ThreatFox IOCs for 2025-03-02
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-02
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-03-02,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit targeting a particular product or version. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this report is more focused on sharing threat indicators rather than detailing a novel vulnerability or exploit. The threat level is rated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, which may imply moderate threat presence and dissemination. The absence of known exploits in the wild and the lack of detailed technical indicators or attack vectors limit the ability to precisely characterize the malware's behavior, infection vectors, or payload capabilities. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this intelligence appears to be a general update on malware-related IOCs collected and disseminated via ThreatFox, serving as a resource for security teams to enhance detection and monitoring capabilities rather than signaling an immediate or targeted threat campaign.
Potential Impact
Given the limited technical details and absence of specific affected products or vulnerabilities, the direct impact of this malware threat on European organizations is currently indeterminate but likely moderate. The medium severity rating suggests that while the malware may not be highly sophisticated or widespread, it could still pose risks such as unauthorized access, data exfiltration, or disruption if successfully deployed. European organizations relying on OSINT tools or threat intelligence feeds that incorporate ThreatFox data may benefit from enhanced detection capabilities but should remain vigilant. The lack of known exploits in the wild reduces the immediate risk of large-scale compromise; however, the presence of distributed IOCs indicates potential for targeted or opportunistic attacks. Critical infrastructure, government agencies, and enterprises with high-value data could be at risk if the malware evolves or is integrated into more complex attack chains. The absence of authentication or user interaction details prevents a precise assessment of exploitation complexity, but the medium severity implies some level of attacker effort or prerequisite conditions.
Mitigation Recommendations
To mitigate risks associated with this malware threat, European organizations should implement the following specific measures: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance real-time detection and correlation of suspicious activities. 2) Regularly update and tune detection rules based on the latest ThreatFox feeds to identify emerging malware signatures or behaviors promptly. 3) Conduct targeted threat hunting exercises focusing on the indicators provided by ThreatFox to uncover potential latent infections or reconnaissance activities. 4) Strengthen network segmentation and apply strict access controls to limit lateral movement in case of compromise. 5) Enhance user awareness programs emphasizing cautious handling of unsolicited data sources and OSINT tools, as these may be vectors for malware delivery. 6) Collaborate with national Computer Security Incident Response Teams (CSIRTs) to share intelligence and receive tailored guidance. 7) Maintain up-to-date backups and incident response plans to ensure rapid recovery if an infection occurs. These steps go beyond generic advice by focusing on leveraging the specific OSINT-based IOCs and integrating them into proactive defense mechanisms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: check.kupav.icu
- domain: experimentalideas.today
- domain: vtalkindia.com.impossibleindia.com
- domain: www.ebroenv.sa.94-130-67-118.cprapid.com
- domain: remaloaded.com
- domain: spaceinvaders.mme.se
- domain: mju-115.919.transportationfacility.com
- url: https://avpnewspunjab.com/js/0yqyuipqhfixnkr2c86maoxdviyhmeqaja7i5engmdogg3chdb4xlakzpjeydbhfrnuvpjl13rvnyaxvkokzqq1wwlw6uhufo80rd4bk7wc1efptnobsq4ygoljts3nmxsetzwguouvtpvm9kbdss9/verify
- url: https://bloomingzgardens.today/api
- url: https://crystahlclearwaters.bet/api
- url: https://alcohopreden.top/api
- url: https://earwaxeduek.run/api
- url: https://desribessquwd.today/api
- url: https://entereddeacr.run/api
- url: https://difgitalnexus.run/api
- url: https://digitalfxorge.world/api
- url: https://elegantlawwen.run/api
- url: https://foortyturhud.run/api
- url: https://fortunedtrivial.top/api
- url: https://exposedbuid.life/api
- url: https://gesturedseedz.fun/api
- url: https://forfardunifor.world/api
- url: https://hideousown.top/api
- url: https://goldensounew.world/api
- url: https://grainybande.life/api
- url: https://netgineero.life/api
- url: https://natureexpflorer.run/api
- url: https://nateurescanvas.world/api
- url: https://moduledbillke.world/api
- url: https://naturjalharmony.top/api
- url: https://markerjurys.cyou/api
- url: https://naturerbhythm.world/api
- url: https://reliefintorud.life/api
- url: https://pipesofmugge.fun/api
- url: https://towerymodest.top/api
- domain: bloomingzgardens.today
- domain: crystahlclearwaters.bet
- domain: alcohopreden.top
- domain: earwaxeduek.run
- domain: desribessquwd.today
- domain: entereddeacr.run
- domain: difgitalnexus.run
- domain: digitalfxorge.world
- domain: elegantlawwen.run
- domain: foortyturhud.run
- domain: fortunedtrivial.top
- domain: exposedbuid.life
- domain: gesturedseedz.fun
- domain: forfardunifor.world
- domain: hideousown.top
- domain: goldensounew.world
- domain: grainybande.life
- domain: netgineero.life
- domain: natureexpflorer.run
- domain: nateurescanvas.world
- domain: moduledbillke.world
- domain: naturjalharmony.top
- domain: markerjurys.cyou
- domain: naturerbhythm.world
- domain: reliefintorud.life
- domain: pipesofmugge.fun
- domain: towerymodest.top
- url: https://datadynnamics.today/api
- url: https://exarthynature.run/api
- url: https://digitalcrdjafters.top/api
- url: https://earthsymphzony.today/api
- url: https://gadgsetflow.shop/api
- url: https://jowyfulbloom.shop/api
- url: https://innojvatech.shop/api
- url: https://tqechtrends.shop/api
- domain: ferrybarked.world
- domain: printerdiallog.fun
- url: https://downloadingsoft.top/0dfiztrnxs7s2y8hgvm4lfc0gqmgrdae5dfrjnu3tgwqnwuywjlgloaisklqcbljvcokox5zhokh1m90psbifhpqluxvhky1j9tasjndtt2cpkoyrig7e3om6odyqizb9x6ta8muqjunz2mfeiuo1b8nzbpxxvk7w3v6/index?a=y291cnruzxkucgvyywx0zubhzg0uy29t
- domain: check.kekid.icu
- domain: lamspa.com.vn
- file: 185.189.151.74
- hash: 2404
- file: 164.92.163.239
- hash: 4567
- file: 172.81.132.221
- hash: 2404
- file: 185.100.87.205
- hash: 31337
- file: 107.178.103.149
- hash: 4444
- file: 82.65.242.204
- hash: 5000
- domain: cpcontacts.dmustkpoint.xyz
- domain: webmail.gamesoftotoandtotoof.xyz
- domain: webdisk.mtpolice077.website
- domain: cpanel.standlivemode.xyz
- domain: cpcontacts.livninspot.xyz
- domain: cpcalendars.hostbesttech.website
- domain: cpcontacts.broadcnnewz.xyz
- domain: cpanel.upnddownapps.xyz
- domain: cpcalendars.teamofufabetgames.xyz
- domain: webmail.textagenai.xyz
- domain: cpcalendars.answerallnewz.com
- domain: cpcontacts.ufabetgameslover89.xyz
- domain: cpcalendars.businesswithloyal.website
- domain: cpanel.betufa.website
- domain: cpcalendars.domizmusk.website
- domain: cpanel.homeimprovementbrad.website
- domain: webmail.topfiveufabetgames.xyz
- domain: webmail.onlinebesttotogamesnewz.xyz
- domain: webmail.modegenerlshub.xyz
- domain: cpcalendars.8761gamesofarts.xyz
- domain: cpanel.totomaker1.website
- domain: cpcontacts.livebengsnnewz.xyz
- file: 154.37.219.142
- hash: 60000
- file: 142.93.251.139
- hash: 3225
- url: http://230852cm.nyashk.ru/externaltojsauthgameserverlocal.php
- url: http://140061cm.nyanyash.ru/_securehttpdbasyncwordpresswptemp.php
- file: 95.164.5.131
- hash: 443
- file: 8.138.22.215
- hash: 8089
- file: 172.81.132.221
- hash: 6699
- file: 23.106.133.239
- hash: 443
- file: 74.50.120.106
- hash: 8080
- file: 128.90.113.43
- hash: 2000
- file: 128.90.113.43
- hash: 8808
- file: 65.109.176.86
- hash: 50555
- file: 181.162.131.25
- hash: 8080
- domain: cpanel.bestofufabetgames.xyz
- file: 135.181.172.67
- hash: 443
- domain: webmail.reprtgeneralshub.xyz
- domain: cpcalendars.welovetotogames.xyz
- domain: cpcontacts.ufa4games.website
- domain: webdisk.top10gamesofoto1.xyz
- domain: webmail.businessnewznetwork.xyz
- domain: cpcontacts.dmspotzera.xyz
- domain: cpanel.expressnewzgames.com
- domain: webmail.proonlinehub.xyz
- domain: cpcontacts.cgibusiness.xyz
- domain: ec2-54-216-172-128.eu-west-1.compute.amazonaws.com
- domain: webdisk.apkhubnewz.com
- domain: webmail.fieldznorms.xyz
- domain: cpcalendars.firstgamezzdiary.website
- domain: cpanel.fashionof11.com
- domain: webmail.viralbookshub.xyz
- domain: cpcalendars.reprtgeneralshub.xyz
- domain: cpcalendars.bestonenewznets.xyz
- file: 47.129.226.81
- hash: 2096
- file: 192.140.163.10
- hash: 60000
- domain: dulichimage.com
- domain: 62.55.231.35.bc.googleusercontent.com
- domain: webdisk.binance-imposta-bollo.com
- file: 18.140.53.230
- hash: 80
- file: 101.126.87.67
- hash: 8003
- domain: sdbnasbnf.top
- file: 188.216.196.144
- hash: 8808
- file: 51.195.231.120
- hash: 2222
- file: 196.251.81.150
- hash: 443
- file: 52.202.92.199
- hash: 3333
- file: 34.29.98.16
- hash: 3333
- file: 192.121.170.33
- hash: 8443
- file: 13.233.103.2
- hash: 3333
- file: 146.59.234.48
- hash: 3333
- file: 34.140.64.101
- hash: 3333
- file: 209.97.184.23
- hash: 3333
- file: 45.77.28.114
- hash: 3333
- file: 50.17.80.96
- hash: 443
- file: 100.42.176.203
- hash: 3333
- file: 51.178.28.213
- hash: 443
- url: http://centrehotel.vn/wp/panel/fre.php
- url: https://centrehotel.vn/wp/panel/fre.php
- domain: authsrvtrck.spectralwhispers.it.com
- url: http://centrehotel.vn/wp1/panel/fre.php
- url: https://centrehotel.vn/wp1/panel/fre.php
- url: http://87.251.66.162/providerprotectdlecentral.php
- domain: oxy.organization.tuitionology.com
- url: https://office.ismre-jup-ag.com/v70jhmtxv5wate8oppb3szee1lbnoklzoubghucodtc3yedu0qzqwfar3vownkre8ktps2ajnw6hvaptyngi2flrxfsa4lmk6kdsxhkjyfcgv6mpbe7r1qr5u5nbqc4am98ujwuszii/verify
- domain: check.suqev.icu
- url: https://check.suqev.icu/gkcxv.google
- file: 154.23.186.124
- hash: 6688
- file: 1.171.24.92
- hash: 3458
- file: 23.95.106.22
- hash: 2222
- file: 176.65.134.66
- hash: 443
- file: 46.183.222.30
- hash: 2404
- file: 191.96.78.180
- hash: 2404
- file: 172.81.132.221
- hash: 2024
- file: 198.46.233.215
- hash: 20002
- file: 193.26.115.165
- hash: 7077
- file: 97.120.177.38
- hash: 8090
- file: 93.113.25.26
- hash: 443
- domain: cpcontacts.fashionof11.com
- domain: cpanel.topmediainfos.com
- domain: cpcontacts.timehrnews.com
- domain: webmail.timehrnews.com
- file: 201.220.180.250
- hash: 99
- file: 110.42.57.248
- hash: 8089
- domain: www.crystalsystemsandsoftwares.com
- domain: dacasahomes.com
- domain: globalpermitservices.us
- domain: odmfoods.com
- url: http://596306cm.nyashteam.ru/phpcentral.php
- domain: check.ninif.icu
- url: https://check.ninif.icu/gkcxv.google
- url: https://dods.ismre-jup-ag.com/cr79bt5yvswelr1ozxtqhkoixapncqfqbjkcg5y5hdiwwfksckt6ohl4wilkvzs4e10inrxlpzosmze8yx4tvsayy27ddngqbglu0h7qakqudm8dbh2xueonvoapcmfwgprifb6eyucm9jvrnujzujin3xmfsjh9gveal83/verify
- file: 141.95.172.125
- hash: 8443
- file: 2.88.83.176
- hash: 995
- file: 54.38.94.225
- hash: 8887
- file: 79.119.7.130
- hash: 443
- file: 213.209.150.137
- hash: 80
- url: http://ct61476.tw1.ru/68daaa68.php
- domain: check.tyheb.icu
- file: 122.10.119.94
- hash: 80
- file: 103.231.12.252
- hash: 80
- file: 38.147.171.199
- hash: 7777
- url: https://check.tyheb.icu/gkcxv.google
- file: 185.208.158.121
- hash: 443
- url: http://91.202.233.158/3836fd5700214436/sqlite3.dll
- url: http://91.202.233.158/3836fd5700214436/mozglue.dll
- url: http://91.202.233.158/3836fd5700214436/vcruntime140.dll
- url: http://193.233.254.53/c824d1e0a60278fe/vcruntime140.dll
- url: http://193.233.254.53/c824d1e0a60278fe/sqlite3.dll
- url: http://193.233.254.53/c824d1e0a60278fe/mozglue.dll
- url: http://87.120.84.38/txt/zok7yvjlvmdji9aj.exe
- url: http://87.120.84.39/txt/en7nq8lm3v7yww0.exe
- url: http://154.216.19.160/txt/u7vqmxbxibxvbxn.exe
- domain: j4ttb0gxg.localto.net
- domain: bz-mz.ydns.eu
- domain: index-sustained.gl.at.ply.gg
- domain: driver-bc.gl.at.ply.gg
- domain: guide-carb.gl.at.ply.gg
- domain: token-analysis.com
- domain: cloudsolutio.com
- domain: analysisads.com
- domain: assets-token.com
- domain: cdnmozilla.com
- domain: webjquery.com
- domain: assets-tokens.com
- domain: analysis-nc.com
- domain: analysis-ns.com
- domain: gravatargo.com
- url: http://soc.ridinggearz.com/56mamuj5pp4toyqrrzch9ziyr2jagdnvdxwf1vtykopkxs2gmjis5sl0wwogzacnbe6bqe3bksleyabzp0zyhhpr2oqlr1dxnd7o7ijcsufhvoheplqfmt9vdfqf8m4xl9kwkfetkiv4uawthvo0xg8unoonbj3bcm1z/verify
- url: http://docu839849948sos.padstowpridez.com/njo4ju9lzeq181pbpibxqizejtofholvx3fc7nnoyugiy6bafm95rvtpaairdhxue35j4xbuodndfswk7srmd688srzucosgq6g0khlnygby5zeqzxkyjo10fkwkebhiwlkhvz4q7gacmvwt2dpwcm/verify
- url: http://soc.ridinggearz.com/dlbqrhg2wkucd3f3dkhwpujan8jfoalvglyzil4vp0rm6xctt3gv9er1zjsdbasoona1xynihxtsuljezgzcuf8kvm76wbkqz2of20smm5kcmxho4drptweqwxtfhq90ocoreeubsqj5cyqg9aib5w6ns/verify
- url: https://autsh.ismre-jup-ag.com/2mg2deygo7tievbpr0bphsswsnl9hxa65zqxgvon0fh5ioklaa7sv8h8q4ffmfrdijp43uid1kmzzeytmky1ynbqwbttlocacjkjcwnxcrxlgur3duojuowev9/verify
- url: https://raw.githubusercontent.com/76bh/img/main/imagenep.png
- url: https://z.formaxprime.co.uk/
- file: 116.202.176.139
- hash: 443
- domain: check.zagyw.icu
- url: https://check.zagyw.icu/gkcxv.google
- url: https://wqenpene.com/5r1r.js
- domain: wqenpene.com
- url: https://wqenpene.com/js.php
- domain: securezza.at
- domain: dbxmalachi.com
- domain: vkeenan86oo.com
- domain: accrualdewd.xyz
- domain: slowellalden.com
- domain: xilion27.no-ip.org
- domain: zthacker.no-ip.org
- domain: 5110.zapto.org
- domain: fatalerror.no-ip.org
- domain: sheepcyber.zapto.org
- domain: smyle4321.zapto.org
- domain: wadcox.no-ip.biz
- domain: tarektito123.zapto.org
- domain: babypanda.no-ip.biz
- domain: dohme.no-ip.biz
- domain: lock.no-ip.net
- domain: goldenn.no-ip.biz
- domain: senteyremote.no-ip.biz
- domain: lalegende.no-ip.org
- domain: tfmclient.zapto.org
- domain: drolittto.no-ip.biz
- domain: sliaks.zapto.org
- domain: gotcha13.no-ip.biz
- domain: punked.zapto.org
- domain: rahil.no-ip.biz
- domain: broiler.no-ip.org
- domain: diffusehotel.servegame.com
- domain: toba00.no-ip.biz
- domain: zo-13.no-ip.org
- domain: nitrix93.no-ip.biz
- domain: fort-00.no-ip.biz
- domain: cilacorp.no-ip.org
- domain: zzheng999.3322.org
- domain: spacecraft.no-ip.biz
- domain: lishman.no-ip.biz
- domain: koukous.no-ip.biz
- domain: merag00.zapto.org
- domain: toba000.zapto.org
- domain: houssemhack.no-ip.biz
- domain: lakhdar.dyndns.biz
- domain: sho.no-ip.biz
- domain: q7audi.no-ip.info
- domain: hansibambel.no-ip.biz
- domain: jayden.no-ip.biz
- domain: zv1.dyndns.info
- domain: toba00.no-ip.org
- domain: windowsnet.zapto.org
- domain: 2005scape.no-ip.biz
- domain: joesigala.no-ip.biz
- domain: kuwaity56er.no-ip.org
- domain: somethingz.zapto.org
- domain: testa.no-ip.biz
- domain: tris.no-ip.org
- domain: rayaan270498.no-ip.org
- domain: nimbuzz.no-ip.biz
- domain: mystroo.no-ip.info
- domain: chrisj181.no-ip.info
- domain: alkpote.dyndns.org
- domain: hcr.zapto.org
- domain: rara123.no-ip.biz
- domain: royalprince.no-ip.org
- domain: asd123.no-ip.org
- domain: selvahacker.no-ip.org
- domain: derhacker.no-ip.org
- domain: nasa-backdoor.no-ip.info
- domain: dekor.no-ip.biz
- domain: asdx3.no-ip.info
- domain: kjhgftrs.getmyip.com
- domain: xhabbvo.sytes.net
- domain: awesomedownloads.no-ip.biz
- domain: h401.no-ip.biz
- domain: t-slide.no-ip.biz
- domain: alone2011.no-ip.org
- domain: xilion08.no-ip.org
- domain: h4mh4m.no-ip.org
- domain: anglet123.sytes.net
- domain: 2md.no-ip.info
- domain: jordanturet.no-ip.org
- domain: radar2001.no-ip.biz
- domain: squeck94.dyndns.org
- domain: x3w2.dyndns.info
- domain: brutehack.dyndns-ip.com
- domain: backer.sytes.net
- domain: omega1.sytes.net
- domain: anjum9694.no-ip.org
- domain: revennaras99.zapto.org
- domain: bitcoin888.no-ip.biz
- domain: ustealer.no-ip.biz
- domain: gokay123.no-ip.biz
- domain: basspins.no-ip.biz
- domain: lachaach.zapto.org
- domain: chupasvergo.no-ip.org
- domain: jrat.no-ip.info
- domain: zippers.dyndns.biz
- domain: lainjector.no-ip.biz
- domain: liqtowomen.no-ip.biz
- domain: pferd.no-ip.biz
- domain: cranshyangel.zapto.org
- domain: ddd2u.no-ip.biz
- domain: mohamedzhran.no-ip.org
- domain: duc5690.no-ip.org
- domain: outbad.zapto.org
- domain: fs-teamspeak.no-ip.biz
- domain: alfredoruberstain.no-ip.org
- domain: mimoooooo.no-ip.biz
- domain: amused.no-ip.biz
- domain: icequeen.zapto.org
- domain: zix-cs.no-ip.biz
- domain: nuc.no-ip.biz
- domain: noobnoob.no-ip.biz
- domain: aassddfqq8.zapto.org
- domain: x9.no-ip.org
- domain: misterpin.no-ip.org
- domain: beispiel1x9.no-ip.biz
- domain: gunizback.no-ip.info
- domain: niggaplease.no-ip.biz
- domain: supernerd.zapto.org
- domain: soso200090.no-ip.biz
- domain: rattingjohnny.no-ip.biz
- domain: lakhdar.dyndns.org
- domain: mahost.dyndns.org
- domain: e007rdus.dyndns.org
- domain: spyfor2000.no-ip.biz
- domain: mafiaksa.zapto.org
- domain: williamder.no-ip.biz
- domain: zzssff.2288.org
- domain: hakr515.no-ip.info
- domain: flareisl33t.no-ip.biz
- file: 193.255.88.128
- hash: 81
- file: 80.88.128.40
- hash: 53
- file: 41.226.81.48
- hash: 81
- file: 41.226.81.48
- hash: 1022
- file: 87.247.84.230
- hash: 100
- file: 95.164.52.33
- hash: 4258
- file: 104.234.168.54
- hash: 5542
- file: 94.154.172.222
- hash: 4258
- file: 44.210.138.111
- hash: 4258
- file: 185.224.0.148
- hash: 606
- file: 185.224.0.18
- hash: 1111
- file: 37.44.238.66
- hash: 5334
- url: http://regtoyou.com/amvgaghabjvlamkmms
- url: http://somakeawish.com/hpuex9yu0lfad7pjoxcl
- domain: zipoto.zapto.org
- domain: softwareone.no-ip.info
- domain: thefucker.no-ip.org
- domain: ratker.duckdns.org
- domain: anonjustice.no-ip.org
- domain: serverfwe0472.no-ip.biz
- domain: craxxhack.zapto.org
- domain: server006.zapto.org
- domain: 84024924.no-ip.org
- domain: hackflor.no-ip.info
- domain: bluecluespaw.no-ip.biz
- domain: killergkhn.no-ip.biz
- domain: karakartal.no-ip.info
- domain: hack93120.no-ip.org
- domain: egegeg.duckdns.org
- domain: s77s.no-ip.biz
- domain: mtltesthost.no-ip.biz
- domain: xserver.no-ip.biz
- domain: obj.jumpingcrab.com
- domain: testserver1234.no-ip.biz
- domain: h7eatshot.sytes.net
- domain: subjection.no-ip.biz
- domain: ljcybergate.no-ip.biz
- domain: anotherhfuser.no-ip.biz
- domain: slhack.no-ip.info
- domain: hosthttp.servehttp.com
- domain: kroftyminecraft.no-ip.org
- domain: evil1.no-ip.org
- domain: winupdatess.no-ip.biz
- domain: madgik1.no-ip.biz
- domain: neon714825396.no-ip.biz
- domain: panikwar.no-ip.org
- domain: dynamichost.no-ip.org
- domain: afkalkflcxvxcv.redirectme.net
- domain: masiina.zapto.org
- domain: kryst0f.dyndns.org
- domain: j4st4me.zapto.org
- domain: pandoramini.codns.com
- domain: vudesign.no-ip.org
- domain: hacksufod.no-ip.org
- domain: congonicro.no-ip.org
- domain: liamdobbin.no-ip.org
- domain: hostingari.no-ip.biz
- domain: twidz.sytes.net
- domain: freakyland.no-ip.biz
- domain: moodi1231.no-ip.info
- domain: nawaz.no-ip.org
- domain: testpyrolol.no-ip.org
- domain: neo34.zapto.org
- domain: serverupdate7.hopto.org
- domain: yko5ljrt.no-ip.info
- domain: geoanonymous.no-ip.biz
- domain: loris1234.zapto.org
- domain: fugitif.no-ip.org
- domain: windowsconnect.no-ip.biz
- domain: pown1988.no-ip.org
- domain: hackertoday.no-ip.biz
- domain: snoupy21.no-ip.biz
- domain: robloxdlex.zapto.org
- domain: x0wn3d.no-ip.biz
- domain: xx69xx.no-ip.biz
- domain: lundinozz.no-ip.biz
- domain: muqtasssssssssddd.no-ip.biz
- domain: monbebe.no-ip.org
- domain: kacgece.no-ip.org
- domain: hvtnecyusy.servequake.com
- domain: uglykidjoes.no-ip.biz
- domain: n3k3m.hopto.org
- domain: zungazungazz.zapto.org
- domain: oplife.no-ip.biz
- domain: dc0012.no-ip.org
- domain: 19484.no-ip.biz
- domain: suckiton.no-ip.org
- domain: lapisha.no-ip.biz
- domain: zcto.zapto.org
- domain: khazar.no-ip.biz
- domain: testers28.no-ip.org
- domain: nabil80.no-ip.org
- domain: holawhey.no-ip.biz
- domain: italy.no-ip.biz
- domain: hellblazer123.no-ip.org
- domain: yoshdylan.no-ip.org
- domain: ittechsupport221.no-ip.biz
- domain: attackcraft.zapto.org
- domain: utrilla.no-ip.biz
- domain: wwwgooglecom.sytes.net
- domain: server005.servequake.com
- domain: braxidy.no-ip.org
- domain: sibersavasci.no-ip.biz
- domain: sepid.no-ip.org
- domain: tycoo2012.no-ip.org
- domain: iamnewbie1.no-ip.org
- domain: michaelmichael.myftp.org
- file: 176.31.65.184
- hash: 1604
- file: 173.88.59.69
- hash: 1606
- file: 77.250.252.212
- hash: 1766
- file: 113.166.14.123
- hash: 999
- file: 159.146.115.189
- hash: 3131
- file: 178.32.175.242
- hash: 1604
- file: 81.184.154.233
- hash: 1604
- file: 94.244.3.194
- hash: 1604
- file: 178.162.150.74
- hash: 1604
- file: 91.157.132.221
- hash: 5555
- file: 37.221.162.36
- hash: 1604
- file: 62.201.240.82
- hash: 1604
- file: 113.193.99.159
- hash: 1604
- file: 173.0.6.116
- hash: 1604
- domain: check.neweb.icu
- url: https://check.neweb.icu/gkcxv.google
- file: 107.174.39.161
- hash: 6008
- file: 31.220.49.194
- hash: 8443
- file: 123.11.143.3
- hash: 5873
- file: 45.92.1.25
- hash: 6606
- file: 45.92.1.25
- hash: 7707
- file: 51.195.231.120
- hash: 888
- file: 176.65.144.125
- hash: 6606
- file: 34.2.141.23
- hash: 443
- file: 103.68.195.14
- hash: 80
- domain: cpcalendars.totobestliv.com
- domain: webmail.fashionof11.com
- domain: webdisk.expressnewzgames.com
- domain: cpanel.businessnewznetwork.com
- domain: cpcontacts.canvatechsports.com
- file: 146.70.158.85
- hash: 12443
- file: 209.105.242.112
- hash: 7777
- file: 18.133.141.67
- hash: 12603
- file: 18.133.141.67
- hash: 52603
- file: 18.133.141.67
- hash: 58603
- file: 94.237.67.192
- hash: 8080
- domain: lagunabeachvillarentals.com
- domain: www.terra.eco
- domain: anewbetteryou.com
- file: 213.209.150.137
- hash: 4000
- file: 213.209.150.137
- hash: 4784
- domain: check.somiv.icu
- url: https://check.somiv.icu/gkcxv.google
- url: http://59.97.176.67:57293/mozi.m
- domain: api.instagramcdn.com
- url: https://zolman.dllgrroup.com/jra2svosedhdxch1b4mtxy9dbgq0o7pb3ynczq9dzw5rklhsc46cywjpqqdzjxyndoeekuemp5lfnmizuglghopcwbiqivnkol1hrgtmwtgkmkrxras5kcoo7x7oyvfj2ufpa3v89ubgezyu83si1o/verify
- domain: boomhavoc.r-e.kr
- file: 45.140.188.188
- hash: 1338
- file: 82.23.183.119
- hash: 10000
- file: 109.71.252.20
- hash: 1337
- file: 45.11.229.248
- hash: 42069
- file: 185.208.158.228
- hash: 5150
- file: 31.56.7.201
- hash: 2052
- file: 104.234.168.45
- hash: 10000
- file: 104.234.168.49
- hash: 1337
- file: 87.121.105.102
- hash: 2052
- file: 198.251.84.77
- hash: 1337
- file: 194.15.36.154
- hash: 1337
- file: 196.251.88.47
- hash: 9999
- file: 209.141.52.230
- hash: 1338
- file: 31.56.39.115
- hash: 1338
- file: 37.221.93.92
- hash: 1337
- file: 31.56.7.197
- hash: 2052
- file: 31.56.7.16
- hash: 1337
- file: 45.140.188.62
- hash: 51894
- file: 107.189.26.194
- hash: 10000
- file: 83.168.107.32
- hash: 2137
- domain: dreamproxy.cc
- domain: egirls.fun
- domain: ewqrt.com
- domain: feetpics.us
- domain: nigga.party
- domain: pastebin.lol
- domain: prox.zematic.host
- domain: 1adminmctopiamc1.pl
- domain: s1-node1.1adminmctopiamc1.pl
- domain: s1.1adminmctopiamc1.pl
- domain: touchable.lol
- domain: toxic-c2.de
- domain: xjust.xyz
- domain: catfirewall.ru
- domain: secure.overdose.sbs
- domain: tcp.bbos.lol
- url: http://103.68.195.14/
- url: http://65.109.176.86:50555/
- url: http://196.251.66.190/
- file: 112.213.116.91
- hash: 18096
- domain: check.wezop.icu
- url: https://check.wezop.icu/gkcxv.google
- file: 107.172.206.67
- hash: 1312
- file: 91.235.142.33
- hash: 2404
- file: 104.168.133.74
- hash: 9349
- file: 8.209.221.211
- hash: 28538
- file: 107.178.103.149
- hash: 8808
- file: 52.76.203.85
- hash: 80
- file: 185.161.251.118
- hash: 80
- file: 196.251.83.237
- hash: 80
- domain: cpcontacts.homeimprovementbusiness.xyz
- file: 5.178.3.137
- hash: 1234
- file: 171.249.230.216
- hash: 9999
- file: 79.110.49.27
- hash: 5521
- url: https://wildxflowerdream.life/api
- domain: porn-inedit-miakhalifa.xn--mdicis-bva.com
- domain: unitedexpressmailservice.com
- domain: scan.bigboats.icu
- file: 176.65.144.243
- hash: 64431
- hash: c291cd2b146fe8c228153ea0ed69f14074110f5f45d0e310c21608676c23a67b
- hash: 229fda934dd6dc8e7e4d725fdd995d16d6f6978f680b2fd6c3c0cb91ee485fce
- url: https://vaultcord.net/assets/cf.hta
- url: https://vaultcord.net/assets/captcha.exe
- url: https://top.90shipsnormal.site/api/log
- domain: check.jaxim.icu
- url: https://check.jaxim.icu/gkcxv.google
- domain: check.gykem.icu
- url: https://check.gykem.icu/gkcxv.google
- domain: example.servidor.world
- file: 138.68.113.5
- hash: 80
- domain: hellonew2025.kozow.com
- file: 150.5.174.231
- hash: 7443
- domain: cpanel.dmspotzera.xyz
- domain: cpcalendars.ufabetgameslover89.xyz
- domain: cpcontacts.onlinebesttotogamesnewz.xyz
- domain: webdisk.theyestechnewsz.xyz
- domain: webdisk.mtpolice21.website
- domain: webdisk.wealthwrknetwork.xyz
- domain: securitygroup.pro
- domain: cpcalendars.youandmewtoto.xyz
- domain: cpcalendars.b2bbsuiness.xyz
- domain: webmail.bjshomeimprovement.xyz
- domain: webmail.dmustkpoint.xyz
- domain: webdisk.bestufaneedsgames.xyz
- domain: cpcalendars.homeaddition.xyz
- domain: webdisk.bottomofbusiness.xyz
- domain: cpcontacts.top10gamesofoto1.xyz
- domain: cpcalendars.bookdmsab.xyz
- domain: cpanel.odysseyoutlook.xyz
- domain: webmail.livninspot.xyz
- url: https://check.wygoq.icu/gkcxv.google
- file: 196.251.117.235
- hash: 35983
- file: 47.246.12.85
- hash: 4506
- file: 92.112.184.22
- hash: 8090
- file: 85.239.63.130
- hash: 8443
- url: https://pevemtnchil.live/api
- domain: pevemtnchil.live
- url: https://hardswarehub.today/api
- url: https://gadgethgfub.icu/api
- url: https://hardrwarehaven.run/api
- url: https://techmindzs.live/api
- url: https://codxefusion.top/api
- url: https://quietswtreams.life/api
- url: https://techspherxe.top/api
- url: https://experimentalideas.today/api
- url: https://circujitstorm.bet/api
- url: https://techpxioneers.run/api
- url: https://foresctwhispers.top/api
- url: https://calmingtefxtures.run/api
- url: https://tracnquilforest.life/api
- url: https://starrynsightsky.icu/api
- file: 47.239.197.97
- hash: 443
- url: https://check.tubyf.icu/gkcxv.google
ThreatFox IOCs for 2025-03-02
Medium
Published: Sun Mar 02 2025 (03/02/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-02
AI-Powered Analysis
AILast updated: 06/19/2025, 16:01:52 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-03-02,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit targeting a particular product or version. No specific affected software versions or products are identified, and there are no associated Common Weakness Enumerations (CWEs) or patch links, suggesting that this report is more focused on sharing threat indicators rather than detailing a novel vulnerability or exploit. The threat level is rated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, which may imply moderate threat presence and dissemination. The absence of known exploits in the wild and the lack of detailed technical indicators or attack vectors limit the ability to precisely characterize the malware's behavior, infection vectors, or payload capabilities. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this intelligence appears to be a general update on malware-related IOCs collected and disseminated via ThreatFox, serving as a resource for security teams to enhance detection and monitoring capabilities rather than signaling an immediate or targeted threat campaign.
Potential Impact
Given the limited technical details and absence of specific affected products or vulnerabilities, the direct impact of this malware threat on European organizations is currently indeterminate but likely moderate. The medium severity rating suggests that while the malware may not be highly sophisticated or widespread, it could still pose risks such as unauthorized access, data exfiltration, or disruption if successfully deployed. European organizations relying on OSINT tools or threat intelligence feeds that incorporate ThreatFox data may benefit from enhanced detection capabilities but should remain vigilant. The lack of known exploits in the wild reduces the immediate risk of large-scale compromise; however, the presence of distributed IOCs indicates potential for targeted or opportunistic attacks. Critical infrastructure, government agencies, and enterprises with high-value data could be at risk if the malware evolves or is integrated into more complex attack chains. The absence of authentication or user interaction details prevents a precise assessment of exploitation complexity, but the medium severity implies some level of attacker effort or prerequisite conditions.
Mitigation Recommendations
To mitigate risks associated with this malware threat, European organizations should implement the following specific measures: 1) Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance real-time detection and correlation of suspicious activities. 2) Regularly update and tune detection rules based on the latest ThreatFox feeds to identify emerging malware signatures or behaviors promptly. 3) Conduct targeted threat hunting exercises focusing on the indicators provided by ThreatFox to uncover potential latent infections or reconnaissance activities. 4) Strengthen network segmentation and apply strict access controls to limit lateral movement in case of compromise. 5) Enhance user awareness programs emphasizing cautious handling of unsolicited data sources and OSINT tools, as these may be vectors for malware delivery. 6) Collaborate with national Computer Security Incident Response Teams (CSIRTs) to share intelligence and receive tailored guidance. 7) Maintain up-to-date backups and incident response plans to ensure rapid recovery if an infection occurs. These steps go beyond generic advice by focusing on leveraging the specific OSINT-based IOCs and integrating them into proactive defense mechanisms.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 97cdf528-5527-424c-b31e-b152ee072d3c
- Original Timestamp
- 1740960186
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.kupav.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainexperimentalideas.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvtalkindia.com.impossibleindia.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainwww.ebroenv.sa.94-130-67-118.cprapid.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainremaloaded.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainspaceinvaders.mme.se | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainmju-115.919.transportationfacility.com | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainbloomingzgardens.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrystahlclearwaters.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainalcohopreden.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainearwaxeduek.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindesribessquwd.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainentereddeacr.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindifgitalnexus.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindigitalfxorge.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainelegantlawwen.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfoortyturhud.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfortunedtrivial.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainexposedbuid.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingesturedseedz.fun | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainforfardunifor.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhideousown.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingoldensounew.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingrainybande.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnetgineero.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnatureexpflorer.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnateurescanvas.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmoduledbillke.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnaturjalharmony.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmarkerjurys.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnaturerbhythm.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainreliefintorud.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpipesofmugge.fun | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintowerymodest.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainferrybarked.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainprinterdiallog.fun | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.kekid.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainlamspa.com.vn | ClearFake payload delivery domain (confidence level: 75%) | |
domaincpcontacts.dmustkpoint.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.gamesoftotoandtotoof.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.mtpolice077.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.standlivemode.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.livninspot.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.hostbesttech.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.broadcnnewz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.upnddownapps.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.teamofufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.textagenai.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.answerallnewz.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.ufabetgameslover89.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.businesswithloyal.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.betufa.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.domizmusk.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.homeimprovementbrad.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.topfiveufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.onlinebesttotogamesnewz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.modegenerlshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.8761gamesofarts.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.totomaker1.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.livebengsnnewz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bestofufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.reprtgeneralshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.welovetotogames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.ufa4games.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.top10gamesofoto1.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.businessnewznetwork.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.dmspotzera.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.expressnewzgames.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.proonlinehub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.cgibusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-54-216-172-128.eu-west-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.apkhubnewz.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.fieldznorms.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.firstgamezzdiary.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.fashionof11.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.viralbookshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.reprtgeneralshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bestonenewznets.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaindulichimage.com | ClearFake payload delivery domain (confidence level: 75%) | |
domain62.55.231.35.bc.googleusercontent.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwebdisk.binance-imposta-bollo.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainsdbnasbnf.top | ShadowPad botnet C2 domain (confidence level: 90%) | |
domainauthsrvtrck.spectralwhispers.it.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainoxy.organization.tuitionology.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.suqev.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcontacts.fashionof11.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.topmediainfos.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.timehrnews.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.timehrnews.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.crystalsystemsandsoftwares.com | ClearFake payload delivery domain (confidence level: 75%) | |
domaindacasahomes.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainglobalpermitservices.us | ClearFake payload delivery domain (confidence level: 75%) | |
domainodmfoods.com | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domaincheck.ninif.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.tyheb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainj4ttb0gxg.localto.net | DarkComet botnet C2 domain (confidence level: 50%) | |
domainbz-mz.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainindex-sustained.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaindriver-bc.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainguide-carb.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaintoken-analysis.com | magecart payload delivery domain (confidence level: 100%) | |
domaincloudsolutio.com | magecart payload delivery domain (confidence level: 100%) | |
domainanalysisads.com | magecart payload delivery domain (confidence level: 100%) | |
domainassets-token.com | magecart payload delivery domain (confidence level: 100%) | |
domaincdnmozilla.com | magecart payload delivery domain (confidence level: 100%) | |
domainwebjquery.com | magecart payload delivery domain (confidence level: 100%) | |
domainassets-tokens.com | magecart payload delivery domain (confidence level: 100%) | |
domainanalysis-nc.com | magecart payload delivery domain (confidence level: 100%) | |
domainanalysis-ns.com | magecart payload delivery domain (confidence level: 100%) | |
domaingravatargo.com | magecart payload delivery domain (confidence level: 100%) | |
domaincheck.zagyw.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwqenpene.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainsecurezza.at | Gozi botnet C2 domain (confidence level: 100%) | |
domaindbxmalachi.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainvkeenan86oo.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainaccrualdewd.xyz | Gozi botnet C2 domain (confidence level: 100%) | |
domainslowellalden.com | Gozi botnet C2 domain (confidence level: 100%) | |
domainxilion27.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzthacker.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domain5110.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfatalerror.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsheepcyber.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsmyle4321.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainwadcox.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintarektito123.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbabypanda.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindohme.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlock.no-ip.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingoldenn.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsenteyremote.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlalegende.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintfmclient.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindrolittto.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsliaks.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingotcha13.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainpunked.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrahil.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbroiler.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindiffusehotel.servegame.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintoba00.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzo-13.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnitrix93.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfort-00.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincilacorp.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzzheng999.3322.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainspacecraft.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlishman.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkoukous.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmerag00.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintoba000.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhoussemhack.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlakhdar.dyndns.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsho.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainq7audi.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhansibambel.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjayden.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzv1.dyndns.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintoba00.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainwindowsnet.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domain2005scape.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjoesigala.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkuwaity56er.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsomethingz.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintesta.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaintris.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrayaan270498.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnimbuzz.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmystroo.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainchrisj181.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainalkpote.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhcr.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrara123.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainroyalprince.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainasd123.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainselvahacker.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainderhacker.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnasa-backdoor.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domaindekor.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainasdx3.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkjhgftrs.getmyip.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxhabbvo.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainawesomedownloads.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainh401.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaint-slide.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainalone2011.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainxilion08.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainh4mh4m.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainanglet123.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domain2md.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjordanturet.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainradar2001.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsqueck94.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainx3w2.dyndns.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbrutehack.dyndns-ip.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbacker.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainomega1.sytes.net | CyberGate botnet C2 domain (confidence level: 100%) | |
domainanjum9694.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrevennaras99.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbitcoin888.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainustealer.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingokay123.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbasspins.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlachaach.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainchupasvergo.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainjrat.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzippers.dyndns.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlainjector.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainliqtowomen.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainpferd.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaincranshyangel.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainddd2u.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmohamedzhran.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainduc5690.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainoutbad.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfs-teamspeak.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainalfredoruberstain.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmimoooooo.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainamused.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainicequeen.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzix-cs.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnuc.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainnoobnoob.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainaassddfqq8.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainx9.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmisterpin.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbeispiel1x9.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domaingunizback.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainniggaplease.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsupernerd.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainsoso200090.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainrattingjohnny.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainlakhdar.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmahost.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domaine007rdus.dyndns.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainspyfor2000.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmafiaksa.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainwilliamder.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzzssff.2288.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainhakr515.no-ip.info | CyberGate botnet C2 domain (confidence level: 100%) | |
domainflareisl33t.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainzipoto.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsoftwareone.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainthefucker.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainratker.duckdns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainanonjustice.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainserverfwe0472.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincraxxhack.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainserver006.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domain84024924.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhackflor.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainbluecluespaw.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkillergkhn.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkarakartal.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhack93120.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainegegeg.duckdns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domains77s.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmtltesthost.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainxserver.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainobj.jumpingcrab.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintestserver1234.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainh7eatshot.sytes.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsubjection.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainljcybergate.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainanotherhfuser.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainslhack.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhosthttp.servehttp.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkroftyminecraft.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainevil1.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwinupdatess.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmadgik1.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainneon714825396.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainpanikwar.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaindynamichost.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainafkalkflcxvxcv.redirectme.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmasiina.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkryst0f.dyndns.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainj4st4me.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainpandoramini.codns.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domainvudesign.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhacksufod.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincongonicro.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainliamdobbin.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhostingari.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintwidz.sytes.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainfreakyland.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmoodi1231.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domainnawaz.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintestpyrolol.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainneo34.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainserverupdate7.hopto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainyko5ljrt.no-ip.info | DarkComet botnet C2 domain (confidence level: 100%) | |
domaingeoanonymous.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainloris1234.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainfugitif.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwindowsconnect.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainpown1988.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhackertoday.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsnoupy21.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainrobloxdlex.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainx0wn3d.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainxx69xx.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainlundinozz.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmuqtasssssssssddd.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmonbebe.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkacgece.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhvtnecyusy.servequake.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domainuglykidjoes.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainn3k3m.hopto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainzungazungazz.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainoplife.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaindc0012.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domain19484.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsuckiton.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainlapisha.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainzcto.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainkhazar.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintesters28.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainnabil80.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainholawhey.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainitaly.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainhellblazer123.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainyoshdylan.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainittechsupport221.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainattackcraft.zapto.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainutrilla.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainwwwgooglecom.sytes.net | DarkComet botnet C2 domain (confidence level: 100%) | |
domainserver005.servequake.com | DarkComet botnet C2 domain (confidence level: 100%) | |
domainbraxidy.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsibersavasci.no-ip.biz | DarkComet botnet C2 domain (confidence level: 100%) | |
domainsepid.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaintycoo2012.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainiamnewbie1.no-ip.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domainmichaelmichael.myftp.org | DarkComet botnet C2 domain (confidence level: 100%) | |
domaincheck.neweb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcalendars.totobestliv.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.fashionof11.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.expressnewzgames.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.businessnewznetwork.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.canvatechsports.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainlagunabeachvillarentals.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainwww.terra.eco | ClearFake payload delivery domain (confidence level: 75%) | |
domainanewbetteryou.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.somiv.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainapi.instagramcdn.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainboomhavoc.r-e.kr | Mirai botnet C2 domain (confidence level: 100%) | |
domaindreamproxy.cc | Mirai botnet C2 domain (confidence level: 100%) | |
domainegirls.fun | Mirai botnet C2 domain (confidence level: 100%) | |
domainewqrt.com | Mirai botnet C2 domain (confidence level: 100%) | |
domainfeetpics.us | Mirai botnet C2 domain (confidence level: 100%) | |
domainnigga.party | Mirai botnet C2 domain (confidence level: 100%) | |
domainpastebin.lol | Mirai botnet C2 domain (confidence level: 100%) | |
domainprox.zematic.host | Mirai botnet C2 domain (confidence level: 100%) | |
domain1adminmctopiamc1.pl | Mirai botnet C2 domain (confidence level: 100%) | |
domains1-node1.1adminmctopiamc1.pl | Mirai botnet C2 domain (confidence level: 100%) | |
domains1.1adminmctopiamc1.pl | Mirai botnet C2 domain (confidence level: 100%) | |
domaintouchable.lol | Mirai botnet C2 domain (confidence level: 100%) | |
domaintoxic-c2.de | Mirai botnet C2 domain (confidence level: 100%) | |
domainxjust.xyz | Mirai botnet C2 domain (confidence level: 100%) | |
domaincatfirewall.ru | Mirai botnet C2 domain (confidence level: 100%) | |
domainsecure.overdose.sbs | Mirai botnet C2 domain (confidence level: 100%) | |
domaintcp.bbos.lol | Mirai botnet C2 domain (confidence level: 100%) | |
domaincheck.wezop.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcontacts.homeimprovementbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainporn-inedit-miakhalifa.xn--mdicis-bva.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainunitedexpressmailservice.com | ClearFake payload delivery domain (confidence level: 75%) | |
domainscan.bigboats.icu | Mirai botnet C2 domain (confidence level: 100%) | |
domaincheck.jaxim.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.gykem.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainexample.servidor.world | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhellonew2025.kozow.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincpanel.dmspotzera.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.ufabetgameslover89.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.onlinebesttotogamesnewz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.theyestechnewsz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.mtpolice21.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.wealthwrknetwork.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainsecuritygroup.pro | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.youandmewtoto.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.b2bbsuiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.bjshomeimprovement.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.dmustkpoint.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bestufaneedsgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.homeaddition.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bottomofbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.top10gamesofoto1.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bookdmsab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.odysseyoutlook.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.livninspot.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainpevemtnchil.live | Lumma Stealer botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://avpnewspunjab.com/js/0yqyuipqhfixnkr2c86maoxdviyhmeqaja7i5engmdogg3chdb4xlakzpjeydbhfrnuvpjl13rvnyaxvkokzqq1wwlw6uhufo80rd4bk7wc1efptnobsq4ygoljts3nmxsetzwguouvtpvm9kbdss9/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://bloomingzgardens.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crystahlclearwaters.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://alcohopreden.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://earwaxeduek.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://desribessquwd.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://entereddeacr.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://difgitalnexus.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://digitalfxorge.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://elegantlawwen.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://foortyturhud.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fortunedtrivial.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://exposedbuid.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gesturedseedz.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://forfardunifor.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hideousown.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://goldensounew.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://grainybande.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://netgineero.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://natureexpflorer.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://nateurescanvas.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://moduledbillke.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://naturjalharmony.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://markerjurys.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://naturerbhythm.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://reliefintorud.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pipesofmugge.fun/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://towerymodest.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://datadynnamics.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://exarthynature.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://digitalcrdjafters.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://earthsymphzony.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gadgsetflow.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://jowyfulbloom.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://innojvatech.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tqechtrends.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://downloadingsoft.top/0dfiztrnxs7s2y8hgvm4lfc0gqmgrdae5dfrjnu3tgwqnwuywjlgloaisklqcbljvcokox5zhokh1m90psbifhpqluxvhky1j9tasjndtt2cpkoyrig7e3om6odyqizb9x6ta8muqjunz2mfeiuo1b8nzbpxxvk7w3v6/index?a=y291cnruzxkucgvyywx0zubhzg0uy29t | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://230852cm.nyashk.ru/externaltojsauthgameserverlocal.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://140061cm.nyanyash.ru/_securehttpdbasyncwordpresswptemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://centrehotel.vn/wp/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://centrehotel.vn/wp/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://centrehotel.vn/wp1/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://centrehotel.vn/wp1/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 75%) | |
urlhttp://87.251.66.162/providerprotectdlecentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://office.ismre-jup-ag.com/v70jhmtxv5wate8oppb3szee1lbnoklzoubghucodtc3yedu0qzqwfar3vownkre8ktps2ajnw6hvaptyngi2flrxfsa4lmk6kdsxhkjyfcgv6mpbe7r1qr5u5nbqc4am98ujwuszii/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.suqev.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://596306cm.nyashteam.ru/phpcentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.ninif.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://dods.ismre-jup-ag.com/cr79bt5yvswelr1ozxtqhkoixapncqfqbjkcg5y5hdiwwfksckt6ohl4wilkvzs4e10inrxlpzosmze8yx4tvsayy27ddngqbglu0h7qakqudm8dbh2xueonvoapcmfwgprifb6eyucm9jvrnujzujin3xmfsjh9gveal83/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://ct61476.tw1.ru/68daaa68.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.tyheb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://91.202.233.158/3836fd5700214436/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://91.202.233.158/3836fd5700214436/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://91.202.233.158/3836fd5700214436/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://193.233.254.53/c824d1e0a60278fe/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://193.233.254.53/c824d1e0a60278fe/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://193.233.254.53/c824d1e0a60278fe/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttp://87.120.84.38/txt/zok7yvjlvmdji9aj.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://87.120.84.39/txt/en7nq8lm3v7yww0.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://154.216.19.160/txt/u7vqmxbxibxvbxn.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://soc.ridinggearz.com/56mamuj5pp4toyqrrzch9ziyr2jagdnvdxwf1vtykopkxs2gmjis5sl0wwogzacnbe6bqe3bksleyabzp0zyhhpr2oqlr1dxnd7o7ijcsufhvoheplqfmt9vdfqf8m4xl9kwkfetkiv4uawthvo0xg8unoonbj3bcm1z/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://docu839849948sos.padstowpridez.com/njo4ju9lzeq181pbpibxqizejtofholvx3fc7nnoyugiy6bafm95rvtpaairdhxue35j4xbuodndfswk7srmd688srzucosgq6g0khlnygby5zeqzxkyjo10fkwkebhiwlkhvz4q7gacmvwt2dpwcm/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://soc.ridinggearz.com/dlbqrhg2wkucd3f3dkhwpujan8jfoalvglyzil4vp0rm6xctt3gv9er1zjsdbasoona1xynihxtsuljezgzcuf8kvm76wbkqz2of20smm5kcmxho4drptweqwxtfhq90ocoreeubsqj5cyqg9aib5w6ns/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://autsh.ismre-jup-ag.com/2mg2deygo7tievbpr0bphsswsnl9hxa65zqxgvon0fh5ioklaa7sv8h8q4ffmfrdijp43uid1kmzzeytmky1ynbqwbttlocacjkjcwnxcrxlgur3duojuowev9/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://raw.githubusercontent.com/76bh/img/main/imagenep.png | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttps://z.formaxprime.co.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://check.zagyw.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://wqenpene.com/5r1r.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://wqenpene.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://regtoyou.com/amvgaghabjvlamkmms | TrickMo botnet C2 (confidence level: 100%) | |
urlhttp://somakeawish.com/hpuex9yu0lfad7pjoxcl | TrickMo botnet C2 (confidence level: 100%) | |
urlhttps://check.neweb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.somiv.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://59.97.176.67:57293/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://zolman.dllgrroup.com/jra2svosedhdxch1b4mtxy9dbgq0o7pb3ynczq9dzw5rklhsc46cywjpqqdzjxyndoeekuemp5lfnmizuglghopcwbiqivnkol1hrgtmwtgkmkrxras5kcoo7x7oyvfj2ufpa3v89ubgezyu83si1o/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://103.68.195.14/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://65.109.176.86:50555/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://196.251.66.190/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://check.wezop.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://wildxflowerdream.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://vaultcord.net/assets/cf.hta | Unknown Stealer payload delivery URL (confidence level: 75%) | |
urlhttps://vaultcord.net/assets/captcha.exe | Unknown Stealer payload delivery URL (confidence level: 75%) | |
urlhttps://top.90shipsnormal.site/api/log | Unknown Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.jaxim.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.gykem.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.wygoq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://pevemtnchil.live/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hardswarehub.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gadgethgfub.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hardrwarehaven.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://techmindzs.live/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://codxefusion.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://quietswtreams.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://techspherxe.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://experimentalideas.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://circujitstorm.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://techpxioneers.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://foresctwhispers.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://calmingtefxtures.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tracnquilforest.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://starrynsightsky.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.tubyf.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file185.189.151.74 | Remcos botnet C2 server (confidence level: 100%) | |
file164.92.163.239 | Remcos botnet C2 server (confidence level: 100%) | |
file172.81.132.221 | Remcos botnet C2 server (confidence level: 100%) | |
file185.100.87.205 | Sliver botnet C2 server (confidence level: 100%) | |
file107.178.103.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file82.65.242.204 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.37.219.142 | Kaiji botnet C2 server (confidence level: 100%) | |
file142.93.251.139 | BianLian botnet C2 server (confidence level: 100%) | |
file95.164.5.131 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.138.22.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.81.132.221 | Remcos botnet C2 server (confidence level: 100%) | |
file23.106.133.239 | pupy botnet C2 server (confidence level: 100%) | |
file74.50.120.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.109.176.86 | Hook botnet C2 server (confidence level: 100%) | |
file181.162.131.25 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file135.181.172.67 | Havoc botnet C2 server (confidence level: 100%) | |
file47.129.226.81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file192.140.163.10 | Kaiji botnet C2 server (confidence level: 100%) | |
file18.140.53.230 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.87.67 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file188.216.196.144 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.231.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.81.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.202.92.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.29.98.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.121.170.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.233.103.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.59.234.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.140.64.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.97.184.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.77.28.114 | Unknown malware botnet C2 server (confidence level: 100%) | |
file50.17.80.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file100.42.176.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.178.28.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.23.186.124 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file1.171.24.92 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file23.95.106.22 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.134.66 | Remcos botnet C2 server (confidence level: 100%) | |
file46.183.222.30 | Remcos botnet C2 server (confidence level: 100%) | |
file191.96.78.180 | Remcos botnet C2 server (confidence level: 100%) | |
file172.81.132.221 | Remcos botnet C2 server (confidence level: 100%) | |
file198.46.233.215 | Sliver botnet C2 server (confidence level: 100%) | |
file193.26.115.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file97.120.177.38 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file93.113.25.26 | Havoc botnet C2 server (confidence level: 100%) | |
file201.220.180.250 | DCRat botnet C2 server (confidence level: 100%) | |
file110.42.57.248 | DCRat botnet C2 server (confidence level: 100%) | |
file141.95.172.125 | Sliver botnet C2 server (confidence level: 75%) | |
file2.88.83.176 | QakBot botnet C2 server (confidence level: 75%) | |
file54.38.94.225 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file79.119.7.130 | QakBot botnet C2 server (confidence level: 75%) | |
file213.209.150.137 | SystemBC botnet C2 server (confidence level: 60%) | |
file122.10.119.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.231.12.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.147.171.199 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.158.121 | magecart payload delivery server (confidence level: 100%) | |
file116.202.176.139 | Vidar botnet C2 server (confidence level: 75%) | |
file193.255.88.128 | CyberGate botnet C2 server (confidence level: 100%) | |
file80.88.128.40 | CyberGate botnet C2 server (confidence level: 100%) | |
file41.226.81.48 | CyberGate botnet C2 server (confidence level: 100%) | |
file41.226.81.48 | CyberGate botnet C2 server (confidence level: 100%) | |
file87.247.84.230 | CyberGate botnet C2 server (confidence level: 100%) | |
file95.164.52.33 | Bashlite botnet C2 server (confidence level: 100%) | |
file104.234.168.54 | Bashlite botnet C2 server (confidence level: 100%) | |
file94.154.172.222 | Bashlite botnet C2 server (confidence level: 100%) | |
file44.210.138.111 | Bashlite botnet C2 server (confidence level: 100%) | |
file185.224.0.148 | Bashlite botnet C2 server (confidence level: 100%) | |
file185.224.0.18 | Bashlite botnet C2 server (confidence level: 100%) | |
file37.44.238.66 | Bashlite botnet C2 server (confidence level: 100%) | |
file176.31.65.184 | DarkComet botnet C2 server (confidence level: 100%) | |
file173.88.59.69 | DarkComet botnet C2 server (confidence level: 100%) | |
file77.250.252.212 | DarkComet botnet C2 server (confidence level: 100%) | |
file113.166.14.123 | DarkComet botnet C2 server (confidence level: 100%) | |
file159.146.115.189 | DarkComet botnet C2 server (confidence level: 100%) | |
file178.32.175.242 | DarkComet botnet C2 server (confidence level: 100%) | |
file81.184.154.233 | DarkComet botnet C2 server (confidence level: 100%) | |
file94.244.3.194 | DarkComet botnet C2 server (confidence level: 100%) | |
file178.162.150.74 | DarkComet botnet C2 server (confidence level: 100%) | |
file91.157.132.221 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.221.162.36 | DarkComet botnet C2 server (confidence level: 100%) | |
file62.201.240.82 | DarkComet botnet C2 server (confidence level: 100%) | |
file113.193.99.159 | DarkComet botnet C2 server (confidence level: 100%) | |
file173.0.6.116 | DarkComet botnet C2 server (confidence level: 100%) | |
file107.174.39.161 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.220.49.194 | Sliver botnet C2 server (confidence level: 100%) | |
file123.11.143.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.92.1.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.92.1.25 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.231.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.2.141.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.68.195.14 | Hook botnet C2 server (confidence level: 100%) | |
file146.70.158.85 | Havoc botnet C2 server (confidence level: 100%) | |
file209.105.242.112 | DCRat botnet C2 server (confidence level: 100%) | |
file18.133.141.67 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.133.141.67 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.133.141.67 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.237.67.192 | MimiKatz botnet C2 server (confidence level: 100%) | |
file213.209.150.137 | SystemBC botnet C2 server (confidence level: 75%) | |
file213.209.150.137 | SystemBC botnet C2 server (confidence level: 75%) | |
file45.140.188.188 | Mirai botnet C2 server (confidence level: 100%) | |
file82.23.183.119 | Mirai botnet C2 server (confidence level: 100%) | |
file109.71.252.20 | Mirai botnet C2 server (confidence level: 100%) | |
file45.11.229.248 | Mirai botnet C2 server (confidence level: 100%) | |
file185.208.158.228 | Mirai botnet C2 server (confidence level: 100%) | |
file31.56.7.201 | Mirai botnet C2 server (confidence level: 100%) | |
file104.234.168.45 | Mirai botnet C2 server (confidence level: 100%) | |
file104.234.168.49 | Mirai botnet C2 server (confidence level: 100%) | |
file87.121.105.102 | Mirai botnet C2 server (confidence level: 100%) | |
file198.251.84.77 | Mirai botnet C2 server (confidence level: 100%) | |
file194.15.36.154 | Mirai botnet C2 server (confidence level: 100%) | |
file196.251.88.47 | Mirai botnet C2 server (confidence level: 100%) | |
file209.141.52.230 | Mirai botnet C2 server (confidence level: 100%) | |
file31.56.39.115 | Mirai botnet C2 server (confidence level: 100%) | |
file37.221.93.92 | Mirai botnet C2 server (confidence level: 100%) | |
file31.56.7.197 | Mirai botnet C2 server (confidence level: 100%) | |
file31.56.7.16 | Mirai botnet C2 server (confidence level: 100%) | |
file45.140.188.62 | Mirai botnet C2 server (confidence level: 100%) | |
file107.189.26.194 | Mirai botnet C2 server (confidence level: 100%) | |
file83.168.107.32 | Mirai botnet C2 server (confidence level: 100%) | |
file112.213.116.91 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file107.172.206.67 | Mirai botnet C2 server (confidence level: 75%) | |
file91.235.142.33 | Remcos botnet C2 server (confidence level: 100%) | |
file104.168.133.74 | Remcos botnet C2 server (confidence level: 100%) | |
file8.209.221.211 | Remcos botnet C2 server (confidence level: 100%) | |
file107.178.103.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file52.76.203.85 | Hook botnet C2 server (confidence level: 100%) | |
file185.161.251.118 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.83.237 | Hook botnet C2 server (confidence level: 100%) | |
file5.178.3.137 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.249.230.216 | Venom RAT botnet C2 server (confidence level: 100%) | |
file79.110.49.27 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file176.65.144.243 | Mirai botnet C2 server (confidence level: 100%) | |
file138.68.113.5 | Unknown malware botnet C2 server (confidence level: 75%) | |
file150.5.174.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.117.235 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file47.246.12.85 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file92.112.184.22 | Sliver botnet C2 server (confidence level: 75%) | |
file85.239.63.130 | Meterpreter botnet C2 server (confidence level: 75%) | |
file47.239.197.97 | ValleyRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4567 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Kaiji botnet C2 server (confidence level: 100%) | |
hash3225 | BianLian botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6699 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash50555 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2096 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8003 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6688 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3458 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2024 | Remcos botnet C2 server (confidence level: 100%) | |
hash20002 | Sliver botnet C2 server (confidence level: 100%) | |
hash7077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8090 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash99 | DCRat botnet C2 server (confidence level: 100%) | |
hash8089 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash8887 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash80 | SystemBC botnet C2 server (confidence level: 60%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | magecart payload delivery server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 75%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash53 | CyberGate botnet C2 server (confidence level: 100%) | |
hash81 | CyberGate botnet C2 server (confidence level: 100%) | |
hash1022 | CyberGate botnet C2 server (confidence level: 100%) | |
hash100 | CyberGate botnet C2 server (confidence level: 100%) | |
hash4258 | Bashlite botnet C2 server (confidence level: 100%) | |
hash5542 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4258 | Bashlite botnet C2 server (confidence level: 100%) | |
hash4258 | Bashlite botnet C2 server (confidence level: 100%) | |
hash606 | Bashlite botnet C2 server (confidence level: 100%) | |
hash1111 | Bashlite botnet C2 server (confidence level: 100%) | |
hash5334 | Bashlite botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1606 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1766 | DarkComet botnet C2 server (confidence level: 100%) | |
hash999 | DarkComet botnet C2 server (confidence level: 100%) | |
hash3131 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash5555 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash6008 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash12443 | Havoc botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash12603 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash52603 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash58603 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4000 | SystemBC botnet C2 server (confidence level: 75%) | |
hash4784 | SystemBC botnet C2 server (confidence level: 75%) | |
hash1338 | Mirai botnet C2 server (confidence level: 100%) | |
hash10000 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash42069 | Mirai botnet C2 server (confidence level: 100%) | |
hash5150 | Mirai botnet C2 server (confidence level: 100%) | |
hash2052 | Mirai botnet C2 server (confidence level: 100%) | |
hash10000 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash2052 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash9999 | Mirai botnet C2 server (confidence level: 100%) | |
hash1338 | Mirai botnet C2 server (confidence level: 100%) | |
hash1338 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash2052 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash51894 | Mirai botnet C2 server (confidence level: 100%) | |
hash10000 | Mirai botnet C2 server (confidence level: 100%) | |
hash2137 | Mirai botnet C2 server (confidence level: 100%) | |
hash18096 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9349 | Remcos botnet C2 server (confidence level: 100%) | |
hash28538 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash1234 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5521 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash64431 | Mirai botnet C2 server (confidence level: 100%) | |
hashc291cd2b146fe8c228153ea0ed69f14074110f5f45d0e310c21608676c23a67b | Unknown malware payload (confidence level: 75%) | |
hash229fda934dd6dc8e7e4d725fdd995d16d6f6978f680b2fd6c3c0cb91ee485fce | Unknown malware payload (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash35983 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8090 | Sliver botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) |
Threat ID: 682c7dbde8347ec82d2c61c2
Added to database: 5/20/2025, 1:03:57 PM
Last enriched: 6/19/2025, 4:01:52 PM
Last updated: 8/4/2025, 3:04:37 AM
Views: 17
Related Threats
ThreatFox IOCs for 2025-08-03
MediumMalwareMon Aug 04 2025
ThreatFox IOCs for 2025-08-02
MediumMalwareSun Aug 03 2025
New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor
MediumMalwareSat Aug 02 2025
Malicious AI-generated npm package hits Solana users
MediumMalwareSat Aug 02 2025
ThreatFox IOCs for 2025-08-01
MediumMalwareSat Aug 02 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.