Skip to main content

ThreatFox IOCs for 2025-02-18

Medium
Published: Tue Feb 18 2025 (02/18/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-02-18

AI-Powered Analysis

AILast updated: 06/27/2025, 10:51:53 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-02-18 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific vulnerability or exploit. No affected product versions or specific malware families are identified, and no patches or known exploits in the wild are reported. The threat level is indicated as medium with a threatLevel score of 2 (on an unspecified scale), suggesting moderate concern. The technical details imply some level of analysis and distribution but lack concrete technical specifics such as attack vectors, payload behavior, or exploitation methods. The absence of CWEs and lack of indicators in the provided data limit the ability to assess the exact nature or mechanism of the threat. Overall, this appears to be an OSINT-based threat intelligence update providing network activity and payload delivery indicators to aid detection and response efforts rather than a direct vulnerability or active exploit targeting specific systems.

Potential Impact

For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities against potential malware campaigns. Since no specific malware or exploit details are provided, the direct operational impact is limited. However, the presence of payload delivery and network activity indicators suggests that organizations could face attempts at malware infiltration or command-and-control communications if these IOCs correspond to active campaigns. European entities with mature security operations centers (SOCs) and threat intelligence teams can leverage this information to update detection rules and monitor network traffic for suspicious activity. The medium severity rating implies that while the threat is not immediately critical, ignoring such intelligence could allow adversaries to establish footholds or exfiltrate data if payload delivery attempts succeed. The lack of known exploits in the wild reduces immediate risk but does not preclude future exploitation. Overall, the impact is moderate and mostly preventative, emphasizing the importance of proactive threat hunting and network monitoring.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise or suspicious behavior within the network. 3. Maintain up-to-date endpoint protection and network segmentation to limit the impact of potential payload delivery and lateral movement. 4. Employ network traffic analysis tools to monitor for anomalous communications that may align with the threat intelligence indicators. 5. Share updated threat intelligence with relevant internal teams and external partners to ensure coordinated defense efforts. 6. Since no patches are available, focus on detection and response capabilities rather than remediation. 7. Train security personnel to recognize and respond to indicators related to OSINT-derived threats and payload delivery techniques. 8. Regularly review and update firewall and proxy rules to block known malicious IPs or domains associated with the IOCs once identified.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f1f41889-9904-4dee-a51b-e2d7f7b027a1
Original Timestamp
1739923387

Indicators of Compromise

File

ValueDescriptionCopy
file185.7.214.51
Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146
Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5
Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.146
Tofsee botnet C2 server (confidence level: 100%)
file185.147.125.147
Tofsee botnet C2 server (confidence level: 100%)
file193.143.1.5
Tofsee botnet C2 server (confidence level: 100%)
file185.215.113.51
Lumma Stealer payload delivery server (confidence level: 100%)
file185.7.214.51
Tofsee botnet C2 server (confidence level: 100%)
file206.123.150.192
Remcos botnet C2 server (confidence level: 100%)
file128.90.103.206
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.103.206
AsyncRAT botnet C2 server (confidence level: 100%)
file52.74.224.241
Hook botnet C2 server (confidence level: 100%)
file181.162.178.164
Quasar RAT botnet C2 server (confidence level: 100%)
file13.208.165.189
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file193.35.17.242
ERMAC botnet C2 server (confidence level: 100%)
file152.42.230.191
Bashlite botnet C2 server (confidence level: 100%)
file194.113.74.174
MimiKatz botnet C2 server (confidence level: 100%)
file185.7.214.51
Tofsee botnet C2 server (confidence level: 100%)
file185.42.12.45
Tofsee botnet C2 server (confidence level: 100%)
file123.30.186.249
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.147.125.146
Tofsee botnet C2 server (confidence level: 100%)
file147.185.221.25
NjRAT botnet C2 server (confidence level: 100%)
file193.32.162.38
Mirai botnet C2 server (confidence level: 100%)
file91.223.70.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file181.235.4.255
Remcos botnet C2 server (confidence level: 100%)
file94.156.227.92
Remcos botnet C2 server (confidence level: 100%)
file185.196.10.153
Remcos botnet C2 server (confidence level: 100%)
file191.101.51.149
Remcos botnet C2 server (confidence level: 100%)
file112.121.164.202
Sliver botnet C2 server (confidence level: 100%)
file119.45.118.52
Unknown malware botnet C2 server (confidence level: 100%)
file193.26.115.52
AsyncRAT botnet C2 server (confidence level: 100%)
file69.48.202.241
AsyncRAT botnet C2 server (confidence level: 100%)
file156.253.228.55
Hook botnet C2 server (confidence level: 100%)
file157.20.182.52
Venom RAT botnet C2 server (confidence level: 100%)
file46.246.6.7
DCRat botnet C2 server (confidence level: 100%)
file54.227.76.173
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file84.200.154.125
PoshC2 botnet C2 server (confidence level: 100%)
file139.99.23.210
DCRat botnet C2 server (confidence level: 100%)
file96.126.112.85
Unknown malware botnet C2 server (confidence level: 100%)
file156.244.11.6
Unknown malware botnet C2 server (confidence level: 100%)
file198.74.55.179
Unknown malware botnet C2 server (confidence level: 100%)
file154.205.147.234
Unknown malware botnet C2 server (confidence level: 100%)
file156.244.0.116
Unknown malware botnet C2 server (confidence level: 100%)
file154.205.158.27
Unknown malware botnet C2 server (confidence level: 100%)
file182.61.19.58
Unknown malware botnet C2 server (confidence level: 100%)
file101.133.146.66
Unknown malware botnet C2 server (confidence level: 100%)
file18.216.30.157
Unknown malware botnet C2 server (confidence level: 100%)
file165.227.39.97
Unknown malware botnet C2 server (confidence level: 100%)
file52.58.153.129
Unknown malware botnet C2 server (confidence level: 100%)
file159.203.53.6
Unknown malware botnet C2 server (confidence level: 100%)
file74.48.175.44
Unknown malware botnet C2 server (confidence level: 100%)
file13.50.119.113
Unknown malware botnet C2 server (confidence level: 100%)
file35.240.13.130
Unknown malware botnet C2 server (confidence level: 100%)
file129.80.179.228
Unknown malware botnet C2 server (confidence level: 100%)
file3.0.103.25
Unknown malware botnet C2 server (confidence level: 100%)
file183.82.122.21
Unknown malware botnet C2 server (confidence level: 100%)
file137.184.57.51
Unknown malware botnet C2 server (confidence level: 100%)
file185.62.75.170
Unknown malware botnet C2 server (confidence level: 100%)
file65.1.134.76
Unknown malware botnet C2 server (confidence level: 100%)
file3.86.157.41
Unknown malware botnet C2 server (confidence level: 100%)
file5.223.54.91
Unknown malware botnet C2 server (confidence level: 100%)
file138.201.19.103
Unknown malware botnet C2 server (confidence level: 100%)
file45.138.16.50
AsyncRAT botnet C2 server (confidence level: 100%)
file185.7.214.51
Tofsee botnet C2 server (confidence level: 100%)
file185.208.156.45
Remcos botnet C2 server (confidence level: 75%)
file192.210.150.24
Remcos botnet C2 server (confidence level: 75%)
file23.97.56.187
Sliver botnet C2 server (confidence level: 50%)
file167.114.2.2
Sliver botnet C2 server (confidence level: 50%)
file137.184.190.241
Sliver botnet C2 server (confidence level: 50%)
file47.94.200.115
Sliver botnet C2 server (confidence level: 50%)
file139.180.193.31
Cobalt Strike botnet C2 server (confidence level: 50%)
file122.114.169.63
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.162.121.147
Cobalt Strike botnet C2 server (confidence level: 50%)
file155.138.214.192
Unknown malware botnet C2 server (confidence level: 50%)
file46.235.229.89
Unknown malware botnet C2 server (confidence level: 50%)
file163.172.234.31
Unknown malware botnet C2 server (confidence level: 50%)
file121.141.37.193
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.177.89.187
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file43.143.35.118
Cobalt Strike botnet C2 server (confidence level: 50%)
file190.44.65.246
Xtreme RAT botnet C2 server (confidence level: 50%)
file116.251.133.7
XWorm botnet C2 server (confidence level: 50%)
file95.217.243.100
Vidar botnet C2 server (confidence level: 100%)
file95.217.245.74
Vidar botnet C2 server (confidence level: 100%)
file116.202.180.73
Vidar botnet C2 server (confidence level: 100%)
file110.41.131.240
Cobalt Strike botnet C2 server (confidence level: 100%)
file194.59.31.30
Remcos botnet C2 server (confidence level: 100%)
file95.111.215.157
Sliver botnet C2 server (confidence level: 100%)
file193.26.115.52
AsyncRAT botnet C2 server (confidence level: 100%)
file13.48.55.8
Unknown malware botnet C2 server (confidence level: 100%)
file5.255.98.216
Havoc botnet C2 server (confidence level: 100%)
file86.106.87.158
BianLian botnet C2 server (confidence level: 100%)
file38.55.199.105
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.119.235.231
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.204.34.3
Sliver botnet C2 server (confidence level: 75%)
file3.160.199.180
DeimosC2 botnet C2 server (confidence level: 75%)
file31.184.196.130
Sliver botnet C2 server (confidence level: 75%)
file64.95.11.106
Sliver botnet C2 server (confidence level: 75%)
file43.163.87.97
Cobalt Strike botnet C2 server (confidence level: 100%)
file195.133.5.224
ShadowPad botnet C2 server (confidence level: 90%)
file185.49.126.235
AsyncRAT botnet C2 server (confidence level: 100%)
file45.150.34.182
Hook botnet C2 server (confidence level: 100%)
file76.223.125.223
Kaiji botnet C2 server (confidence level: 100%)
file52.149.122.11
BianLian botnet C2 server (confidence level: 100%)
file193.143.1.19
Mirai botnet C2 server (confidence level: 100%)
file213.148.26.193
Meterpreter botnet C2 server (confidence level: 100%)
file82.29.61.37
Mirai botnet C2 server (confidence level: 75%)
file139.180.193.31
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.224.227.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.196.10.153
Remcos botnet C2 server (confidence level: 100%)
file94.237.52.233
Sliver botnet C2 server (confidence level: 100%)
file188.127.231.164
AsyncRAT botnet C2 server (confidence level: 100%)
file54.224.124.72
Unknown malware botnet C2 server (confidence level: 100%)
file116.203.56.216
Quasar RAT botnet C2 server (confidence level: 100%)
file93.232.97.253
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.143.99.196
ERMAC botnet C2 server (confidence level: 100%)
file39.106.75.37
MimiKatz botnet C2 server (confidence level: 100%)
file51.81.239.186
Unknown malware botnet C2 server (confidence level: 100%)
file43.133.36.25
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.90.219.246
Mirai botnet C2 server (confidence level: 100%)
file18.218.191.48
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.74.222.38
Bashlite botnet C2 server (confidence level: 100%)
file87.251.79.180
Bashlite botnet C2 server (confidence level: 100%)
file209.141.57.97
Bashlite botnet C2 server (confidence level: 100%)
file205.185.115.242
Bashlite botnet C2 server (confidence level: 100%)
file91.149.253.11
Mirai botnet C2 server (confidence level: 100%)
file204.10.161.144
Remcos botnet C2 server (confidence level: 100%)
file185.202.173.24
Remcos botnet C2 server (confidence level: 100%)
file209.38.192.61
Sliver botnet C2 server (confidence level: 100%)
file128.90.103.206
AsyncRAT botnet C2 server (confidence level: 100%)
file65.109.226.131
Unknown malware botnet C2 server (confidence level: 100%)
file212.224.86.165
Havoc botnet C2 server (confidence level: 100%)
file46.246.12.2
DCRat botnet C2 server (confidence level: 100%)
file176.100.37.204
Unknown malware botnet C2 server (confidence level: 100%)
file2.89.27.110
QakBot botnet C2 server (confidence level: 75%)
file34.245.206.244
NetSupportManager RAT botnet C2 server (confidence level: 75%)
file43.141.132.14
DeimosC2 botnet C2 server (confidence level: 75%)
file78.167.159.180
QakBot botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash80
Lumma Stealer payload delivery server (confidence level: 100%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash2405
Remcos botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Hook botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash4746
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
ERMAC botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash8000
MimiKatz botnet C2 server (confidence level: 100%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash44311
NjRAT botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash4449
Venom RAT botnet C2 server (confidence level: 100%)
hash9000
DCRat botnet C2 server (confidence level: 100%)
hash8081
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
PoshC2 botnet C2 server (confidence level: 100%)
hash1000
DCRat botnet C2 server (confidence level: 100%)
hash51606
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash502
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3335
Unknown malware botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash5590
Remcos botnet C2 server (confidence level: 75%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash5001
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Unknown malware botnet C2 server (confidence level: 50%)
hash9001
Unknown malware botnet C2 server (confidence level: 50%)
hash7443
Unknown malware botnet C2 server (confidence level: 50%)
hash6000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash12162
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash81
Xtreme RAT botnet C2 server (confidence level: 50%)
hash37593
XWorm botnet C2 server (confidence level: 50%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3939
Remcos botnet C2 server (confidence level: 100%)
hash4443
Sliver botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash26935
BianLian botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8843
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
ShadowPad botnet C2 server (confidence level: 90%)
hash1999
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash10081
Kaiji botnet C2 server (confidence level: 100%)
hash80
BianLian botnet C2 server (confidence level: 100%)
hash9876
Mirai botnet C2 server (confidence level: 100%)
hash3790
Meterpreter botnet C2 server (confidence level: 100%)
hash1024
Mirai botnet C2 server (confidence level: 75%)
hash887
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000
Remcos botnet C2 server (confidence level: 100%)
hash8090
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash2222
Quasar RAT botnet C2 server (confidence level: 100%)
hash82
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
ERMAC botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash9999
Unknown malware botnet C2 server (confidence level: 100%)
hash8082
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7968
Mirai botnet C2 server (confidence level: 100%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Bashlite botnet C2 server (confidence level: 100%)
hash12345
Bashlite botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash12345
Bashlite botnet C2 server (confidence level: 100%)
hash42069
Mirai botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash5824
Remcos botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash9000
DCRat botnet C2 server (confidence level: 100%)
hash1337
Unknown malware botnet C2 server (confidence level: 100%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash1912
NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash10250
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)

Domain

ValueDescriptionCopy
domaincheck.hbskw.icu
ClearFake payload delivery domain (confidence level: 100%)
domainimpactsupport.world
Lumma Stealer payload delivery domain (confidence level: 100%)
domaintattoobg.com
AMOS botnet C2 domain (confidence level: 100%)
domaingratefulheartx.tech
Lumma Stealer payload delivery domain (confidence level: 100%)
domainbalancedzlife.tech
Lumma Stealer payload delivery domain (confidence level: 100%)
domainpgldrop24.pro
Lumma Stealer payload delivery domain (confidence level: 100%)
domainbellthinkyj28.help
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpatchpreseh.help
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnestlecompany.world
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingoogle.baobecgiang.net
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainec2-54-251-124-7.ap-southeast-1.compute.amazonaws.com
Hook botnet C2 domain (confidence level: 100%)
domain4399.canlonggame.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainunknown.serveblog.net
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainxeaefryx.top
ShadowPad botnet C2 domain (confidence level: 90%)
domainliftasoul.shop
Unknown malware botnet C2 domain (confidence level: 100%)
domainwww.mail.www.1ogln.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainnaiftheking.xyz
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincheck.rlcbb.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.kpwlp.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.lmdgg.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.fvqxp.icu
ClearFake payload delivery domain (confidence level: 100%)
domainnope-it-30183.portmap.host
AsyncRAT botnet C2 domain (confidence level: 50%)
domainservice-cyuasu6k-1319584009.nj.tencentapigw.com
Cobalt Strike botnet C2 domain (confidence level: 50%)
domainmike-second.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincheck.hdfkc.icu
ClearFake payload delivery domain (confidence level: 100%)
domainftp.dijiafuzhu.xyz
Vidar botnet C2 domain (confidence level: 100%)
domainftp.kaf.jp.eu.org
Vidar botnet C2 domain (confidence level: 100%)
domainnewgoodthingsforkbhh.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaincheck.ltxgh.icu
ClearFake payload delivery domain (confidence level: 100%)
domainrapiddevapi.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincheck.psjvt.icu
ClearFake payload delivery domain (confidence level: 100%)
domainlestagames.world
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmammeporche.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincertificate.hypnotherapy-training.co.nz
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainurbjanjungle.tech
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbusheprettuv.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainablekettled.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainavoidshirru.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainachievesalutto.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbeatgoattk.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincobwebymitk.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainclosedsaccke.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincavemelodice.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbucketrenouv.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincherriestubb.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainactleavvek.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincloudsbeeseez.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincarrofiwi.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainerracitofge.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainforcehoppen.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincrackerdisccre.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincreppugler.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincomepreventsur.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfraildinerip.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainunruffled-mccarthy.45-143-99-196.plesk.page
ERMAC botnet C2 domain (confidence level: 100%)
domainkdljlignmgemecf.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainusdgyzjey4h.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainmioasfybz7y4.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainnfuagy7fgus.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainl284afj165tqz51.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainicciilhkbdgjggn.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainanccvfsrkauefoh.top
MintsLoader botnet C2 domain (confidence level: 100%)
domainapi.kaf.jp.eu.org
Vidar botnet C2 domain (confidence level: 100%)
domaincheck.jtfsn.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindns.windowsupdate.cloud
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincheck.jmnfp.icu
ClearFake payload delivery domain (confidence level: 100%)
domainyuzbook.info
Bashlite botnet C2 domain (confidence level: 100%)
domainthrtcc13vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixcc6vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfivecc5vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainf1080509.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1081725.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainf1068264.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainct18031.tw1.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1080799.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1080822.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1080277.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domaina1040668.xsph.ru
DCRat botnet C2 domain (confidence level: 100%)
domainsmoothsprin.click
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintwntcc20vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainsixjj6sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintenjj10sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfrtnpp14sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainonehh1pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwntpp20sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaineightjj8sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfrtncc14vs.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfrtnhh14pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwntjj20sr.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintnwnthh20pn.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfivgg5sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfrtggsb.top
CryptBot botnet C2 domain (confidence level: 100%)
domainthrtgg13sb.top
CryptBot botnet C2 domain (confidence level: 100%)
domaintwntgg20th.top
CryptBot botnet C2 domain (confidence level: 100%)
domainfrtgg14th.top
CryptBot botnet C2 domain (confidence level: 100%)

Url

ValueDescriptionCopy
urlhttps://check.hbskw.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://bellthinkyj28.help/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://patchpreseh.help/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://196.251.90.44:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://ecozessentials.com/e6cb1c8fc7cd1659.php
Stealc botnet C2 (confidence level: 100%)
urlhttp://119.45.118.52:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://115.120.242.123:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://check.rlcbb.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.kpwlp.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://waveschurch.xyz/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://vasebox.art/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://93.123.84.246/limonswat.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://check.lmdgg.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.fvqxp.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://lompappojumm.click/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://nestlecompany.world/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://impactsupport.world/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://boldquestq.cyou/api
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://immo-etoiles.fr/wp-admin/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/zx6dukf9
XWorm botnet C2 (confidence level: 50%)
urlhttps://check.hdfkc.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://a1085017.xsph.ru/b3717072.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199828130190
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/g02f04
Vidar botnet C2 (confidence level: 100%)
urlhttps://95.217.243.100/
Vidar botnet C2 (confidence level: 100%)
urlhttps://95.217.245.74/
Vidar botnet C2 (confidence level: 100%)
urlhttps://ftp.kaf.jp.eu.org/
Vidar botnet C2 (confidence level: 100%)
urlhttps://ftp.dijiafuzhu.xyz/
Vidar botnet C2 (confidence level: 100%)
urlhttp://45.207.197.39:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://fixuplink.com/fixuplink/application-patch/daily-2025-01/sysmender_connector.php
Matanbuchus botnet C2 (confidence level: 100%)
urlhttp://285857cm.nyanyash.ru/pythondbprivate.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://check.ltxgh.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.psjvt.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://mammeporche.top/work/original.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mammeporche.top/work/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mammeporche.top/work/file.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://poormet.com/lol.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://busheprettuv.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://ablekettled.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://avoidshirru.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://achievesalutto.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://beatgoattk.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cobwebymitk.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://closedsaccke.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cavemelodice.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://bucketrenouv.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cherriestubb.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://actleavvek.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cloudsbeeseez.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://carrofiwi.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://erracitofge.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://forcehoppen.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://crackerdisccre.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://creppugler.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://comepreventsur.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fraildinerip.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://api.kaf.jp.eu.org/
Vidar botnet C2 (confidence level: 100%)
urlhttps://check.jtfsn.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://193.143.1.77/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://kjgtg3242ioh254kjsobhkj353.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://3267hsd32jke47s3j402j4302h.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://edfwn923sfdml237vm90sdl23k.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://823jkfs4829nk48kef742kj675.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://sdglk33498knsf32667sfknwfr.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://952dsjk47kf73ls23k489klfdd.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://nzxvjej7337bjsdl232nsdlsfa.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://2348sdks230df834sd03272nsd.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttps://edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
Coper botnet C2 (confidence level: 80%)
urlhttps://2dd6d23b6061211f9813c0c4d18f2a5f.com/n2zimdm2y2y5zdm1/
Coper botnet C2 (confidence level: 80%)
urlhttps://3edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
Coper botnet C2 (confidence level: 80%)
urlhttps://5edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
Coper botnet C2 (confidence level: 80%)
urlhttps://7edfwn923sacasfdml237vm90sdl23k.com/n2zimdm2y2y5zdm1/
Coper botnet C2 (confidence level: 80%)
urlhttps://8edfwn923sacasfdml237vm90sdl23k.com/nta4mzixmjdkyznj/
Coper botnet C2 (confidence level: 80%)
urlhttp://59.94.127.152:53645/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://u1.rejoincartridge.shop/never.m4a
Lumma Stealer payload delivery URL (confidence level: 75%)
urlhttps://check.jmnfp.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://185.180.230.239/securelowvoiddbflower/7polldownloadsuploads/universalmariadb/line5_/wpdle/centralmultiapi/windows/testeternaluploadspublic/pipebasepipemulti/uploads/dle/image/httpupdateprocessdbbase.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://auth.rastreiotransporte4f.com/mayl/saver/gravadados.php
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://smoothsprin.click/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://a1085424.xsph.ru/5f596469.php
DCRat botnet C2 (confidence level: 100%)
urlhttp://sigmabioaef.atwebpages.com/12884306.php
DCRat botnet C2 (confidence level: 100%)

Threat ID: 68367c98182aa0cae231e1ff

Added to database: 5/28/2025, 3:01:44 AM

Last enriched: 6/27/2025, 10:51:53 AM

Last updated: 8/10/2025, 11:26:27 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats