Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

ThreatFox IOCs for 2025-02-27

Medium
Malwaretype:osinttlp:white
Published: Thu Feb 27 2025 (02/27/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-02-27

AI-Powered Analysis

AILast updated: 06/27/2025, 10:35:17 UTC

Technical Analysis

The provided information describes a security threat entry titled "ThreatFox IOCs for 2025-02-27," sourced from the ThreatFox MISP Feed. This entry is categorized as malware-related, specifically focusing on OSINT (Open Source Intelligence), network activity, and payload delivery. However, the details are minimal: no specific indicators of compromise (IOCs) are listed, no affected software versions are identified, and no known exploits are reported in the wild. The threat level is indicated as 2 (on an unspecified scale), with moderate distribution (3) and low analysis (1) scores, suggesting limited available intelligence and moderate dissemination potential. The absence of patches or mitigation links further indicates that this entry is primarily an intelligence feed update rather than a detailed vulnerability or active exploit report. The lack of CWE identifiers and technical specifics limits the ability to analyze the malware's behavior or attack vectors. Overall, this entry appears to be a collection or notification of potential malware-related IOCs intended for OSINT purposes, rather than a detailed or active threat report.

Potential Impact

Given the sparse information and lack of specific indicators or exploit details, the direct impact on European organizations is difficult to ascertain. However, as the threat relates to malware and payload delivery, there is an inherent risk of compromise if these IOCs correspond to active malware campaigns. Potential impacts could include unauthorized access, data exfiltration, disruption of network services, or further malware propagation. European organizations relying on threat intelligence feeds like ThreatFox for early detection could benefit from monitoring these IOCs to enhance their detection capabilities. Without concrete exploit details or affected products, the impact remains theoretical but warrants vigilance, especially for sectors with high exposure to network-based threats such as finance, critical infrastructure, and government entities.

Mitigation Recommendations

1. Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable real-time detection of emerging IOCs. 2. Conduct regular threat hunting exercises using the latest IOCs from ThreatFox to identify any signs of compromise within the network. 3. Maintain up-to-date network segmentation and strict access controls to limit the spread of potential malware payloads. 4. Enhance employee awareness training focusing on recognizing phishing and social engineering tactics that often serve as initial infection vectors for malware. 5. Implement robust network monitoring to detect unusual network activity patterns indicative of payload delivery or command and control communications. 6. Since no patches are available, emphasize proactive detection and containment rather than reactive patching. 7. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive updates on evolving threats related to these IOCs.

Affected Countries

GermanyGermany
FranceFrance
United KingdomUnited Kingdom
ItalyItaly
SpainSpain
NetherlandsNetherlands
BelgiumBelgium
PolandPoland
Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
e90087c1-bb0f-4347-87f9-d946a53eb29f
Original Timestamp
1740700988

Indicators of Compromise

File

ValueDescriptionCopy
file45.155.103.183
RedLine Stealer botnet C2 server (confidence level: 100%)
file47.109.45.147
Cobalt Strike botnet C2 server (confidence level: 100%)
file104.245.240.123
Remcos botnet C2 server (confidence level: 100%)
file135.125.27.227
Remcos botnet C2 server (confidence level: 100%)
file173.255.206.56
Sliver botnet C2 server (confidence level: 100%)
file152.67.63.88
AsyncRAT botnet C2 server (confidence level: 100%)
file145.239.200.144
AsyncRAT botnet C2 server (confidence level: 100%)
file166.88.90.22
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.122.181
AsyncRAT botnet C2 server (confidence level: 100%)
file38.68.49.150
AsyncRAT botnet C2 server (confidence level: 100%)
file154.12.229.73
AsyncRAT botnet C2 server (confidence level: 100%)
file154.12.229.73
AsyncRAT botnet C2 server (confidence level: 100%)
file154.12.229.73
AsyncRAT botnet C2 server (confidence level: 100%)
file103.172.92.80
Unknown malware botnet C2 server (confidence level: 100%)
file44.194.194.128
Havoc botnet C2 server (confidence level: 100%)
file46.246.4.11
DCRat botnet C2 server (confidence level: 100%)
file196.251.84.169
DCRat botnet C2 server (confidence level: 100%)
file186.169.90.226
DCRat botnet C2 server (confidence level: 100%)
file13.48.106.14
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.106.243.140
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file206.238.114.225
ValleyRAT botnet C2 server (confidence level: 100%)
file8.129.9.94
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.126.87.67
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.94.111.109
Remcos botnet C2 server (confidence level: 100%)
file186.169.90.226
Remcos botnet C2 server (confidence level: 100%)
file57.128.134.229
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.122.181
AsyncRAT botnet C2 server (confidence level: 100%)
file145.239.200.144
AsyncRAT botnet C2 server (confidence level: 100%)
file38.60.250.204
Unknown malware botnet C2 server (confidence level: 100%)
file5.255.111.114
Unknown malware botnet C2 server (confidence level: 100%)
file156.244.9.190
Hook botnet C2 server (confidence level: 100%)
file3.231.84.74
Havoc botnet C2 server (confidence level: 100%)
file104.238.147.148
Unknown malware botnet C2 server (confidence level: 100%)
file172.104.149.105
Unknown malware botnet C2 server (confidence level: 100%)
file45.33.95.99
Unknown malware botnet C2 server (confidence level: 100%)
file172.233.237.54
Unknown malware botnet C2 server (confidence level: 100%)
file182.92.107.98
Unknown malware botnet C2 server (confidence level: 100%)
file175.27.129.168
Unknown malware botnet C2 server (confidence level: 100%)
file45.76.147.143
Unknown malware botnet C2 server (confidence level: 100%)
file18.177.125.151
Unknown malware botnet C2 server (confidence level: 100%)
file47.239.183.25
Unknown malware botnet C2 server (confidence level: 100%)
file45.79.187.237
Unknown malware botnet C2 server (confidence level: 100%)
file220.128.216.136
Unknown malware botnet C2 server (confidence level: 100%)
file44.221.67.198
Unknown malware botnet C2 server (confidence level: 100%)
file194.110.220.73
Unknown malware botnet C2 server (confidence level: 100%)
file8.138.83.143
Unknown malware botnet C2 server (confidence level: 100%)
file23.23.151.1
Unknown malware botnet C2 server (confidence level: 100%)
file159.89.171.72
Unknown malware botnet C2 server (confidence level: 100%)
file111.180.199.200
Unknown malware botnet C2 server (confidence level: 100%)
file194.110.220.74
Unknown malware botnet C2 server (confidence level: 100%)
file34.130.206.40
Unknown malware botnet C2 server (confidence level: 100%)
file3.108.141.175
Unknown malware botnet C2 server (confidence level: 100%)
file51.20.66.78
Unknown malware botnet C2 server (confidence level: 100%)
file52.207.107.39
Unknown malware botnet C2 server (confidence level: 100%)
file51.68.172.253
Unknown malware botnet C2 server (confidence level: 100%)
file194.233.80.25
Unknown malware botnet C2 server (confidence level: 100%)
file194.233.80.25
Unknown malware botnet C2 server (confidence level: 100%)
file23.95.60.124
Remcos botnet C2 server (confidence level: 75%)
file147.45.193.108
Mirai botnet C2 server (confidence level: 75%)
file47.236.150.94
Cobalt Strike botnet C2 server (confidence level: 50%)
file120.79.88.77
Cobalt Strike botnet C2 server (confidence level: 50%)
file120.46.185.1
Cobalt Strike botnet C2 server (confidence level: 50%)
file8.154.18.17
Cobalt Strike botnet C2 server (confidence level: 50%)
file175.178.123.40
Cobalt Strike botnet C2 server (confidence level: 50%)
file94.24.109.3
Unknown malware botnet C2 server (confidence level: 50%)
file94.24.109.41
Unknown malware botnet C2 server (confidence level: 50%)
file94.24.109.249
Unknown malware botnet C2 server (confidence level: 50%)
file94.24.109.240
Unknown malware botnet C2 server (confidence level: 50%)
file38.62.228.231
Sliver botnet C2 server (confidence level: 50%)
file196.251.90.58
Nanocore RAT botnet C2 server (confidence level: 50%)
file147.142.181.240
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file41.45.84.102
NjRAT botnet C2 server (confidence level: 50%)
file193.161.193.99
XWorm botnet C2 server (confidence level: 50%)
file147.185.221.25
XWorm botnet C2 server (confidence level: 50%)
file47.97.96.34
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.218.243.63
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.100.87.118
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.175.75.19
Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.126.248
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.96.188.70
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.90.122.181
AsyncRAT botnet C2 server (confidence level: 100%)
file64.44.167.120
Quasar RAT botnet C2 server (confidence level: 100%)
file52.67.69.128
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file31.57.243.203
Bashlite botnet C2 server (confidence level: 100%)
file117.72.72.132
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.91.217
DeimosC2 botnet C2 server (confidence level: 75%)
file42.185.157.91
DeimosC2 botnet C2 server (confidence level: 75%)
file52.14.195.173
DeimosC2 botnet C2 server (confidence level: 75%)
file70.27.138.120
QakBot botnet C2 server (confidence level: 75%)
file95.219.224.174
QakBot botnet C2 server (confidence level: 75%)
file45.148.244.64
Meterpreter botnet C2 server (confidence level: 75%)
file51.210.107.197
Meterpreter botnet C2 server (confidence level: 75%)
file147.185.221.26
NjRAT botnet C2 server (confidence level: 75%)
file23.236.59.72
Unknown malware botnet C2 server (confidence level: 100%)
file192.3.96.75
Nanocore RAT botnet C2 server (confidence level: 100%)
file212.23.222.222
Quasar RAT botnet C2 server (confidence level: 100%)
file45.136.15.209
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.12.94.183
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.148.45.65
Cobalt Strike botnet C2 server (confidence level: 100%)
file18.191.15.244
Cobalt Strike botnet C2 server (confidence level: 100%)
file181.214.48.187
Remcos botnet C2 server (confidence level: 100%)
file35.184.41.41
Sliver botnet C2 server (confidence level: 100%)
file91.147.93.250
Sliver botnet C2 server (confidence level: 100%)
file145.239.200.144
AsyncRAT botnet C2 server (confidence level: 100%)
file156.245.19.215
AsyncRAT botnet C2 server (confidence level: 100%)
file34.60.45.31
Unknown malware botnet C2 server (confidence level: 100%)
file209.145.47.90
Hook botnet C2 server (confidence level: 100%)
file209.250.231.116
Hook botnet C2 server (confidence level: 100%)
file209.250.231.116
Hook botnet C2 server (confidence level: 100%)
file192.236.177.2
Havoc botnet C2 server (confidence level: 100%)
file194.15.36.188
Venom RAT botnet C2 server (confidence level: 100%)
file195.26.251.89
Venom RAT botnet C2 server (confidence level: 100%)
file185.156.72.58
Tofsee botnet C2 server (confidence level: 100%)
file185.156.72.58
Tofsee botnet C2 server (confidence level: 100%)
file104.21.37.130
Cobalt Strike botnet C2 server (confidence level: 75%)
file107.175.75.19
Cobalt Strike botnet C2 server (confidence level: 75%)
file107.175.75.19
Cobalt Strike botnet C2 server (confidence level: 75%)
file146.190.91.121
Cobalt Strike botnet C2 server (confidence level: 75%)
file172.67.208.60
Cobalt Strike botnet C2 server (confidence level: 75%)
file213.176.73.80
SmartLoader botnet C2 server (confidence level: 100%)
file68.129.122.43
Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.26
Quasar RAT botnet C2 server (confidence level: 100%)
file109.69.110.192
Quasar RAT botnet C2 server (confidence level: 100%)
file185.122.185.121
Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.20
Quasar RAT botnet C2 server (confidence level: 100%)
file92.43.74.96
Quasar RAT botnet C2 server (confidence level: 100%)
file128.0.118.53
Quasar RAT botnet C2 server (confidence level: 100%)
file119.42.149.26
AsyncRAT botnet C2 server (confidence level: 100%)
file167.71.51.222
AsyncRAT botnet C2 server (confidence level: 100%)
file5.253.247.7
AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.26
XWorm botnet C2 server (confidence level: 100%)
file193.83.7.3
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.24
XWorm botnet C2 server (confidence level: 100%)
file147.185.221.24
XWorm botnet C2 server (confidence level: 100%)
file185.244.218.143
XWorm botnet C2 server (confidence level: 100%)
file194.15.36.188
XWorm botnet C2 server (confidence level: 100%)
file79.110.49.194
XWorm botnet C2 server (confidence level: 100%)
file185.234.75.32
XWorm botnet C2 server (confidence level: 100%)
file89.106.206.142
XWorm botnet C2 server (confidence level: 100%)
file38.255.44.110
XWorm botnet C2 server (confidence level: 100%)
file194.59.30.224
XWorm botnet C2 server (confidence level: 100%)
file166.88.14.44
XWorm botnet C2 server (confidence level: 100%)
file194.87.235.174
XWorm botnet C2 server (confidence level: 100%)
file141.226.242.40
XWorm botnet C2 server (confidence level: 100%)
file92.255.57.221
XWorm botnet C2 server (confidence level: 100%)
file46.183.222.61
XWorm botnet C2 server (confidence level: 100%)
file45.88.186.38
XWorm botnet C2 server (confidence level: 100%)
file185.163.204.65
XWorm botnet C2 server (confidence level: 100%)
file38.255.57.102
XWorm botnet C2 server (confidence level: 100%)
file194.187.251.115
Remcos botnet C2 server (confidence level: 100%)
file79.142.69.160
Remcos botnet C2 server (confidence level: 100%)
file198.44.134.4
Remcos botnet C2 server (confidence level: 100%)
file192.30.89.67
Remcos botnet C2 server (confidence level: 100%)
file103.186.117.159
Remcos botnet C2 server (confidence level: 100%)
file89.238.150.43
Remcos botnet C2 server (confidence level: 100%)
file134.122.23.251
Remcos botnet C2 server (confidence level: 100%)
file195.206.107.147
Ave Maria botnet C2 server (confidence level: 100%)
file87.121.84.84
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.89
Mirai botnet C2 server (confidence level: 100%)
file87.121.84.94
Mirai botnet C2 server (confidence level: 100%)
file87.121.84.95
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.96
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.86
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.92
Mirai botnet C2 server (confidence level: 100%)
file87.121.84.92
Mirai botnet C2 server (confidence level: 100%)
file87.121.84.56
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.88
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.93
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.90
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.83
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.91
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.95
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.42
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.84
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.87
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.82
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.85
Mirai botnet C2 server (confidence level: 100%)
file194.85.251.81
Mirai botnet C2 server (confidence level: 100%)
file196.251.92.21
RedLine Stealer botnet C2 server (confidence level: 100%)
file107.173.60.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file212.162.149.125
Remcos botnet C2 server (confidence level: 100%)
file103.186.101.114
Remcos botnet C2 server (confidence level: 100%)
file3.75.195.249
Sliver botnet C2 server (confidence level: 100%)
file45.138.16.143
AsyncRAT botnet C2 server (confidence level: 100%)
file185.241.208.107
AsyncRAT botnet C2 server (confidence level: 100%)
file193.142.146.179
AsyncRAT botnet C2 server (confidence level: 100%)
file193.142.146.179
AsyncRAT botnet C2 server (confidence level: 100%)
file129.21.21.80
Unknown malware botnet C2 server (confidence level: 100%)
file34.141.55.33
Unknown malware botnet C2 server (confidence level: 100%)
file65.109.176.86
Hook botnet C2 server (confidence level: 100%)
file168.63.30.81
Havoc botnet C2 server (confidence level: 100%)
file45.9.148.232
Unknown malware botnet C2 server (confidence level: 100%)
file15.197.64.127
ValleyRAT botnet C2 server (confidence level: 100%)
file8.217.85.20
ValleyRAT botnet C2 server (confidence level: 100%)
file104.248.155.103
Mirai botnet C2 server (confidence level: 75%)
file94.249.212.230
MooBot botnet C2 server (confidence level: 75%)
file85.17.23.153
XWorm botnet C2 server (confidence level: 75%)
file146.190.91.121
Cobalt Strike botnet C2 server (confidence level: 75%)
file35.77.36.214
Cobalt Strike botnet C2 server (confidence level: 75%)
file45.137.22.247
RedLine Stealer botnet C2 server (confidence level: 100%)
file154.9.252.112
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.173.60.106
Cobalt Strike botnet C2 server (confidence level: 100%)
file209.151.149.64
Sliver botnet C2 server (confidence level: 100%)
file128.90.113.240
AsyncRAT botnet C2 server (confidence level: 100%)
file198.244.216.42
AsyncRAT botnet C2 server (confidence level: 100%)
file142.93.67.8
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.45
Quasar RAT botnet C2 server (confidence level: 100%)
file186.169.38.242
DCRat botnet C2 server (confidence level: 100%)
file104.234.168.54
Bashlite botnet C2 server (confidence level: 100%)
file223.111.138.196
DeimosC2 botnet C2 server (confidence level: 75%)
file45.192.241.187
DeimosC2 botnet C2 server (confidence level: 75%)
file70.27.138.120
QakBot botnet C2 server (confidence level: 75%)
file14.128.37.56
Cobalt Strike botnet C2 server (confidence level: 75%)
file94.141.122.171
Orcus RAT botnet C2 server (confidence level: 100%)
file196.251.113.41
AsyncRAT botnet C2 server (confidence level: 50%)
file196.251.113.41
AsyncRAT botnet C2 server (confidence level: 50%)

Hash

ValueDescriptionCopy
hash1488
RedLine Stealer botnet C2 server (confidence level: 100%)
hash23071
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash222
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash9999
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash1996
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash9000
DCRat botnet C2 server (confidence level: 100%)
hash4444
DCRat botnet C2 server (confidence level: 100%)
hash1000
DCRat botnet C2 server (confidence level: 100%)
hash831
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4839
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8004
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash5000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash43
Unknown malware botnet C2 server (confidence level: 100%)
hash2
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash9000
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10050
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash10050
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash14645
Remcos botnet C2 server (confidence level: 75%)
hash1995
Mirai botnet C2 server (confidence level: 75%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash17100
Unknown malware botnet C2 server (confidence level: 50%)
hash2345
Unknown malware botnet C2 server (confidence level: 50%)
hash5273
Unknown malware botnet C2 server (confidence level: 50%)
hash4244
Unknown malware botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash54984
Nanocore RAT botnet C2 server (confidence level: 50%)
hash6000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1177
NjRAT botnet C2 server (confidence level: 50%)
hash39109
XWorm botnet C2 server (confidence level: 50%)
hash7560
XWorm botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
Quasar RAT botnet C2 server (confidence level: 100%)
hash6443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash23
Bashlite botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash8443
Meterpreter botnet C2 server (confidence level: 75%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash30723
NjRAT botnet C2 server (confidence level: 75%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash1808
Nanocore RAT botnet C2 server (confidence level: 100%)
hash5829
Quasar RAT botnet C2 server (confidence level: 100%)
hash54443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash3956
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash80
Venom RAT botnet C2 server (confidence level: 100%)
hash8000
Venom RAT botnet C2 server (confidence level: 100%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 75%)
hash80
SmartLoader botnet C2 server (confidence level: 100%)
hash7000
Quasar RAT botnet C2 server (confidence level: 100%)
hash16078
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash65511
Quasar RAT botnet C2 server (confidence level: 100%)
hash35825
Quasar RAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash1989
Quasar RAT botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 100%)
hash3595
AsyncRAT botnet C2 server (confidence level: 100%)
hash4114
AsyncRAT botnet C2 server (confidence level: 100%)
hash1234
XWorm botnet C2 server (confidence level: 100%)
hash4444
XWorm botnet C2 server (confidence level: 100%)
hash12111
XWorm botnet C2 server (confidence level: 100%)
hash27170
XWorm botnet C2 server (confidence level: 100%)
hash80
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash700
XWorm botnet C2 server (confidence level: 100%)
hash666
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash9922
XWorm botnet C2 server (confidence level: 100%)
hash1111
XWorm botnet C2 server (confidence level: 100%)
hash4414
XWorm botnet C2 server (confidence level: 100%)
hash1212
XWorm botnet C2 server (confidence level: 100%)
hash7232
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash7000
XWorm botnet C2 server (confidence level: 100%)
hash52682
Remcos botnet C2 server (confidence level: 100%)
hash52682
Remcos botnet C2 server (confidence level: 100%)
hash52682
Remcos botnet C2 server (confidence level: 100%)
hash52682
Remcos botnet C2 server (confidence level: 100%)
hash48454
Remcos botnet C2 server (confidence level: 100%)
hash52682
Remcos botnet C2 server (confidence level: 100%)
hash8508
Remcos botnet C2 server (confidence level: 100%)
hash54807
Ave Maria botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hashb5873a60af597ce01867fede65c2846f
Akira payload (confidence level: 50%)
hash1912
RedLine Stealer botnet C2 server (confidence level: 100%)
hash2096
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash7777
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
ValleyRAT botnet C2 server (confidence level: 100%)
hash27955
ValleyRAT botnet C2 server (confidence level: 100%)
hash1543
Mirai botnet C2 server (confidence level: 75%)
hash55650
MooBot botnet C2 server (confidence level: 75%)
hash3984
XWorm botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)
hash55615
RedLine Stealer botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Sliver botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8088
AsyncRAT botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash8090
DCRat botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash4506
DeimosC2 botnet C2 server (confidence level: 75%)
hash8884
DeimosC2 botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6969
Orcus RAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)

Domain

ValueDescriptionCopy
domainert67-o9.pages.dev
ClearFake payload delivery domain (confidence level: 100%)
domaintumbl.design-x.xyz
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.digoc.icu
ClearFake payload delivery domain (confidence level: 100%)
domainthingymediay.cyou
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainemplofirelpd.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpraisepunishek.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainthichinsideo.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbeerepiero.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainchurhemarke.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpalmnighet.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrougheligher.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainseizedsentec.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainforutnedfunr.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbreastkanekd.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintrackeraired.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpopilatbather.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrelatedflatte.online
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincpcontacts.bestonlinegamez.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.medtopzhub.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.businesswithloyal.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.okiamwithtotogames.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.homeimprovementbloopers.website
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.mtpolice21.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.topfiveufabetgames.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.reprtgeneralshub.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.homeimprovementbrad.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.mtpolice21.website
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.domizmusk.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.bjshomeimprovement.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.b2bbsuiness.website
Havoc botnet C2 domain (confidence level: 100%)
domainheavenhostilk.site
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindeadlyfeaster.site
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbanishbraker.site
Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintest.venenof7.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwpzvlds.gleeze.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaincpcalendars.topdigihub.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.testmedia89.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.allthefiver.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.tectotechnologynewzz.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.livebengsnnewz.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.onlinebesttotogamesnewz.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.toplavishnewz.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.totopolice031.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.topandbestnews.com
Havoc botnet C2 domain (confidence level: 100%)
domainpage.jcarterdev.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainwebdisk.theonesevennews.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.gamesoffashion.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.okiamwithtotogames.com
Havoc botnet C2 domain (confidence level: 100%)
domaincalmingtefxtures.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainforesctwhispers.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintracnquilforest.life
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincollapimga.fun
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstrawpeasaen.fun
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainquietswtreams.life
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstarrynsightsky.icu
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.lymum.icu
ClearFake payload delivery domain (confidence level: 100%)
domainyn.noyoo.cn
Mirai botnet C2 domain (confidence level: 75%)
domaincheck.zinus.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.segir.icu
ClearFake payload delivery domain (confidence level: 100%)
domainwww.16mb.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.43jknf137r.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.602vuvetyy.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aa576ev5.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.adychef.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.airtidy.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.apnovis.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.armhouse.world
Formbook botnet C2 domain (confidence level: 50%)
domainwww.attwecan.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.avabet168.london
Formbook botnet C2 domain (confidence level: 50%)
domainwww.axpnqq.business
Formbook botnet C2 domain (confidence level: 50%)
domainwww.cdx4.site
Formbook botnet C2 domain (confidence level: 50%)
domainwww.cicoon.live
Formbook botnet C2 domain (confidence level: 50%)
domainwww.cientific-ethics.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.confyxerengine.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.dsigngroup.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eb3aipop.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ebwcn.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ecksbadgirls.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.entors.services
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ephagallery.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.etworktechnoki.pro
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ezpravru10.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ficonta.academy
Formbook botnet C2 domain (confidence level: 50%)
domainwww.fjjrrgc.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ggbj.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gobpb.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.headvancestore.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hejhls.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ilmeonlibe.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.implyoganicbeautyl.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ioace-it.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.irtuousdesigns.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.isefyxerprotech.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.litdugunsalonu.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.luffychao.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nline-dating-for-now.today
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nventrobots-br.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.obatopup.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oelsharon.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ogel.ltd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.okebowlkoning.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.omfycoffeecorner.site
Formbook botnet C2 domain (confidence level: 50%)
domainwww.owevrcast.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oxgoblin.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.r154359.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rackyourbestofferinstantly.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rampedc.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.resencepeople.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.riceradargeniusnow.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rojetos3d.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rok3.mobi
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rtxcd.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.uanyang.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.unspotgambit.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.uporexinaluvo.click
Formbook botnet C2 domain (confidence level: 50%)
domainwww.urolube.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.usthavelist.app
Formbook botnet C2 domain (confidence level: 50%)
domainwww.uturelumen.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.xbet-pxd.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.xploreshipscienceteam.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ynursery.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ysnova.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ythought.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.yyjdrtcee.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainliving-sees.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 50%)
domainproxychain.3utilities.com
Quasar RAT botnet C2 domain (confidence level: 50%)
domainthyssenrkupp.com
Remcos botnet C2 domain (confidence level: 50%)
domain123123asd-39109.portmap.host
XWorm botnet C2 domain (confidence level: 50%)
domainhai1723rat.serveminecraft.net
XWorm botnet C2 domain (confidence level: 50%)
domaingo.advisewise.me
Vidar botnet C2 domain (confidence level: 100%)
domaincpcontacts.bigmedianetwrk.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.toto7vgames.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.thebestofbests.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.newzofnetworksera.com
Havoc botnet C2 domain (confidence level: 100%)
domaininstruments-arrives.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domaincheck.rikez.icu
ClearFake payload delivery domain (confidence level: 100%)
domainunclezekes.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainapi.drivercamhub.cloud
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincpcontacts.blogssab.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.gamesofsportsandtoto.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.gamesofalltoto.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.newzwireread.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.ipmnewsworld.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.allnewznetworksofarts.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.techdeepart.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.sports777games.com
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.generalnewzsab.com
Havoc botnet C2 domain (confidence level: 100%)
domainapi.driversnap.cloud
Unknown Stealer payload delivery domain (confidence level: 100%)
domainapi.videodriverzone.cloud
Unknown Stealer payload delivery domain (confidence level: 100%)
domainapi.videocarddrivers.cloud
Unknown Stealer payload delivery domain (confidence level: 100%)
domainapi.driverstream.cloud
Unknown Stealer payload delivery domain (confidence level: 100%)
domaincheck.basyg.icu
ClearFake payload delivery domain (confidence level: 100%)
domainfile.flash-oss.info
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.xiaoda112.beauty
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainapi.advisewise.me
Vidar botnet C2 domain (confidence level: 100%)
domaincheck.gidyw.icu
ClearFake payload delivery domain (confidence level: 100%)
domainjune-vendors.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainthought-moral.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domaincomputer-sought.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domaintwo-counseling.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainpublic-wines.gl.at.ply.gg
Quasar RAT botnet C2 domain (confidence level: 100%)
domainilovecrack124-23286.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainhellboydtc.ddnsfree.com
Quasar RAT botnet C2 domain (confidence level: 100%)
domainjuicewrldd-45011.portmap.host
Quasar RAT botnet C2 domain (confidence level: 100%)
domainbillionairebankz.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainunderhell-backup.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainn1barby.camdvr.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainrexcbhg.webredirect.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainpctrabajonuevo.casacam.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainpolgen.kozow.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbillionairewealthz.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domain17bzzla60.ddnsgeek.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbwj9h6dmc.kozow.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbigasyt.giize.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainnbarby.linkpc.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainnbarby.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainanhphux4-26369.portmap.host
AsyncRAT botnet C2 domain (confidence level: 100%)
domainwinupdatern0012174.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainegypishan.webredirect.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainohsexoh.freeddns.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainking.vmhost.network
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmlwoe.gleeze.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainsahil395.bumbleshrimp.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainmocaac.webredirect.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domaintricodersbankz.freemyip.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindarwin151czsk-60643.portmap.host
AsyncRAT botnet C2 domain (confidence level: 100%)
domainftdx.camdvr.org
AsyncRAT botnet C2 domain (confidence level: 100%)
domainpolgen.linkpc.net
AsyncRAT botnet C2 domain (confidence level: 100%)
domainllechematerna02.kozow.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domain17bzzla6.kozow.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainprivat24x.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainnbarby.loseyourip.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaindinero12.giize.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domaintue-calendar.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsince-et.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainadvertise-themselves.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincut-plenty.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainstorage-password.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainprinter-foundations.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlistings-examining.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainkoshechkixoroshie-28695.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainnormal-playlist.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsadsadsd-26556.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainnorth-widescreen.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainclutchport.ddns.net
XWorm botnet C2 domain (confidence level: 100%)
domainscore-records.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainround-inclusive.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainhuman-resolved.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincanadian-bookings.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmaintenance-pools.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainback-unit.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfaq-boat.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainlarge-tackle.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainscience-sara.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainjohn-pages.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaintechnologies-chester.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindeadxcode-21816.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainsummary-favorites.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaintheory-taught.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmovie-centres.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindeadxcode-21256.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainezizanneyaw.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainexpress-tomatoes.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaingame-crops.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainmario021-40901.portmap.host
XWorm botnet C2 domain (confidence level: 100%)
domainpass-argue.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainalso-keeping.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainher-assume.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindebt-milton.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincontrol-couple.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainnew-ordinary.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainadult-attachment.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaindavid-mine.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaininterface-signatures.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainamount-nightlife.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainedit-matches.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainrequest-plaza.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainsend-collectors.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainfuckingclarity-28627.portmap.io
XWorm botnet C2 domain (confidence level: 100%)
domainenjoy-ottawa.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainakwabalam.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainbumojanuary2025mi.ddns.net
Remcos botnet C2 domain (confidence level: 100%)
domaincgzqztmr.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainjohngavin2311860.ddns.net
Remcos botnet C2 domain (confidence level: 100%)
domainjanuary2025mi.ddns.net
Remcos botnet C2 domain (confidence level: 100%)
domainfeb2025isblessed.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainlos10mejoresgeneradoresdecdigode.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainm438326t9.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainsetjanuary2025mi.ddns.net
Remcos botnet C2 domain (confidence level: 100%)
domainrcxd.access.ly
Remcos botnet C2 domain (confidence level: 100%)
domainjohngavintwo1860.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainpasjanuary2025mi.ddns.net
Remcos botnet C2 domain (confidence level: 100%)
domainjoukslk44flotwo25.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domainh4k9oc7d3.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaincheck.tymis.icu
ClearFake payload delivery domain (confidence level: 100%)
domainround.micha.ai
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainlivlivprolivasdvaa.shop
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincaringheadboard.buzz
Lumma Stealer payload delivery domain (confidence level: 100%)
domainpingora1.caringheadboard.buzz
Lumma Stealer payload delivery domain (confidence level: 100%)
domaincpanel.medtopzhub.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincontrolador.twoko.io
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.dmhubnewsz.website
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.bestgamesofufabet.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.buhah.icu
ClearFake payload delivery domain (confidence level: 100%)
domainfoyding.cspok.cn
MooBot botnet C2 domain (confidence level: 100%)
domain64rf3782wv.duckdns.org
Remcos botnet C2 domain (confidence level: 100%)
domaincheck.losyb.icu
ClearFake payload delivery domain (confidence level: 100%)
domainremnew25.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainns1.b5y0up.tech
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns1.bot-org.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincpcalendars.b2bbsuiness.website
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.artnewzdaily.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.odysseyoutlook.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.newzmediaworld.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.bjshomeimprovement.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.welbngusnews.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.time2levelz.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.businessportal.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.topgadgettechnewz1.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.dmustkpoint.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcontacts.dgmrtktnewz.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.bestgamesofufabet.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.generalztipsal.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.takeufagame1212.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.onebusinessportal.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpcalendars.bestreadup.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.ufa4games.website
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.gamesofufabet.website
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.foodiesfrenzy.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.bestgamesofufabet.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebmail.bestofufabetgames.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.bestteamofufabetgames.xyz
Havoc botnet C2 domain (confidence level: 100%)
domainwebdisk.businesssabart.xyz
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.vokaz.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindhysgs-101-446.123cw.cn
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindhysgs-101-460.123cw.cn
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaindhysgs-101-476.123cw.cn
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.microsofterstore.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.0687.best
Formbook botnet C2 domain (confidence level: 50%)
domainwww.acke.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.anadrip.coffee
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ape.codes
Formbook botnet C2 domain (confidence level: 50%)
domainwww.arehouse-jobs-ww-j2.today
Formbook botnet C2 domain (confidence level: 50%)
domainwww.asd.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.aundry-detergent-lightning.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.azablanka.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bcsecuredebit.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bpay.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bzhbc.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.dtgr.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.dvxuhw272.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eam-uxcnxcxd.life
Formbook botnet C2 domain (confidence level: 50%)
domainwww.earesimpsonjudge.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ebra.services
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eesautosalesnc.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ehn.asia
Formbook botnet C2 domain (confidence level: 50%)
domainwww.en-pioneer.cloud
Formbook botnet C2 domain (confidence level: 50%)
domainwww.exorilupavano.click
Formbook botnet C2 domain (confidence level: 50%)
domainwww.extgentechlearn.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.fajeed.bet
Formbook botnet C2 domain (confidence level: 50%)
domainwww.griculture-jobs-53223.bond
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hrnvegoldbiz.qpon
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ilco.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.im-peinture.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.inopaola.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iretelecom.click
Formbook botnet C2 domain (confidence level: 50%)
domainwww.irstfyxerstation.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iscpicks.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.isemanagersystem.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ission-medienkompetenz.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ividhaven.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lasterz.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lot99betix.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lotherbuyqh.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.mbraboutique.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nso.work
Formbook botnet C2 domain (confidence level: 50%)
domainwww.odescnxseyuge395.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oemarket.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ollyjstudioeur.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.omark.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.onstitutionshq.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.onstruction-services-44244.bond
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oyez.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ptimateitsolutions-uae.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.qslot89.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.qu7c.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.racarizasi.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rewgame.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.s-gamerclub.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.sed-cars-after.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.sjdasfjnivrew.click
Formbook botnet C2 domain (confidence level: 50%)
domainwww.tpmampir123.autos
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ukv3.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.unriserendering.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.unslewinway.qpon
Formbook botnet C2 domain (confidence level: 50%)
domainwww.utorate.app
Formbook botnet C2 domain (confidence level: 50%)
domainwww.uwei.channel
Formbook botnet C2 domain (confidence level: 50%)
domainwww.xzt.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ybnco.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ygo.fun
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ylle.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.yrix.store
Formbook botnet C2 domain (confidence level: 50%)
domainwww.yty152.vip
Formbook botnet C2 domain (confidence level: 50%)
domainnet.cinquento.publicvm.com
Mirai botnet C2 domain (confidence level: 50%)
domaintest.vantrong.id.vn
Mirai botnet C2 domain (confidence level: 50%)
domainjanuary-firm.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)

Url

ValueDescriptionCopy
urlhttps://tumbl.design-x.xyz/glass.mp3
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ert67-o9.pages.dev/data
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://cananyalcin.com/webpanel/panel/login.php
Gomorrah stealer botnet C2 (confidence level: 100%)
urlhttp://128.199.113.162/panel/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://thingymediay.cyou/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://emplofirelpd.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://praisepunishek.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://thichinsideo.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://beerepiero.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://churhemarke.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://palmnighet.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://rougheligher.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://seizedsentec.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://forutnedfunr.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://breastkanekd.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://trackeraired.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://popilatbather.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://relatedflatte.online/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://heavenhostilk.site/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://deadlyfeaster.site/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://banishbraker.site/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://289029cm.nyashk.ru/_packetservercdndownloads.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://check.lymum.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://a1087470.xsph.ru/9c451c34.php
DCRat botnet C2 (confidence level: 100%)
urlhttps://check.zinus.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://91.211.249.223/0873764dfe24e959/mozglue.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://91.211.249.223/0873764dfe24e959/vcruntime140.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://91.211.249.223/0873764dfe24e959/sqlite3.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://79.137.206.248/d210652e231a5729/vcruntime140.dll
Stealc payload delivery URL (confidence level: 50%)
urlhttp://156.244.9.190/
Hook botnet C2 (confidence level: 50%)
urlhttp://207.148.127.73/
Hook botnet C2 (confidence level: 50%)
urlhttps://cananyalcin.com/webpanel/panel/login.php
Gomorrah stealer botnet C2 (confidence level: 50%)
urlhttps://check.segir.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://boseyblox.pages.dev/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://www.16mb.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.43jknf137r.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.602vuvetyy.pro/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aa576ev5.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.adychef.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.airtidy.store/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.apnovis.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.armhouse.world/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.attwecan.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.avabet168.london/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.axpnqq.business/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cdx4.site/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cicoon.live/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cientific-ethics.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.confyxerengine.info/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dsigngroup.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eb3aipop.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ebwcn.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ecksbadgirls.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.entors.services/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ephagallery.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.etworktechnoki.pro/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ezpravru10.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ficonta.academy/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.fjjrrgc.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ggbj.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gobpb.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.headvancestore.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hejhls.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ilmeonlibe.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.implyoganicbeautyl.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ioace-it.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.irtuousdesigns.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.isefyxerprotech.info/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.litdugunsalonu.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.luffychao.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nline-dating-for-now.today/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nventrobots-br.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.obatopup.store/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oelsharon.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ogel.ltd/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.okebowlkoning.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.omfycoffeecorner.site/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.owevrcast.store/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oxgoblin.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.r154359.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rackyourbestofferinstantly.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rampedc.store/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.resencepeople.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.riceradargeniusnow.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rojetos3d.shop/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rok3.mobi/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rtxcd.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uanyang.store/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unspotgambit.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uporexinaluvo.click/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.urolube.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.usthavelist.app/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uturelumen.net/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xbet-pxd.top/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xploreshipscienceteam.info/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ynursery.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ysnova.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ythought.online/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yyjdrtcee.xyz/mj25/
Formbook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/p0mpjgy7
XWorm botnet C2 (confidence level: 50%)
urlhttps://raw.githubusercontent.com/43a1723/test/refs/heads/main/ip
XWorm botnet C2 (confidence level: 50%)
urlhttps://go.advisewise.me/
Vidar botnet C2 (confidence level: 100%)
urlhttps://check.rikez.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://unclezekes.com/6t4r.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://unclezekes.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://api.drivercamhub.cloud/linux-al2i.sh
Unknown Stealer payload delivery URL (confidence level: 100%)
urlhttps://check.basyg.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://45.178.251.45:11996/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttp://61.1.233.68:46374/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://api.advisewise.me/
Vidar botnet C2 (confidence level: 100%)
urlhttps://check.gidyw.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://dilemmformez.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://suggesteaco.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://rationpolicemof.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://metalcourthur.fun/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://slantposiz.shop/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7606564822:aah6si7ngyzb1dnjkbhrdd4jhttce4q5su0/sendmessage
AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot5643956199:aaedz9-vvwiakgscdtojnw0ko3rtprsgvpc/sendmessage
AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://check.tymis.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://104.245.240.18/d7f85cd3e24a4757.php
Stealc botnet C2 (confidence level: 100%)
urlhttps://www.mediafire.com/file_premium/8q094mjevfshw6g/glass.mp3/fil
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://creamroute.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://solarnatgure.run/api
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://canarytokens.com/feedback/s1lrzi5rw0lafsy59gxzvu8ks/post.jsp
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://94.156.177.41/scc4/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://check.buhah.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://94.156.177.41/scc4/five/pvqdq929bsx_a_d_m1n_a.php
LokiBot botnet C2 (confidence level: 100%)
urlhttps://check.losyb.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.vokaz.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.lavow.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://www.0687.best/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.acke.online/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.anadrip.coffee/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ape.codes/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arehouse-jobs-ww-j2.today/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.asd.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aundry-detergent-lightning.sbs/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.azablanka.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bcsecuredebit.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bpay.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bzhbc.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dtgr.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dvxuhw272.vip/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eam-uxcnxcxd.life/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.earesimpsonjudge.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ebra.services/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eesautosalesnc.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ehn.asia/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.en-pioneer.cloud/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.exorilupavano.click/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.extgentechlearn.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.fajeed.bet/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.griculture-jobs-53223.bond/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hrnvegoldbiz.qpon/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ilco.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.im-peinture.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inopaola.shop/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iretelecom.click/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.irstfyxerstation.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iscpicks.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.isemanagersystem.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ission-medienkompetenz.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ividhaven.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lasterz.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lot99betix.shop/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lotherbuyqh.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mbraboutique.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nso.work/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.odescnxseyuge395.top/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oemarket.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ollyjstudioeur.shop/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.omark.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.onstitutionshq.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.onstruction-services-44244.bond/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oyez.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ptimateitsolutions-uae.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.qslot89.vip/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.qu7c.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.racarizasi.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rewgame.info/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.s-gamerclub.shop/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sed-cars-after.sbs/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sjdasfjnivrew.click/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tpmampir123.autos/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ukv3.online/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unriserendering.net/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unslewinway.qpon/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.utorate.app/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uwei.channel/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xzt.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ybnco.xyz/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ygo.fun/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ylle.shop/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yrix.store/mg63/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yty152.vip/mg63/
Formbook botnet C2 (confidence level: 50%)

Threat ID: 68367c99182aa0cae2324b38

Added to database: 5/28/2025, 3:01:45 AM

Last enriched: 6/27/2025, 10:35:17 AM

Last updated: 7/28/2025, 8:29:07 AM

Views: 13

Related Threats

ThreatFox IOCs for 2025-07-28

Medium
MalwareTue Jul 29 2025

Scattered Spider Launching Ransomware on Hijacked VMware Systems, Warns Google

Medium
MalwareMon Jul 28 2025

RAVEN STEALER UNMASKED: Telegram-Based Data Exfiltration

Medium
MalwareMon Jul 28 2025

ThreatFox IOCs for 2025-07-27

Medium
MalwareMon Jul 28 2025

ThreatFox IOCs for 2025-07-26

Medium
MalwareSun Jul 27 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats