Skip to main content

ThreatFox IOCs for 2025-03-30

Medium
Published: Sun Mar 30 2025 (03/30/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-03-30

AI-Powered Analysis

AILast updated: 06/19/2025, 15:04:11 UTC

Technical Analysis

The provided threat information pertains to a malware-related intelligence report titled "ThreatFox IOCs for 2025-03-30," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to be a collection or update of Indicators of Compromise (IOCs) relevant to malware threats as of March 30, 2025. However, the data lacks specific technical details such as affected software versions, malware family names, attack vectors, or exploitation techniques. The threat level is indicated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination but limited detailed analysis. No known exploits in the wild are reported, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The absence of indicators and detailed technical descriptions limits the ability to precisely characterize the malware's behavior, infection methods, or payload impact. The tags indicate the data is OSINT-based and marked with TLP:WHITE, meaning it is intended for public sharing without restriction. Overall, this threat intelligence entry serves as a general alert about emerging or ongoing malware activity but lacks actionable technical specifics.

Potential Impact

Given the limited information, the potential impact on European organizations is difficult to quantify precisely. The medium severity rating suggests a moderate risk level, potentially involving malware that could affect confidentiality, integrity, or availability to some extent. The absence of known exploits in the wild and lack of detailed attack vectors imply that immediate widespread impact is unlikely. However, the distribution rating of 3 indicates that the malware or its indicators may be moderately disseminated, possibly targeting multiple sectors or organizations. European entities relying on OSINT feeds for threat detection may benefit from this intelligence to enhance situational awareness. Without specific affected products or vulnerabilities, the impact is likely to be generalized rather than targeted. Nonetheless, organizations should remain vigilant, as malware threats can evolve rapidly, and early awareness can aid in proactive defense.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and correlate with internal logs to identify potential indicators early. 3. Conduct targeted threat hunting exercises focusing on behaviors and artifacts commonly associated with malware, even in the absence of specific IOCs. 4. Maintain robust endpoint protection with behavioral analysis to detect anomalous activities that signature-based detection might miss. 5. Implement strict network segmentation and least privilege access controls to limit malware propagation if infection occurs. 6. Educate security teams on interpreting OSINT-based threat intelligence and integrating it effectively into incident response workflows. 7. Since no patches or CVEs are associated, focus on general best practices such as timely software updates, vulnerability management, and user awareness training to reduce attack surface.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
7b9c53fd-3e23-4e1a-8c00-8b1d209b4395
Original Timestamp
1743379387

Indicators of Compromise

Domain

ValueDescriptionCopy
domaincheck.taxiz.icu
ClearFake payload delivery domain (confidence level: 100%)
domainpurestform20.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domaincheck.jexat.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindownssaup.top
Unknown RAT payload delivery domain (confidence level: 100%)
domainelectrum.org.ph
Unknown RAT botnet C2 domain (confidence level: 50%)
domaincheck.munyw.icu
ClearFake payload delivery domain (confidence level: 100%)
domainautodiscover.gestisciweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpcontacts.gfjd.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domainwebdisk.e.ora-0-web.com
Bashlite botnet C2 domain (confidence level: 100%)
domainanimal-premium.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domain94ad2ccedf2c.edge.sdk.netcloudclick.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domain9f813abedf2f.edge.sdk.netcloudclick.com
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainecs-1-92-142-27.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwebdisk.e.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpcalendars.oraonweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincpcontacts.gestisciweb.com
Bashlite botnet C2 domain (confidence level: 100%)
domainmail.d.multi-canale.com
Bashlite botnet C2 domain (confidence level: 100%)
domainborn-pupils.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domaincontrol.wolm.life
AsyncRAT botnet C2 domain (confidence level: 50%)
domainpro-ram.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainheibeo-cnc.duckdns.org
Mirai botnet C2 domain (confidence level: 50%)
domainfonotib645-32542.portmap.host
Quasar RAT botnet C2 domain (confidence level: 50%)
domainmortgage-ctrl.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincheck.maxec.icu
ClearFake payload delivery domain (confidence level: 100%)
domainiptv-reseller-internal.com
Havoc botnet C2 domain (confidence level: 100%)
domaincpanel.aaa.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincheck.doguw.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.sanyq.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindocuments-johnny.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domaincheck.xelan.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.fenin.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.jetex.icu
ClearFake payload delivery domain (confidence level: 100%)
domainahyponer.nextlevelnetworkpro.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domainbog304.umhelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domaincoreedgetechpro.com
Unknown RAT botnet C2 domain (confidence level: 100%)
domainfqhqhelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domainpythontesthelp.top
Unknown RAT botnet C2 domain (confidence level: 100%)
domaintriuws01.com.de
Unknown RAT botnet C2 domain (confidence level: 100%)
domaincheck.kosif.icu
ClearFake payload delivery domain (confidence level: 100%)
domainkamru.ru
Mirai botnet C2 domain (confidence level: 100%)
domaincheck.fihoj.icu
ClearFake payload delivery domain (confidence level: 100%)
domainsecurity.kasperskys.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainlunoxorn.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainngotronl.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.bumac.icu
ClearFake payload delivery domain (confidence level: 100%)
domainwebmail.m.web-app-on.com
Bashlite botnet C2 domain (confidence level: 100%)
domaincheck.togez.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.botuh.icu
ClearFake payload delivery domain (confidence level: 100%)
domainwarbasket.xyz
Unknown malware botnet C2 domain (confidence level: 100%)
domainmoonishs.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaingunlimit.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.hydod.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincommoffice.xyz
Unknown Loader payload delivery domain (confidence level: 100%)
domainacschoolcatering.com
Konni botnet C2 domain (confidence level: 49%)
domainroofcolor.com
Konni botnet C2 domain (confidence level: 49%)
domainevolution007.hopto.org
XWorm botnet C2 domain (confidence level: 100%)
domainfunctions-pressing.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 100%)
domainjeggawire.ddns.net
XWorm botnet C2 domain (confidence level: 100%)
domainwww.asistani.com.tr
Bashlite botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file68.168.223.95
AsyncRAT botnet C2 server (confidence level: 100%)
file68.168.223.95
AsyncRAT botnet C2 server (confidence level: 100%)
file68.168.223.95
AsyncRAT botnet C2 server (confidence level: 100%)
file47.92.201.70
Cobalt Strike botnet C2 server (confidence level: 100%)
file128.90.113.158
AsyncRAT botnet C2 server (confidence level: 100%)
file103.229.81.203
AsyncRAT botnet C2 server (confidence level: 100%)
file193.42.36.133
AsyncRAT botnet C2 server (confidence level: 100%)
file75.127.89.38
Hook botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file86.124.29.154
Quasar RAT botnet C2 server (confidence level: 100%)
file77.246.99.16
Havoc botnet C2 server (confidence level: 100%)
file23.227.202.132
Havoc botnet C2 server (confidence level: 100%)
file23.227.202.132
Havoc botnet C2 server (confidence level: 100%)
file44.246.125.235
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file98.82.13.245
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file147.185.221.18
NjRAT botnet C2 server (confidence level: 75%)
file18.157.68.73
NjRAT botnet C2 server (confidence level: 75%)
file18.156.13.209
NjRAT botnet C2 server (confidence level: 75%)
file3.127.138.57
NjRAT botnet C2 server (confidence level: 75%)
file118.26.38.52
Cobalt Strike botnet C2 server (confidence level: 75%)
file196.251.87.226
Cobalt Strike botnet C2 server (confidence level: 75%)
file51.38.137.114
Mirai botnet C2 server (confidence level: 75%)
file152.69.221.79
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.113.78.215
Unknown malware botnet C2 server (confidence level: 100%)
file5.180.155.240
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.158
AsyncRAT botnet C2 server (confidence level: 100%)
file121.189.208.94
Quasar RAT botnet C2 server (confidence level: 100%)
file51.15.194.103
Unknown malware botnet C2 server (confidence level: 100%)
file51.15.194.103
Unknown malware botnet C2 server (confidence level: 100%)
file51.15.194.103
Unknown malware botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file147.135.209.16
Unknown malware botnet C2 server (confidence level: 100%)
file172.105.213.140
Unknown malware botnet C2 server (confidence level: 100%)
file172.105.213.140
Unknown malware botnet C2 server (confidence level: 100%)
file172.105.213.140
Unknown malware botnet C2 server (confidence level: 100%)
file44.212.25.169
Unknown malware botnet C2 server (confidence level: 100%)
file3.107.186.1
Unknown malware botnet C2 server (confidence level: 100%)
file47.94.183.79
Unknown malware botnet C2 server (confidence level: 100%)
file194.238.22.43
Unknown malware botnet C2 server (confidence level: 100%)
file185.39.175.214
Unknown malware botnet C2 server (confidence level: 100%)
file153.126.182.181
Unknown malware botnet C2 server (confidence level: 100%)
file34.32.141.1
Unknown malware botnet C2 server (confidence level: 100%)
file15.188.185.232
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file154.205.142.249
Cobalt Strike botnet C2 server (confidence level: 50%)
file140.143.185.160
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file176.82.138.228
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file148.72.155.196
Xtreme RAT botnet C2 server (confidence level: 50%)
file84.132.23.66
Ghost RAT botnet C2 server (confidence level: 50%)
file74.201.216.45
AsyncRAT botnet C2 server (confidence level: 50%)
file74.201.216.45
AsyncRAT botnet C2 server (confidence level: 50%)
file74.201.216.45
AsyncRAT botnet C2 server (confidence level: 50%)
file213.209.143.58
Orcus RAT botnet C2 server (confidence level: 50%)
file147.185.221.19
XWorm botnet C2 server (confidence level: 50%)
file107.148.52.204
Cobalt Strike botnet C2 server (confidence level: 100%)
file208.64.33.74
Remcos botnet C2 server (confidence level: 100%)
file35.220.139.126
pupy botnet C2 server (confidence level: 100%)
file38.55.199.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file111.230.96.93
Unknown malware botnet C2 server (confidence level: 100%)
file198.50.248.232
AsyncRAT botnet C2 server (confidence level: 100%)
file52.240.158.4
Unknown malware botnet C2 server (confidence level: 100%)
file77.239.124.129
Hook botnet C2 server (confidence level: 100%)
file180.188.179.113
Havoc botnet C2 server (confidence level: 100%)
file188.130.206.243
GhostSocks botnet C2 server (confidence level: 75%)
file148.251.70.60
GhostSocks botnet C2 server (confidence level: 75%)
file147.45.196.157
GhostSocks botnet C2 server (confidence level: 75%)
file46.8.232.106
GhostSocks botnet C2 server (confidence level: 75%)
file46.8.236.61
GhostSocks botnet C2 server (confidence level: 75%)
file38.244.132.66
GhostSocks botnet C2 server (confidence level: 75%)
file104.168.172.79
DeimosC2 botnet C2 server (confidence level: 75%)
file165.227.163.243
Brute Ratel C4 botnet C2 server (confidence level: 75%)
file70.27.138.69
QakBot botnet C2 server (confidence level: 75%)
file209.141.43.206
Mirai botnet C2 server (confidence level: 100%)
file20.255.59.102
Unknown malware botnet C2 server (confidence level: 100%)
file18.153.12.108
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file216.238.83.84
BianLian botnet C2 server (confidence level: 100%)
file104.85.39.31
Mirai botnet C2 server (confidence level: 100%)
file104.96.146.61
Mirai botnet C2 server (confidence level: 100%)
file92.122.106.145
Mirai botnet C2 server (confidence level: 100%)
file104.103.92.35
Mirai botnet C2 server (confidence level: 100%)
file23.38.156.99
Mirai botnet C2 server (confidence level: 100%)
file49.232.143.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file81.70.241.213
Cobalt Strike botnet C2 server (confidence level: 100%)
file2.39.166.250
Remcos botnet C2 server (confidence level: 100%)
file128.90.113.158
AsyncRAT botnet C2 server (confidence level: 100%)
file78.84.255.121
AsyncRAT botnet C2 server (confidence level: 100%)
file46.246.80.8
AsyncRAT botnet C2 server (confidence level: 100%)
file3.8.181.229
AsyncRAT botnet C2 server (confidence level: 100%)
file192.227.227.198
Unknown malware botnet C2 server (confidence level: 100%)
file90.116.79.184
Quasar RAT botnet C2 server (confidence level: 100%)
file45.137.201.24
Quasar RAT botnet C2 server (confidence level: 100%)
file79.72.70.85
Havoc botnet C2 server (confidence level: 100%)
file185.254.28.9
DCRat botnet C2 server (confidence level: 100%)
file13.60.238.152
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.27.199.84
AsyncRAT botnet C2 server (confidence level: 75%)
file196.251.90.23
AsyncRAT botnet C2 server (confidence level: 75%)
file103.28.89.34
Remcos botnet C2 server (confidence level: 75%)
file196.251.69.96
XWorm botnet C2 server (confidence level: 75%)
file124.66.208.143
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.174.93.233
pupy botnet C2 server (confidence level: 100%)
file107.189.27.163
Sliver botnet C2 server (confidence level: 100%)
file154.211.98.251
Unknown malware botnet C2 server (confidence level: 100%)
file74.48.17.196
Unknown malware botnet C2 server (confidence level: 100%)
file176.65.144.103
AsyncRAT botnet C2 server (confidence level: 100%)
file135.125.27.216
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.138
AsyncRAT botnet C2 server (confidence level: 100%)
file198.244.249.180
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.118.210
Havoc botnet C2 server (confidence level: 100%)
file43.133.27.183
MimiKatz botnet C2 server (confidence level: 100%)
file176.65.142.34
Rhadamanthys botnet C2 server (confidence level: 100%)
file1.94.123.21
Unknown malware botnet C2 server (confidence level: 75%)
file107.189.27.163
Sliver botnet C2 server (confidence level: 75%)
file107.189.27.163
Sliver botnet C2 server (confidence level: 75%)
file188.23.172.141
Eye Pyramid botnet C2 server (confidence level: 75%)
file201.191.171.216
QakBot botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash56001
AsyncRAT botnet C2 server (confidence level: 100%)
hash56003
AsyncRAT botnet C2 server (confidence level: 100%)
hash49666
AsyncRAT botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash2004
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash2
Quasar RAT botnet C2 server (confidence level: 100%)
hash502
Quasar RAT botnet C2 server (confidence level: 100%)
hash2443
Quasar RAT botnet C2 server (confidence level: 100%)
hash8389
Quasar RAT botnet C2 server (confidence level: 100%)
hash9200
Quasar RAT botnet C2 server (confidence level: 100%)
hash5
Quasar RAT botnet C2 server (confidence level: 100%)
hash2083
Quasar RAT botnet C2 server (confidence level: 100%)
hash45879
Quasar RAT botnet C2 server (confidence level: 100%)
hash1961
Quasar RAT botnet C2 server (confidence level: 100%)
hash8020
Quasar RAT botnet C2 server (confidence level: 100%)
hash14265
Quasar RAT botnet C2 server (confidence level: 100%)
hash8880
Quasar RAT botnet C2 server (confidence level: 100%)
hash55187
Quasar RAT botnet C2 server (confidence level: 100%)
hash8443
Havoc botnet C2 server (confidence level: 100%)
hash11443
Havoc botnet C2 server (confidence level: 100%)
hash12443
Havoc botnet C2 server (confidence level: 100%)
hash54848
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash11112
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash16843
NjRAT botnet C2 server (confidence level: 75%)
hash17350
NjRAT botnet C2 server (confidence level: 75%)
hash17350
NjRAT botnet C2 server (confidence level: 75%)
hash17350
NjRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash3778
Mirai botnet C2 server (confidence level: 75%)
hash8877
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8081
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8090
Unknown malware botnet C2 server (confidence level: 100%)
hash8090
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4141
Unknown malware botnet C2 server (confidence level: 100%)
hash7001
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8771
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6000
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash10001
Xtreme RAT botnet C2 server (confidence level: 50%)
hash80
Ghost RAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash2095
Orcus RAT botnet C2 server (confidence level: 50%)
hash11694
XWorm botnet C2 server (confidence level: 50%)
hash03c2034d91589b84d2f95b5e9408aedb
Unknown malware payload (confidence level: 50%)
hashb0874f942efea5a90240477dc6c16de4
Unknown malware payload (confidence level: 50%)
hashf5eadd3928e3432e873d813683e174fd
Unknown malware payload (confidence level: 50%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Remcos botnet C2 server (confidence level: 100%)
hash443
pupy botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Hook botnet C2 server (confidence level: 100%)
hash40033
Havoc botnet C2 server (confidence level: 100%)
hash443
GhostSocks botnet C2 server (confidence level: 75%)
hash443
GhostSocks botnet C2 server (confidence level: 75%)
hash443
GhostSocks botnet C2 server (confidence level: 75%)
hash443
GhostSocks botnet C2 server (confidence level: 75%)
hash443
GhostSocks botnet C2 server (confidence level: 75%)
hash443
GhostSocks botnet C2 server (confidence level: 75%)
hash50888
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Brute Ratel C4 botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash15443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
BianLian botnet C2 server (confidence level: 100%)
hash6958
Mirai botnet C2 server (confidence level: 100%)
hash6958
Mirai botnet C2 server (confidence level: 100%)
hash6958
Mirai botnet C2 server (confidence level: 100%)
hash6958
Mirai botnet C2 server (confidence level: 100%)
hash6958
Mirai botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444
Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash1000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7077
Unknown malware botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash8000
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash5566
DCRat botnet C2 server (confidence level: 100%)
hash17778
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9182
AsyncRAT botnet C2 server (confidence level: 75%)
hash6900
AsyncRAT botnet C2 server (confidence level: 75%)
hash10101
Remcos botnet C2 server (confidence level: 75%)
hash7789
XWorm botnet C2 server (confidence level: 75%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
pupy botnet C2 server (confidence level: 100%)
hash8000
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash6745
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Havoc botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash8000
Eye Pyramid botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://leak-my-tits.linkpc.net/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/q6cqrvgm
AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/rculsgyh
XWorm botnet C2 (confidence level: 50%)
urlhttps://check.maxec.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.doguw.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://ticketvistas.com/diagnostics.php
Satacom botnet C2 (confidence level: 100%)
urlhttps://shaundoose.com/diagnostics.php
Satacom botnet C2 (confidence level: 100%)
urlhttps://check.sanyq.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://5wxayfarer.live/alosnz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://bferromny.digital/gwpd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dadvennture.top/gksiio
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.xelan.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.fenin.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.jetex.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.kosif.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.fihoj.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.bumac.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.togez.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.botuh.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://apparelafternoon.icu/rout.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://minuteshape.icu/uri.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://minuteshape.icu/ury.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://roamtgrip.shop/gspzod
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rsighbtseeing.shop/asjnzh
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://voyagiei.run/giuwo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://staroney.today/euwuioz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.hydod.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://1targett.top/dsangt
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1travelilx.top/gskaiz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://galxnetb.today/gsuiao
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gstarcloc.bet/goksao
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ironloxp.live/aksdd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://metalsyo.digital/opsa
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://navstarx.shop/foajsi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ntargett.top/dsangt
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qadvennture.top/gksiio
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://spacedbv.world/ekdlsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://starcloc.bet/goksao
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://www.roofcolor.com/wp-includes/js/src/upload.php
Konni botnet C2 (confidence level: 49%)
urlhttps://catterjur.run/bosnzhu
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fostinjec.today/lksnaz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://garagedrootz.top/opsojan
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://modelshiverd.icu/bjhnsj
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://orangemyther.live/iozz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://paweshom.digital/gfet
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sterpickced.digital/plsoz
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://wfyzizcy.eza/rveldza
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://check.zixit.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)

Threat ID: 682c7db7e8347ec82d2bce1d

Added to database: 5/20/2025, 1:03:51 PM

Last enriched: 6/19/2025, 3:04:11 PM

Last updated: 8/12/2025, 12:59:20 PM

Views: 25

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats