ThreatFox IOCs for 2025-03-09
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-09
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-03-09," sourced from ThreatFox, which is a platform specializing in sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'type:osint' tag, indicating it is derived from open-source intelligence. No specific affected software versions or products are identified, and no Common Weakness Enumerations (CWEs) are listed, suggesting that the threat is not tied to a particular vulnerability or software flaw. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and distribution. The absence of known exploits in the wild and lack of patch links further suggest that this malware is either newly identified or not actively exploited at scale. The report does not provide specific indicators of compromise, limiting the ability to perform detailed technical analysis or attribution. Overall, this appears to be an early-stage or low-visibility malware threat identified through OSINT channels, with limited technical details available for in-depth assessment.
Potential Impact
Given the limited technical details and absence of known exploits, the potential impact on European organizations is currently moderate but should not be underestimated. Malware threats disseminated via OSINT channels can evolve rapidly, potentially leading to data breaches, unauthorized access, or disruption of services if exploited effectively. European organizations, especially those with significant digital infrastructure or handling sensitive data, could face confidentiality risks if the malware is designed for data exfiltration. Integrity and availability impacts are less clear due to lack of specific payload information. The medium severity rating suggests that while immediate widespread damage is unlikely, targeted attacks or subsequent variants could pose higher risks. Organizations in critical sectors such as finance, healthcare, and government may be particularly sensitive to emerging malware threats, necessitating vigilance despite the current low visibility of this threat.
Mitigation Recommendations
To mitigate risks associated with this malware threat, European organizations should implement enhanced monitoring of network traffic and endpoint behavior to detect anomalous activities potentially linked to unknown malware. Leveraging threat intelligence feeds, including ThreatFox and other OSINT platforms, can help in early identification of emerging IOCs once they become available. Organizations should ensure that their security information and event management (SIEM) systems are configured to ingest and correlate new threat data rapidly. Employing advanced endpoint detection and response (EDR) solutions with heuristic and behavioral analysis capabilities can aid in identifying malware that lacks known signatures. Regular employee training on phishing and social engineering tactics remains critical, as malware often propagates through such vectors. Additionally, organizations should conduct periodic threat hunting exercises focused on detecting low-profile or emerging malware threats. Given the absence of patches, maintaining up-to-date software and system hardening practices will reduce the attack surface for potential exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: check.juxoi.icu
- file: 155.254.245.47
- hash: 25
- file: 196.251.87.10
- hash: 8808
- domain: ec2-13-213-182-135.ap-southeast-1.compute.amazonaws.com
- file: 79.72.19.74
- hash: 80
- file: 201.43.190.174
- hash: 8081
- domain: cpcalendars.dmfortsites.xyz
- domain: webmail.10bestbusiness.xyz
- domain: cpanel.welbngusnews.xyz
- domain: webdisk.homeimprovementbox.website
- domain: webmail.businesseshub.xyz
- domain: cpcalendars.gamesofart1.xyz
- domain: cpcalendars.toriters1.website
- domain: webdisk.mtpolice12.website
- domain: cpanel.fastnewclub.xyz
- domain: cpcalendars.betufa.website
- domain: cpanel.onlinegameshub.xyz
- domain: www.ruyn.top
- file: 45.204.217.248
- hash: 80
- domain: check.henuo.icu
- url: https://check.henuo.icu/gkcxv.google
- file: 47.100.16.83
- hash: 80
- file: 119.45.30.250
- hash: 18443
- file: 185.241.208.51
- hash: 8808
- file: 104.161.36.40
- hash: 8808
- file: 102.117.168.104
- hash: 7443
- domain: jin13.xiaodong88.cn
- file: 91.169.117.54
- hash: 1604
- file: 43.156.59.110
- hash: 9998
- domain: cpanel.tectotechnology.com
- domain: cpanel.homeaddition.website
- domain: webdisk.bookdmsab.xyz
- domain: webdisk.businesswithloyal.xyz
- domain: webdisk.ufabetgames1010.xyz
- domain: webmail.start7pros.xyz
- domain: cpcalendars.top10gamesofoto.com
- domain: webdisk.totogamesnetwork.com
- file: 176.65.142.144
- hash: 4449
- domain: pwn.bamuwe.xyz
- domain: cpcalendars.sports777games.com
- file: 51.12.243.123
- hash: 3333
- file: 3.6.109.60
- hash: 443
- file: 3.137.65.101
- hash: 8080
- file: 3.87.141.253
- hash: 3333
- file: 188.245.206.96
- hash: 3333
- file: 157.245.245.133
- hash: 3333
- file: 108.165.213.9
- hash: 3333
- file: 43.156.42.200
- hash: 4433
- file: 46.38.250.176
- hash: 3333
- file: 52.190.60.170
- hash: 443
- file: 154.53.160.17
- hash: 3333
- file: 38.126.114.199
- hash: 14268
- url: http://192.168.147.131:80/jquery-3.3.1.min.js
- domain: check.jiceo.icu
- url: https://check.jiceo.icu/gkcxv.google
- domain: check.qinah.icu
- url: https://check.qinah.icu/gkcxv.google
- url: https://astronav.world/bvvw
- file: 138.197.78.18
- hash: 8080
- file: 82.156.109.142
- hash: 8443
- file: 47.97.84.155
- hash: 6666
- file: 148.113.204.101
- hash: 31337
- file: 142.93.68.220
- hash: 31337
- file: 144.172.93.70
- hash: 31337
- file: 162.120.71.38
- hash: 31337
- file: 3.144.157.115
- hash: 243
- file: 176.82.209.133
- hash: 6000
- file: 13.40.156.106
- hash: 113
- file: 34.222.23.99
- hash: 902
- file: 91.4.45.122
- hash: 80
- file: 149.210.92.206
- hash: 443
- file: 15.222.252.97
- hash: 20000
- file: 56.155.32.7
- hash: 44818
- url: http://37.139.129.142/htdocs/asmrqdskmfapfgl.exe
- url: http://37.139.129.142/htdocs/wagzfgztkrwncmg.exe
- url: http://37.139.129.142/htdocs/jhhcspkiyfanfly.exe
- url: http://109.206.241.81/htdocs/ncdcbrmywczgfzh.exe
- url: http://81.161.229.110/htdocs/oyaddrsqprepzdn.exe
- url: http://81.161.229.110/htdocs/clwsnxmbrkekqee.exe
- url: http://37.139.129.142/htdocs/jtjpsfbrgehowsw.exe
- url: http://37.139.129.142/htdocs/dwrtzrdgckiwasl.exe
- url: http://37.139.129.142/htdocs/nnmbedlzoxrdjqb.exe
- url: http://37.139.129.142/htdocs/csfbnaszlbkdkhr.exe
- url: http://185.219.81.132/4f85e0bfc60adccc/sqlite3.dll
- url: https://185.219.81.135/4175180d6b714647/sqlite3.dll
- url: https://185.219.81.135/4175180d6b714647/vcruntime140.dll
- url: https://185.219.81.135/4175180d6b714647/mozglue.dll
- url: https://jucnglecrea.bet/login
- url: https://pastebin.com/raw/ftknpnf7
- domain: botnet1.uapworx1.sbs
- domain: mosayjanobo-38048.portmap.host
- domain: pdf-switched.gl.at.ply.gg
- domain: 2533qwefs-64288.portmap.host
- domain: found-politicians.gl.at.ply.gg
- url: https://pastebin.com/raw/w5ent6vu
- domain: imthat1guyfrfr-32310.portmap.host
- domain: aboltustimoha-43339.portmap.host
- domain: figure-races.gl.at.ply.gg
- domain: remember-convenient.gl.at.ply.gg
- domain: some-event.gl.at.ply.gg
- domain: support-effectiveness.gl.at.ply.gg
- file: 193.161.193.99
- hash: 32310
- file: 147.185.221.18
- hash: 13143
- url: https://chimneysickend.icu/api
- file: 196.251.80.231
- hash: 839
- url: https://coderspabradise.life/api
- domain: check.jilex.icu
- url: https://check.jilex.icu/gkcxv.google
- file: 101.36.127.225
- hash: 9666
- file: 185.143.243.46
- hash: 80
- file: 46.74.204.117
- hash: 3510
- file: 158.180.232.131
- hash: 443
- domain: cpcalendars.bigmedianetwrk.com
- domain: webmail.blogssab.com
- file: 35.154.251.234
- hash: 4839
- file: 91.209.135.71
- hash: 4000
- file: 108.138.75.164
- hash: 443
- file: 13.37.237.41
- hash: 3260
- file: 54.38.94.225
- hash: 8893
- file: 65.109.6.39
- hash: 8888
- file: 43.138.15.25
- hash: 2003
- file: 1.95.13.123
- hash: 80
- domain: tenbs10sr.top
- domain: code-yandex.ru
- domain: f1100076.xsph.ru
- file: 147.185.221.26
- hash: 50619
- domain: followfauc.cyou
- domain: september-touch.gl.at.ply.gg
- domain: dsimensio.bet
- domain: zfurrycomp.top
- domain: smartsolutions24.top
- domain: confessnibmle.top
- file: 8.152.213.83
- hash: 4444
- file: 175.24.227.106
- hash: 443
- url: https://smartsolutions24.top/api
- url: https://dsimensio.bet/api
- domain: sterpickced.digital
- domain: sixgb6sb.top
- domain: eightbs8sr.top
- domain: eighthh8th.top
- domain: onehh1th.top
- domain: sixhh6th.top
- domain: tenhh10th.top
- domain: sixbr6vt.top
- domain: onebr1vt.top
- url: https://confessnibmle.top/api
- domain: check.somyq.icu
- url: https://check.somyq.icu/gkcxv.google
- domain: cpcalendars.latestsportshub.com
- domain: webmail.gamesoffashion.com
- domain: cpcontacts.thegameof7art.com
- domain: cpcontacts.tectotechnology.com
- domain: webmail.onlinebesttotogames.com
- domain: cpcalendars.welovetotogames.com
- file: 52.78.43.89
- hash: 9000
- file: 168.100.10.177
- hash: 8080
- domain: check.kynoc.icu
- url: https://check.kynoc.icu/gkcxv.google
- domain: check.jipuh.icu
- url: https://check.jipuh.icu/gkcxv.google
- url: https://0defaulemot.run/api
- url: https://5arisechairedd.shop/api
- url: https://hgaragedrootz.top/api
- url: https://ibegindecafer.world/api
- url: https://morangemyther.live/api
- url: https://qfostinjec.today/api
- domain: update.miocrsoft.com
- file: 172.105.111.197
- hash: 8181
- file: 172.233.26.237
- hash: 8181
- url: https://ddeaddereaste.today/api
- file: 193.33.153.176
- hash: 80
- domain: check.cicyb.icu
- url: https://check.cicyb.icu/gkcxv.google
- file: 101.99.92.190
- hash: 40919
- url: https://billing.shrewsburysocialclub.org/profilelayout
- file: 38.180.136.155
- hash: 443
- domain: check.kacoz.icu
- url: https://check.kacoz.icu/gkcxv.google
- domain: check.xuceb.icu
- url: https://check.xuceb.icu/gkcxv.google
- url: https://3begindecafer.world/api
- url: https://mbfostinjec.today/api
- url: https://pfostinjec.today/api
- url: https://tbegindecafer.world/api
- url: https://quantyu.bet/api
- url: https://areawannte.bet/api
- url: https://farmtoonnection.bet/api
- url: https://planestaryo.bet/api
- url: https://sectioarran.bet/api
- url: https://scientihfichub.bet/api
- url: https://ztechwave.bet/api
- url: https://soilhewocacy.bet/api
- url: https://pililowease.run/api
- url: https://universeho.bet/api
- url: https://lightyears.bet/api
- url: https://creathurecove.bet/api
- url: https://crebatureco.bet/api
- url: https://feathteredf.bet/api
- url: https://orbeitings.run/api
- url: https://puawprintm.bet/api
- url: https://winnevarid.run/api
- url: https://virtualvxinsight.run/api
- url: https://astrfcalinsights.run/api
- url: https://codeevobvlution.run/api
- url: https://astrogaze.run/api
- url: https://huibokoras.run/api
- url: https://scalfeandtail.life/api
- url: https://qcelestialo.run/api
- url: https://cueddlycrea.run/api
- url: https://animpalaffe.life/api
- url: https://astrobib.life/api
- url: https://animalujnity.run/api
- url: https://pxawprintsafari.run/api
- url: https://baerkandmeow.run/api
- url: https://wildwonlders.run/api
- url: https://playfulupaws.life/api
- url: https://galxacticex.run/api
- url: https://constellationfe.run/api
- url: https://mfeteorolog.life/api
- url: https://regullanbalk.life/api
- url: https://cosmopla.life/api
- url: https://quantumuni.life/api
- url: https://starfieldsin.life/api
- url: https://cosmichori.today/api
- url: https://crittercoorner.today/api
- url: https://fusrryfables.today/api
- url: https://wildwmorlds.life/api
- url: https://astrophysical.today/api
- url: https://sanugglebud.today/api
- url: https://tonedanswered.today/api
- url: https://stellafradv.world/api
- url: https://wilodlifewhis.icu/api
- url: https://happyyhowler.icu/api
- url: https://resignfallk.icu/api
- url: https://kaittenkorner.today/api
- url: https://spacetimech.today/api
- url: https://piellowbliss.icu/api
- url: https://furryjourlneys.icu/api
- url: https://kingfdomo.today/api
- url: https://inztergalact.world/api
- url: https://celestigalp.icu/api
- url: https://voyeugger.today/api
- url: https://animnalha.icu/api
- url: https://astronav.world/api
- url: https://theinterg.world/api
- url: https://happyjh.world/api
- url: https://pawfsandcl.world/api
- url: https://tailsogfthewild.world/api
- url: https://astrotg.world/api
- url: https://fyeredfamily.world/api
- url: https://pevtparadise.world/api
- url: https://kaiserdome.run/api
- domain: quantyu.bet
- domain: farmtoonnection.bet
- domain: planestaryo.bet
- domain: sectioarran.bet
- domain: scientihfichub.bet
- domain: ztechwave.bet
- domain: soilhewocacy.bet
- domain: pililowease.run
- domain: universeho.bet
- domain: lightyears.bet
- domain: creathurecove.bet
- domain: crebatureco.bet
- domain: feathteredf.bet
- domain: orbeitings.run
- domain: puawprintm.bet
- domain: winnevarid.run
- domain: virtualvxinsight.run
- domain: astrfcalinsights.run
- domain: codeevobvlution.run
- domain: astrogaze.run
- domain: huibokoras.run
- domain: scalfeandtail.life
- domain: qcelestialo.run
- domain: cueddlycrea.run
- domain: animpalaffe.life
- domain: astrobib.life
- domain: animalujnity.run
- domain: pxawprintsafari.run
- domain: baerkandmeow.run
- domain: wildwonlders.run
- domain: playfulupaws.life
- domain: galxacticex.run
- domain: constellationfe.run
- domain: mfeteorolog.life
- domain: regullanbalk.life
- domain: cosmopla.life
- domain: quantumuni.life
- domain: starfieldsin.life
- domain: cosmichori.today
- domain: crittercoorner.today
- domain: fusrryfables.today
- domain: wildwmorlds.life
- domain: astrophysical.today
- domain: sanugglebud.today
- domain: tonedanswered.today
- domain: stellafradv.world
- domain: wilodlifewhis.icu
- domain: happyyhowler.icu
- domain: resignfallk.icu
- domain: kaittenkorner.today
- domain: spacetimech.today
- domain: piellowbliss.icu
- domain: furryjourlneys.icu
- domain: kingfdomo.today
- domain: inztergalact.world
- domain: celestigalp.icu
- domain: voyeugger.today
- domain: animnalha.icu
- domain: astronav.world
- domain: theinterg.world
- domain: happyjh.world
- domain: pawfsandcl.world
- domain: tailsogfthewild.world
- domain: astrotg.world
- domain: fyeredfamily.world
- domain: pevtparadise.world
- domain: astralconnec.icu
- domain: check.tunep.icu
- url: https://check.tunep.icu/gkcxv.google
- domain: europlant.md
- domain: www.m2iapparels.com
- domain: check.wohur.icu
- url: https://check.wohur.icu/gkcxv.google
- url: http://070687cm.nyashk.ru/eternalphppolldbgeneratortestuploadsdownloads.php
- file: 123.56.226.71
- hash: 44444
- file: 139.180.215.190
- hash: 80
- file: 206.123.152.40
- hash: 3191
- file: 38.68.49.150
- hash: 7707
- file: 196.251.71.246
- hash: 6606
- file: 196.251.71.246
- hash: 7707
- file: 178.170.122.145
- hash: 7443
- domain: cpcalendars.okiamwithtotogames.xyz
- domain: cpanel.viralbookshub.xyz
- domain: webdisk.shakdmisab.xyz
- file: 115.74.21.219
- hash: 9999
- file: 65.75.211.237
- hash: 10081
- file: 154.127.56.114
- hash: 23
- url: http://383281cm.nyashk.ru/eternalvideo.php
- url: http://95.182.122.208/vmtemporary/uploads/publicbasevm/asyncupdatepipe/temp/asynctrackprotonprocess/python/protectlow/javascriptrequestlongpoll.php
- file: 184.75.221.171
- hash: 54190
- file: 147.185.221.26
- hash: 20092
- domain: percent-wing.gl.at.ply.gg
- file: 185.172.175.147
- hash: 5555
- domain: check.givus.icu
- url: https://check.givus.icu/gkcxv.google
- url: http://161.248.87.245:8888/supershell/login/
- url: http://117.235.42.77:46582/mozi.m
- url: https://check.jorah.icu/gkcxv.google
- url: http://virustotalprotect.mygamesonline.org/86a74049.php
- file: 8.137.9.110
- hash: 80
- file: 128.199.162.141
- hash: 8443
- file: 47.99.124.12
- hash: 2053
- file: 191.101.51.7
- hash: 2404
- file: 154.205.139.12
- hash: 443
- file: 65.109.209.214
- hash: 80
- file: 213.209.150.182
- hash: 80
- domain: webmail.homeaddition.xyz
- domain: webmail.homeaddition.website
- domain: webmail.5bestufabetgames.xyz
- domain: cpcalendars.toriters7.xyz
- domain: projectbussiness.online
- domain: cpcalendars.gamesoffashion45.xyz
- domain: cpanel.handufabetgames.xyz
- domain: cpcalendars.foodiesfrenzy.xyz
- domain: cpanel.takeufagame1111.xyz
- file: 115.74.21.219
- hash: 6000
- file: 115.74.21.219
- hash: 8000
- file: 18.237.71.237
- hash: 2053
- file: 18.237.71.237
- hash: 2403
- domain: yyhk3.tk10.top
- domain: min-profil-reaktivier.info
- file: 212.227.245.12
- hash: 80
- file: 111.20.22.33
- hash: 4506
- file: 142.93.68.220
- hash: 8888
- domain: ns.youtubedns.com
- domain: ns01.micr0soft.me.uk
- domain: ns02.micr0soft.me.uk
- domain: profiles.arkaviaredteam.cl
- file: 107.148.47.247
- hash: 53
- file: 172.233.26.237
- hash: 53
- file: 3.64.4.198
- hash: 15691
- file: 146.158.116.151
- hash: 7655
- domain: a1100737.xsph.ru
- domain: a1100551.xsph.ru
- file: 23.95.246.234
- hash: 2096
- file: 49.13.62.112
- hash: 8088
- file: 172.86.113.139
- hash: 8081
- file: 198.98.56.99
- hash: 443
- domain: config.lierwa.xyz
- file: 198.98.56.99
- hash: 8080
- url: https://check.gefeq.icu/gkcxv.google
- file: 188.166.245.198
- hash: 8443
- file: 15.204.236.25
- hash: 8084
ThreatFox IOCs for 2025-03-09
Medium
Published: Sun Mar 09 2025 (03/09/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-09
AI-Powered Analysis
AILast updated: 06/19/2025, 15:32:16 UTC
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-03-09," sourced from ThreatFox, which is a platform specializing in sharing Indicators of Compromise (IOCs) and threat intelligence data. The report is categorized under the 'type:osint' tag, indicating it is derived from open-source intelligence. No specific affected software versions or products are identified, and no Common Weakness Enumerations (CWEs) are listed, suggesting that the threat is not tied to a particular vulnerability or software flaw. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, which may imply moderate threat presence and distribution. The absence of known exploits in the wild and lack of patch links further suggest that this malware is either newly identified or not actively exploited at scale. The report does not provide specific indicators of compromise, limiting the ability to perform detailed technical analysis or attribution. Overall, this appears to be an early-stage or low-visibility malware threat identified through OSINT channels, with limited technical details available for in-depth assessment.
Potential Impact
Given the limited technical details and absence of known exploits, the potential impact on European organizations is currently moderate but should not be underestimated. Malware threats disseminated via OSINT channels can evolve rapidly, potentially leading to data breaches, unauthorized access, or disruption of services if exploited effectively. European organizations, especially those with significant digital infrastructure or handling sensitive data, could face confidentiality risks if the malware is designed for data exfiltration. Integrity and availability impacts are less clear due to lack of specific payload information. The medium severity rating suggests that while immediate widespread damage is unlikely, targeted attacks or subsequent variants could pose higher risks. Organizations in critical sectors such as finance, healthcare, and government may be particularly sensitive to emerging malware threats, necessitating vigilance despite the current low visibility of this threat.
Mitigation Recommendations
To mitigate risks associated with this malware threat, European organizations should implement enhanced monitoring of network traffic and endpoint behavior to detect anomalous activities potentially linked to unknown malware. Leveraging threat intelligence feeds, including ThreatFox and other OSINT platforms, can help in early identification of emerging IOCs once they become available. Organizations should ensure that their security information and event management (SIEM) systems are configured to ingest and correlate new threat data rapidly. Employing advanced endpoint detection and response (EDR) solutions with heuristic and behavioral analysis capabilities can aid in identifying malware that lacks known signatures. Regular employee training on phishing and social engineering tactics remains critical, as malware often propagates through such vectors. Additionally, organizations should conduct periodic threat hunting exercises focused on detecting low-profile or emerging malware threats. Given the absence of patches, maintaining up-to-date software and system hardening practices will reduce the attack surface for potential exploitation.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- a0b53ebb-3ece-4640-95cb-6cdeb3275a4b
- Original Timestamp
- 1741564987
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.juxoi.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainec2-13-213-182-135.ap-southeast-1.compute.amazonaws.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.dmfortsites.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.10bestbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.welbngusnews.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.homeimprovementbox.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.businesseshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.gamesofart1.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.toriters1.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.mtpolice12.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.fastnewclub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.betufa.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.onlinegameshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.ruyn.top | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.henuo.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainjin13.xiaodong88.cn | Hook botnet C2 domain (confidence level: 100%) | |
domaincpanel.tectotechnology.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.homeaddition.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bookdmsab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.businesswithloyal.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.ufabetgames1010.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.start7pros.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.top10gamesofoto.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.totogamesnetwork.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainpwn.bamuwe.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.sports777games.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.jiceo.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.qinah.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainbotnet1.uapworx1.sbs | Mirai botnet C2 domain (confidence level: 50%) | |
domainmosayjanobo-38048.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainpdf-switched.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domain2533qwefs-64288.portmap.host | XenoRAT botnet C2 domain (confidence level: 50%) | |
domainfound-politicians.gl.at.ply.gg | XenoRAT botnet C2 domain (confidence level: 50%) | |
domainimthat1guyfrfr-32310.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainaboltustimoha-43339.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainfigure-races.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainremember-convenient.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsome-event.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsupport-effectiveness.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.jilex.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcalendars.bigmedianetwrk.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.blogssab.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaintenbs10sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincode-yandex.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainf1100076.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainfollowfauc.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainseptember-touch.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaindsimensio.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainzfurrycomp.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsmartsolutions24.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainconfessnibmle.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsterpickced.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsixgb6sb.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineightbs8sr.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaineighthh8th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonehh1th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixhh6th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaintenhh10th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixbr6vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonebr1vt.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincheck.somyq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcalendars.latestsportshub.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.gamesoffashion.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.thegameof7art.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.tectotechnology.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.onlinebesttotogames.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.welovetotogames.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.kynoc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.jipuh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainupdate.miocrsoft.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincheck.cicyb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.kacoz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.xuceb.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainquantyu.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfarmtoonnection.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainplanestaryo.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsectioarran.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscientihfichub.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainztechwave.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsoilhewocacy.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpililowease.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainuniverseho.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlightyears.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincreathurecove.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrebatureco.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfeathteredf.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainorbeitings.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpuawprintm.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwinnevarid.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvirtualvxinsight.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastrfcalinsights.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincodeevobvlution.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastrogaze.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhuibokoras.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscalfeandtail.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqcelestialo.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincueddlycrea.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainanimpalaffe.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastrobib.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainanimalujnity.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpxawprintsafari.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbaerkandmeow.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwildwonlders.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainplayfulupaws.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingalxacticex.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainconstellationfe.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmfeteorolog.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainregullanbalk.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincosmopla.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainquantumuni.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstarfieldsin.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincosmichori.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrittercoorner.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfusrryfables.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwildwmorlds.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastrophysical.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsanugglebud.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintonedanswered.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstellafradv.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwilodlifewhis.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhappyyhowler.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainresignfallk.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkaittenkorner.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainspacetimech.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpiellowbliss.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfurryjourlneys.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkingfdomo.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaininztergalact.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincelestigalp.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvoyeugger.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainanimnalha.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastronav.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintheinterg.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhappyjh.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpawfsandcl.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintailsogfthewild.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastrotg.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfyeredfamily.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpevtparadise.world | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainastralconnec.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.tunep.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaineuroplant.md | ClearFake payload delivery domain (confidence level: 75%) | |
domainwww.m2iapparels.com | ClearFake payload delivery domain (confidence level: 75%) | |
domaincheck.wohur.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincpcalendars.okiamwithtotogames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.viralbookshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.shakdmisab.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainpercent-wing.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaincheck.givus.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebmail.homeaddition.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.homeaddition.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.5bestufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.toriters7.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainprojectbussiness.online | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.gamesoffashion45.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.handufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.foodiesfrenzy.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.takeufagame1111.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainyyhk3.tk10.top | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmin-profil-reaktivier.info | Bashlite botnet C2 domain (confidence level: 100%) | |
domainns.youtubedns.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns01.micr0soft.me.uk | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns02.micr0soft.me.uk | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainprofiles.arkaviaredteam.cl | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaina1100737.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaina1100551.xsph.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainconfig.lierwa.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file155.254.245.47 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.87.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file79.72.19.74 | Havoc botnet C2 server (confidence level: 100%) | |
file201.43.190.174 | Havoc botnet C2 server (confidence level: 100%) | |
file45.204.217.248 | XWorm botnet C2 server (confidence level: 100%) | |
file47.100.16.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.30.250 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.241.208.51 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.161.36.40 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.168.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.169.117.54 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.156.59.110 | Havoc botnet C2 server (confidence level: 100%) | |
file176.65.142.144 | Venom RAT botnet C2 server (confidence level: 100%) | |
file51.12.243.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.6.109.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.137.65.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.87.141.253 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.245.206.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.245.245.133 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.165.213.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.156.42.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.38.250.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.190.60.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.53.160.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.126.114.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.197.78.18 | Tsunami botnet C2 server (confidence level: 75%) | |
file82.156.109.142 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.97.84.155 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file148.113.204.101 | Sliver botnet C2 server (confidence level: 50%) | |
file142.93.68.220 | Sliver botnet C2 server (confidence level: 50%) | |
file144.172.93.70 | Sliver botnet C2 server (confidence level: 50%) | |
file162.120.71.38 | Sliver botnet C2 server (confidence level: 50%) | |
file3.144.157.115 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file176.82.209.133 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.40.156.106 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file34.222.23.99 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file91.4.45.122 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file149.210.92.206 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file15.222.252.97 | BlackShades botnet C2 server (confidence level: 50%) | |
file56.155.32.7 | Unknown malware botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.18 | XWorm botnet C2 server (confidence level: 50%) | |
file196.251.80.231 | Bashlite botnet C2 server (confidence level: 75%) | |
file101.36.127.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.143.243.46 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.74.204.117 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file158.180.232.131 | Havoc botnet C2 server (confidence level: 100%) | |
file35.154.251.234 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file91.209.135.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.138.75.164 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file13.37.237.41 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file54.38.94.225 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file65.109.6.39 | Sliver botnet C2 server (confidence level: 75%) | |
file43.138.15.25 | Meterpreter botnet C2 server (confidence level: 75%) | |
file1.95.13.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.185.221.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file8.152.213.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.24.227.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file52.78.43.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.100.10.177 | Chaos botnet C2 server (confidence level: 100%) | |
file172.105.111.197 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file172.233.26.237 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file193.33.153.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.99.92.190 | RedLine Stealer botnet C2 server (confidence level: 75%) | |
file38.180.136.155 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file123.56.226.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.180.215.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.123.152.40 | Remcos botnet C2 server (confidence level: 100%) | |
file38.68.49.150 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.71.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.71.246 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file178.170.122.145 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.74.21.219 | Venom RAT botnet C2 server (confidence level: 100%) | |
file65.75.211.237 | Kaiji botnet C2 server (confidence level: 100%) | |
file154.127.56.114 | Bashlite botnet C2 server (confidence level: 100%) | |
file184.75.221.171 | Remcos botnet C2 server (confidence level: 100%) | |
file147.185.221.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file185.172.175.147 | XWorm botnet C2 server (confidence level: 75%) | |
file8.137.9.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.199.162.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.99.124.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file191.101.51.7 | Remcos botnet C2 server (confidence level: 100%) | |
file154.205.139.12 | ShadowPad botnet C2 server (confidence level: 90%) | |
file65.109.209.214 | Hook botnet C2 server (confidence level: 100%) | |
file213.209.150.182 | Hook botnet C2 server (confidence level: 100%) | |
file115.74.21.219 | Venom RAT botnet C2 server (confidence level: 100%) | |
file115.74.21.219 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.237.71.237 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.237.71.237 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file212.227.245.12 | MimiKatz botnet C2 server (confidence level: 100%) | |
file111.20.22.33 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file142.93.68.220 | Sliver botnet C2 server (confidence level: 75%) | |
file107.148.47.247 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file172.233.26.237 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file3.64.4.198 | NjRAT botnet C2 server (confidence level: 100%) | |
file146.158.116.151 | NjRAT botnet C2 server (confidence level: 100%) | |
file23.95.246.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.13.62.112 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.113.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.98.56.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.98.56.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file188.166.245.198 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file15.204.236.25 | Quasar RAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash25 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9998 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash14268 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Tsunami botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash243 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash113 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash902 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash20000 | BlackShades botnet C2 server (confidence level: 50%) | |
hash44818 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash32310 | XWorm botnet C2 server (confidence level: 50%) | |
hash13143 | XWorm botnet C2 server (confidence level: 50%) | |
hash839 | Bashlite botnet C2 server (confidence level: 75%) | |
hash9666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3510 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4839 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash3260 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash8893 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash2003 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50619 | NjRAT botnet C2 server (confidence level: 75%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash8181 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8181 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash40919 | RedLine Stealer botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash44444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3191 | Remcos botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash10081 | Kaiji botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash54190 | Remcos botnet C2 server (confidence level: 100%) | |
hash20092 | NjRAT botnet C2 server (confidence level: 75%) | |
hash5555 | XWorm botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash6000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2053 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2403 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash15691 | NjRAT botnet C2 server (confidence level: 100%) | |
hash7655 | NjRAT botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8084 | Quasar RAT botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.henuo.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://192.168.147.131:80/jquery-3.3.1.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://check.jiceo.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.qinah.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://astronav.world/bvvw | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://37.139.129.142/htdocs/asmrqdskmfapfgl.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/wagzfgztkrwncmg.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/jhhcspkiyfanfly.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://109.206.241.81/htdocs/ncdcbrmywczgfzh.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/oyaddrsqprepzdn.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/clwsnxmbrkekqee.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/jtjpsfbrgehowsw.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/dwrtzrdgckiwasl.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/nnmbedlzoxrdjqb.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/csfbnaszlbkdkhr.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://185.219.81.132/4f85e0bfc60adccc/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://185.219.81.135/4175180d6b714647/sqlite3.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://185.219.81.135/4175180d6b714647/vcruntime140.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://185.219.81.135/4175180d6b714647/mozglue.dll | Stealc payload delivery URL (confidence level: 50%) | |
urlhttps://jucnglecrea.bet/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/ftknpnf7 | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/w5ent6vu | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://chimneysickend.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://coderspabradise.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.jilex.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://smartsolutions24.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dsimensio.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://confessnibmle.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.somyq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.kynoc.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.jipuh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://0defaulemot.run/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://5arisechairedd.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hgaragedrootz.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ibegindecafer.world/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://morangemyther.live/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qfostinjec.today/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ddeaddereaste.today/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.cicyb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://billing.shrewsburysocialclub.org/profilelayout | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://check.kacoz.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.xuceb.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://3begindecafer.world/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mbfostinjec.today/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pfostinjec.today/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tbegindecafer.world/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://quantyu.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://areawannte.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://farmtoonnection.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://planestaryo.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sectioarran.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://scientihfichub.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ztechwave.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://soilhewocacy.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pililowease.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://universeho.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://lightyears.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://creathurecove.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crebatureco.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://feathteredf.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://orbeitings.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://puawprintm.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://winnevarid.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://virtualvxinsight.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astrfcalinsights.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://codeevobvlution.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astrogaze.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://huibokoras.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://scalfeandtail.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://qcelestialo.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cueddlycrea.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://animpalaffe.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astrobib.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://animalujnity.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pxawprintsafari.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://baerkandmeow.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wildwonlders.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://playfulupaws.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://galxacticex.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://constellationfe.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://mfeteorolog.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://regullanbalk.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cosmopla.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://quantumuni.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://starfieldsin.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cosmichori.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crittercoorner.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fusrryfables.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wildwmorlds.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astrophysical.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sanugglebud.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tonedanswered.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://stellafradv.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wilodlifewhis.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://happyyhowler.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://resignfallk.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kaittenkorner.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://spacetimech.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://piellowbliss.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://furryjourlneys.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kingfdomo.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://inztergalact.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://celestigalp.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://voyeugger.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://animnalha.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astronav.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://theinterg.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://happyjh.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pawfsandcl.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tailsogfthewild.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astrotg.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fyeredfamily.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pevtparadise.world/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kaiserdome.run/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.tunep.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.wohur.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://070687cm.nyashk.ru/eternalphppolldbgeneratortestuploadsdownloads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://383281cm.nyashk.ru/eternalvideo.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://95.182.122.208/vmtemporary/uploads/publicbasevm/asyncupdatepipe/temp/asynctrackprotonprocess/python/protectlow/javascriptrequestlongpoll.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.givus.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://161.248.87.245:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://117.235.42.77:46582/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://check.jorah.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://virustotalprotect.mygamesonline.org/86a74049.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.gefeq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
Threat ID: 682c7dbce8347ec82d2c3c06
Added to database: 5/20/2025, 1:03:56 PM
Last enriched: 6/19/2025, 3:32:16 PM
Last updated: 8/15/2025, 7:53:18 AM
Views: 17
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.