ThreatFox IOCs for 2025-03-30
Severity: mediumType: malware
ThreatFox IOCs for 2025-03-30
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-03-30," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) relevant to malware threats as of March 30, 2025. However, the data lacks specific technical details such as affected software versions, malware family names, attack vectors, or exploitation techniques. The threat level is indicated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination but limited detailed analysis. No known exploits in the wild are reported, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The absence of indicators and detailed technical descriptions limits the ability to precisely characterize the malware's behavior, infection methods, or payload impact. The tags indicate the data is OSINT-based and marked with TLP:WHITE, meaning it is intended for public sharing without restriction. Overall, this threat intelligence entry serves as a general alert about emerging or ongoing malware activity but lacks actionable technical specifics.
Potential Impact
Given the limited information, the potential impact on European organizations is difficult to quantify precisely. The medium severity rating suggests a moderate risk level, potentially involving malware that could affect confidentiality, integrity, or availability to some extent. The absence of known exploits in the wild and lack of detailed attack vectors imply that immediate widespread impact is unlikely. However, the distribution rating of 3 indicates that the malware or its indicators may be moderately disseminated, possibly targeting multiple sectors or organizations. European entities relying on OSINT feeds for threat detection may benefit from this intelligence to enhance situational awareness. Without specific affected products or vulnerabilities, the impact is likely to be generalized rather than targeted. Nonetheless, organizations should remain vigilant, as malware threats can evolve rapidly, and early awareness can aid in proactive defense.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and correlate with internal logs to identify potential indicators early. 3. Conduct targeted threat hunting exercises focusing on behaviors and artifacts commonly associated with malware, even in the absence of specific IOCs. 4. Maintain robust endpoint protection with behavioral analysis to detect anomalous activities that signature-based detection might miss. 5. Implement strict network segmentation and least privilege access controls to limit malware propagation if infection occurs. 6. Educate security teams on interpreting OSINT-based threat intelligence and integrating it effectively into incident response workflows. 7. Since no patches or CVEs are associated, focus on general best practices such as timely software updates, vulnerability management, and user awareness training to reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: check.taxiz.icu
- domain: purestform20.duckdns.org
- domain: check.jexat.icu
- file: 68.168.223.95
- hash: 56001
- file: 68.168.223.95
- hash: 56003
- file: 68.168.223.95
- hash: 49666
- domain: downssaup.top
- domain: electrum.org.ph
- domain: check.munyw.icu
- file: 47.92.201.70
- hash: 9090
- file: 128.90.113.158
- hash: 8808
- file: 103.229.81.203
- hash: 6606
- file: 193.42.36.133
- hash: 2004
- file: 75.127.89.38
- hash: 80
- file: 86.124.29.154
- hash: 2
- file: 86.124.29.154
- hash: 502
- file: 86.124.29.154
- hash: 2443
- file: 86.124.29.154
- hash: 8389
- file: 86.124.29.154
- hash: 9200
- file: 86.124.29.154
- hash: 5
- file: 86.124.29.154
- hash: 2083
- file: 86.124.29.154
- hash: 45879
- file: 86.124.29.154
- hash: 1961
- file: 86.124.29.154
- hash: 8020
- file: 86.124.29.154
- hash: 14265
- file: 86.124.29.154
- hash: 8880
- file: 86.124.29.154
- hash: 55187
- file: 77.246.99.16
- hash: 8443
- file: 23.227.202.132
- hash: 11443
- file: 23.227.202.132
- hash: 12443
- file: 44.246.125.235
- hash: 54848
- file: 98.82.13.245
- hash: 11112
- domain: autodiscover.gestisciweb.com
- domain: cpcontacts.gfjd.104-168-101-27.cprapid.com
- domain: webdisk.e.ora-0-web.com
- file: 147.185.221.18
- hash: 16843
- domain: animal-premium.gl.at.ply.gg
- file: 18.157.68.73
- hash: 17350
- file: 18.156.13.209
- hash: 17350
- file: 3.127.138.57
- hash: 17350
- domain: 94ad2ccedf2c.edge.sdk.netcloudclick.com
- domain: 9f813abedf2f.edge.sdk.netcloudclick.com
- file: 118.26.38.52
- hash: 80
- file: 196.251.87.226
- hash: 443
- file: 51.38.137.114
- hash: 3778
- domain: ecs-1-92-142-27.compute.hwclouds-dns.com
- file: 152.69.221.79
- hash: 8877
- file: 49.113.78.215
- hash: 8888
- file: 5.180.155.240
- hash: 8808
- file: 128.90.113.158
- hash: 2000
- file: 121.189.208.94
- hash: 443
- file: 51.15.194.103
- hash: 80
- file: 51.15.194.103
- hash: 8080
- file: 51.15.194.103
- hash: 8081
- file: 147.135.209.16
- hash: 4443
- file: 147.135.209.16
- hash: 8080
- file: 147.135.209.16
- hash: 8090
- file: 172.105.213.140
- hash: 8090
- file: 172.105.213.140
- hash: 80
- file: 172.105.213.140
- hash: 8000
- file: 44.212.25.169
- hash: 3333
- file: 3.107.186.1
- hash: 3333
- file: 47.94.183.79
- hash: 3333
- file: 194.238.22.43
- hash: 443
- file: 185.39.175.214
- hash: 3333
- file: 153.126.182.181
- hash: 3333
- file: 34.32.141.1
- hash: 4141
- file: 15.188.185.232
- hash: 7001
- domain: webdisk.e.multi-canale.com
- domain: cpcalendars.oraonweb.com
- domain: cpcontacts.gestisciweb.com
- domain: mail.d.multi-canale.com
- file: 154.205.142.249
- hash: 8089
- file: 140.143.185.160
- hash: 8771
- file: 176.82.138.228
- hash: 6000
- file: 148.72.155.196
- hash: 10001
- file: 84.132.23.66
- hash: 80
- url: http://leak-my-tits.linkpc.net/
- url: https://pastebin.com/raw/q6cqrvgm
- domain: born-pupils.gl.at.ply.gg
- domain: control.wolm.life
- file: 74.201.216.45
- hash: 6606
- file: 74.201.216.45
- hash: 7707
- file: 74.201.216.45
- hash: 8808
- domain: pro-ram.gl.at.ply.gg
- domain: heibeo-cnc.duckdns.org
- file: 213.209.143.58
- hash: 2095
- domain: fonotib645-32542.portmap.host
- url: https://pastebin.com/raw/rculsgyh
- domain: mortgage-ctrl.gl.at.ply.gg
- file: 147.185.221.19
- hash: 11694
- hash: 03c2034d91589b84d2f95b5e9408aedb
- hash: b0874f942efea5a90240477dc6c16de4
- hash: f5eadd3928e3432e873d813683e174fd
- domain: check.maxec.icu
- url: https://check.maxec.icu/gkcxv.google
- file: 107.148.52.204
- hash: 4444
- file: 208.64.33.74
- hash: 8080
- file: 35.220.139.126
- hash: 443
- file: 38.55.199.146
- hash: 80
- file: 111.230.96.93
- hash: 8888
- file: 198.50.248.232
- hash: 8808
- file: 52.240.158.4
- hash: 7443
- file: 77.239.124.129
- hash: 8080
- file: 180.188.179.113
- hash: 40033
- domain: iptv-reseller-internal.com
- domain: cpanel.aaa.104-168-101-27.cprapid.com
- domain: check.doguw.icu
- url: https://check.doguw.icu/gkcxv.google
- url: https://ticketvistas.com/diagnostics.php
- url: https://shaundoose.com/diagnostics.php
- file: 188.130.206.243
- hash: 443
- file: 148.251.70.60
- hash: 443
- file: 147.45.196.157
- hash: 443
- file: 46.8.232.106
- hash: 443
- file: 46.8.236.61
- hash: 443
- file: 38.244.132.66
- hash: 443
- domain: check.sanyq.icu
- url: https://check.sanyq.icu/gkcxv.google
- domain: documents-johnny.gl.at.ply.gg
- file: 104.168.172.79
- hash: 50888
- file: 165.227.163.243
- hash: 443
- url: https://5wxayfarer.live/alosnz
- url: https://bferromny.digital/gwpd
- url: https://dadvennture.top/gksiio
- file: 70.27.138.69
- hash: 2222
- domain: check.xelan.icu
- url: https://check.xelan.icu/gkcxv.google
- domain: check.fenin.icu
- url: https://check.fenin.icu/gkcxv.google
- domain: check.jetex.icu
- url: https://check.jetex.icu/gkcxv.google
- domain: ahyponer.nextlevelnetworkpro.com
- domain: bog304.umhelp.top
- domain: coreedgetechpro.com
- domain: fqhqhelp.top
- domain: pythontesthelp.top
- domain: triuws01.com.de
- url: https://check.kosif.icu/gkcxv.google
- domain: check.kosif.icu
- file: 209.141.43.206
- hash: 3778
- file: 20.255.59.102
- hash: 7443
- file: 18.153.12.108
- hash: 15443
- file: 216.238.83.84
- hash: 80
- file: 104.85.39.31
- hash: 6958
- file: 104.96.146.61
- hash: 6958
- file: 92.122.106.145
- hash: 6958
- file: 104.103.92.35
- hash: 6958
- file: 23.38.156.99
- hash: 6958
- domain: kamru.ru
- domain: check.fihoj.icu
- url: https://check.fihoj.icu/gkcxv.google
- domain: security.kasperskys.top
- domain: lunoxorn.top
- domain: ngotronl.run
- domain: check.bumac.icu
- url: https://check.bumac.icu/gkcxv.google
- file: 49.232.143.137
- hash: 443
- file: 81.70.241.213
- hash: 4444
- file: 2.39.166.250
- hash: 2404
- file: 128.90.113.158
- hash: 4000
- file: 78.84.255.121
- hash: 8808
- file: 46.246.80.8
- hash: 1000
- file: 3.8.181.229
- hash: 8808
- file: 192.227.227.198
- hash: 7077
- file: 90.116.79.184
- hash: 4782
- file: 45.137.201.24
- hash: 8000
- file: 79.72.70.85
- hash: 80
- file: 185.254.28.9
- hash: 5566
- file: 13.60.238.152
- hash: 17778
- domain: webmail.m.web-app-on.com
- url: https://check.togez.icu/gkcxv.google
- domain: check.togez.icu
- domain: check.botuh.icu
- url: https://check.botuh.icu/gkcxv.google
- url: http://apparelafternoon.icu/rout.php
- url: http://minuteshape.icu/uri.php
- url: http://minuteshape.icu/ury.php
- domain: warbasket.xyz
- url: https://roamtgrip.shop/gspzod
- url: https://rsighbtseeing.shop/asjnzh
- file: 3.27.199.84
- hash: 9182
- domain: moonishs.live
- url: https://voyagiei.run/giuwo
- url: https://staroney.today/euwuioz
- domain: gunlimit.digital
- domain: check.hydod.icu
- url: https://check.hydod.icu/gkcxv.google
- url: https://1targett.top/dsangt
- url: https://1travelilx.top/gskaiz
- url: https://galxnetb.today/gsuiao
- url: https://gstarcloc.bet/goksao
- url: https://ironloxp.live/aksdd
- url: https://metalsyo.digital/opsa
- url: https://navstarx.shop/foajsi
- url: https://ntargett.top/dsangt
- url: https://qadvennture.top/gksiio
- url: https://spacedbv.world/ekdlsk
- url: https://starcloc.bet/goksao
- file: 196.251.90.23
- hash: 6900
- domain: commoffice.xyz
- file: 103.28.89.34
- hash: 10101
- domain: acschoolcatering.com
- domain: roofcolor.com
- url: http://www.roofcolor.com/wp-includes/js/src/upload.php
- domain: evolution007.hopto.org
- file: 196.251.69.96
- hash: 7789
- domain: functions-pressing.gl.at.ply.gg
- url: https://catterjur.run/bosnzhu
- url: https://fostinjec.today/lksnaz
- url: https://garagedrootz.top/opsojan
- url: https://modelshiverd.icu/bjhnsj
- url: https://orangemyther.live/iozz
- url: https://paweshom.digital/gfet
- url: https://sterpickced.digital/plsoz
- url: https://wfyzizcy.eza/rveldza
- domain: jeggawire.ddns.net
- file: 124.66.208.143
- hash: 443
- file: 95.174.93.233
- hash: 8443
- file: 107.189.27.163
- hash: 8000
- file: 154.211.98.251
- hash: 8888
- file: 74.48.17.196
- hash: 8888
- file: 176.65.144.103
- hash: 7707
- file: 135.125.27.216
- hash: 6745
- file: 196.251.69.138
- hash: 8888
- file: 198.244.249.180
- hash: 7443
- file: 196.251.118.210
- hash: 8088
- domain: www.asistani.com.tr
- file: 43.133.27.183
- hash: 80
- file: 176.65.142.34
- hash: 19000
- file: 1.94.123.21
- hash: 60000
- file: 107.189.27.163
- hash: 443
- file: 107.189.27.163
- hash: 8888
- file: 188.23.172.141
- hash: 8000
- file: 201.191.171.216
- hash: 443
- url: https://check.zixit.icu/gkcxv.google
ThreatFox IOCs for 2025-03-30
Medium
Published: Sun Mar 30 2025 (03/30/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-03-30
AI-Powered Analysis
AILast updated: 06/19/2025, 15:04:11 UTC
Technical Analysis
The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-03-30," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) relevant to malware threats as of March 30, 2025. However, the data lacks specific technical details such as affected software versions, malware family names, attack vectors, or exploitation techniques. The threat level is indicated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination but limited detailed analysis. No known exploits in the wild are reported, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The absence of indicators and detailed technical descriptions limits the ability to precisely characterize the malware's behavior, infection methods, or payload impact. The tags indicate the data is OSINT-based and marked with TLP:WHITE, meaning it is intended for public sharing without restriction. Overall, this threat intelligence entry serves as a general alert about emerging or ongoing malware activity but lacks actionable technical specifics.
Potential Impact
Given the limited information, the potential impact on European organizations is difficult to quantify precisely. The medium severity rating suggests a moderate risk level, potentially involving malware that could affect confidentiality, integrity, or availability to some extent. The absence of known exploits in the wild and lack of detailed attack vectors imply that immediate widespread impact is unlikely. However, the distribution rating of 3 indicates that the malware or its indicators may be moderately disseminated, possibly targeting multiple sectors or organizations. European entities relying on OSINT feeds for threat detection may benefit from this intelligence to enhance situational awareness. Without specific affected products or vulnerabilities, the impact is likely to be generalized rather than targeted. Nonetheless, organizations should remain vigilant, as malware threats can evolve rapidly, and early awareness can aid in proactive defense.
Mitigation Recommendations
1. Integrate ThreatFox IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and correlate with internal logs to identify potential indicators early. 3. Conduct targeted threat hunting exercises focusing on behaviors and artifacts commonly associated with malware, even in the absence of specific IOCs. 4. Maintain robust endpoint protection with behavioral analysis to detect anomalous activities that signature-based detection might miss. 5. Implement strict network segmentation and least privilege access controls to limit malware propagation if infection occurs. 6. Educate security teams on interpreting OSINT-based threat intelligence and integrating it effectively into incident response workflows. 7. Since no patches or CVEs are associated, focus on general best practices such as timely software updates, vulnerability management, and user awareness training to reduce attack surface.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 7b9c53fd-3e23-4e1a-8c00-8b1d209b4395
- Original Timestamp
- 1743379387
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.taxiz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpurestform20.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincheck.jexat.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindownssaup.top | Unknown RAT payload delivery domain (confidence level: 100%) | |
domainelectrum.org.ph | Unknown RAT botnet C2 domain (confidence level: 50%) | |
domaincheck.munyw.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainautodiscover.gestisciweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.gfjd.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainwebdisk.e.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainanimal-premium.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domain94ad2ccedf2c.edge.sdk.netcloudclick.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain9f813abedf2f.edge.sdk.netcloudclick.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainecs-1-92-142-27.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainwebdisk.e.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.oraonweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.gestisciweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmail.d.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainborn-pupils.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincontrol.wolm.life | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainpro-ram.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainheibeo-cnc.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainfonotib645-32542.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainmortgage-ctrl.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaincheck.maxec.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainiptv-reseller-internal.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincpanel.aaa.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.doguw.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.sanyq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindocuments-johnny.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincheck.xelan.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.fenin.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.jetex.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainahyponer.nextlevelnetworkpro.com | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainbog304.umhelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaincoreedgetechpro.com | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainfqhqhelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainpythontesthelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaintriuws01.com.de | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaincheck.kosif.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamru.ru | Mirai botnet C2 domain (confidence level: 100%) | |
domaincheck.fihoj.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity.kasperskys.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainlunoxorn.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainngotronl.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.bumac.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwebmail.m.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.togez.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.botuh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainwarbasket.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainmoonishs.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingunlimit.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.hydod.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincommoffice.xyz | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainacschoolcatering.com | Konni botnet C2 domain (confidence level: 49%) | |
domainroofcolor.com | Konni botnet C2 domain (confidence level: 49%) | |
domainevolution007.hopto.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainfunctions-pressing.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainjeggawire.ddns.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainwww.asistani.com.tr | Bashlite botnet C2 domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file68.168.223.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.168.223.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.168.223.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file47.92.201.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.90.113.158 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.229.81.203 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.42.36.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file75.127.89.38 | Hook botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.124.29.154 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file77.246.99.16 | Havoc botnet C2 server (confidence level: 100%) | |
file23.227.202.132 | Havoc botnet C2 server (confidence level: 100%) | |
file23.227.202.132 | Havoc botnet C2 server (confidence level: 100%) | |
file44.246.125.235 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file98.82.13.245 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.18 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.157.68.73 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.156.13.209 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.127.138.57 | NjRAT botnet C2 server (confidence level: 75%) | |
file118.26.38.52 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file196.251.87.226 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file51.38.137.114 | Mirai botnet C2 server (confidence level: 75%) | |
file152.69.221.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.113.78.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.180.155.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.158 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file121.189.208.94 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file51.15.194.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.15.194.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.15.194.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.135.209.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.135.209.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.135.209.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.105.213.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.212.25.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.107.186.1 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.94.183.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.238.22.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.39.175.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file153.126.182.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.32.141.1 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.188.185.232 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file154.205.142.249 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file140.143.185.160 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file176.82.138.228 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file148.72.155.196 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file84.132.23.66 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file74.201.216.45 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file74.201.216.45 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file74.201.216.45 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file213.209.143.58 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file147.185.221.19 | XWorm botnet C2 server (confidence level: 50%) | |
file107.148.52.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.64.33.74 | Remcos botnet C2 server (confidence level: 100%) | |
file35.220.139.126 | pupy botnet C2 server (confidence level: 100%) | |
file38.55.199.146 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.230.96.93 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.50.248.232 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file52.240.158.4 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.239.124.129 | Hook botnet C2 server (confidence level: 100%) | |
file180.188.179.113 | Havoc botnet C2 server (confidence level: 100%) | |
file188.130.206.243 | GhostSocks botnet C2 server (confidence level: 75%) | |
file148.251.70.60 | GhostSocks botnet C2 server (confidence level: 75%) | |
file147.45.196.157 | GhostSocks botnet C2 server (confidence level: 75%) | |
file46.8.232.106 | GhostSocks botnet C2 server (confidence level: 75%) | |
file46.8.236.61 | GhostSocks botnet C2 server (confidence level: 75%) | |
file38.244.132.66 | GhostSocks botnet C2 server (confidence level: 75%) | |
file104.168.172.79 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file165.227.163.243 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file70.27.138.69 | QakBot botnet C2 server (confidence level: 75%) | |
file209.141.43.206 | Mirai botnet C2 server (confidence level: 100%) | |
file20.255.59.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.153.12.108 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file216.238.83.84 | BianLian botnet C2 server (confidence level: 100%) | |
file104.85.39.31 | Mirai botnet C2 server (confidence level: 100%) | |
file104.96.146.61 | Mirai botnet C2 server (confidence level: 100%) | |
file92.122.106.145 | Mirai botnet C2 server (confidence level: 100%) | |
file104.103.92.35 | Mirai botnet C2 server (confidence level: 100%) | |
file23.38.156.99 | Mirai botnet C2 server (confidence level: 100%) | |
file49.232.143.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.70.241.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file2.39.166.250 | Remcos botnet C2 server (confidence level: 100%) | |
file128.90.113.158 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.84.255.121 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.246.80.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.8.181.229 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.227.227.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file90.116.79.184 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.137.201.24 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file79.72.70.85 | Havoc botnet C2 server (confidence level: 100%) | |
file185.254.28.9 | DCRat botnet C2 server (confidence level: 100%) | |
file13.60.238.152 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.27.199.84 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file196.251.90.23 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.28.89.34 | Remcos botnet C2 server (confidence level: 75%) | |
file196.251.69.96 | XWorm botnet C2 server (confidence level: 75%) | |
file124.66.208.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file95.174.93.233 | pupy botnet C2 server (confidence level: 100%) | |
file107.189.27.163 | Sliver botnet C2 server (confidence level: 100%) | |
file154.211.98.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.48.17.196 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.144.103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file135.125.27.216 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.69.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.244.249.180 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.118.210 | Havoc botnet C2 server (confidence level: 100%) | |
file43.133.27.183 | MimiKatz botnet C2 server (confidence level: 100%) | |
file176.65.142.34 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file1.94.123.21 | Unknown malware botnet C2 server (confidence level: 75%) | |
file107.189.27.163 | Sliver botnet C2 server (confidence level: 75%) | |
file107.189.27.163 | Sliver botnet C2 server (confidence level: 75%) | |
file188.23.172.141 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file201.191.171.216 | QakBot botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash56001 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash49666 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash2 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash502 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8389 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash9200 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2083 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash45879 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1961 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8020 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash14265 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8880 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash55187 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash11443 | Havoc botnet C2 server (confidence level: 100%) | |
hash12443 | Havoc botnet C2 server (confidence level: 100%) | |
hash54848 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash11112 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash16843 | NjRAT botnet C2 server (confidence level: 75%) | |
hash17350 | NjRAT botnet C2 server (confidence level: 75%) | |
hash17350 | NjRAT botnet C2 server (confidence level: 75%) | |
hash17350 | NjRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 75%) | |
hash8877 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4141 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8771 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash2095 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash11694 | XWorm botnet C2 server (confidence level: 50%) | |
hash03c2034d91589b84d2f95b5e9408aedb | Unknown malware payload (confidence level: 50%) | |
hashb0874f942efea5a90240477dc6c16de4 | Unknown malware payload (confidence level: 50%) | |
hashf5eadd3928e3432e873d813683e174fd | Unknown malware payload (confidence level: 50%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Hook botnet C2 server (confidence level: 100%) | |
hash40033 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash443 | GhostSocks botnet C2 server (confidence level: 75%) | |
hash50888 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash15443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | BianLian botnet C2 server (confidence level: 100%) | |
hash6958 | Mirai botnet C2 server (confidence level: 100%) | |
hash6958 | Mirai botnet C2 server (confidence level: 100%) | |
hash6958 | Mirai botnet C2 server (confidence level: 100%) | |
hash6958 | Mirai botnet C2 server (confidence level: 100%) | |
hash6958 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7077 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash5566 | DCRat botnet C2 server (confidence level: 100%) | |
hash17778 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9182 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6900 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash10101 | Remcos botnet C2 server (confidence level: 75%) | |
hash7789 | XWorm botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | pupy botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6745 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8088 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8000 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://leak-my-tits.linkpc.net/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/q6cqrvgm | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/rculsgyh | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://check.maxec.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.doguw.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://ticketvistas.com/diagnostics.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttps://shaundoose.com/diagnostics.php | Satacom botnet C2 (confidence level: 100%) | |
urlhttps://check.sanyq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://5wxayfarer.live/alosnz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bferromny.digital/gwpd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dadvennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.xelan.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.fenin.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.jetex.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.kosif.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.fihoj.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.bumac.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.togez.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.botuh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://apparelafternoon.icu/rout.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://minuteshape.icu/uri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://minuteshape.icu/ury.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://roamtgrip.shop/gspzod | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rsighbtseeing.shop/asjnzh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://voyagiei.run/giuwo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://staroney.today/euwuioz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.hydod.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://1targett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1travelilx.top/gskaiz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://galxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gstarcloc.bet/goksao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ironloxp.live/aksdd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://metalsyo.digital/opsa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://navstarx.shop/foajsi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ntargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qadvennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://spacedbv.world/ekdlsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://starcloc.bet/goksao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://www.roofcolor.com/wp-includes/js/src/upload.php | Konni botnet C2 (confidence level: 49%) | |
urlhttps://catterjur.run/bosnzhu | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fostinjec.today/lksnaz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://garagedrootz.top/opsojan | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://modelshiverd.icu/bjhnsj | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://orangemyther.live/iozz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://paweshom.digital/gfet | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sterpickced.digital/plsoz | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://wfyzizcy.eza/rveldza | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.zixit.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
Threat ID: 682c7db7e8347ec82d2bce1d
Added to database: 5/20/2025, 1:03:51 PM
Last enriched: 6/19/2025, 3:04:11 PM
Last updated: 7/26/2025, 7:24:41 PM
Views: 24
Related Threats
ThreatFox IOCs for 2025-08-11
MediumMalwareTue Aug 12 2025
From ClickFix to Command: A Full PowerShell Attack Chain
MediumMalwareMon Aug 11 2025
North Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMalwareMon Aug 11 2025
MedusaLocker ransomware group is looking for pentesters
MediumMalwareMon Aug 11 2025
ThreatFox IOCs for 2025-08-10
MediumMalwareMon Aug 11 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.