ThreatFox IOCs for 2025-02-24
Severity: mediumType: malware
ThreatFox IOCs for 2025-02-24
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-02-24," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it relates to open-source intelligence, which typically involves gathering publicly available data to identify malicious activity or malware campaigns. However, no specific malware family, attack vector, or affected software versions are detailed, and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution potential but limited analysis depth. There are no known exploits in the wild, and no indicators of compromise (IOCs) are listed, which limits the ability to perform detailed technical attribution or signature-based detection. The lack of affected versions and product specifics implies that this intelligence is more of a general alert or a collection of IOCs rather than a targeted vulnerability or exploit. The threat is tagged with "tlp:white," indicating that the information is intended for wide distribution without restrictions. Overall, this appears to be an early-stage or low-confidence intelligence report on malware-related activity derived from OSINT sources, with limited actionable technical details at this time.
Potential Impact
Given the limited technical details and absence of known exploits or specific affected products, the immediate impact on European organizations is likely to be low to medium. The threat's classification as malware and its moderate distribution rating suggest potential for propagation, but without clear attack vectors or targeted systems, the risk remains generalized. European organizations relying heavily on OSINT tools or platforms similar to ThreatFox for threat intelligence might experience indirect impacts if the malware targets such infrastructures or if the IOCs relate to emerging campaigns affecting their sectors. Potential impacts include data confidentiality breaches if the malware is designed for information theft, integrity compromises if it alters data or system configurations, and availability issues if it includes destructive payloads. However, the absence of known exploits in the wild and no authentication or user interaction details imply that exploitation complexity may be moderate, reducing immediate threat severity. Strategic sectors in Europe, such as critical infrastructure, finance, and government, should remain vigilant given their attractiveness to malware campaigns, but no direct targeting evidence is present in this report.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Organizations should integrate multiple threat intelligence sources beyond ThreatFox to corroborate and enrich IOC data, improving detection capabilities. 2. Proactive IOC Hunting: Even though no IOCs are listed here, security teams should perform regular network and endpoint scans for emerging indicators related to this threat as they become available. 3. Endpoint Protection: Deploy and maintain advanced endpoint detection and response (EDR) solutions capable of behavioral analysis to detect unknown or emerging malware variants. 4. User Awareness Training: Educate users on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware, even if user interaction is not explicitly required here. 5. Network Segmentation: Limit lateral movement opportunities by segmenting critical networks and applying strict access controls. 6. Patch Management: Although no patches are linked, maintaining up-to-date systems reduces the attack surface for malware leveraging known vulnerabilities. 7. Incident Response Preparedness: Develop and regularly test incident response plans to quickly contain and remediate malware infections. 8. Collaboration: Engage with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and share intelligence on emerging threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- domain: check.losex.icu
- hash: f9a434fbe25072fc39d489bc5d81199a400df250de95b79478f9fd72e7cb24fd
- hash: 3998df95eaaf37c8dbc24241bd7308c3c084f43ad2f86907074dc8c19dcd2afe
- url: http://64.94.85.91/systemd
- url: http://64.94.85.91/svchost.exe
- url: http://ns1.china-net-proxy.com/svchost.exe
- url: http://ns1.china-net-proxy.com/systemd
- url: https://sketctedpilld.digital/api
- url: https://mosquwinteck.digital/api
- url: https://surveycupboar.digital/api
- url: https://physicalsnowwer.digital/api
- url: https://girflekoma.digital/api
- url: https://fallerestez.digital/api
- domain: sketctedpilld.digital
- domain: mosquwinteck.digital
- domain: surveycupboar.digital
- domain: physicalsnowwer.digital
- url: https://blazinghorizon.xyz/mdk5zdhlnzq4mwy3/
- url: https://shadowhaven.xyz/mjfjnzk4zgq1mdyz/
- url: https://emberisle.xyz/mjfjnzk4zgq1mdyz/
- file: 8.222.178.113
- hash: 443
- domain: techniccell.click
- file: 181.162.179.163
- hash: 8080
- domain: webdisk.topzbuscartio.xyz
- domain: cpcalendars.police-mt077.website
- domain: webmail.ufabetgameslover.xyz
- domain: cpcontacts.ufabets.website
- domain: cpanel.topgadgettechnewz1.xyz
- domain: cpanel.bottomofbusiness.xyz
- domain: webdisk.digitalbusineszclub.xyz
- domain: cpcalendars.gamesoftotoandtotoof.xyz
- domain: cpanel.paranewslivesab.xyz
- domain: webmail.bestteamofufabetgames.xyz
- domain: webmail.ashionof121.xyz
- domain: webmail.ufatopgames.website
- domain: webmail.homeimprovementbox.website
- domain: cpanel.fivetopbusiness.website
- domain: webdisk.welovetotogames.xyz
- domain: cpcontacts.fieldznorms.xyz
- domain: cpcalendars.homeimprovementbloopers.website
- domain: cpanel.tectotechnologynewzz.xyz
- domain: cpcalendars.totogames1network.xyz
- domain: cpanel.totogames1network.xyz
- domain: webmail.toriters1.website
- domain: cpanel.ufabetgames1010.xyz
- domain: webmail.time2levelz.xyz
- domain: cpcalendars.bottomofbusiness.website
- file: 103.101.178.170
- hash: 448
- url: http://cc28022.tw1.ru/l1nc0in.php
- url: http://a1087552.xsph.ru/257d2d6e.php
- domain: test250223.iqiyib.icu
- file: 103.246.245.125
- hash: 80
- file: 103.68.251.170
- hash: 4455
- file: 196.251.80.186
- hash: 443
- file: 194.238.29.164
- hash: 25
- file: 144.76.103.92
- hash: 15647
- domain: cpanel.businesswithloyal.xyz
- domain: webmail.toriters7.xyz
- domain: cpcontacts.levelfrstdm.xyz
- domain: webdisk.homesemupo.xyz
- domain: cpanel.businesssabart.xyz
- domain: webdisk.apexhomeimprovement.xyz
- domain: webmail.games777games.xyz
- domain: cpanel.apexhomeimprovement.website
- domain: cpcontacts.gamesofalltotobest.xyz
- domain: cpcontacts.ufabetgames1010.xyz
- domain: cpcalendars.toplavishnewz43.xyz
- domain: webdisk.mindfulwellnesshq.xyz
- domain: cpcalendars.businessnewznetwork.com
- domain: cpcalendars.fortlivenewzshub.xyz
- domain: webmail.takeufagame1111.xyz
- domain: cpanel.techspilotx.website
- domain: webmail.pointtotechiworld.xyz
- domain: cpcalendars.bottomofbusiness.xyz
- domain: webdisk.pointtotechiworld.xyz
- domain: cpanel.mindfulwellnesshq.xyz
- domain: webdisk.police-mt077.website
- domain: webmail.bestonenewznet.com
- domain: cpcalendars.levelfrstdm.xyz
- domain: cpcalendars.homeimprovementbusiness.xyz
- domain: webmail.onlinegameshub.xyz
- domain: cavite.eu
- domain: cpcalendars.textcentrzdmnewz.xyz
- domain: webdisk.paranewslivesab.xyz
- domain: cpcontacts.trendingbstuisports.xyz
- domain: cpanel.bestufaneedsgames.xyz
- domain: cpcalendars.bestnewznetworks.com
- domain: cpanel.totobestliv.com
- domain: cpanel.bigmedianetwrk.com
- domain: webdisk.businesstimehub.com
- domain: cpcalendars.onebusinessportal.xyz
- file: 13.247.183.109
- hash: 2086
- file: 46.8.122.253
- hash: 443
- file: 107.189.25.159
- hash: 80
- file: 195.111.1.70
- hash: 3333
- file: 65.20.75.63
- hash: 4488
- file: 35.83.139.155
- hash: 80
- file: 35.83.139.155
- hash: 443
- file: 209.227.221.24
- hash: 3333
- file: 167.71.253.133
- hash: 3333
- file: 209.38.114.233
- hash: 3333
- file: 13.127.32.184
- hash: 443
- file: 57.128.227.34
- hash: 3333
- file: 13.236.203.66
- hash: 8443
- domain: ortain7histos1.duckdns.org
- file: 172.94.9.165
- hash: 57484
- domain: somakeawish.com
- file: 46.173.214.43
- hash: 80
- file: 51.81.149.203
- hash: 5520
- file: 8.138.178.223
- hash: 80
- file: 123.207.210.229
- hash: 8081
- file: 47.92.211.202
- hash: 8088
- file: 47.92.211.202
- hash: 4321
- file: 141.164.59.23
- hash: 80
- file: 43.143.253.205
- hash: 8888
- file: 185.22.65.45
- hash: 3333
- file: 111.119.220.64
- hash: 9205
- file: 196.251.118.67
- hash: 31337
- file: 72.214.157.40
- hash: 2083
- domain: supercellcalls.com
- domain: suprasrvoknew.giize.com
- domain: lxtihmjohnson163.airdns.org
- domain: filirat.ddns.net
- file: 35.154.189.194
- hash: 13698
- domain: opy.ydns.eu
- domain: zyg.ydns.eu
- domain: freshserver.ddns.net
- domain: sunrisebcg.duckdns.org
- url: https://pastebin.com/raw/ff2igx1a
- url: https://pastebin.com/raw/qgllv6ru
- domain: bill-finite.gl.at.ply.gg
- domain: group-rats.gl.at.ply.gg
- domain: jvurrwti4.localto.net
- domain: story-secondary.gl.at.ply.gg
- domain: fpaul-nw.gl.at.ply.gg
- domain: dwasf-31668.portmap.host
- domain: wooff-21122.portmap.host
- file: 193.161.193.99
- hash: 31668
- file: 193.161.193.99
- hash: 21122
- file: 195.211.191.34
- hash: 1912
- file: 74.176.106.50
- hash: 443
- file: 172.111.198.20
- hash: 8808
- file: 164.90.166.202
- hash: 7443
- domain: jin11.xiaodong88.cn
- domain: cpanel.allthefiver.com
- domain: salsaspots.com
- domain: cpcalendars.theonesevennews.com
- domain: avtest.salsaspots.com
- domain: webmail.sportsdhub.com
- domain: cpcalendars.gamesofsportsandtoto.com
- domain: webmail.topmediainfos.com
- domain: webmail.gamesofsportsandtoto.com
- domain: cpanel.bestnewznetworks.com
- domain: cpcontacts.gamesofalltoto.com
- domain: cpcontacts.newzofnetworksera.com
- domain: cpanel.testmedia89.com
- domain: cpanel.techdeepart.com
- file: 51.21.2.102
- hash: 465
- url: http://94.156.177.41/sss1/five/fre.php
- domain: check.zasek.icu
- url: https://check.zasek.icu/gkcxv.google
- url: http://cs44110.tw1.ru/l1nc0in.php
- file: 141.98.212.51
- hash: 60000
- file: 44.201.149.221
- hash: 9200
- url: http://ca97087.tw1.ru/f47c488a.php
- url: http://94.156.177.41/sss1/five/pvqdq929bsx_a_d_m1n_a.php
- url: http://cd99222.tw1.ru/4e8a3e19.php
- url: https://wonderchristmas.store/jupdate.php
- url: http://netupdates.info/board/board.php
- domain: wonderchristmas.store
- domain: netupdates.info
- url: https://amusementshop.icu/art.php
- url: https://coachtail.icu/art.php
- file: 70.175.8.139
- hash: 1080
- file: 98.191.28.184
- hash: 3310
- file: 184.188.165.218
- hash: 8880
- file: 72.215.209.143
- hash: 443
- file: 172.187.169.1
- hash: 443
- file: 196.251.85.69
- hash: 31337
- file: 134.209.238.209
- hash: 443
- file: 34.216.211.60
- hash: 4443
- file: 34.46.137.110
- hash: 3333
- url: https://94.156.177.41/sss1/five/pvqdq929bsx_a_d_m1n_a.php
- domain: pasteware172.ddns.net
- domain: check.wefoj.icu
- url: https://check.wefoj.icu/gkcxv.google
- file: 50.16.2.216
- hash: 2095
- file: 50.16.2.216
- hash: 443
- file: 50.16.2.216
- hash: 80
- file: 50.16.2.216
- hash: 8880
- file: 198.23.138.107
- hash: 8000
- file: 149.28.202.57
- hash: 2095
- file: 194.238.29.164
- hash: 8808
- file: 87.121.79.95
- hash: 7443
- file: 102.117.171.47
- hash: 7443
- file: 194.26.192.161
- hash: 80
- domain: cpcontacts.newzwireread.com
- domain: webmail.bestnewznetworkofone.com
- domain: webdisk.topdmdarama.com
- domain: cpcontacts.welovetotogames.com
- domain: cpcalendars.tectotechnology.com
- domain: webmail.sports777games.com
- domain: webdisk.testmedia89.com
- file: 196.251.85.154
- hash: 2000
- file: 84.154.182.153
- hash: 81
- file: 18.212.34.158
- hash: 8008
- file: 13.214.201.99
- hash: 1098
- file: 107.189.25.170
- hash: 8081
- file: 135.237.137.54
- hash: 4444
- file: 191.101.131.226
- hash: 8081
- domain: acuweld.ddns.net
- file: 196.251.89.74
- hash: 3440
- domain: check.mowuf.icu
- url: http://107.173.30.188:8888/supershell/login/
- url: https://check.mowuf.icu/gkcxv.google
- domain: check.lefoh.icu
- url: https://check.lefoh.icu/gkcxv.google
- domain: check.vomel.icu
- url: https://check.vomel.icu/gkcxv.google
- domain: advertised.life
- domain: pirtyoffensiz.bet
- domain: outlinedtrai.bet
- domain: check.zahem.icu
- url: https://milebox.shop/work/original.js
- domain: milebox.shop
- url: https://milebox.shop/work/index.php
- url: https://milebox.shop/work/up.php
- url: https://kusal.com/panmap.zip
- url: https://check.zahem.icu/gkcxv.google
- domain: cjreativejourney.tech
- domain: check.hewud.icu
- url: https://check.hewud.icu/gkcxv.google
- domain: check.peqoz.icu
- url: https://check.peqoz.icu/gkcxv.google
- url: http://a1083054.xsph.ru/267be9dc.php
- url: http://touxzw.ir/sss2/five/fre.php
- file: 20.2.165.150
- hash: 80
- file: 112.124.28.230
- hash: 4444
- file: 46.183.222.61
- hash: 2404
- file: 196.251.85.69
- hash: 443
- file: 161.248.87.241
- hash: 8888
- file: 13.60.202.169
- hash: 80
- domain: webdisk.homeimprovementbrad.website
- domain: webdisk.bestpotworldzhb.xyz
- domain: cpcontacts.businesspros.xyz
- domain: cpcalendars.fivetopbusiness.xyz
- domain: cpanel.onebusinessportal.website
- domain: cpcontacts.artisansrealm.xyz
- domain: cpanel.businessportal.website
- domain: webmail.fastnewclub.xyz
- file: 18.197.226.57
- hash: 8081
- file: 63.176.155.208
- hash: 80
- domain: check.wijas.icu
- url: https://check.wijas.icu/gkcxv.google
- domain: exfiltrator.online
- domain: stratv.digitapik.com
- file: 135.181.7.48
- hash: 53
- file: 45.153.231.3
- hash: 53
- domain: check.jeven.icu
- file: 45.192.102.5
- hash: 1995
- domain: bot.freedma.xyz
- url: http://touxzw.ir/sss2/five/pvqdq929bsx_a_d_m1n_a.php
- url: https://check.jeven.icu/gkcxv.google
- domain: thirtyfive35.ydns.eu
- domain: thirtyfivev.crabdance.com
- domain: twentyfive25.ydns.eu
- domain: wariti-61318.portmap.host
- domain: m-anm09-bmernm2437mnkbsgd.duckdns.org
- file: 216.9.226.167
- hash: 1280
- domain: considered-lol.gl.at.ply.gg
- domain: off-ultimate.gl.at.ply.gg
- domain: rizzing-64354.portmap.host
- domain: synoacoustic-48269.portmap.host
- domain: check.nawog.icu
- file: 194.85.251.31
- hash: 5555
- url: https://check.nawog.icu/gkcxv.google
- url: https://pasteflawwed.world/api
- url: https://hoyoverse.blog/api
- url: https://dsfljsdfjewf.info/api
- url: https://decreaserid.world/api
- url: https://outlinedtrai.bet/api
- url: https://check.wuhav.icu/gkcxv.google
- url: http://u1.possibleshimmer.shop/chinachina.mp4
- domain: u1.possibleshimmer.shop
- file: 103.80.19.178
- hash: 52668
- file: 103.80.19.182
- hash: 52668
- file: 179.13.0.133
- hash: 2404
- file: 196.251.84.215
- hash: 2404
- file: 172.111.232.230
- hash: 8201
- file: 176.65.141.249
- hash: 80
- file: 165.154.230.180
- hash: 10000
- file: 112.121.164.204
- hash: 31337
- file: 112.121.164.205
- hash: 31337
- file: 112.121.164.206
- hash: 31337
- file: 66.94.116.48
- hash: 8808
- file: 166.88.90.22
- hash: 8808
- file: 128.90.102.227
- hash: 2000
- file: 174.138.103.46
- hash: 7443
- file: 104.237.133.29
- hash: 40056
- domain: cpcalendars.bestonlinegamez.xyz
- domain: webdisk.bsttoolswx.website
- domain: webmail.enjoyufabet.xyz
- domain: cpcalendars.artnewzdaily.xyz
- file: 209.38.136.123
- hash: 443
- file: 81.169.158.60
- hash: 8081
- domain: cpanel.ufabetandcasinos.website
- domain: cpcalendars.dgmrtktnewz.website
- domain: cpcontacts.domizmusk.website
- domain: cpcalendars.homeimprovementbrad.website
- domain: cpcontacts.businesshostz.xyz
- domain: webmail.dmspotzera.xyz
- domain: webmail.gamesandufabetpro.website
- domain: cpanel.8761gamesofarts.xyz
- domain: webmail.medtopzhub.xyz
- file: 157.10.45.11
- hash: 7000
- file: 54.95.202.23
- hash: 5986
- file: 13.61.16.175
- hash: 80
- file: 94.237.6.242
- hash: 8000
- file: 107.189.18.183
- hash: 443
- file: 165.154.230.180
- hash: 8443
- file: 196.251.69.39
- hash: 7070
- file: 43.153.3.77
- hash: 60000
- file: 47.158.154.215
- hash: 443
- file: 50.60.138.108
- hash: 995
- file: 86.123.221.75
- hash: 443
- file: 95.169.203.67
- hash: 443
- file: 99.83.212.102
- hash: 443
- file: 147.45.219.252
- hash: 5552
- domain: 704mha60crfrd.cfc-execute.bj.baidubce.com
- domain: dubai-wealth-hub.co.uk
- file: 147.182.227.233
- hash: 443
- file: 209.38.7.235
- hash: 443
ThreatFox IOCs for 2025-02-24
Medium
Published: Mon Feb 24 2025 (02/24/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-02-24
AI-Powered Analysis
AILast updated: 06/19/2025, 15:19:32 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-02-24," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating that it relates to open-source intelligence, which typically involves gathering publicly available data to identify malicious activity or malware campaigns. However, no specific malware family, attack vector, or affected software versions are detailed, and no Common Weakness Enumerations (CWEs) or patch links are provided. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate distribution potential but limited analysis depth. There are no known exploits in the wild, and no indicators of compromise (IOCs) are listed, which limits the ability to perform detailed technical attribution or signature-based detection. The lack of affected versions and product specifics implies that this intelligence is more of a general alert or a collection of IOCs rather than a targeted vulnerability or exploit. The threat is tagged with "tlp:white," indicating that the information is intended for wide distribution without restrictions. Overall, this appears to be an early-stage or low-confidence intelligence report on malware-related activity derived from OSINT sources, with limited actionable technical details at this time.
Potential Impact
Given the limited technical details and absence of known exploits or specific affected products, the immediate impact on European organizations is likely to be low to medium. The threat's classification as malware and its moderate distribution rating suggest potential for propagation, but without clear attack vectors or targeted systems, the risk remains generalized. European organizations relying heavily on OSINT tools or platforms similar to ThreatFox for threat intelligence might experience indirect impacts if the malware targets such infrastructures or if the IOCs relate to emerging campaigns affecting their sectors. Potential impacts include data confidentiality breaches if the malware is designed for information theft, integrity compromises if it alters data or system configurations, and availability issues if it includes destructive payloads. However, the absence of known exploits in the wild and no authentication or user interaction details imply that exploitation complexity may be moderate, reducing immediate threat severity. Strategic sectors in Europe, such as critical infrastructure, finance, and government, should remain vigilant given their attractiveness to malware campaigns, but no direct targeting evidence is present in this report.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Organizations should integrate multiple threat intelligence sources beyond ThreatFox to corroborate and enrich IOC data, improving detection capabilities. 2. Proactive IOC Hunting: Even though no IOCs are listed here, security teams should perform regular network and endpoint scans for emerging indicators related to this threat as they become available. 3. Endpoint Protection: Deploy and maintain advanced endpoint detection and response (EDR) solutions capable of behavioral analysis to detect unknown or emerging malware variants. 4. User Awareness Training: Educate users on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware, even if user interaction is not explicitly required here. 5. Network Segmentation: Limit lateral movement opportunities by segmenting critical networks and applying strict access controls. 6. Patch Management: Although no patches are linked, maintaining up-to-date systems reduces the attack surface for malware leveraging known vulnerabilities. 7. Incident Response Preparedness: Develop and regularly test incident response plans to quickly contain and remediate malware infections. 8. Collaboration: Engage with European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to receive timely updates and share intelligence on emerging threats.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 35fff516-8e7f-4080-80cd-00e2ae0524ca
- Original Timestamp
- 1740441787
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.losex.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsketctedpilld.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmosquwinteck.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsurveycupboar.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainphysicalsnowwer.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintechniccell.click | Hook botnet C2 domain (confidence level: 100%) | |
domainwebdisk.topzbuscartio.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.police-mt077.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.ufabetgameslover.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.ufabets.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.topgadgettechnewz1.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bottomofbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.digitalbusineszclub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.gamesoftotoandtotoof.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.paranewslivesab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.bestteamofufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.ashionof121.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.ufatopgames.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.homeimprovementbox.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.fivetopbusiness.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.welovetotogames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.fieldznorms.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.homeimprovementbloopers.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.tectotechnologynewzz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.totogames1network.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.totogames1network.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.toriters1.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.ufabetgames1010.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.time2levelz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bottomofbusiness.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaintest250223.iqiyib.icu | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincpanel.businesswithloyal.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.toriters7.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.levelfrstdm.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.homesemupo.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.businesssabart.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.apexhomeimprovement.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.games777games.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.apexhomeimprovement.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.gamesofalltotobest.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.ufabetgames1010.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.toplavishnewz43.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.mindfulwellnesshq.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.businessnewznetwork.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.fortlivenewzshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.takeufagame1111.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.techspilotx.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.pointtotechiworld.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bottomofbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.pointtotechiworld.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.mindfulwellnesshq.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.police-mt077.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.bestonenewznet.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.levelfrstdm.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.homeimprovementbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.onlinegameshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincavite.eu | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.textcentrzdmnewz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.paranewslivesab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.trendingbstuisports.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bestufaneedsgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bestnewznetworks.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.totobestliv.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bigmedianetwrk.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.businesstimehub.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.onebusinessportal.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainortain7histos1.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainsomakeawish.com | TrickMo botnet C2 domain (confidence level: 100%) | |
domainsupercellcalls.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainsuprasrvoknew.giize.com | Mirai botnet C2 domain (confidence level: 50%) | |
domainlxtihmjohnson163.airdns.org | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainfilirat.ddns.net | NjRAT botnet C2 domain (confidence level: 50%) | |
domainopy.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainzyg.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainfreshserver.ddns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainsunrisebcg.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainbill-finite.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaingroup-rats.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainjvurrwti4.localto.net | XWorm botnet C2 domain (confidence level: 50%) | |
domainstory-secondary.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainfpaul-nw.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaindwasf-31668.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainwooff-21122.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainjin11.xiaodong88.cn | Hook botnet C2 domain (confidence level: 100%) | |
domaincpanel.allthefiver.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainsalsaspots.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.theonesevennews.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainavtest.salsaspots.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.sportsdhub.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.gamesofsportsandtoto.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.topmediainfos.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.gamesofsportsandtoto.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bestnewznetworks.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.gamesofalltoto.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.newzofnetworksera.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.testmedia89.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.techdeepart.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.zasek.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwonderchristmas.store | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainnetupdates.info | Unknown malware botnet C2 domain (confidence level: 75%) | |
domainpasteware172.ddns.net | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domaincheck.wefoj.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcontacts.newzwireread.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.bestnewznetworkofone.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.topdmdarama.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.welovetotogames.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.tectotechnology.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.sports777games.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.testmedia89.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainacuweld.ddns.net | DarkVision RAT botnet C2 domain (confidence level: 100%) | |
domaincheck.mowuf.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.lefoh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.vomel.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainadvertised.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpirtyoffensiz.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoutlinedtrai.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.zahem.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmilebox.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincjreativejourney.tech | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.hewud.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.peqoz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebdisk.homeimprovementbrad.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bestpotworldzhb.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.businesspros.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.fivetopbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.onebusinessportal.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.artisansrealm.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.businessportal.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.fastnewclub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.wijas.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainexfiltrator.online | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainstratv.digitapik.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincheck.jeven.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainbot.freedma.xyz | Mirai botnet C2 domain (confidence level: 75%) | |
domainthirtyfive35.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainthirtyfivev.crabdance.com | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaintwentyfive25.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainwariti-61318.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainm-anm09-bmernm2437mnkbsgd.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainconsidered-lol.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainoff-ultimate.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainrizzing-64354.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainsynoacoustic-48269.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.nawog.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.possibleshimmer.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcalendars.bestonlinegamez.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bsttoolswx.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.enjoyufabet.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.artnewzdaily.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.ufabetandcasinos.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.dgmrtktnewz.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.domizmusk.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.homeimprovementbrad.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.businesshostz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.dmspotzera.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.gamesandufabetpro.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.8761gamesofarts.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.medtopzhub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domain704mha60crfrd.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindubai-wealth-hub.co.uk | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hashf9a434fbe25072fc39d489bc5d81199a400df250de95b79478f9fd72e7cb24fd | Sliver payload (confidence level: 100%) | |
hash3998df95eaaf37c8dbc24241bd7308c3c084f43ad2f86907074dc8c19dcd2afe | Sliver payload (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash448 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4455 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash2086 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4488 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash57484 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | TrickMo botnet C2 server (confidence level: 75%) | |
hash5520 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4321 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash2083 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash13698 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash31668 | XWorm botnet C2 server (confidence level: 50%) | |
hash21122 | XWorm botnet C2 server (confidence level: 50%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash465 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash9200 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash1080 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash3310 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash8880 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash443 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash2095 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash2000 | DCRat botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8008 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1098 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3440 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1995 | Mirai botnet C2 server (confidence level: 75%) | |
hash1280 | Remcos botnet C2 server (confidence level: 50%) | |
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash52668 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash52668 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8201 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash10000 | Sliver botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash40056 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5986 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | WarmCookie botnet C2 server (confidence level: 50%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash7070 | Sliver botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://64.94.85.91/systemd | Sliver payload delivery URL (confidence level: 100%) | |
urlhttp://64.94.85.91/svchost.exe | Sliver payload delivery URL (confidence level: 100%) | |
urlhttp://ns1.china-net-proxy.com/svchost.exe | Sliver payload delivery URL (confidence level: 100%) | |
urlhttp://ns1.china-net-proxy.com/systemd | Sliver payload delivery URL (confidence level: 100%) | |
urlhttps://sketctedpilld.digital/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://mosquwinteck.digital/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://surveycupboar.digital/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://physicalsnowwer.digital/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://girflekoma.digital/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://fallerestez.digital/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://blazinghorizon.xyz/mdk5zdhlnzq4mwy3/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://shadowhaven.xyz/mjfjnzk4zgq1mdyz/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://emberisle.xyz/mjfjnzk4zgq1mdyz/ | Coper botnet C2 (confidence level: 100%) | |
urlhttp://cc28022.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a1087552.xsph.ru/257d2d6e.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/ff2igx1a | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/qgllv6ru | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://94.156.177.41/sss1/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://check.zasek.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://cs44110.tw1.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://ca97087.tw1.ru/f47c488a.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://94.156.177.41/sss1/five/pvqdq929bsx_a_d_m1n_a.php | LokiBot botnet C2 (confidence level: 100%) | |
urlhttp://cd99222.tw1.ru/4e8a3e19.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://wonderchristmas.store/jupdate.php | Unknown malware botnet C2 (confidence level: 75%) | |
urlhttp://netupdates.info/board/board.php | Unknown malware botnet C2 (confidence level: 75%) | |
urlhttps://amusementshop.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://coachtail.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://94.156.177.41/sss1/five/pvqdq929bsx_a_d_m1n_a.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttps://check.wefoj.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://107.173.30.188:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://check.mowuf.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.lefoh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.vomel.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://milebox.shop/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://milebox.shop/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://milebox.shop/work/up.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://kusal.com/panmap.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.zahem.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.hewud.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.peqoz.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://a1083054.xsph.ru/267be9dc.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://touxzw.ir/sss2/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttps://check.wijas.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://touxzw.ir/sss2/five/pvqdq929bsx_a_d_m1n_a.php | LokiBot botnet C2 (confidence level: 100%) | |
urlhttps://check.jeven.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.nawog.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://pasteflawwed.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hoyoverse.blog/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dsfljsdfjewf.info/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://decreaserid.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://outlinedtrai.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.wuhav.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://u1.possibleshimmer.shop/chinachina.mp4 | ClearFake payload delivery URL (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file8.222.178.113 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.162.179.163 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file103.101.178.170 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.246.245.125 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file103.68.251.170 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file196.251.80.186 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file194.238.29.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.76.103.92 | SectopRAT botnet C2 server (confidence level: 100%) | |
file13.247.183.109 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file46.8.122.253 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file107.189.25.159 | MooBot botnet C2 server (confidence level: 100%) | |
file195.111.1.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.20.75.63 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.83.139.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.83.139.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.227.221.24 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.71.253.133 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.38.114.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.127.32.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file57.128.227.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.236.203.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.94.9.165 | Remcos botnet C2 server (confidence level: 75%) | |
file46.173.214.43 | TrickMo botnet C2 server (confidence level: 75%) | |
file51.81.149.203 | Remcos botnet C2 server (confidence level: 100%) | |
file8.138.178.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.207.210.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.211.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.211.202 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file141.164.59.23 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.143.253.205 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file185.22.65.45 | Unknown malware botnet C2 server (confidence level: 50%) | |
file111.119.220.64 | Unknown malware botnet C2 server (confidence level: 50%) | |
file196.251.118.67 | Sliver botnet C2 server (confidence level: 50%) | |
file72.214.157.40 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file35.154.189.194 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file195.211.191.34 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file74.176.106.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.198.20 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file164.90.166.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.21.2.102 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file141.98.212.51 | Unknown malware botnet C2 server (confidence level: 75%) | |
file44.201.149.221 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file70.175.8.139 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file98.191.28.184 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file184.188.165.218 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file72.215.209.143 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file172.187.169.1 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file196.251.85.69 | Sliver botnet C2 server (confidence level: 50%) | |
file134.209.238.209 | Unknown malware botnet C2 server (confidence level: 50%) | |
file34.216.211.60 | Unknown malware botnet C2 server (confidence level: 50%) | |
file34.46.137.110 | Unknown malware botnet C2 server (confidence level: 50%) | |
file50.16.2.216 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file50.16.2.216 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file50.16.2.216 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file50.16.2.216 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file198.23.138.107 | Sliver botnet C2 server (confidence level: 100%) | |
file149.28.202.57 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.238.29.164 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.121.79.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.117.171.47 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.26.192.161 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.85.154 | DCRat botnet C2 server (confidence level: 100%) | |
file84.154.182.153 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.212.34.158 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.214.201.99 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.189.25.170 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file135.237.137.54 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file191.101.131.226 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file196.251.89.74 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
file20.2.165.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file112.124.28.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.183.222.61 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.85.69 | Sliver botnet C2 server (confidence level: 100%) | |
file161.248.87.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.60.202.169 | Havoc botnet C2 server (confidence level: 100%) | |
file18.197.226.57 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file63.176.155.208 | MooBot botnet C2 server (confidence level: 100%) | |
file135.181.7.48 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.153.231.3 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.192.102.5 | Mirai botnet C2 server (confidence level: 75%) | |
file216.9.226.167 | Remcos botnet C2 server (confidence level: 50%) | |
file194.85.251.31 | Mirai botnet C2 server (confidence level: 75%) | |
file103.80.19.178 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.80.19.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.13.0.133 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.84.215 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.232.230 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.141.249 | Remcos botnet C2 server (confidence level: 100%) | |
file165.154.230.180 | Sliver botnet C2 server (confidence level: 100%) | |
file112.121.164.204 | Sliver botnet C2 server (confidence level: 100%) | |
file112.121.164.205 | Sliver botnet C2 server (confidence level: 100%) | |
file112.121.164.206 | Sliver botnet C2 server (confidence level: 100%) | |
file66.94.116.48 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file166.88.90.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.102.227 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file174.138.103.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.237.133.29 | Havoc botnet C2 server (confidence level: 100%) | |
file209.38.136.123 | Havoc botnet C2 server (confidence level: 100%) | |
file81.169.158.60 | Havoc botnet C2 server (confidence level: 100%) | |
file157.10.45.11 | Venom RAT botnet C2 server (confidence level: 100%) | |
file54.95.202.23 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.61.16.175 | MooBot botnet C2 server (confidence level: 100%) | |
file94.237.6.242 | MimiKatz botnet C2 server (confidence level: 100%) | |
file107.189.18.183 | WarmCookie botnet C2 server (confidence level: 50%) | |
file165.154.230.180 | Sliver botnet C2 server (confidence level: 75%) | |
file196.251.69.39 | Sliver botnet C2 server (confidence level: 75%) | |
file43.153.3.77 | Unknown malware botnet C2 server (confidence level: 75%) | |
file47.158.154.215 | QakBot botnet C2 server (confidence level: 75%) | |
file50.60.138.108 | QakBot botnet C2 server (confidence level: 75%) | |
file86.123.221.75 | QakBot botnet C2 server (confidence level: 75%) | |
file95.169.203.67 | Sliver botnet C2 server (confidence level: 75%) | |
file99.83.212.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file147.45.219.252 | NjRAT botnet C2 server (confidence level: 100%) | |
file147.182.227.233 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file209.38.7.235 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682c7dbee8347ec82d2cb616
Added to database: 5/20/2025, 1:03:58 PM
Last enriched: 6/19/2025, 3:19:32 PM
Last updated: 8/5/2025, 1:18:18 AM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.