ThreatFox IOCs for 2025-03-12
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-12
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware-related report titled 'ThreatFox IOCs for 2025-03-12,' sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report is dated March 12, 2025, and is categorized under malware with a medium severity rating. However, no specific affected product versions or detailed technical indicators of compromise (IOCs) are included. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution potential but limited detailed analysis available. The absence of known exploits in the wild and lack of patch links imply that this threat is either newly identified or not yet actively exploited. The classification as 'type:osint' and 'tlp:white' indicates that the information is publicly shareable and derived from open sources, which may limit the depth of technical details. Overall, this report appears to be a preliminary or summary-level notification of malware-related IOCs without granular technical data, limiting the ability to perform deep technical analysis or attribution.
Potential Impact
Given the limited technical details and absence of known active exploitation, the immediate impact on European organizations is likely to be low to medium. However, as the threat is malware-related and has a moderate distribution score, there is potential for disruption if the malware targets widely used systems or critical infrastructure. The lack of specific affected products or versions makes it difficult to assess direct impact vectors. European organizations relying on OSINT tools or platforms similar to ThreatFox for threat intelligence may benefit from early awareness but should remain vigilant. Potential impacts include compromise of confidentiality through data exfiltration, integrity via unauthorized modifications, or availability through disruption of services, depending on the malware’s capabilities once fully understood. The medium severity rating suggests a moderate risk level, warranting attention but not immediate alarm.
Mitigation Recommendations
1. Enhance monitoring of network and endpoint activities for unusual behaviors that may indicate malware presence, focusing on indicators from updated threat intelligence feeds. 2. Regularly update and validate OSINT sources to ensure timely detection of emerging threats. 3. Implement strict access controls and segmentation to limit malware propagation within networks. 4. Conduct targeted user awareness training emphasizing cautious handling of unsolicited files or links, especially those related to OSINT or intelligence sharing platforms. 5. Employ advanced endpoint detection and response (EDR) solutions capable of behavioral analysis to detect unknown or emerging malware variants. 6. Establish incident response procedures that incorporate rapid integration of new IOCs from platforms like ThreatFox. 7. Collaborate with national cybersecurity centers and information sharing organizations to receive localized threat updates and mitigation strategies. These measures go beyond generic advice by emphasizing integration of OSINT-derived intelligence, behavioral detection, and organizational preparedness specific to emerging malware threats.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: check.dovoo.icu
- file: 3.67.15.169
- hash: 15408
- file: 3.124.67.191
- hash: 15408
- domain: john-already.gl.at.ply.gg
- file: 176.65.134.62
- hash: 7777
- file: 196.251.84.191
- hash: 4444
- file: 121.36.61.196
- hash: 80
- file: 179.13.1.59
- hash: 2404
- file: 46.246.82.16
- hash: 8888
- file: 74.120.121.26
- hash: 2502
- file: 161.97.101.53
- hash: 1000
- file: 20.229.219.150
- hash: 443
- file: 51.222.110.148
- hash: 80
- file: 51.222.110.148
- hash: 8089
- file: 177.68.42.191
- hash: 8081
- domain: cpcalendars.newdmkey.xyz
- domain: webmail.cgibusiness.xyz
- domain: webmail.apexhomeimprovement.xyz
- domain: cpcalendars.livebengsnnewz.xyz
- domain: cpanel.sportsfootball.website
- domain: outlook.tekbalam.com
- domain: cpcontacts.handufabetgames.xyz
- domain: cpanel.games777games.xyz
- domain: cpcontacts.techspilotx.website
- file: 185.93.89.137
- hash: 4444
- file: 46.246.82.12
- hash: 8000
- domain: check.vevou.icu
- url: https://check.vevou.icu/gkcxv.google
- url: https://barisechairedd.shop/api
- url: https://corangemyther.live/api
- url: https://vbegindecafer.world/api
- url: https://vfostinjec.today/api
- url: https://ymodelshiverd.icu/api
- domain: data.australiasoutheast.cloudapp.azure.com
- domain: ns01.certis-cisco.click
- domain: ns02.certis-cisco.click
- domain: ns1.svchost.ddns-ip.net
- domain: t1.nestquicks.com
- domain: www.dyshop.online
- file: 122.248.209.34
- hash: 53
- file: 151.236.20.232
- hash: 53
- file: 20.61.175.58
- hash: 53
- file: 44.216.156.161
- hash: 443
- file: 45.192.208.132
- hash: 7777
- file: 47.121.177.253
- hash: 443
- file: 1.94.249.10
- hash: 2000
- file: 139.224.128.227
- hash: 8899
- file: 175.6.135.82
- hash: 9999
- file: 8.155.23.88
- hash: 80
- file: 172.94.9.227
- hash: 5671
- file: 185.130.46.98
- hash: 31337
- file: 89.58.33.52
- hash: 47837
- file: 185.143.243.46
- hash: 103
- file: 20.229.219.78
- hash: 443
- file: 213.209.143.31
- hash: 7443
- file: 86.54.42.182
- hash: 443
- file: 72.145.5.203
- hash: 443
- domain: cpanel.theyestechnewsz.xyz
- domain: cpcalendars.dmhubnewsz.website
- file: 129.146.121.7
- hash: 4449
- file: 194.87.68.172
- hash: 4449
- file: 185.170.154.143
- hash: 80
- file: 35.232.163.8
- hash: 80
- file: 172.245.154.155
- hash: 80
- domain: www.ybrjz.com
- domain: 33.55.141.34.bc.googleusercontent.com
- file: 213.209.143.31
- hash: 8080
- file: 46.246.82.16
- hash: 2000
- file: 31.220.41.207
- hash: 80
- file: 203.115.83.231
- hash: 88
- file: 18.162.210.208
- hash: 60000
- file: 152.70.102.123
- hash: 60000
- file: 23.21.223.216
- hash: 443
- file: 52.14.93.110
- hash: 8082
- file: 13.70.174.137
- hash: 3333
- file: 35.207.251.223
- hash: 8432
- file: 54.191.118.2
- hash: 443
- file: 37.27.181.0
- hash: 3000
- file: 181.32.54.107
- hash: 8080
- file: 110.42.35.211
- hash: 4443
- file: 3.143.156.9
- hash: 8443
- file: 18.206.145.131
- hash: 80
- file: 3.120.66.42
- hash: 80
- file: 3.120.66.42
- hash: 443
- file: 16.171.132.192
- hash: 3333
- file: 54.154.74.193
- hash: 443
- domain: spacevoyag.live
- domain: gdpfsj.com
- file: 64.23.128.110
- hash: 443
- file: 120.24.64.74
- hash: 9443
- file: 107.174.85.150
- hash: 80
- file: 118.25.91.151
- hash: 8086
- file: 124.71.161.5
- hash: 50000
- file: 104.42.27.32
- hash: 443
- file: 39.107.136.241
- hash: 50050
- file: 185.225.226.197
- hash: 50050
- file: 212.56.32.90
- hash: 31337
- file: 223.26.52.223
- hash: 31337
- file: 109.107.175.64
- hash: 31337
- file: 172.236.213.138
- hash: 31337
- file: 129.208.139.65
- hash: 1337
- file: 31.166.106.12
- hash: 8085
- file: 31.166.106.12
- hash: 55553
- file: 90.146.22.211
- hash: 4443
- file: 159.65.4.107
- hash: 4443
- file: 88.31.54.12
- hash: 6001
- file: 13.212.129.108
- hash: 3270
- file: 196.251.71.185
- hash: 80
- file: 121.36.85.26
- hash: 51443
- url: https://www.solana-trending.com/
- url: https://spacevoyag.live/api
- url: http://45.93.20.28/85a1cacf11314eb8.php
- url: http://51.222.110.148/
- file: 70.93.72.15
- hash: 5631
- file: 78.179.254.67
- hash: 1604
- domain: aefuaeufhueuufua.ru
- domain: aefuaeufhueuufuae.top
- domain: aefuaeufhueuufue.top
- domain: aefuaeufhueuufuee.top
- domain: aefuaeufhueuufume.top
- domain: aefuaeufhueuufure.top
- domain: aefuaeufhueuufuz.su
- domain: aegieuueueuuruia.ru
- domain: aegieuueueuuruiae.top
- domain: aegieuueueuuruie.top
- domain: aegieuueueuuruiee.top
- domain: aegieuueueuuruime.top
- domain: aegieuueueuuruire.top
- domain: aegieuueueuuruiz.su
- domain: aeufoeahfouefhga.ru
- domain: aeufoeahfouefhgae.top
- domain: aeufoeahfouefhge.top
- domain: aeufoeahfouefhgee.top
- domain: aeufoeahfouefhgme.top
- domain: aeufoeahfouefhgre.top
- domain: aeufoeahfouefhgz.su
- domain: afieifaieudhhuda.ru
- domain: afieifaieudhhudae.top
- domain: afieifaieudhhude.top
- domain: afieifaieudhhudee.top
- domain: afieifaieudhhudme.top
- domain: afieifaieudhhudre.top
- domain: afieifaieudhhudz.su
- domain: awbnmnmammmamnra.ru
- domain: awbnmnmammmamnrae.top
- domain: awbnmnmammmamnree.top
- domain: awbnmnmammmamnrme.top
- domain: awbnmnmammmamnrre.top
- domain: awbnmnmammmamnrz.su
- domain: awduhawduhuhhaga.ru
- domain: awduhawduhuhhagae.top
- domain: awduhawduhuhhage.top
- domain: awduhawduhuhhagee.top
- domain: awduhawduhuhhagme.top
- domain: awduhawduhuhhagre.top
- domain: awduhawduhuhhagz.su
- domain: azezezbdndnnnsna.ru
- domain: azezezbdndnnnsnae.top
- domain: azezezbdndnnnsne.top
- domain: azezezbdndnnnsnee.top
- domain: azezezbdndnnnsnme.top
- domain: azezezbdndnnnsnre.top
- domain: azezezbdndnnnsnz.su
- domain: badaeduahedhhuaa.ru
- domain: badaeduahedhhuaae.top
- domain: badaeduahedhhuae.top
- domain: badaeduahedhhuaee.top
- domain: badaeduahedhhuame.top
- domain: badaeduahedhhuare.top
- domain: badaeduahedhhuaz.su
- domain: eooeoeoririusfra.ru
- domain: eooeoeoririusfrae.top
- domain: eooeoeoririusfre.top
- domain: eooeoeoririusfree.top
- domain: eooeoeoririusfrme.top
- domain: eooeoeoririusfrre.top
- domain: eooeoeoririusfrz.su
- domain: euauueuueuruudga.ru
- domain: euauueuueuruudgae.top
- domain: euauueuueuruudge.top
- domain: euauueuueuruudgee.top
- domain: euauueuueuruudgme.top
- domain: euauueuueuruudgre.top
- domain: euauueuueuruudgz.su
- domain: eueuqundnndnsuda.ru
- domain: eueuqundnndnsudae.top
- domain: eueuqundnndnsude.top
- domain: eueuqundnndnsudee.top
- domain: eueuqundnndnsudme.top
- domain: eueuqundnndnsudre.top
- domain: eueuqundnndnsudz.su
- domain: euuauudduufuuguae.top
- domain: euuauudduufuugue.top
- domain: euuauudduufuuguee.top
- domain: euuauudduufuugume.top
- domain: euuauudduufuugure.top
- domain: euuauudduufuuguz.su
- domain: fauibdbebdbburua.ru
- domain: fauibdbebdbburuae.top
- domain: fauibdbebdbburue.top
- domain: fauibdbebdbburuee.top
- domain: fauibdbebdbburume.top
- domain: fauibdbebdbburure.top
- domain: fauibdbebdbburuz.su
- domain: nbmbnmbembfaeura.ru
- domain: nbmbnmbembfaeurae.top
- domain: nbmbnmbembfaeure.top
- domain: nbmbnmbembfaeuree.top
- domain: nbmbnmbembfaeurme.top
- domain: nbmbnmbembfaeurre.top
- domain: nbmbnmbembfaeurz.su
- domain: ploaiedueaigzefa.ru
- domain: ploaiedueaigzefae.top
- domain: ploaiedueaigzefe.top
- domain: ploaiedueaigzefee.top
- domain: ploaiedueaigzefme.top
- domain: ploaiedueaigzefre.top
- domain: ploaiedueaigzefz.su
- url: http://aefuaeufhueuufua.ru/
- url: http://aefuaeufhueuufuae.top/
- url: http://aefuaeufhueuufue.top/
- url: http://aefuaeufhueuufuee.top/
- url: http://aefuaeufhueuufume.top/
- url: http://aefuaeufhueuufure.top/
- url: http://aefuaeufhueuufuz.su/
- url: http://aegieuueueuuruia.ru/
- url: http://aegieuueueuuruiae.top/
- url: http://aegieuueueuuruie.top/
- url: http://aegieuueueuuruiee.top/
- url: http://aegieuueueuuruime.top/
- url: http://aegieuueueuuruire.top/
- url: http://aegieuueueuuruiz.su/
- url: http://aeufoeahfouefhga.ru/
- url: http://aeufoeahfouefhgae.top/
- url: http://aeufoeahfouefhge.top/
- url: http://aeufoeahfouefhgee.top/
- url: http://aeufoeahfouefhgme.top/
- url: http://aeufoeahfouefhgre.top/
- url: http://aeufoeahfouefhgz.su/
- url: http://afieifaieudhhuda.ru/
- url: http://afieifaieudhhudae.top/
- url: http://afieifaieudhhude.top/
- url: http://afieifaieudhhudee.top/
- url: http://afieifaieudhhudme.top/
- url: http://afieifaieudhhudre.top/
- url: http://afieifaieudhhudz.su/
- url: http://awbnmnmammmamnra.ru/
- url: http://awbnmnmammmamnrae.top/
- url: http://awbnmnmammmamnre.top/
- url: http://awbnmnmammmamnree.top/
- url: http://awbnmnmammmamnrme.top/
- url: http://awbnmnmammmamnrre.top/
- url: http://awbnmnmammmamnrz.su/
- url: http://awduhawduhuhhaga.ru/
- url: http://awduhawduhuhhagae.top/
- url: http://awduhawduhuhhage.top/
- url: http://awduhawduhuhhagee.top/
- url: http://awduhawduhuhhagme.top/
- url: http://awduhawduhuhhagre.top/
- url: http://awduhawduhuhhagz.su/
- url: http://azezezbdndnnnsna.ru/
- url: http://azezezbdndnnnsnae.top/
- url: http://azezezbdndnnnsne.top/
- url: http://azezezbdndnnnsnee.top/
- url: http://azezezbdndnnnsnme.top/
- url: http://azezezbdndnnnsnre.top/
- url: http://azezezbdndnnnsnz.su/
- url: http://badaeduahedhhuaa.ru/
- url: http://badaeduahedhhuaae.top/
- url: http://badaeduahedhhuae.top/
- url: http://badaeduahedhhuaee.top/
- url: http://badaeduahedhhuame.top/
- url: http://badaeduahedhhuare.top/
- url: http://badaeduahedhhuaz.su/
- url: http://eooeoeoririusfra.ru/
- url: http://eooeoeoririusfrae.top/
- url: http://eooeoeoririusfre.top/
- url: http://eooeoeoririusfree.top/
- url: http://eooeoeoririusfrme.top/
- url: http://eooeoeoririusfrre.top/
- url: http://eooeoeoririusfrz.su/
- url: http://euauueuueuruudga.ru/
- url: http://euauueuueuruudgae.top/
- url: http://euauueuueuruudge.top/
- url: http://euauueuueuruudgee.top/
- url: http://euauueuueuruudgme.top/
- url: http://euauueuueuruudgre.top/
- url: http://euauueuueuruudgz.su/
- url: http://eueuqundnndnsuda.ru/
- url: http://eueuqundnndnsudae.top/
- url: http://eueuqundnndnsude.top/
- url: http://eueuqundnndnsudee.top/
- url: http://eueuqundnndnsudme.top/
- url: http://eueuqundnndnsudre.top/
- url: http://eueuqundnndnsudz.su/
- url: http://euuauudduufuugua.ru/
- url: http://euuauudduufuuguae.top/
- url: http://euuauudduufuugue.top/
- url: http://euuauudduufuuguee.top/
- url: http://euuauudduufuugume.top/
- url: http://euuauudduufuugure.top/
- url: http://euuauudduufuuguz.su/
- url: http://fauibdbebdbburua.ru/
- url: http://fauibdbebdbburuae.top/
- url: http://fauibdbebdbburue.top/
- url: http://fauibdbebdbburuee.top/
- url: http://fauibdbebdbburume.top/
- url: http://fauibdbebdbburure.top/
- url: http://fauibdbebdbburuz.su/
- url: http://nbmbnmbembfaeura.ru/
- url: http://nbmbnmbembfaeurae.top/
- url: http://nbmbnmbembfaeure.top/
- url: http://nbmbnmbembfaeuree.top/
- url: http://nbmbnmbembfaeurme.top/
- url: http://nbmbnmbembfaeurre.top/
- url: http://nbmbnmbembfaeurz.su/
- url: http://ploaiedueaigzefa.ru/
- url: http://ploaiedueaigzefae.top/
- url: http://ploaiedueaigzefe.top/
- url: http://ploaiedueaigzefee.top/
- url: http://ploaiedueaigzefme.top/
- url: http://ploaiedueaigzefre.top/
- url: http://ploaiedueaigzefz.su/
- url: http://tldrbox.top/
- url: http://tldrbox.ws/
- domain: vonaxol8813-29999.portmap.host
- domain: angel182394.ru
- domain: angel32423.ru
- domain: document-wonderful.gl.at.ply.gg
- domain: means-meta.gl.at.ply.gg
- domain: gentlbecomfort.world
- domain: booking-sup-lang-eng.com
- url: http://f1099947.xsph.ru/l1nc0in.php
- domain: check.didey.icu
- file: 78.47.63.132
- hash: 443
- url: https://check.didey.icu/gkcxv.google
- domain: t.formaxprime.co.uk
- domain: check.zeboa.icu
- url: https://check.zeboa.icu/gkcxv.google
- file: 8.138.195.42
- hash: 81
- file: 47.112.118.101
- hash: 1234
- file: 47.100.176.218
- hash: 7777
- file: 116.251.216.119
- hash: 8080
- file: 124.221.41.140
- hash: 5555
- file: 113.45.186.163
- hash: 6666
- file: 39.105.31.188
- hash: 8888
- file: 163.5.32.138
- hash: 5050
- file: 163.5.32.138
- hash: 7070
- file: 179.60.149.72
- hash: 31337
- file: 64.176.50.187
- hash: 8443
- file: 176.65.144.32
- hash: 6606
- file: 176.65.144.32
- hash: 7707
- file: 20.229.219.27
- hash: 443
- domain: halvanebrat.shop
- file: 51.21.171.165
- hash: 443
- file: 43.128.147.70
- hash: 443
- domain: cpcontacts.sports777games.com
- file: 138.199.216.110
- hash: 81
- domain: cpcalendars.shalownewsbooks.com
- domain: webmail.bigmedianetwrk.com
- domain: cpcontacts.whartpzz.com
- domain: webdisk.totobestliv.com
- file: 196.251.71.169
- hash: 2000
- file: 91.184.250.143
- hash: 80
- domain: check.hixya.icu
- url: https://check.hixya.icu/gkcxv.google
- file: 159.118.225.122
- hash: 8443
- file: 180.76.172.12
- hash: 8888
- file: 62.60.148.72
- hash: 443
- file: 8.48.85.83
- hash: 4506
- file: 81.177.215.62
- hash: 8443
- domain: check.baruy.icu
- url: https://check.baruy.icu/gkcxv.google
- url: http://a1099965.xsph.ru/b9d82bda.php
- file: 81.19.131.86
- hash: 6856
- domain: wormbit.ydns.eu
- file: 45.154.98.113
- hash: 23101
- domain: realsw.mooo.com
- domain: realws.ydns.eu
- domain: realsw.strangled.net
- domain: realsw.ydns.eu
- domain: realsw.jumpingcrab.com
- file: 185.111.159.87
- hash: 7000
- url: https://steamcommunity.com/profiles/76561199832267488
- url: https://t.me/g_etcontent
- url: https://p.p.formaxprime.co.uk/
- url: https://t.formaxprime.co.uk/
- url: https://159.69.103.88/
- url: https://95.217.31.199/
- domain: p.p.formaxprime.co.uk
- file: 159.69.103.88
- hash: 443
- file: 95.217.31.199
- hash: 443
- url: https://menuedgarli.shop/api
- url: https://9hfeatureccus.shop/api
- url: https://mjowinjoinery.icu/api
- url: https://check.pekyy.icu/gkcxv.google
- file: 148.66.2.198
- hash: 80
- file: 1.94.226.40
- hash: 80
- file: 148.66.2.194
- hash: 80
- file: 47.94.13.75
- hash: 8888
- file: 176.65.140.174
- hash: 8090
- file: 192.121.162.90
- hash: 443
- file: 64.52.80.165
- hash: 8080
- file: 46.246.82.12
- hash: 1000
- file: 176.65.144.28
- hash: 7707
- file: 176.65.144.28
- hash: 8808
- file: 176.65.144.28
- hash: 6606
- file: 176.65.142.245
- hash: 888
- domain: cityscapea.run
- file: 20.83.166.168
- hash: 443
- file: 20.229.219.79
- hash: 443
- file: 20.191.194.222
- hash: 8089
- file: 3.0.27.202
- hash: 80
- file: 172.205.115.95
- hash: 443
- file: 185.43.5.227
- hash: 443
- domain: cpcalendars.newzofnetworksera.com
- domain: webmail.bestnewznetworks.com
- file: 195.82.146.19
- hash: 8080
- file: 47.243.184.85
- hash: 80
- file: 171.35.163.120
- hash: 88
- domain: artemcd9.beget.tech
- domain: sweetmdreampillow.today
- domain: menuedgarli.shop
- domain: kbracketba.shop
- file: 148.66.2.197
- hash: 80
- domain: backup.timebrokepush.com
- domain: gov.nic-in.com
- file: 107.148.37.106
- hash: 443
- url: https://sweetmdreampillow.today/api
- file: 196.251.84.191
- hash: 80
- file: 20.61.175.58
- hash: 8443
- url: https://kbracketba.shop/api
- url: https://doodstream.shop/files/original.js
- url: https://doodstream.shop/files/index.php
- url: https://doodstream.shop/files/fis.php
- url: https://pro.fivepathways.com/kbdtam99.zip
- url: https://check.tefee.icu/gkcxv.google
- file: 1.92.142.27
- hash: 443
- file: 148.66.2.196
- hash: 80
- file: 148.66.2.195
- hash: 80
- file: 43.138.54.95
- hash: 80
- file: 62.171.159.81
- hash: 5671
- file: 44.222.138.160
- hash: 443
- file: 88.175.108.174
- hash: 49153
- file: 186.169.89.221
- hash: 11103
- file: 161.97.101.53
- hash: 2003
- file: 64.52.80.165
- hash: 443
- file: 64.52.80.165
- hash: 4444
- domain: market-lum.fun
- file: 176.97.67.5
- hash: 8089
- file: 20.191.194.222
- hash: 3000
- file: 159.223.73.228
- hash: 80
- file: 176.65.142.71
- hash: 4449
- file: 18.170.115.178
- hash: 20548
- file: 15.168.15.67
- hash: 35203
- file: 15.168.15.67
- hash: 35753
- url: http://justcreature.com/forum/viewtopic.php
- url: http://justmonster.com/forum/viewtopic.php
- url: http://45.93.20.224/pndj30vs11/index.php
- url: http://snailsflesh.xyz/lod.php
- url: http://snailsflesh.xyz/dol.php
- url: http://massminister.icu/she.php
- url: https://webinspisrve.icu/api
- url: http://109.163.229.3/rm/gate.php
- url: http://150.241.105.82/api/owusodesn2qsytasytmsogesogmsotusnmisodis
- url: http://77.105.164.40/api/owusodesn2qsytasytmsogesogmsotusnmisodis
- url: http://94.156.114.56/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
- url: http://213.176.73.80/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
- file: 45.93.20.224
- hash: 80
- url: https://sjowinjoinery.icu/api
- domain: 7paa3sg1yhyax.cfc-execute.bj.baidubce.com
- file: 47.92.205.12
- hash: 443
- file: 47.92.205.12
- hash: 80
- domain: crosshairc.life/danjhw
- file: 18.166.29.195
- hash: 443
- file: 172.111.137.68
- hash: 1962
- file: 176.65.140.64
- hash: 8808
- file: 207.231.111.146
- hash: 2106
- file: 20.229.219.84
- hash: 443
- file: 4.221.185.235
- hash: 7443
- file: 52.169.163.36
- hash: 80
- domain: cpcontacts.fortnewzoutlooks.xyz
- domain: cpcontacts.onebusinessportal.xyz
- domain: ip70-185-170-81.mc.at.cox.net
- domain: webmail.newzmediaworld.xyz
- domain: company.fithiphealthy.com
- domain: cpcalendars.wealthwrknetwork.xyz
- domain: cpcalendars.dmustkpoint.xyz
- domain: webdisk.modegenerlshub.xyz
- domain: webdisk.gamesandufabetpro.website
- domain: webdisk.bsttoolswx.xyz
- domain: cpcalendars.fastnewclub.xyz
- domain: cpcalendars.ufabets.website
- domain: cpanel.fivetopbusiness.xyz
- domain: cpcalendars.ufabetandcasinos.website
- domain: webdisk.domizmusk.website
- url: http://aldierifs.com/woxo/panel/gate.php
- domain: jsfiles-bqq.pages.dev
- domain: bbb1-9we.pages.dev
- domain: items.kycc-camera.shop
- url: https://check.fesuy.icu/gkcxv.google
- url: https://7menuedgarli.shop/api
- file: 157.245.194.205
- hash: 8443
- file: 195.49.25.226
- hash: 443
- file: 45.61.136.204
- hash: 443
- file: 207.231.111.146
- hash: 1996
- file: 207.231.111.146
- hash: 6666
- file: 207.231.111.146
- hash: 7777
- url: https://citydisco.bet/api
- url: https://vrfeatureccus.shop/api
- file: 47.83.166.243
- hash: 443
ThreatFox IOCs for 2025-03-12
Medium
Published: Wed Mar 12 2025 (03/12/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-12
AI-Powered Analysis
AILast updated: 06/19/2025, 15:19:59 UTC
Technical Analysis
The provided threat intelligence relates to a malware-related report titled 'ThreatFox IOCs for 2025-03-12,' sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report is dated March 12, 2025, and is categorized under malware with a medium severity rating. However, no specific affected product versions or detailed technical indicators of compromise (IOCs) are included. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate distribution potential but limited detailed analysis available. The absence of known exploits in the wild and lack of patch links imply that this threat is either newly identified or not yet actively exploited. The classification as 'type:osint' and 'tlp:white' indicates that the information is publicly shareable and derived from open sources, which may limit the depth of technical details. Overall, this report appears to be a preliminary or summary-level notification of malware-related IOCs without granular technical data, limiting the ability to perform deep technical analysis or attribution.
Potential Impact
Given the limited technical details and absence of known active exploitation, the immediate impact on European organizations is likely to be low to medium. However, as the threat is malware-related and has a moderate distribution score, there is potential for disruption if the malware targets widely used systems or critical infrastructure. The lack of specific affected products or versions makes it difficult to assess direct impact vectors. European organizations relying on OSINT tools or platforms similar to ThreatFox for threat intelligence may benefit from early awareness but should remain vigilant. Potential impacts include compromise of confidentiality through data exfiltration, integrity via unauthorized modifications, or availability through disruption of services, depending on the malware’s capabilities once fully understood. The medium severity rating suggests a moderate risk level, warranting attention but not immediate alarm.
Mitigation Recommendations
1. Enhance monitoring of network and endpoint activities for unusual behaviors that may indicate malware presence, focusing on indicators from updated threat intelligence feeds. 2. Regularly update and validate OSINT sources to ensure timely detection of emerging threats. 3. Implement strict access controls and segmentation to limit malware propagation within networks. 4. Conduct targeted user awareness training emphasizing cautious handling of unsolicited files or links, especially those related to OSINT or intelligence sharing platforms. 5. Employ advanced endpoint detection and response (EDR) solutions capable of behavioral analysis to detect unknown or emerging malware variants. 6. Establish incident response procedures that incorporate rapid integration of new IOCs from platforms like ThreatFox. 7. Collaborate with national cybersecurity centers and information sharing organizations to receive localized threat updates and mitigation strategies. These measures go beyond generic advice by emphasizing integration of OSINT-derived intelligence, behavioral detection, and organizational preparedness specific to emerging malware threats.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 6c0354d7-d5df-4ddb-9605-320c9562d99f
- Original Timestamp
- 1741824188
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.dovoo.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainjohn-already.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domaincpcalendars.newdmkey.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.cgibusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.apexhomeimprovement.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.livebengsnnewz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.sportsfootball.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainoutlook.tekbalam.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.handufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.games777games.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.techspilotx.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.vevou.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindata.australiasoutheast.cloudapp.azure.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns01.certis-cisco.click | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns02.certis-cisco.click | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.svchost.ddns-ip.net | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaint1.nestquicks.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwww.dyshop.online | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincpanel.theyestechnewsz.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.dmhubnewsz.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwww.ybrjz.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain33.55.141.34.bc.googleusercontent.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainspacevoyag.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingdpfsj.com | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainaefuaeufhueuufua.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaefuaeufhueuufuae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaefuaeufhueuufue.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaefuaeufhueuufuee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaefuaeufhueuufume.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaefuaeufhueuufure.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaefuaeufhueuufuz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruia.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruiae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruie.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruiee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruime.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruire.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaegieuueueuuruiz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhga.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhgae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhge.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhgee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhgme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhgre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainaeufoeahfouefhgz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhuda.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhudae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhude.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhudee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhudme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhudre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainafieifaieudhhudz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnra.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnrae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnree.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnrme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnrre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnrz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhaga.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhagae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhage.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhagee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhagme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhagre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainawduhawduhuhhagz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsna.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsnae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsne.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsnee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsnme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsnre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainazezezbdndnnnsnz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuaa.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuaae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuaee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuame.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuare.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainbadaeduahedhhuaz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfra.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfrae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfree.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfrme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfrre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineooeoeoririusfrz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudga.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudgae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudge.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudgee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudgme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudgre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuauueuueuruudgz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsuda.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsudae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsude.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsudee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsudme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsudre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineueuqundnndnsudz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuuauudduufuuguae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuuauudduufuugue.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuuauudduufuuguee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuuauudduufuugume.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuuauudduufuugure.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domaineuuauudduufuuguz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburua.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburuae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburue.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburuee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburume.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburure.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainfauibdbebdbburuz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeura.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeurae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeure.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeuree.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeurme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeurre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainnbmbnmbembfaeurz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefa.ru | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefae.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefe.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefee.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefme.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainploaiedueaigzefz.su | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainvonaxol8813-29999.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainangel182394.ru | Remcos botnet C2 domain (confidence level: 50%) | |
domainangel32423.ru | Remcos botnet C2 domain (confidence level: 50%) | |
domaindocument-wonderful.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmeans-meta.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaingentlbecomfort.world | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbooking-sup-lang-eng.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domaincheck.didey.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaint.formaxprime.co.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domaincheck.zeboa.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainhalvanebrat.shop | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.sports777games.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.shalownewsbooks.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.bigmedianetwrk.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.whartpzz.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.totobestliv.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.hixya.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.baruy.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwormbit.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainrealsw.mooo.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainrealws.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainrealsw.strangled.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainrealsw.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainrealsw.jumpingcrab.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainp.p.formaxprime.co.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domaincityscapea.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.newzofnetworksera.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.bestnewznetworks.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainartemcd9.beget.tech | DCRat botnet C2 domain (confidence level: 100%) | |
domainsweetmdreampillow.today | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmenuedgarli.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkbracketba.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbackup.timebrokepush.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaingov.nic-in.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainmarket-lum.fun | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domain7paa3sg1yhyax.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincrosshairc.life/danjhw | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.fortnewzoutlooks.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.onebusinessportal.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainip70-185-170-81.mc.at.cox.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.newzmediaworld.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincompany.fithiphealthy.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.wealthwrknetwork.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.dmustkpoint.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.modegenerlshub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.gamesandufabetpro.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.bsttoolswx.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.fastnewclub.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.ufabets.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.fivetopbusiness.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.ufabetandcasinos.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.domizmusk.website | Havoc botnet C2 domain (confidence level: 100%) | |
domainjsfiles-bqq.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainbbb1-9we.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainitems.kycc-camera.shop | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file3.67.15.169 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.124.67.191 | NjRAT botnet C2 server (confidence level: 75%) | |
file176.65.134.62 | Mirai botnet C2 server (confidence level: 75%) | |
file196.251.84.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.36.61.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.13.1.59 | Remcos botnet C2 server (confidence level: 100%) | |
file46.246.82.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file74.120.121.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.97.101.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.229.219.150 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.222.110.148 | Hook botnet C2 server (confidence level: 100%) | |
file51.222.110.148 | Hook botnet C2 server (confidence level: 100%) | |
file177.68.42.191 | Havoc botnet C2 server (confidence level: 100%) | |
file185.93.89.137 | Venom RAT botnet C2 server (confidence level: 100%) | |
file46.246.82.12 | DCRat botnet C2 server (confidence level: 100%) | |
file122.248.209.34 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file151.236.20.232 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file20.61.175.58 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file44.216.156.161 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.192.208.132 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.121.177.253 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.249.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.224.128.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.6.135.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.155.23.88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.9.227 | Remcos botnet C2 server (confidence level: 100%) | |
file185.130.46.98 | Sliver botnet C2 server (confidence level: 100%) | |
file89.58.33.52 | Sliver botnet C2 server (confidence level: 100%) | |
file185.143.243.46 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.229.219.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.209.143.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file86.54.42.182 | Havoc botnet C2 server (confidence level: 100%) | |
file72.145.5.203 | Havoc botnet C2 server (confidence level: 100%) | |
file129.146.121.7 | Venom RAT botnet C2 server (confidence level: 100%) | |
file194.87.68.172 | Venom RAT botnet C2 server (confidence level: 100%) | |
file185.170.154.143 | Stealc botnet C2 server (confidence level: 100%) | |
file35.232.163.8 | MimiKatz botnet C2 server (confidence level: 100%) | |
file172.245.154.155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file213.209.143.31 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.82.16 | DCRat botnet C2 server (confidence level: 100%) | |
file31.220.41.207 | Ares botnet C2 server (confidence level: 90%) | |
file203.115.83.231 | BlackNET RAT botnet C2 server (confidence level: 100%) | |
file18.162.210.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.70.102.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.21.223.216 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.14.93.110 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.70.174.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.207.251.223 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.191.118.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.27.181.0 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.32.54.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.42.35.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.143.156.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.206.145.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.120.66.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.120.66.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.132.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.154.74.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.23.128.110 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file120.24.64.74 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file107.174.85.150 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file118.25.91.151 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file124.71.161.5 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file104.42.27.32 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file39.107.136.241 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file185.225.226.197 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file212.56.32.90 | Sliver botnet C2 server (confidence level: 50%) | |
file223.26.52.223 | Sliver botnet C2 server (confidence level: 50%) | |
file109.107.175.64 | Sliver botnet C2 server (confidence level: 50%) | |
file172.236.213.138 | Sliver botnet C2 server (confidence level: 50%) | |
file129.208.139.65 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file31.166.106.12 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file31.166.106.12 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file90.146.22.211 | Unknown malware botnet C2 server (confidence level: 50%) | |
file159.65.4.107 | Unknown malware botnet C2 server (confidence level: 50%) | |
file88.31.54.12 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file13.212.129.108 | BlackShades botnet C2 server (confidence level: 50%) | |
file196.251.71.185 | Hook botnet C2 server (confidence level: 50%) | |
file121.36.85.26 | Unknown malware botnet C2 server (confidence level: 50%) | |
file70.93.72.15 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file78.179.254.67 | DarkComet botnet C2 server (confidence level: 50%) | |
file78.47.63.132 | Vidar botnet C2 server (confidence level: 75%) | |
file8.138.195.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.112.118.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.100.176.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.251.216.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.41.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.186.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.31.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file163.5.32.138 | Remcos botnet C2 server (confidence level: 100%) | |
file163.5.32.138 | Remcos botnet C2 server (confidence level: 100%) | |
file179.60.149.72 | Sliver botnet C2 server (confidence level: 100%) | |
file64.176.50.187 | ShadowPad botnet C2 server (confidence level: 90%) | |
file176.65.144.32 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.32 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.229.219.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.21.171.165 | Havoc botnet C2 server (confidence level: 100%) | |
file43.128.147.70 | Havoc botnet C2 server (confidence level: 100%) | |
file138.199.216.110 | Havoc botnet C2 server (confidence level: 100%) | |
file196.251.71.169 | DCRat botnet C2 server (confidence level: 100%) | |
file91.184.250.143 | Bashlite botnet C2 server (confidence level: 100%) | |
file159.118.225.122 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file180.76.172.12 | Sliver botnet C2 server (confidence level: 75%) | |
file62.60.148.72 | DanaBot botnet C2 server (confidence level: 75%) | |
file8.48.85.83 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file81.177.215.62 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file81.19.131.86 | Remcos botnet C2 server (confidence level: 75%) | |
file45.154.98.113 | Remcos botnet C2 server (confidence level: 75%) | |
file185.111.159.87 | XWorm botnet C2 server (confidence level: 75%) | |
file159.69.103.88 | Vidar botnet C2 server (confidence level: 100%) | |
file95.217.31.199 | Vidar botnet C2 server (confidence level: 100%) | |
file148.66.2.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.226.40 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.94.13.75 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.140.174 | Remcos botnet C2 server (confidence level: 100%) | |
file192.121.162.90 | ShadowPad botnet C2 server (confidence level: 90%) | |
file64.52.80.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.246.82.12 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.83.166.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.229.219.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.191.194.222 | Hook botnet C2 server (confidence level: 100%) | |
file3.0.27.202 | Hook botnet C2 server (confidence level: 100%) | |
file172.205.115.95 | Havoc botnet C2 server (confidence level: 100%) | |
file185.43.5.227 | Havoc botnet C2 server (confidence level: 100%) | |
file195.82.146.19 | DCRat botnet C2 server (confidence level: 100%) | |
file47.243.184.85 | Nimplant botnet C2 server (confidence level: 100%) | |
file171.35.163.120 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file148.66.2.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.148.37.106 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file196.251.84.191 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file20.61.175.58 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file1.92.142.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.138.54.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.171.159.81 | Remcos botnet C2 server (confidence level: 100%) | |
file44.222.138.160 | Sliver botnet C2 server (confidence level: 100%) | |
file88.175.108.174 | Sliver botnet C2 server (confidence level: 100%) | |
file186.169.89.221 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.97.101.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.52.80.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.52.80.165 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.97.67.5 | Hook botnet C2 server (confidence level: 100%) | |
file20.191.194.222 | Hook botnet C2 server (confidence level: 100%) | |
file159.223.73.228 | Havoc botnet C2 server (confidence level: 100%) | |
file176.65.142.71 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.170.115.178 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.168.15.67 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file15.168.15.67 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.93.20.224 | Amadey botnet C2 server (confidence level: 50%) | |
file47.92.205.12 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.205.12 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file18.166.29.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.137.68 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.140.64 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file207.231.111.146 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.229.219.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.221.185.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.169.163.36 | Havoc botnet C2 server (confidence level: 100%) | |
file157.245.194.205 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file195.49.25.226 | BianLian botnet C2 server (confidence level: 75%) | |
file45.61.136.204 | DanaBot botnet C2 server (confidence level: 75%) | |
file207.231.111.146 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file207.231.111.146 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file207.231.111.146 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file47.83.166.243 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash15408 | NjRAT botnet C2 server (confidence level: 75%) | |
hash15408 | NjRAT botnet C2 server (confidence level: 75%) | |
hash7777 | Mirai botnet C2 server (confidence level: 75%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2502 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8081 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8000 | DCRat botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8899 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5671 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash47837 | Sliver botnet C2 server (confidence level: 100%) | |
hash103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash2000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Ares botnet C2 server (confidence level: 90%) | |
hash88 | BlackNET RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8432 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8086 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50000 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1337 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash8085 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash55553 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash3270 | BlackShades botnet C2 server (confidence level: 50%) | |
hash80 | Hook botnet C2 server (confidence level: 50%) | |
hash51443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5631 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash443 | Vidar botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5050 | Remcos botnet C2 server (confidence level: 100%) | |
hash7070 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash81 | Havoc botnet C2 server (confidence level: 100%) | |
hash2000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash6856 | Remcos botnet C2 server (confidence level: 75%) | |
hash23101 | Remcos botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 90%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Nimplant botnet C2 server (confidence level: 100%) | |
hash88 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5671 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash49153 | Sliver botnet C2 server (confidence level: 100%) | |
hash11103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash3000 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash20548 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash35203 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash35753 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1962 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash443 | BianLian botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash1996 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.vevou.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://barisechairedd.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://corangemyther.live/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vbegindecafer.world/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vfostinjec.today/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ymodelshiverd.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://www.solana-trending.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://spacevoyag.live/api | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://45.93.20.28/85a1cacf11314eb8.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://51.222.110.148/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufua.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufuae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufue.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufuee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufume.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufure.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aefuaeufhueuufuz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruia.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruiae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruie.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruiee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruime.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruire.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aegieuueueuuruiz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhga.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhgae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhge.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhgee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhgme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhgre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://aeufoeahfouefhgz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhuda.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhudae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhude.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhudee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhudme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhudre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://afieifaieudhhudz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnra.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnrae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnree.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnrme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnrre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awbnmnmammmamnrz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhaga.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhagae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhage.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhagee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhagme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhagre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://awduhawduhuhhagz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsna.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsnae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsne.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsnee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsnme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsnre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://azezezbdndnnnsnz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuaa.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuaae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuaee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuame.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuare.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://badaeduahedhhuaz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfra.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfrae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfree.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfrme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfrre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eooeoeoririusfrz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudga.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudgae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudge.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudgee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudgme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudgre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euauueuueuruudgz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsuda.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsudae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsude.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsudee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsudme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsudre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://eueuqundnndnsudz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuugua.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuuguae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuugue.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuuguee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuugume.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuugure.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://euuauudduufuuguz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburua.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburuae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburue.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburuee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburume.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburure.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://fauibdbebdbburuz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeura.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeurae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeure.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeuree.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeurme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeurre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://nbmbnmbembfaeurz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefa.ru/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefae.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefe.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefee.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefme.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefre.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://ploaiedueaigzefz.su/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://tldrbox.top/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://tldrbox.ws/ | Phorpiex botnet C2 (confidence level: 50%) | |
urlhttp://f1099947.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://check.didey.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.zeboa.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.hixya.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.baruy.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://a1099965.xsph.ru/b9d82bda.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://steamcommunity.com/profiles/76561199832267488 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/g_etcontent | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://p.p.formaxprime.co.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.formaxprime.co.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://159.69.103.88/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://95.217.31.199/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://menuedgarli.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://9hfeatureccus.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mjowinjoinery.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.pekyy.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://sweetmdreampillow.today/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://kbracketba.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://doodstream.shop/files/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://doodstream.shop/files/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://doodstream.shop/files/fis.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://pro.fivepathways.com/kbdtam99.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.tefee.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://justcreature.com/forum/viewtopic.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://justmonster.com/forum/viewtopic.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://45.93.20.224/pndj30vs11/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://snailsflesh.xyz/lod.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://snailsflesh.xyz/dol.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://massminister.icu/she.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://webinspisrve.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://109.163.229.3/rm/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://150.241.105.82/api/owusodesn2qsytasytmsogesogmsotusnmisodis | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttp://77.105.164.40/api/owusodesn2qsytasytmsogesogmsotusnmisodis | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttp://94.156.114.56/api/ytasodysodisowqsytesodgsotasotusnjusn2qs | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttp://213.176.73.80/api/ytasodysodisowqsytesodgsotasotusnjusn2qs | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://sjowinjoinery.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://aldierifs.com/woxo/panel/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttps://check.fesuy.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://7menuedgarli.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://citydisco.bet/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vrfeatureccus.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7db8e8347ec82d2c2ecb
Added to database: 5/20/2025, 1:03:52 PM
Last enriched: 6/19/2025, 3:19:59 PM
Last updated: 8/13/2025, 2:05:09 PM
Views: 19
Related Threats
ThreatFox IOCs for 2025-08-14
MediumMalwareFri Aug 15 2025
On Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware
MediumMalwareThu Aug 14 2025
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
MediumMalwareThu Aug 14 2025
PhantomCard: New NFC-driven Android malware emerging in Brazil
MediumMalwareThu Aug 14 2025
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.