ThreatFox IOCs for 2025-02-25

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-02-25," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under "type:osint," indicating it primarily involves open-source intelligence data rather than a specific malware family or exploit targeting a particular software product. No specific affected versions or products are listed, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this report is a collection or update of IOCs rather than a description of a new vulnerability or exploit. The technical details include a threat level of 2, an analysis rating of 1, and a distribution rating of 3, which collectively imply a moderate threat presence with some level of dissemination but limited detailed analysis or confirmed exploitation in the wild. The absence of known exploits and the lack of specific indicators further support that this is an intelligence update rather than an active, targeted attack vector. The TLP (Traffic Light Protocol) classification is white, meaning the information is intended for public sharing without restrictions. Overall, this threat intelligence entry appears to be a routine update of malware-related IOCs intended to aid in detection and situational awareness rather than signaling an immediate or critical threat.

Potential Impact

For European organizations, the impact of this threat is likely limited given the lack of specific exploit details, affected products, or confirmed active exploitation. Since the report does not identify targeted software or vulnerabilities, the direct risk to confidentiality, integrity, or availability of systems is minimal at this stage. However, the distribution rating of 3 suggests that the malware or related IOCs have some level of spread, which could potentially lead to reconnaissance or preparatory activities by threat actors. European entities involved in cybersecurity monitoring, threat hunting, or incident response could benefit from integrating these IOCs into their detection frameworks to enhance early warning capabilities. The absence of known exploits reduces the urgency but does not eliminate the need for vigilance, especially for organizations with high exposure to open-source intelligence feeds or those operating in sectors frequently targeted by malware campaigns. Overall, the threat poses a medium-level concern primarily from an intelligence and monitoring perspective rather than an immediate operational risk.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection capabilities. 2. Continuously update and correlate open-source intelligence feeds to identify emerging patterns or related threats. 3. Conduct regular threat hunting exercises focusing on the indicators associated with this report to identify any early signs of compromise. 4. Maintain robust endpoint detection and response (EDR) solutions capable of identifying anomalous behaviors that may not yet be linked to known IOCs. 5. Educate security teams on the importance of monitoring OSINT-based threat intelligence and encourage sharing of findings within trusted communities to improve collective defense. 6. Since no patches or specific vulnerabilities are identified, focus on maintaining general cybersecurity hygiene, including timely software updates, network segmentation, and least privilege access controls to reduce potential attack surfaces.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

domain: check.wuhav.icu
url: http://161.248.87.243:8888/supershell/login/
domain: mildpacewp.today
domain: subawhipnator.life
url: https://mildpacewp.today/api
url: https://mizo.dorklifedubbed.shop/bdc2be5bddda548dec3c2d88464a698627ac9447aae621d8.wks
url: http://167.71.76.68:80
url: http://176.65.134.52:80
url: http://98.70.54.204:80
url: https://92.255.85.21:45051
url: https://185.147.124.227:45051
domain: disastecouse.live
domain: thinkbettersoul.live
domain: dilutedlikel.bet
domain: sellroofed.bet
domain: billesafed.life
domain: lgkitstart.life
domain: passwodbroked.life
domain: cancepatrok.today
domain: conceived.today
domain: marathinwulke.today
domain: ethnicracker.top
domain: ferilwk2301.top
domain: horizonedcream.top
domain: praisednette.top
url: https://karakacan3435.com/zjq2njg0mwjjnge0/
file: 142.54.181.50
hash: 80
file: 107.174.39.161
hash: 4444
file: 147.124.215.24
hash: 2535
file: 165.154.230.180
hash: 2083
file: 101.32.7.104
hash: 80
domain: blissfttulmoments.top
domain: webdisk.homeaddition.website
domain: cpcontacts.shakdmisab.xyz
domain: cpcalendars.generalztipsal.xyz
domain: webdisk.topthounds1.xyz
domain: cpcontacts.gameswithufabet.xyz
domain: webmail.10bestgamesofufabet.xyz
domain: cpcalendars.toptechnewz11.xyz
domain: webmail.totogames1network.xyz
domain: webmail.onebusinessportal.website
domain: webdisk.toriters7.xyz
domain: cpcalendars.homeimprovementbloopers.xyz
domain: cpcontacts.topthounds1.xyz
domain: webdisk.superbbusiness.xyz
domain: cpanel.fstnewmedia.xyz
domain: webdisk.levelfrstdm.xyz
domain: cpcalendars.start7pros.xyz
domain: webdisk.topgadgettechnewz1.xyz
domain: webdisk.fivetopbusiness.xyz
domain: cpcalendars.fashionsforts.website
domain: cpcontacts.medtopzhub.xyz
domain: cpcontacts.bsttoolswx.website
domain: www.h2952531.stratoserver.net
domain: cpcontacts.modegenerlshub.xyz
domain: cpcalendars.businessnewznetwork.website
file: 167.86.160.250
hash: 443
file: 3.15.13.254
hash: 2403
file: 18.132.193.183
hash: 20547
file: 45.152.112.137
hash: 23
file: 104.168.101.23
hash: 80
url: http://94.156.177.41/sss3/five/fre.php
url: http://94.156.177.41/sss3/five/pvqdq929bsx_a_d_m1n_a.php
file: 107.148.47.186
hash: 433
url: http://azamatpa.beget.tech/l1nc0in.php
domain: geges.shop
domain: gomys.shop
domain: livlivproliv.shop
domain: livlivvavavava.shop
domain: pywop.shop
domain: qifyv.shop
domain: rihem.shop
domain: xyxyc.shop
domain: commercfriek.digital
domain: jewellycotten.digital
file: 104.168.101.23
hash: 61617
file: 34.31.146.135
hash: 80
file: 8.152.193.151
hash: 8081
file: 172.94.9.172
hash: 1962
file: 104.245.240.121
hash: 443
file: 128.90.102.227
hash: 5000
file: 107.189.27.82
hash: 8082
file: 193.232.179.46
hash: 45051
file: 181.162.147.248
hash: 8080
file: 191.19.117.170
hash: 5000
domain: webdisk.topfiveufabetgames.xyz
domain: cpcontacts.gamesofart1.xyz
domain: cpanel.ufabetlover10.xyz
domain: cpcontacts.bestblogznews.com
domain: webmail.upnddownapps.xyz
domain: cpcalendars.toplvlnewz.xyz
domain: cpanel.ufabetgameslover89.xyz
domain: cpcalendars.ufabetgames1010.xyz
domain: webdisk.magzineviralzhubz.xyz
domain: webmail.fivetopbusiness.website
domain: webmail.wellcartnewzhub.xyz
domain: cpanel.toptechnewz11.xyz
domain: cpcontacts.textcentrzdmnewz.xyz
domain: cpcalendars.mindfulwellnesshq.xyz
domain: webdisk.ufabetgameslover.xyz
domain: cpcontacts.topzbuscartio.xyz
domain: webdisk.yesmoretotogamesnewz.xyz
file: 45.192.102.5
hash: 80
file: 185.234.65.107
hash: 8080
file: 148.163.80.27
hash: 3333
domain: pstest.shortkino.com
file: 192.9.157.200
hash: 22222
file: 34.133.239.110
hash: 443
file: 196.251.85.139
hash: 443
domain: webmail.tectotechnology.com
file: 45.144.53.159
hash: 443
file: 46.114.23.86
hash: 3334
file: 34.231.197.255
hash: 443
file: 139.9.205.149
hash: 8080
file: 92.36.149.96
hash: 8080
file: 196.251.73.142
hash: 8888
file: 34.224.185.21
hash: 3333
file: 159.100.14.49
hash: 8080
file: 104.129.182.242
hash: 8443
file: 47.108.180.6
hash: 443
file: 100.28.4.210
hash: 443
file: 170.64.170.31
hash: 80
file: 181.32.34.253
hash: 8080
file: 5.223.53.193
hash: 443
file: 34.233.64.115
hash: 443
file: 173.187.25.55
hash: 995
url: http://714280cm.nyanyash.ru/provider_.php
file: 14.128.14.32
hash: 1912
url: https://check.tokep.icu/gkcxv.google
domain: check.tokep.icu
domain: check.jywyj.icu
url: https://needleperson.icu/art.php
url: https://check.jywyj.icu/gkcxv.google
file: 190.111.98.121
hash: 6606
file: 190.111.98.121
hash: 7707
file: 190.111.98.121
hash: 7949
file: 190.111.98.121
hash: 8808
domain: check.hegk.shop
url: https://check.hegk.shop/gkcxv.google
file: 193.143.1.118
hash: 3093
domain: angela.spklove.com
file: 176.65.137.193
hash: 12345
file: 154.204.34.152
hash: 8901
file: 39.104.52.246
hash: 80
file: 47.109.65.22
hash: 80
file: 47.109.65.22
hash: 443
file: 116.205.233.25
hash: 50050
file: 160.202.232.242
hash: 31337
file: 162.33.178.133
hash: 31337
file: 88.210.35.197
hash: 31337
file: 168.100.9.60
hash: 7443
file: 89.247.50.83
hash: 80
file: 34.241.196.130
hash: 35000
file: 45.14.18.82
hash: 25565
url: https://94.156.177.41/sss3/five/pvqdq929bsx_a_d_m1n_a.php
url: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/sss2/five/pvqdq929bsx_a_d_m1n_a.php
url: https://livlivproliv.shop/api
url: https://blissfttulmoments.top/login
domain: cnc-boatnet.vpnvn4g.com
domain: rykeen.duckdns.org
file: 193.161.193.99
hash: 24753
domain: niggahunter-28633.portmap.io
domain: aboki2025.duckdns.org
domain: sellers-given.gl.at.ply.gg
domain: infinett.com
url: https://t.me/fvtdonvfcmdw
domain: investiigato.website
domain: openheartljiving.tech
domain: pausedcritiaca.fun
domain: petlovinstop.top
domain: posqvevibesonly.tech
domain: refledesige.online
domain: soqulfonections.tech
domain: wqanderludreams.tech
domain: brightfuturjes.tech
domain: enlagrestatem.bet
domain: inspiringjstories.tech
domain: pastedeputten.life
domain: sterilizeflow.top
domain: turngallerudgo.icu
domain: adx-crm.com
url: https://steamcommunity.com/profiles/76561199829660832
url: https://t.me/l793oy
url: https://mx.4ttechnology.ch/
url: https://159.69.100.232/
url: https://fua.4t.com/
domain: mx.4ttechnology.ch
domain: fua.4t.com
file: 159.69.100.232
hash: 443
file: 116.203.10.65
hash: 443
file: 113.45.216.13
hash: 80
file: 47.236.150.94
hash: 8000
file: 8.138.186.250
hash: 443
file: 196.251.88.112
hash: 80
file: 83.229.83.23
hash: 443
file: 212.64.12.21
hash: 80
file: 172.111.216.79
hash: 2404
file: 35.170.7.53
hash: 443
file: 14.226.87.219
hash: 8808
file: 31.57.166.120
hash: 8888
file: 87.121.79.90
hash: 7443
file: 196.251.85.215
hash: 443
domain: 45.120.60.34.bc.googleusercontent.com
domain: webdisk.latestsportshub.com
domain: webmail.allnewznetworksofarts.com
domain: cpanel.totogamesnetwork.com
domain: cpcalendars.gamesofart.com
file: 176.65.137.13
hash: 1312
file: 116.62.32.133
hash: 1234
file: 47.99.78.239
hash: 80
file: 38.207.178.98
hash: 1234
file: 166.88.101.20
hash: 10443
file: 68.106.72.82
hash: 443
domain: check.byzl.shop
url: https://check.byzl.shop/gkcxv.google
domain: check.zajp.shop
url: https://check.zajp.shop/gkcxv.google
domain: software.adx-crm.com
file: 207.90.236.231
hash: 443
domain: greengrocery.dreamteamuser.com
domain: omd.tap-fap.net
domain: g35gra2c2.duckdns.org
file: 192.169.69.26
hash: 63521
domain: ly.depraveddivinelyresubmit.shop
domain: check.wiqn.shop
file: 43.131.244.144
hash: 11101
url: https://check.wiqn.shop/gkcxv.google
domain: check.sult.shop
url: https://check.sult.shop/gkcxv.google
domain: check.johw.shop
file: 118.25.91.151
hash: 8085
file: 45.61.151.27
hash: 31337
file: 64.188.99.4
hash: 31337
file: 99.71.156.88
hash: 31337
file: 163.5.32.71
hash: 444
url: https://check.johw.shop/gkcxv.google
file: 174.75.163.190
hash: 2083
file: 35.171.7.143
hash: 2126
file: 118.122.8.156
hash: 14344
file: 103.148.110.43
hash: 1337
url: https://pastebin.com/raw/lwwcrlg4
domain: check.wivp.shop
url: https://check.wivp.shop/gkcxv.google
url: http://317827cm.shnyash.ru/providerauthtestdle.php
domain: hackerman12.zapto.org
domain: hackyup.no-ip.org
domain: tomar0.no-ip.biz
domain: python453.no-ip.biz
domain: abogaism.zapto.org
domain: entony.no-ip.org
domain: xtremerat2.zapto.org
domain: bboyhacker.no-ip.info
domain: thoxt11.no-ip.biz
domain: salah00.no-ip.biz
domain: lave.no-ip.biz
domain: mietzekotze.no-ip.biz
domain: pato.no-ip.biz
domain: hostsrvtogoodnews.camdvr.org
domain: botnet.nightcnc.space
file: 206.119.117.107
hash: 7771
file: 157.245.144.27
hash: 5544
file: 147.185.221.26
hash: 7576
domain: manga2323.duckdns.org
domain: comes-sticker.gl.at.ply.gg
domain: nora1988.ddns.net
domain: or-replication.gl.at.ply.gg
domain: protection-ballot.gl.at.ply.gg
domain: if-af.gl.at.ply.gg
domain: synoacoustic-21109.portmap.host
domain: dollarxone-26572.portmap.host
domain: started-deadline.gl.at.ply.gg
domain: check.gunh.shop
domain: capcutproai.com
domain: authenticate-meta.com
domain: vancadreamlab.com
domain: cavadreamlab.com
domain: canvaproai.com
domain: xmetavn.com
domain: canva-dreamlab.com
domain: adobe-express.com
file: 113.45.158.254
hash: 80
file: 8.141.166.236
hash: 8888
file: 8.155.6.37
hash: 80
file: 207.180.219.190
hash: 53
file: 154.222.19.7
hash: 80
file: 93.123.118.14
hash: 2404
url: https://check.gunh.shop/gkcxv.google
file: 149.28.145.214
hash: 443
file: 196.251.84.215
hash: 8808
file: 196.251.85.237
hash: 8808
file: 104.245.240.121
hash: 8808
file: 104.245.240.121
hash: 9090
file: 66.94.116.48
hash: 9999
file: 142.93.67.8
hash: 8000
file: 142.93.67.8
hash: 8808
file: 5.231.26.84
hash: 8808
file: 144.76.103.92
hash: 15747
file: 102.117.165.169
hash: 7443
file: 114.119.181.164
hash: 443
domain: cpcalendars.techdeepart.com
domain: cpcontacts.theonesevennews.com
domain: cpcalendars.magazinebestnetworkz.com
domain: cpcontacts.ranknewzmedia.com
domain: cpanel.toto7vgames.com
domain: webdisk.canvatechsports.com
domain: cpanel.topdmdarama.com
domain: webmail.expressnewzgames.com
file: 43.131.244.144
hash: 8080
file: 46.173.214.12
hash: 443
domain: wreckerroom.run
domain: presentymusse.world
domain: boltetuurked.digital
file: 45.192.168.10
hash: 4433
domain: blissfulmirzakhani.zscaler.skytapdns.com
file: 206.198.152.91
hash: 80
url: http://u1.possibleshimmer.shop/linkin-park-faint.mp3
file: 111.231.5.58
hash: 443
domain: check.cipx.shop
url: https://check.cipx.shop/gkcxv.google
file: 111.180.203.230
hash: 25603
url: https://socksforrocks.shop/work/original.js
domain: socksforrocks.shop
url: https://socksforrocks.shop/work/index.php
url: https://socksforrocks.shop/work/up.php
url: https://kusal.com/nskbfltr.zip
file: 194.180.191.67
hash: 443
domain: check.codh.shop
url: https://check.codh.shop/gkcxv.google
domain: ftp.4ttechnology.ch
url: https://ftp.4ttechnology.ch/
domain: check.miwj.shop
url: https://check.miwj.shop/gkcxv.google
url: http://81.94.156.41/5poll/providervideopacket/apiserver54/pipevmprocessor/4longpoll/bigloadtest/6universal3eternal/templinepolltrack/uploads85/6/local18/secure/_/test/datalifepython/mariadb2/providerpythonprocessorbigloadpublicprivate.php
file: 35.223.135.173
hash: 10443
file: 94.98.194.15
hash: 3460
file: 159.89.166.123
hash: 31337
url: http://www.31502.xyz/se01/
url: http://www.34lirh126r.shop/se01/
url: http://www.45442.xyz/se01/
url: http://www.5b7casino.club/se01/
url: http://www.acha88.info/se01/
url: http://www.airgo.shop/se01/
url: http://www.aishua.cfd/se01/
url: http://www.anvue.pro/se01/
url: http://www.ar-deals-ster.sbs/se01/
url: http://www.arboniq.tech/se01/
url: http://www.arhyupe.today/se01/
url: http://www.arrinblog.shop/se01/
url: http://www.ashoppe.pro/se01/
url: http://www.aturalbeautyvacation.live/se01/
url: http://www.awiste.shop/se01/
url: http://www.ddiesart.shop/se01/
url: http://www.dgtal.fyi/se01/
url: http://www.dt75.top/se01/
url: http://www.dvertising-courses-79101.bond/se01/
url: http://www.dytxzzm.xyz/se01/
url: http://www.echrdns.xyz/se01/
url: http://www.ediser.health/se01/
url: http://www.edug.info/se01/
url: http://www.ent-cleaning-103.cfd/se01/
url: http://www.et-toothpaste.xyz/se01/
url: http://www.eyogludonusum.online/se01/
url: http://www.gg-donor-eng54.today/se01/
url: http://www.hecguyexpert.xyz/se01/
url: http://www.hild-care-35264.bond/se01/
url: http://www.hilemonlam.xyz/se01/
url: http://www.inepoa.top/se01/
url: http://www.inwooja.info/se01/
url: http://www.irhome.today/se01/
url: http://www.iseca-one.pro/se01/
url: http://www.itnessnewera.run/se01/
url: http://www.ivomozx.xyz/se01/
url: http://www.k0yc.shop/se01/
url: http://www.lectriccarswelz7x2e.today/se01/
url: http://www.levateedge.tech/se01/
url: http://www.limdresser.biz/se01/
url: http://www.mnet.cloud/se01/
url: http://www.mwakop.xyz/se01/
url: http://www.nergizeandcreate.net/se01/
url: http://www.ntoxicate.xyz/se01/
url: http://www.nvexpro.net/se01/
url: http://www.ohnvegascasino.info/se01/
url: http://www.onvertemailclicker.xyz/se01/
url: http://www.oogsql.click/se01/
url: http://www.oundpump.fun/se01/
url: http://www.oving-jobs-68977.bond/se01/
url: http://www.raceroots.farm/se01/
url: http://www.rainrealm.xyz/se01/
url: http://www.reamsexperienceacademy.net/se01/
url: http://www.remioscasadabarra.shop/se01/
url: http://www.rganiktraffic.biz/se01/
url: http://www.rimecapital.online/se01/
url: http://www.rooke2business.info/se01/
url: http://www.sedcarloan-mx-98347.today/se01/
url: http://www.unta-cana-ca.xyz/se01/
url: http://www.uturetechrevolution.live/se01/
url: http://www.vtoljourney.xyz/se01/
url: http://www.whendrix.net/se01/
url: http://www.xergames.net/se01/
url: http://www.yaranix.live/se01/
url: http://www.ynogut-official.shop/se01/
domain: www.31502.xyz
domain: www.34lirh126r.shop
domain: www.45442.xyz
domain: www.5b7casino.club
domain: www.acha88.info
domain: www.airgo.shop
domain: www.aishua.cfd
domain: www.anvue.pro
domain: www.ar-deals-ster.sbs
domain: www.arboniq.tech
domain: www.arhyupe.today
domain: www.arrinblog.shop
domain: www.ashoppe.pro
domain: www.aturalbeautyvacation.live
domain: www.awiste.shop
domain: www.ddiesart.shop
domain: www.dgtal.fyi
domain: www.dt75.top
domain: www.dvertising-courses-79101.bond
domain: www.dytxzzm.xyz
domain: www.echrdns.xyz
domain: www.ediser.health
domain: www.edug.info
domain: www.ent-cleaning-103.cfd
domain: www.et-toothpaste.xyz
domain: www.eyogludonusum.online
domain: www.gg-donor-eng54.today
domain: www.hecguyexpert.xyz
domain: www.hild-care-35264.bond
domain: www.hilemonlam.xyz
domain: www.inepoa.top
domain: www.inwooja.info
domain: www.irhome.today
domain: www.iseca-one.pro
domain: www.itnessnewera.run
domain: www.ivomozx.xyz
domain: www.k0yc.shop
domain: www.lectriccarswelz7x2e.today
domain: www.levateedge.tech
domain: www.limdresser.biz
domain: www.mnet.cloud
domain: www.mwakop.xyz
domain: www.nergizeandcreate.net
domain: www.ntoxicate.xyz
domain: www.nvexpro.net
domain: www.ohnvegascasino.info
domain: www.onvertemailclicker.xyz
domain: www.oogsql.click
domain: www.oundpump.fun
domain: www.oving-jobs-68977.bond
domain: www.raceroots.farm
domain: www.rainrealm.xyz
domain: www.reamsexperienceacademy.net
domain: www.remioscasadabarra.shop
domain: www.rganiktraffic.biz
domain: www.rimecapital.online
domain: www.rooke2business.info
domain: www.sedcarloan-mx-98347.today
domain: www.unta-cana-ca.xyz
domain: www.uturetechrevolution.live
domain: www.vtoljourney.xyz
domain: www.whendrix.net
domain: www.xergames.net
domain: www.yaranix.live
domain: www.ynogut-official.shop
domain: bush-ana.gl.at.ply.gg
domain: companies-like.gl.at.ply.gg
file: 147.185.221.25
hash: 23913
url: http://touxzw.ir/scc1/five/fre.php
domain: classycribe.top
domain: eyertacric.top
domain: readdystayer.top
domain: ruffyfavour.top
domain: securerewinde.top
domain: syprassebone.top
domain: trickyseane.top
domain: turnkindgrai.top
domain: comedyewpest.fun
domain: hutmosquwz.fun
domain: languarel.fun
domain: thesiaawwor.fun
domain: bzondingmoments.tech
domain: eczofriendlychoices.tech
file: 172.65.147.108
hash: 22
file: 45.90.12.222
hash: 1337
file: 209.141.33.129
hash: 1338
file: 45.15.158.6
hash: 81
file: 199.195.252.167
hash: 1337
file: 194.85.251.75
hash: 1337
file: 185.208.159.200
hash: 1337
file: 185.91.69.142
hash: 1337
file: 209.141.62.176
hash: 1338
file: 162.19.192.198
hash: 6643
file: 80.76.49.221
hash: 1337
file: 199.195.251.203
hash: 1337
file: 128.0.118.51
hash: 1337
file: 147.135.99.254
hash: 666
file: 37.59.181.219
hash: 666
file: 162.248.102.170
hash: 1337
file: 198.27.107.169
hash: 666
file: 62.60.156.32
hash: 1337
file: 135.148.129.33
hash: 666
file: 196.251.91.59
hash: 1337
file: 165.140.8.5
hash: 10000
file: 198.251.89.178
hash: 6969
file: 147.135.3.193
hash: 8080
file: 51.81.104.118
hash: 1195
file: 45.88.9.226
hash: 1338
file: 51.79.123.249
hash: 10000
file: 138.124.123.156
hash: 1337
file: 45.13.225.196
hash: 1337
file: 128.0.118.23
hash: 1337
file: 196.251.87.118
hash: 1337
file: 51.81.65.106
hash: 10000
file: 196.251.90.117
hash: 1337
file: 45.86.155.252
hash: 1337
file: 196.251.90.76
hash: 1337
file: 2.56.165.139
hash: 1338
file: 2.57.19.42
hash: 1337
file: 74.50.81.60
hash: 1337
file: 45.45.237.44
hash: 1337
file: 198.50.200.192
hash: 10000
file: 185.14.92.70
hash: 1337
file: 45.11.229.125
hash: 1338
file: 82.23.183.119
hash: 8080
file: 82.23.183.119
hash: 7070
file: 179.61.253.95
hash: 2052
file: 135.148.129.37
hash: 7070
file: 37.59.181.218
hash: 10000
file: 198.91.25.130
hash: 10000
file: 196.251.83.83
hash: 1337
file: 51.81.65.105
hash: 666
file: 45.139.104.149
hash: 1337
file: 185.14.92.169
hash: 1337
file: 204.76.203.183
hash: 1338
file: 62.60.157.244
hash: 10000
file: 45.137.207.144
hash: 22
file: 185.198.234.221
hash: 1337
file: 104.234.168.45
hash: 1337
file: 104.234.168.45
hash: 8080
file: 46.247.108.131
hash: 8080
file: 193.200.78.41
hash: 8888
file: 193.200.78.41
hash: 888
file: 185.228.81.250
hash: 9090
file: 37.235.55.68
hash: 1987
domain: sandbox.yunqof.shop
url: https://sandbox.yunqof.shop/macan.mp3
domain: ghost-name.pages.dev
url: https://ghost-name.pages.dev/website
file: 216.9.225.75
hash: 8046
file: 166.108.234.74
hash: 80
file: 1.118.35.47
hash: 80
file: 1.118.35.47
hash: 443
file: 176.65.141.245
hash: 7707
file: 185.208.156.169
hash: 6502
file: 128.90.123.183
hash: 8808
file: 45.138.16.143
hash: 6606
file: 98.83.120.7
hash: 8808
file: 176.65.134.78
hash: 8089
file: 176.65.142.198
hash: 8089
domain: cpanel.bestteamofufabetgames.xyz
domain: webdisk.sportscasino.website
domain: cpcalendars.top5business.xyz
domain: cpcontacts.bestreadup.xyz
domain: webmail.handufabetgames.xyz
domain: webdisk.shalownewssab.com
domain: cpanel.techgambuzz.xyz
domain: cpanel.topthounds1.xyz
domain: cpcontacts.shalownewssab.com
domain: webdisk.tectotechnology.com
domain: cpcontacts.bestufaneedsgames.xyz
domain: webmail.bjshomeimprovement.website
domain: webdisk.b2bbsuiness.xyz
domain: webmail.toplavishnewz.com
file: 46.246.86.10
hash: 9000
file: 196.251.83.37
hash: 2000
domain: ntstealer.shop
file: 44.210.138.111
hash: 80
file: 95.164.52.33
hash: 80
url: https://onlyfans.so/mileyof
file: 107.189.31.150
hash: 1302
file: 107.189.31.150
hash: 9473
domain: check.jysz.shop
url: https://check.jysz.shop/gkcxv.google
file: 47.104.181.208
hash: 443
file: 164.90.151.97
hash: 1311
file: 134.122.53.54
hash: 1311
file: 170.64.198.196
hash: 1311
file: 167.99.190.4
hash: 1311
file: 142.93.173.110
hash: 1311
file: 170.64.221.8
hash: 1311
file: 206.189.46.226
hash: 1311
file: 167.172.160.222
hash: 1311
file: 45.14.224.97
hash: 1311
file: 206.189.4.45
hash: 1311
file: 139.59.45.165
hash: 1311
file: 68.183.34.11
hash: 1311
file: 165.22.227.75
hash: 1311
file: 139.59.226.19
hash: 1311
file: 138.68.156.151
hash: 1311
file: 159.89.123.72
hash: 1311
file: 209.38.30.238
hash: 1311
file: 165.22.116.233
hash: 1311
file: 157.245.56.174
hash: 1311
file: 159.89.227.55
hash: 1311
file: 143.198.201.134
hash: 1311
file: 46.101.121.254
hash: 1311
file: 128.199.35.104
hash: 1311
file: 147.182.241.94
hash: 1311
file: 143.110.229.153
hash: 1311
file: 167.172.35.36
hash: 1311
file: 167.172.73.72
hash: 1311
file: 206.81.2.56
hash: 1311
file: 128.199.56.142
hash: 1311
file: 159.223.74.127
hash: 1311
file: 64.225.52.129
hash: 1311
file: 146.190.30.159
hash: 1311
file: 159.223.85.44
hash: 1311
file: 137.184.37.183
hash: 1311
file: 134.209.241.33
hash: 1311
file: 139.59.46.142
hash: 1311
file: 134.122.50.242
hash: 1311
file: 170.64.224.151
hash: 1311
file: 159.89.198.214
hash: 1311
file: 209.38.27.236
hash: 1311
file: 170.64.205.51
hash: 1311
file: 170.64.235.124
hash: 1311
file: 45.87.43.24
hash: 1311
file: 170.64.170.215
hash: 1311
file: 45.87.43.193
hash: 1311
file: 81.92.223.20
hash: 1311
file: 144.172.91.73
hash: 1311
file: 107.189.19.106
hash: 1311
file: 95.169.203.15
hash: 1311
file: 164.90.151.97
hash: 1401
file: 134.122.53.54
hash: 1401
file: 170.64.198.196
hash: 1401
file: 167.99.190.4
hash: 1401
file: 142.93.173.110
hash: 1401
file: 170.64.221.8
hash: 1401
file: 206.189.46.226
hash: 1401
file: 167.172.160.222
hash: 1401
file: 45.14.224.97
hash: 1401
file: 206.189.4.45
hash: 1401
file: 139.59.45.165
hash: 1401
file: 68.183.34.11
hash: 1401
file: 165.22.227.75
hash: 1401
file: 139.59.226.19
hash: 1401
file: 138.68.156.151
hash: 1401
file: 159.89.123.72
hash: 1401
file: 209.38.30.238
hash: 1401
file: 165.22.116.233
hash: 1401
file: 157.245.56.174
hash: 1401
file: 159.89.227.55
hash: 1401
file: 143.198.201.134
hash: 1401
file: 46.101.121.254
hash: 1401
file: 128.199.35.104
hash: 1401
file: 147.182.241.94
hash: 1401
file: 143.110.229.153
hash: 1401
file: 167.172.35.36
hash: 1401
file: 167.172.73.72
hash: 1401
file: 206.81.2.56
hash: 1401
file: 128.199.56.142
hash: 1401
file: 159.223.74.127
hash: 1401
file: 64.225.52.129
hash: 1401
file: 146.190.30.159
hash: 1401
file: 159.223.85.44
hash: 1401
file: 137.184.37.183
hash: 1401
file: 134.209.241.33
hash: 1401
file: 139.59.46.142
hash: 1401
file: 134.122.50.242
hash: 1401
file: 170.64.224.151
hash: 1401
file: 159.89.198.214
hash: 1401
file: 209.38.27.236
hash: 1401
file: 170.64.205.51
hash: 1401
file: 170.64.235.124
hash: 1401
file: 45.87.43.24
hash: 1401
file: 170.64.170.215
hash: 1401
file: 45.87.43.193
hash: 1401
file: 81.92.223.20
hash: 1401
file: 144.172.91.73
hash: 1401
file: 107.189.19.106
hash: 1401
file: 95.169.203.15
hash: 1401
file: 5.182.226.142
hash: 35724
url: https://patatespuresii.com/mwrlotuyyjexm2ew/
url: https://forummarkam54.com/mwrlotuyyjexm2ew/
url: https://forumkombinee.com/mwrlotuyyjexm2ew/
url: https://kemikforum34.com/mwrlotuyyjexm2ew/
domain: hvsdkfjfhj-sd-1.pro
domain: test.stg.bitthebyte.com
file: 84.247.132.220
hash: 53
domain: cluster.buydoorlitesandlouvers.com
url: https://wreckerroom.run/api
url: http://touxzw.ir/scc1/five/pvqdq929bsx_a_d_m1n_a.php
url: http://u1.previewcapped.shop/linkin-park-faint.mp3
domain: u1.previewcapped.shop
url: http://f1088688.xsph.ru/2beac530.php
url: https://sunotels.com/4r6y.js
domain: sunotels.com
url: https://sunotels.com/js.php
domain: jaguar-becomes-compare-chapter.trycloudflare.com
file: 18.222.225.114
hash: 50000
file: 18.222.225.114
hash: 35000
file: 3.69.51.52
hash: 7634
file: 168.100.10.21
hash: 443
file: 185.142.184.156
hash: 7443
file: 91.208.104.150
hash: 4433
file: 116.205.179.202
hash: 8080
file: 175.27.129.168
hash: 8888
file: 213.199.55.238
hash: 8888
file: 186.169.87.220
hash: 2404
file: 104.245.240.212
hash: 2404
file: 176.65.144.14
hash: 8000
file: 163.172.125.253
hash: 401
domain: webmail.homeimprovementbusiness.xyz
domain: webdisk.generalspotline.org
domain: webmail.bestpotworldzhb.xyz
domain: webdisk.artisansrealm.xyz
domain: webdisk.bestgamesofufabet.xyz
domain: cpcontacts.yesmoretotogamesnewz.xyz
domain: cpcalendars.newzmediaworld.xyz
domain: webmail.welovetotogames.xyz
domain: cpcalendars.tectotechnologynewzz.xyz
domain: cpanel.artnewzdaily.xyz
domain: webdisk.gamesofart1.xyz
domain: cpanel.artisansrealm.xyz
domain: webmail.fashionsforts.website
domain: cpcalendars.top10gamesofoto1.xyz
domain: webdisk.businessportal.website
domain: cpcontacts.fastnewclub.xyz
domain: cpanel.homeimprovementbusiness.xyz
domain: webdisk.totomaker1.website
domain: webdisk.10bestgamesofufabet.xyz
domain: cpcalendars.ufatopgames.website
domain: cpcalendars.mtpolice21.website
domain: cpanel.5bestufabetgames.xyz
domain: cpcalendars.mtstronggame7.xyz
domain: cpcalendars.games777games.xyz
domain: cpanel.ashionof121.xyz
domain: cpanel.superbbusiness.xyz
domain: webdisk.techspilotx.website
domain: webdisk.bestofufabetgames.xyz
domain: cpcalendars.time2levelz.xyz
domain: webmail.theyestechnewsz.xyz
domain: webmail.homeimprovementbrad.website
domain: webdisk.techgambuzz.xyz
domain: cpanel.livninspot.xyz
domain: www.repoman.io
domain: cpanel.gamesandufabetpro.website
domain: cpanel.dmhubnewsz.website
domain: cpcalendars.topthounds1.xyz
domain: webdisk.newdmkey.xyz
domain: cpcalendars.bestpotworldzhb.xyz
domain: cpanel.okiamwithtotogames.xyz
file: 118.68.174.28
hash: 4444
file: 47.239.188.78
hash: 8080
file: 195.82.147.35
hash: 591
domain: mail.themamadi.ir
file: 89.213.140.146
hash: 23
file: 154.40.44.82
hash: 18211
file: 13.232.23.11
hash: 60000
file: 176.44.122.135
hash: 995
file: 38.126.57.211
hash: 443
file: 39.40.145.128
hash: 995
file: 46.246.241.166
hash: 995
file: 54.221.185.249
hash: 443
file: 78.182.40.67
hash: 443
domain: d.4ttechnology.com
url: https://d.4ttechnology.com/
url: http://u1.previewcapped.shop/linkinpark-faint.mp3
domain: disobilittyhell.live
file: 101.72.199.35
hash: 80
file: 116.177.227.35
hash: 80
file: 120.226.20.35
hash: 80
file: 175.12.110.35
hash: 80
file: 27.221.38.35
hash: 80
file: 39.91.182.35
hash: 80
url: https://oamp.od.nih.gov/
domain: oamp.od.nih.gov

ThreatFox IOCs for 2025-02-25

Severity: medium

Type: malware

ThreatFox IOCs for 2025-02-25

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

domain: check.wuhav.icu
url: http://161.248.87.243:8888/supershell/login/
domain: mildpacewp.today
domain: subawhipnator.life
url: https://mildpacewp.today/api
url: https://mizo.dorklifedubbed.shop/bdc2be5bddda548dec3c2d88464a698627ac9447aae621d8.wks
url: http://167.71.76.68:80
url: http://176.65.134.52:80
url: http://98.70.54.204:80
url: https://92.255.85.21:45051
url: https://185.147.124.227:45051
domain: disastecouse.live
domain: thinkbettersoul.live
domain: dilutedlikel.bet
domain: sellroofed.bet
domain: billesafed.life
domain: lgkitstart.life
domain: passwodbroked.life
domain: cancepatrok.today
domain: conceived.today
domain: marathinwulke.today
domain: ethnicracker.top
domain: ferilwk2301.top
domain: horizonedcream.top
domain: praisednette.top
url: https://karakacan3435.com/zjq2njg0mwjjnge0/
file: 142.54.181.50
hash: 80
file: 107.174.39.161
hash: 4444
file: 147.124.215.24
hash: 2535
file: 165.154.230.180
hash: 2083
file: 101.32.7.104
hash: 80
domain: blissfttulmoments.top
domain: webdisk.homeaddition.website
domain: cpcontacts.shakdmisab.xyz
domain: cpcalendars.generalztipsal.xyz
domain: webdisk.topthounds1.xyz
domain: cpcontacts.gameswithufabet.xyz
domain: webmail.10bestgamesofufabet.xyz
domain: cpcalendars.toptechnewz11.xyz
domain: webmail.totogames1network.xyz
domain: webmail.onebusinessportal.website
domain: webdisk.toriters7.xyz
domain: cpcalendars.homeimprovementbloopers.xyz
domain: cpcontacts.topthounds1.xyz
domain: webdisk.superbbusiness.xyz
domain: cpanel.fstnewmedia.xyz
domain: webdisk.levelfrstdm.xyz
domain: cpcalendars.start7pros.xyz
domain: webdisk.topgadgettechnewz1.xyz
domain: webdisk.fivetopbusiness.xyz
domain: cpcalendars.fashionsforts.website
domain: cpcontacts.medtopzhub.xyz
domain: cpcontacts.bsttoolswx.website
domain: www.h2952531.stratoserver.net
domain: cpcontacts.modegenerlshub.xyz
domain: cpcalendars.businessnewznetwork.website
file: 167.86.160.250
hash: 443
file: 3.15.13.254
hash: 2403
file: 18.132.193.183
hash: 20547
file: 45.152.112.137
hash: 23
file: 104.168.101.23
hash: 80
url: http://94.156.177.41/sss3/five/fre.php
url: http://94.156.177.41/sss3/five/pvqdq929bsx_a_d_m1n_a.php
file: 107.148.47.186
hash: 433
url: http://azamatpa.beget.tech/l1nc0in.php
domain: geges.shop
domain: gomys.shop
domain: livlivproliv.shop
domain: livlivvavavava.shop
domain: pywop.shop
domain: qifyv.shop
domain: rihem.shop
domain: xyxyc.shop
domain: commercfriek.digital
domain: jewellycotten.digital
file: 104.168.101.23
hash: 61617
file: 34.31.146.135
hash: 80
file: 8.152.193.151
hash: 8081
file: 172.94.9.172
hash: 1962
file: 104.245.240.121
hash: 443
file: 128.90.102.227
hash: 5000
file: 107.189.27.82
hash: 8082
file: 193.232.179.46
hash: 45051
file: 181.162.147.248
hash: 8080
file: 191.19.117.170
hash: 5000
domain: webdisk.topfiveufabetgames.xyz
domain: cpcontacts.gamesofart1.xyz
domain: cpanel.ufabetlover10.xyz
domain: cpcontacts.bestblogznews.com
domain: webmail.upnddownapps.xyz
domain: cpcalendars.toplvlnewz.xyz
domain: cpanel.ufabetgameslover89.xyz
domain: cpcalendars.ufabetgames1010.xyz
domain: webdisk.magzineviralzhubz.xyz
domain: webmail.fivetopbusiness.website
domain: webmail.wellcartnewzhub.xyz
domain: cpanel.toptechnewz11.xyz
domain: cpcontacts.textcentrzdmnewz.xyz
domain: cpcalendars.mindfulwellnesshq.xyz
domain: webdisk.ufabetgameslover.xyz
domain: cpcontacts.topzbuscartio.xyz
domain: webdisk.yesmoretotogamesnewz.xyz
file: 45.192.102.5
hash: 80
file: 185.234.65.107
hash: 8080
file: 148.163.80.27
hash: 3333
domain: pstest.shortkino.com
file: 192.9.157.200
hash: 22222
file: 34.133.239.110
hash: 443
file: 196.251.85.139
hash: 443
domain: webmail.tectotechnology.com
file: 45.144.53.159
hash: 443
file: 46.114.23.86
hash: 3334
file: 34.231.197.255
hash: 443
file: 139.9.205.149
hash: 8080
file: 92.36.149.96
hash: 8080
file: 196.251.73.142
hash: 8888
file: 34.224.185.21
hash: 3333
file: 159.100.14.49
hash: 8080
file: 104.129.182.242
hash: 8443
file: 47.108.180.6
hash: 443
file: 100.28.4.210
hash: 443
file: 170.64.170.31
hash: 80
file: 181.32.34.253
hash: 8080
file: 5.223.53.193
hash: 443
file: 34.233.64.115
hash: 443
file: 173.187.25.55
hash: 995
url: http://714280cm.nyanyash.ru/provider_.php
file: 14.128.14.32
hash: 1912
url: https://check.tokep.icu/gkcxv.google
domain: check.tokep.icu
domain: check.jywyj.icu
url: https://needleperson.icu/art.php
url: https://check.jywyj.icu/gkcxv.google
file: 190.111.98.121
hash: 6606
file: 190.111.98.121
hash: 7707
file: 190.111.98.121
hash: 7949
file: 190.111.98.121
hash: 8808
domain: check.hegk.shop
url: https://check.hegk.shop/gkcxv.google
file: 193.143.1.118
hash: 3093
domain: angela.spklove.com
file: 176.65.137.193
hash: 12345
file: 154.204.34.152
hash: 8901
file: 39.104.52.246
hash: 80
file: 47.109.65.22
hash: 80
file: 47.109.65.22
hash: 443
file: 116.205.233.25
hash: 50050
file: 160.202.232.242
hash: 31337
file: 162.33.178.133
hash: 31337
file: 88.210.35.197
hash: 31337
file: 168.100.9.60
hash: 7443
file: 89.247.50.83
hash: 80
file: 34.241.196.130
hash: 35000
file: 45.14.18.82
hash: 25565
url: https://94.156.177.41/sss3/five/pvqdq929bsx_a_d_m1n_a.php
url: http://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/sss2/five/pvqdq929bsx_a_d_m1n_a.php
url: https://livlivproliv.shop/api
url: https://blissfttulmoments.top/login
domain: cnc-boatnet.vpnvn4g.com
domain: rykeen.duckdns.org
file: 193.161.193.99
hash: 24753
domain: niggahunter-28633.portmap.io
domain: aboki2025.duckdns.org
domain: sellers-given.gl.at.ply.gg
domain: infinett.com
url: https://t.me/fvtdonvfcmdw
domain: investiigato.website
domain: openheartljiving.tech
domain: pausedcritiaca.fun
domain: petlovinstop.top
domain: posqvevibesonly.tech
domain: refledesige.online
domain: soqulfonections.tech
domain: wqanderludreams.tech
domain: brightfuturjes.tech
domain: enlagrestatem.bet
domain: inspiringjstories.tech
domain: pastedeputten.life
domain: sterilizeflow.top
domain: turngallerudgo.icu
domain: adx-crm.com
url: https://steamcommunity.com/profiles/76561199829660832
url: https://t.me/l793oy
url: https://mx.4ttechnology.ch/
url: https://159.69.100.232/
url: https://fua.4t.com/
domain: mx.4ttechnology.ch
domain: fua.4t.com
file: 159.69.100.232
hash: 443
file: 116.203.10.65
hash: 443
file: 113.45.216.13
hash: 80
file: 47.236.150.94
hash: 8000
file: 8.138.186.250
hash: 443
file: 196.251.88.112
hash: 80
file: 83.229.83.23
hash: 443
file: 212.64.12.21
hash: 80
file: 172.111.216.79
hash: 2404
file: 35.170.7.53
hash: 443
file: 14.226.87.219
hash: 8808
file: 31.57.166.120
hash: 8888
file: 87.121.79.90
hash: 7443
file: 196.251.85.215
hash: 443
domain: 45.120.60.34.bc.googleusercontent.com
domain: webdisk.latestsportshub.com
domain: webmail.allnewznetworksofarts.com
domain: cpanel.totogamesnetwork.com
domain: cpcalendars.gamesofart.com
file: 176.65.137.13
hash: 1312
file: 116.62.32.133
hash: 1234
file: 47.99.78.239
hash: 80
file: 38.207.178.98
hash: 1234
file: 166.88.101.20
hash: 10443
file: 68.106.72.82
hash: 443
domain: check.byzl.shop
url: https://check.byzl.shop/gkcxv.google
domain: check.zajp.shop
url: https://check.zajp.shop/gkcxv.google
domain: software.adx-crm.com
file: 207.90.236.231
hash: 443
domain: greengrocery.dreamteamuser.com
domain: omd.tap-fap.net
domain: g35gra2c2.duckdns.org
file: 192.169.69.26
hash: 63521
domain: ly.depraveddivinelyresubmit.shop
domain: check.wiqn.shop
file: 43.131.244.144
hash: 11101
url: https://check.wiqn.shop/gkcxv.google
domain: check.sult.shop
url: https://check.sult.shop/gkcxv.google
domain: check.johw.shop
file: 118.25.91.151
hash: 8085
file: 45.61.151.27
hash: 31337
file: 64.188.99.4
hash: 31337
file: 99.71.156.88
hash: 31337
file: 163.5.32.71
hash: 444
url: https://check.johw.shop/gkcxv.google
file: 174.75.163.190
hash: 2083
file: 35.171.7.143
hash: 2126
file: 118.122.8.156
hash: 14344
file: 103.148.110.43
hash: 1337
url: https://pastebin.com/raw/lwwcrlg4
domain: check.wivp.shop
url: https://check.wivp.shop/gkcxv.google
url: http://317827cm.shnyash.ru/providerauthtestdle.php
domain: hackerman12.zapto.org
domain: hackyup.no-ip.org
domain: tomar0.no-ip.biz
domain: python453.no-ip.biz
domain: abogaism.zapto.org
domain: entony.no-ip.org
domain: xtremerat2.zapto.org
domain: bboyhacker.no-ip.info
domain: thoxt11.no-ip.biz
domain: salah00.no-ip.biz
domain: lave.no-ip.biz
domain: mietzekotze.no-ip.biz
domain: pato.no-ip.biz
domain: hostsrvtogoodnews.camdvr.org
domain: botnet.nightcnc.space
file: 206.119.117.107
hash: 7771
file: 157.245.144.27
hash: 5544
file: 147.185.221.26
hash: 7576
domain: manga2323.duckdns.org
domain: comes-sticker.gl.at.ply.gg
domain: nora1988.ddns.net
domain: or-replication.gl.at.ply.gg
domain: protection-ballot.gl.at.ply.gg
domain: if-af.gl.at.ply.gg
domain: synoacoustic-21109.portmap.host
domain: dollarxone-26572.portmap.host
domain: started-deadline.gl.at.ply.gg
domain: check.gunh.shop
domain: capcutproai.com
domain: authenticate-meta.com
domain: vancadreamlab.com
domain: cavadreamlab.com
domain: canvaproai.com
domain: xmetavn.com
domain: canva-dreamlab.com
domain: adobe-express.com
file: 113.45.158.254
hash: 80
file: 8.141.166.236
hash: 8888
file: 8.155.6.37
hash: 80
file: 207.180.219.190
hash: 53
file: 154.222.19.7
hash: 80
file: 93.123.118.14
hash: 2404
url: https://check.gunh.shop/gkcxv.google
file: 149.28.145.214
hash: 443
file: 196.251.84.215
hash: 8808
file: 196.251.85.237
hash: 8808
file: 104.245.240.121
hash: 8808
file: 104.245.240.121
hash: 9090
file: 66.94.116.48
hash: 9999
file: 142.93.67.8
hash: 8000
file: 142.93.67.8
hash: 8808
file: 5.231.26.84
hash: 8808
file: 144.76.103.92
hash: 15747
file: 102.117.165.169
hash: 7443
file: 114.119.181.164
hash: 443
domain: cpcalendars.techdeepart.com
domain: cpcontacts.theonesevennews.com
domain: cpcalendars.magazinebestnetworkz.com
domain: cpcontacts.ranknewzmedia.com
domain: cpanel.toto7vgames.com
domain: webdisk.canvatechsports.com
domain: cpanel.topdmdarama.com
domain: webmail.expressnewzgames.com
file: 43.131.244.144
hash: 8080
file: 46.173.214.12
hash: 443
domain: wreckerroom.run
domain: presentymusse.world
domain: boltetuurked.digital
file: 45.192.168.10
hash: 4433
domain: blissfulmirzakhani.zscaler.skytapdns.com
file: 206.198.152.91
hash: 80
url: http://u1.possibleshimmer.shop/linkin-park-faint.mp3
file: 111.231.5.58
hash: 443
domain: check.cipx.shop
url: https://check.cipx.shop/gkcxv.google
file: 111.180.203.230
hash: 25603
url: https://socksforrocks.shop/work/original.js
domain: socksforrocks.shop
url: https://socksforrocks.shop/work/index.php
url: https://socksforrocks.shop/work/up.php
url: https://kusal.com/nskbfltr.zip
file: 194.180.191.67
hash: 443
domain: check.codh.shop
url: https://check.codh.shop/gkcxv.google
domain: ftp.4ttechnology.ch
url: https://ftp.4ttechnology.ch/
domain: check.miwj.shop
url: https://check.miwj.shop/gkcxv.google
url: http://81.94.156.41/5poll/providervideopacket/apiserver54/pipevmprocessor/4longpoll/bigloadtest/6universal3eternal/templinepolltrack/uploads85/6/local18/secure/_/test/datalifepython/mariadb2/providerpythonprocessorbigloadpublicprivate.php
file: 35.223.135.173
hash: 10443
file: 94.98.194.15
hash: 3460
file: 159.89.166.123
hash: 31337
url: http://www.31502.xyz/se01/
url: http://www.34lirh126r.shop/se01/
url: http://www.45442.xyz/se01/
url: http://www.5b7casino.club/se01/
url: http://www.acha88.info/se01/
url: http://www.airgo.shop/se01/
url: http://www.aishua.cfd/se01/
url: http://www.anvue.pro/se01/
url: http://www.ar-deals-ster.sbs/se01/
url: http://www.arboniq.tech/se01/
url: http://www.arhyupe.today/se01/
url: http://www.arrinblog.shop/se01/
url: http://www.ashoppe.pro/se01/
url: http://www.aturalbeautyvacation.live/se01/
url: http://www.awiste.shop/se01/
url: http://www.ddiesart.shop/se01/
url: http://www.dgtal.fyi/se01/
url: http://www.dt75.top/se01/
url: http://www.dvertising-courses-79101.bond/se01/
url: http://www.dytxzzm.xyz/se01/
url: http://www.echrdns.xyz/se01/
url: http://www.ediser.health/se01/
url: http://www.edug.info/se01/
url: http://www.ent-cleaning-103.cfd/se01/
url: http://www.et-toothpaste.xyz/se01/
url: http://www.eyogludonusum.online/se01/
url: http://www.gg-donor-eng54.today/se01/
url: http://www.hecguyexpert.xyz/se01/
url: http://www.hild-care-35264.bond/se01/
url: http://www.hilemonlam.xyz/se01/
url: http://www.inepoa.top/se01/
url: http://www.inwooja.info/se01/
url: http://www.irhome.today/se01/
url: http://www.iseca-one.pro/se01/
url: http://www.itnessnewera.run/se01/
url: http://www.ivomozx.xyz/se01/
url: http://www.k0yc.shop/se01/
url: http://www.lectriccarswelz7x2e.today/se01/
url: http://www.levateedge.tech/se01/
url: http://www.limdresser.biz/se01/
url: http://www.mnet.cloud/se01/
url: http://www.mwakop.xyz/se01/
url: http://www.nergizeandcreate.net/se01/
url: http://www.ntoxicate.xyz/se01/
url: http://www.nvexpro.net/se01/
url: http://www.ohnvegascasino.info/se01/
url: http://www.onvertemailclicker.xyz/se01/
url: http://www.oogsql.click/se01/
url: http://www.oundpump.fun/se01/
url: http://www.oving-jobs-68977.bond/se01/
url: http://www.raceroots.farm/se01/
url: http://www.rainrealm.xyz/se01/
url: http://www.reamsexperienceacademy.net/se01/
url: http://www.remioscasadabarra.shop/se01/
url: http://www.rganiktraffic.biz/se01/
url: http://www.rimecapital.online/se01/
url: http://www.rooke2business.info/se01/
url: http://www.sedcarloan-mx-98347.today/se01/
url: http://www.unta-cana-ca.xyz/se01/
url: http://www.uturetechrevolution.live/se01/
url: http://www.vtoljourney.xyz/se01/
url: http://www.whendrix.net/se01/
url: http://www.xergames.net/se01/
url: http://www.yaranix.live/se01/
url: http://www.ynogut-official.shop/se01/
domain: www.31502.xyz
domain: www.34lirh126r.shop
domain: www.45442.xyz
domain: www.5b7casino.club
domain: www.acha88.info
domain: www.airgo.shop
domain: www.aishua.cfd
domain: www.anvue.pro
domain: www.ar-deals-ster.sbs
domain: www.arboniq.tech
domain: www.arhyupe.today
domain: www.arrinblog.shop
domain: www.ashoppe.pro
domain: www.aturalbeautyvacation.live
domain: www.awiste.shop
domain: www.ddiesart.shop
domain: www.dgtal.fyi
domain: www.dt75.top
domain: www.dvertising-courses-79101.bond
domain: www.dytxzzm.xyz
domain: www.echrdns.xyz
domain: www.ediser.health
domain: www.edug.info
domain: www.ent-cleaning-103.cfd
domain: www.et-toothpaste.xyz
domain: www.eyogludonusum.online
domain: www.gg-donor-eng54.today
domain: www.hecguyexpert.xyz
domain: www.hild-care-35264.bond
domain: www.hilemonlam.xyz
domain: www.inepoa.top
domain: www.inwooja.info
domain: www.irhome.today
domain: www.iseca-one.pro
domain: www.itnessnewera.run
domain: www.ivomozx.xyz
domain: www.k0yc.shop
domain: www.lectriccarswelz7x2e.today
domain: www.levateedge.tech
domain: www.limdresser.biz
domain: www.mnet.cloud
domain: www.mwakop.xyz
domain: www.nergizeandcreate.net
domain: www.ntoxicate.xyz
domain: www.nvexpro.net
domain: www.ohnvegascasino.info
domain: www.onvertemailclicker.xyz
domain: www.oogsql.click
domain: www.oundpump.fun
domain: www.oving-jobs-68977.bond
domain: www.raceroots.farm
domain: www.rainrealm.xyz
domain: www.reamsexperienceacademy.net
domain: www.remioscasadabarra.shop
domain: www.rganiktraffic.biz
domain: www.rimecapital.online
domain: www.rooke2business.info
domain: www.sedcarloan-mx-98347.today
domain: www.unta-cana-ca.xyz
domain: www.uturetechrevolution.live
domain: www.vtoljourney.xyz
domain: www.whendrix.net
domain: www.xergames.net
domain: www.yaranix.live
domain: www.ynogut-official.shop
domain: bush-ana.gl.at.ply.gg
domain: companies-like.gl.at.ply.gg
file: 147.185.221.25
hash: 23913
url: http://touxzw.ir/scc1/five/fre.php
domain: classycribe.top
domain: eyertacric.top
domain: readdystayer.top
domain: ruffyfavour.top
domain: securerewinde.top
domain: syprassebone.top
domain: trickyseane.top
domain: turnkindgrai.top
domain: comedyewpest.fun
domain: hutmosquwz.fun
domain: languarel.fun
domain: thesiaawwor.fun
domain: bzondingmoments.tech
domain: eczofriendlychoices.tech
file: 172.65.147.108
hash: 22
file: 45.90.12.222
hash: 1337
file: 209.141.33.129
hash: 1338
file: 45.15.158.6
hash: 81
file: 199.195.252.167
hash: 1337
file: 194.85.251.75
hash: 1337
file: 185.208.159.200
hash: 1337
file: 185.91.69.142
hash: 1337
file: 209.141.62.176
hash: 1338
file: 162.19.192.198
hash: 6643
file: 80.76.49.221
hash: 1337
file: 199.195.251.203
hash: 1337
file: 128.0.118.51
hash: 1337
file: 147.135.99.254
hash: 666
file: 37.59.181.219
hash: 666
file: 162.248.102.170
hash: 1337
file: 198.27.107.169
hash: 666
file: 62.60.156.32
hash: 1337
file: 135.148.129.33
hash: 666
file: 196.251.91.59
hash: 1337
file: 165.140.8.5
hash: 10000
file: 198.251.89.178
hash: 6969
file: 147.135.3.193
hash: 8080
file: 51.81.104.118
hash: 1195
file: 45.88.9.226
hash: 1338
file: 51.79.123.249
hash: 10000
file: 138.124.123.156
hash: 1337
file: 45.13.225.196
hash: 1337
file: 128.0.118.23
hash: 1337
file: 196.251.87.118
hash: 1337
file: 51.81.65.106
hash: 10000
file: 196.251.90.117
hash: 1337
file: 45.86.155.252
hash: 1337
file: 196.251.90.76
hash: 1337
file: 2.56.165.139
hash: 1338
file: 2.57.19.42
hash: 1337
file: 74.50.81.60
hash: 1337
file: 45.45.237.44
hash: 1337
file: 198.50.200.192
hash: 10000
file: 185.14.92.70
hash: 1337
file: 45.11.229.125
hash: 1338
file: 82.23.183.119
hash: 8080
file: 82.23.183.119
hash: 7070
file: 179.61.253.95
hash: 2052
file: 135.148.129.37
hash: 7070
file: 37.59.181.218
hash: 10000
file: 198.91.25.130
hash: 10000
file: 196.251.83.83
hash: 1337
file: 51.81.65.105
hash: 666
file: 45.139.104.149
hash: 1337
file: 185.14.92.169
hash: 1337
file: 204.76.203.183
hash: 1338
file: 62.60.157.244
hash: 10000
file: 45.137.207.144
hash: 22
file: 185.198.234.221
hash: 1337
file: 104.234.168.45
hash: 1337
file: 104.234.168.45
hash: 8080
file: 46.247.108.131
hash: 8080
file: 193.200.78.41
hash: 8888
file: 193.200.78.41
hash: 888
file: 185.228.81.250
hash: 9090
file: 37.235.55.68
hash: 1987
domain: sandbox.yunqof.shop
url: https://sandbox.yunqof.shop/macan.mp3
domain: ghost-name.pages.dev
url: https://ghost-name.pages.dev/website
file: 216.9.225.75
hash: 8046
file: 166.108.234.74
hash: 80
file: 1.118.35.47
hash: 80
file: 1.118.35.47
hash: 443
file: 176.65.141.245
hash: 7707
file: 185.208.156.169
hash: 6502
file: 128.90.123.183
hash: 8808
file: 45.138.16.143
hash: 6606
file: 98.83.120.7
hash: 8808
file: 176.65.134.78
hash: 8089
file: 176.65.142.198
hash: 8089
domain: cpanel.bestteamofufabetgames.xyz
domain: webdisk.sportscasino.website
domain: cpcalendars.top5business.xyz
domain: cpcontacts.bestreadup.xyz
domain: webmail.handufabetgames.xyz
domain: webdisk.shalownewssab.com
domain: cpanel.techgambuzz.xyz
domain: cpanel.topthounds1.xyz
domain: cpcontacts.shalownewssab.com
domain: webdisk.tectotechnology.com
domain: cpcontacts.bestufaneedsgames.xyz
domain: webmail.bjshomeimprovement.website
domain: webdisk.b2bbsuiness.xyz
domain: webmail.toplavishnewz.com
file: 46.246.86.10
hash: 9000
file: 196.251.83.37
hash: 2000
domain: ntstealer.shop
file: 44.210.138.111
hash: 80
file: 95.164.52.33
hash: 80
url: https://onlyfans.so/mileyof
file: 107.189.31.150
hash: 1302
file: 107.189.31.150
hash: 9473
domain: check.jysz.shop
url: https://check.jysz.shop/gkcxv.google
file: 47.104.181.208
hash: 443
file: 164.90.151.97
hash: 1311
file: 134.122.53.54
hash: 1311
file: 170.64.198.196
hash: 1311
file: 167.99.190.4
hash: 1311
file: 142.93.173.110
hash: 1311
file: 170.64.221.8
hash: 1311
file: 206.189.46.226
hash: 1311
file: 167.172.160.222
hash: 1311
file: 45.14.224.97
hash: 1311
file: 206.189.4.45
hash: 1311
file: 139.59.45.165
hash: 1311
file: 68.183.34.11
hash: 1311
file: 165.22.227.75
hash: 1311
file: 139.59.226.19
hash: 1311
file: 138.68.156.151
hash: 1311
file: 159.89.123.72
hash: 1311
file: 209.38.30.238
hash: 1311
file: 165.22.116.233
hash: 1311
file: 157.245.56.174
hash: 1311
file: 159.89.227.55
hash: 1311
file: 143.198.201.134
hash: 1311
file: 46.101.121.254
hash: 1311
file: 128.199.35.104
hash: 1311
file: 147.182.241.94
hash: 1311
file: 143.110.229.153
hash: 1311
file: 167.172.35.36
hash: 1311
file: 167.172.73.72
hash: 1311
file: 206.81.2.56
hash: 1311
file: 128.199.56.142
hash: 1311
file: 159.223.74.127
hash: 1311
file: 64.225.52.129
hash: 1311
file: 146.190.30.159
hash: 1311
file: 159.223.85.44
hash: 1311
file: 137.184.37.183
hash: 1311
file: 134.209.241.33
hash: 1311
file: 139.59.46.142
hash: 1311
file: 134.122.50.242
hash: 1311
file: 170.64.224.151
hash: 1311
file: 159.89.198.214
hash: 1311
file: 209.38.27.236
hash: 1311
file: 170.64.205.51
hash: 1311
file: 170.64.235.124
hash: 1311
file: 45.87.43.24
hash: 1311
file: 170.64.170.215
hash: 1311
file: 45.87.43.193
hash: 1311
file: 81.92.223.20
hash: 1311
file: 144.172.91.73
hash: 1311
file: 107.189.19.106
hash: 1311
file: 95.169.203.15
hash: 1311
file: 164.90.151.97
hash: 1401
file: 134.122.53.54
hash: 1401
file: 170.64.198.196
hash: 1401
file: 167.99.190.4
hash: 1401
file: 142.93.173.110
hash: 1401
file: 170.64.221.8
hash: 1401
file: 206.189.46.226
hash: 1401
file: 167.172.160.222
hash: 1401
file: 45.14.224.97
hash: 1401
file: 206.189.4.45
hash: 1401
file: 139.59.45.165
hash: 1401
file: 68.183.34.11
hash: 1401
file: 165.22.227.75
hash: 1401
file: 139.59.226.19
hash: 1401
file: 138.68.156.151
hash: 1401
file: 159.89.123.72
hash: 1401
file: 209.38.30.238
hash: 1401
file: 165.22.116.233
hash: 1401
file: 157.245.56.174
hash: 1401
file: 159.89.227.55
hash: 1401
file: 143.198.201.134
hash: 1401
file: 46.101.121.254
hash: 1401
file: 128.199.35.104
hash: 1401
file: 147.182.241.94
hash: 1401
file: 143.110.229.153
hash: 1401
file: 167.172.35.36
hash: 1401
file: 167.172.73.72
hash: 1401
file: 206.81.2.56
hash: 1401
file: 128.199.56.142
hash: 1401
file: 159.223.74.127
hash: 1401
file: 64.225.52.129
hash: 1401
file: 146.190.30.159
hash: 1401
file: 159.223.85.44
hash: 1401
file: 137.184.37.183
hash: 1401
file: 134.209.241.33
hash: 1401
file: 139.59.46.142
hash: 1401
file: 134.122.50.242
hash: 1401
file: 170.64.224.151
hash: 1401
file: 159.89.198.214
hash: 1401
file: 209.38.27.236
hash: 1401
file: 170.64.205.51
hash: 1401
file: 170.64.235.124
hash: 1401
file: 45.87.43.24
hash: 1401
file: 170.64.170.215
hash: 1401
file: 45.87.43.193
hash: 1401
file: 81.92.223.20
hash: 1401
file: 144.172.91.73
hash: 1401
file: 107.189.19.106
hash: 1401
file: 95.169.203.15
hash: 1401
file: 5.182.226.142
hash: 35724
url: https://patatespuresii.com/mwrlotuyyjexm2ew/
url: https://forummarkam54.com/mwrlotuyyjexm2ew/
url: https://forumkombinee.com/mwrlotuyyjexm2ew/
url: https://kemikforum34.com/mwrlotuyyjexm2ew/
domain: hvsdkfjfhj-sd-1.pro
domain: test.stg.bitthebyte.com
file: 84.247.132.220
hash: 53
domain: cluster.buydoorlitesandlouvers.com
url: https://wreckerroom.run/api
url: http://touxzw.ir/scc1/five/pvqdq929bsx_a_d_m1n_a.php
url: http://u1.previewcapped.shop/linkin-park-faint.mp3
domain: u1.previewcapped.shop
url: http://f1088688.xsph.ru/2beac530.php
url: https://sunotels.com/4r6y.js
domain: sunotels.com
url: https://sunotels.com/js.php
domain: jaguar-becomes-compare-chapter.trycloudflare.com
file: 18.222.225.114
hash: 50000
file: 18.222.225.114
hash: 35000
file: 3.69.51.52
hash: 7634
file: 168.100.10.21
hash: 443
file: 185.142.184.156
hash: 7443
file: 91.208.104.150
hash: 4433
file: 116.205.179.202
hash: 8080
file: 175.27.129.168
hash: 8888
file: 213.199.55.238
hash: 8888
file: 186.169.87.220
hash: 2404
file: 104.245.240.212
hash: 2404
file: 176.65.144.14
hash: 8000
file: 163.172.125.253
hash: 401
domain: webmail.homeimprovementbusiness.xyz
domain: webdisk.generalspotline.org
domain: webmail.bestpotworldzhb.xyz
domain: webdisk.artisansrealm.xyz
domain: webdisk.bestgamesofufabet.xyz
domain: cpcontacts.yesmoretotogamesnewz.xyz
domain: cpcalendars.newzmediaworld.xyz
domain: webmail.welovetotogames.xyz
domain: cpcalendars.tectotechnologynewzz.xyz
domain: cpanel.artnewzdaily.xyz
domain: webdisk.gamesofart1.xyz
domain: cpanel.artisansrealm.xyz
domain: webmail.fashionsforts.website
domain: cpcalendars.top10gamesofoto1.xyz
domain: webdisk.businessportal.website
domain: cpcontacts.fastnewclub.xyz
domain: cpanel.homeimprovementbusiness.xyz
domain: webdisk.totomaker1.website
domain: webdisk.10bestgamesofufabet.xyz
domain: cpcalendars.ufatopgames.website
domain: cpcalendars.mtpolice21.website
domain: cpanel.5bestufabetgames.xyz
domain: cpcalendars.mtstronggame7.xyz
domain: cpcalendars.games777games.xyz
domain: cpanel.ashionof121.xyz
domain: cpanel.superbbusiness.xyz
domain: webdisk.techspilotx.website
domain: webdisk.bestofufabetgames.xyz
domain: cpcalendars.time2levelz.xyz
domain: webmail.theyestechnewsz.xyz
domain: webmail.homeimprovementbrad.website
domain: webdisk.techgambuzz.xyz
domain: cpanel.livninspot.xyz
domain: www.repoman.io
domain: cpanel.gamesandufabetpro.website
domain: cpanel.dmhubnewsz.website
domain: cpcalendars.topthounds1.xyz
domain: webdisk.newdmkey.xyz
domain: cpcalendars.bestpotworldzhb.xyz
domain: cpanel.okiamwithtotogames.xyz
file: 118.68.174.28
hash: 4444
file: 47.239.188.78
hash: 8080
file: 195.82.147.35
hash: 591
domain: mail.themamadi.ir
file: 89.213.140.146
hash: 23
file: 154.40.44.82
hash: 18211
file: 13.232.23.11
hash: 60000
file: 176.44.122.135
hash: 995
file: 38.126.57.211
hash: 443
file: 39.40.145.128
hash: 995
file: 46.246.241.166
hash: 995
file: 54.221.185.249
hash: 443
file: 78.182.40.67
hash: 443
domain: d.4ttechnology.com
url: https://d.4ttechnology.com/
url: http://u1.previewcapped.shop/linkinpark-faint.mp3
domain: disobilittyhell.live
file: 101.72.199.35
hash: 80
file: 116.177.227.35
hash: 80
file: 120.226.20.35
hash: 80
file: 175.12.110.35
hash: 80
file: 27.221.38.35
hash: 80
file: 39.91.182.35
hash: 80
url: https://oamp.od.nih.gov/
domain: oamp.od.nih.gov

Source: ThreatFox

Published: Tue Feb 25 2025

ThreatFox IOCs for 2025-02-25

Medium

Malwaretype:osint tlp:white

Published: Tue Feb 25 2025 (02/25/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-02-25

AI-Powered Analysis

AILast updated: 06/19/2025, 16:18:55 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 5d85e05d-c87e-4a04-a4e9-5e963bd4fd60
Original Timestamp: 1740528186

Indicators of Compromise

Domain

Value	Description	Copy
domaincheck.wuhav.icu	ClearFake payload delivery domain (confidence level: 100%)
domainmildpacewp.today	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsubawhipnator.life	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaindisastecouse.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainthinkbettersoul.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindilutedlikel.bet	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsellroofed.bet	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbillesafed.life	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlgkitstart.life	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpasswodbroked.life	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincancepatrok.today	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainconceived.today	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmarathinwulke.today	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainethnicracker.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainferilwk2301.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhorizonedcream.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpraisednette.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainblissfttulmoments.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwebdisk.homeaddition.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.shakdmisab.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.generalztipsal.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.topthounds1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.gameswithufabet.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.10bestgamesofufabet.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.toptechnewz11.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.totogames1network.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.onebusinessportal.website	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.toriters7.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.homeimprovementbloopers.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.topthounds1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.superbbusiness.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.fstnewmedia.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.levelfrstdm.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.start7pros.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.topgadgettechnewz1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.fivetopbusiness.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.fashionsforts.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.medtopzhub.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.bsttoolswx.website	Havoc botnet C2 domain (confidence level: 100%)
domainwww.h2952531.stratoserver.net	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.modegenerlshub.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.businessnewznetwork.website	Havoc botnet C2 domain (confidence level: 100%)
domaingeges.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingomys.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlivlivproliv.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlivlivvavavava.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpywop.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainqifyv.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrihem.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainxyxyc.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincommercfriek.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjewellycotten.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwebdisk.topfiveufabetgames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.gamesofart1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.ufabetlover10.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.bestblogznews.com	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.upnddownapps.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.toplvlnewz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.ufabetgameslover89.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.ufabetgames1010.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.magzineviralzhubz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.fivetopbusiness.website	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.wellcartnewzhub.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.toptechnewz11.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.textcentrzdmnewz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.mindfulwellnesshq.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.ufabetgameslover.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.topzbuscartio.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.yesmoretotogamesnewz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainpstest.shortkino.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwebmail.tectotechnology.com	Havoc botnet C2 domain (confidence level: 100%)
domaincheck.tokep.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.jywyj.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.hegk.shop	ClearFake payload delivery domain (confidence level: 100%)
domainangela.spklove.com	Mirai botnet C2 domain (confidence level: 75%)
domaincnc-boatnet.vpnvn4g.com	Mirai botnet C2 domain (confidence level: 50%)
domainrykeen.duckdns.org	Mirai botnet C2 domain (confidence level: 50%)
domainniggahunter-28633.portmap.io	Quasar RAT botnet C2 domain (confidence level: 50%)
domainaboki2025.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainsellers-given.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domaininfinett.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domaininvestiigato.website	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainopenheartljiving.tech	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpausedcritiaca.fun	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpetlovinstop.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainposqvevibesonly.tech	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainrefledesige.online	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsoqulfonections.tech	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwqanderludreams.tech	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbrightfuturjes.tech	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainenlagrestatem.bet	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaininspiringjstories.tech	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpastedeputten.life	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsterilizeflow.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainturngallerudgo.icu	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainadx-crm.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainmx.4ttechnology.ch	Vidar botnet C2 domain (confidence level: 100%)
domainfua.4t.com	Vidar botnet C2 domain (confidence level: 100%)
domain45.120.60.34.bc.googleusercontent.com	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.latestsportshub.com	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.allnewznetworksofarts.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.totogamesnetwork.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.gamesofart.com	Havoc botnet C2 domain (confidence level: 100%)
domaincheck.byzl.shop	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.zajp.shop	ClearFake payload delivery domain (confidence level: 100%)
domainsoftware.adx-crm.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaingreengrocery.dreamteamuser.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainomd.tap-fap.net	KillDisk (Lazarus) botnet C2 domain (confidence level: 100%)
domaing35gra2c2.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainly.depraveddivinelyresubmit.shop	Lumma Stealer payload delivery domain (confidence level: 100%)
domaincheck.wiqn.shop	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.sult.shop	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.johw.shop	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.wivp.shop	ClearFake payload delivery domain (confidence level: 100%)
domainhackerman12.zapto.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainhackyup.no-ip.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domaintomar0.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainpython453.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainabogaism.zapto.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainentony.no-ip.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainxtremerat2.zapto.org	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainbboyhacker.no-ip.info	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainthoxt11.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainsalah00.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainlave.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainmietzekotze.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainpato.no-ip.biz	Xtreme RAT botnet C2 domain (confidence level: 100%)
domainhostsrvtogoodnews.camdvr.org	Mirai botnet C2 domain (confidence level: 100%)
domainbotnet.nightcnc.space	Mirai botnet C2 domain (confidence level: 100%)
domainmanga2323.duckdns.org	SpyNote botnet C2 domain (confidence level: 100%)
domaincomes-sticker.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainnora1988.ddns.net	SpyNote botnet C2 domain (confidence level: 100%)
domainor-replication.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainprotection-ballot.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainif-af.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domainsynoacoustic-21109.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domaindollarxone-26572.portmap.host	SpyNote botnet C2 domain (confidence level: 100%)
domainstarted-deadline.gl.at.ply.gg	SpyNote botnet C2 domain (confidence level: 100%)
domaincheck.gunh.shop	ClearFake payload delivery domain (confidence level: 100%)
domaincapcutproai.com	RemoteControl payload delivery domain (confidence level: 100%)
domainauthenticate-meta.com	RemoteControl payload delivery domain (confidence level: 100%)
domainvancadreamlab.com	RemoteControl payload delivery domain (confidence level: 100%)
domaincavadreamlab.com	RemoteControl payload delivery domain (confidence level: 100%)
domaincanvaproai.com	RemoteControl payload delivery domain (confidence level: 100%)
domainxmetavn.com	RemoteControl payload delivery domain (confidence level: 100%)
domaincanva-dreamlab.com	RemoteControl payload delivery domain (confidence level: 100%)
domainadobe-express.com	RemoteControl payload delivery domain (confidence level: 100%)
domaincpcalendars.techdeepart.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.theonesevennews.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.magazinebestnetworkz.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.ranknewzmedia.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.toto7vgames.com	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.canvatechsports.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.topdmdarama.com	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.expressnewzgames.com	Havoc botnet C2 domain (confidence level: 100%)
domainwreckerroom.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpresentymusse.world	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainboltetuurked.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainblissfulmirzakhani.zscaler.skytapdns.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincheck.cipx.shop	ClearFake payload delivery domain (confidence level: 100%)
domainsocksforrocks.shop	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincheck.codh.shop	ClearFake payload delivery domain (confidence level: 100%)
domainftp.4ttechnology.ch	Vidar botnet C2 domain (confidence level: 100%)
domaincheck.miwj.shop	ClearFake payload delivery domain (confidence level: 100%)
domainwww.31502.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.34lirh126r.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.45442.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.5b7casino.club	Formbook botnet C2 domain (confidence level: 50%)
domainwww.acha88.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.airgo.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aishua.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.anvue.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ar-deals-ster.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arboniq.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arhyupe.today	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arrinblog.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ashoppe.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aturalbeautyvacation.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.awiste.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ddiesart.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dgtal.fyi	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dt75.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dvertising-courses-79101.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dytxzzm.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.echrdns.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ediser.health	Formbook botnet C2 domain (confidence level: 50%)
domainwww.edug.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ent-cleaning-103.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.et-toothpaste.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eyogludonusum.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.gg-donor-eng54.today	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hecguyexpert.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hild-care-35264.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hilemonlam.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.inepoa.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.inwooja.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.irhome.today	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iseca-one.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.itnessnewera.run	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ivomozx.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.k0yc.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lectriccarswelz7x2e.today	Formbook botnet C2 domain (confidence level: 50%)
domainwww.levateedge.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.limdresser.biz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mnet.cloud	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mwakop.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nergizeandcreate.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ntoxicate.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nvexpro.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ohnvegascasino.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.onvertemailclicker.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oogsql.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oundpump.fun	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oving-jobs-68977.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.raceroots.farm	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rainrealm.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.reamsexperienceacademy.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.remioscasadabarra.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rganiktraffic.biz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rimecapital.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rooke2business.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sedcarloan-mx-98347.today	Formbook botnet C2 domain (confidence level: 50%)
domainwww.unta-cana-ca.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uturetechrevolution.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.vtoljourney.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.whendrix.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xergames.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yaranix.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ynogut-official.shop	Formbook botnet C2 domain (confidence level: 50%)
domainbush-ana.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domaincompanies-like.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainclassycribe.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineyertacric.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainreaddystayer.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainruffyfavour.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsecurerewinde.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsyprassebone.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintrickyseane.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainturnkindgrai.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincomedyewpest.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhutmosquwz.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlanguarel.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainthesiaawwor.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbzondingmoments.tech	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineczofriendlychoices.tech	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsandbox.yunqof.shop	ClearFake payload delivery domain (confidence level: 100%)
domainghost-name.pages.dev	ClearFake payload delivery domain (confidence level: 100%)
domaincpanel.bestteamofufabetgames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.sportscasino.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.top5business.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.bestreadup.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.handufabetgames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.shalownewssab.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.techgambuzz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.topthounds1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.shalownewssab.com	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.tectotechnology.com	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.bestufaneedsgames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.bjshomeimprovement.website	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.b2bbsuiness.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.toplavishnewz.com	Havoc botnet C2 domain (confidence level: 100%)
domainntstealer.shop	Unknown malware botnet C2 domain (confidence level: 100%)
domaincheck.jysz.shop	ClearFake payload delivery domain (confidence level: 100%)
domainhvsdkfjfhj-sd-1.pro	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintest.stg.bitthebyte.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincluster.buydoorlitesandlouvers.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainu1.previewcapped.shop	ClearFake payload delivery domain (confidence level: 100%)
domainsunotels.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainjaguar-becomes-compare-chapter.trycloudflare.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwebmail.homeimprovementbusiness.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.generalspotline.org	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.bestpotworldzhb.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.artisansrealm.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.bestgamesofufabet.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.yesmoretotogamesnewz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.newzmediaworld.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.welovetotogames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.tectotechnologynewzz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.artnewzdaily.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.gamesofart1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.artisansrealm.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.fashionsforts.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.top10gamesofoto1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.businessportal.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.fastnewclub.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.homeimprovementbusiness.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.totomaker1.website	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.10bestgamesofufabet.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.ufatopgames.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.mtpolice21.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.5bestufabetgames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.mtstronggame7.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.games777games.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.ashionof121.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.superbbusiness.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.techspilotx.website	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.bestofufabetgames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.time2levelz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.theyestechnewsz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.homeimprovementbrad.website	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.techgambuzz.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.livninspot.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwww.repoman.io	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.gamesandufabetpro.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.dmhubnewsz.website	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.topthounds1.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.newdmkey.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.bestpotworldzhb.xyz	Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.okiamwithtotogames.xyz	Havoc botnet C2 domain (confidence level: 100%)
domainmail.themamadi.ir	Unknown malware botnet C2 domain (confidence level: 100%)
domaind.4ttechnology.com	Vidar botnet C2 domain (confidence level: 100%)
domaindisobilittyhell.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainoamp.od.nih.gov	ClearFake payload delivery domain (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://161.248.87.243:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://mildpacewp.today/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://mizo.dorklifedubbed.shop/bdc2be5bddda548dec3c2d88464a698627ac9447aae621d8.wks	Lumma Stealer payload delivery URL (confidence level: 75%)
urlhttp://167.71.76.68:80	Hook botnet C2 (confidence level: 100%)
urlhttp://176.65.134.52:80	Hook botnet C2 (confidence level: 100%)
urlhttp://98.70.54.204:80	Hook botnet C2 (confidence level: 100%)
urlhttps://92.255.85.21:45051	Hook botnet C2 (confidence level: 100%)
urlhttps://185.147.124.227:45051	Hook botnet C2 (confidence level: 100%)
urlhttps://karakacan3435.com/zjq2njg0mwjjnge0/	Coper botnet C2 (confidence level: 100%)
urlhttp://94.156.177.41/sss3/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://94.156.177.41/sss3/five/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)
urlhttp://azamatpa.beget.tech/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://714280cm.nyanyash.ru/provider_.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://check.tokep.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://needleperson.icu/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://check.jywyj.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.hegk.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://94.156.177.41/sss3/five/pvqdq929bsx_a_d_m1n_a.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 50%)
urlhttp://88.255.216.16/landpage?op=1&ms=http://touxzw.ir/sss2/five/pvqdq929bsx_a_d_m1n_a.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 50%)
urlhttps://livlivproliv.shop/api	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://blissfttulmoments.top/login	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://t.me/fvtdonvfcmdw	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://steamcommunity.com/profiles/76561199829660832	Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/l793oy	Vidar botnet C2 (confidence level: 100%)
urlhttps://mx.4ttechnology.ch/	Vidar botnet C2 (confidence level: 100%)
urlhttps://159.69.100.232/	Vidar botnet C2 (confidence level: 100%)
urlhttps://fua.4t.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://check.byzl.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.zajp.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.wiqn.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.sult.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.johw.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://pastebin.com/raw/lwwcrlg4	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://check.wivp.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://317827cm.shnyash.ru/providerauthtestdle.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://check.gunh.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://u1.possibleshimmer.shop/linkin-park-faint.mp3	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.cipx.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://socksforrocks.shop/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://socksforrocks.shop/work/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://socksforrocks.shop/work/up.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://kusal.com/nskbfltr.zip	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://check.codh.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ftp.4ttechnology.ch/	Vidar botnet C2 (confidence level: 100%)
urlhttps://check.miwj.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://81.94.156.41/5poll/providervideopacket/apiserver54/pipevmprocessor/4longpoll/bigloadtest/6universal3eternal/templinepolltrack/uploads85/6/local18/secure/_/test/datalifepython/mariadb2/providerpythonprocessorbigloadpublicprivate.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://www.31502.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.34lirh126r.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.45442.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.5b7casino.club/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.acha88.info/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.airgo.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aishua.cfd/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.anvue.pro/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ar-deals-ster.sbs/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arboniq.tech/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arhyupe.today/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arrinblog.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ashoppe.pro/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aturalbeautyvacation.live/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.awiste.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ddiesart.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dgtal.fyi/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dt75.top/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dvertising-courses-79101.bond/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dytxzzm.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.echrdns.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ediser.health/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.edug.info/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ent-cleaning-103.cfd/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.et-toothpaste.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eyogludonusum.online/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gg-donor-eng54.today/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hecguyexpert.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hild-care-35264.bond/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hilemonlam.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inepoa.top/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inwooja.info/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.irhome.today/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iseca-one.pro/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itnessnewera.run/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ivomozx.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.k0yc.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lectriccarswelz7x2e.today/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.levateedge.tech/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.limdresser.biz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mnet.cloud/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mwakop.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nergizeandcreate.net/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ntoxicate.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nvexpro.net/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ohnvegascasino.info/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.onvertemailclicker.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oogsql.click/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oundpump.fun/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oving-jobs-68977.bond/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.raceroots.farm/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rainrealm.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.reamsexperienceacademy.net/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.remioscasadabarra.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rganiktraffic.biz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rimecapital.online/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rooke2business.info/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sedcarloan-mx-98347.today/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unta-cana-ca.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uturetechrevolution.live/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vtoljourney.xyz/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.whendrix.net/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xergames.net/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yaranix.live/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ynogut-official.shop/se01/	Formbook botnet C2 (confidence level: 50%)
urlhttp://touxzw.ir/scc1/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttps://sandbox.yunqof.shop/macan.mp3	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ghost-name.pages.dev/website	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://onlyfans.so/mileyof	XWorm payload delivery URL (confidence level: 50%)
urlhttps://check.jysz.shop/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://patatespuresii.com/mwrlotuyyjexm2ew/	Coper botnet C2 (confidence level: 80%)
urlhttps://forummarkam54.com/mwrlotuyyjexm2ew/	Coper botnet C2 (confidence level: 80%)
urlhttps://forumkombinee.com/mwrlotuyyjexm2ew/	Coper botnet C2 (confidence level: 80%)
urlhttps://kemikforum34.com/mwrlotuyyjexm2ew/	Coper botnet C2 (confidence level: 80%)
urlhttps://wreckerroom.run/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://touxzw.ir/scc1/five/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)
urlhttp://u1.previewcapped.shop/linkin-park-faint.mp3	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://f1088688.xsph.ru/2beac530.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://sunotels.com/4r6y.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://sunotels.com/js.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://d.4ttechnology.com/	Vidar botnet C2 (confidence level: 100%)
urlhttp://u1.previewcapped.shop/linkinpark-faint.mp3	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://oamp.od.nih.gov/	ClearFake payload delivery URL (confidence level: 100%)

File

Value	Description	Copy
file142.54.181.50	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.174.39.161	Cobalt Strike botnet C2 server (confidence level: 100%)
file147.124.215.24	Remcos botnet C2 server (confidence level: 100%)
file165.154.230.180	Sliver botnet C2 server (confidence level: 100%)
file101.32.7.104	Sliver botnet C2 server (confidence level: 100%)
file167.86.160.250	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.15.13.254	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file18.132.193.183	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.152.112.137	Bashlite botnet C2 server (confidence level: 100%)
file104.168.101.23	Bashlite botnet C2 server (confidence level: 100%)
file107.148.47.186	ValleyRAT botnet C2 server (confidence level: 100%)
file104.168.101.23	Mirai botnet C2 server (confidence level: 75%)
file34.31.146.135	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.152.193.151	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.94.9.172	Remcos botnet C2 server (confidence level: 100%)
file104.245.240.121	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.102.227	AsyncRAT botnet C2 server (confidence level: 100%)
file107.189.27.82	Hook botnet C2 server (confidence level: 100%)
file193.232.179.46	Hook botnet C2 server (confidence level: 100%)
file181.162.147.248	Quasar RAT botnet C2 server (confidence level: 100%)
file191.19.117.170	Quasar RAT botnet C2 server (confidence level: 100%)
file45.192.102.5	MooBot botnet C2 server (confidence level: 100%)
file185.234.65.107	Chaos botnet C2 server (confidence level: 100%)
file148.163.80.27	Unknown malware botnet C2 server (confidence level: 100%)
file192.9.157.200	Cobalt Strike botnet C2 server (confidence level: 100%)
file34.133.239.110	Sliver botnet C2 server (confidence level: 90%)
file196.251.85.139	Havoc botnet C2 server (confidence level: 100%)
file45.144.53.159	Unknown malware botnet C2 server (confidence level: 100%)
file46.114.23.86	Unknown malware botnet C2 server (confidence level: 100%)
file34.231.197.255	Unknown malware botnet C2 server (confidence level: 100%)
file139.9.205.149	Unknown malware botnet C2 server (confidence level: 100%)
file92.36.149.96	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.73.142	Unknown malware botnet C2 server (confidence level: 100%)
file34.224.185.21	Unknown malware botnet C2 server (confidence level: 100%)
file159.100.14.49	Unknown malware botnet C2 server (confidence level: 100%)
file104.129.182.242	Unknown malware botnet C2 server (confidence level: 100%)
file47.108.180.6	Unknown malware botnet C2 server (confidence level: 100%)
file100.28.4.210	Unknown malware botnet C2 server (confidence level: 100%)
file170.64.170.31	Unknown malware botnet C2 server (confidence level: 100%)
file181.32.34.253	Unknown malware botnet C2 server (confidence level: 100%)
file5.223.53.193	Unknown malware botnet C2 server (confidence level: 100%)
file34.233.64.115	Unknown malware botnet C2 server (confidence level: 100%)
file173.187.25.55	QakBot botnet C2 server (confidence level: 100%)
file14.128.14.32	RedLine Stealer botnet C2 server (confidence level: 100%)
file190.111.98.121	AsyncRAT botnet C2 server (confidence level: 75%)
file190.111.98.121	AsyncRAT botnet C2 server (confidence level: 75%)
file190.111.98.121	AsyncRAT botnet C2 server (confidence level: 75%)
file190.111.98.121	AsyncRAT botnet C2 server (confidence level: 75%)
file193.143.1.118	Mirai botnet C2 server (confidence level: 75%)
file176.65.137.193	Bashlite botnet C2 server (confidence level: 75%)
file154.204.34.152	Cobalt Strike botnet C2 server (confidence level: 50%)
file39.104.52.246	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.109.65.22	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.109.65.22	Cobalt Strike botnet C2 server (confidence level: 50%)
file116.205.233.25	Cobalt Strike botnet C2 server (confidence level: 50%)
file160.202.232.242	Sliver botnet C2 server (confidence level: 50%)
file162.33.178.133	Sliver botnet C2 server (confidence level: 50%)
file88.210.35.197	Sliver botnet C2 server (confidence level: 50%)
file168.100.9.60	Unknown malware botnet C2 server (confidence level: 50%)
file89.247.50.83	Ghost RAT botnet C2 server (confidence level: 50%)
file34.241.196.130	BlackShades botnet C2 server (confidence level: 50%)
file45.14.18.82	Havoc botnet C2 server (confidence level: 50%)
file193.161.193.99	NjRAT botnet C2 server (confidence level: 50%)
file159.69.100.232	Vidar botnet C2 server (confidence level: 100%)
file116.203.10.65	Vidar botnet C2 server (confidence level: 100%)
file113.45.216.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.236.150.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.186.250	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.88.112	Cobalt Strike botnet C2 server (confidence level: 100%)
file83.229.83.23	Cobalt Strike botnet C2 server (confidence level: 100%)
file212.64.12.21	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.111.216.79	Remcos botnet C2 server (confidence level: 100%)
file35.170.7.53	Sliver botnet C2 server (confidence level: 100%)
file14.226.87.219	AsyncRAT botnet C2 server (confidence level: 100%)
file31.57.166.120	AsyncRAT botnet C2 server (confidence level: 100%)
file87.121.79.90	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.85.215	Havoc botnet C2 server (confidence level: 100%)
file176.65.137.13	Mirai botnet C2 server (confidence level: 75%)
file116.62.32.133	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.99.78.239	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.207.178.98	Cobalt Strike botnet C2 server (confidence level: 100%)
file166.88.101.20	DeimosC2 botnet C2 server (confidence level: 75%)
file68.106.72.82	QakBot botnet C2 server (confidence level: 75%)
file207.90.236.231	FAKEUPDATES botnet C2 server (confidence level: 100%)
file192.169.69.26	Remcos botnet C2 server (confidence level: 75%)
file43.131.244.144	Cobalt Strike botnet C2 server (confidence level: 75%)
file118.25.91.151	Cobalt Strike botnet C2 server (confidence level: 50%)
file45.61.151.27	Sliver botnet C2 server (confidence level: 50%)
file64.188.99.4	Sliver botnet C2 server (confidence level: 50%)
file99.71.156.88	Sliver botnet C2 server (confidence level: 50%)
file163.5.32.71	AsyncRAT botnet C2 server (confidence level: 50%)
file174.75.163.190	Xtreme RAT botnet C2 server (confidence level: 50%)
file35.171.7.143	BlackShades botnet C2 server (confidence level: 50%)
file118.122.8.156	Unknown malware botnet C2 server (confidence level: 50%)
file103.148.110.43	Unknown malware botnet C2 server (confidence level: 50%)
file206.119.117.107	SpyNote botnet C2 server (confidence level: 100%)
file157.245.144.27	SpyNote botnet C2 server (confidence level: 100%)
file147.185.221.26	SpyNote botnet C2 server (confidence level: 100%)
file113.45.158.254	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.141.166.236	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.155.6.37	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.180.219.190	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.222.19.7	Cobalt Strike botnet C2 server (confidence level: 100%)
file93.123.118.14	Remcos botnet C2 server (confidence level: 100%)
file149.28.145.214	ShadowPad botnet C2 server (confidence level: 90%)
file196.251.84.215	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.237	AsyncRAT botnet C2 server (confidence level: 100%)
file104.245.240.121	AsyncRAT botnet C2 server (confidence level: 100%)
file104.245.240.121	AsyncRAT botnet C2 server (confidence level: 100%)
file66.94.116.48	AsyncRAT botnet C2 server (confidence level: 100%)
file142.93.67.8	AsyncRAT botnet C2 server (confidence level: 100%)
file142.93.67.8	AsyncRAT botnet C2 server (confidence level: 100%)
file5.231.26.84	AsyncRAT botnet C2 server (confidence level: 100%)
file144.76.103.92	SectopRAT botnet C2 server (confidence level: 100%)
file102.117.165.169	Unknown malware botnet C2 server (confidence level: 100%)
file114.119.181.164	Unknown malware botnet C2 server (confidence level: 100%)
file43.131.244.144	Chaos botnet C2 server (confidence level: 100%)
file46.173.214.12	FAKEUPDATES payload delivery server (confidence level: 100%)
file45.192.168.10	ValleyRAT botnet C2 server (confidence level: 100%)
file206.198.152.91	Cobalt Strike botnet C2 server (confidence level: 75%)
file111.231.5.58	ValleyRAT botnet C2 server (confidence level: 100%)
file111.180.203.230	ValleyRAT botnet C2 server (confidence level: 100%)
file194.180.191.67	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.223.135.173	Unknown malware botnet C2 server (confidence level: 50%)
file94.98.194.15	Poison Ivy botnet C2 server (confidence level: 50%)
file159.89.166.123	Sliver botnet C2 server (confidence level: 50%)
file147.185.221.25	XWorm botnet C2 server (confidence level: 50%)
file172.65.147.108	Mirai botnet C2 server (confidence level: 100%)
file45.90.12.222	Mirai botnet C2 server (confidence level: 100%)
file209.141.33.129	Mirai botnet C2 server (confidence level: 100%)
file45.15.158.6	Mirai botnet C2 server (confidence level: 100%)
file199.195.252.167	Mirai botnet C2 server (confidence level: 100%)
file194.85.251.75	Mirai botnet C2 server (confidence level: 100%)
file185.208.159.200	Mirai botnet C2 server (confidence level: 100%)
file185.91.69.142	Mirai botnet C2 server (confidence level: 100%)
file209.141.62.176	Mirai botnet C2 server (confidence level: 100%)
file162.19.192.198	Mirai botnet C2 server (confidence level: 100%)
file80.76.49.221	Mirai botnet C2 server (confidence level: 100%)
file199.195.251.203	Mirai botnet C2 server (confidence level: 100%)
file128.0.118.51	Mirai botnet C2 server (confidence level: 100%)
file147.135.99.254	Mirai botnet C2 server (confidence level: 100%)
file37.59.181.219	Mirai botnet C2 server (confidence level: 100%)
file162.248.102.170	Mirai botnet C2 server (confidence level: 100%)
file198.27.107.169	Mirai botnet C2 server (confidence level: 100%)
file62.60.156.32	Mirai botnet C2 server (confidence level: 100%)
file135.148.129.33	Mirai botnet C2 server (confidence level: 100%)
file196.251.91.59	Mirai botnet C2 server (confidence level: 100%)
file165.140.8.5	Mirai botnet C2 server (confidence level: 100%)
file198.251.89.178	Mirai botnet C2 server (confidence level: 100%)
file147.135.3.193	Mirai botnet C2 server (confidence level: 100%)
file51.81.104.118	Mirai botnet C2 server (confidence level: 100%)
file45.88.9.226	Mirai botnet C2 server (confidence level: 100%)
file51.79.123.249	Mirai botnet C2 server (confidence level: 100%)
file138.124.123.156	Mirai botnet C2 server (confidence level: 100%)
file45.13.225.196	Mirai botnet C2 server (confidence level: 100%)
file128.0.118.23	Mirai botnet C2 server (confidence level: 100%)
file196.251.87.118	Mirai botnet C2 server (confidence level: 100%)
file51.81.65.106	Mirai botnet C2 server (confidence level: 100%)
file196.251.90.117	Mirai botnet C2 server (confidence level: 100%)
file45.86.155.252	Mirai botnet C2 server (confidence level: 100%)
file196.251.90.76	Mirai botnet C2 server (confidence level: 100%)
file2.56.165.139	Mirai botnet C2 server (confidence level: 100%)
file2.57.19.42	Mirai botnet C2 server (confidence level: 100%)
file74.50.81.60	Mirai botnet C2 server (confidence level: 100%)
file45.45.237.44	Mirai botnet C2 server (confidence level: 100%)
file198.50.200.192	Mirai botnet C2 server (confidence level: 100%)
file185.14.92.70	Mirai botnet C2 server (confidence level: 100%)
file45.11.229.125	Mirai botnet C2 server (confidence level: 100%)
file82.23.183.119	Mirai botnet C2 server (confidence level: 100%)
file82.23.183.119	Mirai botnet C2 server (confidence level: 100%)
file179.61.253.95	Mirai botnet C2 server (confidence level: 100%)
file135.148.129.37	Mirai botnet C2 server (confidence level: 100%)
file37.59.181.218	Mirai botnet C2 server (confidence level: 100%)
file198.91.25.130	Mirai botnet C2 server (confidence level: 100%)
file196.251.83.83	Mirai botnet C2 server (confidence level: 100%)
file51.81.65.105	Mirai botnet C2 server (confidence level: 100%)
file45.139.104.149	Mirai botnet C2 server (confidence level: 100%)
file185.14.92.169	Mirai botnet C2 server (confidence level: 100%)
file204.76.203.183	Mirai botnet C2 server (confidence level: 100%)
file62.60.157.244	Mirai botnet C2 server (confidence level: 100%)
file45.137.207.144	Mirai botnet C2 server (confidence level: 100%)
file185.198.234.221	Mirai botnet C2 server (confidence level: 100%)
file104.234.168.45	Mirai botnet C2 server (confidence level: 100%)
file104.234.168.45	Mirai botnet C2 server (confidence level: 100%)
file46.247.108.131	Mirai botnet C2 server (confidence level: 100%)
file193.200.78.41	Mirai botnet C2 server (confidence level: 100%)
file193.200.78.41	Mirai botnet C2 server (confidence level: 100%)
file185.228.81.250	Mirai botnet C2 server (confidence level: 100%)
file37.235.55.68	XWorm botnet C2 server (confidence level: 100%)
file216.9.225.75	Remcos botnet C2 server (confidence level: 75%)
file166.108.234.74	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.118.35.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.118.35.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.65.141.245	AsyncRAT botnet C2 server (confidence level: 100%)
file185.208.156.169	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.123.183	AsyncRAT botnet C2 server (confidence level: 100%)
file45.138.16.143	AsyncRAT botnet C2 server (confidence level: 100%)
file98.83.120.7	AsyncRAT botnet C2 server (confidence level: 100%)
file176.65.134.78	Hook botnet C2 server (confidence level: 100%)
file176.65.142.198	Hook botnet C2 server (confidence level: 100%)
file46.246.86.10	DCRat botnet C2 server (confidence level: 100%)
file196.251.83.37	DCRat botnet C2 server (confidence level: 100%)
file44.210.138.111	Bashlite botnet C2 server (confidence level: 100%)
file95.164.52.33	Bashlite botnet C2 server (confidence level: 100%)
file107.189.31.150	Momentum botnet C2 server (confidence level: 100%)
file107.189.31.150	Momentum botnet C2 server (confidence level: 100%)
file47.104.181.208	Cobalt Strike botnet C2 server (confidence level: 75%)
file164.90.151.97	Mirai botnet C2 server (confidence level: 100%)
file134.122.53.54	Mirai botnet C2 server (confidence level: 100%)
file170.64.198.196	Mirai botnet C2 server (confidence level: 100%)
file167.99.190.4	Mirai botnet C2 server (confidence level: 100%)
file142.93.173.110	Mirai botnet C2 server (confidence level: 100%)
file170.64.221.8	Mirai botnet C2 server (confidence level: 100%)
file206.189.46.226	Mirai botnet C2 server (confidence level: 100%)
file167.172.160.222	Mirai botnet C2 server (confidence level: 100%)
file45.14.224.97	Mirai botnet C2 server (confidence level: 100%)
file206.189.4.45	Mirai botnet C2 server (confidence level: 100%)
file139.59.45.165	Mirai botnet C2 server (confidence level: 100%)
file68.183.34.11	Mirai botnet C2 server (confidence level: 100%)
file165.22.227.75	Mirai botnet C2 server (confidence level: 100%)
file139.59.226.19	Mirai botnet C2 server (confidence level: 100%)
file138.68.156.151	Mirai botnet C2 server (confidence level: 100%)
file159.89.123.72	Mirai botnet C2 server (confidence level: 100%)
file209.38.30.238	Mirai botnet C2 server (confidence level: 100%)
file165.22.116.233	Mirai botnet C2 server (confidence level: 100%)
file157.245.56.174	Mirai botnet C2 server (confidence level: 100%)
file159.89.227.55	Mirai botnet C2 server (confidence level: 100%)
file143.198.201.134	Mirai botnet C2 server (confidence level: 100%)
file46.101.121.254	Mirai botnet C2 server (confidence level: 100%)
file128.199.35.104	Mirai botnet C2 server (confidence level: 100%)
file147.182.241.94	Mirai botnet C2 server (confidence level: 100%)
file143.110.229.153	Mirai botnet C2 server (confidence level: 100%)
file167.172.35.36	Mirai botnet C2 server (confidence level: 100%)
file167.172.73.72	Mirai botnet C2 server (confidence level: 100%)
file206.81.2.56	Mirai botnet C2 server (confidence level: 100%)
file128.199.56.142	Mirai botnet C2 server (confidence level: 100%)
file159.223.74.127	Mirai botnet C2 server (confidence level: 100%)
file64.225.52.129	Mirai botnet C2 server (confidence level: 100%)
file146.190.30.159	Mirai botnet C2 server (confidence level: 100%)
file159.223.85.44	Mirai botnet C2 server (confidence level: 100%)
file137.184.37.183	Mirai botnet C2 server (confidence level: 100%)
file134.209.241.33	Mirai botnet C2 server (confidence level: 100%)
file139.59.46.142	Mirai botnet C2 server (confidence level: 100%)
file134.122.50.242	Mirai botnet C2 server (confidence level: 100%)
file170.64.224.151	Mirai botnet C2 server (confidence level: 100%)
file159.89.198.214	Mirai botnet C2 server (confidence level: 100%)
file209.38.27.236	Mirai botnet C2 server (confidence level: 100%)
file170.64.205.51	Mirai botnet C2 server (confidence level: 100%)
file170.64.235.124	Mirai botnet C2 server (confidence level: 100%)
file45.87.43.24	Mirai botnet C2 server (confidence level: 100%)
file170.64.170.215	Mirai botnet C2 server (confidence level: 100%)
file45.87.43.193	Mirai botnet C2 server (confidence level: 100%)
file81.92.223.20	Mirai botnet C2 server (confidence level: 100%)
file144.172.91.73	Mirai botnet C2 server (confidence level: 100%)
file107.189.19.106	Mirai botnet C2 server (confidence level: 100%)
file95.169.203.15	Mirai botnet C2 server (confidence level: 100%)
file164.90.151.97	Mirai botnet C2 server (confidence level: 100%)
file134.122.53.54	Mirai botnet C2 server (confidence level: 100%)
file170.64.198.196	Mirai botnet C2 server (confidence level: 100%)
file167.99.190.4	Mirai botnet C2 server (confidence level: 100%)
file142.93.173.110	Mirai botnet C2 server (confidence level: 100%)
file170.64.221.8	Mirai botnet C2 server (confidence level: 100%)
file206.189.46.226	Mirai botnet C2 server (confidence level: 100%)
file167.172.160.222	Mirai botnet C2 server (confidence level: 100%)
file45.14.224.97	Mirai botnet C2 server (confidence level: 100%)
file206.189.4.45	Mirai botnet C2 server (confidence level: 100%)
file139.59.45.165	Mirai botnet C2 server (confidence level: 100%)
file68.183.34.11	Mirai botnet C2 server (confidence level: 100%)
file165.22.227.75	Mirai botnet C2 server (confidence level: 100%)
file139.59.226.19	Mirai botnet C2 server (confidence level: 100%)
file138.68.156.151	Mirai botnet C2 server (confidence level: 100%)
file159.89.123.72	Mirai botnet C2 server (confidence level: 100%)
file209.38.30.238	Mirai botnet C2 server (confidence level: 100%)
file165.22.116.233	Mirai botnet C2 server (confidence level: 100%)
file157.245.56.174	Mirai botnet C2 server (confidence level: 100%)
file159.89.227.55	Mirai botnet C2 server (confidence level: 100%)
file143.198.201.134	Mirai botnet C2 server (confidence level: 100%)
file46.101.121.254	Mirai botnet C2 server (confidence level: 100%)
file128.199.35.104	Mirai botnet C2 server (confidence level: 100%)
file147.182.241.94	Mirai botnet C2 server (confidence level: 100%)
file143.110.229.153	Mirai botnet C2 server (confidence level: 100%)
file167.172.35.36	Mirai botnet C2 server (confidence level: 100%)
file167.172.73.72	Mirai botnet C2 server (confidence level: 100%)
file206.81.2.56	Mirai botnet C2 server (confidence level: 100%)
file128.199.56.142	Mirai botnet C2 server (confidence level: 100%)
file159.223.74.127	Mirai botnet C2 server (confidence level: 100%)
file64.225.52.129	Mirai botnet C2 server (confidence level: 100%)
file146.190.30.159	Mirai botnet C2 server (confidence level: 100%)
file159.223.85.44	Mirai botnet C2 server (confidence level: 100%)
file137.184.37.183	Mirai botnet C2 server (confidence level: 100%)
file134.209.241.33	Mirai botnet C2 server (confidence level: 100%)
file139.59.46.142	Mirai botnet C2 server (confidence level: 100%)
file134.122.50.242	Mirai botnet C2 server (confidence level: 100%)
file170.64.224.151	Mirai botnet C2 server (confidence level: 100%)
file159.89.198.214	Mirai botnet C2 server (confidence level: 100%)
file209.38.27.236	Mirai botnet C2 server (confidence level: 100%)
file170.64.205.51	Mirai botnet C2 server (confidence level: 100%)
file170.64.235.124	Mirai botnet C2 server (confidence level: 100%)
file45.87.43.24	Mirai botnet C2 server (confidence level: 100%)
file170.64.170.215	Mirai botnet C2 server (confidence level: 100%)
file45.87.43.193	Mirai botnet C2 server (confidence level: 100%)
file81.92.223.20	Mirai botnet C2 server (confidence level: 100%)
file144.172.91.73	Mirai botnet C2 server (confidence level: 100%)
file107.189.19.106	Mirai botnet C2 server (confidence level: 100%)
file95.169.203.15	Mirai botnet C2 server (confidence level: 100%)
file5.182.226.142	NjRAT botnet C2 server (confidence level: 75%)
file84.247.132.220	Cobalt Strike botnet C2 server (confidence level: 75%)
file18.222.225.114	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file18.222.225.114	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.69.51.52	BlackShades botnet C2 server (confidence level: 50%)
file168.100.10.21	Havoc botnet C2 server (confidence level: 50%)
file185.142.184.156	Unknown malware botnet C2 server (confidence level: 50%)
file91.208.104.150	Cobalt Strike botnet C2 server (confidence level: 100%)
file116.205.179.202	Cobalt Strike botnet C2 server (confidence level: 100%)
file175.27.129.168	Cobalt Strike botnet C2 server (confidence level: 100%)
file213.199.55.238	Remcos botnet C2 server (confidence level: 100%)
file186.169.87.220	Remcos botnet C2 server (confidence level: 100%)
file104.245.240.212	Remcos botnet C2 server (confidence level: 100%)
file176.65.144.14	XWorm botnet C2 server (confidence level: 100%)
file163.172.125.253	AsyncRAT botnet C2 server (confidence level: 100%)
file118.68.174.28	Orcus RAT botnet C2 server (confidence level: 100%)
file47.239.188.78	DCRat botnet C2 server (confidence level: 100%)
file195.82.147.35	DCRat botnet C2 server (confidence level: 100%)
file89.213.140.146	Bashlite botnet C2 server (confidence level: 100%)
file154.40.44.82	ValleyRAT botnet C2 server (confidence level: 100%)
file13.232.23.11	Unknown malware botnet C2 server (confidence level: 75%)
file176.44.122.135	QakBot botnet C2 server (confidence level: 75%)
file38.126.57.211	DeimosC2 botnet C2 server (confidence level: 75%)
file39.40.145.128	QakBot botnet C2 server (confidence level: 75%)
file46.246.241.166	QakBot botnet C2 server (confidence level: 75%)
file54.221.185.249	Brute Ratel C4 botnet C2 server (confidence level: 75%)
file78.182.40.67	QakBot botnet C2 server (confidence level: 75%)
file101.72.199.35	Cobalt Strike botnet C2 server (confidence level: 75%)
file116.177.227.35	Cobalt Strike botnet C2 server (confidence level: 75%)
file120.226.20.35	Cobalt Strike botnet C2 server (confidence level: 75%)
file175.12.110.35	Cobalt Strike botnet C2 server (confidence level: 75%)
file27.221.38.35	Cobalt Strike botnet C2 server (confidence level: 75%)
file39.91.182.35	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2535	Remcos botnet C2 server (confidence level: 100%)
hash2083	Sliver botnet C2 server (confidence level: 100%)
hash80	Sliver botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash2403	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash20547	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash433	ValleyRAT botnet C2 server (confidence level: 100%)
hash61617	Mirai botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1962	Remcos botnet C2 server (confidence level: 100%)
hash443	AsyncRAT botnet C2 server (confidence level: 100%)
hash5000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash45051	Hook botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash5000	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash22222	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3334	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash995	QakBot botnet C2 server (confidence level: 100%)
hash1912	RedLine Stealer botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 75%)
hash7707	AsyncRAT botnet C2 server (confidence level: 75%)
hash7949	AsyncRAT botnet C2 server (confidence level: 75%)
hash8808	AsyncRAT botnet C2 server (confidence level: 75%)
hash3093	Mirai botnet C2 server (confidence level: 75%)
hash12345	Bashlite botnet C2 server (confidence level: 75%)
hash8901	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Ghost RAT botnet C2 server (confidence level: 50%)
hash35000	BlackShades botnet C2 server (confidence level: 50%)
hash25565	Havoc botnet C2 server (confidence level: 50%)
hash24753	NjRAT botnet C2 server (confidence level: 50%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash1312	Mirai botnet C2 server (confidence level: 75%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash10443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	FAKEUPDATES botnet C2 server (confidence level: 100%)
hash63521	Remcos botnet C2 server (confidence level: 75%)
hash11101	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8085	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash444	AsyncRAT botnet C2 server (confidence level: 50%)
hash2083	Xtreme RAT botnet C2 server (confidence level: 50%)
hash2126	BlackShades botnet C2 server (confidence level: 50%)
hash14344	Unknown malware botnet C2 server (confidence level: 50%)
hash1337	Unknown malware botnet C2 server (confidence level: 50%)
hash7771	SpyNote botnet C2 server (confidence level: 100%)
hash5544	SpyNote botnet C2 server (confidence level: 100%)
hash7576	SpyNote botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash53	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash443	ShadowPad botnet C2 server (confidence level: 90%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash9090	AsyncRAT botnet C2 server (confidence level: 100%)
hash9999	AsyncRAT botnet C2 server (confidence level: 100%)
hash8000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash15747	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash443	FAKEUPDATES payload delivery server (confidence level: 100%)
hash4433	ValleyRAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	ValleyRAT botnet C2 server (confidence level: 100%)
hash25603	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash10443	Unknown malware botnet C2 server (confidence level: 50%)
hash3460	Poison Ivy botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash23913	XWorm botnet C2 server (confidence level: 50%)
hash22	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1338	Mirai botnet C2 server (confidence level: 100%)
hash81	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1338	Mirai botnet C2 server (confidence level: 100%)
hash6643	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash6969	Mirai botnet C2 server (confidence level: 100%)
hash8080	Mirai botnet C2 server (confidence level: 100%)
hash1195	Mirai botnet C2 server (confidence level: 100%)
hash1338	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1338	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1338	Mirai botnet C2 server (confidence level: 100%)
hash8080	Mirai botnet C2 server (confidence level: 100%)
hash7070	Mirai botnet C2 server (confidence level: 100%)
hash2052	Mirai botnet C2 server (confidence level: 100%)
hash7070	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash666	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1338	Mirai botnet C2 server (confidence level: 100%)
hash10000	Mirai botnet C2 server (confidence level: 100%)
hash22	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash8080	Mirai botnet C2 server (confidence level: 100%)
hash8080	Mirai botnet C2 server (confidence level: 100%)
hash8888	Mirai botnet C2 server (confidence level: 100%)
hash888	Mirai botnet C2 server (confidence level: 100%)
hash9090	Mirai botnet C2 server (confidence level: 100%)
hash1987	XWorm botnet C2 server (confidence level: 100%)
hash8046	Remcos botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash6502	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash9000	DCRat botnet C2 server (confidence level: 100%)
hash2000	DCRat botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash1302	Momentum botnet C2 server (confidence level: 100%)
hash9473	Momentum botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1311	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash1401	Mirai botnet C2 server (confidence level: 100%)
hash35724	NjRAT botnet C2 server (confidence level: 75%)
hash53	Cobalt Strike botnet C2 server (confidence level: 75%)
hash50000	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash35000	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash7634	BlackShades botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8000	XWorm botnet C2 server (confidence level: 100%)
hash401	AsyncRAT botnet C2 server (confidence level: 100%)
hash4444	Orcus RAT botnet C2 server (confidence level: 100%)
hash8080	DCRat botnet C2 server (confidence level: 100%)
hash591	DCRat botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash18211	ValleyRAT botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash995	QakBot botnet C2 server (confidence level: 75%)
hash443	Brute Ratel C4 botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 682c7dbde8347ec82d2c8141

Added to database: 5/20/2025, 1:03:57 PM

Last enriched: 6/19/2025, 4:18:55 PM

Last updated: 7/26/2025, 4:45:30 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-02-25

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-02-25

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Related Threats

ThreatFox IOCs for 2025-08-11

From ClickFix to Command: A Full PowerShell Attack Chain

North Korean Group ScarCruft Expands From Spying to Ransomware Attacks

MedusaLocker ransomware group is looking for pentesters

ThreatFox IOCs for 2025-08-10

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility