumbers-insights.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainh4x000r.duckdns.org | Revenge RAT botnet C2 domain (confidence level: 50%) | |
domainglobal-bibliographic.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainnetwork.dhcpclient.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.gaxfd.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://u1.sulkuntie.shop/guajira.mp3 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://sunsetvale.xyz/mdqyztc1mju5mjzi/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://frozenpeak.xyz/ndi3yjdmytrlzjy3/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://800811cm.nyashk.ru/eternalimageauthdblinuxwindowsuniversal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://123.58.220.204:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/gu7qawaq | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://check.piqcz.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://intentionalklife.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hopefulpatkh.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://you-insk-bad.pages.dev/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fresh-orange-juice.pages.dev/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ads.green-pickle-jo.shop/1.m4a | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot7926380598:aafjrd_ca7fbaplbmehsa_vrzjuzjwdmlws/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot6118451923:aae5b-pwqciyrwostvi2hwoqu2xjltg2ida/sendmessage | AsyncRAT botnet C2 (confidence level: 100%) | |
urlhttp://home.twntjj20sr.top/kqeaovfurhdhtcpfrfme15 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.elvnjj1sr.top/pekvtmslvrbvfmwtjqva17 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.fivepp5sb.top/joleplgszibrhlkjbqyx17 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.thrtjj13sr.top/eqljmjryixwlxpguliyp16 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.fortth14ht.top/ntrmovgoaovbjpksulkp13 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.elvnpp11sb.top/pbeokzppuoamimahvrmg11 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.elvnuuu11pn.top/ulvjakqlxazlgwxqjbuu04 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttp://home.elvnhh11pn.top/ziudfupkeorigmpcoxua1738611128 | CryptBot botnet C2 (confidence level: 100%) | |
urlhttps://ickyseeky.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://abnormasik.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://peactefulpath.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.kaqpw.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://jookerkslxsafkr.xyz/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sqairs.com/macshare.php | AMOS botnet C2 (confidence level: 100%) | |
urlhttps://check.zuzcq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.revrb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.gyhxr.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.tusmh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://a0768683.xsph.ru/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://radiatntideas.top/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://37.60.238.252:50000/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://www.iq-insitute.org/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://check.mojtf.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.reqpn.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.powqg.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://u1.giddinessrebirth.shop/guajira.mp3 | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://136601cm.shnyash.ru/pythonlinuxuploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.hivrv.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.qyfmx.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://healthyhabixts.tech/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://swiftvantage.online/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://check.fimdp.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.zibzr.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://59.95.95.87:33776/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://check.goccb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.qoqsn.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://20.74.209.192:4443/unhr | Cobalt Strike botnet C2 (confidence level: 75%) |
Threat ID: 682acdc3bbaf20d303f20062
Added to database: 5/19/2025, 6:20:52 AM
Last enriched: 6/18/2025, 8:20:27 AM
Last updated: 8/13/2025, 6:02:32 PM
Views: 17
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.