ThreatFox IOCs for 2025-03-14
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-14
AI Analysis
Technical Summary
The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is documented in the ThreatFox MISP Feed dated March 14, 2025, and is tagged with TLP:WHITE, indicating it is intended for wide distribution and sharing. However, the details are sparse: no specific affected software versions are listed, no known exploits are reported in the wild, and no patch is available. The threat level is indicated as 2 on an unspecified scale, with distribution rated at 3, suggesting moderate spread potential. The absence of concrete indicators of compromise (IOCs) and technical details limits the ability to precisely characterize the malware's behavior, infection vectors, or payload specifics. The classification under OSINT and payload delivery implies that the threat may involve gathering intelligence from open sources to facilitate or enhance payload delivery mechanisms, possibly through network-based activities such as command and control communications or data exfiltration. Given the lack of CWE identifiers and exploit details, this appears to be an emerging or low-profile malware threat with moderate severity, primarily serving as an intelligence or reconnaissance tool that could precede more damaging attacks.
Potential Impact
For European organizations, the impact of this threat could manifest in several ways. As the malware involves payload delivery and network activity, it may enable unauthorized access, data exfiltration, or lateral movement within networks. The OSINT component suggests attackers might leverage publicly available information to tailor attacks, increasing their effectiveness. Although no known exploits are currently active, the presence of such malware could facilitate espionage, intellectual property theft, or disruption of services. Sectors with high-value data or critical infrastructure, such as finance, energy, healthcare, and government, could be particularly targeted. The medium severity rating indicates that while immediate catastrophic damage is unlikely, the threat could serve as a foothold for more severe attacks, potentially compromising confidentiality and integrity of sensitive data. The lack of patches or specific mitigations means organizations must rely on detection and prevention strategies to mitigate risks.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing detection and prevention capabilities. Organizations should implement advanced network monitoring to identify unusual outbound traffic patterns indicative of payload delivery or command and control communications. Employing threat intelligence feeds, including updates from ThreatFox and MISP, can help identify emerging IOCs as they become available. Regularly updating and hardening endpoint protection solutions to detect malware behaviors associated with OSINT gathering and payload delivery is critical. Network segmentation can limit lateral movement if infection occurs. Additionally, conducting employee training to recognize phishing or social engineering attempts that may serve as initial infection vectors is essential. Since no patch exists, organizations should prioritize incident response readiness, including maintaining up-to-date backups and establishing clear protocols for containment and eradication. Collaborating with national cybersecurity centers in Europe for timely threat intelligence sharing will also enhance preparedness.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland
Indicators of Compromise
- domain: check.lixir.icu
- domain: check.fetoq.icu
- file: 85.31.231.183
- hash: 80
- file: 189.1.220.101
- hash: 28443
- file: 196.251.88.124
- hash: 2404
- file: 177.136.225.183
- hash: 80
- file: 147.124.211.21
- hash: 2404
- file: 100.42.182.237
- hash: 443
- file: 49.113.78.205
- hash: 8888
- file: 186.169.94.13
- hash: 11103
- file: 47.83.219.200
- hash: 7443
- file: 87.120.166.174
- hash: 80
- file: 87.120.166.174
- hash: 8089
- file: 96.9.124.205
- hash: 443
- domain: webmail.takeufagame1212.xyz
- domain: cpcontacts.10bestbusiness.website
- file: 46.246.84.4
- hash: 9999
- file: 217.114.43.53
- hash: 4000
- file: 176.65.142.140
- hash: 3990
- file: 192.144.217.213
- hash: 8888
- url: http://77.105.147.252/_7base/windowstraffic.php
- file: 101.42.18.6
- hash: 9999
- file: 101.43.166.60
- hash: 6666
- file: 162.245.188.203
- hash: 80
- file: 195.211.191.150
- hash: 3981
- file: 164.92.84.107
- hash: 2404
- file: 198.135.52.171
- hash: 4433
- file: 176.65.140.206
- hash: 8888
- file: 128.90.122.218
- hash: 4000
- file: 161.97.101.53
- hash: 8808
- file: 196.251.70.104
- hash: 80
- file: 45.42.40.191
- hash: 7443
- file: 4.197.75.190
- hash: 8089
- file: 23.88.120.188
- hash: 40056
- domain: cpcalendars.ipmnewsworld.com
- domain: cpcalendars.topandbestnews.com
- file: 193.164.6.126
- hash: 4449
- file: 185.234.72.2
- hash: 80
- file: 39.99.33.97
- hash: 443
- file: 209.38.69.65
- hash: 8888
- domain: balancefitnow.com
- domain: cpcalendars.apkhubnewz.com
- domain: manusiabodoh.cyberdark.xyz
- file: 43.136.233.118
- hash: 60000
- file: 129.152.27.254
- hash: 8080
- file: 3.109.202.6
- hash: 3333
- file: 175.178.176.50
- hash: 3333
- file: 109.123.230.175
- hash: 3333
- file: 135.235.216.92
- hash: 443
- file: 3.144.87.174
- hash: 3333
- file: 13.60.189.77
- hash: 3333
- file: 213.209.129.104
- hash: 4444
- file: 2.59.42.169
- hash: 45345
- file: 47.109.57.243
- hash: 9999
- file: 94.66.237.39
- hash: 443
- file: 181.32.57.215
- hash: 8080
- file: 44.239.12.12
- hash: 443
- file: 94.46.171.220
- hash: 80
- file: 194.182.90.117
- hash: 3333
- file: 35.163.78.215
- hash: 443
- file: 34.46.180.128
- hash: 443
- file: 70.41.9.56
- hash: 443
- url: https://miliste.com/contact
- file: 113.44.154.245
- hash: 8099
- file: 172.93.46.40
- hash: 80
- file: 112.74.184.37
- hash: 6666
- file: 112.74.184.37
- hash: 7777
- file: 1.15.34.67
- hash: 7777
- file: 38.207.178.43
- hash: 9003
- file: 198.199.122.34
- hash: 2087
- file: 106.15.129.111
- hash: 443
- file: 124.71.200.1
- hash: 50050
- file: 152.228.174.215
- hash: 31337
- file: 42.51.0.226
- hash: 31337
- file: 159.203.82.72
- hash: 31337
- file: 45.8.146.45
- hash: 31337
- file: 134.209.250.239
- hash: 31337
- file: 144.172.94.119
- hash: 31337
- file: 196.251.70.199
- hash: 31337
- file: 167.99.105.30
- hash: 31337
- file: 194.163.188.142
- hash: 31337
- file: 202.171.179.21
- hash: 31337
- file: 84.38.130.82
- hash: 31337
- file: 176.123.169.64
- hash: 31337
- file: 134.209.93.110
- hash: 31337
- file: 164.92.154.140
- hash: 31337
- file: 220.76.180.78
- hash: 6000
- file: 51.198.130.30
- hash: 6001
- file: 52.136.38.252
- hash: 4443
- file: 41.109.190.205
- hash: 1177
- file: 31.166.106.12
- hash: 5001
- file: 200.86.136.112
- hash: 81
- file: 149.210.43.165
- hash: 443
- file: 2.58.15.184
- hash: 80
- file: 117.213.118.65
- hash: 60000
- url: https://twltter.dev/
- url: https://84.200.154.155/
- url: https://84.200.24.181/
- url: https://cityscapea.run/login
- url: http://87.120.166.174/
- url: http://20.191.194.222:3000/
- url: http://196.251.71.185/
- url: http://45.93.20.224/pndj30vs11/login.php
- file: 45.86.231.15
- hash: 52997
- url: http://www.58-pet-funeral-services-14.cfd/hm26/
- url: http://www.8068.locker/hm26/
- url: http://www.aki-spin.casino/hm26/
- url: http://www.alamalaenava.shop/hm26/
- url: http://www.andalend.xyz/hm26/
- url: http://www.antx.buzz/hm26/
- url: http://www.assaustreetcapitalplanning.info/hm26/
- url: http://www.atvikxtt.tech/hm26/
- url: http://www.cskftyn.biz/hm26/
- url: http://www.deadirectiveconsultinghub.info/hm26/
- url: http://www.eagleinsuranceplans.fun/hm26/
- url: http://www.ealthcare-trends-76690.bond/hm26/
- url: http://www.earfat.shop/hm26/
- url: http://www.eautyservicesrc.info/hm26/
- url: http://www.ebbidy.app/hm26/
- url: http://www.edralb.irish/hm26/
- url: http://www.endon.cloud/hm26/
- url: http://www.ental-implants-89727.bond/hm26/
- url: http://www.erratech.tech/hm26/
- url: http://www.estfreshmove.sbs/hm26/
- url: http://www.et1000.biz/hm26/
- url: http://www.etsumamoto.pro/hm26/
- url: http://www.ewtym.shop/hm26/
- url: http://www.gmstudio.net/hm26/
- url: http://www.hatushyamcraneservice.online/hm26/
- url: http://www.icisuo6.pro/hm26/
- url: http://www.imalayanscent.shop/hm26/
- url: http://www.k5004.casino/hm26/
- url: http://www.mnbeauty.net/hm26/
- url: http://www.mniscientnews.xyz/hm26/
- url: http://www.nepf.bid/hm26/
- url: http://www.ngfuwlofip.bond/hm26/
- url: http://www.niliidd.irish/hm26/
- url: http://www.nkywords6598.shop/hm26/
- url: http://www.nsold-cars-tribe.today/hm26/
- url: http://www.oberwayenergy.net/hm26/
- url: http://www.one.shop/hm26/
- url: http://www.ortop-corp.net/hm26/
- url: http://www.ouse136.click/hm26/
- url: http://www.oveworldquick.sbs/hm26/
- url: http://www.pioxc.xyz/hm26/
- url: http://www.qhelp.live/hm26/
- url: http://www.rbitswaves.info/hm26/
- url: http://www.reamsquad11fantasy.shop/hm26/
- url: http://www.reenmounttravel.online/hm26/
- url: http://www.renddshop.shop/hm26/
- url: http://www.rgent-loan-633032398.click/hm26/
- url: http://www.rlinker.xyz/hm26/
- url: http://www.rops-newser456.sbs/hm26/
- url: http://www.sassrgaceeytp.digital/hm26/
- url: http://www.ssisted-living-5.bond/hm26/
- url: http://www.tair-lift-65694.bond/hm26/
- url: http://www.tikahshafie.cloud/hm26/
- url: http://www.uantiv.art/hm26/
- url: http://www.ubyx.digital/hm26/
- url: http://www.ulnmatrix.net/hm26/
- url: http://www.ultigenius.xyz/hm26/
- url: http://www.unsetvistahotels.net/hm26/
- url: http://www.uskdeveloper.xyz/hm26/
- url: http://www.volvedirectivesolutions.info/hm26/
- url: http://www.wiftcarcare.net/hm26/
- url: http://www.xbeykozharunyakar.shop/hm26/
- url: http://www.xvideos.red/hm26/
- url: http://www.ynonymnetwork.xyz/hm26/
- url: http://www.ypherpunkpress.xyz/hm26/
- domain: www.58-pet-funeral-services-14.cfd
- domain: www.8068.locker
- domain: www.aki-spin.casino
- domain: www.alamalaenava.shop
- domain: www.andalend.xyz
- domain: www.antx.buzz
- domain: www.assaustreetcapitalplanning.info
- domain: www.atvikxtt.tech
- domain: www.cskftyn.biz
- domain: www.deadirectiveconsultinghub.info
- domain: www.eagleinsuranceplans.fun
- domain: www.ealthcare-trends-76690.bond
- domain: www.earfat.shop
- domain: www.eautyservicesrc.info
- domain: www.ebbidy.app
- domain: www.edralb.irish
- domain: www.endon.cloud
- domain: www.ental-implants-89727.bond
- domain: www.erratech.tech
- domain: www.estfreshmove.sbs
- domain: www.et1000.biz
- domain: www.etsumamoto.pro
- domain: www.ewtym.shop
- domain: www.gmstudio.net
- domain: www.hatushyamcraneservice.online
- domain: www.icisuo6.pro
- domain: www.imalayanscent.shop
- domain: www.k5004.casino
- domain: www.mnbeauty.net
- domain: www.mniscientnews.xyz
- domain: www.nepf.bid
- domain: www.ngfuwlofip.bond
- domain: www.niliidd.irish
- domain: www.nkywords6598.shop
- domain: www.nsold-cars-tribe.today
- domain: www.oberwayenergy.net
- domain: www.one.shop
- domain: www.ortop-corp.net
- domain: www.ouse136.click
- domain: www.oveworldquick.sbs
- domain: www.pioxc.xyz
- domain: www.qhelp.live
- domain: www.rbitswaves.info
- domain: www.reamsquad11fantasy.shop
- domain: www.reenmounttravel.online
- domain: www.renddshop.shop
- domain: www.rgent-loan-633032398.click
- domain: www.rlinker.xyz
- domain: www.rops-newser456.sbs
- domain: www.sassrgaceeytp.digital
- domain: www.ssisted-living-5.bond
- domain: www.tair-lift-65694.bond
- domain: www.tikahshafie.cloud
- domain: www.uantiv.art
- domain: www.ubyx.digital
- domain: www.ulnmatrix.net
- domain: www.ultigenius.xyz
- domain: www.unsetvistahotels.net
- domain: www.uskdeveloper.xyz
- domain: www.volvedirectivesolutions.info
- domain: www.wiftcarcare.net
- domain: www.xbeykozharunyakar.shop
- domain: www.xvideos.red
- domain: www.ynonymnetwork.xyz
- domain: www.ypherpunkpress.xyz
- domain: botnet.tcp-bypass.ovh
- domain: c2.crucialnetworks.xyz
- domain: net.20b20t.com.tr
- domain: newageofkifirempire.camdvr.org
- domain: gabh.gotdns.ch
- domain: z-openings.gl.at.ply.gg
- domain: acostcihprfqbgiuhfo.com
- domain: affxqgwn.com
- domain: aoeexvsdaacscmqm.com
- domain: asfabbwpms.com
- domain: asuknifg.com
- domain: asxlemnbyioy.com
- domain: baffmgpnfdgspqduk.com
- domain: barmfrpkvhohj.com
- domain: bdwgecyw.com
- domain: bgdhyvokpchokesy.com
- domain: bjxyatlg.com
- domain: bodubeqadbm.com
- domain: boibflwylfapinygm.com
- domain: boulasvsvt.com
- domain: bpoungre.com
- domain: bsqckdniooybq.com
- domain: bvwecxcfobr.com
- domain: bxhajhktmgnrwob.com
- domain: bxmsbgqujsgq.com
- domain: cbthmgvqvyrjcfeesh.com
- domain: celsrxswsg.com
- domain: cjkmgelfr.com
- domain: ckpjqbryyfbjew.com
- domain: cmdptnkxqgxxtbk.com
- domain: cnbpdmqaxkredxnk.com
- domain: cnhvrwkwr.com
- domain: ddkapqsrdhtprae.com
- domain: dhrsdbtnxja.com
- domain: dhvpkajvuhobg.com
- domain: djntrmarljlrkdqr.com
- domain: dlvynung.com
- domain: dorsakrjsywexee.com
- domain: drcowrkmdm.com
- domain: egpoajyeasr.com
- domain: ehoywqmeyiokvhrxfqp.com
- domain: eighlesddpwxl.com
- domain: eigvtbfgem.com
- domain: endcsebevthmcmojixr.com
- domain: famous-zopa.com
- domain: fatpuclfsy.com
- domain: fhemcavaxrfptgifkw.com
- domain: fhjvummcifit.com
- domain: fieuinqtyqixemglomx.com
- domain: fjicwyuyyppsei.com
- domain: fkyqpvdwcmyk.com
- domain: fmtqkxcirxxgbupuxq.com
- domain: ftxssxsavmbpulv.com
- domain: fwllkforvkuqjclvy.com
- domain: gapfvinskqkvfht.com
- domain: gbpilwqacn.com
- domain: gjrrukbmrlskdyt.com
- domain: gmeoghttmef.com
- domain: gotcqsiunccajymh.com
- domain: grabcminkphuei.com
- domain: guinobsiekcjtbolscm.com
- domain: guytydndwwdcjn.com
- domain: gvrqkrosdmjqufbfgdg.com
- domain: hdjeydvla.com
- domain: hekcyjodkgrymjrq.com
- domain: hfifjndycdwti.com
- domain: hgpcrbwvnkkupirfv.com
- domain: hjvrrqtmbvql.com
- domain: hkbawmpjeg.com
- domain: hkrahmfmygyuipmwh.com
- domain: hqcflqmvtush.com
- domain: hqwjqvnty.com
- domain: hrwkoyatnwdbtpusq.com
- domain: iadryjrf.com
- domain: iclrdmwlabaayyiy.com
- domain: icslsfanne.com
- domain: imorgpjbnvbpmkemfro.com
- domain: iodkkjqeraxic.com
- domain: itkpqydlmqlfi.com
- domain: itoxtsufaixmin.com
- domain: ittuytyiceydiploubs.com
- domain: iuehgutgmv.com
- domain: iusatlmffgbxbcijdeb.com
- domain: iyxanlwgwhxcxavlsr.com
- domain: jegvsohfnwfpmqyux.com
- domain: jlkvqxjxogtc.com
- domain: jmvfljrrpxffppwyqj.com
- domain: jnaxbhhekqoipte.com
- domain: jrkaxdlkvhgsiyknhw.com
- domain: jsfrrafslyyrqhwvyvo.com
- domain: jyokjogwr.com
- domain: kajwyvopaanwnuopbj.com
- domain: kanfdpobu.com
- domain: ketodgaxlkx.com
- domain: kgmhcpswm.com
- domain: khwyrpvjvjhxqg.com
- domain: kjtrmwnxbk.com
- domain: kknmtnybwnlotlyxb.com
- domain: kybtkxbydck.com
- domain: lajlfdbqqr.com
- domain: lcddsotgdgqoba.com
- domain: lcuhrxaoii.com
- domain: lhrclcobwenxtyae.com
- domain: lifbirmfvircwvtijkh.com
- domain: lmfempenskxs.com
- domain: lmmsqtmkmpayyu.com
- domain: lnapgrnuwlsn.com
- domain: lntxwsbivuiwiymt.com
- domain: luiyrtxaymj.com
- domain: lwlqniwoe.com
- domain: lwmsdhfcruswny.com
- domain: lwqhcoemrdvncihd.com
- domain: macygrytpknogdxxs.com
- domain: mdtpfasvdqbxp.com
- domain: miqbossmrbkpvjv.com
- domain: mpfippgi.com
- domain: mwdyqmtlt.com
- domain: mwrgirlf.com
- domain: mwtkhltvppdakhfrjxd.com
- domain: myarnkqnhuxplwifpo.com
- domain: niycwcdetltnokhhpd.com
- domain: npmaskrnpivd.com
- domain: ntdlseafxonbvkqed.com
- domain: ntmhavejb.com
- domain: nullucgghxu.com
- domain: ohnpvlmnlsyjwpp.com
- domain: oiojyponeomkelnis.com
- domain: ooccvraeigmubs.com
- domain: otetkpllcsbltf.com
- domain: otsyktenpnwucbfrchd.com
- domain: ouutdjxapd.com
- domain: ovijhngejmo.com
- domain: oxdyxnkpk.com
- domain: pjjnmthqubfpmvqtrti.com
- domain: plwcsqynxj.com
- domain: plyfrqjfynt.com
- domain: qamxxbdglsnraye.com
- domain: qcadtqyghmdqvwg.com
- domain: qckioymnowkwaxjwo.com
- domain: qdretpbxcwjotwlhfr.com
- domain: qlagsssaavjqugh.com
- domain: qwnxeahkdppgqeha.com
- domain: qxwlheklcpoeticb.com
- domain: rcxngqnhhjpgxtctdf.com
- domain: rgoaqgojbiunk.com
- domain: rhcsjprmnacbg.com
- domain: rmttyrlnycyft.com
- domain: rnsjcsjpipe.com
- domain: rqdumbol.com
- domain: rrlklsikpfjyoqmutl.com
- domain: runeyjmqxveivksuvi.com
- domain: ruwgckolcndwl.com
- domain: ryqlltioyrcsu.com
- domain: sgmrwormsiopg.com
- domain: siorjmrsxdqmvq.com
- domain: sjkockatruoalmoyw.com
- domain: stvkmflfmebvhfj.com
- domain: swnpnodv.com
- domain: tdjipoyhqmy.com
- domain: trerrxkctoktsl.com
- domain: ttploevnivtsybduyb.com
- domain: tttxbuvml.com
- domain: uannluqgr.com
- domain: ubsvjxembk.com
- domain: ucmgwppmriigew.com
- domain: uhryjrxaiusx.com
- domain: uidogdafrpoafrpjxd.com
- domain: uifwaxytj.com
- domain: uipklsgctptgxacyuk.com
- domain: unvvjslycjnxq.com
- domain: uokxkabepstc.com
- domain: upmqnigaltqvuelscol.com
- domain: uujlfjxvihatsr.com
- domain: vajgmayakgwhtjgsfay.com
- domain: vpwyxhwimelfwslfmgt.com
- domain: vrfbbnqw.com
- domain: vtgdkhelxwotns.com
- domain: vvmtviteuy.com
- domain: vwkvcbgrpuurtusi.com
- domain: vxhhggrau.com
- domain: wafhjtwygowhbdfn.com
- domain: wblpbiohbm.com
- domain: webqebxtabe.com
- domain: welxufrahckhhipk.com
- domain: wfkmqwgvuqlegdwkeus.com
- domain: whxtmyfgvpyr.com
- domain: wmhigjlmg.com
- domain: wphrrlsc.com
- domain: wsesluarbidvie.com
- domain: xembsvlmob.com
- domain: xkchjornedplpte.com
- domain: xkewvahimumw.com
- domain: xmmclthkgjiif.com
- domain: xsjmkpidceqdbr.com
- domain: xtnpcdvpk.com
- domain: xuvrrtrieyneqywuho.com
- domain: xwixwsgjrikdwy.com
- domain: xxutcvxabf.com
- domain: xydiiapyp.com
- domain: yadmelssopju.com
- domain: ycdcdlnfkalqeksvbdd.com
- domain: ymkdsynulihl.com
- domain: ymwtxtwjcutoy.com
- domain: yphrpamatxojboh.com
- domain: ysfbbrplaclurpr.com
- domain: ysrmcymbqfkvkojv.com
- domain: yvxfdiit.com
- domain: qwertyuioplkjhgfdsazxcvbnm.ydns.eu
- file: 77.105.161.227
- hash: 7772
- url: https://doberman-proper-bengal.ngrok-free.app
- url: https://pastebin.com/raw/iz8cjnc4
- url: https://pastebin.com/raw/wjzc4d9d
- domain: amazon-astrology.gl.at.ply.gg
- domain: any-attraction.gl.at.ply.gg
- domain: bensgaming.scr
- domain: choose-lamb.gl.at.ply.gg
- domain: ck1234-47763.portmap.host
- domain: javv-35412.portmap.host
- domain: thought-administrative.gl.at.ply.gg
- domain: sywaxeha-41850.portmap.host
- file: 193.161.193.99
- hash: 41850
- file: 147.185.221.26
- hash: 27770
- file: 147.185.221.25
- hash: 20096
- domain: fowlerkiawindsor.com
- domain: gilchristautomotive.com
- domain: genesisofkennesaw.com
- domain: randywisebuickgmc.com
- domain: machaiford.com
- domain: deliveryoka.com
- domain: security-confirmation.help
- domain: id.kickfire.com
- domain: tapestryoftruth.com
- domain: main-connection.click
- domain: authentication-to.help
- domain: open-connect-to-cdn.cc
- domain: westmaidentrue.click
- domain: check.tevoh.icu
- url: https://check.tevoh.icu/gkcxv.google
- file: 1.15.156.66
- hash: 7777
- domain: sunlight-11.pages.dev
- domain: sandbox.silver-map-generator.shop
- url: https://cbugildbett.top/api
- file: 39.100.70.49
- hash: 443
- file: 113.45.60.125
- hash: 80
- file: 122.10.15.130
- hash: 8443
- file: 124.221.47.70
- hash: 19999
- file: 3.147.73.5
- hash: 80
- file: 196.251.84.194
- hash: 80
- file: 167.172.135.43
- hash: 6606
- file: 102.117.162.128
- hash: 7443
- domain: ecoprohaven.com
- file: 197.133.104.107
- hash: 8081
- domain: cpcalendars.bestonenewznet.com
- file: 217.114.43.234
- hash: 4000
- file: 196.251.80.28
- hash: 2404
- file: 193.143.1.177
- hash: 443
- file: 34.122.21.68
- hash: 8888
- file: 70.27.138.218
- hash: 2222
- url: https://kbugildbett.top/api
- url: https://rhtardwarehu.icu/api
- url: https://jlegenassedk.top/api
- url: https://xmrodularmall.top/api
- url: https://dorangemyther.live/api
- file: 20.206.204.9
- hash: 4449
- url: https://49.12.113.195/
- file: 49.12.113.195
- hash: 443
- url: https://1cjlaspcorne.icu/api
- domain: ec2-54-216-72-51.eu-west-1.compute.amazonaws.com
- file: 118.193.36.235
- hash: 443
- file: 118.213.94.37
- hash: 443
- file: 119.147.148.232
- hash: 443
- file: 119.84.129.252
- hash: 443
- file: 119.84.72.231
- hash: 443
- file: 213.94.218.19
- hash: 80
- file: 213.94.218.21
- hash: 80
- file: 54.216.72.51
- hash: 80
- file: 45.204.197.44
- hash: 443
- file: 185.186.146.39
- hash: 2345
- file: 154.37.220.212
- hash: 443
- file: 103.119.47.243
- hash: 8000
- file: 43.226.229.206
- hash: 2404
- file: 209.97.165.53
- hash: 443
- file: 193.29.13.179
- hash: 443
- file: 196.251.72.5
- hash: 7777
- file: 196.251.72.5
- hash: 4444
- file: 161.97.101.53
- hash: 2004
- file: 173.212.240.188
- hash: 2003
- file: 185.133.248.219
- hash: 6606
- file: 196.251.73.189
- hash: 7777
- file: 107.172.3.15
- hash: 4346
- domain: cpcontacts.topmediainfos.com
- domain: hovno.yummypear.cz
- file: 43.138.0.143
- hash: 8000
- url: https://paulsss.com/3w6y.js
- domain: paulsss.com
- url: https://paulsss.com/js.php
- file: 47.92.24.144
- hash: 443
- file: 113.44.77.164
- hash: 443
- file: 18.117.140.15
- hash: 2455
- file: 211.104.21.158
- hash: 6000
- file: 54.153.145.247
- hash: 21100
- file: 52.37.189.73
- hash: 5172
- file: 91.228.113.199
- hash: 9032
- file: 34.221.141.190
- hash: 5991
- file: 192.140.163.10
- hash: 8089
- file: 194.195.211.38
- hash: 3333
- file: 206.189.189.202
- hash: 3333
- url: http://81.161.229.110/htdocs/wlbmlbddmkfjcbz.exe
- url: http://37.139.129.142/htdocs/afmarthbxdqeeqk.exe
- url: http://81.161.229.110/htdocs/tmzrgkxbcqlyiab.exe
- url: http://37.139.129.142/htdocs/pnbanmtqdeydxtt.exe
- url: http://81.161.229.110/htdocs/kyhfsgrikfdjnna.exe
- url: http://37.139.129.142/htdocs/dwjccbtggpmmqzl.exe
- url: http://81.161.229.110/htdocs/dwgfwkneyarpbmm.exe
- url: http://81.161.229.110/htdocs/dccdgcjypwfaxho.exe
- url: http://81.161.229.110/htdocs/pbtphcsjqnztbgc.exe
- url: http://37.139.129.142/htdocs/edeymrpfbnbtrho.exe
- url: http://81.161.229.110/htdocs/ktcebsmwxprjeyj.exe
- url: http://81.161.229.110/htdocs/klgzpcqxfqgcdbi.exe
- url: http://37.139.129.142/htdocs/lppemfemdajbfrs.exe
- url: http://81.161.229.110/htdocs/gdzpscynkfjxetk.exe
- url: http://81.161.229.110/htdocs/lzjcmxjpyksjnap.exe
- url: http://37.139.129.142/htdocs/anznzkqscltcdjp.exe
- url: http://87.120.84.38/txt/9qp0xwlhdvhkbfg.exe
- url: http://87.120.84.38/txt/egwnuqnrvelfnpw.exe
- url: http://87.120.84.38/txt/rkbqmu7pcslqxbj.exe
- url: https://searchesdex.me/
- url: https://stakesol.pro/
- url: https://0bugildbett.top/api
- domain: check.momas.icu
- url: https://check.momas.icu/gkcxv.google
- file: 209.38.151.4
- hash: 55123
- url: https://glitterygadgets.shop/files/original.js
- domain: glitterygadgets.shop
- url: https://glitterygadgets.shop/files/index.php
- url: https://glitterygadgets.shop/files/fia.php
- url: https://mountainamericahomes.net/kbdtam1.zip
- domain: check.geguk.icu
- url: https://check.geguk.icu/gkcxv.google
- file: 160.191.245.152
- hash: 5555
- domain: check.tudim.icu
- domain: jojo.ath.cx
- url: https://check.tudim.icu/gkcxv.google
- file: 157.20.182.16
- hash: 7702
- domain: botz.packetware.cc
- domain: check.qalyj.icu
- url: https://check.qalyj.icu/gkcxv.google
- domain: ssh.getsolara.info
- domain: 93757283cm.whiteproducts.ru
- domain: citywand.live
- domain: pistolsan.digital
- domain: hingehjan.shop
- domain: pillowconxnection.shop
- domain: rixggingrang.shop
- domain: webinspisrve.icu
- file: 1.94.185.235
- hash: 8443
- file: 43.159.45.235
- hash: 8888
- url: https://pistolsan.digital/api
- url: https://wcrosshairc.life/api
- url: https://rixggingrang.shop/api
- url: https://pillowconxnection.shop/api
- url: https://hingehjan.shop/api
- domain: sphayer66jugaru1.duckdns.org
- file: 4.232.129.60
- hash: 443
- file: 101.32.7.104
- hash: 53968
- file: 209.38.69.65
- hash: 8080
- file: 161.97.101.53
- hash: 2000
- file: 196.251.73.34
- hash: 7443
- file: 185.125.50.116
- hash: 80
- file: 47.76.214.226
- hash: 8443
- domain: cpcontacts.playufabetgames.xyz
- domain: webmail.mtpolice12.website
- domain: gemcoverinc.org
- file: 15.188.76.86
- hash: 101
- file: 8.141.114.174
- hash: 47486
- file: 213.192.33.143
- hash: 9898
- file: 141.98.10.122
- hash: 8080
- file: 122.10.15.174
- hash: 8443
- file: 35.157.161.202
- hash: 443
- file: 91.241.5.44
- hash: 5446
- file: 139.28.37.14
- hash: 1604
- file: 219.155.211.237
- hash: 44365
- domain: botnet.dexcfw.dev
- domain: c2.dsn.ovh
- domain: con.isn.ovh
- domain: q1bkhvr2eqfd.cfc-execute.bj.baidubce.com
- file: 180.76.144.239
- hash: 443
- url: http://195.10.205.117/3d3d9476182c2057.php
- url: http://213.209.150.220/d7f85cd3e24a4757.php
- domain: check.nocun.icu
- url: https://check.nocun.icu/gkcxv.google
- domain: patchflow.org
- url: https://patchflow.org/updates/system-components/
- url: https://94.159.113.213/updates/system-components/
- url: https://r.p.formaxprime.co.uk/
- file: 65.87.7.80
- hash: 31337
- domain: r.p.formaxprime.co.uk
- file: 45.62.170.90
- hash: 443
- file: 196.251.84.194
- hash: 4444
- file: 196.251.84.194
- hash: 8080
- file: 212.23.222.206
- hash: 8808
- file: 176.65.144.32
- hash: 8808
- file: 158.220.83.114
- hash: 1007
- file: 4.196.180.3
- hash: 8082
- file: 37.140.242.244
- hash: 80
- domain: cpcontacts.10bestgamesofufabet.xyz
- domain: cpcalendars.10bestgamesofufabet.xyz
- domain: webmail.generalztipsal.xyz
- domain: webdisk.dmspotzera.xyz
- domain: webmail.dailypromos.xyz
- file: 171.248.3.163
- hash: 9999
- file: 46.246.86.8
- hash: 8080
- file: 13.125.230.160
- hash: 9300
- file: 18.230.25.70
- hash: 11341
- file: 18.230.25.70
- hash: 4841
- domain: check.xojyz.icu
- url: https://check.xojyz.icu/gkcxv.google
- url: https://check.higun.icu/gkcxv.google
- file: 45.8.146.45
- hash: 8888
- file: 45.8.146.45
- hash: 9000
- file: 82.156.125.98
- hash: 60000
ThreatFox IOCs for 2025-03-14
Medium
Published: Fri Mar 14 2025 (03/14/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-14
AI-Powered Analysis
AILast updated: 06/27/2025, 10:51:42 UTC
Technical Analysis
The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is documented in the ThreatFox MISP Feed dated March 14, 2025, and is tagged with TLP:WHITE, indicating it is intended for wide distribution and sharing. However, the details are sparse: no specific affected software versions are listed, no known exploits are reported in the wild, and no patch is available. The threat level is indicated as 2 on an unspecified scale, with distribution rated at 3, suggesting moderate spread potential. The absence of concrete indicators of compromise (IOCs) and technical details limits the ability to precisely characterize the malware's behavior, infection vectors, or payload specifics. The classification under OSINT and payload delivery implies that the threat may involve gathering intelligence from open sources to facilitate or enhance payload delivery mechanisms, possibly through network-based activities such as command and control communications or data exfiltration. Given the lack of CWE identifiers and exploit details, this appears to be an emerging or low-profile malware threat with moderate severity, primarily serving as an intelligence or reconnaissance tool that could precede more damaging attacks.
Potential Impact
For European organizations, the impact of this threat could manifest in several ways. As the malware involves payload delivery and network activity, it may enable unauthorized access, data exfiltration, or lateral movement within networks. The OSINT component suggests attackers might leverage publicly available information to tailor attacks, increasing their effectiveness. Although no known exploits are currently active, the presence of such malware could facilitate espionage, intellectual property theft, or disruption of services. Sectors with high-value data or critical infrastructure, such as finance, energy, healthcare, and government, could be particularly targeted. The medium severity rating indicates that while immediate catastrophic damage is unlikely, the threat could serve as a foothold for more severe attacks, potentially compromising confidentiality and integrity of sensitive data. The lack of patches or specific mitigations means organizations must rely on detection and prevention strategies to mitigate risks.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing detection and prevention capabilities. Organizations should implement advanced network monitoring to identify unusual outbound traffic patterns indicative of payload delivery or command and control communications. Employing threat intelligence feeds, including updates from ThreatFox and MISP, can help identify emerging IOCs as they become available. Regularly updating and hardening endpoint protection solutions to detect malware behaviors associated with OSINT gathering and payload delivery is critical. Network segmentation can limit lateral movement if infection occurs. Additionally, conducting employee training to recognize phishing or social engineering attempts that may serve as initial infection vectors is essential. Since no patch exists, organizations should prioritize incident response readiness, including maintaining up-to-date backups and establishing clear protocols for containment and eradication. Collaborating with national cybersecurity centers in Europe for timely threat intelligence sharing will also enhance preparedness.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f26b6520-5eef-4f6c-a7fb-68960ac8918a
- Original Timestamp
- 1741996986
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.lixir.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.fetoq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebmail.takeufagame1212.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.10bestbusiness.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.ipmnewsworld.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.topandbestnews.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainbalancefitnow.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.apkhubnewz.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainmanusiabodoh.cyberdark.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.58-pet-funeral-services-14.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.8068.locker | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.aki-spin.casino | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.alamalaenava.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.andalend.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.antx.buzz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.assaustreetcapitalplanning.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.atvikxtt.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.cskftyn.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.deadirectiveconsultinghub.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eagleinsuranceplans.fun | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ealthcare-trends-76690.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.earfat.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.eautyservicesrc.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ebbidy.app | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.edralb.irish | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.endon.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ental-implants-89727.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.erratech.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.estfreshmove.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.et1000.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.etsumamoto.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ewtym.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gmstudio.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hatushyamcraneservice.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.icisuo6.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.imalayanscent.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.k5004.casino | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mnbeauty.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mniscientnews.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nepf.bid | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ngfuwlofip.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.niliidd.irish | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nkywords6598.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nsold-cars-tribe.today | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oberwayenergy.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.one.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ortop-corp.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ouse136.click | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oveworldquick.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.pioxc.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.qhelp.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rbitswaves.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.reamsquad11fantasy.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.reenmounttravel.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.renddshop.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rgent-loan-633032398.click | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rlinker.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rops-newser456.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.sassrgaceeytp.digital | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ssisted-living-5.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.tair-lift-65694.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.tikahshafie.cloud | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uantiv.art | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ubyx.digital | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ulnmatrix.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ultigenius.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.unsetvistahotels.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uskdeveloper.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.volvedirectivesolutions.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wiftcarcare.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.xbeykozharunyakar.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.xvideos.red | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ynonymnetwork.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ypherpunkpress.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainbotnet.tcp-bypass.ovh | Mirai botnet C2 domain (confidence level: 50%) | |
domainc2.crucialnetworks.xyz | Mirai botnet C2 domain (confidence level: 50%) | |
domainnet.20b20t.com.tr | Mirai botnet C2 domain (confidence level: 50%) | |
domainnewageofkifirempire.camdvr.org | Mirai botnet C2 domain (confidence level: 50%) | |
domaingabh.gotdns.ch | NjRAT botnet C2 domain (confidence level: 50%) | |
domainz-openings.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainacostcihprfqbgiuhfo.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainaffxqgwn.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainaoeexvsdaacscmqm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainasfabbwpms.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainasuknifg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainasxlemnbyioy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbaffmgpnfdgspqduk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbarmfrpkvhohj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbdwgecyw.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbgdhyvokpchokesy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbjxyatlg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbodubeqadbm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainboibflwylfapinygm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainboulasvsvt.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbpoungre.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbsqckdniooybq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbvwecxcfobr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbxhajhktmgnrwob.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainbxmsbgqujsgq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaincbthmgvqvyrjcfeesh.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaincelsrxswsg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaincjkmgelfr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainckpjqbryyfbjew.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaincmdptnkxqgxxtbk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaincnbpdmqaxkredxnk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaincnhvrwkwr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainddkapqsrdhtprae.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaindhrsdbtnxja.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaindhvpkajvuhobg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaindjntrmarljlrkdqr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaindlvynung.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaindorsakrjsywexee.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaindrcowrkmdm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainegpoajyeasr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainehoywqmeyiokvhrxfqp.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaineighlesddpwxl.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaineigvtbfgem.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainendcsebevthmcmojixr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfamous-zopa.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfatpuclfsy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfhemcavaxrfptgifkw.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfhjvummcifit.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfieuinqtyqixemglomx.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfjicwyuyyppsei.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfkyqpvdwcmyk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfmtqkxcirxxgbupuxq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainftxssxsavmbpulv.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainfwllkforvkuqjclvy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingapfvinskqkvfht.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingbpilwqacn.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingjrrukbmrlskdyt.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingmeoghttmef.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingotcqsiunccajymh.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingrabcminkphuei.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainguinobsiekcjtbolscm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainguytydndwwdcjn.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaingvrqkrosdmjqufbfgdg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhdjeydvla.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhekcyjodkgrymjrq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhfifjndycdwti.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhgpcrbwvnkkupirfv.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhjvrrqtmbvql.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhkbawmpjeg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhkrahmfmygyuipmwh.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhqcflqmvtush.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhqwjqvnty.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainhrwkoyatnwdbtpusq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainiadryjrf.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainiclrdmwlabaayyiy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainicslsfanne.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainimorgpjbnvbpmkemfro.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainiodkkjqeraxic.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainitkpqydlmqlfi.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainitoxtsufaixmin.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainittuytyiceydiploubs.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainiuehgutgmv.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainiusatlmffgbxbcijdeb.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainiyxanlwgwhxcxavlsr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjegvsohfnwfpmqyux.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjlkvqxjxogtc.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjmvfljrrpxffppwyqj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjnaxbhhekqoipte.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjrkaxdlkvhgsiyknhw.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjsfrrafslyyrqhwvyvo.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainjyokjogwr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkajwyvopaanwnuopbj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkanfdpobu.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainketodgaxlkx.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkgmhcpswm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkhwyrpvjvjhxqg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkjtrmwnxbk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkknmtnybwnlotlyxb.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainkybtkxbydck.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlajlfdbqqr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlcddsotgdgqoba.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlcuhrxaoii.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlhrclcobwenxtyae.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlifbirmfvircwvtijkh.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlmfempenskxs.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlmmsqtmkmpayyu.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlnapgrnuwlsn.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlntxwsbivuiwiymt.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainluiyrtxaymj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlwlqniwoe.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlwmsdhfcruswny.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainlwqhcoemrdvncihd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmacygrytpknogdxxs.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmdtpfasvdqbxp.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmiqbossmrbkpvjv.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmpfippgi.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmwdyqmtlt.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmwrgirlf.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmwtkhltvppdakhfrjxd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainmyarnkqnhuxplwifpo.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainniycwcdetltnokhhpd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainnpmaskrnpivd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainntdlseafxonbvkqed.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainntmhavejb.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainnullucgghxu.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainohnpvlmnlsyjwpp.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainoiojyponeomkelnis.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainooccvraeigmubs.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainotetkpllcsbltf.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainotsyktenpnwucbfrchd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainouutdjxapd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainovijhngejmo.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainoxdyxnkpk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainpjjnmthqubfpmvqtrti.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainplwcsqynxj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainplyfrqjfynt.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqamxxbdglsnraye.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqcadtqyghmdqvwg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqckioymnowkwaxjwo.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqdretpbxcwjotwlhfr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqlagsssaavjqugh.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqwnxeahkdppgqeha.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqxwlheklcpoeticb.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrcxngqnhhjpgxtctdf.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrgoaqgojbiunk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrhcsjprmnacbg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrmttyrlnycyft.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrnsjcsjpipe.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrqdumbol.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainrrlklsikpfjyoqmutl.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainruneyjmqxveivksuvi.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainruwgckolcndwl.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainryqlltioyrcsu.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainsgmrwormsiopg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainsiorjmrsxdqmvq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainsjkockatruoalmoyw.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainstvkmflfmebvhfj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainswnpnodv.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaintdjipoyhqmy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaintrerrxkctoktsl.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainttploevnivtsybduyb.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domaintttxbuvml.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuannluqgr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainubsvjxembk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainucmgwppmriigew.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuhryjrxaiusx.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuidogdafrpoafrpjxd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuifwaxytj.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuipklsgctptgxacyuk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainunvvjslycjnxq.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuokxkabepstc.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainupmqnigaltqvuelscol.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainuujlfjxvihatsr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvajgmayakgwhtjgsfay.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvpwyxhwimelfwslfmgt.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvrfbbnqw.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvtgdkhelxwotns.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvvmtviteuy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvwkvcbgrpuurtusi.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainvxhhggrau.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwafhjtwygowhbdfn.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwblpbiohbm.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwebqebxtabe.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwelxufrahckhhipk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwfkmqwgvuqlegdwkeus.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwhxtmyfgvpyr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwmhigjlmg.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwphrrlsc.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainwsesluarbidvie.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxembsvlmob.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxkchjornedplpte.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxkewvahimumw.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxmmclthkgjiif.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxsjmkpidceqdbr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxtnpcdvpk.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxuvrrtrieyneqywuho.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxwixwsgjrikdwy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxxutcvxabf.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainxydiiapyp.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainyadmelssopju.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainycdcdlnfkalqeksvbdd.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainymkdsynulihl.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainymwtxtwjcutoy.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainyphrpamatxojboh.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainysfbbrplaclurpr.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainysrmcymbqfkvkojv.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainyvxfdiit.com | Ramnit botnet C2 domain (confidence level: 50%) | |
domainqwertyuioplkjhgfdsazxcvbnm.ydns.eu | Remcos botnet C2 domain (confidence level: 50%) | |
domainamazon-astrology.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainany-attraction.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainbensgaming.scr | XWorm botnet C2 domain (confidence level: 50%) | |
domainchoose-lamb.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainck1234-47763.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainjavv-35412.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainthought-administrative.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsywaxeha-41850.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainfowlerkiawindsor.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domaingilchristautomotive.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domaingenesisofkennesaw.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domainrandywisebuickgmc.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domainmachaiford.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domaindeliveryoka.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domainsecurity-confirmation.help | Unknown malware payload delivery domain (confidence level: 50%) | |
domainid.kickfire.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domaintapestryoftruth.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domainmain-connection.click | Unknown malware payload delivery domain (confidence level: 50%) | |
domainauthentication-to.help | Unknown malware payload delivery domain (confidence level: 50%) | |
domainopen-connect-to-cdn.cc | Unknown malware payload delivery domain (confidence level: 50%) | |
domainwestmaidentrue.click | Unknown malware payload delivery domain (confidence level: 50%) | |
domaincheck.tevoh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsunlight-11.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainsandbox.silver-map-generator.shop | ClearFake payload delivery domain (confidence level: 100%) | |
domainecoprohaven.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.bestonenewznet.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainec2-54-216-72-51.eu-west-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincpcontacts.topmediainfos.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainhovno.yummypear.cz | xmrig botnet C2 domain (confidence level: 100%) | |
domainpaulsss.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.momas.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainglitterygadgets.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.geguk.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.tudim.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainjojo.ath.cx | StrelaStealer botnet C2 domain (confidence level: 100%) | |
domainbotz.packetware.cc | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.qalyj.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainssh.getsolara.info | MooBot botnet C2 domain (confidence level: 100%) | |
domain93757283cm.whiteproducts.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domaincitywand.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpistolsan.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhingehjan.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpillowconxnection.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrixggingrang.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwebinspisrve.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsphayer66jugaru1.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.playufabetgames.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.mtpolice12.website | Havoc botnet C2 domain (confidence level: 100%) | |
domaingemcoverinc.org | Havoc botnet C2 domain (confidence level: 100%) | |
domainbotnet.dexcfw.dev | Mirai botnet C2 domain (confidence level: 50%) | |
domainc2.dsn.ovh | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domaincon.isn.ovh | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainq1bkhvr2eqfd.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincheck.nocun.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpatchflow.org | Matanbuchus botnet C2 domain (confidence level: 50%) | |
domainr.p.formaxprime.co.uk | Vidar botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.10bestgamesofufabet.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.10bestgamesofufabet.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.generalztipsal.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebdisk.dmspotzera.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.dailypromos.xyz | Havoc botnet C2 domain (confidence level: 100%) | |
domaincheck.xojyz.icu | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file85.31.231.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file189.1.220.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.88.124 | Remcos botnet C2 server (confidence level: 100%) | |
file177.136.225.183 | Remcos botnet C2 server (confidence level: 100%) | |
file147.124.211.21 | Remcos botnet C2 server (confidence level: 100%) | |
file100.42.182.237 | Sliver botnet C2 server (confidence level: 100%) | |
file49.113.78.205 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.169.94.13 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file47.83.219.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file87.120.166.174 | Hook botnet C2 server (confidence level: 100%) | |
file87.120.166.174 | Hook botnet C2 server (confidence level: 100%) | |
file96.9.124.205 | Havoc botnet C2 server (confidence level: 100%) | |
file46.246.84.4 | DCRat botnet C2 server (confidence level: 100%) | |
file217.114.43.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.142.140 | Remcos botnet C2 server (confidence level: 100%) | |
file192.144.217.213 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file101.42.18.6 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.43.166.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file162.245.188.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.211.191.150 | Remcos botnet C2 server (confidence level: 100%) | |
file164.92.84.107 | Remcos botnet C2 server (confidence level: 100%) | |
file198.135.52.171 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.140.206 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.122.218 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.97.101.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.70.104 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.42.40.191 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.197.75.190 | Hook botnet C2 server (confidence level: 100%) | |
file23.88.120.188 | Havoc botnet C2 server (confidence level: 100%) | |
file193.164.6.126 | Venom RAT botnet C2 server (confidence level: 100%) | |
file185.234.72.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.99.33.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file209.38.69.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file43.136.233.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.152.27.254 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.109.202.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file175.178.176.50 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.123.230.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.235.216.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.144.87.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.60.189.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.209.129.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file2.59.42.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.109.57.243 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.66.237.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.32.57.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.239.12.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.46.171.220 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.182.90.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.163.78.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.46.180.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file70.41.9.56 | QakBot botnet C2 server (confidence level: 100%) | |
file113.44.154.245 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.93.46.40 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file112.74.184.37 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file112.74.184.37 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.15.34.67 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.207.178.43 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file198.199.122.34 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file106.15.129.111 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file124.71.200.1 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file152.228.174.215 | Sliver botnet C2 server (confidence level: 50%) | |
file42.51.0.226 | Sliver botnet C2 server (confidence level: 50%) | |
file159.203.82.72 | Sliver botnet C2 server (confidence level: 50%) | |
file45.8.146.45 | Sliver botnet C2 server (confidence level: 50%) | |
file134.209.250.239 | Sliver botnet C2 server (confidence level: 50%) | |
file144.172.94.119 | Sliver botnet C2 server (confidence level: 50%) | |
file196.251.70.199 | Sliver botnet C2 server (confidence level: 50%) | |
file167.99.105.30 | Sliver botnet C2 server (confidence level: 50%) | |
file194.163.188.142 | Sliver botnet C2 server (confidence level: 50%) | |
file202.171.179.21 | Sliver botnet C2 server (confidence level: 50%) | |
file84.38.130.82 | Sliver botnet C2 server (confidence level: 50%) | |
file176.123.169.64 | Sliver botnet C2 server (confidence level: 50%) | |
file134.209.93.110 | Sliver botnet C2 server (confidence level: 50%) | |
file164.92.154.140 | Sliver botnet C2 server (confidence level: 50%) | |
file220.76.180.78 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file51.198.130.30 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.136.38.252 | Unknown malware botnet C2 server (confidence level: 50%) | |
file41.109.190.205 | NjRAT botnet C2 server (confidence level: 50%) | |
file31.166.106.12 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file200.86.136.112 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file149.210.43.165 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file2.58.15.184 | Unknown malware botnet C2 server (confidence level: 50%) | |
file117.213.118.65 | Mozi botnet C2 server (confidence level: 50%) | |
file45.86.231.15 | Copybara botnet C2 server (confidence level: 50%) | |
file77.105.161.227 | SpyNote botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.26 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | XWorm botnet C2 server (confidence level: 50%) | |
file1.15.156.66 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file39.100.70.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.60.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.10.15.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.221.47.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.147.73.5 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file167.172.135.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.162.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file197.133.104.107 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file217.114.43.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.80.28 | Remcos botnet C2 server (confidence level: 75%) | |
file193.143.1.177 | AMOS botnet C2 server (confidence level: 75%) | |
file34.122.21.68 | Sliver botnet C2 server (confidence level: 75%) | |
file70.27.138.218 | QakBot botnet C2 server (confidence level: 75%) | |
file20.206.204.9 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file49.12.113.195 | Vidar botnet C2 server (confidence level: 100%) | |
file118.193.36.235 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file118.213.94.37 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.147.148.232 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.84.129.252 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.84.72.231 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file213.94.218.19 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file213.94.218.21 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file54.216.72.51 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.204.197.44 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file185.186.146.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.37.220.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.119.47.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.226.229.206 | Remcos botnet C2 server (confidence level: 100%) | |
file209.97.165.53 | Sliver botnet C2 server (confidence level: 100%) | |
file193.29.13.179 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.72.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.72.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.97.101.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file173.212.240.188 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.133.248.219 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.73.189 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file107.172.3.15 | Havoc botnet C2 server (confidence level: 100%) | |
file43.138.0.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.24.144 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file113.44.77.164 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file18.117.140.15 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file211.104.21.158 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.153.145.247 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file52.37.189.73 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file91.228.113.199 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file34.221.141.190 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file192.140.163.10 | DCRat botnet C2 server (confidence level: 50%) | |
file194.195.211.38 | Unknown malware botnet C2 server (confidence level: 50%) | |
file206.189.189.202 | Unknown malware botnet C2 server (confidence level: 50%) | |
file209.38.151.4 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file160.191.245.152 | Mirai botnet C2 server (confidence level: 75%) | |
file157.20.182.16 | StrelaStealer botnet C2 server (confidence level: 75%) | |
file1.94.185.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.159.45.235 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file4.232.129.60 | Sliver botnet C2 server (confidence level: 100%) | |
file101.32.7.104 | Sliver botnet C2 server (confidence level: 100%) | |
file209.38.69.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.97.101.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.73.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.125.50.116 | Hook botnet C2 server (confidence level: 100%) | |
file47.76.214.226 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file15.188.76.86 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file8.141.114.174 | Chaos botnet C2 server (confidence level: 100%) | |
file213.192.33.143 | xmrig botnet C2 server (confidence level: 100%) | |
file141.98.10.122 | Mirai botnet C2 server (confidence level: 100%) | |
file122.10.15.174 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file35.157.161.202 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file91.241.5.44 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file139.28.37.14 | DarkComet botnet C2 server (confidence level: 50%) | |
file219.155.211.237 | Mozi botnet C2 server (confidence level: 50%) | |
file180.76.144.239 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file65.87.7.80 | Sliver botnet C2 server (confidence level: 100%) | |
file45.62.170.90 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file212.23.222.206 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.32 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file158.220.83.114 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file4.196.180.3 | Hook botnet C2 server (confidence level: 100%) | |
file37.140.242.244 | Hook botnet C2 server (confidence level: 100%) | |
file171.248.3.163 | Venom RAT botnet C2 server (confidence level: 100%) | |
file46.246.86.8 | DCRat botnet C2 server (confidence level: 100%) | |
file13.125.230.160 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.230.25.70 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.230.25.70 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.8.146.45 | Sliver botnet C2 server (confidence level: 75%) | |
file45.8.146.45 | Sliver botnet C2 server (confidence level: 75%) | |
file82.156.125.98 | Unknown malware botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash28443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash11103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash9999 | DCRat botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3990 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3981 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4433 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash40056 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash45345 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash8099 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9003 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash2087 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash5001 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash81 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash60000 | Mozi botnet C2 server (confidence level: 50%) | |
hash52997 | Copybara botnet C2 server (confidence level: 50%) | |
hash7772 | SpyNote botnet C2 server (confidence level: 50%) | |
hash41850 | XWorm botnet C2 server (confidence level: 50%) | |
hash27770 | XWorm botnet C2 server (confidence level: 50%) | |
hash20096 | XWorm botnet C2 server (confidence level: 50%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash19999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | AMOS botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash4449 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2345 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4346 | Havoc botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash2455 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash21100 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5172 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9032 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5991 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8089 | DCRat botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash55123 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash5555 | Mirai botnet C2 server (confidence level: 75%) | |
hash7702 | StrelaStealer botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash53968 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash101 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash9898 | xmrig botnet C2 server (confidence level: 100%) | |
hash8080 | Mirai botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash5446 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash44365 | Mozi botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1007 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash9300 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash11341 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4841 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash9000 | Sliver botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://77.105.147.252/_7base/windowstraffic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://miliste.com/contact | AMOS botnet C2 (confidence level: 75%) | |
urlhttps://twltter.dev/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://84.200.154.155/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://84.200.24.181/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://cityscapea.run/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://87.120.166.174/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://20.191.194.222:3000/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://196.251.71.185/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://45.93.20.224/pndj30vs11/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttp://www.58-pet-funeral-services-14.cfd/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.8068.locker/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aki-spin.casino/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alamalaenava.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.andalend.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.antx.buzz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.assaustreetcapitalplanning.info/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.atvikxtt.tech/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.cskftyn.biz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.deadirectiveconsultinghub.info/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eagleinsuranceplans.fun/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ealthcare-trends-76690.bond/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.earfat.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.eautyservicesrc.info/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ebbidy.app/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.edralb.irish/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.endon.cloud/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ental-implants-89727.bond/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.erratech.tech/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.estfreshmove.sbs/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.et1000.biz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.etsumamoto.pro/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ewtym.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gmstudio.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hatushyamcraneservice.online/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.icisuo6.pro/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.imalayanscent.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.k5004.casino/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mnbeauty.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mniscientnews.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nepf.bid/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ngfuwlofip.bond/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.niliidd.irish/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nkywords6598.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nsold-cars-tribe.today/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oberwayenergy.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.one.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ortop-corp.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ouse136.click/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oveworldquick.sbs/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.pioxc.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.qhelp.live/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rbitswaves.info/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.reamsquad11fantasy.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.reenmounttravel.online/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.renddshop.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rgent-loan-633032398.click/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rlinker.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rops-newser456.sbs/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sassrgaceeytp.digital/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ssisted-living-5.bond/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tair-lift-65694.bond/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tikahshafie.cloud/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uantiv.art/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ubyx.digital/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ulnmatrix.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ultigenius.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.unsetvistahotels.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uskdeveloper.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.volvedirectivesolutions.info/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wiftcarcare.net/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xbeykozharunyakar.shop/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.xvideos.red/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ynonymnetwork.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ypherpunkpress.xyz/hm26/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://doberman-proper-bengal.ngrok-free.app | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/iz8cjnc4 | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/wjzc4d9d | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://check.tevoh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cbugildbett.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kbugildbett.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rhtardwarehu.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://jlegenassedk.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xmrodularmall.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dorangemyther.live/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://49.12.113.195/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://1cjlaspcorne.icu/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://paulsss.com/3w6y.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://paulsss.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://81.161.229.110/htdocs/wlbmlbddmkfjcbz.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/afmarthbxdqeeqk.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/tmzrgkxbcqlyiab.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/pnbanmtqdeydxtt.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/kyhfsgrikfdjnna.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/dwjccbtggpmmqzl.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/dwgfwkneyarpbmm.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/dccdgcjypwfaxho.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/pbtphcsjqnztbgc.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/edeymrpfbnbtrho.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/ktcebsmwxprjeyj.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/klgzpcqxfqgcdbi.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/lppemfemdajbfrs.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/gdzpscynkfjxetk.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://81.161.229.110/htdocs/lzjcmxjpyksjnap.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://37.139.129.142/htdocs/anznzkqscltcdjp.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://87.120.84.38/txt/9qp0xwlhdvhkbfg.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://87.120.84.38/txt/egwnuqnrvelfnpw.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttp://87.120.84.38/txt/rkbqmu7pcslqxbj.exe | MASS Logger payload delivery URL (confidence level: 50%) | |
urlhttps://searchesdex.me/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://stakesol.pro/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://0bugildbett.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.momas.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://glitterygadgets.shop/files/original.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://glitterygadgets.shop/files/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://glitterygadgets.shop/files/fia.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://mountainamericahomes.net/kbdtam1.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.geguk.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.tudim.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.qalyj.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://pistolsan.digital/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wcrosshairc.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://rixggingrang.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pillowconxnection.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://hingehjan.shop/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://195.10.205.117/3d3d9476182c2057.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://213.209.150.220/d7f85cd3e24a4757.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://check.nocun.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://patchflow.org/updates/system-components/ | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttps://94.159.113.213/updates/system-components/ | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttps://r.p.formaxprime.co.uk/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://check.xojyz.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.higun.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
Threat ID: 68367c98182aa0cae231e707
Added to database: 5/28/2025, 3:01:44 AM
Last enriched: 6/27/2025, 10:51:42 AM
Last updated: 7/28/2025, 4:05:43 AM
Views: 10
Related Threats
Bumblebee Malware SEO Poisoning Campaign Leads to Akira Ransomware Deployment
MediumMalwareTue Aug 05 2025
ThreatFox IOCs for 2025-08-04
MediumMalwareTue Aug 05 2025
New JSCEAL Malware Targets Millions via Fake Crypto App Ads
MediumMalwareMon Aug 04 2025
Active Exploitation of SonicWall VPNs
MediumMalwareMon Aug 04 2025
LegalPwn Attack Tricks Popular GenAI Tools Into Misclassifying Malware as Safe Code
MediumMalwareMon Aug 04 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.