ThreatFox IOCs for 2025-02-18
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-18
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-02-18," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data or is related to OSINT activities. No specific affected software versions or products are listed, and there are no CWE identifiers or patch links provided, suggesting that this entry is focused on sharing threat intelligence rather than detailing a specific vulnerability or exploit. The technical details indicate a moderate threat level (threatLevel: 2) with a distribution score of 3, implying a relatively broad dissemination or potential reach. The analysis score of 1 suggests limited in-depth technical analysis is available at this time. There are no known exploits in the wild, and no specific indicators of compromise (IOCs) are included in the data. The threat is tagged with "tlp:white," meaning the information is intended for public sharing without restriction. Overall, this entry appears to be an OSINT-based malware threat intelligence update rather than a direct vulnerability or exploit targeting a specific product or version. It likely serves as a reference for security teams to be aware of emerging malware-related IOCs that may be used in future investigations or detections.
Potential Impact
Given the lack of specific affected products or versions and the absence of known exploits in the wild, the immediate impact on European organizations is likely limited. However, the broad distribution score suggests that the malware or related IOCs could be widely disseminated, potentially increasing the risk of detection or infection if leveraged in targeted campaigns. European organizations that rely heavily on OSINT tools or integrate threat intelligence feeds similar to ThreatFox might encounter these IOCs in their monitoring systems. If the malware is eventually weaponized or integrated into attack campaigns, it could impact confidentiality, integrity, or availability depending on its payload and objectives. The medium severity rating indicates a moderate risk level, emphasizing the need for vigilance but not immediate alarm. The lack of detailed technical indicators limits the ability to assess specific attack vectors or targeted sectors, but organizations involved in critical infrastructure, finance, or government sectors should remain alert due to their strategic importance and frequent targeting by malware campaigns.
Mitigation Recommendations
1. Integrate Threat Intelligence Feeds: European organizations should incorporate ThreatFox and similar OSINT threat intelligence feeds into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities for emerging malware IOCs. 2. Enhance Monitoring and Alerting: Establish or refine monitoring rules to detect unusual activities or indicators related to the shared IOCs, even if they are currently limited, to prepare for potential future exploitation. 3. Conduct Threat Hunting Exercises: Proactively search internal networks and systems for any signs of the malware or related suspicious activity using the latest available IOCs from ThreatFox and other sources. 4. Employee Awareness and Training: Educate staff on the importance of OSINT and threat intelligence, emphasizing cautious handling of external data sources and suspicious files or links. 5. Maintain Robust Patch Management: Although no specific patches are linked, maintaining up-to-date systems reduces the risk of exploitation by malware that may leverage known vulnerabilities. 6. Collaborate with National CERTs: Engage with European national Computer Emergency Response Teams (CERTs) to share intelligence and receive updates on evolving threats related to this malware. 7. Limit Exposure of OSINT Tools: Review and restrict access to OSINT tools and platforms to authorized personnel only, minimizing the risk of misuse or compromise.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 185.7.214.51
- hash: 417
- domain: check.hbskw.icu
- file: 185.147.125.146
- hash: 431
- domain: impactsupport.world
- url: https://check.hbskw.icu/gkcxv.google
- domain: tattoobg.com
- file: 193.143.1.5
- hash: 431
- domain: gratefulheartx.tech
- domain: balancedzlife.tech
- domain: pgldrop24.pro
- file: 185.147.125.146
- hash: 426
- url: https://bellthinkyj28.help/api
- url: https://patchpreseh.help/api
- file: 185.147.125.147
- hash: 424
- domain: bellthinkyj28.help
- domain: patchpreseh.help
- domain: nestlecompany.world
- file: 193.143.1.5
- hash: 423
- file: 185.215.113.51
- hash: 80
- file: 185.7.214.51
- hash: 420
- file: 206.123.150.192
- hash: 2405
- file: 128.90.103.206
- hash: 2000
- file: 128.90.103.206
- hash: 5000
- file: 52.74.224.241
- hash: 443
- file: 181.162.178.164
- hash: 8080
- file: 13.208.165.189
- hash: 4746
- file: 193.35.17.242
- hash: 8080
- file: 152.42.230.191
- hash: 80
- file: 194.113.74.174
- hash: 8000
- file: 185.7.214.51
- hash: 423
- file: 185.42.12.45
- hash: 428
- domain: google.baobecgiang.net
- file: 123.30.186.249
- hash: 443
- file: 185.147.125.146
- hash: 425
- url: http://196.251.90.44:8888/supershell/login/
- file: 147.185.221.25
- hash: 44311
- file: 193.32.162.38
- hash: 3778
- file: 91.223.70.6
- hash: 80
- file: 181.235.4.255
- hash: 2404
- file: 94.156.227.92
- hash: 2404
- file: 185.196.10.153
- hash: 2404
- file: 191.101.51.149
- hash: 2404
- file: 112.121.164.202
- hash: 8080
- file: 119.45.118.52
- hash: 8888
- file: 193.26.115.52
- hash: 8808
- file: 69.48.202.241
- hash: 8808
- file: 156.253.228.55
- hash: 80
- domain: ec2-54-251-124-7.ap-southeast-1.compute.amazonaws.com
- file: 157.20.182.52
- hash: 4449
- file: 46.246.6.7
- hash: 9000
- file: 54.227.76.173
- hash: 8081
- file: 84.200.154.125
- hash: 443
- url: http://ecozessentials.com/e6cb1c8fc7cd1659.php
- url: http://119.45.118.52:8888/supershell/login/
- url: http://115.120.242.123:8888/supershell/login/
- domain: 4399.canlonggame.com
- domain: unknown.serveblog.net
- domain: xeaefryx.top
- domain: liftasoul.shop
- file: 139.99.23.210
- hash: 1000
- file: 96.126.112.85
- hash: 51606
- file: 156.244.11.6
- hash: 80
- file: 198.74.55.179
- hash: 502
- file: 154.205.147.234
- hash: 80
- file: 156.244.0.116
- hash: 80
- file: 154.205.158.27
- hash: 80
- file: 182.61.19.58
- hash: 60000
- file: 101.133.146.66
- hash: 60000
- file: 18.216.30.157
- hash: 3333
- file: 165.227.39.97
- hash: 3333
- file: 52.58.153.129
- hash: 443
- file: 159.203.53.6
- hash: 443
- file: 74.48.175.44
- hash: 8080
- file: 13.50.119.113
- hash: 80
- file: 35.240.13.130
- hash: 3333
- file: 129.80.179.228
- hash: 443
- file: 3.0.103.25
- hash: 80
- file: 183.82.122.21
- hash: 443
- file: 137.184.57.51
- hash: 3333
- file: 185.62.75.170
- hash: 3333
- file: 65.1.134.76
- hash: 8443
- file: 3.86.157.41
- hash: 3333
- file: 5.223.54.91
- hash: 443
- file: 138.201.19.103
- hash: 3335
- domain: www.mail.www.1ogln.com
- file: 45.138.16.50
- hash: 4000
- file: 185.7.214.51
- hash: 418
- domain: naiftheking.xyz
- domain: check.rlcbb.icu
- url: https://check.rlcbb.icu/gkcxv.google
- domain: check.kpwlp.icu
- url: https://check.kpwlp.icu/gkcxv.google
- url: https://waveschurch.xyz/art.php
- url: https://vasebox.art/art.php
- domain: check.lmdgg.icu
- url: http://93.123.84.246/limonswat.php
- url: https://check.lmdgg.icu/gkcxv.google
- file: 185.208.156.45
- hash: 2404
- file: 192.210.150.24
- hash: 5590
- domain: check.fvqxp.icu
- url: https://check.fvqxp.icu/gkcxv.google
- file: 23.97.56.187
- hash: 31337
- file: 167.114.2.2
- hash: 31337
- file: 137.184.190.241
- hash: 31337
- file: 47.94.200.115
- hash: 31337
- file: 139.180.193.31
- hash: 4433
- file: 122.114.169.63
- hash: 443
- file: 43.162.121.147
- hash: 5001
- file: 155.138.214.192
- hash: 31337
- file: 46.235.229.89
- hash: 9001
- file: 163.172.234.31
- hash: 7443
- file: 121.141.37.193
- hash: 6000
- file: 54.177.89.187
- hash: 12162
- file: 43.143.35.118
- hash: 50050
- file: 190.44.65.246
- hash: 81
- url: https://lompappojumm.click/api
- url: https://nestlecompany.world/api
- url: https://impactsupport.world/api
- url: https://boldquestq.cyou/api
- url: https://immo-etoiles.fr/wp-admin/
- domain: nope-it-30183.portmap.host
- domain: service-cyuasu6k-1319584009.nj.tencentapigw.com
- url: https://pastebin.com/raw/zx6dukf9
- file: 116.251.133.7
- hash: 37593
- domain: mike-second.gl.at.ply.gg
- domain: check.hdfkc.icu
- url: https://check.hdfkc.icu/gkcxv.google
- url: http://a1085017.xsph.ru/b3717072.php
- url: https://steamcommunity.com/profiles/76561199828130190
- url: https://t.me/g02f04
- url: https://95.217.243.100/
- url: https://95.217.245.74/
- url: https://ftp.kaf.jp.eu.org/
- url: https://ftp.dijiafuzhu.xyz/
- domain: ftp.dijiafuzhu.xyz
- domain: ftp.kaf.jp.eu.org
- file: 95.217.243.100
- hash: 443
- file: 95.217.245.74
- hash: 443
- file: 116.202.180.73
- hash: 443
- url: http://45.207.197.39:8888/supershell/login/
- file: 110.41.131.240
- hash: 8888
- file: 194.59.31.30
- hash: 3939
- file: 95.111.215.157
- hash: 4443
- file: 193.26.115.52
- hash: 7707
- file: 13.48.55.8
- hash: 7443
- file: 5.255.98.216
- hash: 443
- file: 86.106.87.158
- hash: 26935
- file: 38.55.199.105
- hash: 8080
- file: 111.119.235.231
- hash: 5555
- domain: newgoodthingsforkbhh.duckdns.org
- file: 116.204.34.3
- hash: 8443
- file: 3.160.199.180
- hash: 443
- file: 31.184.196.130
- hash: 8843
- file: 64.95.11.106
- hash: 8888
- url: https://fixuplink.com/fixuplink/application-patch/daily-2025-01/sysmender_connector.php
- url: http://285857cm.nyanyash.ru/pythondbprivate.php
- file: 43.163.87.97
- hash: 80
- file: 195.133.5.224
- hash: 443
- file: 185.49.126.235
- hash: 1999
- file: 45.150.34.182
- hash: 8089
- file: 76.223.125.223
- hash: 10081
- file: 52.149.122.11
- hash: 80
- domain: check.ltxgh.icu
- url: https://check.ltxgh.icu/gkcxv.google
- domain: rapiddevapi.com
- domain: check.psjvt.icu
- url: https://check.psjvt.icu/gkcxv.google
- file: 193.143.1.19
- hash: 9876
- file: 213.148.26.193
- hash: 3790
- domain: lestagames.world
- url: https://mammeporche.top/work/original.js
- domain: mammeporche.top
- url: https://mammeporche.top/work/index.php
- url: https://mammeporche.top/work/file.php
- url: https://poormet.com/lol.zip
- domain: certificate.hypnotherapy-training.co.nz
- domain: urbjanjungle.tech
- url: https://busheprettuv.shop/api
- url: https://ablekettled.shop/api
- url: https://avoidshirru.shop/api
- url: https://achievesalutto.shop/api
- url: https://beatgoattk.shop/api
- url: https://cobwebymitk.shop/api
- url: https://closedsaccke.shop/api
- url: https://cavemelodice.shop/api
- url: https://bucketrenouv.shop/api
- url: https://cherriestubb.shop/api
- url: https://actleavvek.shop/api
- url: https://cloudsbeeseez.shop/api
- url: https://carrofiwi.shop/api
- url: https://erracitofge.shop/api
- url: https://forcehoppen.shop/api
- url: https://crackerdisccre.shop/api
- url: https://creppugler.shop/api
- url: https://comepreventsur.shop/api
- url: https://fraildinerip.shop/api
- domain: busheprettuv.shop
- domain: ablekettled.shop
- domain: avoidshirru.shop
- domain: achievesalutto.shop
- domain: beatgoattk.shop
- domain: cobwebymitk.shop
- domain: closedsaccke.shop
- domain: cavemelodice.shop
- domain: bucketrenouv.shop
- domain: cherriestubb.shop
- domain: actleavvek.shop
- domain: cloudsbeeseez.shop
- domain: carrofiwi.shop
- domain: erracitofge.shop
- domain: forcehoppen.shop
- domain: crackerdisccre.shop
- domain: creppugler.shop
- domain: comepreventsur.shop
- domain: fraildinerip.shop
- file: 82.29.61.37
- hash: 1024
- file: 139.180.193.31
- hash: 887
- file: 43.224.227.209
- hash: 8888
- file: 185.196.10.153
- hash: 5000
- file: 94.237.52.233
- hash: 8090
- file: 188.127.231.164
- hash: 8808
- file: 54.224.124.72
- hash: 7443
- file: 116.203.56.216
- hash: 2222
- file: 93.232.97.253
- hash: 82
- file: 45.143.99.196
- hash: 80
- domain: unruffled-mccarthy.45-143-99-196.plesk.page
- file: 39.106.75.37
- hash: 80
- file: 51.81.239.186
- hash: 9999
- file: 43.133.36.25
- hash: 8082
- domain: kdljlignmgemecf.top
- domain: usdgyzjey4h.top
- domain: mioasfybz7y4.top
- domain: nfuagy7fgus.top
- domain: l284afj165tqz51.top
- domain: icciilhkbdgjggn.top
- domain: anccvfsrkauefoh.top
- domain: api.kaf.jp.eu.org
- url: https://api.kaf.jp.eu.org/
- domain: check.jtfsn.icu
- url: https://check.jtfsn.icu/gkcxv.google
- url: https://193.143.1.77/nta4mzixmjdkyznj/
- url: https://kjgtg3242ioh254kjsobhkj353.com/nta4mzixmjdkyznj/
- url: https://3267hsd32jke47s3j402j4302h.com/nta4mzixmjdkyznj/
- url: https://edfwn923sfdml237vm90sdl23k.com/nta4mzixmjdkyznj/
- url: https://823jkfs4829nk48kef742kj675.com/nta4mzixmjdkyznj/
- url: https://sdglk33498knsf32667sfknwfr.com/nta4mzixmjdkyznj/
- url: https://952dsjk47kf73ls23k489klfdd.com/nta4mzixmjdkyznj/
- url: https://nzxvjej7337bjsdl232nsdlsfa.com/nta4mzixmjdkyznj/
- url: https://2348sdks230df834sd03272nsd.com/nta4mzixmjdkyznj/
- url: https://edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
- url: https://2dd6d23b6061211f9813c0c4d18f2a5f.com/n2zimdm2y2y5zdm1/
- url: https://3edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
- url: https://5edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
- url: https://7edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
- url: https://8edfwn923sacasfdml237vm90sdl23k.com/nta4mzixmjdkyznj/
- file: 45.90.219.246
- hash: 7968
- url: http://59.94.127.152:53645/mozi.m
- domain: dns.windowsupdate.cloud
- file: 18.218.191.48
- hash: 53
- file: 185.74.222.38
- hash: 443
- domain: check.jmnfp.icu
- url: http://u1.rejoincartridge.shop/never.m4a
- domain: yuzbook.info
- url: https://check.jmnfp.icu/gkcxv.google
- file: 87.251.79.180
- hash: 12345
- file: 209.141.57.97
- hash: 23
- file: 205.185.115.242
- hash: 12345
- file: 91.149.253.11
- hash: 42069
- url: http://185.180.230.239/securelowvoiddbflower/7polldownloadsuploads/universalmariadb/line5_/wpdle/centralmultiapi/windows/testeternaluploadspublic/pipebasepipemulti/uploads/dle/image/httpupdateprocessdbbase.php
- url: https://auth.rastreiotransporte4f.com/mayl/saver/gravadados.php
- file: 204.10.161.144
- hash: 2404
- file: 185.202.173.24
- hash: 5824
- file: 209.38.192.61
- hash: 8080
- domain: thrtcc13vs.top
- file: 128.90.103.206
- hash: 9999
- domain: sixcc6vs.top
- domain: fivecc5vs.top
- file: 65.109.226.131
- hash: 7443
- domain: f1080509.xsph.ru
- domain: f1081725.xsph.ru
- domain: f1068264.xsph.ru
- domain: ct18031.tw1.ru
- file: 212.224.86.165
- hash: 443
- domain: a1080799.xsph.ru
- domain: a1080822.xsph.ru
- file: 46.246.12.2
- hash: 9000
- domain: a1080277.xsph.ru
- domain: a1040668.xsph.ru
- domain: smoothsprin.click
- file: 176.100.37.204
- hash: 1337
- url: https://smoothsprin.click/api
- domain: twntcc20vs.top
- domain: sixjj6sr.top
- domain: tenjj10sr.top
- domain: frtnpp14sb.top
- domain: onehh1pn.top
- domain: twntpp20sb.top
- domain: eightjj8sr.top
- domain: frtncc14vs.top
- domain: frtnhh14pn.top
- domain: twntjj20sr.top
- domain: tnwnthh20pn.top
- domain: fivgg5sb.top
- domain: frtggsb.top
- domain: thrtgg13sb.top
- domain: twntgg20th.top
- domain: frtgg14th.top
- file: 2.89.27.110
- hash: 995
- file: 34.245.206.244
- hash: 1912
- file: 43.141.132.14
- hash: 10250
- file: 78.167.159.180
- hash: 443
- url: http://a1085424.xsph.ru/5f596469.php
- url: http://sigmabioaef.atwebpages.com/12884306.php
ThreatFox IOCs for 2025-02-18
Medium
Published: Tue Feb 18 2025 (02/18/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-18
AI-Powered Analysis
AILast updated: 06/19/2025, 13:20:09 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-02-18," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it primarily involves open-source intelligence data or is related to OSINT activities. No specific affected software versions or products are listed, and there are no CWE identifiers or patch links provided, suggesting that this entry is focused on sharing threat intelligence rather than detailing a specific vulnerability or exploit. The technical details indicate a moderate threat level (threatLevel: 2) with a distribution score of 3, implying a relatively broad dissemination or potential reach. The analysis score of 1 suggests limited in-depth technical analysis is available at this time. There are no known exploits in the wild, and no specific indicators of compromise (IOCs) are included in the data. The threat is tagged with "tlp:white," meaning the information is intended for public sharing without restriction. Overall, this entry appears to be an OSINT-based malware threat intelligence update rather than a direct vulnerability or exploit targeting a specific product or version. It likely serves as a reference for security teams to be aware of emerging malware-related IOCs that may be used in future investigations or detections.
Potential Impact
Given the lack of specific affected products or versions and the absence of known exploits in the wild, the immediate impact on European organizations is likely limited. However, the broad distribution score suggests that the malware or related IOCs could be widely disseminated, potentially increasing the risk of detection or infection if leveraged in targeted campaigns. European organizations that rely heavily on OSINT tools or integrate threat intelligence feeds similar to ThreatFox might encounter these IOCs in their monitoring systems. If the malware is eventually weaponized or integrated into attack campaigns, it could impact confidentiality, integrity, or availability depending on its payload and objectives. The medium severity rating indicates a moderate risk level, emphasizing the need for vigilance but not immediate alarm. The lack of detailed technical indicators limits the ability to assess specific attack vectors or targeted sectors, but organizations involved in critical infrastructure, finance, or government sectors should remain alert due to their strategic importance and frequent targeting by malware campaigns.
Mitigation Recommendations
1. Integrate Threat Intelligence Feeds: European organizations should incorporate ThreatFox and similar OSINT threat intelligence feeds into their Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities for emerging malware IOCs. 2. Enhance Monitoring and Alerting: Establish or refine monitoring rules to detect unusual activities or indicators related to the shared IOCs, even if they are currently limited, to prepare for potential future exploitation. 3. Conduct Threat Hunting Exercises: Proactively search internal networks and systems for any signs of the malware or related suspicious activity using the latest available IOCs from ThreatFox and other sources. 4. Employee Awareness and Training: Educate staff on the importance of OSINT and threat intelligence, emphasizing cautious handling of external data sources and suspicious files or links. 5. Maintain Robust Patch Management: Although no specific patches are linked, maintaining up-to-date systems reduces the risk of exploitation by malware that may leverage known vulnerabilities. 6. Collaborate with National CERTs: Engage with European national Computer Emergency Response Teams (CERTs) to share intelligence and receive updates on evolving threats related to this malware. 7. Limit Exposure of OSINT Tools: Review and restrict access to OSINT tools and platforms to authorized personnel only, minimizing the risk of misuse or compromise.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f1f41889-9904-4dee-a51b-e2d7f7b027a1
- Original Timestamp
- 1739923387
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file185.7.214.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.147.125.146 | Tofsee botnet C2 server (confidence level: 100%) | |
file193.143.1.5 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.147.125.146 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.147.125.147 | Tofsee botnet C2 server (confidence level: 100%) | |
file193.143.1.5 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.215.113.51 | Lumma Stealer payload delivery server (confidence level: 100%) | |
file185.7.214.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file206.123.150.192 | Remcos botnet C2 server (confidence level: 100%) | |
file128.90.103.206 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.103.206 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file52.74.224.241 | Hook botnet C2 server (confidence level: 100%) | |
file181.162.178.164 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file13.208.165.189 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file193.35.17.242 | ERMAC botnet C2 server (confidence level: 100%) | |
file152.42.230.191 | Bashlite botnet C2 server (confidence level: 100%) | |
file194.113.74.174 | MimiKatz botnet C2 server (confidence level: 100%) | |
file185.7.214.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.42.12.45 | Tofsee botnet C2 server (confidence level: 100%) | |
file123.30.186.249 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.147.125.146 | Tofsee botnet C2 server (confidence level: 100%) | |
file147.185.221.25 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.32.162.38 | Mirai botnet C2 server (confidence level: 100%) | |
file91.223.70.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.235.4.255 | Remcos botnet C2 server (confidence level: 100%) | |
file94.156.227.92 | Remcos botnet C2 server (confidence level: 100%) | |
file185.196.10.153 | Remcos botnet C2 server (confidence level: 100%) | |
file191.101.51.149 | Remcos botnet C2 server (confidence level: 100%) | |
file112.121.164.202 | Sliver botnet C2 server (confidence level: 100%) | |
file119.45.118.52 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.26.115.52 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file69.48.202.241 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file156.253.228.55 | Hook botnet C2 server (confidence level: 100%) | |
file157.20.182.52 | Venom RAT botnet C2 server (confidence level: 100%) | |
file46.246.6.7 | DCRat botnet C2 server (confidence level: 100%) | |
file54.227.76.173 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file84.200.154.125 | PoshC2 botnet C2 server (confidence level: 100%) | |
file139.99.23.210 | DCRat botnet C2 server (confidence level: 100%) | |
file96.126.112.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.244.11.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.74.55.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.205.147.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.244.0.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.205.158.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.61.19.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.133.146.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.216.30.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.227.39.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.58.153.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.203.53.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.48.175.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.50.119.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.240.13.130 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.80.179.228 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.0.103.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file183.82.122.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.57.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.62.75.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.1.134.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.86.157.41 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.223.54.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.201.19.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.138.16.50 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.7.214.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.208.156.45 | Remcos botnet C2 server (confidence level: 75%) | |
file192.210.150.24 | Remcos botnet C2 server (confidence level: 75%) | |
file23.97.56.187 | Sliver botnet C2 server (confidence level: 50%) | |
file167.114.2.2 | Sliver botnet C2 server (confidence level: 50%) | |
file137.184.190.241 | Sliver botnet C2 server (confidence level: 50%) | |
file47.94.200.115 | Sliver botnet C2 server (confidence level: 50%) | |
file139.180.193.31 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file122.114.169.63 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.162.121.147 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file155.138.214.192 | Unknown malware botnet C2 server (confidence level: 50%) | |
file46.235.229.89 | Unknown malware botnet C2 server (confidence level: 50%) | |
file163.172.234.31 | Unknown malware botnet C2 server (confidence level: 50%) | |
file121.141.37.193 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.177.89.187 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file43.143.35.118 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file190.44.65.246 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file116.251.133.7 | XWorm botnet C2 server (confidence level: 50%) | |
file95.217.243.100 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.245.74 | Vidar botnet C2 server (confidence level: 100%) | |
file116.202.180.73 | Vidar botnet C2 server (confidence level: 100%) | |
file110.41.131.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.59.31.30 | Remcos botnet C2 server (confidence level: 100%) | |
file95.111.215.157 | Sliver botnet C2 server (confidence level: 100%) | |
file193.26.115.52 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.48.55.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.255.98.216 | Havoc botnet C2 server (confidence level: 100%) | |
file86.106.87.158 | BianLian botnet C2 server (confidence level: 100%) | |
file38.55.199.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.119.235.231 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.34.3 | Sliver botnet C2 server (confidence level: 75%) | |
file3.160.199.180 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file31.184.196.130 | Sliver botnet C2 server (confidence level: 75%) | |
file64.95.11.106 | Sliver botnet C2 server (confidence level: 75%) | |
file43.163.87.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.133.5.224 | ShadowPad botnet C2 server (confidence level: 90%) | |
file185.49.126.235 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.150.34.182 | Hook botnet C2 server (confidence level: 100%) | |
file76.223.125.223 | Kaiji botnet C2 server (confidence level: 100%) | |
file52.149.122.11 | BianLian botnet C2 server (confidence level: 100%) | |
file193.143.1.19 | Mirai botnet C2 server (confidence level: 100%) | |
file213.148.26.193 | Meterpreter botnet C2 server (confidence level: 100%) | |
file82.29.61.37 | Mirai botnet C2 server (confidence level: 75%) | |
file139.180.193.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.224.227.209 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.196.10.153 | Remcos botnet C2 server (confidence level: 100%) | |
file94.237.52.233 | Sliver botnet C2 server (confidence level: 100%) | |
file188.127.231.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.224.124.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.203.56.216 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file93.232.97.253 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.143.99.196 | ERMAC botnet C2 server (confidence level: 100%) | |
file39.106.75.37 | MimiKatz botnet C2 server (confidence level: 100%) | |
file51.81.239.186 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.133.36.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.90.219.246 | Mirai botnet C2 server (confidence level: 100%) | |
file18.218.191.48 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.74.222.38 | Bashlite botnet C2 server (confidence level: 100%) | |
file87.251.79.180 | Bashlite botnet C2 server (confidence level: 100%) | |
file209.141.57.97 | Bashlite botnet C2 server (confidence level: 100%) | |
file205.185.115.242 | Bashlite botnet C2 server (confidence level: 100%) | |
file91.149.253.11 | Mirai botnet C2 server (confidence level: 100%) | |
file204.10.161.144 | Remcos botnet C2 server (confidence level: 100%) | |
file185.202.173.24 | Remcos botnet C2 server (confidence level: 100%) | |
file209.38.192.61 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.103.206 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.109.226.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.224.86.165 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.12.2 | DCRat botnet C2 server (confidence level: 100%) | |
file176.100.37.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file2.89.27.110 | QakBot botnet C2 server (confidence level: 75%) | |
file34.245.206.244 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file43.141.132.14 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file78.167.159.180 | QakBot botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash417 | Tofsee botnet C2 server (confidence level: 100%) | |
hash431 | Tofsee botnet C2 server (confidence level: 100%) | |
hash431 | Tofsee botnet C2 server (confidence level: 100%) | |
hash426 | Tofsee botnet C2 server (confidence level: 100%) | |
hash424 | Tofsee botnet C2 server (confidence level: 100%) | |
hash423 | Tofsee botnet C2 server (confidence level: 100%) | |
hash80 | Lumma Stealer payload delivery server (confidence level: 100%) | |
hash420 | Tofsee botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4746 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash423 | Tofsee botnet C2 server (confidence level: 100%) | |
hash428 | Tofsee botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash425 | Tofsee botnet C2 server (confidence level: 100%) | |
hash44311 | NjRAT botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9000 | DCRat botnet C2 server (confidence level: 100%) | |
hash8081 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash1000 | DCRat botnet C2 server (confidence level: 100%) | |
hash51606 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash502 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3335 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash418 | Tofsee botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash5590 | Remcos botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash5001 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9001 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash12162 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash81 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash37593 | XWorm botnet C2 server (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3939 | Remcos botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash26935 | BianLian botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8843 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash1999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash10081 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | BianLian botnet C2 server (confidence level: 100%) | |
hash9876 | Mirai botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1024 | Mirai botnet C2 server (confidence level: 75%) | |
hash887 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash8090 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2222 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7968 | Mirai botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Bashlite botnet C2 server (confidence level: 100%) | |
hash12345 | Bashlite botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash12345 | Bashlite botnet C2 server (confidence level: 100%) | |
hash42069 | Mirai botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5824 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9000 | DCRat botnet C2 server (confidence level: 100%) | |
hash1337 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash1912 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.hbskw.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainimpactsupport.world | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaintattoobg.com | AMOS botnet C2 domain (confidence level: 100%) | |
domaingratefulheartx.tech | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainbalancedzlife.tech | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainpgldrop24.pro | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainbellthinkyj28.help | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpatchpreseh.help | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnestlecompany.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingoogle.baobecgiang.net | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainec2-54-251-124-7.ap-southeast-1.compute.amazonaws.com | Hook botnet C2 domain (confidence level: 100%) | |
domain4399.canlonggame.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainunknown.serveblog.net | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainxeaefryx.top | ShadowPad botnet C2 domain (confidence level: 90%) | |
domainliftasoul.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.mail.www.1ogln.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainnaiftheking.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincheck.rlcbb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.kpwlp.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.lmdgg.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.fvqxp.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainnope-it-30183.portmap.host | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainservice-cyuasu6k-1319584009.nj.tencentapigw.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domainmike-second.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.hdfkc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainftp.dijiafuzhu.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainftp.kaf.jp.eu.org | Vidar botnet C2 domain (confidence level: 100%) | |
domainnewgoodthingsforkbhh.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaincheck.ltxgh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainrapiddevapi.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.psjvt.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainlestagames.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmammeporche.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincertificate.hypnotherapy-training.co.nz | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainurbjanjungle.tech | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbusheprettuv.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainablekettled.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainavoidshirru.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainachievesalutto.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbeatgoattk.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincobwebymitk.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainclosedsaccke.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincavemelodice.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbucketrenouv.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincherriestubb.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainactleavvek.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincloudsbeeseez.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincarrofiwi.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainerracitofge.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainforcehoppen.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrackerdisccre.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincreppugler.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincomepreventsur.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfraildinerip.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunruffled-mccarthy.45-143-99-196.plesk.page | ERMAC botnet C2 domain (confidence level: 100%) | |
domainkdljlignmgemecf.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainusdgyzjey4h.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainmioasfybz7y4.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainnfuagy7fgus.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainl284afj165tqz51.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainicciilhkbdgjggn.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainanccvfsrkauefoh.top | MintsLoader botnet C2 domain (confidence level: 100%) | |
domainapi.kaf.jp.eu.org | Vidar botnet C2 domain (confidence level: 100%) | |
domaincheck.jtfsn.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindns.windowsupdate.cloud | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincheck.jmnfp.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainyuzbook.info | Bashlite botnet C2 domain (confidence level: 100%) | |
domainthrtcc13vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixcc6vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivecc5vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainf1080509.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1081725.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1068264.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainct18031.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1080799.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1080822.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1080277.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1040668.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainsmoothsprin.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintwntcc20vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixjj6sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenjj10sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfrtnpp14sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonehh1pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwntpp20sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightjj8sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfrtncc14vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfrtnhh14pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwntjj20sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintnwnthh20pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfivgg5sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfrtggsb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainthrtgg13sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwntgg20th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainfrtgg14th.top | CryptBot botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.hbskw.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://bellthinkyj28.help/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://patchpreseh.help/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://196.251.90.44:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://ecozessentials.com/e6cb1c8fc7cd1659.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://119.45.118.52:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://115.120.242.123:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://check.rlcbb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.kpwlp.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://waveschurch.xyz/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://vasebox.art/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://93.123.84.246/limonswat.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.lmdgg.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.fvqxp.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://lompappojumm.click/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://nestlecompany.world/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://impactsupport.world/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://boldquestq.cyou/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://immo-etoiles.fr/wp-admin/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/zx6dukf9 | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://check.hdfkc.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://a1085017.xsph.ru/b3717072.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199828130190 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/g02f04 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.243.100/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.245.74/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ftp.kaf.jp.eu.org/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ftp.dijiafuzhu.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttp://45.207.197.39:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://fixuplink.com/fixuplink/application-patch/daily-2025-01/sysmender_connector.php | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttp://285857cm.nyanyash.ru/pythondbprivate.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.ltxgh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.psjvt.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://mammeporche.top/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://mammeporche.top/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://mammeporche.top/work/file.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://poormet.com/lol.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://busheprettuv.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ablekettled.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://avoidshirru.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://achievesalutto.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://beatgoattk.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cobwebymitk.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://closedsaccke.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cavemelodice.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bucketrenouv.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cherriestubb.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://actleavvek.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cloudsbeeseez.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://carrofiwi.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://erracitofge.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://forcehoppen.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crackerdisccre.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://creppugler.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://comepreventsur.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fraildinerip.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://api.kaf.jp.eu.org/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://check.jtfsn.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://193.143.1.77/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://kjgtg3242ioh254kjsobhkj353.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://3267hsd32jke47s3j402j4302h.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://edfwn923sfdml237vm90sdl23k.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://823jkfs4829nk48kef742kj675.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://sdglk33498knsf32667sfknwfr.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://952dsjk47kf73ls23k489klfdd.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://nzxvjej7337bjsdl232nsdlsfa.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://2348sdks230df834sd03272nsd.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://2dd6d23b6061211f9813c0c4d18f2a5f.com/n2zimdm2y2y5zdm1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://3edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://5edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://7edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://8edfwn923sacasfdml237vm90sdl23k.com/nta4mzixmjdkyznj/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://59.94.127.152:53645/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttp://u1.rejoincartridge.shop/never.m4a | Lumma Stealer payload delivery URL (confidence level: 75%) | |
urlhttps://check.jmnfp.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://185.180.230.239/securelowvoiddbflower/7polldownloadsuploads/universalmariadb/line5_/wpdle/centralmultiapi/windows/testeternaluploadspublic/pipebasepipemulti/uploads/dle/image/httpupdateprocessdbbase.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://auth.rastreiotransporte4f.com/mayl/saver/gravadados.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://smoothsprin.click/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://a1085424.xsph.ru/5f596469.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://sigmabioaef.atwebpages.com/12884306.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 682c7abce3e6de8ceb7503ec
Added to database: 5/20/2025, 12:51:08 PM
Last enriched: 6/19/2025, 1:20:09 PM
Last updated: 8/13/2025, 3:03:08 PM
Views: 11
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.