ThreatFox IOCs for 2025-03-05
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-05
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-03-05,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat at the time of publication. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. The absence of CWE identifiers, patch links, or detailed technical analysis suggests that this report serves as a general alert or collection of IOCs rather than a detailed vulnerability or malware analysis. The lack of indicators and affected versions implies that the threat may be emerging or not yet fully characterized. Given the 'tlp:white' tag, the information is intended for public sharing without restrictions. Overall, this threat intelligence entry appears to be an early-stage or low-confidence report on potential malware activity, emphasizing the need for ongoing monitoring rather than immediate reactive measures.
Potential Impact
For European organizations, the potential impact of this threat is currently limited due to the lack of detailed technical indicators, absence of known exploits in the wild, and no specified affected products or versions. However, as the report relates to malware and open-source intelligence, there is a latent risk that adversaries could leverage the shared IOCs or related data to conduct reconnaissance or prepare for targeted attacks. The medium severity rating suggests moderate concern, possibly reflecting the potential for data exposure or disruption if the threat evolves. European entities involved in critical infrastructure, government, or sectors with high exposure to cyber threats should remain vigilant, as the lack of detailed information does not preclude future exploitation. The impact could manifest as unauthorized access, data leakage, or service disruption if the malware or associated tactics are deployed effectively. Given the current information, the immediate operational impact is low, but the strategic risk warrants attention.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: European organizations should integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) systems to detect any emerging indicators related to this threat promptly. 2. Proactive Monitoring: Establish continuous monitoring of network traffic and endpoint behavior for anomalies that could correlate with newly published IOCs once available. 3. Incident Response Preparedness: Update incident response playbooks to include scenarios involving emerging malware threats with limited initial data, emphasizing rapid analysis and containment. 4. Employee Awareness: Conduct targeted training sessions to raise awareness about the evolving threat landscape, focusing on recognizing phishing or social engineering attempts that could deliver malware. 5. Collaboration with CERTs: Engage with national and European Computer Emergency Response Teams (CERTs) to share intelligence and receive timely updates on developments related to this threat. 6. Patch Management: Although no patches are linked to this threat, maintaining up-to-date software and systems reduces the attack surface for potential exploitation. 7. Network Segmentation: Implement strict network segmentation to limit lateral movement should an infection occur. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive monitoring for emerging threats, and collaboration with regional cybersecurity entities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
Indicators of Compromise
- domain: check.lijam.icu
- url: https://variotok.com/amzxtfiqyra8xybywjuivuiy5pzfyrebtxdxez5z6nb5huy7leepzqjkwsvdvaltvytno4o3i5p3wwe2dmg2x0vux5utk5yca1jgyf6tg0aedt1giucvdxkakl8aaxl5zq3xypcbcmurzdn7g5dwtz/index
- domain: gmartph.shop
- domain: ian4x9bab.cc.rs6.net
- url: https://carmody-quality-solutions-llc.acero.it.com/i3m3atjz4cy4uwdoa8cufjbwe5jcfpfsnn7eyqhlr2ko1mzvnbge1leahmoistm5qurfosxh6c7dvjgq9gxapzkpgyusbyoii8otrnk90ww0l2kvvxd6pdrbzqhx/verify
- url: https://red-cedar-steel-erectors.creativeshare.it.com/xha982ocxodcvv2bvgljt6crb3fuvioiy5fjpen0fn7jbxuquwpol2rto8hlmzesw6twyzafvokwyeuqbgdsehlrfgx0c59isaebaahpy1k4opw7msgq0wm4udpkgmhn36qtszulnnxjitx4zbpzqk/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/flwej9zisadgj4vzwkacvvmfboshyyd6edxc8is2qlh9vpqcebd4hwm21epdumphk3ntnafnp5ivg29iiymbxogufbws1ullm0ofmnazdu5jl8aqbyscqrioxr8ntfkthk3nag31eur7bhoszjoozt/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/kj6gpqslala495ac5qqh3t1rk09bwm2rnozs2lv0eyk2ziogkovvgat4bh4qofj6azvisbl8eipwm7ocdwpndpt0ruigxnfxxpqgjlt9yoftj78miysfitqrwv1zcuyyjdlofhujw6m1z3xnfns8oh/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/8onpmuq7xrbulal10rmtthgc3jfl2w6duds5knwl1hnezv2oirkxcasctzt6ffyiooa72yo98v5waizgmcl4pdeogw41kvmxnbfcoaqa30jyo9i9gpewgheueqdvfjezbswunm6kipuqs0xmfostdb/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/cqkqsn6zc1c1vo0romvq4xmxtwmlyu6hkezi2ywqwnhrgf3x2ectja7fd5sz0ub2qtgxpm7u9mibyderldinaknlda31pjsluh4jjvojo5paei9xn4scktyhwpxlzofho8mpbjig8w3f9ytbf5qorh/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/izyknw1qzgmfbfmefptdalbu7bhkupbhu9r5udznji68exv7cnlbmoijsjmirv7mwegytyq02px9xxo2gfj53kforgotlvdd0ala8ksa54qxnctdp49vcochsczsyozrozvht1v2yboprggel6wlc3/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/vxnbjrbv4qomjqtkck64fr4ceeh6vokqncz0qzion2kwpwwxcgajyfdu1r7t8kpm1e0sbr1dtmi58gbzlaxugi9nxv3fhewlpgpxibtsrstgoquez3yohlja26c8drmm5ovys7xtwp0sde3wd9jq2a/index
- url: https://red-cedar-steel-erectors.creativeshare.it.com/ycncehrbvnpat8jhhwedrccgvqfzl3fr5lqufmjr6xjrm5oy4wzl3khvw7zim7el86sdeowy0pugpxjfkufk98a1otqzsbzyog32xgitahiq4iv0fdabgdoehtpcwi6vmjb21nqo7mbox9s4laq2y9/index
- domain: check.qozab.icu
- url: https://khusinhthaidanphuong.top/work/original.js
- domain: khusinhthaidanphuong.top
- url: https://khusinhthaidanphuong.top/work/index.php
- url: https://khusinhthaidanphuong.top/work/fine.php
- url: https://zaikacakes.org/pcicapi.zip
- domain: 5184433321.sbs
- domain: 6378609069.sbs
- url: http://variotok.com/3sjlzv7up2ykk14qzkh7msghlbz7jhnv4vw0d5wljkqfuc1lozq4r6yu3udlwxxnlxwd4thxibwytlhqe1epvsdv3nrrdz6ff1zl3awlopzgj4waudemcje4q99p2ky0ljywouc9qzvgvvnxjvlnyw/index
- url: https://id26399vlim-oracle-common-login-auth.prfortesystems.com/rdch/aonrfacdkoqp6e9z4sbcxddzbrd1hh6y0rwbo5f3cglwnphsxmt2bi97j2zlo4ylh4c5kkn8gvwpa16aingljt7jk8nsor0mkgsefmdit2ihy3jwzlqtigsjfzgo8qcapdhyv5bwulvqbzufxro1yk/verify
- url: https://ach.dllgrroup.com/honbezuc8mwquclhfoxl61a7ark3osiatzrmclm6dlrwu5igby0okqkonb9riwvpjtyz9isynneuovteh5fj0ifbhramvecpg4ge8ht6bjbq4qmdzwmujtkqops5f7lwv8u3fxz1swqtkoczfhx202/validate
- domain: check.bajys.icu
- domain: 5940526644.sbs
- url: http://durrans.gensyisgroup.com/6aaexi9o3rcfdurfv8n3gyrznnfoirvkymcs3gwy8ysbqdqrp6johpeqdhbvommjm2wiw8kycv1jodgr8rql7hptw8i4ns8i7z34ldt0ws18q2rtfpqds6nxjso66cn85yxttuvsplub0ngfpqfh6n/index
- url: https://anchorlt.griffinsgrading.us/bzwe8hszw9c6fgyapn5gmxoc9i3sfolkfajzjm2jli763u19rbeakwlymb4beeo2kqcvozcrx7ib3dm1wjjxiewuai7pqisooo0qbn2v1zso8nhgryjhc0uvreynpl5tltqugkxfgzyxtd/verify
- url: https://sos.paylessautoz.de/8bse3yknmocl6xtmhgw7b6xzhea87tjgj26jp0ihbfckowodrk4ouybu022cxdwhxivgv1oemyj1jznwgsosjgslxpfqrg9htkfnuqnzzyqepdxamevsc7iuhcb1etbo43acarkfmqn5d3uyusw5vf/verify
- url: https://emberkokocoglow.xyz/mzexmzm0ytq2zgrk/
- url: https://emberboboforidge.xyz/ode4ytdiymy1ytdl/
- url: https://twilightgocolodream.xyz/mzvlmgq1zjgxztc5/
- file: 8.148.225.249
- hash: 80
- file: 78.24.220.122
- hash: 8001
- file: 185.128.227.28
- hash: 4444
- file: 173.255.206.56
- hash: 4444
- file: 128.90.108.156
- hash: 2000
- file: 20.229.219.26
- hash: 443
- file: 170.64.153.126
- hash: 7443
- file: 20.229.219.96
- hash: 443
- domain: modtuning.world
- file: 49.232.86.118
- hash: 40057
- domain: webmail.10bestufabetgames.xyz
- domain: webdisk.livninspot.xyz
- domain: cpcalendars.shakdmisab.xyz
- domain: webmail.top10gamesofoto1.xyz
- domain: webdisk.bottomofbusiness.website
- domain: cpcontacts.enjoyufabet.xyz
- domain: cpcontacts.allthefiver.com
- domain: webmail.levelfrstdm.xyz
- domain: cpcalendars.stockmrtktlite.xyz
- domain: cpcontacts.odysseyoutlook.xyz
- domain: cpanel.bestreadup.xyz
- domain: webmail.ufabetlover10.xyz
- file: 195.82.147.35
- hash: 8090
- file: 54.206.46.15
- hash: 9601
- file: 54.206.46.15
- hash: 7001
- url: https://accuratelien.supportbuilds.us/ewcugmuq62mbpsn1prqpdd7dhzskok9qorqbyf53acbdvdhoa28slojebg4ga8nipjtyfiq8lnzw7wixvifkwfr35rv2xtesol3nuhopzncsvkro0m6yngkt6tsmzgwajloluhx7t54emqi9ctemzevuzp/verify
- url: https://ackermanlawyers.ridinggearz.com/waxo4an6g5kpzzqtnfgholoddr60cyqemtzvxkrb9lmer8g01pcdkymv4w3saav1ffw7b8xtsjo35csvncijnsuyiibf9iurpzxetpqgmkqwoj2hl7ujehyo2/verify
- url: https://project.fablestudioz.com/4quwjc9u1ykkonxdlzqbl2pofaygdsfmpeke051dzwbtv7jt6horoi08qny2lbhws9xfkce3igvmu3vrtqwybhho66bj2tlrzpxgyfm0emln4xidngfu9oyw5hvrlrcjai8uzagcebaptcgxosiepn/verify
- url: http://ach.dllgrroup.com/honbezuc8mwquclhfoxl61a7ark3osiatzrmclm6dlrwu5igby0okqkonb9riwvpjtyz9isynneuovteh5fj0ifbhramvecpg4ge8ht6bjbq4qmdzwmujtkqops5f7lwv8u3fxz1swqtkoczfhx202/validate
- url: http://uvsmt.com/bbs/skin/ruvin_cubic_category/site_link.php?desc=asc+&divpage=1&id=link&no=57&page=7&sc=on&select_arrange=headnum&sitelink=https://renaissancemantenance.com/%23rosspalmer@diamondlinedelivery.com
- url: https://gtcdistribution.com/ntcstoo4ro34qkhp1jskqusgttpdgmk3ojimnimznuv2ww75itcb5ep6d0lv5bk0yvffqq67oyfd2bsiunlpd8sgrzqzka8r4idwkzwcuu9ynvywcjbdboqh2rlyea8xeeen0mjchvmhafxilvhfal3bu6jzo1rxoaghgfoscx/verify
- domain: check.zitit.icu
- url: https://check.zitit.icu/gkcxv.google
- url: http://047506cm.nyanyash.ru/externalvideopythonpolltracktemp.php
- url: https://test.radientinc.de/6lamsi40qdwsiexy257oioh3g27vnv4rgxcjzpovhhazgbtcjlevswzdzkudhfet1fpr6qfpb0qcxouymmgb8t9orwkajrdqycljnbay9iwnokxtlm35ukfps8e/verify
- url: https://vocals.faernleys.com/baofumrihpbiu0tp82mvoz7zyjztdowg8s5myfeenadkpbrr5csjweiafu3ao7n7rqnfgeqtrwn9zobitlxopmhcxq3sdc1f20cjjhfakjnxh9pa6tsglmle8qhwowydlsv1z0ypswljgc4yib6xdv/verify
- file: 47.92.199.146
- hash: 443
- file: 47.92.200.106
- hash: 443
- file: 172.233.26.237
- hash: 81
- file: 185.43.4.70
- hash: 8001
- file: 154.12.35.156
- hash: 8845
- file: 66.55.75.102
- hash: 4000
- file: 196.251.69.224
- hash: 2404
- file: 104.167.16.95
- hash: 8080
- file: 165.22.27.153
- hash: 7443
- domain: webdisk.youandmewtoto.xyz
- domain: cpanel.blogssab.com
- domain: cpanel.gamesfunzartsz.com
- domain: cpcalendars.settotoupbmart.com
- file: 167.86.172.29
- hash: 443
- file: 179.95.195.165
- hash: 9990
- file: 18.201.201.45
- hash: 5986
- file: 159.100.20.156
- hash: 80
- file: 193.0.178.196
- hash: 443
- url: http://uvsmt.com/bbs/skin/ruvin_cubic_category/site_link.php?desc=asc+&divpage=1&id=link&no=57&page=7&sc=on&select_arrange=headnum&sitelink=https://sunbeltrcntals.com/%23jenniferlear@odysseylogistics.com
- file: 91.240.118.2
- hash: 9769
- file: 172.233.26.237
- hash: 80
- file: 49.232.65.225
- hash: 2083
- file: 185.246.113.191
- hash: 8808
- domain: 134.209.226.202.nip.io
- domain: ovalre.us
- file: 213.209.150.236
- hash: 8089
- domain: cpcalendars.timehrnews.com
- domain: cpcalendars.totogamesnetwork.com
- domain: webdisk.bestofnewzandgames.com
- file: 52.51.91.45
- hash: 443
- domain: w1.discoverconicalcrouton.shop
- file: 110.41.172.19
- hash: 3333
- file: 103.124.73.208
- hash: 3333
- file: 18.201.254.249
- hash: 443
- file: 68.183.84.31
- hash: 3333
- file: 211.24.122.117
- hash: 443
- file: 176.28.89.22
- hash: 3333
- file: 52.50.101.30
- hash: 80
- file: 3.219.181.241
- hash: 443
- file: 139.162.158.155
- hash: 443
- file: 36.88.125.94
- hash: 3333
- file: 184.82.99.218
- hash: 3333
- file: 142.93.167.110
- hash: 2323
- file: 3.249.98.137
- hash: 3333
- file: 201.202.66.218
- hash: 443
- hash: a4e7b94c88a041d5e9983a704053f01c
- hash: 7b795e5db82f25b8261d70048b2c3940
- domain: check.vykyv.icu
- url: https://check.vykyv.icu/gkcxv.google
- file: 185.208.158.237
- hash: 443
- domain: kokosinka1.com
- domain: kokosinka2.com
- file: 195.123.211.56
- hash: 80
- file: 92.255.85.23
- hash: 9000
- url: http://establishnappe.space/api
- domain: check.wobym.icu
- url: https://check.wobym.icu/gkcxv.google
- file: 104.168.101.23
- hash: 8976
- file: 193.200.78.49
- hash: 6963
- file: 213.209.129.101
- hash: 5378
- url: http://103.242.15.140:8888/supershell/login/
- domain: check.cumys.icu
- file: 206.238.220.43
- hash: 8443
- file: 8.138.27.20
- hash: 443
- file: 190.10.11.55
- hash: 6000
- file: 52.53.183.22
- hash: 6667
- file: 20.229.219.115
- hash: 443
- file: 3.138.34.210
- hash: 42222
- url: https://check.cumys.icu/gkcxv.google
- url: https://www.test.peperoncinochepassione.it/
- url: https://www.ningbocrm.jintsume.net/
- url: https://www.thesignaturemag.salviatech.com/
- domain: they-cumulative.gl.at.ply.gg
- domain: cpanel.kreativelife.net
- file: 8.155.8.77
- hash: 1234
- file: 8.155.8.82
- hash: 89
- file: 8.135.14.237
- hash: 80
- file: 114.116.233.139
- hash: 81
- domain: e3uy8orhd0i.duckdns.org
- file: 176.65.144.192
- hash: 4573
- domain: fmanslaq9t1.duckdns.org
- domain: ke2ce0der1an.duckdns.org
- file: 176.65.144.188
- hash: 30473
- file: 45.148.10.136
- hash: 666
- domain: check.pufoq.icu
- url: https://check.pufoq.icu/gkcxv.google
- file: 101.34.63.249
- hash: 80
- file: 47.120.32.180
- hash: 2053
- file: 152.42.245.208
- hash: 443
- file: 189.158.202.224
- hash: 8181
- file: 207.244.225.2
- hash: 25608
- file: 31.56.110.131
- hash: 2404
- file: 161.35.56.10
- hash: 2405
- file: 66.150.198.182
- hash: 2404
- file: 18.97.23.201
- hash: 443
- file: 34.134.126.120
- hash: 443
- domain: webdisk.blogssab.com
- domain: cpcontacts.shalownewsbooks.com
- file: 179.255.41.16
- hash: 623
- file: 179.255.41.16
- hash: 1961
- file: 179.255.41.16
- hash: 2455
- file: 179.255.41.16
- hash: 4841
- file: 179.255.41.16
- hash: 17778
- file: 179.255.41.16
- hash: 18005
- file: 163.5.169.60
- hash: 2077
- file: 195.82.146.19
- hash: 591
- file: 3.27.11.157
- hash: 10686
- file: 35.182.151.200
- hash: 501
- file: 35.182.151.200
- hash: 8001
- file: 35.182.151.200
- hash: 10001
- file: 196.251.80.231
- hash: 80
- url: https://hellbentxpress.taxairs.com/ogfnnqcfvjdwur5kiilf8nx3qzxzas2mfn6etp9zgyrvu5brhemhpakui1trlc8vys4hjdtisloqhe09ydzpekwawo6oum3s7wl2xbcjoqv0baxmpy4cg7ogj/verify
- domain: check.najem.icu
- url: https://check.najem.icu/gkcxv.google
- url: https://drive-connect.cyou/api
- url: https://su.t.goldenloafuae.com/
- file: 1.161.111.124
- hash: 443
- file: 149.56.205.44
- hash: 443
- file: 149.56.205.44
- hash: 80
- file: 163.181.202.98
- hash: 4506
- file: 144.91.92.251
- hash: 2025
- file: 213.209.150.224
- hash: 443
- file: 77.239.100.149
- hash: 8000
- file: 150.230.26.196
- hash: 2003
- domain: myhousecam.ddns.net
- domain: api.cameradriverx.cloud
- domain: api.videocarddrivers.cloud
- domain: api.drivercamhub.cloud
- domain: api.videodriverzone.cloud
- domain: api.driverstream.cloud
- domain: api.driversnap.cloud
- domain: api.camdriverstore.cloud
- domain: api.videotechdrivers.cloud
- domain: api.camdrivers.cloud
- domain: api.camdriverhub.cloud
- domain: api.vcamdriverupdate.cloud
- domain: api.provideodrivers.cloud
- domain: api.vcamsupport.cloud
- domain: api.webcamfix.cloud
- domain: bokhoreshonline.com
- domain: check.dycib.icu
- url: https://check.dycib.icu/gkcxv.google
- domain: api.vidtechhub.cloud
- file: 194.59.31.40
- hash: 2404
- domain: 5616799786.sbs
- domain: shillaglavis.com
- url: https://vocals.faernleys.com/wbkuzuha5gb0zy9fl27o4rhimzoefaxjqrmoykovnhbda6vtknfclwdqudaaoog7pxprzqwhdldccuw0vlnnwhuu5jm3sxci83jtvori2exya3sbqgkvilg9egyfk94lgjhpqecpnfrpwbmmzbyj81/verify
- url: https://durrans.gensyisgroup.com/6aaexi9o3rcfdurfv8n3gyrznnfoirvkymcs3gwy8ysbqdqrp6johpeqdhbvommjm2wiw8kycv1jodgr8rql7hptw8i4ns8i7z34ldt0ws18q2rtfpqds6nxjso66cn85yxttuvsplub0ngfpqfh6n/index
- url: https://vocals.faernleys.com/atvdarapgaf6lboxgagj2rdmyih8gh0k2xyvbojwdmnclnxbcemjjtyg8itq3prs4nl4xbqkqqmeouusz6wynwpdfwuesstenpwo8i6utqez7ykv30x5fn172idlhr914zwxoklv5tma3hc1oevj9d/verify
- url: https://factuur02282025.hobroz.com/l6cox7weypgybataf7jiok9yzfryifcgq21ntlgfco7jbpnqwaxenhckofdeyv4ommiasrobwgkug8gqiwo6mhwuqez1ji6p093vlczn1bmxnktdq9t0suuksnvexj2cvexptxrk5bqpwooa2liydm/verify
- domain: nivuti.com
- domain: gitrok.com
- domain: canvas.pet
- domain: swapme.fun
- domain: 9x9o.com
- domain: check.miwun.icu
- url: https://check.miwun.icu/gkcxv.google
- domain: tvninet19pt.top
- domain: a1097362.xsph.ru
- domain: a1096844.xsph.ru
- domain: villagerae.temp.swtest.ru
- domain: a0993730.xsph.ru
- domain: cl32012.tw1.ru
- domain: yariksca.beget.tech
- domain: theorxhysics.shop
- domain: raiduyrumny.cyou
- domain: urbanfzgproject.bet
- domain: dazcientists.bet
- domain: biochextryhub.bet
- domain: emergixience.bet
- url: https://emergixience.bet/api
- url: https://biochextryhub.bet/api
- url: https://urbanfzgproject.bet/api
- url: https://dazcientists.bet/api
- url: https://raiduyrumny.cyou/api
- url: https://theorxhysics.shop/api
- domain: tveight18ht.top
- domain: tveight18pt.top
- domain: tveight8vt.top
- domain: tvfift15pt.top
- domain: tvfourt14pt.top
- domain: tvsevt17pt.top
- domain: tvthirt13pt.top
- domain: tvtwenty20ht.top
- domain: tvtwenty20pt.top
- domain: twthre3vs.top
- domain: tvfor4pn.top
- domain: tvthirt13sr.top
- domain: twtwo2pt.top
- domain: check.pafoc.icu
- url: https://check.pafoc.icu/gkcxv.google
- domain: 5794515135.sbs
- file: 95.214.55.246
- hash: 20000
- file: 23.94.207.135
- hash: 6606
- file: 108.143.59.186
- hash: 443
- file: 134.122.62.169
- hash: 7443
- file: 213.209.150.181
- hash: 8089
- domain: webdisk.settotoupbmart.com
- domain: cpcontacts.thebestofbests.com
- file: 3.248.199.29
- hash: 2762
- file: 56.124.52.240
- hash: 44818
- file: 154.222.24.177
- hash: 443
- file: 43.153.201.105
- hash: 80
- domain: check.kibof.icu
- url: https://check.kibof.icu/gkcxv.google
- domain: api.360s.ltd
- domain: www.honorofkings.me
- domain: api.pdfiso.com
- domain: api.dyk3j10rcxd1av9.xyz
- domain: api.qxugb3qpfpafmlto.xyz
- domain: api.xt6drjp542fz6j7xt.xyz
- domain: api.uaabcvsolwgl.xyz
- domain: api.hankirit.asia
- domain: www.carssell.online
- domain: one.renzoprotocols.co
- domain: api.kelimzorro.xyz
- domain: wanderpics.net
- file: 52.255.166.103
- hash: 80
- url: https://nevada.mandros.us/profilelayout
- domain: nevada.mandros.us
- file: 82.153.134.38
- hash: 443
- file: 89.213.174.246
- hash: 6666
- url: https://schillingslead.io/8hgoua2o1doquwmfci6wf7nqmrrssfb1uqy0lt70ojvnxlcvetjx4yv25edzegpmsxwrasnxd3tym6il9obik2kppcxte3evku34zj51tyv4wnrihzfn9zbhxad5ebrlipa6ubwmwfdo8utsoh7foypmbzcqjvlia9/verify
- domain: check.jakoc.icu
- url: https://check.jakoc.icu/gkcxv.google
- url: https://log.t.goldenloafuae.com/
- file: 116.202.4.223
- hash: 443
- domain: su.t.goldenloafuae.com
- domain: log.t.goldenloafuae.com
- file: 45.74.46.39
- hash: 3990
- url: https://ydh7.shop/files/original.js
- domain: ydh7.shop
- url: https://ydh7.shop/files/index.php
- url: https://ydh7.shop/files/fill.php
- url: https://adityahotel.com/eula.zip
- domain: www.purpleit.com
- domain: icltdxb.tyseres.com
- domain: hvbx.sansompccom.top
- domain: esbranch-saml-172628.prfortesystems.com
- url: http://sos.paylessautoz.de/8bse3yknmocl6xtmhgw7b6xzhea87tjgj26jp0ihbfckowodrk4ouybu022cxdwhxivgv1oemyj1jznwgsosjgslxpfqrg9htkfnuqnzzyqepdxamevsc7iuhcb1etbo43acarkfmqn5d3uyusw5vf/verify
- url: https://turuncouk.kendolimted.net/lnoddbf7h3wgozqzrozasxgx59by8bs17tq4fz9of66gcasgdqsokighozupyh621jwehlylkmfma1jf5oteoikxenrby23itjp2nrwxwhmp3fnteczotwqlrwmxms0kmjtvcv7pjuclqcbrdykaje/verify
- file: 122.199.149.129
- hash: 3737
- url: https://willchar.com/6t1w.js
- domain: willchar.com
- url: https://willchar.com/js.php
- domain: check.kural.icu
- url: https://check.kural.icu/gkcxv.google
- file: 47.86.52.150
- hash: 443
- file: 13.60.234.76
- hash: 80
- file: 60.204.244.23
- hash: 8899
- file: 178.128.61.220
- hash: 443
- file: 83.229.121.103
- hash: 80
- file: 121.36.242.110
- hash: 80
- file: 103.161.35.171
- hash: 443
- file: 95.214.55.246
- hash: 2022
- file: 95.214.55.246
- hash: 6667
- file: 51.195.231.120
- hash: 8808
- file: 51.195.231.120
- hash: 222
- file: 51.195.231.120
- hash: 6606
- file: 51.195.231.120
- hash: 7707
- file: 68.219.250.95
- hash: 443
- file: 37.139.130.66
- hash: 4782
- domain: webmail.digitalbusineszclub.xyz
- file: 46.246.4.11
- hash: 8080
- file: 195.82.146.19
- hash: 4444
- file: 52.53.199.238
- hash: 389
- file: 107.189.26.70
- hash: 371
- file: 157.245.151.24
- hash: 80
- file: 124.156.226.253
- hash: 80
- domain: 5772530022.sbs
- url: https://vela-laboratories.acero.it.com/qho57emi38uorya0phbqet47stxkwf0mhn49vbnes6qe9wixzugvizayskvdvjglhihfgiulecsxtflnzcm3ktboadxogtldlj1prmnbrnwca4geiglcctjqno87qkv6wo03zjzscbrob28aykkrpjjoou6qf2fd5ayuwuw/verify
- domain: 7512495120.sbs
- domain: check.datot.icu
- url: https://check.datot.icu/gkcxv.google
- url: http://94.250.249.79/privatevoiddb1update/processphptrafficdb/jsupdate/httpphp6central/4/wp6pipeuploads/test86/multi/trafficcentralcentral/providereternaljavascriptmultigeneratortestprivatetempcdncentral.php
- domain: ncs.e-twfpg.com
- domain: scieseandbeyond.world
- file: 3.75.172.46
- hash: 443
- file: 162.128.74.109
- hash: 4433
- url: https://establishnappe.space/api
- url: https://79.133.46.59/
- file: 102.41.55.187
- hash: 5505
- file: 194.190.152.223
- hash: 40355
- domain: sarok7lmoutsg1.duckdns.org
- domain: sarok7lmoutsg2.duckdns.org
- domain: sarok7lmoutsg3.duckdns.org
- domain: sarok7lmoutsg4.duckdns.org
- domain: sarok7lmoutsg5.duckdns.org
- domain: used-billion.gl.at.ply.gg
- domain: lbxqdgsiecxcauf.top
- domain: fhilfndenkhfldg.top
- domain: xtflqjhubseiihm.top
- domain: mdnimbkllflibjk.top
- domain: fndfgcedjaalfca.top
- domain: klngfmuixjlnqtu.top
- domain: ljhcaemkhjeakje.top
- domain: jwduisxirpyygsk.top
- domain: eflnhggdgdieacj.top
- domain: glcfjyfrqreycth.top
- domain: sekawctenilfkgp.top
- domain: lbbkbinkemlhein.top
- domain: dlghjjhdchbkjbd.top
- domain: khkeclbkacfnnih.top
- domain: ewrulfirkyskrsw.top
- domain: jmemebcklgmfihc.top
- domain: qoaoaiwehoyqaff.top
- domain: ddabknjdnliceal.top
- domain: dhhjollrefgvirm.top
- domain: papecoyebvmcqeu.top
- domain: ciijlckdjacimag.top
- domain: jengfeekijgldhk.top
- domain: crwxqsnrwmthyqc.top
- domain: caddngldgejahna.top
- domain: okfsfvcetdbngdk.top
- domain: ikhagifkenndlge.top
- domain: bdmnsyqrqshsopr.top
- domain: nuuhhcfenjoywca.top
- domain: bgllakndcidgcnj.top
- domain: icciilhkbdgjggn.top
- domain: anccvfsrkauefoh.top
- domain: amgfcnadnlkmlmd.top
- domain: hikcjbiklgabbfh.top
- domain: lqalmpkebwpvdaf.top
- domain: adanddcdjbdefml.top
- domain: xjhgbsyqxnwblmm.top
- domain: gneklekkikhikec.top
- domain: check.ziwel.icu
- url: https://check.ziwel.icu/gkcxv.google
- domain: 7810328171.sbs
- domain: 6803490767.sbs
- file: 172.245.93.118
- hash: 45990
- url: http://185.246.66.165/4ebc84a8.php
- url: http://117.205.88.245:44546/mozi.m
- file: 94.156.227.99
- hash: 15666
- file: 107.173.203.208
- hash: 2096
- file: 46.246.86.8
- hash: 2404
- file: 198.12.89.21
- hash: 14645
- file: 104.250.169.70
- hash: 2404
- file: 185.234.72.215
- hash: 3333
- file: 128.90.123.191
- hash: 9999
- file: 186.169.85.81
- hash: 11102
- file: 89.117.109.238
- hash: 8808
- file: 159.223.163.240
- hash: 443
- file: 149.248.79.46
- hash: 7443
- file: 20.189.120.116
- hash: 8443
- file: 213.209.150.236
- hash: 80
- domain: cpcontacts.totopolice031.website
- domain: cpanel.bsttoolswx.xyz
- domain: cpcontacts.bookdmsab.xyz
- domain: cpcontacts.bestonenewznets.xyz
- domain: webdisk.enjoyedufabet.xyz
- domain: cpanel.topbusineszworldk.xyz
- domain: cpanel.totopolice031.website
- domain: cpcontacts.toriters7.xyz
- domain: cpcontacts.homeremodel.website
- domain: cpcalendars.playufabetgames.xyz
- domain: cpcalendars.proonlinehub.xyz
- domain: cpcontacts.upnddownapps.xyz
- domain: optimistic-leakey.23-227-202-132.plesk.page
- domain: webmail.foodiesfrenzy.xyz
- domain: webmail.trendingbstuisports.xyz
- domain: webmail.fstnewmedia.xyz
- domain: cpcontacts.businessnewznetwork.xyz
- file: 148.113.214.176
- hash: 555
- url: https://check.debij.icu/gkcxv.google
- url: http://cw18001.tw1.ru/a.php
- file: 122.193.204.37
- hash: 8105
- file: 149.56.205.44
- hash: 55555
- file: 222.186.17.90
- hash: 4506
- file: 43.156.94.92
- hash: 8888
- file: 47.83.188.104
- hash: 443
- file: 77.239.100.149
- hash: 443
- file: 91.231.186.25
- hash: 55555
- file: 1.94.63.197
- hash: 8989
- file: 104.238.135.196
- hash: 31337
- file: 38.60.217.204
- hash: 31337
- file: 47.238.140.204
- hash: 31337
- file: 68.183.118.150
- hash: 31337
- url: https://adb-technique.com
- domain: zakariabenkirane.ddns.net
- url: https://pastebin.com/raw/knvpjwgb
- domain: hilly1234-64988.portmap.host
- file: 193.161.193.99
- hash: 64988
- file: 45.204.194.212
- hash: 4212
- file: 136.40.23.27
- hash: 80
- file: 162.128.74.109
- hash: 443
ThreatFox IOCs for 2025-03-05
Medium
Published: Wed Mar 05 2025 (03/05/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-05
AI-Powered Analysis
AILast updated: 06/19/2025, 15:35:16 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-03-05,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical indicators are provided, and there are no known exploits in the wild associated with this threat at the time of publication. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. The absence of CWE identifiers, patch links, or detailed technical analysis suggests that this report serves as a general alert or collection of IOCs rather than a detailed vulnerability or malware analysis. The lack of indicators and affected versions implies that the threat may be emerging or not yet fully characterized. Given the 'tlp:white' tag, the information is intended for public sharing without restrictions. Overall, this threat intelligence entry appears to be an early-stage or low-confidence report on potential malware activity, emphasizing the need for ongoing monitoring rather than immediate reactive measures.
Potential Impact
For European organizations, the potential impact of this threat is currently limited due to the lack of detailed technical indicators, absence of known exploits in the wild, and no specified affected products or versions. However, as the report relates to malware and open-source intelligence, there is a latent risk that adversaries could leverage the shared IOCs or related data to conduct reconnaissance or prepare for targeted attacks. The medium severity rating suggests moderate concern, possibly reflecting the potential for data exposure or disruption if the threat evolves. European entities involved in critical infrastructure, government, or sectors with high exposure to cyber threats should remain vigilant, as the lack of detailed information does not preclude future exploitation. The impact could manifest as unauthorized access, data leakage, or service disruption if the malware or associated tactics are deployed effectively. Given the current information, the immediate operational impact is low, but the strategic risk warrants attention.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: European organizations should integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) systems to detect any emerging indicators related to this threat promptly. 2. Proactive Monitoring: Establish continuous monitoring of network traffic and endpoint behavior for anomalies that could correlate with newly published IOCs once available. 3. Incident Response Preparedness: Update incident response playbooks to include scenarios involving emerging malware threats with limited initial data, emphasizing rapid analysis and containment. 4. Employee Awareness: Conduct targeted training sessions to raise awareness about the evolving threat landscape, focusing on recognizing phishing or social engineering attempts that could deliver malware. 5. Collaboration with CERTs: Engage with national and European Computer Emergency Response Teams (CERTs) to share intelligence and receive timely updates on developments related to this threat. 6. Patch Management: Although no patches are linked to this threat, maintaining up-to-date software and systems reduces the attack surface for potential exploitation. 7. Network Segmentation: Implement strict network segmentation to limit lateral movement should an infection occur. These measures go beyond generic advice by emphasizing integration of OSINT feeds, proactive monitoring for emerging threats, and collaboration with regional cybersecurity entities.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- cac47e23-b9f5-478f-9df8-a4a905f06159
- Original Timestamp
- 1741219388
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.lijam.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaingmartph.shop | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domainian4x9bab.cc.rs6.net | FAKEUPDATES payload delivery domain (confidence level: 80%) | |
domaincheck.qozab.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainkhusinhthaidanphuong.top | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domain5184433321.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain6378609069.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.bajys.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domain5940526644.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmodtuning.world | Hook botnet C2 domain (confidence level: 100%) | |
domainwebmail.10bestufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.livninspot.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.shakdmisab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.top10gamesofoto1.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bottomofbusiness.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.enjoyufabet.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.allthefiver.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.levelfrstdm.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.stockmrtktlite.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.odysseyoutlook.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bestreadup.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.ufabetlover10.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.zitit.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebdisk.youandmewtoto.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.blogssab.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.gamesfunzartsz.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.settotoupbmart.com | Havoc botnet C2 domain (confidence level: 100%) | |
domain134.209.226.202.nip.io | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainovalre.us | Rhadamanthys payload delivery domain (confidence level: 100%) | |
domaincpcalendars.timehrnews.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.totogamesnetwork.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bestofnewzandgames.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainw1.discoverconicalcrouton.shop | Rhadamanthys payload delivery domain (confidence level: 75%) | |
domaincheck.vykyv.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainkokosinka1.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainkokosinka2.com | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domaincheck.wobym.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.cumys.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainthey-cumulative.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaincpanel.kreativelife.net | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaine3uy8orhd0i.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainfmanslaq9t1.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainke2ce0der1an.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaincheck.pufoq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebdisk.blogssab.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.shalownewsbooks.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.najem.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmyhousecam.ddns.net | MoDi RAT botnet C2 domain (confidence level: 75%) | |
domainapi.cameradriverx.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.videocarddrivers.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.drivercamhub.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.videodriverzone.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.driverstream.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.driversnap.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.camdriverstore.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.videotechdrivers.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.camdrivers.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.camdriverhub.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.vcamdriverupdate.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.provideodrivers.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.vcamsupport.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainapi.webcamfix.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainbokhoreshonline.com | Polyglot botnet C2 domain (confidence level: 49%) | |
domaincheck.dycib.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainapi.vidtechhub.cloud | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domain5616799786.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainshillaglavis.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainnivuti.com | Coinminer payload delivery domain (confidence level: 100%) | |
domaingitrok.com | Coinminer payload delivery domain (confidence level: 100%) | |
domaincanvas.pet | Coinminer payload delivery domain (confidence level: 100%) | |
domainswapme.fun | Coinminer payload delivery domain (confidence level: 100%) | |
domain9x9o.com | Coinminer payload delivery domain (confidence level: 100%) | |
domaincheck.miwun.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaintvninet19pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaina1097362.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1096844.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainvillagerae.temp.swtest.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina0993730.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincl32012.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainyariksca.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domaintheorxhysics.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainraiduyrumny.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainurbanfzgproject.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindazcientists.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbiochextryhub.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainemergixience.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintveight18ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintveight18pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintveight8vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvfift15pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvfourt14pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvsevt17pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvthirt13pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvtwenty20ht.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvtwenty20pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwthre3vs.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvfor4pn.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintvthirt13sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintwtwo2pt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincheck.pafoc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domain5794515135.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwebdisk.settotoupbmart.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.thebestofbests.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.kibof.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainapi.360s.ltd | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwww.honorofkings.me | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainapi.pdfiso.com | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainapi.dyk3j10rcxd1av9.xyz | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainapi.qxugb3qpfpafmlto.xyz | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainapi.xt6drjp542fz6j7xt.xyz | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainapi.uaabcvsolwgl.xyz | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainapi.hankirit.asia | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainwww.carssell.online | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainone.renzoprotocols.co | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainapi.kelimzorro.xyz | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainwanderpics.net | Rhadamanthys botnet C2 domain (confidence level: 49%) | |
domainnevada.mandros.us | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincheck.jakoc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsu.t.goldenloafuae.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainlog.t.goldenloafuae.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainydh7.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainwww.purpleit.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainicltdxb.tyseres.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainhvbx.sansompccom.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainesbranch-saml-172628.prfortesystems.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwillchar.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.kural.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebmail.digitalbusineszclub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domain5772530022.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain7512495120.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.datot.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainncs.e-twfpg.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainscieseandbeyond.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsarok7lmoutsg1.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsarok7lmoutsg2.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsarok7lmoutsg3.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsarok7lmoutsg4.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsarok7lmoutsg5.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainused-billion.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainlbxqdgsiecxcauf.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainfhilfndenkhfldg.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainxtflqjhubseiihm.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainmdnimbkllflibjk.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainfndfgcedjaalfca.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainklngfmuixjlnqtu.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainljhcaemkhjeakje.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainjwduisxirpyygsk.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaineflnhggdgdieacj.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainglcfjyfrqreycth.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainsekawctenilfkgp.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainlbbkbinkemlhein.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaindlghjjhdchbkjbd.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainkhkeclbkacfnnih.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainewrulfirkyskrsw.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainjmemebcklgmfihc.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainqoaoaiwehoyqaff.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainddabknjdnliceal.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaindhhjollrefgvirm.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainpapecoyebvmcqeu.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainciijlckdjacimag.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainjengfeekijgldhk.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaincrwxqsnrwmthyqc.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaincaddngldgejahna.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainokfsfvcetdbngdk.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainikhagifkenndlge.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainbdmnsyqrqshsopr.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainnuuhhcfenjoywca.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainbgllakndcidgcnj.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainicciilhkbdgjggn.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainanccvfsrkauefoh.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainamgfcnadnlkmlmd.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainhikcjbiklgabbfh.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainlqalmpkebwpvdaf.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainadanddcdjbdefml.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domainxjhgbsyqxnwblmm.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaingneklekkikhikec.top | MintsLoader payload delivery domain (confidence level: 100%) | |
domaincheck.ziwel.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domain7810328171.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain6803490767.sbs | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.totopolice031.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.bsttoolswx.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.bookdmsab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.bestonenewznets.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.enjoyedufabet.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.topbusineszworldk.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.totopolice031.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.toriters7.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.homeremodel.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.playufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.proonlinehub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.upnddownapps.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainoptimistic-leakey.23-227-202-132.plesk.page | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.foodiesfrenzy.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.trendingbstuisports.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.fstnewmedia.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.businessnewznetwork.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainzakariabenkirane.ddns.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainhilly1234-64988.portmap.host | Unknown Loader botnet C2 domain (confidence level: 50%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://variotok.com/amzxtfiqyra8xybywjuivuiy5pzfyrebtxdxez5z6nb5huy7leepzqjkwsvdvaltvytno4o3i5p3wwe2dmg2x0vux5utk5yca1jgyf6tg0aedt1giucvdxkakl8aaxl5zq3xypcbcmurzdn7g5dwtz/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://carmody-quality-solutions-llc.acero.it.com/i3m3atjz4cy4uwdoa8cufjbwe5jcfpfsnn7eyqhlr2ko1mzvnbge1leahmoistm5qurfosxh6c7dvjgq9gxapzkpgyusbyoii8otrnk90ww0l2kvvxd6pdrbzqhx/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/xha982ocxodcvv2bvgljt6crb3fuvioiy5fjpen0fn7jbxuquwpol2rto8hlmzesw6twyzafvokwyeuqbgdsehlrfgx0c59isaebaahpy1k4opw7msgq0wm4udpkgmhn36qtszulnnxjitx4zbpzqk/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/flwej9zisadgj4vzwkacvvmfboshyyd6edxc8is2qlh9vpqcebd4hwm21epdumphk3ntnafnp5ivg29iiymbxogufbws1ullm0ofmnazdu5jl8aqbyscqrioxr8ntfkthk3nag31eur7bhoszjoozt/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/kj6gpqslala495ac5qqh3t1rk09bwm2rnozs2lv0eyk2ziogkovvgat4bh4qofj6azvisbl8eipwm7ocdwpndpt0ruigxnfxxpqgjlt9yoftj78miysfitqrwv1zcuyyjdlofhujw6m1z3xnfns8oh/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/8onpmuq7xrbulal10rmtthgc3jfl2w6duds5knwl1hnezv2oirkxcasctzt6ffyiooa72yo98v5waizgmcl4pdeogw41kvmxnbfcoaqa30jyo9i9gpewgheueqdvfjezbswunm6kipuqs0xmfostdb/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/cqkqsn6zc1c1vo0romvq4xmxtwmlyu6hkezi2ywqwnhrgf3x2ectja7fd5sz0ub2qtgxpm7u9mibyderldinaknlda31pjsluh4jjvojo5paei9xn4scktyhwpxlzofho8mpbjig8w3f9ytbf5qorh/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/izyknw1qzgmfbfmefptdalbu7bhkupbhu9r5udznji68exv7cnlbmoijsjmirv7mwegytyq02px9xxo2gfj53kforgotlvdd0ala8ksa54qxnctdp49vcochsczsyozrozvht1v2yboprggel6wlc3/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/vxnbjrbv4qomjqtkck64fr4ceeh6vokqncz0qzion2kwpwwxcgajyfdu1r7t8kpm1e0sbr1dtmi58gbzlaxugi9nxv3fhewlpgpxibtsrstgoquez3yohlja26c8drmm5ovys7xtwp0sde3wd9jq2a/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://red-cedar-steel-erectors.creativeshare.it.com/ycncehrbvnpat8jhhwedrccgvqfzl3fr5lqufmjr6xjrm5oy4wzl3khvw7zim7el86sdeowy0pugpxjfkufk98a1otqzsbzyog32xgitahiq4iv0fdabgdoehtpcwi6vmjb21nqo7mbox9s4laq2y9/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://khusinhthaidanphuong.top/work/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://khusinhthaidanphuong.top/work/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://khusinhthaidanphuong.top/work/fine.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://zaikacakes.org/pcicapi.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://variotok.com/3sjlzv7up2ykk14qzkh7msghlbz7jhnv4vw0d5wljkqfuc1lozq4r6yu3udlwxxnlxwd4thxibwytlhqe1epvsdv3nrrdz6ff1zl3awlopzgj4waudemcje4q99p2ky0ljywouc9qzvgvvnxjvlnyw/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://id26399vlim-oracle-common-login-auth.prfortesystems.com/rdch/aonrfacdkoqp6e9z4sbcxddzbrd1hh6y0rwbo5f3cglwnphsxmt2bi97j2zlo4ylh4c5kkn8gvwpa16aingljt7jk8nsor0mkgsefmdit2ihy3jwzlqtigsjfzgo8qcapdhyv5bwulvqbzufxro1yk/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://ach.dllgrroup.com/honbezuc8mwquclhfoxl61a7ark3osiatzrmclm6dlrwu5igby0okqkonb9riwvpjtyz9isynneuovteh5fj0ifbhramvecpg4ge8ht6bjbq4qmdzwmujtkqops5f7lwv8u3fxz1swqtkoczfhx202/validate | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://durrans.gensyisgroup.com/6aaexi9o3rcfdurfv8n3gyrznnfoirvkymcs3gwy8ysbqdqrp6johpeqdhbvommjm2wiw8kycv1jodgr8rql7hptw8i4ns8i7z34ldt0ws18q2rtfpqds6nxjso66cn85yxttuvsplub0ngfpqfh6n/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://anchorlt.griffinsgrading.us/bzwe8hszw9c6fgyapn5gmxoc9i3sfolkfajzjm2jli763u19rbeakwlymb4beeo2kqcvozcrx7ib3dm1wjjxiewuai7pqisooo0qbn2v1zso8nhgryjhc0uvreynpl5tltqugkxfgzyxtd/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://sos.paylessautoz.de/8bse3yknmocl6xtmhgw7b6xzhea87tjgj26jp0ihbfckowodrk4ouybu022cxdwhxivgv1oemyj1jznwgsosjgslxpfqrg9htkfnuqnzzyqepdxamevsc7iuhcb1etbo43acarkfmqn5d3uyusw5vf/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://emberkokocoglow.xyz/mzexmzm0ytq2zgrk/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://emberboboforidge.xyz/ode4ytdiymy1ytdl/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://twilightgocolodream.xyz/mzvlmgq1zjgxztc5/ | Coper botnet C2 (confidence level: 100%) | |
urlhttps://accuratelien.supportbuilds.us/ewcugmuq62mbpsn1prqpdd7dhzskok9qorqbyf53acbdvdhoa28slojebg4ga8nipjtyfiq8lnzw7wixvifkwfr35rv2xtesol3nuhopzncsvkro0m6yngkt6tsmzgwajloluhx7t54emqi9ctemzevuzp/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://ackermanlawyers.ridinggearz.com/waxo4an6g5kpzzqtnfgholoddr60cyqemtzvxkrb9lmer8g01pcdkymv4w3saav1ffw7b8xtsjo35csvncijnsuyiibf9iurpzxetpqgmkqwoj2hl7ujehyo2/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://project.fablestudioz.com/4quwjc9u1ykkonxdlzqbl2pofaygdsfmpeke051dzwbtv7jt6horoi08qny2lbhws9xfkce3igvmu3vrtqwybhho66bj2tlrzpxgyfm0emln4xidngfu9oyw5hvrlrcjai8uzagcebaptcgxosiepn/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://ach.dllgrroup.com/honbezuc8mwquclhfoxl61a7ark3osiatzrmclm6dlrwu5igby0okqkonb9riwvpjtyz9isynneuovteh5fj0ifbhramvecpg4ge8ht6bjbq4qmdzwmujtkqops5f7lwv8u3fxz1swqtkoczfhx202/validate | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://uvsmt.com/bbs/skin/ruvin_cubic_category/site_link.php?desc=asc+&divpage=1&id=link&no=57&page=7&sc=on&select_arrange=headnum&sitelink=https://renaissancemantenance.com/%23rosspalmer@diamondlinedelivery.com | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://gtcdistribution.com/ntcstoo4ro34qkhp1jskqusgttpdgmk3ojimnimznuv2ww75itcb5ep6d0lv5bk0yvffqq67oyfd2bsiunlpd8sgrzqzka8r4idwkzwcuu9ynvywcjbdboqh2rlyea8xeeen0mjchvmhafxilvhfal3bu6jzo1rxoaghgfoscx/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.zitit.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://047506cm.nyanyash.ru/externalvideopythonpolltracktemp.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://test.radientinc.de/6lamsi40qdwsiexy257oioh3g27vnv4rgxcjzpovhhazgbtcjlevswzdzkudhfet1fpr6qfpb0qcxouymmgb8t9orwkajrdqycljnbay9iwnokxtlm35ukfps8e/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://vocals.faernleys.com/baofumrihpbiu0tp82mvoz7zyjztdowg8s5myfeenadkpbrr5csjweiafu3ao7n7rqnfgeqtrwn9zobitlxopmhcxq3sdc1f20cjjhfakjnxh9pa6tsglmle8qhwowydlsv1z0ypswljgc4yib6xdv/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttp://uvsmt.com/bbs/skin/ruvin_cubic_category/site_link.php?desc=asc+&divpage=1&id=link&no=57&page=7&sc=on&select_arrange=headnum&sitelink=https://sunbeltrcntals.com/%23jenniferlear@odysseylogistics.com | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.vykyv.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://establishnappe.space/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.wobym.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://103.242.15.140:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://check.cumys.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://www.test.peperoncinochepassione.it/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.ningbocrm.jintsume.net/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.thesignaturemag.salviatech.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://check.pufoq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://hellbentxpress.taxairs.com/ogfnnqcfvjdwur5kiilf8nx3qzxzas2mfn6etp9zgyrvu5brhemhpakui1trlc8vys4hjdtisloqhe09ydzpekwawo6oum3s7wl2xbcjoqv0baxmpy4cg7ogj/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.najem.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://drive-connect.cyou/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://su.t.goldenloafuae.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://check.dycib.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://vocals.faernleys.com/wbkuzuha5gb0zy9fl27o4rhimzoefaxjqrmoykovnhbda6vtknfclwdqudaaoog7pxprzqwhdldccuw0vlnnwhuu5jm3sxci83jtvori2exya3sbqgkvilg9egyfk94lgjhpqecpnfrpwbmmzbyj81/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://durrans.gensyisgroup.com/6aaexi9o3rcfdurfv8n3gyrznnfoirvkymcs3gwy8ysbqdqrp6johpeqdhbvommjm2wiw8kycv1jodgr8rql7hptw8i4ns8i7z34ldt0ws18q2rtfpqds6nxjso66cn85yxttuvsplub0ngfpqfh6n/index | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://vocals.faernleys.com/atvdarapgaf6lboxgagj2rdmyih8gh0k2xyvbojwdmnclnxbcemjjtyg8itq3prs4nl4xbqkqqmeouusz6wynwpdfwuesstenpwo8i6utqez7ykv30x5fn172idlhr914zwxoklv5tma3hc1oevj9d/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://factuur02282025.hobroz.com/l6cox7weypgybataf7jiok9yzfryifcgq21ntlgfco7jbpnqwaxenhckofdeyv4ommiasrobwgkug8gqiwo6mhwuqez1ji6p093vlczn1bmxnktdq9t0suuksnvexj2cvexptxrk5bqpwooa2liydm/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.miwun.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://emergixience.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://biochextryhub.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://urbanfzgproject.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dazcientists.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://raiduyrumny.cyou/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://theorxhysics.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.pafoc.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.kibof.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://nevada.mandros.us/profilelayout | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://schillingslead.io/8hgoua2o1doquwmfci6wf7nqmrrssfb1uqy0lt70ojvnxlcvetjx4yv25edzegpmsxwrasnxd3tym6il9obik2kppcxte3evku34zj51tyv4wnrihzfn9zbhxad5ebrlipa6ubwmwfdo8utsoh7foypmbzcqjvlia9/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.jakoc.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://log.t.goldenloafuae.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ydh7.shop/files/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ydh7.shop/files/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://ydh7.shop/files/fill.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://adityahotel.com/eula.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://sos.paylessautoz.de/8bse3yknmocl6xtmhgw7b6xzhea87tjgj26jp0ihbfckowodrk4ouybu022cxdwhxivgv1oemyj1jznwgsosjgslxpfqrg9htkfnuqnzzyqepdxamevsc7iuhcb1etbo43acarkfmqn5d3uyusw5vf/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://turuncouk.kendolimted.net/lnoddbf7h3wgozqzrozasxgx59by8bs17tq4fz9of66gcasgdqsokighozupyh621jwehlylkmfma1jf5oteoikxenrby23itjp2nrwxwhmp3fnteczotwqlrwmxms0kmjtvcv7pjuclqcbrdykaje/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://willchar.com/6t1w.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://willchar.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.kural.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://vela-laboratories.acero.it.com/qho57emi38uorya0phbqet47stxkwf0mhn49vbnes6qe9wixzugvizayskvdvjglhihfgiulecsxtflnzcm3ktboadxogtldlj1prmnbrnwca4geiglcctjqno87qkv6wo03zjzscbrob28aykkrpjjoou6qf2fd5ayuwuw/verify | Unknown malware botnet C2 (confidence level: 95%) | |
urlhttps://check.datot.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://94.250.249.79/privatevoiddb1update/processphptrafficdb/jsupdate/httpphp6central/4/wp6pipeuploads/test86/multi/trafficcentralcentral/providereternaljavascriptmultigeneratortestprivatetempcdncentral.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://establishnappe.space/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://79.133.46.59/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://check.ziwel.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://185.246.66.165/4ebc84a8.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://117.205.88.245:44546/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://check.debij.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://cw18001.tw1.ru/a.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://adb-technique.com | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/knvpjwgb | Unknown Loader botnet C2 (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file8.148.225.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file78.24.220.122 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.128.227.28 | Remcos botnet C2 server (confidence level: 100%) | |
file173.255.206.56 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.108.156 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.229.219.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file170.64.153.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.229.219.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.232.86.118 | Havoc botnet C2 server (confidence level: 100%) | |
file195.82.147.35 | DCRat botnet C2 server (confidence level: 100%) | |
file54.206.46.15 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.206.46.15 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.92.199.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.200.106 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file172.233.26.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.43.4.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.35.156 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.55.75.102 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.69.224 | Remcos botnet C2 server (confidence level: 100%) | |
file104.167.16.95 | ShadowPad botnet C2 server (confidence level: 90%) | |
file165.22.27.153 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.86.172.29 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file179.95.195.165 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.201.201.45 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file159.100.20.156 | MooBot botnet C2 server (confidence level: 100%) | |
file193.0.178.196 | BianLian botnet C2 server (confidence level: 100%) | |
file91.240.118.2 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file172.233.26.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.65.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.246.113.191 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.209.150.236 | Hook botnet C2 server (confidence level: 100%) | |
file52.51.91.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.41.172.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.124.73.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.201.254.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.183.84.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.24.122.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.28.89.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.50.101.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.219.181.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.158.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file36.88.125.94 | Unknown malware botnet C2 server (confidence level: 100%) | |
file184.82.99.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file142.93.167.110 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.249.98.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file201.202.66.218 | QakBot botnet C2 server (confidence level: 100%) | |
file185.208.158.237 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file195.123.211.56 | Koi Loader botnet C2 server (confidence level: 75%) | |
file92.255.85.23 | SectopRAT botnet C2 server (confidence level: 75%) | |
file104.168.101.23 | Mirai botnet C2 server (confidence level: 75%) | |
file193.200.78.49 | Bashlite botnet C2 server (confidence level: 75%) | |
file213.209.129.101 | Mirai botnet C2 server (confidence level: 75%) | |
file206.238.220.43 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.138.27.20 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file190.10.11.55 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.53.183.22 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file20.229.219.115 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.138.34.210 | Unknown malware botnet C2 server (confidence level: 50%) | |
file8.155.8.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.155.8.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.135.14.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.116.233.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.144.192 | Remcos botnet C2 server (confidence level: 75%) | |
file176.65.144.188 | Remcos botnet C2 server (confidence level: 75%) | |
file45.148.10.136 | Bashlite botnet C2 server (confidence level: 75%) | |
file101.34.63.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.120.32.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.42.245.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.158.202.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.244.225.2 | Remcos botnet C2 server (confidence level: 100%) | |
file31.56.110.131 | Remcos botnet C2 server (confidence level: 100%) | |
file161.35.56.10 | Remcos botnet C2 server (confidence level: 100%) | |
file66.150.198.182 | Remcos botnet C2 server (confidence level: 100%) | |
file18.97.23.201 | Havoc botnet C2 server (confidence level: 100%) | |
file34.134.126.120 | Havoc botnet C2 server (confidence level: 100%) | |
file179.255.41.16 | Venom RAT botnet C2 server (confidence level: 100%) | |
file179.255.41.16 | Venom RAT botnet C2 server (confidence level: 100%) | |
file179.255.41.16 | Venom RAT botnet C2 server (confidence level: 100%) | |
file179.255.41.16 | Venom RAT botnet C2 server (confidence level: 100%) | |
file179.255.41.16 | Venom RAT botnet C2 server (confidence level: 100%) | |
file179.255.41.16 | Venom RAT botnet C2 server (confidence level: 100%) | |
file163.5.169.60 | Venom RAT botnet C2 server (confidence level: 100%) | |
file195.82.146.19 | DCRat botnet C2 server (confidence level: 100%) | |
file3.27.11.157 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.182.151.200 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.182.151.200 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.182.151.200 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.251.80.231 | Bashlite botnet C2 server (confidence level: 100%) | |
file1.161.111.124 | QakBot botnet C2 server (confidence level: 75%) | |
file149.56.205.44 | Rhysida botnet C2 server (confidence level: 75%) | |
file149.56.205.44 | Rhysida botnet C2 server (confidence level: 75%) | |
file163.181.202.98 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file144.91.92.251 | MoDi RAT botnet C2 server (confidence level: 75%) | |
file213.209.150.224 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file77.239.100.149 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file150.230.26.196 | Meterpreter botnet C2 server (confidence level: 75%) | |
file194.59.31.40 | Remcos botnet C2 server (confidence level: 100%) | |
file95.214.55.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.94.207.135 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file108.143.59.186 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.122.62.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.209.150.181 | Hook botnet C2 server (confidence level: 100%) | |
file3.248.199.29 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file56.124.52.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file154.222.24.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.153.201.105 | MimiKatz botnet C2 server (confidence level: 100%) | |
file52.255.166.103 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file82.153.134.38 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file89.213.174.246 | Mirai botnet C2 server (confidence level: 100%) | |
file116.202.4.223 | Vidar botnet C2 server (confidence level: 100%) | |
file45.74.46.39 | Remcos botnet C2 server (confidence level: 100%) | |
file122.199.149.129 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file47.86.52.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file13.60.234.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.204.244.23 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.128.61.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.229.121.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.36.242.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.161.35.171 | Sliver botnet C2 server (confidence level: 100%) | |
file95.214.55.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.214.55.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.231.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.231.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.231.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.231.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.219.250.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.139.130.66 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file46.246.4.11 | DCRat botnet C2 server (confidence level: 100%) | |
file195.82.146.19 | DCRat botnet C2 server (confidence level: 100%) | |
file52.53.199.238 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.189.26.70 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file157.245.151.24 | MooBot botnet C2 server (confidence level: 100%) | |
file124.156.226.253 | MimiKatz botnet C2 server (confidence level: 100%) | |
file3.75.172.46 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file162.128.74.109 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file102.41.55.187 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file194.190.152.223 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
file172.245.93.118 | Remcos botnet C2 server (confidence level: 75%) | |
file94.156.227.99 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
file107.173.203.208 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file46.246.86.8 | Remcos botnet C2 server (confidence level: 100%) | |
file198.12.89.21 | Remcos botnet C2 server (confidence level: 100%) | |
file104.250.169.70 | Remcos botnet C2 server (confidence level: 100%) | |
file185.234.72.215 | Remcos botnet C2 server (confidence level: 100%) | |
file128.90.123.191 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file186.169.85.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.117.109.238 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file159.223.163.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.248.79.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.189.120.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.209.150.236 | Hook botnet C2 server (confidence level: 100%) | |
file148.113.214.176 | DCRat botnet C2 server (confidence level: 100%) | |
file122.193.204.37 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file149.56.205.44 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file222.186.17.90 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file43.156.94.92 | Sliver botnet C2 server (confidence level: 75%) | |
file47.83.188.104 | Havoc botnet C2 server (confidence level: 75%) | |
file77.239.100.149 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file91.231.186.25 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file1.94.63.197 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file104.238.135.196 | Sliver botnet C2 server (confidence level: 50%) | |
file38.60.217.204 | Sliver botnet C2 server (confidence level: 50%) | |
file47.238.140.204 | Sliver botnet C2 server (confidence level: 50%) | |
file68.183.118.150 | Sliver botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | Unknown Loader botnet C2 server (confidence level: 50%) | |
file45.204.194.212 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file136.40.23.27 | Meterpreter botnet C2 server (confidence level: 75%) | |
file162.128.74.109 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Remcos botnet C2 server (confidence level: 100%) | |
hash4444 | Sliver botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash40057 | Havoc botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash9601 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8845 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4000 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5986 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash9769 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2323 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hasha4e7b94c88a041d5e9983a704053f01c | Unknown malware payload (confidence level: 50%) | |
hash7b795e5db82f25b8261d70048b2c3940 | Unknown malware payload (confidence level: 50%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash80 | Koi Loader botnet C2 server (confidence level: 75%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 75%) | |
hash8976 | Mirai botnet C2 server (confidence level: 75%) | |
hash6963 | Bashlite botnet C2 server (confidence level: 75%) | |
hash5378 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6667 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash42222 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4573 | Remcos botnet C2 server (confidence level: 75%) | |
hash30473 | Remcos botnet C2 server (confidence level: 75%) | |
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8181 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash25608 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash623 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1961 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2455 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4841 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash17778 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash18005 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2077 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash10686 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash501 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Rhysida botnet C2 server (confidence level: 75%) | |
hash80 | Rhysida botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2025 | MoDi RAT botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8000 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash2003 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash2762 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash44818 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash6666 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash3990 | Remcos botnet C2 server (confidence level: 100%) | |
hash3737 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash2022 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6667 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash389 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash371 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash5505 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash40355 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
hash45990 | Remcos botnet C2 server (confidence level: 75%) | |
hash15666 | Meduza Stealer botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash14645 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash3333 | Remcos botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash11102 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash555 | DCRat botnet C2 server (confidence level: 100%) | |
hash8105 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash55555 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash55555 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8989 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash64988 | Unknown Loader botnet C2 server (confidence level: 50%) | |
hash4212 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682c7dbce8347ec82d2c5407
Added to database: 5/20/2025, 1:03:56 PM
Last enriched: 6/19/2025, 3:35:16 PM
Last updated: 7/10/2025, 2:40:56 PM
Views: 7
Related Threats
Athlete or Hacker? Russian basketball player accused in U.S. ransomware case
MediumMalwareSat Jul 12 2025
ThreatFox IOCs for 2025-07-11
MediumMalwareSat Jul 12 2025
DoNot APT Hits European Ministry with Fake Diplomacy Emails and LoptikMod Malware
MediumMalwareFri Jul 11 2025
ThreatFox IOCs for 2025-07-10
MediumMalwareFri Jul 11 2025
Deploying NetSupport RAT via WordPress & ClickFix
MediumMalwareThu Jul 10 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.