ThreatFox IOCs for 2025-02-17

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat information pertains to a malware-related report titled "ThreatFox IOCs for 2025-02-17," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) related to malware activity as of February 17, 2025. However, the details are minimal: no specific malware family, affected software versions, or detailed technical characteristics are provided. The threat is categorized under 'malware' with a medium severity rating assigned by the source. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution or prevalence. There are no known exploits in the wild linked to this threat, no patches available, and no Common Weakness Enumerations (CWEs) identified. The lack of IOCs or detailed indicators limits the ability to perform a deep technical breakdown. The threat is tagged as 'type:osint' and 'tlp:white,' indicating that the information is openly shareable without restrictions. Overall, this appears to be an early-stage or low-profile malware threat with limited public technical information, primarily serving as an alert or intelligence update rather than a detailed vulnerability or exploit report.

Potential Impact

Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, as the threat relates to malware, potential impacts could include unauthorized access, data exfiltration, or disruption of services if the malware were to be deployed effectively. The medium severity suggests some risk but not critical or widespread compromise at this time. European organizations relying heavily on OSINT tools or platforms that might ingest or interact with ThreatFox data could be indirectly affected if malicious indicators are misused or if the malware targets such environments. The lack of specific affected products or versions reduces the ability to pinpoint direct operational impacts. Nonetheless, organizations in sectors with high exposure to malware threats—such as finance, critical infrastructure, and government—should remain vigilant. The absence of known exploits suggests that exploitation is not currently widespread, but the presence of IOCs indicates potential reconnaissance or preparatory activity by threat actors.

Mitigation Recommendations

1. Enhance monitoring of threat intelligence feeds, including ThreatFox, to detect any emerging indicators related to this malware. 2. Implement robust endpoint detection and response (EDR) solutions capable of identifying anomalous behaviors associated with malware infections, even in the absence of specific signatures. 3. Conduct regular threat hunting exercises focusing on malware behaviors consistent with medium-severity threats, especially in environments processing OSINT data. 4. Maintain strict network segmentation and access controls to limit lateral movement if an infection occurs. 5. Educate security teams on the importance of validating and contextualizing OSINT-derived indicators before operational use to avoid false positives or inadvertent exposure. 6. Prepare incident response plans that include scenarios for emerging malware threats with limited initial information, emphasizing rapid containment and analysis. 7. Regularly update and patch all systems, even though no specific patches are linked to this threat, to reduce the attack surface for opportunistic malware.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

domain: radiatntideas.top
domain: lovechat.sbs
domain: bchainpro.com
domain: rblcardservice.com
domain: hdbservicepdl.com
url: https://ly.ardentlysqueamish.autos/772a09d8ce7f9f4da9fc0087f1cf84f12aedb2e2cfbf9989.bin
domain: check.buqqn.icu
url: https://check.buqqn.icu/gkcxv.google
domain: webbased-stub-builder.vercel.app
url: https://154.216.19.160/txt/xugzybfe02qd31l.exe
url: https://87.120.84.38/txt/dtglbrsub45qnmm.exe
url: https://66.63.187.123/txt/lwk7fu5kbewfbqc.exe
url: https://87.120.84.39/txt/xxdquuorm1vd3an.exe
url: https://154.216.19.160/txt/aegtitprcz9bkkq.exe
url: https://154.216.19.160/txt/ettb15lcedjyw3r.exe
url: https://154.216.19.160/txt/um9l61wgoaplfkj.exe
url: https://154.216.20.22/txt/rfp1ykrwym1odxc.exe
url: https://87.120.84.38/txt/tielklvkfumqufa.exe
url: https://87.120.84.39/txt/zo7yvjlvmdji9aj.exe
url: https://87.120.84.38/txt/zf3dxapdnla4lnl.exe
url: https://87.120.84.39/txt/di5nuab6dcw7eov.exe
url: https://87.120.84.38/txt/fwacz73tnxebaj2.exe
url: https://87.120.84.38/txt/ok7yvjlvmdji9ajz.exe
url: https://87.120.84.39/txt/nfef2debp7q52qq.exe
url: https://87.120.84.39/txt/iwqopplghcvzxmy.exe
url: https://66.63.187.123/txt/h363bpkqz0mdvd7.exe
url: https://87.120.84.39/txt/blhbzrtqblg6o1k.exe
url: https://154.216.20.22/txt/sr01fduyuje6o2v.exe
url: https://87.120.84.39/txt/i3xzep1kscpdmj7.exe
url: https://87.120.84.39/txt/en7nq8lm3v7yww0.exe
url: https://87.120.84.38/txt/zok7yvjlvmdji9aj.exe
url: https://154.216.19.160/txt/u7vqmxbxibxvbxn.exe
url: https://154.216.19.160/txt/yvdk2vzluodbu6s.exe
url: https://87.120.84.38/txt/f2rps6mhkljoach.exe
url: https://87.120.84.38/txt/gsetc3enkk2egl4.exe
url: https://87.120.84.38/txt/ttuygt18rb5jzcr.exe
url: https://87.120.84.38/txt/uyikxzbgrrplkjh.exe
file: 35.167.121.116
hash: 31337
hash: 2f022104248d395a01f0134b406ac9bcf7e2059d791695110505052b9064ca9f
url: http://13.251.16.150/
url: http://cnc.pinklander.com/
file: 199.195.252.200
hash: 808
file: 185.112.102.12
hash: 3778
file: 196.251.67.134
hash: 13
url: https://scanpaq.com/6t5t.js
domain: scanpaq.com
url: https://scanpaq.com/js.php
url: http://yxrqxlvregipunw.top/1.php
domain: yxrqxlvregipunw.top
file: 96.62.214.212
hash: 3778
file: 195.178.110.224
hash: 8888
file: 154.16.93.177
hash: 3368
file: 154.16.93.177
hash: 3365
domain: kjhgfdsaasdfgh.myvnc.com
domain: stoya.no-ip.biz
domain: dbam.dyndns.org
domain: yesmoke.no-ip.org
domain: surrogates7.no-ip.org
domain: borcanoo.zapto.org
domain: elamr.no-ip.org
domain: booooooty.duckdns.org
domain: liberiumtop-59052.portmap.host
domain: jokeersbox-21442.portmap.host
domain: issues-sarah.gl.at.ply.gg
domain: left-councils.gl.at.ply.gg
file: 212.15.49.100
hash: 1212
file: 158.69.12.143
hash: 5555
file: 147.189.171.248
hash: 7771
file: 184.174.97.115
hash: 5002
file: 148.153.82.222
hash: 8081
file: 206.123.152.34
hash: 3191
file: 196.251.118.49
hash: 8808
file: 23.94.126.207
hash: 2004
domain: www.phpmyadmin.timeweb25.ru
file: 37.221.67.207
hash: 6969
file: 37.221.67.207
hash: 45
file: 37.221.67.207
hash: 1111
file: 160.22.160.31
hash: 56999
file: 193.143.1.42
hash: 60255
url: http://mgkwjihehqcknbp.top/1.php
domain: mgkwjihehqcknbp.top
domain: mitgpssms.com
domain: suomi-app.net
domain: smsfastersend.com
domain: americanexpressloginus.com
file: 196.251.71.31
hash: 443
domain: campskipleak.pro
domain: fearrealmean.pro
domain: kinguserpart.pro
domain: painroomarch.pro
domain: preyechostun.pro
file: 45.115.236.152
hash: 37232
file: 45.144.136.13
hash: 80
file: 112.126.68.13
hash: 443
file: 134.122.128.93
hash: 1234
file: 191.96.207.172
hash: 8808
file: 144.126.223.33
hash: 80
domain: jookerkslxsafkr.xyz
domain: detailerqusit.help
domain: mintysoary.help
domain: hopefulpatkh.top
domain: intentionalklife.top
domain: joyfuljourneky.top
domain: kindplacesk.top
domain: liemitlgessdream.top
domain: minedfrulgrowth.top
domain: noureeishedsoul.top
domain: opetnheearts.top
domain: diggyacito.click
domain: dirtytram.click
domain: medicalprocce.shop
domain: potcryscanj.shop
domain: silingwhip.shop
file: 111.180.203.230
hash: 6666
file: 134.122.128.91
hash: 1234
file: 154.26.208.209
hash: 80
file: 154.26.208.209
hash: 8089
file: 172.232.235.202
hash: 2095
file: 172.232.235.202
hash: 6513
file: 172.232.235.202
hash: 50102
file: 172.232.235.202
hash: 55487
file: 172.232.235.202
hash: 443
file: 5.253.41.69
hash: 60000
file: 13.61.4.166
hash: 3333
file: 184.82.106.56
hash: 3333
file: 20.216.218.254
hash: 3333
file: 66.194.172.174
hash: 3333
file: 34.136.174.197
hash: 3333
file: 191.113.109.14
hash: 8080
file: 54.224.124.160
hash: 443
file: 128.140.34.177
hash: 34956
file: 178.238.105.57
hash: 3333
file: 95.169.180.41
hash: 3333
file: 3.81.133.133
hash: 3333
file: 20.236.253.207
hash: 3333
file: 81.19.140.168
hash: 8080
file: 39.107.243.6
hash: 8443
file: 79.107.152.170
hash: 995
file: 216.250.252.33
hash: 60309
file: 62.60.226.49
hash: 1115
url: https://check.nolzm.icu/gkcxv.google
domain: check.nolzm.icu
domain: check.lalml.icu
url: https://check.lalml.icu/gkcxv.google
file: 176.65.138.184
hash: 3939
file: 89.117.17.182
hash: 6606
file: 75.119.139.188
hash: 92
file: 54.184.8.206
hash: 593
file: 176.82.171.71
hash: 6001
url: https://softpafthway.cyou/api
url: http://154.26.208.209/
url: https://crimson-sun-3ac5.foxiproxi.workers.dev/
domain: although-evans.gl.at.ply.gg
domain: austin99.duckdns.org
domain: heksaa3030.redirectme.net
domain: category-tar.gl.at.ply.gg
file: 185.196.9.225
hash: 8808
file: 185.196.9.225
hash: 6606
file: 185.196.9.225
hash: 7707
file: 47.92.26.48
hash: 8088
domain: xu3.201008281.xyz
url: https://xu3.201008281.xyz/
file: 198.135.51.176
hash: 49950
domain: check.masvt.icu
file: 196.251.118.14
hash: 2404
file: 193.23.3.29
hash: 1570
file: 185.38.142.181
hash: 443
file: 146.70.113.148
hash: 4444
file: 23.94.126.207
hash: 1999
file: 138.199.162.81
hash: 2086
file: 52.231.109.121
hash: 443
file: 3.96.151.21
hash: 788
file: 35.180.211.187
hash: 5984
file: 84.154.180.143
hash: 82
url: https://check.masvt.icu/gkcxv.google
domain: check.cikwp.icu
url: https://check.cikwp.icu/gkcxv.google
domain: check.ruqhl.icu
url: https://check.ruqhl.icu/gkcxv.google
url: http://mercharena.biz
file: 13.248.209.49
hash: 443
file: 13.48.26.102
hash: 4369
file: 188.49.58.85
hash: 995
file: 20.173.41.208
hash: 8888
file: 185.100.157.145
hash: 1515
file: 37.107.11.247
hash: 443
file: 37.27.87.24
hash: 8888
url: http://104.214.176.148:8888/supershell/login/
url: https://human-epinions.gl.at.ply.gg:56080
url: http://20.74.209.192:4443/xe1o
url: https://vessweb.com/6t4e.js
domain: vessweb.com
url: https://vessweb.com/js.php
domain: check.jewsl.icu
url: https://check.jewsl.icu/gkcxv.google
file: 5.182.226.142
hash: 41127
domain: check.xomkb.icu
url: https://check.xomkb.icu/gkcxv.google
domain: ly.ardentlysqueamish.autos
domain: ns1.drgeregweg.ip-ddns.com
domain: ns2.drgeregweg.ip-ddns.com
domain: ns3.drgeregweg.ip-ddns.com
file: 169.239.129.45
hash: 53
url: https://check.kedkq.icu/gkcxv.google
domain: check.kedkq.icu
domain: xu1.dijiafuzhu.xyz
url: https://xu1.dijiafuzhu.xyz
domain: travel.image-gene-saver.it.com
url: https://ddrtot.shop/new/pws/fre.php
file: 64.95.10.13
hash: 31337
file: 37.12.3.194
hash: 6001
file: 13.38.67.75
hash: 6667
file: 54.184.8.206
hash: 993
file: 190.10.11.37
hash: 6000
file: 54.177.88.161
hash: 9333
url: https://mail.laborpartyjo.com/
url: https://facturacio.titoworld.com/
url: https://portaal.com.my/
url: https://api.telegram.org/bot7284285127:aafug_ek294atlka8lqmpqzedlvqi4bflre/
file: 1.118.34.218
hash: 80
file: 1.118.34.218
hash: 443
file: 154.64.252.57
hash: 80
file: 47.108.131.159
hash: 80
file: 172.94.9.167
hash: 1962
file: 157.20.182.51
hash: 56872
file: 43.153.82.236
hash: 443
file: 118.195.163.219
hash: 8888
file: 123.11.143.85
hash: 5873
file: 176.65.142.245
hash: 8808
file: 185.49.126.27
hash: 7707
file: 185.49.126.245
hash: 7707
file: 196.251.116.95
hash: 7777
file: 185.49.126.235
hash: 7707
file: 173.249.52.37
hash: 7443
file: 83.196.195.34
hash: 2408
file: 23.152.0.81
hash: 8080
file: 45.128.12.101
hash: 8888
file: 54.64.181.201
hash: 80
file: 122.114.169.63
hash: 8080
file: 91.199.160.129
hash: 80
domain: endxlesspossi.tech
domain: check.wybps.icu
file: 5.83.218.12
hash: 3778
file: 194.85.251.68
hash: 9931
url: https://check.wybps.icu/gkcxv.google
file: 193.143.1.5
hash: 425
file: 185.147.125.145
hash: 416
file: 185.147.125.146
hash: 420
file: 185.42.12.45
hash: 421
file: 185.147.125.146
hash: 423
file: 193.143.1.5
hash: 417
domain: nice.0818000.xyz
file: 144.91.92.132
hash: 80
file: 38.55.199.105
hash: 443
file: 45.202.32.56
hash: 8000
file: 185.147.125.147
hash: 431
file: 185.42.12.45
hash: 430
file: 185.147.125.145
hash: 429
file: 185.147.125.147
hash: 423
file: 193.143.1.5
hash: 418
file: 185.243.96.115
hash: 423
file: 185.147.125.146
hash: 422
domain: check.pocbv.icu
file: 185.243.96.115
hash: 428
url: https://ddrtot.shop/new/pws/pvqdq929bsx_a_d_m1n_a.php
file: 185.243.96.115
hash: 420
url: https://check.pocbv.icu/gkcxv.google
file: 185.147.125.145
hash: 426
file: 176.65.139.51
hash: 6969
file: 185.243.96.115
hash: 418
file: 185.7.214.51
hash: 426
file: 185.243.96.115
hash: 419
file: 185.243.96.115
hash: 427
file: 185.147.125.145
hash: 428
file: 185.147.125.146
hash: 418
file: 185.147.125.145
hash: 431
file: 193.143.1.5
hash: 421
file: 185.42.12.45
hash: 424
domain: check.fadwl.icu
url: https://check.fadwl.icu/gkcxv.google
file: 185.147.125.146
hash: 428
file: 185.243.96.115
hash: 430
file: 185.147.125.145
hash: 423
file: 185.243.96.115
hash: 425
file: 185.147.125.147
hash: 419
file: 185.147.125.145
hash: 427
file: 185.7.214.51
hash: 428
file: 185.147.125.147
hash: 425
domain: endxlesspossi.tech
domain: shiningrstars.help
domain: mercharena.biz
domain: generalmills.pro
domain: stormlegue.com
domain: blast-hubs.com
domain: blastikcn.com
domain: nestlecompany.pro
file: 185.147.125.147
hash: 430
file: 193.143.1.5
hash: 422
file: 185.42.12.45
hash: 416
domain: check.xybdd.icu
file: 185.147.125.146
hash: 424
url: https://check.xybdd.icu/gkcxv.google
file: 185.147.125.146
hash: 427
file: 185.147.125.147
hash: 416
file: 185.243.96.115
hash: 431
file: 185.243.96.115
hash: 422
file: 185.147.125.146
hash: 417
file: 185.7.214.51
hash: 429
file: 185.7.214.51
hash: 422
file: 185.147.125.147
hash: 429
file: 193.143.1.5
hash: 427
file: 185.147.125.145
hash: 422
file: 185.42.12.45
hash: 422
file: 185.147.125.146
hash: 429
domain: heavysnowday.net
domain: heavysnowday.com
url: https://cinaweine.shop/work/original.js
domain: cinaweine.shop
domain: devmodebeta.dev
url: https://cinaweine.shop/work/index.php
url: https://cinaweine.shop/work/file.php
url: https://verifiedtasks.com/333.zip
file: 194.180.191.229
hash: 443
file: 185.147.125.147
hash: 418
domain: dashboard.nzlifecoaching.com
file: 185.147.125.145
hash: 421
file: 91.211.250.95
hash: 80
file: 185.7.214.51
hash: 430
file: 193.161.193.99
hash: 60241
file: 185.147.125.145
hash: 425
domain: check.ngrdr.icu
url: https://check.ngrdr.icu/gkcxv.google
file: 185.42.12.45
hash: 423
file: 185.147.125.146
hash: 416
file: 185.7.214.51
hash: 416
file: 185.7.214.51
hash: 427
file: 185.42.12.45
hash: 417
file: 185.42.12.45
hash: 425
file: 204.76.203.175
hash: 1962
file: 217.195.153.175
hash: 1962
file: 204.76.203.188
hash: 1962
file: 204.76.203.173
hash: 1962
file: 204.76.203.172
hash: 1962
file: 185.7.214.51
hash: 425
file: 185.243.96.115
hash: 417
domain: check.hmccl.icu
url: https://check.hmccl.icu/gkcxv.google
file: 185.147.125.145
hash: 430
file: 185.7.214.51
hash: 419
file: 103.186.117.159
hash: 48453
hash: 90280056c5ad293736030e4747d80c01
hash: 39fcc76a932f13e59fe129dfa773ee14
hash: 1a4a4eb6dfc583c02c70bf83fc0e3cd1
file: 185.243.96.115
hash: 426
file: 185.7.214.51
hash: 431
domain: check.vwfbm.icu
file: 185.7.214.51
hash: 421
url: https://check.vwfbm.icu/gkcxv.google
file: 193.143.1.5
hash: 430
file: 185.42.12.45
hash: 420
file: 185.147.125.145
hash: 420
file: 185.147.125.146
hash: 419
file: 185.147.125.147
hash: 428
file: 185.42.12.45
hash: 431
file: 185.243.96.115
hash: 429
domain: check.xjlkm.icu
file: 185.42.12.45
hash: 426
url: https://check.xjlkm.icu/gkcxv.google
domain: check.bxqhq.icu
url: https://check.bxqhq.icu/gkcxv.google
file: 193.143.1.5
hash: 419
file: 193.143.1.5
hash: 416
file: 38.55.194.251
hash: 80
file: 47.129.34.49
hash: 443
file: 114.116.224.35
hash: 80
domain: knoxinvestmentandsales.com
file: 45.76.177.203
hash: 8808
file: 191.96.207.168
hash: 8808
file: 191.96.207.168
hash: 2004
file: 23.94.126.207
hash: 6606
file: 185.147.125.145
hash: 424
domain: video.proxbotpy.com
file: 57.181.102.240
hash: 80
file: 5.188.230.69
hash: 8080
file: 149.28.17.188
hash: 8443
domain: check.qvdch.icu
file: 185.243.96.115
hash: 424
file: 185.147.125.145
hash: 417
file: 185.147.125.147
hash: 427
url: https://check.qvdch.icu/gkcxv.google
file: 185.42.12.45
hash: 418
file: 185.147.125.147
hash: 420
file: 185.147.125.145
hash: 418
file: 185.147.125.146
hash: 421
file: 185.147.125.147
hash: 417
file: 18.144.7.69
hash: 443
file: 46.249.58.46
hash: 443
file: 111.119.239.73
hash: 5555
file: 138.68.171.106
hash: 31337
file: 188.245.78.205
hash: 31337
url: https://dev.gestroom.it/
url: https://lucprofessional.grupomoltz.com.br/
url: https://mail.lucprofessional.com.br/
domain: check.bzhzm.icu
hash: d54bae930b038950c2947f5397c13f84
hash: 15634dc79981e7fba25fb8530cedb981
hash: 40126b1b3c6f86194fc554cdba3cb5d3
hash: 296cca79bbb3ca764de8fcdc2070ecc2
hash: 6c755a742f2b2e5c1820f57d0338365f
hash: 3c311cabe7de6a8c104f8f10541d392d
hash: b97812a2e6be54e725defbab88357fa2
hash: d44071f255785c73909d64f824331ebf
hash: 9db8f7378e2df01c842cfcb617e64475
hash: 9a218d69ecafe65eae264d2fdb52f1aa
url: https://check.bzhzm.icu/gkcxv.google
domain: mieuyyzbv334s.top
domain: lqalmpkebwpvdaf.top
domain: jlltk5azih351g4.top
domain: adanddcdjbdefml.top
domain: 3dijvbhfyutu34j.top
domain: yxrqxlvregipunw.top
domain: hikcjbiklgabbfh.top
domain: mgkwjihehqcknbp.top
domain: amgfcnadnlkmlmd.top
file: 185.147.125.145
hash: 419
file: 185.147.125.146
hash: 430
file: 185.147.125.147
hash: 421
domain: e4fdc0d3-eebe-4297-bc15-780796d8c861.cyqfuy.shop
file: 193.143.1.5
hash: 428
file: 193.143.1.5
hash: 426
file: 185.42.12.45
hash: 427
file: 185.7.214.51
hash: 424
url: http://www.22201111.xyz/a94w/
url: http://www.5l0bblb.xyz/a94w/
url: http://www.78899.vip/a94w/
url: http://www.agprime.life/a94w/
url: http://www.ard-vale.net/a94w/
url: http://www.arehouse-inventory-57386.bond/a94w/
url: http://www.arktooll-es.store/a94w/
url: http://www.chmollinger.info/a94w/
url: http://www.chmvhic.shop/a94w/
url: http://www.cline.xyz/a94w/
url: http://www.e6s.lat/a94w/
url: http://www.ealswithmeaning.net/a94w/
url: http://www.ealthcare-trends-21256.bond/a94w/
url: http://www.eekava.online/a94w/
url: http://www.elfast-cruisetours.today/a94w/
url: http://www.emu.xyz/a94w/
url: http://www.enet.xyz/a94w/
url: http://www.enpuk.info/a94w/
url: http://www.ental-health-57875.bond/a94w/
url: http://www.ental-implants-49625.bond/a94w/
url: http://www.esiarbet17.live/a94w/
url: http://www.esignix.xyz/a94w/
url: http://www.etayes.net/a94w/
url: http://www.eyo.xyz/a94w/
url: http://www.gjnp.info/a94w/
url: http://www.honia.xyz/a94w/
url: http://www.houxiaoxiao.online/a94w/
url: http://www.ibit.xyz/a94w/
url: http://www.ikart.xyz/a94w/
url: http://www.ilefox.xyz/a94w/
url: http://www.iloubloiu-im.monster/a94w/
url: http://www.irect-mail.online/a94w/
url: http://www.kysports.monster/a94w/
url: http://www.lumber-jobs-54632.bond/a94w/
url: http://www.mage2cut.xyz/a94w/
url: http://www.mble.monster/a94w/
url: http://www.meshthapa.pro/a94w/
url: http://www.mwa.info/a94w/
url: http://www.nfluencer-marketing-58813.bond/a94w/
url: http://www.nfopayout.website/a94w/
url: http://www.nnot.xyz/a94w/
url: http://www.oftstarters.net/a94w/
url: http://www.oftware-download-42246.bond/a94w/
url: http://www.om-exchange-nft743640.sbs/a94w/
url: http://www.onstruction-services-27125.bond/a94w/
url: http://www.ontentexclusive.shop/a94w/
url: http://www.q-test-45673.bond/a94w/
url: http://www.raffitishop.online/a94w/
url: http://www.ramingfaith.shop/a94w/
url: http://www.raphic-design-degree-15820.bond/a94w/
url: http://www.razyfbteam.store/a94w/
url: http://www.rls.xyz/a94w/
url: http://www.rofesyonelwebtasarimi.online/a94w/
url: http://www.sibot.tech/a94w/
url: http://www.tbldg.world/a94w/
url: http://www.uego.wtf/a94w/
url: http://www.urasiindo4dpools.net/a94w/
url: http://www.utomation-tools-92232.bond/a94w/
url: http://www.utter-and-roof-cleaning.today/a94w/
url: http://www.vplay.tech/a94w/
url: http://www.weqpo.xyz/a94w/
url: http://www.wub.lat/a94w/
url: http://www.xilis.net/a94w/
url: http://www.yshopva.xyz/a94w/
domain: www.-ai.solutions
domain: www.22201111.xyz
domain: www.5l0bblb.xyz
domain: www.78899.vip
domain: www.agprime.life
domain: www.ard-vale.net
domain: www.arehouse-inventory-57386.bond
domain: www.arktooll-es.store
domain: www.chmollinger.info
domain: www.chmvhic.shop
domain: www.cline.xyz
domain: www.e6s.lat
domain: www.ealswithmeaning.net
domain: www.ealthcare-trends-21256.bond
domain: www.eekava.online
domain: www.emu.xyz
domain: www.enet.xyz
domain: www.enpuk.info
domain: www.ental-health-57875.bond
domain: www.ental-implants-49625.bond
domain: www.esiarbet17.live
domain: www.esignix.xyz
domain: www.etayes.net
domain: www.eyo.xyz
domain: www.gjnp.info
domain: www.honia.xyz
domain: www.houxiaoxiao.online
domain: www.ibit.xyz
domain: www.ikart.xyz
domain: www.ilefox.xyz
domain: www.iloubloiu-im.monster
domain: www.irect-mail.online
domain: www.kysports.monster
domain: www.lumber-jobs-54632.bond
domain: www.mage2cut.xyz
domain: www.mble.monster
domain: www.meshthapa.pro
domain: www.mwa.info
domain: www.nfluencer-marketing-58813.bond
domain: www.nfopayout.website
domain: www.nnot.xyz
domain: www.oftstarters.net
domain: www.oftware-download-42246.bond
domain: www.om-exchange-nft743640.sbs
domain: www.onstruction-services-27125.bond
domain: www.ontentexclusive.shop
domain: www.q-test-45673.bond
domain: www.raffitishop.online
domain: www.ramingfaith.shop
domain: www.raphic-design-degree-15820.bond
domain: www.razyfbteam.store
domain: www.rls.xyz
domain: www.rofesyonelwebtasarimi.online
domain: www.sibot.tech
domain: www.tbldg.world
domain: www.uego.wtf
domain: www.urasiindo4dpools.net
domain: www.utomation-tools-92232.bond
domain: www.utter-and-roof-cleaning.today
domain: www.vplay.tech
domain: www.weqpo.xyz
domain: www.wub.lat
domain: www.xilis.net
domain: www.yshopva.xyz
domain: levangiang2004-60241.portmap.io
domain: eddy2024.ddns.net
domain: eddy2025.ddns.net
domain: site-accessing.gl.at.ply.gg
file: 185.243.96.115
hash: 421
file: 193.143.1.5
hash: 429
file: 185.42.12.45
hash: 419
domain: tour-agency-media.pages.dev
file: 185.147.125.147
hash: 426
file: 185.42.12.45
hash: 429
file: 185.147.125.147
hash: 422
file: 193.143.1.5
hash: 424
file: 193.143.1.5
hash: 420
domain: nestlecompany.world
url: https://sales.mypetapp.co.za/
url: https://misano.gestroom.it/
url: https://mail.cambodiatouristservice.com/
url: https://my.salviatech.com/
url: https://mail.wingsaviationacademy.in/
file: 185.243.96.115
hash: 416
domain: check.pvhqg.icu
url: https://cellaradvertisement.icu/art.php
url: https://poisonstone.icu/art.php
url: https://check.pvhqg.icu/gkcxv.google
url: https://windowart.xyz/art.php
url: https://marketcalendar.icu/art.php
file: 43.165.133.147
hash: 80
file: 13.232.126.176
hash: 636
file: 51.8.133.234
hash: 3333
file: 196.251.89.152
hash: 80
file: 196.251.118.160
hash: 8443
file: 181.131.219.42
hash: 2404
file: 192.3.243.143
hash: 6878
domain: www.pinkandgreen87.info
file: 196.251.118.49
hash: 2404
file: 23.97.56.187
hash: 443
file: 179.13.9.42
hash: 8808
file: 192.30.241.217
hash: 8808
file: 13.213.149.14
hash: 80
domain: ec2-18-143-214-68.ap-southeast-1.compute.amazonaws.com
file: 79.198.171.227
hash: 4785
file: 157.20.182.32
hash: 4449
file: 13.38.4.197
hash: 18245
file: 13.37.236.177
hash: 52959
file: 159.223.157.44
hash: 443
file: 172.111.160.104
hash: 443
file: 23.97.56.187
hash: 8888
file: 5.83.218.75
hash: 8080
file: 70.31.125.14
hash: 2222
file: 120.26.1.102
hash: 80
file: 194.146.47.231
hash: 1604
url: http://cj98865.tw1.ru/6daefec2.php

ThreatFox IOCs for 2025-02-17

Severity: medium

Type: malware

ThreatFox IOCs for 2025-02-17

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

domain: radiatntideas.top
domain: lovechat.sbs
domain: bchainpro.com
domain: rblcardservice.com
domain: hdbservicepdl.com
url: https://ly.ardentlysqueamish.autos/772a09d8ce7f9f4da9fc0087f1cf84f12aedb2e2cfbf9989.bin
domain: check.buqqn.icu
url: https://check.buqqn.icu/gkcxv.google
domain: webbased-stub-builder.vercel.app
url: https://154.216.19.160/txt/xugzybfe02qd31l.exe
url: https://87.120.84.38/txt/dtglbrsub45qnmm.exe
url: https://66.63.187.123/txt/lwk7fu5kbewfbqc.exe
url: https://87.120.84.39/txt/xxdquuorm1vd3an.exe
url: https://154.216.19.160/txt/aegtitprcz9bkkq.exe
url: https://154.216.19.160/txt/ettb15lcedjyw3r.exe
url: https://154.216.19.160/txt/um9l61wgoaplfkj.exe
url: https://154.216.20.22/txt/rfp1ykrwym1odxc.exe
url: https://87.120.84.38/txt/tielklvkfumqufa.exe
url: https://87.120.84.39/txt/zo7yvjlvmdji9aj.exe
url: https://87.120.84.38/txt/zf3dxapdnla4lnl.exe
url: https://87.120.84.39/txt/di5nuab6dcw7eov.exe
url: https://87.120.84.38/txt/fwacz73tnxebaj2.exe
url: https://87.120.84.38/txt/ok7yvjlvmdji9ajz.exe
url: https://87.120.84.39/txt/nfef2debp7q52qq.exe
url: https://87.120.84.39/txt/iwqopplghcvzxmy.exe
url: https://66.63.187.123/txt/h363bpkqz0mdvd7.exe
url: https://87.120.84.39/txt/blhbzrtqblg6o1k.exe
url: https://154.216.20.22/txt/sr01fduyuje6o2v.exe
url: https://87.120.84.39/txt/i3xzep1kscpdmj7.exe
url: https://87.120.84.39/txt/en7nq8lm3v7yww0.exe
url: https://87.120.84.38/txt/zok7yvjlvmdji9aj.exe
url: https://154.216.19.160/txt/u7vqmxbxibxvbxn.exe
url: https://154.216.19.160/txt/yvdk2vzluodbu6s.exe
url: https://87.120.84.38/txt/f2rps6mhkljoach.exe
url: https://87.120.84.38/txt/gsetc3enkk2egl4.exe
url: https://87.120.84.38/txt/ttuygt18rb5jzcr.exe
url: https://87.120.84.38/txt/uyikxzbgrrplkjh.exe
file: 35.167.121.116
hash: 31337
hash: 2f022104248d395a01f0134b406ac9bcf7e2059d791695110505052b9064ca9f
url: http://13.251.16.150/
url: http://cnc.pinklander.com/
file: 199.195.252.200
hash: 808
file: 185.112.102.12
hash: 3778
file: 196.251.67.134
hash: 13
url: https://scanpaq.com/6t5t.js
domain: scanpaq.com
url: https://scanpaq.com/js.php
url: http://yxrqxlvregipunw.top/1.php
domain: yxrqxlvregipunw.top
file: 96.62.214.212
hash: 3778
file: 195.178.110.224
hash: 8888
file: 154.16.93.177
hash: 3368
file: 154.16.93.177
hash: 3365
domain: kjhgfdsaasdfgh.myvnc.com
domain: stoya.no-ip.biz
domain: dbam.dyndns.org
domain: yesmoke.no-ip.org
domain: surrogates7.no-ip.org
domain: borcanoo.zapto.org
domain: elamr.no-ip.org
domain: booooooty.duckdns.org
domain: liberiumtop-59052.portmap.host
domain: jokeersbox-21442.portmap.host
domain: issues-sarah.gl.at.ply.gg
domain: left-councils.gl.at.ply.gg
file: 212.15.49.100
hash: 1212
file: 158.69.12.143
hash: 5555
file: 147.189.171.248
hash: 7771
file: 184.174.97.115
hash: 5002
file: 148.153.82.222
hash: 8081
file: 206.123.152.34
hash: 3191
file: 196.251.118.49
hash: 8808
file: 23.94.126.207
hash: 2004
domain: www.phpmyadmin.timeweb25.ru
file: 37.221.67.207
hash: 6969
file: 37.221.67.207
hash: 45
file: 37.221.67.207
hash: 1111
file: 160.22.160.31
hash: 56999
file: 193.143.1.42
hash: 60255
url: http://mgkwjihehqcknbp.top/1.php
domain: mgkwjihehqcknbp.top
domain: mitgpssms.com
domain: suomi-app.net
domain: smsfastersend.com
domain: americanexpressloginus.com
file: 196.251.71.31
hash: 443
domain: campskipleak.pro
domain: fearrealmean.pro
domain: kinguserpart.pro
domain: painroomarch.pro
domain: preyechostun.pro
file: 45.115.236.152
hash: 37232
file: 45.144.136.13
hash: 80
file: 112.126.68.13
hash: 443
file: 134.122.128.93
hash: 1234
file: 191.96.207.172
hash: 8808
file: 144.126.223.33
hash: 80
domain: jookerkslxsafkr.xyz
domain: detailerqusit.help
domain: mintysoary.help
domain: hopefulpatkh.top
domain: intentionalklife.top
domain: joyfuljourneky.top
domain: kindplacesk.top
domain: liemitlgessdream.top
domain: minedfrulgrowth.top
domain: noureeishedsoul.top
domain: opetnheearts.top
domain: diggyacito.click
domain: dirtytram.click
domain: medicalprocce.shop
domain: potcryscanj.shop
domain: silingwhip.shop
file: 111.180.203.230
hash: 6666
file: 134.122.128.91
hash: 1234
file: 154.26.208.209
hash: 80
file: 154.26.208.209
hash: 8089
file: 172.232.235.202
hash: 2095
file: 172.232.235.202
hash: 6513
file: 172.232.235.202
hash: 50102
file: 172.232.235.202
hash: 55487
file: 172.232.235.202
hash: 443
file: 5.253.41.69
hash: 60000
file: 13.61.4.166
hash: 3333
file: 184.82.106.56
hash: 3333
file: 20.216.218.254
hash: 3333
file: 66.194.172.174
hash: 3333
file: 34.136.174.197
hash: 3333
file: 191.113.109.14
hash: 8080
file: 54.224.124.160
hash: 443
file: 128.140.34.177
hash: 34956
file: 178.238.105.57
hash: 3333
file: 95.169.180.41
hash: 3333
file: 3.81.133.133
hash: 3333
file: 20.236.253.207
hash: 3333
file: 81.19.140.168
hash: 8080
file: 39.107.243.6
hash: 8443
file: 79.107.152.170
hash: 995
file: 216.250.252.33
hash: 60309
file: 62.60.226.49
hash: 1115
url: https://check.nolzm.icu/gkcxv.google
domain: check.nolzm.icu
domain: check.lalml.icu
url: https://check.lalml.icu/gkcxv.google
file: 176.65.138.184
hash: 3939
file: 89.117.17.182
hash: 6606
file: 75.119.139.188
hash: 92
file: 54.184.8.206
hash: 593
file: 176.82.171.71
hash: 6001
url: https://softpafthway.cyou/api
url: http://154.26.208.209/
url: https://crimson-sun-3ac5.foxiproxi.workers.dev/
domain: although-evans.gl.at.ply.gg
domain: austin99.duckdns.org
domain: heksaa3030.redirectme.net
domain: category-tar.gl.at.ply.gg
file: 185.196.9.225
hash: 8808
file: 185.196.9.225
hash: 6606
file: 185.196.9.225
hash: 7707
file: 47.92.26.48
hash: 8088
domain: xu3.201008281.xyz
url: https://xu3.201008281.xyz/
file: 198.135.51.176
hash: 49950
domain: check.masvt.icu
file: 196.251.118.14
hash: 2404
file: 193.23.3.29
hash: 1570
file: 185.38.142.181
hash: 443
file: 146.70.113.148
hash: 4444
file: 23.94.126.207
hash: 1999
file: 138.199.162.81
hash: 2086
file: 52.231.109.121
hash: 443
file: 3.96.151.21
hash: 788
file: 35.180.211.187
hash: 5984
file: 84.154.180.143
hash: 82
url: https://check.masvt.icu/gkcxv.google
domain: check.cikwp.icu
url: https://check.cikwp.icu/gkcxv.google
domain: check.ruqhl.icu
url: https://check.ruqhl.icu/gkcxv.google
url: http://mercharena.biz
file: 13.248.209.49
hash: 443
file: 13.48.26.102
hash: 4369
file: 188.49.58.85
hash: 995
file: 20.173.41.208
hash: 8888
file: 185.100.157.145
hash: 1515
file: 37.107.11.247
hash: 443
file: 37.27.87.24
hash: 8888
url: http://104.214.176.148:8888/supershell/login/
url: https://human-epinions.gl.at.ply.gg:56080
url: http://20.74.209.192:4443/xe1o
url: https://vessweb.com/6t4e.js
domain: vessweb.com
url: https://vessweb.com/js.php
domain: check.jewsl.icu
url: https://check.jewsl.icu/gkcxv.google
file: 5.182.226.142
hash: 41127
domain: check.xomkb.icu
url: https://check.xomkb.icu/gkcxv.google
domain: ly.ardentlysqueamish.autos
domain: ns1.drgeregweg.ip-ddns.com
domain: ns2.drgeregweg.ip-ddns.com
domain: ns3.drgeregweg.ip-ddns.com
file: 169.239.129.45
hash: 53
url: https://check.kedkq.icu/gkcxv.google
domain: check.kedkq.icu
domain: xu1.dijiafuzhu.xyz
url: https://xu1.dijiafuzhu.xyz
domain: travel.image-gene-saver.it.com
url: https://ddrtot.shop/new/pws/fre.php
file: 64.95.10.13
hash: 31337
file: 37.12.3.194
hash: 6001
file: 13.38.67.75
hash: 6667
file: 54.184.8.206
hash: 993
file: 190.10.11.37
hash: 6000
file: 54.177.88.161
hash: 9333
url: https://mail.laborpartyjo.com/
url: https://facturacio.titoworld.com/
url: https://portaal.com.my/
url: https://api.telegram.org/bot7284285127:aafug_ek294atlka8lqmpqzedlvqi4bflre/
file: 1.118.34.218
hash: 80
file: 1.118.34.218
hash: 443
file: 154.64.252.57
hash: 80
file: 47.108.131.159
hash: 80
file: 172.94.9.167
hash: 1962
file: 157.20.182.51
hash: 56872
file: 43.153.82.236
hash: 443
file: 118.195.163.219
hash: 8888
file: 123.11.143.85
hash: 5873
file: 176.65.142.245
hash: 8808
file: 185.49.126.27
hash: 7707
file: 185.49.126.245
hash: 7707
file: 196.251.116.95
hash: 7777
file: 185.49.126.235
hash: 7707
file: 173.249.52.37
hash: 7443
file: 83.196.195.34
hash: 2408
file: 23.152.0.81
hash: 8080
file: 45.128.12.101
hash: 8888
file: 54.64.181.201
hash: 80
file: 122.114.169.63
hash: 8080
file: 91.199.160.129
hash: 80
domain: endxlesspossi.tech
domain: check.wybps.icu
file: 5.83.218.12
hash: 3778
file: 194.85.251.68
hash: 9931
url: https://check.wybps.icu/gkcxv.google
file: 193.143.1.5
hash: 425
file: 185.147.125.145
hash: 416
file: 185.147.125.146
hash: 420
file: 185.42.12.45
hash: 421
file: 185.147.125.146
hash: 423
file: 193.143.1.5
hash: 417
domain: nice.0818000.xyz
file: 144.91.92.132
hash: 80
file: 38.55.199.105
hash: 443
file: 45.202.32.56
hash: 8000
file: 185.147.125.147
hash: 431
file: 185.42.12.45
hash: 430
file: 185.147.125.145
hash: 429
file: 185.147.125.147
hash: 423
file: 193.143.1.5
hash: 418
file: 185.243.96.115
hash: 423
file: 185.147.125.146
hash: 422
domain: check.pocbv.icu
file: 185.243.96.115
hash: 428
url: https://ddrtot.shop/new/pws/pvqdq929bsx_a_d_m1n_a.php
file: 185.243.96.115
hash: 420
url: https://check.pocbv.icu/gkcxv.google
file: 185.147.125.145
hash: 426
file: 176.65.139.51
hash: 6969
file: 185.243.96.115
hash: 418
file: 185.7.214.51
hash: 426
file: 185.243.96.115
hash: 419
file: 185.243.96.115
hash: 427
file: 185.147.125.145
hash: 428
file: 185.147.125.146
hash: 418
file: 185.147.125.145
hash: 431
file: 193.143.1.5
hash: 421
file: 185.42.12.45
hash: 424
domain: check.fadwl.icu
url: https://check.fadwl.icu/gkcxv.google
file: 185.147.125.146
hash: 428
file: 185.243.96.115
hash: 430
file: 185.147.125.145
hash: 423
file: 185.243.96.115
hash: 425
file: 185.147.125.147
hash: 419
file: 185.147.125.145
hash: 427
file: 185.7.214.51
hash: 428
file: 185.147.125.147
hash: 425
domain: endxlesspossi.tech
domain: shiningrstars.help
domain: mercharena.biz
domain: generalmills.pro
domain: stormlegue.com
domain: blast-hubs.com
domain: blastikcn.com
domain: nestlecompany.pro
file: 185.147.125.147
hash: 430
file: 193.143.1.5
hash: 422
file: 185.42.12.45
hash: 416
domain: check.xybdd.icu
file: 185.147.125.146
hash: 424
url: https://check.xybdd.icu/gkcxv.google
file: 185.147.125.146
hash: 427
file: 185.147.125.147
hash: 416
file: 185.243.96.115
hash: 431
file: 185.243.96.115
hash: 422
file: 185.147.125.146
hash: 417
file: 185.7.214.51
hash: 429
file: 185.7.214.51
hash: 422
file: 185.147.125.147
hash: 429
file: 193.143.1.5
hash: 427
file: 185.147.125.145
hash: 422
file: 185.42.12.45
hash: 422
file: 185.147.125.146
hash: 429
domain: heavysnowday.net
domain: heavysnowday.com
url: https://cinaweine.shop/work/original.js
domain: cinaweine.shop
domain: devmodebeta.dev
url: https://cinaweine.shop/work/index.php
url: https://cinaweine.shop/work/file.php
url: https://verifiedtasks.com/333.zip
file: 194.180.191.229
hash: 443
file: 185.147.125.147
hash: 418
domain: dashboard.nzlifecoaching.com
file: 185.147.125.145
hash: 421
file: 91.211.250.95
hash: 80
file: 185.7.214.51
hash: 430
file: 193.161.193.99
hash: 60241
file: 185.147.125.145
hash: 425
domain: check.ngrdr.icu
url: https://check.ngrdr.icu/gkcxv.google
file: 185.42.12.45
hash: 423
file: 185.147.125.146
hash: 416
file: 185.7.214.51
hash: 416
file: 185.7.214.51
hash: 427
file: 185.42.12.45
hash: 417
file: 185.42.12.45
hash: 425
file: 204.76.203.175
hash: 1962
file: 217.195.153.175
hash: 1962
file: 204.76.203.188
hash: 1962
file: 204.76.203.173
hash: 1962
file: 204.76.203.172
hash: 1962
file: 185.7.214.51
hash: 425
file: 185.243.96.115
hash: 417
domain: check.hmccl.icu
url: https://check.hmccl.icu/gkcxv.google
file: 185.147.125.145
hash: 430
file: 185.7.214.51
hash: 419
file: 103.186.117.159
hash: 48453
hash: 90280056c5ad293736030e4747d80c01
hash: 39fcc76a932f13e59fe129dfa773ee14
hash: 1a4a4eb6dfc583c02c70bf83fc0e3cd1
file: 185.243.96.115
hash: 426
file: 185.7.214.51
hash: 431
domain: check.vwfbm.icu
file: 185.7.214.51
hash: 421
url: https://check.vwfbm.icu/gkcxv.google
file: 193.143.1.5
hash: 430
file: 185.42.12.45
hash: 420
file: 185.147.125.145
hash: 420
file: 185.147.125.146
hash: 419
file: 185.147.125.147
hash: 428
file: 185.42.12.45
hash: 431
file: 185.243.96.115
hash: 429
domain: check.xjlkm.icu
file: 185.42.12.45
hash: 426
url: https://check.xjlkm.icu/gkcxv.google
domain: check.bxqhq.icu
url: https://check.bxqhq.icu/gkcxv.google
file: 193.143.1.5
hash: 419
file: 193.143.1.5
hash: 416
file: 38.55.194.251
hash: 80
file: 47.129.34.49
hash: 443
file: 114.116.224.35
hash: 80
domain: knoxinvestmentandsales.com
file: 45.76.177.203
hash: 8808
file: 191.96.207.168
hash: 8808
file: 191.96.207.168
hash: 2004
file: 23.94.126.207
hash: 6606
file: 185.147.125.145
hash: 424
domain: video.proxbotpy.com
file: 57.181.102.240
hash: 80
file: 5.188.230.69
hash: 8080
file: 149.28.17.188
hash: 8443
domain: check.qvdch.icu
file: 185.243.96.115
hash: 424
file: 185.147.125.145
hash: 417
file: 185.147.125.147
hash: 427
url: https://check.qvdch.icu/gkcxv.google
file: 185.42.12.45
hash: 418
file: 185.147.125.147
hash: 420
file: 185.147.125.145
hash: 418
file: 185.147.125.146
hash: 421
file: 185.147.125.147
hash: 417
file: 18.144.7.69
hash: 443
file: 46.249.58.46
hash: 443
file: 111.119.239.73
hash: 5555
file: 138.68.171.106
hash: 31337
file: 188.245.78.205
hash: 31337
url: https://dev.gestroom.it/
url: https://lucprofessional.grupomoltz.com.br/
url: https://mail.lucprofessional.com.br/
domain: check.bzhzm.icu
hash: d54bae930b038950c2947f5397c13f84
hash: 15634dc79981e7fba25fb8530cedb981
hash: 40126b1b3c6f86194fc554cdba3cb5d3
hash: 296cca79bbb3ca764de8fcdc2070ecc2
hash: 6c755a742f2b2e5c1820f57d0338365f
hash: 3c311cabe7de6a8c104f8f10541d392d
hash: b97812a2e6be54e725defbab88357fa2
hash: d44071f255785c73909d64f824331ebf
hash: 9db8f7378e2df01c842cfcb617e64475
hash: 9a218d69ecafe65eae264d2fdb52f1aa
url: https://check.bzhzm.icu/gkcxv.google
domain: mieuyyzbv334s.top
domain: lqalmpkebwpvdaf.top
domain: jlltk5azih351g4.top
domain: adanddcdjbdefml.top
domain: 3dijvbhfyutu34j.top
domain: yxrqxlvregipunw.top
domain: hikcjbiklgabbfh.top
domain: mgkwjihehqcknbp.top
domain: amgfcnadnlkmlmd.top
file: 185.147.125.145
hash: 419
file: 185.147.125.146
hash: 430
file: 185.147.125.147
hash: 421
domain: e4fdc0d3-eebe-4297-bc15-780796d8c861.cyqfuy.shop
file: 193.143.1.5
hash: 428
file: 193.143.1.5
hash: 426
file: 185.42.12.45
hash: 427
file: 185.7.214.51
hash: 424
url: http://www.22201111.xyz/a94w/
url: http://www.5l0bblb.xyz/a94w/
url: http://www.78899.vip/a94w/
url: http://www.agprime.life/a94w/
url: http://www.ard-vale.net/a94w/
url: http://www.arehouse-inventory-57386.bond/a94w/
url: http://www.arktooll-es.store/a94w/
url: http://www.chmollinger.info/a94w/
url: http://www.chmvhic.shop/a94w/
url: http://www.cline.xyz/a94w/
url: http://www.e6s.lat/a94w/
url: http://www.ealswithmeaning.net/a94w/
url: http://www.ealthcare-trends-21256.bond/a94w/
url: http://www.eekava.online/a94w/
url: http://www.elfast-cruisetours.today/a94w/
url: http://www.emu.xyz/a94w/
url: http://www.enet.xyz/a94w/
url: http://www.enpuk.info/a94w/
url: http://www.ental-health-57875.bond/a94w/
url: http://www.ental-implants-49625.bond/a94w/
url: http://www.esiarbet17.live/a94w/
url: http://www.esignix.xyz/a94w/
url: http://www.etayes.net/a94w/
url: http://www.eyo.xyz/a94w/
url: http://www.gjnp.info/a94w/
url: http://www.honia.xyz/a94w/
url: http://www.houxiaoxiao.online/a94w/
url: http://www.ibit.xyz/a94w/
url: http://www.ikart.xyz/a94w/
url: http://www.ilefox.xyz/a94w/
url: http://www.iloubloiu-im.monster/a94w/
url: http://www.irect-mail.online/a94w/
url: http://www.kysports.monster/a94w/
url: http://www.lumber-jobs-54632.bond/a94w/
url: http://www.mage2cut.xyz/a94w/
url: http://www.mble.monster/a94w/
url: http://www.meshthapa.pro/a94w/
url: http://www.mwa.info/a94w/
url: http://www.nfluencer-marketing-58813.bond/a94w/
url: http://www.nfopayout.website/a94w/
url: http://www.nnot.xyz/a94w/
url: http://www.oftstarters.net/a94w/
url: http://www.oftware-download-42246.bond/a94w/
url: http://www.om-exchange-nft743640.sbs/a94w/
url: http://www.onstruction-services-27125.bond/a94w/
url: http://www.ontentexclusive.shop/a94w/
url: http://www.q-test-45673.bond/a94w/
url: http://www.raffitishop.online/a94w/
url: http://www.ramingfaith.shop/a94w/
url: http://www.raphic-design-degree-15820.bond/a94w/
url: http://www.razyfbteam.store/a94w/
url: http://www.rls.xyz/a94w/
url: http://www.rofesyonelwebtasarimi.online/a94w/
url: http://www.sibot.tech/a94w/
url: http://www.tbldg.world/a94w/
url: http://www.uego.wtf/a94w/
url: http://www.urasiindo4dpools.net/a94w/
url: http://www.utomation-tools-92232.bond/a94w/
url: http://www.utter-and-roof-cleaning.today/a94w/
url: http://www.vplay.tech/a94w/
url: http://www.weqpo.xyz/a94w/
url: http://www.wub.lat/a94w/
url: http://www.xilis.net/a94w/
url: http://www.yshopva.xyz/a94w/
domain: www.-ai.solutions
domain: www.22201111.xyz
domain: www.5l0bblb.xyz
domain: www.78899.vip
domain: www.agprime.life
domain: www.ard-vale.net
domain: www.arehouse-inventory-57386.bond
domain: www.arktooll-es.store
domain: www.chmollinger.info
domain: www.chmvhic.shop
domain: www.cline.xyz
domain: www.e6s.lat
domain: www.ealswithmeaning.net
domain: www.ealthcare-trends-21256.bond
domain: www.eekava.online
domain: www.emu.xyz
domain: www.enet.xyz
domain: www.enpuk.info
domain: www.ental-health-57875.bond
domain: www.ental-implants-49625.bond
domain: www.esiarbet17.live
domain: www.esignix.xyz
domain: www.etayes.net
domain: www.eyo.xyz
domain: www.gjnp.info
domain: www.honia.xyz
domain: www.houxiaoxiao.online
domain: www.ibit.xyz
domain: www.ikart.xyz
domain: www.ilefox.xyz
domain: www.iloubloiu-im.monster
domain: www.irect-mail.online
domain: www.kysports.monster
domain: www.lumber-jobs-54632.bond
domain: www.mage2cut.xyz
domain: www.mble.monster
domain: www.meshthapa.pro
domain: www.mwa.info
domain: www.nfluencer-marketing-58813.bond
domain: www.nfopayout.website
domain: www.nnot.xyz
domain: www.oftstarters.net
domain: www.oftware-download-42246.bond
domain: www.om-exchange-nft743640.sbs
domain: www.onstruction-services-27125.bond
domain: www.ontentexclusive.shop
domain: www.q-test-45673.bond
domain: www.raffitishop.online
domain: www.ramingfaith.shop
domain: www.raphic-design-degree-15820.bond
domain: www.razyfbteam.store
domain: www.rls.xyz
domain: www.rofesyonelwebtasarimi.online
domain: www.sibot.tech
domain: www.tbldg.world
domain: www.uego.wtf
domain: www.urasiindo4dpools.net
domain: www.utomation-tools-92232.bond
domain: www.utter-and-roof-cleaning.today
domain: www.vplay.tech
domain: www.weqpo.xyz
domain: www.wub.lat
domain: www.xilis.net
domain: www.yshopva.xyz
domain: levangiang2004-60241.portmap.io
domain: eddy2024.ddns.net
domain: eddy2025.ddns.net
domain: site-accessing.gl.at.ply.gg
file: 185.243.96.115
hash: 421
file: 193.143.1.5
hash: 429
file: 185.42.12.45
hash: 419
domain: tour-agency-media.pages.dev
file: 185.147.125.147
hash: 426
file: 185.42.12.45
hash: 429
file: 185.147.125.147
hash: 422
file: 193.143.1.5
hash: 424
file: 193.143.1.5
hash: 420
domain: nestlecompany.world
url: https://sales.mypetapp.co.za/
url: https://misano.gestroom.it/
url: https://mail.cambodiatouristservice.com/
url: https://my.salviatech.com/
url: https://mail.wingsaviationacademy.in/
file: 185.243.96.115
hash: 416
domain: check.pvhqg.icu
url: https://cellaradvertisement.icu/art.php
url: https://poisonstone.icu/art.php
url: https://check.pvhqg.icu/gkcxv.google
url: https://windowart.xyz/art.php
url: https://marketcalendar.icu/art.php
file: 43.165.133.147
hash: 80
file: 13.232.126.176
hash: 636
file: 51.8.133.234
hash: 3333
file: 196.251.89.152
hash: 80
file: 196.251.118.160
hash: 8443
file: 181.131.219.42
hash: 2404
file: 192.3.243.143
hash: 6878
domain: www.pinkandgreen87.info
file: 196.251.118.49
hash: 2404
file: 23.97.56.187
hash: 443
file: 179.13.9.42
hash: 8808
file: 192.30.241.217
hash: 8808
file: 13.213.149.14
hash: 80
domain: ec2-18-143-214-68.ap-southeast-1.compute.amazonaws.com
file: 79.198.171.227
hash: 4785
file: 157.20.182.32
hash: 4449
file: 13.38.4.197
hash: 18245
file: 13.37.236.177
hash: 52959
file: 159.223.157.44
hash: 443
file: 172.111.160.104
hash: 443
file: 23.97.56.187
hash: 8888
file: 5.83.218.75
hash: 8080
file: 70.31.125.14
hash: 2222
file: 120.26.1.102
hash: 80
file: 194.146.47.231
hash: 1604
url: http://cj98865.tw1.ru/6daefec2.php

Source: ThreatFox

Published: Mon Feb 17 2025

ThreatFox IOCs for 2025-02-17

Medium

Malwaretype:osint tlp:white

Published: Mon Feb 17 2025 (02/17/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-02-17

AI-Powered Analysis

AILast updated: 06/19/2025, 16:02:53 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 327e8d35-9d1f-4590-a978-a1a23ef9be9f
Original Timestamp: 1739836987

Indicators of Compromise

Domain

Value	Description	Copy
domainradiatntideas.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlovechat.sbs	Unknown malware payload delivery domain (confidence level: 100%)
domainbchainpro.com	Unknown malware payload delivery domain (confidence level: 100%)
domainrblcardservice.com	Unknown malware payload delivery domain (confidence level: 100%)
domainhdbservicepdl.com	SpyNote payload delivery domain (confidence level: 100%)
domaincheck.buqqn.icu	ClearFake payload delivery domain (confidence level: 100%)
domainwebbased-stub-builder.vercel.app	Unknown Stealer payload delivery domain (confidence level: 100%)
domainscanpaq.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainyxrqxlvregipunw.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainkjhgfdsaasdfgh.myvnc.com	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainstoya.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domaindbam.dyndns.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainyesmoke.no-ip.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainsurrogates7.no-ip.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainborcanoo.zapto.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainelamr.no-ip.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainbooooooty.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domainliberiumtop-59052.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domainjokeersbox-21442.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domainissues-sarah.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainleft-councils.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainwww.phpmyadmin.timeweb25.ru	Havoc botnet C2 domain (confidence level: 100%)
domainmgkwjihehqcknbp.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainmitgpssms.com	Mirai botnet C2 domain (confidence level: 100%)
domainsuomi-app.net	Mirai botnet C2 domain (confidence level: 100%)
domainsmsfastersend.com	Mirai botnet C2 domain (confidence level: 100%)
domainamericanexpressloginus.com	Mirai botnet C2 domain (confidence level: 100%)
domaincampskipleak.pro	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfearrealmean.pro	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainkinguserpart.pro	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpainroomarch.pro	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpreyechostun.pro	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjookerkslxsafkr.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindetailerqusit.help	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmintysoary.help	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhopefulpatkh.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainintentionalklife.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjoyfuljourneky.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainkindplacesk.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainliemitlgessdream.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainminedfrulgrowth.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnoureeishedsoul.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainopetnheearts.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindiggyacito.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindirtytram.click	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmedicalprocce.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpotcryscanj.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsilingwhip.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.nolzm.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.lalml.icu	ClearFake payload delivery domain (confidence level: 100%)
domainalthough-evans.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 50%)
domainaustin99.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainheksaa3030.redirectme.net	Remcos botnet C2 domain (confidence level: 50%)
domaincategory-tar.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainxu3.201008281.xyz	Vidar botnet C2 domain (confidence level: 100%)
domaincheck.masvt.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.cikwp.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.ruqhl.icu	ClearFake payload delivery domain (confidence level: 100%)
domainvessweb.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincheck.jewsl.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.xomkb.icu	ClearFake payload delivery domain (confidence level: 100%)
domainly.ardentlysqueamish.autos	ClearFake payload delivery domain (confidence level: 100%)
domainns1.drgeregweg.ip-ddns.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.drgeregweg.ip-ddns.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns3.drgeregweg.ip-ddns.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincheck.kedkq.icu	ClearFake payload delivery domain (confidence level: 100%)
domainxu1.dijiafuzhu.xyz	Vidar botnet C2 domain (confidence level: 100%)
domaintravel.image-gene-saver.it.com	Vidar botnet C2 domain (confidence level: 75%)
domainendxlesspossi.tech	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.wybps.icu	ClearFake payload delivery domain (confidence level: 100%)
domainnice.0818000.xyz	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincheck.pocbv.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.fadwl.icu	ClearFake payload delivery domain (confidence level: 100%)
domainendxlesspossi.tech	Lumma Stealer payload delivery domain (confidence level: 75%)
domainshiningrstars.help	Lumma Stealer payload delivery domain (confidence level: 75%)
domainmercharena.biz	Lumma Stealer payload delivery domain (confidence level: 75%)
domaingeneralmills.pro	Lumma Stealer payload delivery domain (confidence level: 75%)
domainstormlegue.com	Lumma Stealer payload delivery domain (confidence level: 75%)
domainblast-hubs.com	Lumma Stealer payload delivery domain (confidence level: 75%)
domainblastikcn.com	Lumma Stealer payload delivery domain (confidence level: 75%)
domainnestlecompany.pro	Lumma Stealer payload delivery domain (confidence level: 75%)
domaincheck.xybdd.icu	ClearFake payload delivery domain (confidence level: 100%)
domainheavysnowday.net	NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainheavysnowday.com	NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domaincinaweine.shop	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaindevmodebeta.dev	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domaindashboard.nzlifecoaching.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincheck.ngrdr.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.hmccl.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.vwfbm.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.xjlkm.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.bxqhq.icu	ClearFake payload delivery domain (confidence level: 100%)
domainknoxinvestmentandsales.com	Remcos botnet C2 domain (confidence level: 100%)
domainvideo.proxbotpy.com	Hook botnet C2 domain (confidence level: 100%)
domaincheck.qvdch.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.bzhzm.icu	ClearFake payload delivery domain (confidence level: 100%)
domainmieuyyzbv334s.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainlqalmpkebwpvdaf.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainjlltk5azih351g4.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainadanddcdjbdefml.top	MintsLoader botnet C2 domain (confidence level: 100%)
domain3dijvbhfyutu34j.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainyxrqxlvregipunw.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainhikcjbiklgabbfh.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainmgkwjihehqcknbp.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainamgfcnadnlkmlmd.top	MintsLoader botnet C2 domain (confidence level: 100%)
domaine4fdc0d3-eebe-4297-bc15-780796d8c861.cyqfuy.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwww.-ai.solutions	Formbook botnet C2 domain (confidence level: 50%)
domainwww.22201111.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.5l0bblb.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.78899.vip	Formbook botnet C2 domain (confidence level: 50%)
domainwww.agprime.life	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ard-vale.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arehouse-inventory-57386.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arktooll-es.store	Formbook botnet C2 domain (confidence level: 50%)
domainwww.chmollinger.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.chmvhic.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cline.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.e6s.lat	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ealswithmeaning.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ealthcare-trends-21256.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eekava.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.emu.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.enet.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.enpuk.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ental-health-57875.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ental-implants-49625.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.esiarbet17.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.esignix.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.etayes.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eyo.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.gjnp.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.honia.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.houxiaoxiao.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ibit.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ikart.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ilefox.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iloubloiu-im.monster	Formbook botnet C2 domain (confidence level: 50%)
domainwww.irect-mail.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kysports.monster	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lumber-jobs-54632.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mage2cut.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mble.monster	Formbook botnet C2 domain (confidence level: 50%)
domainwww.meshthapa.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mwa.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nfluencer-marketing-58813.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nfopayout.website	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nnot.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oftstarters.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oftware-download-42246.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.om-exchange-nft743640.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.onstruction-services-27125.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ontentexclusive.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.q-test-45673.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.raffitishop.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ramingfaith.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.raphic-design-degree-15820.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.razyfbteam.store	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rls.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rofesyonelwebtasarimi.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sibot.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.tbldg.world	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uego.wtf	Formbook botnet C2 domain (confidence level: 50%)
domainwww.urasiindo4dpools.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.utomation-tools-92232.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.utter-and-roof-cleaning.today	Formbook botnet C2 domain (confidence level: 50%)
domainwww.vplay.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.weqpo.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.wub.lat	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xilis.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yshopva.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainlevangiang2004-60241.portmap.io	Quasar RAT botnet C2 domain (confidence level: 50%)
domaineddy2024.ddns.net	Remcos botnet C2 domain (confidence level: 50%)
domaineddy2025.ddns.net	Remcos botnet C2 domain (confidence level: 50%)
domainsite-accessing.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domaintour-agency-media.pages.dev	ClearFake payload delivery domain (confidence level: 100%)
domainnestlecompany.world	Lumma Stealer payload delivery domain (confidence level: 100%)
domaincheck.pvhqg.icu	ClearFake payload delivery domain (confidence level: 100%)
domainwww.pinkandgreen87.info	Remcos botnet C2 domain (confidence level: 100%)
domainec2-18-143-214-68.ap-southeast-1.compute.amazonaws.com	Hook botnet C2 domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttps://ly.ardentlysqueamish.autos/772a09d8ce7f9f4da9fc0087f1cf84f12aedb2e2cfbf9989.bin	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.buqqn.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://154.216.19.160/txt/xugzybfe02qd31l.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/dtglbrsub45qnmm.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://66.63.187.123/txt/lwk7fu5kbewfbqc.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/xxdquuorm1vd3an.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.19.160/txt/aegtitprcz9bkkq.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.19.160/txt/ettb15lcedjyw3r.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.19.160/txt/um9l61wgoaplfkj.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.20.22/txt/rfp1ykrwym1odxc.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/tielklvkfumqufa.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/zo7yvjlvmdji9aj.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/zf3dxapdnla4lnl.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/di5nuab6dcw7eov.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/fwacz73tnxebaj2.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/ok7yvjlvmdji9ajz.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/nfef2debp7q52qq.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/iwqopplghcvzxmy.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://66.63.187.123/txt/h363bpkqz0mdvd7.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/blhbzrtqblg6o1k.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.20.22/txt/sr01fduyuje6o2v.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/i3xzep1kscpdmj7.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.39/txt/en7nq8lm3v7yww0.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/zok7yvjlvmdji9aj.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.19.160/txt/u7vqmxbxibxvbxn.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://154.216.19.160/txt/yvdk2vzluodbu6s.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/f2rps6mhkljoach.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/gsetc3enkk2egl4.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/ttuygt18rb5jzcr.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttps://87.120.84.38/txt/uyikxzbgrrplkjh.exe	MASS Logger payload delivery URL (confidence level: 100%)
urlhttp://13.251.16.150/	Pink botnet C2 (confidence level: 100%)
urlhttp://cnc.pinklander.com/	Pink botnet C2 (confidence level: 100%)
urlhttps://scanpaq.com/6t5t.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://scanpaq.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://yxrqxlvregipunw.top/1.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://mgkwjihehqcknbp.top/1.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://check.nolzm.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.lalml.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://softpafthway.cyou/api	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://154.26.208.209/	Hook botnet C2 (confidence level: 50%)
urlhttps://crimson-sun-3ac5.foxiproxi.workers.dev/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://xu3.201008281.xyz/	Vidar botnet C2 (confidence level: 100%)
urlhttps://check.masvt.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.cikwp.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.ruqhl.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://mercharena.biz	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://104.214.176.148:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://human-epinions.gl.at.ply.gg:56080	XWorm payload delivery URL (confidence level: 100%)
urlhttp://20.74.209.192:4443/xe1o	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://vessweb.com/6t4e.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://vessweb.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://check.jewsl.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.xomkb.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.kedkq.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://xu1.dijiafuzhu.xyz	Vidar botnet C2 (confidence level: 100%)
urlhttps://ddrtot.shop/new/pws/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://mail.laborpartyjo.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://facturacio.titoworld.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://portaal.com.my/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://api.telegram.org/bot7284285127:aafug_ek294atlka8lqmpqzedlvqi4bflre/	Agent Tesla botnet C2 (confidence level: 50%)
urlhttps://check.wybps.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ddrtot.shop/new/pws/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)
urlhttps://check.pocbv.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.fadwl.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.xybdd.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cinaweine.shop/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cinaweine.shop/work/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cinaweine.shop/work/file.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://verifiedtasks.com/333.zip	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://check.ngrdr.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.hmccl.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.vwfbm.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.xjlkm.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.bxqhq.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.qvdch.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://dev.gestroom.it/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://lucprofessional.grupomoltz.com.br/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://mail.lucprofessional.com.br/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://check.bzhzm.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://www.22201111.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.5l0bblb.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.78899.vip/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.agprime.life/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ard-vale.net/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arehouse-inventory-57386.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arktooll-es.store/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.chmollinger.info/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.chmvhic.shop/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cline.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.e6s.lat/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ealswithmeaning.net/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ealthcare-trends-21256.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eekava.online/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.elfast-cruisetours.today/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.emu.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.enet.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.enpuk.info/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ental-health-57875.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ental-implants-49625.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.esiarbet17.live/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.esignix.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.etayes.net/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eyo.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gjnp.info/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.honia.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.houxiaoxiao.online/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ibit.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ikart.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ilefox.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iloubloiu-im.monster/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.irect-mail.online/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kysports.monster/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lumber-jobs-54632.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mage2cut.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mble.monster/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.meshthapa.pro/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mwa.info/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nfluencer-marketing-58813.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nfopayout.website/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nnot.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oftstarters.net/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oftware-download-42246.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.om-exchange-nft743640.sbs/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.onstruction-services-27125.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ontentexclusive.shop/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.q-test-45673.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.raffitishop.online/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ramingfaith.shop/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.raphic-design-degree-15820.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.razyfbteam.store/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rls.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rofesyonelwebtasarimi.online/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sibot.tech/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tbldg.world/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uego.wtf/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.urasiindo4dpools.net/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.utomation-tools-92232.bond/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.utter-and-roof-cleaning.today/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vplay.tech/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.weqpo.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wub.lat/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xilis.net/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yshopva.xyz/a94w/	Formbook botnet C2 (confidence level: 50%)
urlhttps://sales.mypetapp.co.za/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://misano.gestroom.it/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://mail.cambodiatouristservice.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://my.salviatech.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://mail.wingsaviationacademy.in/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://cellaradvertisement.icu/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://poisonstone.icu/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://check.pvhqg.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://windowart.xyz/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://marketcalendar.icu/art.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://cj98865.tw1.ru/6daefec2.php	DCRat botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file35.167.121.116	Sliver botnet C2 server (confidence level: 100%)
file199.195.252.200	Kaiji botnet C2 server (confidence level: 100%)
file185.112.102.12	Mirai botnet C2 server (confidence level: 100%)
file196.251.67.134	Mirai botnet C2 server (confidence level: 100%)
file96.62.214.212	Mirai botnet C2 server (confidence level: 100%)
file195.178.110.224	Mirai botnet C2 server (confidence level: 100%)
file154.16.93.177	NetWire RC botnet C2 server (confidence level: 100%)
file154.16.93.177	NetWire RC botnet C2 server (confidence level: 100%)
file212.15.49.100	SpyNote botnet C2 server (confidence level: 100%)
file158.69.12.143	SpyNote botnet C2 server (confidence level: 100%)
file147.189.171.248	SpyNote botnet C2 server (confidence level: 100%)
file184.174.97.115	SpyNote botnet C2 server (confidence level: 100%)
file148.153.82.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file206.123.152.34	Remcos botnet C2 server (confidence level: 100%)
file196.251.118.49	AsyncRAT botnet C2 server (confidence level: 100%)
file23.94.126.207	AsyncRAT botnet C2 server (confidence level: 100%)
file37.221.67.207	Mirai botnet C2 server (confidence level: 50%)
file37.221.67.207	Mirai botnet C2 server (confidence level: 50%)
file37.221.67.207	Mirai botnet C2 server (confidence level: 50%)
file160.22.160.31	Mirai botnet C2 server (confidence level: 50%)
file193.143.1.42	Mirai botnet C2 server (confidence level: 100%)
file196.251.71.31	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.115.236.152	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.144.136.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file112.126.68.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file134.122.128.93	AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.172	AsyncRAT botnet C2 server (confidence level: 100%)
file144.126.223.33	MooBot botnet C2 server (confidence level: 100%)
file111.180.203.230	ValleyRAT botnet C2 server (confidence level: 100%)
file134.122.128.91	AsyncRAT botnet C2 server (confidence level: 100%)
file154.26.208.209	Hook botnet C2 server (confidence level: 100%)
file154.26.208.209	Hook botnet C2 server (confidence level: 100%)
file172.232.235.202	Unknown malware botnet C2 server (confidence level: 100%)
file172.232.235.202	Unknown malware botnet C2 server (confidence level: 100%)
file172.232.235.202	Unknown malware botnet C2 server (confidence level: 100%)
file172.232.235.202	Unknown malware botnet C2 server (confidence level: 100%)
file172.232.235.202	Unknown malware botnet C2 server (confidence level: 100%)
file5.253.41.69	Unknown malware botnet C2 server (confidence level: 100%)
file13.61.4.166	Unknown malware botnet C2 server (confidence level: 100%)
file184.82.106.56	Unknown malware botnet C2 server (confidence level: 100%)
file20.216.218.254	Unknown malware botnet C2 server (confidence level: 100%)
file66.194.172.174	Unknown malware botnet C2 server (confidence level: 100%)
file34.136.174.197	Unknown malware botnet C2 server (confidence level: 100%)
file191.113.109.14	Unknown malware botnet C2 server (confidence level: 100%)
file54.224.124.160	Unknown malware botnet C2 server (confidence level: 100%)
file128.140.34.177	Unknown malware botnet C2 server (confidence level: 100%)
file178.238.105.57	Unknown malware botnet C2 server (confidence level: 100%)
file95.169.180.41	Unknown malware botnet C2 server (confidence level: 100%)
file3.81.133.133	Unknown malware botnet C2 server (confidence level: 100%)
file20.236.253.207	Unknown malware botnet C2 server (confidence level: 100%)
file81.19.140.168	Unknown malware botnet C2 server (confidence level: 100%)
file39.107.243.6	Unknown malware botnet C2 server (confidence level: 100%)
file79.107.152.170	QakBot botnet C2 server (confidence level: 100%)
file216.250.252.33	Remcos botnet C2 server (confidence level: 75%)
file62.60.226.49	Remcos botnet C2 server (confidence level: 100%)
file176.65.138.184	AsyncRAT botnet C2 server (confidence level: 100%)
file89.117.17.182	AsyncRAT botnet C2 server (confidence level: 100%)
file75.119.139.188	Unknown malware botnet C2 server (confidence level: 50%)
file54.184.8.206	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file176.82.171.71	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file185.196.9.225	AsyncRAT botnet C2 server (confidence level: 100%)
file185.196.9.225	AsyncRAT botnet C2 server (confidence level: 75%)
file185.196.9.225	AsyncRAT botnet C2 server (confidence level: 75%)
file47.92.26.48	Cobalt Strike botnet C2 server (confidence level: 100%)
file198.135.51.176	Remcos botnet C2 server (confidence level: 75%)
file196.251.118.14	Remcos botnet C2 server (confidence level: 100%)
file193.23.3.29	Remcos botnet C2 server (confidence level: 100%)
file185.38.142.181	Remcos botnet C2 server (confidence level: 100%)
file146.70.113.148	AsyncRAT botnet C2 server (confidence level: 100%)
file23.94.126.207	AsyncRAT botnet C2 server (confidence level: 100%)
file138.199.162.81	Quasar RAT botnet C2 server (confidence level: 100%)
file52.231.109.121	Havoc botnet C2 server (confidence level: 100%)
file3.96.151.21	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.180.211.187	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file84.154.180.143	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.248.209.49	DeimosC2 botnet C2 server (confidence level: 75%)
file13.48.26.102	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file188.49.58.85	QakBot botnet C2 server (confidence level: 75%)
file20.173.41.208	Sliver botnet C2 server (confidence level: 75%)
file185.100.157.145	NjRAT botnet C2 server (confidence level: 100%)
file37.107.11.247	QakBot botnet C2 server (confidence level: 75%)
file37.27.87.24	Sliver botnet C2 server (confidence level: 75%)
file5.182.226.142	NjRAT botnet C2 server (confidence level: 100%)
file169.239.129.45	Cobalt Strike botnet C2 server (confidence level: 75%)
file64.95.10.13	Sliver botnet C2 server (confidence level: 50%)
file37.12.3.194	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.38.67.75	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.184.8.206	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file190.10.11.37	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.177.88.161	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file1.118.34.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.118.34.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.64.252.57	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.131.159	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.94.9.167	Remcos botnet C2 server (confidence level: 100%)
file157.20.182.51	Remcos botnet C2 server (confidence level: 100%)
file43.153.82.236	Sliver botnet C2 server (confidence level: 100%)
file118.195.163.219	Unknown malware botnet C2 server (confidence level: 100%)
file123.11.143.85	Unknown malware botnet C2 server (confidence level: 100%)
file176.65.142.245	AsyncRAT botnet C2 server (confidence level: 100%)
file185.49.126.27	AsyncRAT botnet C2 server (confidence level: 100%)
file185.49.126.245	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.95	AsyncRAT botnet C2 server (confidence level: 100%)
file185.49.126.235	AsyncRAT botnet C2 server (confidence level: 100%)
file173.249.52.37	Unknown malware botnet C2 server (confidence level: 100%)
file83.196.195.34	Quasar RAT botnet C2 server (confidence level: 100%)
file23.152.0.81	Havoc botnet C2 server (confidence level: 100%)
file45.128.12.101	Venom RAT botnet C2 server (confidence level: 100%)
file54.64.181.201	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file122.114.169.63	Cobalt Strike botnet C2 server (confidence level: 100%)
file91.199.160.129	BianLian botnet C2 server (confidence level: 100%)
file5.83.218.12	Mirai botnet C2 server (confidence level: 75%)
file194.85.251.68	Mirai botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file144.91.92.132	Cobalt Strike botnet C2 server (confidence level: 75%)
file38.55.199.105	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.202.32.56	Cobalt Strike botnet C2 server (confidence level: 75%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file176.65.139.51	XenoRAT botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file194.180.191.229	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file91.211.250.95	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file193.161.193.99	Quasar RAT botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file204.76.203.175	Mirai botnet C2 server (confidence level: 100%)
file217.195.153.175	Mirai botnet C2 server (confidence level: 100%)
file204.76.203.188	Mirai botnet C2 server (confidence level: 100%)
file204.76.203.173	Mirai botnet C2 server (confidence level: 100%)
file204.76.203.172	Mirai botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file103.186.117.159	Remcos botnet C2 server (confidence level: 75%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file38.55.194.251	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.129.34.49	Cobalt Strike botnet C2 server (confidence level: 100%)
file114.116.224.35	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.76.177.203	AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.168	AsyncRAT botnet C2 server (confidence level: 100%)
file191.96.207.168	AsyncRAT botnet C2 server (confidence level: 100%)
file23.94.126.207	AsyncRAT botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file57.181.102.240	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file5.188.230.69	MimiKatz botnet C2 server (confidence level: 100%)
file149.28.17.188	BianLian botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file18.144.7.69	Cobalt Strike botnet C2 server (confidence level: 50%)
file46.249.58.46	Cobalt Strike botnet C2 server (confidence level: 50%)
file111.119.239.73	Cobalt Strike botnet C2 server (confidence level: 50%)
file138.68.171.106	Sliver botnet C2 server (confidence level: 50%)
file188.245.78.205	Sliver botnet C2 server (confidence level: 50%)
file185.147.125.145	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.7.214.51	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45	Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5	Tofsee botnet C2 server (confidence level: 100%)
file185.243.96.115	Tofsee botnet C2 server (confidence level: 100%)
file43.165.133.147	Cobalt Strike botnet C2 server (confidence level: 50%)
file13.232.126.176	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file51.8.133.234	Unknown malware botnet C2 server (confidence level: 50%)
file196.251.89.152	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.118.160	Cobalt Strike botnet C2 server (confidence level: 100%)
file181.131.219.42	Remcos botnet C2 server (confidence level: 100%)
file192.3.243.143	Remcos botnet C2 server (confidence level: 100%)
file196.251.118.49	Remcos botnet C2 server (confidence level: 100%)
file23.97.56.187	Sliver botnet C2 server (confidence level: 100%)
file179.13.9.42	AsyncRAT botnet C2 server (confidence level: 100%)
file192.30.241.217	AsyncRAT botnet C2 server (confidence level: 100%)
file13.213.149.14	Hook botnet C2 server (confidence level: 100%)
file79.198.171.227	Quasar RAT botnet C2 server (confidence level: 100%)
file157.20.182.32	Venom RAT botnet C2 server (confidence level: 100%)
file13.38.4.197	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.37.236.177	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file159.223.157.44	Eye Pyramid botnet C2 server (confidence level: 75%)
file172.111.160.104	DeimosC2 botnet C2 server (confidence level: 75%)
file23.97.56.187	Sliver botnet C2 server (confidence level: 75%)
file5.83.218.75	Sliver botnet C2 server (confidence level: 75%)
file70.31.125.14	QakBot botnet C2 server (confidence level: 75%)
file120.26.1.102	Cobalt Strike botnet C2 server (confidence level: 50%)
file194.146.47.231	DarkComet botnet C2 server (confidence level: 50%)

Hash

Value	Description	Copy
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash2f022104248d395a01f0134b406ac9bcf7e2059d791695110505052b9064ca9f	xmrig payload (confidence level: 100%)
hash808	Kaiji botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash13	Mirai botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash8888	Mirai botnet C2 server (confidence level: 100%)
hash3368	NetWire RC botnet C2 server (confidence level: 100%)
hash3365	NetWire RC botnet C2 server (confidence level: 100%)
hash1212	SpyNote botnet C2 server (confidence level: 100%)
hash5555	SpyNote botnet C2 server (confidence level: 100%)
hash7771	SpyNote botnet C2 server (confidence level: 100%)
hash5002	SpyNote botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3191	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash2004	AsyncRAT botnet C2 server (confidence level: 100%)
hash6969	Mirai botnet C2 server (confidence level: 50%)
hash45	Mirai botnet C2 server (confidence level: 50%)
hash1111	Mirai botnet C2 server (confidence level: 50%)
hash56999	Mirai botnet C2 server (confidence level: 50%)
hash60255	Mirai botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash37232	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash1234	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash2095	Unknown malware botnet C2 server (confidence level: 100%)
hash6513	Unknown malware botnet C2 server (confidence level: 100%)
hash50102	Unknown malware botnet C2 server (confidence level: 100%)
hash55487	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash34956	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 100%)
hash60309	Remcos botnet C2 server (confidence level: 75%)
hash1115	Remcos botnet C2 server (confidence level: 100%)
hash3939	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash92	Unknown malware botnet C2 server (confidence level: 50%)
hash593	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 75%)
hash7707	AsyncRAT botnet C2 server (confidence level: 75%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash49950	Remcos botnet C2 server (confidence level: 75%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash1570	Remcos botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash4444	AsyncRAT botnet C2 server (confidence level: 100%)
hash1999	AsyncRAT botnet C2 server (confidence level: 100%)
hash2086	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash788	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash5984	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash82	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash4369	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash1515	NjRAT botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash41127	NjRAT botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6667	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash993	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6000	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9333	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1962	Remcos botnet C2 server (confidence level: 100%)
hash56872	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash5873	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash2408	Quasar RAT botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash8888	Venom RAT botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	BianLian botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 75%)
hash9931	Mirai botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 75%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash6969	XenoRAT botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash80	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash60241	Quasar RAT botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash1962	Mirai botnet C2 server (confidence level: 100%)
hash1962	Mirai botnet C2 server (confidence level: 100%)
hash1962	Mirai botnet C2 server (confidence level: 100%)
hash1962	Mirai botnet C2 server (confidence level: 100%)
hash1962	Mirai botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash48453	Remcos botnet C2 server (confidence level: 75%)
hash90280056c5ad293736030e4747d80c01	Akira payload (confidence level: 50%)
hash39fcc76a932f13e59fe129dfa773ee14	Akira payload (confidence level: 50%)
hash1a4a4eb6dfc583c02c70bf83fc0e3cd1	Akira payload (confidence level: 50%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash2004	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash8080	MimiKatz botnet C2 server (confidence level: 100%)
hash8443	BianLian botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash5555	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hashd54bae930b038950c2947f5397c13f84	Unknown malware payload (confidence level: 50%)
hash15634dc79981e7fba25fb8530cedb981	Unknown malware payload (confidence level: 50%)
hash40126b1b3c6f86194fc554cdba3cb5d3	Unknown malware payload (confidence level: 50%)
hash296cca79bbb3ca764de8fcdc2070ecc2	Unknown malware payload (confidence level: 50%)
hash6c755a742f2b2e5c1820f57d0338365f	Unknown malware payload (confidence level: 50%)
hash3c311cabe7de6a8c104f8f10541d392d	Unknown malware payload (confidence level: 50%)
hashb97812a2e6be54e725defbab88357fa2	Unknown malware payload (confidence level: 50%)
hashd44071f255785c73909d64f824331ebf	Unknown malware payload (confidence level: 50%)
hash9db8f7378e2df01c842cfcb617e64475	Unknown malware payload (confidence level: 50%)
hash9a218d69ecafe65eae264d2fdb52f1aa	Unknown malware payload (confidence level: 50%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash636	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash6878	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash4785	Quasar RAT botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash18245	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash52959	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash8080	Sliver botnet C2 server (confidence level: 75%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash1604	DarkComet botnet C2 server (confidence level: 50%)

Threat ID: 682c7dbee8347ec82d2cf031

Added to database: 5/20/2025, 1:03:58 PM

Last enriched: 6/19/2025, 4:02:53 PM

Last updated: 8/13/2025, 5:58:29 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-02-17

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-02-17

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Related Threats

ThreatFox IOCs for 2025-08-18

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility