ThreatFox IOCs for 2025-03-22
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-22
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related entry titled 'ThreatFox IOCs for 2025-03-22' sourced from ThreatFox, an open-source threat intelligence platform. The entry is categorized under 'type:osint' and 'tlp:white', indicating that it is openly shareable information derived from open-source intelligence. There are no specific affected product versions or detailed technical indicators (IOCs) included, and no known exploits in the wild have been reported. The threat level is rated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting a moderate distribution but limited detailed analysis. The absence of CWE identifiers, patch links, or detailed technical descriptions implies that this entry is primarily an informational update rather than an active or well-characterized malware campaign. The lack of indicators and affected versions further suggests that this intelligence may be preparatory or preliminary, possibly listing indicators of compromise (IOCs) collected on the specified date but without actionable exploitation details. Overall, this threat appears to represent a medium-severity malware-related intelligence update with limited technical depth and no immediate exploitation evidence.
Potential Impact
Given the limited technical details and absence of known exploits, the direct impact on European organizations is currently low to medium. However, the presence of malware-related IOCs in open-source intelligence can signal emerging threats or reconnaissance activities that may precede targeted attacks. European organizations relying on open-source threat intelligence feeds should consider this as a potential early warning. The impact could manifest as increased risk of malware infections if these IOCs correspond to active malware campaigns not yet widely detected. Confidentiality, integrity, and availability impacts remain uncertain but could escalate if the malware evolves or is leveraged in targeted attacks. The medium severity rating suggests vigilance but no immediate crisis. Organizations in critical infrastructure, finance, and government sectors in Europe should monitor for related indicators and prepare for potential escalation, especially given the moderate distribution rating which implies some level of spread or awareness in the threat landscape.
Mitigation Recommendations
1. Enhance threat intelligence integration by incorporating updated IOCs from ThreatFox and other OSINT sources into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to improve detection capabilities. 2. Conduct proactive threat hunting exercises focusing on the limited but emerging IOCs to identify any early signs of compromise within the network. 3. Maintain up-to-date endpoint protection platforms with heuristic and behavior-based detection to identify novel or unknown malware variants that may not yet have signatures. 4. Implement network segmentation and strict access controls to limit lateral movement should an infection occur. 5. Increase user awareness training emphasizing cautious handling of suspicious files and links, as user interaction vectors remain a common infection pathway. 6. Regularly review and update incident response plans to incorporate potential scenarios involving emerging malware threats identified through OSINT. 7. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely alerts on evolving threats.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Finland
Indicators of Compromise
- domain: check.ioqoda.icu
- file: 194.180.191.171
- hash: 443
- file: 62.60.154.3
- hash: 443
- file: 108.59.7.43
- hash: 443
- domain: mozillastatus.com
- domain: filtercategory.com
- domain: stripepayway.com
- domain: cachecaptcha.com
- domain: cdnnewassets.com
- domain: keritysuc.xyz
- domain: approvalreceipt.com
- domain: assets-tokens.com
- domain: cdnstatics.net
- domain: cdnstaticnetwork.net
- domain: webjquery.com
- domain: statnestt.com
- domain: cloudsolutio.com
- domain: cdnmozilla.com
- domain: cdn.jsdelivr.at
- file: 23.133.88.96
- hash: 443
- domain: exchange.tuckx.com
- url: https://cryptohardware.shop/files/libeasier.js
- domain: cryptohardware.shop
- url: https://cryptohardware.shop/files/index.php
- url: https://cryptohardware.shop/files/fixxx.php
- url: https://consumer-compare.com/comcat.zip
- file: 46.121.250.34
- hash: 7777
- file: 34.46.126.225
- hash: 443
- file: 139.84.168.180
- hash: 443
- file: 121.37.6.252
- hash: 80
- file: 181.235.162.205
- hash: 8888
- file: 179.43.176.3
- hash: 3393
- file: 191.234.178.8
- hash: 31337
- file: 13.38.23.52
- hash: 443
- file: 104.37.215.108
- hash: 8888
- file: 128.90.113.116
- hash: 2000
- file: 193.29.225.237
- hash: 8808
- file: 196.251.84.194
- hash: 138
- file: 212.216.175.143
- hash: 7443
- file: 138.199.216.110
- hash: 2096
- file: 54.183.76.134
- hash: 8636
- domain: webdisk.multi-canale.com
- file: 104.154.184.205
- hash: 80
- file: 194.5.62.208
- hash: 19000
- domain: mhhio.sbs
- domain: 2.fangzili.top
- domain: liuwei2016.top
- domain: aa1133.gilyzzx.top
- domain: cq2.chenyuhan111.site
- domain: yy43.r5nt.com
- domain: yy46.r5nt.com
- domain: top.saleskaixiao.top
- url: https://trdipwise.bet/api
- url: https://twripnest.bet/api
- url: https://wilidern.life/api
- url: https://touurista.life/api
- url: https://knobnhook.icu/api
- url: https://jetsetgo.life/api
- url: https://getogfone.bet/api
- url: https://gojeourney.life/api
- url: https://gestaway.bet/api
- url: https://pawgsitiv.icu/api
- url: https://tourjoty.bet/api
- url: https://flighbtgo.bet/api
- url: https://jetnroad.bet/api
- url: https://wandesrl.life/api
- url: https://jellydpubli.icu/api
- url: https://globekpey.bet/api
- url: https://voyagenj.bet/api
- url: https://leggbasind.icu/api
- url: https://supjportsho.icu/api
- url: https://crafottcage.icu/api
- url: https://pepedeepz.icu/api
- url: https://oemoutxlet.icu/api
- url: https://stylefstore.icu/api
- url: https://qattachmenta.icu/api
- url: https://czovercabin.icu/api
- url: https://gogetxto.life/api
- url: https://touvrlane.bet/api
- domain: trdipwise.bet
- domain: twripnest.bet
- domain: wilidern.life
- domain: touurista.life
- domain: knobnhook.icu
- domain: jetsetgo.life
- domain: getogfone.bet
- domain: gojeourney.life
- domain: gestaway.bet
- domain: pawgsitiv.icu
- domain: tourjoty.bet
- domain: flighbtgo.bet
- domain: jetnroad.bet
- domain: wandesrl.life
- domain: jellydpubli.icu
- domain: globekpey.bet
- domain: voyagenj.bet
- domain: leggbasind.icu
- domain: supjportsho.icu
- domain: crafottcage.icu
- domain: pepedeepz.icu
- domain: oemoutxlet.icu
- domain: stylefstore.icu
- domain: qattachmenta.icu
- domain: czovercabin.icu
- domain: yy44.r5nt.com
- domain: xlm8713.top
- domain: cs.5seo.co
- domain: vuln.4pts.online
- file: 101.42.231.4
- hash: 443
- file: 120.48.84.23
- hash: 443
- file: 148.66.2.195
- hash: 443
- file: 117.72.41.241
- hash: 7001
- file: 47.109.194.254
- hash: 8888
- file: 34.71.16.3
- hash: 443
- file: 161.97.101.53
- hash: 1996
- file: 161.35.85.95
- hash: 7443
- file: 161.97.113.198
- hash: 3000
- domain: cpanel.d.ora-0-web.com
- domain: cpcalendars.h.web-app-on.com
- domain: cpcalendars.ora-0-web.com
- file: 34.59.15.51
- hash: 80
- file: 176.65.134.153
- hash: 19000
- hash: d6e7547ad7dfd1fbc62e8282aebcc391
- hash: f588802958c35fe18eb87bc36651a3d1
- url: http://47.108.136.66:8888/supershell/login/
- domain: www.halsoft.site
- domain: joplin.amazehome.xyz
- domain: tech1.techemailcomp.com
- file: 129.211.28.15
- hash: 7000
- file: 148.66.2.198
- hash: 443
- file: 144.91.125.234
- hash: 4567
- file: 62.60.154.178
- hash: 7631
- file: 13.238.212.2
- hash: 8443
- file: 165.22.68.245
- hash: 443
- file: 118.26.38.184
- hash: 3333
- file: 138.199.161.251
- hash: 443
- file: 95.217.161.103
- hash: 3333
- file: 146.190.206.23
- hash: 443
- file: 13.51.121.129
- hash: 3333
- file: 49.232.252.76
- hash: 3333
- file: 146.164.170.185
- hash: 8443
- url: https://7targett.top/api
- url: https://uarmoryarch.shop/api
- url: https://yarmamenti.world/api
- file: 46.197.220.52
- hash: 1604
- domain: check.ozotuk.icu
- url: https://check.ozotuk.icu/gkcxv.google
- url: https://check.ysozim.icu/gkcxv.google
- file: 148.66.2.196
- hash: 443
- file: 148.66.2.197
- hash: 443
- file: 148.66.2.194
- hash: 443
- file: 194.59.31.127
- hash: 1818
- domain: clickaccessme.com
- file: 176.65.142.187
- hash: 6606
- file: 176.65.142.187
- hash: 7707
- file: 130.51.21.193
- hash: 9001
- file: 31.42.191.74
- hash: 443
- file: 138.199.216.110
- hash: 2053
- file: 8.138.47.191
- hash: 47486
- domain: cpcontacts.oraonweb.com
- domain: autodiscover.continueoraweb.com
- domain: 51.15.59.34.bc.googleusercontent.com
- file: 116.204.84.234
- hash: 443
- file: 154.204.177.254
- hash: 4444
- file: 116.204.84.234
- hash: 8443
- file: 117.72.113.65
- hash: 443
- file: 8.137.60.154
- hash: 8888
- file: 1.117.63.97
- hash: 80
- file: 131.226.212.246
- hash: 20200
- file: 185.196.8.155
- hash: 80
- file: 50.35.63.195
- hash: 995
- file: 69.157.7.227
- hash: 2222
- file: 74.226.241.33
- hash: 8080
- file: 206.237.5.196
- hash: 443
- file: 192.3.233.207
- hash: 10010
- file: 20.52.146.50
- hash: 443
- file: 120.244.90.59
- hash: 50050
- file: 74.121.148.61
- hash: 31337
- file: 89.223.64.112
- hash: 31337
- file: 118.122.8.154
- hash: 35100
- file: 54.166.193.172
- hash: 9161
- file: 34.246.184.106
- hash: 179
- file: 198.12.121.86
- hash: 80
- file: 138.199.216.110
- hash: 2083
- file: 42.51.12.243
- hash: 8333
- file: 182.60.12.228
- hash: 50995
- url: http://85.239.151.121/
- url: http://83.217.209.87/
- url: https://chubbfs.com/uk-en
- url: https://www.twitch.ist/
- domain: paisesbajos12.casacam.net
- file: 51.89.204.162
- hash: 4657
- domain: g5jko7dyn.localto.net
- domain: y0sxz-23886.portmap.host
- file: 147.185.221.27
- hash: 7503
- url: https://drive.google.com/uc?export=download&id=17wwrgc-yonjl62mjnze_xxm4xxvrq_vo
- domain: jimmyudp-raw.xyz
- domain: hmm.serveirc.com
- url: https://pastebin.com/raw/wrlqzvuv
- domain: again-general.gl.at.ply.gg
- domain: tips-topics.gl.at.ply.gg
- domain: w-bridal.gl.at.ply.gg
- domain: kiibo-38554.portmap.host
- file: 193.161.193.99
- hash: 38554
- file: 147.185.221.26
- hash: 63713
- file: 147.185.221.27
- hash: 7522
- file: 147.185.221.27
- hash: 7416
- file: 159.138.22.216
- hash: 8888
- file: 196.251.118.9
- hash: 80
- file: 194.59.31.60
- hash: 2404
- file: 103.181.34.178
- hash: 8080
- file: 130.51.21.193
- hash: 8443
- file: 193.233.254.9
- hash: 80
- domain: autodiscover.efcommxerce.ru
- file: 212.27.12.9
- hash: 443
- file: 13.247.185.225
- hash: 465
- domain: cpcontacts.webprocediweb.com
- domain: biolevelerage.com
- domain: oss-mucigjorqf.cn-beijing.fcapp.run
- file: 107.174.67.215
- hash: 7421
- file: 135.237.137.54
- hash: 443
- file: 185.184.123.79
- hash: 54412
- file: 39.100.91.89
- hash: 80
- file: 87.121.52.152
- hash: 54412
- domain: tenvd10th.top
- domain: sixvd6th.top
- domain: onevd1th.top
- domain: cn63230.tw1.ru
- domain: mioww.uebki.one
- file: 120.26.90.167
- hash: 4444
- file: 47.101.220.0
- hash: 80
- domain: eightvd8th.top
- file: 179.43.176.30
- hash: 443
- file: 91.184.248.46
- hash: 8000
- file: 196.251.87.112
- hash: 8808
- domain: 91.103.253.107.sslip.io
- file: 177.45.150.33
- hash: 7000
- file: 45.133.180.138
- hash: 8000
- domain: webdisk.i.web-app-on.com
- file: 37.48.64.102
- hash: 4950
- file: 93.115.172.125
- hash: 1133
- file: 123.56.127.50
- hash: 80
- file: 47.122.87.11
- hash: 8090
- file: 15.236.224.222
- hash: 8080
- file: 8.155.7.133
- hash: 8989
- file: 195.206.234.37
- hash: 8808
- file: 196.251.69.138
- hash: 777
- file: 109.120.179.109
- hash: 80
- file: 193.233.254.9
- hash: 2053
- file: 147.79.20.219
- hash: 8000
- file: 148.66.21.235
- hash: 4433
- file: 148.66.21.238
- hash: 4433
- file: 185.208.159.45
- hash: 3030
- file: 91.225.217.174
- hash: 50001
- file: 212.224.86.224
- hash: 9000
- file: 120.26.48.72
- hash: 47486
- file: 185.121.13.205
- hash: 80
- file: 95.111.203.29
- hash: 8443
- file: 103.103.46.12
- hash: 53
- file: 103.142.147.18
- hash: 60000
- file: 103.142.147.19
- hash: 60000
- file: 110.41.15.84
- hash: 60000
- file: 144.208.127.129
- hash: 443
- file: 144.208.127.129
- hash: 7443
- url: https://7weaponwo.life/api
- file: 162.245.188.151
- hash: 443
- file: 177.136.225.140
- hash: 8888
- file: 2.56.166.131
- hash: 443
- file: 45.145.228.33
- hash: 60000
- file: 82.153.79.9
- hash: 8888
- file: 43.138.54.95
- hash: 4477
- file: 101.126.87.67
- hash: 8005
- file: 124.156.152.103
- hash: 443
- file: 106.75.224.31
- hash: 8082
- file: 120.24.55.183
- hash: 443
- file: 91.184.248.46
- hash: 31337
- file: 34.71.16.3
- hash: 31337
- file: 196.251.69.252
- hash: 31337
- file: 3.249.103.77
- hash: 873
- file: 105.197.230.51
- hash: 1177
- file: 186.249.218.142
- hash: 50000
- url: https://onlyfans.fans/
- url: https://chubbfs.com/worldwide-en/
- domain: shairwest.com
- url: https://drive.google.com/uc?export=download&id=14igxwph3f-nhxbftt5yrmf8utcpjrbuo
- domain: onion366-38169.portmap.host
- domain: u871378.nvpn.so
- domain: flash-recovered.gl.at.ply.gg
- domain: these-suites.gl.at.ply.gg
- url: https://onedrive.live.com/download?cid=674027e0093531ef&resid=674027e0093531ef%21115&authkey=agjbhim6m1nvx-w
- url: https://telete.in/char0nsevenll
- domain: audiorm6.duckdns.org
- domain: minecraftservernlen.ddns.net
- domain: german-kuwait.gl.at.ply.gg
- domain: showport2025iii-57523.portmap.host
- url: https://orbitrxh.shop/giwuioe
- url: https://esccapewz.run/ansbwqy
- url: https://travewlio.shop/znxbhi
- url: https://touvrlane.bet/askwjq
- url: https://sighbtseeing.shop/asjnzh
- url: https://advennture.top/gksiio
- url: https://targett.top/dsangt
- url: https://holidamyup.today/aozkns
- url: https://triplooqp.world/apowk
- domain: spacefyu.today
- file: 120.48.84.23
- hash: 80
- file: 38.147.170.156
- hash: 80
ThreatFox IOCs for 2025-03-22
Medium
Published: Sat Mar 22 2025 (03/22/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-22
AI-Powered Analysis
AILast updated: 06/19/2025, 15:05:10 UTC
Technical Analysis
The provided threat intelligence concerns a malware-related entry titled 'ThreatFox IOCs for 2025-03-22' sourced from ThreatFox, an open-source threat intelligence platform. The entry is categorized under 'type:osint' and 'tlp:white', indicating that it is openly shareable information derived from open-source intelligence. There are no specific affected product versions or detailed technical indicators (IOCs) included, and no known exploits in the wild have been reported. The threat level is rated as 2 on an unspecified scale, with analysis and distribution values of 1 and 3 respectively, suggesting a moderate distribution but limited detailed analysis. The absence of CWE identifiers, patch links, or detailed technical descriptions implies that this entry is primarily an informational update rather than an active or well-characterized malware campaign. The lack of indicators and affected versions further suggests that this intelligence may be preparatory or preliminary, possibly listing indicators of compromise (IOCs) collected on the specified date but without actionable exploitation details. Overall, this threat appears to represent a medium-severity malware-related intelligence update with limited technical depth and no immediate exploitation evidence.
Potential Impact
Given the limited technical details and absence of known exploits, the direct impact on European organizations is currently low to medium. However, the presence of malware-related IOCs in open-source intelligence can signal emerging threats or reconnaissance activities that may precede targeted attacks. European organizations relying on open-source threat intelligence feeds should consider this as a potential early warning. The impact could manifest as increased risk of malware infections if these IOCs correspond to active malware campaigns not yet widely detected. Confidentiality, integrity, and availability impacts remain uncertain but could escalate if the malware evolves or is leveraged in targeted attacks. The medium severity rating suggests vigilance but no immediate crisis. Organizations in critical infrastructure, finance, and government sectors in Europe should monitor for related indicators and prepare for potential escalation, especially given the moderate distribution rating which implies some level of spread or awareness in the threat landscape.
Mitigation Recommendations
1. Enhance threat intelligence integration by incorporating updated IOCs from ThreatFox and other OSINT sources into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to improve detection capabilities. 2. Conduct proactive threat hunting exercises focusing on the limited but emerging IOCs to identify any early signs of compromise within the network. 3. Maintain up-to-date endpoint protection platforms with heuristic and behavior-based detection to identify novel or unknown malware variants that may not yet have signatures. 4. Implement network segmentation and strict access controls to limit lateral movement should an infection occur. 5. Increase user awareness training emphasizing cautious handling of suspicious files and links, as user interaction vectors remain a common infection pathway. 6. Regularly review and update incident response plans to incorporate potential scenarios involving emerging malware threats identified through OSINT. 7. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely alerts on evolving threats.
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d9ce7d89-3e42-4b82-b2e7-dc4581aaad9c
- Original Timestamp
- 1742688188
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.ioqoda.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmozillastatus.com | magecart credit card skimming domain (confidence level: 100%) | |
domainfiltercategory.com | magecart credit card skimming domain (confidence level: 100%) | |
domainstripepayway.com | magecart credit card skimming domain (confidence level: 100%) | |
domaincachecaptcha.com | magecart credit card skimming domain (confidence level: 100%) | |
domaincdnnewassets.com | magecart credit card skimming domain (confidence level: 100%) | |
domainkeritysuc.xyz | magecart credit card skimming domain (confidence level: 100%) | |
domainapprovalreceipt.com | magecart credit card skimming domain (confidence level: 100%) | |
domainassets-tokens.com | magecart credit card skimming domain (confidence level: 100%) | |
domaincdnstatics.net | magecart credit card skimming domain (confidence level: 100%) | |
domaincdnstaticnetwork.net | magecart credit card skimming domain (confidence level: 100%) | |
domainwebjquery.com | magecart credit card skimming domain (confidence level: 100%) | |
domainstatnestt.com | magecart credit card skimming domain (confidence level: 100%) | |
domaincloudsolutio.com | magecart credit card skimming domain (confidence level: 100%) | |
domaincdnmozilla.com | magecart credit card skimming domain (confidence level: 100%) | |
domaincdn.jsdelivr.at | magecart credit card skimming domain (confidence level: 100%) | |
domainexchange.tuckx.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincryptohardware.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainwebdisk.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmhhio.sbs | SpyNote botnet C2 domain (confidence level: 100%) | |
domain2.fangzili.top | SpyNote botnet C2 domain (confidence level: 50%) | |
domainliuwei2016.top | SpyNote botnet C2 domain (confidence level: 75%) | |
domainaa1133.gilyzzx.top | SpyNote botnet C2 domain (confidence level: 50%) | |
domaincq2.chenyuhan111.site | SpyNote botnet C2 domain (confidence level: 50%) | |
domainyy43.r5nt.com | SpyNote botnet C2 domain (confidence level: 50%) | |
domainyy46.r5nt.com | SpyNote botnet C2 domain (confidence level: 50%) | |
domaintop.saleskaixiao.top | SpyNote botnet C2 domain (confidence level: 50%) | |
domaintrdipwise.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintwripnest.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwilidern.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintouurista.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainknobnhook.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjetsetgo.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingetogfone.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingojeourney.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingestaway.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpawgsitiv.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintourjoty.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainflighbtgo.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjetnroad.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwandesrl.life | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjellydpubli.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainglobekpey.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvoyagenj.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainleggbasind.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsupjportsho.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincrafottcage.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpepedeepz.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainoemoutxlet.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstylefstore.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainqattachmenta.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainczovercabin.icu | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainyy44.r5nt.com | SpyNote botnet C2 domain (confidence level: 50%) | |
domainxlm8713.top | SpyNote botnet C2 domain (confidence level: 50%) | |
domaincs.5seo.co | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainvuln.4pts.online | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincpanel.d.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.h.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwww.halsoft.site | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainjoplin.amazehome.xyz | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaintech1.techemailcomp.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domaincheck.ozotuk.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainclickaccessme.com | Remcos botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.oraonweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainautodiscover.continueoraweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domain51.15.59.34.bc.googleusercontent.com | MimiKatz botnet C2 domain (confidence level: 100%) | |
domainpaisesbajos12.casacam.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaing5jko7dyn.localto.net | DarkComet botnet C2 domain (confidence level: 50%) | |
domainy0sxz-23886.portmap.host | DCRat botnet C2 domain (confidence level: 50%) | |
domainjimmyudp-raw.xyz | Mirai botnet C2 domain (confidence level: 50%) | |
domainhmm.serveirc.com | Nanocore RAT botnet C2 domain (confidence level: 50%) | |
domainagain-general.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaintips-topics.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainw-bridal.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainkiibo-38554.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainautodiscover.efcommxerce.ru | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.webprocediweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainbiolevelerage.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainoss-mucigjorqf.cn-beijing.fcapp.run | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaintenvd10th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainsixvd6th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domainonevd1th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domaincn63230.tw1.ru | DCRat botnet C2 domain (confidence level: 100%) | |
domainmioww.uebki.one | DCRat botnet C2 domain (confidence level: 100%) | |
domaineightvd8th.top | CryptBot botnet C2 domain (confidence level: 100%) | |
domain91.103.253.107.sslip.io | Hook botnet C2 domain (confidence level: 100%) | |
domainwebdisk.i.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainshairwest.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainonion366-38169.portmap.host | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainu871378.nvpn.so | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainflash-recovered.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainthese-suites.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainaudiorm6.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainminecraftservernlen.ddns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domaingerman-kuwait.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainshowport2025iii-57523.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainspacefyu.today | Lumma Stealer botnet C2 domain (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file194.180.191.171 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file62.60.154.3 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file108.59.7.43 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file23.133.88.96 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file46.121.250.34 | NjRAT botnet C2 server (confidence level: 75%) | |
file34.46.126.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.84.168.180 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.6.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.235.162.205 | Remcos botnet C2 server (confidence level: 100%) | |
file179.43.176.3 | Remcos botnet C2 server (confidence level: 100%) | |
file191.234.178.8 | Sliver botnet C2 server (confidence level: 100%) | |
file13.38.23.52 | Sliver botnet C2 server (confidence level: 100%) | |
file104.37.215.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.113.116 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.29.225.237 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file212.216.175.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.199.216.110 | Havoc botnet C2 server (confidence level: 100%) | |
file54.183.76.134 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file104.154.184.205 | MimiKatz botnet C2 server (confidence level: 100%) | |
file194.5.62.208 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file101.42.231.4 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file120.48.84.23 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file148.66.2.195 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.41.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.194.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.71.16.3 | Sliver botnet C2 server (confidence level: 100%) | |
file161.97.101.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file161.35.85.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.97.113.198 | DCRat botnet C2 server (confidence level: 100%) | |
file34.59.15.51 | MimiKatz botnet C2 server (confidence level: 100%) | |
file176.65.134.153 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file129.211.28.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.91.125.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file62.60.154.178 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.238.212.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.22.68.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.26.38.184 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.199.161.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.217.161.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.190.206.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.51.121.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.232.252.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.164.170.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.197.220.52 | NjRAT botnet C2 server (confidence level: 75%) | |
file148.66.2.196 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file148.66.2.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.59.31.127 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.142.187 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.187 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file130.51.21.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.42.191.74 | Havoc botnet C2 server (confidence level: 100%) | |
file138.199.216.110 | Havoc botnet C2 server (confidence level: 100%) | |
file8.138.47.191 | Chaos botnet C2 server (confidence level: 100%) | |
file116.204.84.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.204.177.254 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.204.84.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.113.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.137.60.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.117.63.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file131.226.212.246 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.196.8.155 | Broomstick botnet C2 server (confidence level: 75%) | |
file50.35.63.195 | QakBot botnet C2 server (confidence level: 75%) | |
file69.157.7.227 | QakBot botnet C2 server (confidence level: 75%) | |
file74.226.241.33 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file206.237.5.196 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file192.3.233.207 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file20.52.146.50 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file120.244.90.59 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file74.121.148.61 | Sliver botnet C2 server (confidence level: 50%) | |
file89.223.64.112 | Sliver botnet C2 server (confidence level: 50%) | |
file118.122.8.154 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.166.193.172 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file34.246.184.106 | BlackShades botnet C2 server (confidence level: 50%) | |
file198.12.121.86 | Unknown malware botnet C2 server (confidence level: 50%) | |
file138.199.216.110 | Havoc botnet C2 server (confidence level: 50%) | |
file42.51.12.243 | Unknown malware botnet C2 server (confidence level: 50%) | |
file182.60.12.228 | Mozi botnet C2 server (confidence level: 50%) | |
file51.89.204.162 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.27 | DCRat botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.26 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.27 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.27 | XWorm botnet C2 server (confidence level: 50%) | |
file159.138.22.216 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.118.9 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.59.31.60 | Remcos botnet C2 server (confidence level: 100%) | |
file103.181.34.178 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file130.51.21.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.233.254.9 | Hook botnet C2 server (confidence level: 100%) | |
file212.27.12.9 | Havoc botnet C2 server (confidence level: 100%) | |
file13.247.185.225 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.174.67.215 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file135.237.137.54 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.184.123.79 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file39.100.91.89 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file87.121.52.152 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file120.26.90.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.101.220.0 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.43.176.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.184.248.46 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.87.112 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file177.45.150.33 | Venom RAT botnet C2 server (confidence level: 100%) | |
file45.133.180.138 | DCRat botnet C2 server (confidence level: 100%) | |
file37.48.64.102 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file93.115.172.125 | Unidentified 118 botnet C2 server (confidence level: 100%) | |
file123.56.127.50 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.87.11 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file15.236.224.222 | Sliver botnet C2 server (confidence level: 100%) | |
file8.155.7.133 | Sliver botnet C2 server (confidence level: 100%) | |
file195.206.234.37 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.69.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file109.120.179.109 | Hook botnet C2 server (confidence level: 100%) | |
file193.233.254.9 | Hook botnet C2 server (confidence level: 100%) | |
file147.79.20.219 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file148.66.21.235 | DCRat botnet C2 server (confidence level: 100%) | |
file148.66.21.238 | DCRat botnet C2 server (confidence level: 100%) | |
file185.208.159.45 | DCRat botnet C2 server (confidence level: 100%) | |
file91.225.217.174 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file212.224.86.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file120.26.48.72 | Chaos botnet C2 server (confidence level: 100%) | |
file185.121.13.205 | Bashlite botnet C2 server (confidence level: 100%) | |
file95.111.203.29 | MimiKatz botnet C2 server (confidence level: 100%) | |
file103.103.46.12 | Sliver botnet C2 server (confidence level: 75%) | |
file103.142.147.18 | Unknown malware botnet C2 server (confidence level: 75%) | |
file103.142.147.19 | Unknown malware botnet C2 server (confidence level: 75%) | |
file110.41.15.84 | Unknown malware botnet C2 server (confidence level: 75%) | |
file144.208.127.129 | Sliver botnet C2 server (confidence level: 75%) | |
file144.208.127.129 | Sliver botnet C2 server (confidence level: 75%) | |
file162.245.188.151 | Sliver botnet C2 server (confidence level: 75%) | |
file177.136.225.140 | Sliver botnet C2 server (confidence level: 75%) | |
file2.56.166.131 | Sliver botnet C2 server (confidence level: 75%) | |
file45.145.228.33 | Unknown malware botnet C2 server (confidence level: 75%) | |
file82.153.79.9 | Sliver botnet C2 server (confidence level: 75%) | |
file43.138.54.95 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file101.126.87.67 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file124.156.152.103 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file106.75.224.31 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file120.24.55.183 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file91.184.248.46 | Sliver botnet C2 server (confidence level: 50%) | |
file34.71.16.3 | Sliver botnet C2 server (confidence level: 50%) | |
file196.251.69.252 | Sliver botnet C2 server (confidence level: 50%) | |
file3.249.103.77 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file105.197.230.51 | NjRAT botnet C2 server (confidence level: 50%) | |
file186.249.218.142 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file120.48.84.23 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.147.170.156 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash7777 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Remcos botnet C2 server (confidence level: 100%) | |
hash3393 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2096 | Havoc botnet C2 server (confidence level: 100%) | |
hash8636 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash1996 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hashd6e7547ad7dfd1fbc62e8282aebcc391 | Qilin payload (confidence level: 50%) | |
hashf588802958c35fe18eb87bc36651a3d1 | Qilin payload (confidence level: 50%) | |
hash7000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4567 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7631 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1604 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1818 | Remcos botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2053 | Havoc botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20200 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash80 | Broomstick botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash10010 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash35100 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9161 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash179 | BlackShades botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash2083 | Havoc botnet C2 server (confidence level: 50%) | |
hash8333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash50995 | Mozi botnet C2 server (confidence level: 50%) | |
hash4657 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7503 | DCRat botnet C2 server (confidence level: 50%) | |
hash38554 | XWorm botnet C2 server (confidence level: 50%) | |
hash63713 | XWorm botnet C2 server (confidence level: 50%) | |
hash7522 | XWorm botnet C2 server (confidence level: 50%) | |
hash7416 | XWorm botnet C2 server (confidence level: 50%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash465 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7421 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54412 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54412 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8000 | DCRat botnet C2 server (confidence level: 100%) | |
hash4950 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1133 | Unidentified 118 botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash8989 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash2053 | Hook botnet C2 server (confidence level: 100%) | |
hash8000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash4433 | DCRat botnet C2 server (confidence level: 100%) | |
hash3030 | DCRat botnet C2 server (confidence level: 100%) | |
hash50001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash8443 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash53 | Sliver botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash7443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash4477 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8005 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash873 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash50000 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://cryptohardware.shop/files/libeasier.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cryptohardware.shop/files/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://cryptohardware.shop/files/fixxx.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://consumer-compare.com/comcat.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://trdipwise.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://twripnest.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wilidern.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://touurista.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://knobnhook.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://jetsetgo.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://getogfone.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gojeourney.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gestaway.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pawgsitiv.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://tourjoty.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://flighbtgo.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://jetnroad.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wandesrl.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://jellydpubli.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://globekpey.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://voyagenj.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://leggbasind.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://supjportsho.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://crafottcage.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pepedeepz.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://oemoutxlet.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://stylefstore.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://qattachmenta.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://czovercabin.icu/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://gogetxto.life/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://touvrlane.bet/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://47.108.136.66:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://7targett.top/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://uarmoryarch.shop/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://yarmamenti.world/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.ozotuk.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.ysozim.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://85.239.151.121/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://83.217.209.87/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://chubbfs.com/uk-en | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.twitch.ist/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://drive.google.com/uc?export=download&id=17wwrgc-yonjl62mjnze_xxm4xxvrq_vo | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/wrlqzvuv | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://7weaponwo.life/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://onlyfans.fans/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://chubbfs.com/worldwide-en/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://drive.google.com/uc?export=download&id=14igxwph3f-nhxbftt5yrmf8utcpjrbuo | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://onedrive.live.com/download?cid=674027e0093531ef&resid=674027e0093531ef%21115&authkey=agjbhim6m1nvx-w | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttps://telete.in/char0nsevenll | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://orbitrxh.shop/giwuioe | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://esccapewz.run/ansbwqy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://travewlio.shop/znxbhi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://touvrlane.bet/askwjq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sighbtseeing.shop/asjnzh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://advennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://targett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://holidamyup.today/aozkns | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://triplooqp.world/apowk | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7db7e8347ec82d2bd94f
Added to database: 5/20/2025, 1:03:51 PM
Last enriched: 6/19/2025, 3:05:10 PM
Last updated: 8/13/2025, 5:23:59 PM
Views: 16
Related Threats
ThreatFox IOCs for 2025-08-13
MediumMalwareThu Aug 14 2025
Efimer Trojan Steals Crypto, Hacks WordPress Sites via Torrents and Phishing
MediumMalwareWed Aug 13 2025
Silent Watcher: Dissecting Cmimai Stealer's VBS Payload
MediumMalwareWed Aug 13 2025
CastleLoader Analysis
MediumMalwareWed Aug 13 2025
The Dark Side of Parental Control Apps
MediumMalwareWed Aug 13 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.