ThreatFox IOCs for 2025-04-01
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-01
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on April 1, 2025, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) products or tools. However, no specific affected software versions or detailed technical characteristics are provided. The severity is marked as medium, with a threat level of 2 on an unspecified scale, indicating a moderate concern. The analysis and distribution scores (1 and 3 respectively) suggest limited in-depth analysis and moderate distribution or prevalence of the threat. There are no known exploits in the wild linked to this malware, and no patch information is available, implying either a newly discovered threat or one that does not target a specific software vulnerability. The absence of CWEs (Common Weakness Enumerations) and detailed technical indicators limits the ability to precisely characterize the malware's behavior, infection vectors, or payload. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is publicly shareable without restrictions. Overall, this appears to be a general malware-related threat intelligence update focusing on IOCs rather than a specific exploit or vulnerability, with limited technical detail provided.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be moderate. The malware could potentially be used for reconnaissance or initial infection stages, especially if it relates to OSINT tools or data collection mechanisms. If leveraged effectively by threat actors, it could lead to unauthorized data access, espionage, or serve as a foothold for further attacks. The medium severity rating suggests a moderate risk to confidentiality and integrity, with availability impact less certain. European organizations relying heavily on OSINT tools or those involved in intelligence, defense, or critical infrastructure sectors might face increased risk if these IOCs are indicators of targeted campaigns. However, without specific infection vectors or payload details, the scope of impact remains uncertain. The lack of known exploits reduces the likelihood of widespread immediate compromise but does not eliminate the risk of future exploitation or targeted attacks using these IOCs.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security monitoring tools such as SIEM (Security Information and Event Management) and endpoint detection platforms to enhance detection capabilities. 2. Conduct targeted threat hunting exercises using these IOCs to identify any signs of compromise within the network. 3. Maintain up-to-date OSINT tools and ensure they are sourced from trusted vendors to reduce the risk of supply chain attacks. 4. Implement strict access controls and network segmentation, especially for systems involved in intelligence gathering or sensitive data processing. 5. Educate security teams on the nature of OSINT-related threats and encourage proactive monitoring of threat intelligence feeds like ThreatFox. 6. Since no patches are available, focus on behavioral detection and anomaly monitoring to identify suspicious activities related to the malware. 7. Regularly update and audit incident response plans to incorporate scenarios involving OSINT-related malware threats. 8. Collaborate with European cybersecurity information sharing organizations to stay informed about evolving threats and mitigation strategies.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
Indicators of Compromise
- url: https://bretux.com/blog/tech-trends/2025-trends/index.php
- url: https://machine-a-plastifier.com/pictures/analytics.js
- url: https://machine-a-plastifier.com/pictures/index.php
- url: https://machine-a-plastifier.com/pictures/video.php
- url: https://coconnexion.com/comcat.zip
- file: 194.180.191.51
- hash: 443
- domain: check.pijuk.icu
- url: http://185.184.123.138/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
- url: http://207.174.3.213:8888/supershell/login/
- file: 207.174.3.213
- hash: 8888
- hash: 38e527de7dff14aed82d61bb306be1e225c33de0d1fabf3eee14b714ff2e08d7
- file: 192.3.53.177
- hash: 8443
- file: 172.86.80.66
- hash: 2053
- file: 85.158.108.187
- hash: 40504
- file: 194.35.12.15
- hash: 8443
- file: 23.95.162.53
- hash: 888
- file: 185.7.214.25
- hash: 15647
- file: 196.251.83.99
- hash: 80
- domain: thequestforkn.top
- file: 193.233.254.132
- hash: 2053
- file: 151.243.81.80
- hash: 443
- file: 157.20.182.35
- hash: 4449
- file: 154.213.48.90
- hash: 8848
- file: 160.124.65.229
- hash: 8849
- file: 154.213.48.93
- hash: 8848
- file: 154.213.48.91
- hash: 8848
- file: 154.213.48.92
- hash: 8848
- file: 146.70.49.42
- hash: 9090
- file: 45.133.180.154
- hash: 5050
- file: 13.214.145.72
- hash: 9090
- file: 45.144.53.8
- hash: 80
- domain: cpcontacts.aa.104-168-101-27.cprapid.com
- file: 216.250.252.47
- hash: 19000
- domain: check.poxuv.icu
- url: https://check.poxuv.icu/gkcxv.google
- file: 3.12.245.36
- hash: 11421
- file: 3.135.250.11
- hash: 11421
- file: 3.146.103.81
- hash: 11421
- file: 18.190.63.84
- hash: 11421
- file: 3.137.60.53
- hash: 11421
- domain: ferroyxo.run
- url: https://2targett.top/dsangt
- domain: palivorena.org
- file: 86.54.42.119
- hash: 2404
- file: 35.93.33.54
- hash: 443
- file: 172.232.44.165
- hash: 443
- file: 23.106.140.119
- hash: 8888
- domain: ip66-175-239-156.pbiaas.com
- file: 157.20.182.31
- hash: 8888
- file: 196.251.69.138
- hash: 888
- file: 156.253.228.17
- hash: 8082
- file: 160.124.135.168
- hash: 8848
- file: 160.124.135.190
- hash: 8848
- file: 154.216.35.21
- hash: 8848
- file: 154.213.48.85
- hash: 8848
- file: 154.216.35.11
- hash: 8849
- file: 154.213.48.66
- hash: 8848
- file: 154.213.48.78
- hash: 8848
- file: 154.213.48.67
- hash: 8848
- file: 154.92.54.162
- hash: 8848
- file: 23.235.146.92
- hash: 8848
- file: 23.235.146.76
- hash: 8848
- file: 154.213.48.86
- hash: 8848
- file: 154.213.48.71
- hash: 8848
- file: 3.94.10.63
- hash: 4444
- file: 167.86.161.92
- hash: 443
- domain: cpanel.gfjd.104-168-101-27.cprapid.com
- domain: bolt.citrixapp.net
- file: 176.65.142.201
- hash: 19000
- file: 154.216.35.4
- hash: 8848
- file: 160.124.135.181
- hash: 8848
- file: 129.226.212.179
- hash: 60000
- file: 139.224.130.183
- hash: 60000
- file: 38.55.199.17
- hash: 60000
- file: 1.94.177.125
- hash: 60000
- file: 188.245.186.4
- hash: 3333
- file: 159.65.52.52
- hash: 3333
- file: 116.62.184.86
- hash: 8080
- file: 82.165.107.246
- hash: 5000
- file: 101.37.82.119
- hash: 3333
- file: 34.58.25.134
- hash: 10443
- file: 192.241.149.228
- hash: 3333
- file: 34.73.28.137
- hash: 443
- file: 172.174.32.21
- hash: 6001
- file: 59.144.102.131
- hash: 3333
- file: 106.39.219.126
- hash: 443
- file: 52.29.54.72
- hash: 80
- file: 52.29.54.72
- hash: 443
- file: 43.203.23.49
- hash: 80
- file: 5.135.3.77
- hash: 3333
- file: 34.46.134.100
- hash: 3333
- domain: check.cymyv.icu
- url: https://check.cymyv.icu/gkcxv.google
- domain: check.giriq.icu
- url: https://check.giriq.icu/gkcxv.google
- url: https://ex.ap.4t.com/
- file: 129.226.209.76
- hash: 443
- file: 103.68.108.27
- hash: 31337
- file: 91.242.229.159
- hash: 31337
- file: 37.12.35.141
- hash: 6001
- file: 118.122.8.221
- hash: 1833
- file: 78.179.180.85
- hash: 1604
- file: 24.16.186.15
- hash: 80
- file: 84.247.139.205
- hash: 8333
- url: https://talentdock.world/
- url: https://mein-gutschein.online/
- url: http://leak-my-tits.linkpc.net/recaptcha-verify
- domain: rules-binary.gl.at.ply.gg
- domain: iafec.com
- domain: dixiemgmt.com
- domain: tripfjoyq.life
- domain: ironloxp.live
- domain: meltonep.digital
- domain: metalsyo.digital
- domain: navstarx.shop
- domain: rodformi.run
- domain: voyagiei.run
- domain: dreliefr.digital
- domain: ex.ap.4t.com
- url: http://59.96.142.20:33782/mozi.m
- url: https://deflamep.live/dasoie
- url: https://dmetalsyo.digital/opsa
- file: 147.185.221.26
- hash: 55609
- file: 102.156.21.111
- hash: 5552
- domain: fuckfrance25.ddns.net
- domain: check.bukuu.icu
- url: https://check.bukuu.icu/gkcxv.google
- file: 202.165.123.57
- hash: 8080
- file: 1.95.77.144
- hash: 80
- file: 139.159.144.27
- hash: 80
- file: 104.168.15.52
- hash: 80
- file: 111.230.8.147
- hash: 9999
- file: 101.99.75.103
- hash: 2404
- file: 196.251.84.194
- hash: 995
- file: 128.90.103.83
- hash: 8808
- file: 103.229.81.203
- hash: 7707
- file: 38.255.57.7
- hash: 6606
- file: 38.255.57.7
- hash: 7707
- file: 193.233.254.132
- hash: 80
- file: 154.216.35.12
- hash: 8848
- file: 154.216.35.27
- hash: 8848
- file: 23.235.158.18
- hash: 8848
- file: 160.124.135.186
- hash: 8848
- file: 154.92.54.189
- hash: 8848
- file: 154.92.54.173
- hash: 8848
- file: 23.235.146.93
- hash: 8848
- file: 154.92.54.183
- hash: 8848
- file: 154.216.35.17
- hash: 8848
- file: 160.124.30.57
- hash: 8848
- file: 23.235.158.9
- hash: 8848
- file: 160.124.65.242
- hash: 8848
- file: 160.124.30.38
- hash: 8848
- file: 23.235.158.23
- hash: 8848
- file: 23.235.158.27
- hash: 8848
- file: 160.124.65.227
- hash: 8848
- file: 23.235.158.30
- hash: 8848
- file: 23.235.158.28
- hash: 8848
- file: 154.92.54.179
- hash: 8848
- file: 160.124.135.178
- hash: 8848
- file: 154.216.35.16
- hash: 8848
- file: 154.92.54.169
- hash: 8848
- file: 160.124.135.184
- hash: 8848
- file: 160.124.135.183
- hash: 8848
- file: 23.235.146.85
- hash: 8848
- file: 160.124.135.175
- hash: 8848
- file: 23.235.146.79
- hash: 8848
- file: 154.216.35.5
- hash: 8848
- file: 160.124.30.53
- hash: 8848
- file: 154.216.35.20
- hash: 8848
- file: 23.235.146.75
- hash: 8848
- file: 154.92.54.170
- hash: 8848
- file: 154.216.35.22
- hash: 8848
- file: 160.124.65.239
- hash: 8848
- file: 154.216.35.26
- hash: 8848
- file: 160.124.135.176
- hash: 8848
- file: 154.92.54.174
- hash: 8848
- file: 154.92.54.167
- hash: 8848
- file: 160.124.135.187
- hash: 8848
- file: 23.235.146.68
- hash: 8848
- file: 160.124.65.252
- hash: 8848
- file: 160.124.65.246
- hash: 8848
- file: 154.216.35.14
- hash: 8848
- file: 154.92.54.188
- hash: 8848
- file: 160.124.30.40
- hash: 8848
- file: 23.235.146.82
- hash: 8848
- file: 23.235.146.71
- hash: 8848
- file: 23.235.146.66
- hash: 8848
- file: 103.60.148.12
- hash: 8848
- file: 154.92.54.181
- hash: 8848
- file: 160.124.135.162
- hash: 8848
- file: 23.235.158.22
- hash: 8848
- file: 154.216.35.19
- hash: 8848
- file: 160.124.65.245
- hash: 8848
- file: 23.235.146.81
- hash: 8848
- file: 160.124.135.167
- hash: 8848
- file: 23.235.158.26
- hash: 8848
- file: 23.235.158.17
- hash: 8848
- file: 23.235.146.88
- hash: 8848
- file: 160.124.65.243
- hash: 8848
- file: 160.124.65.235
- hash: 8848
- file: 23.235.158.20
- hash: 8848
- file: 160.124.65.237
- hash: 8848
- file: 3.94.10.63
- hash: 18244
- file: 3.94.10.63
- hash: 39994
- domain: autodiscover.c.multi-canale.com
- domain: humanrights.co.ke
- domain: police.co.ke
- domain: sweetsonian.com
- domain: sarahmariegerrity.com
- domain: nationalinterestparty.com
- domain: xcellentrenovations.com
- domain: playdxb.com
- domain: oldfoxcompany.com
- domain: notkittenaround.digmoo.com
- domain: priesttools.com
- domain: aabbe.shop
- domain: techtorev.com
- domain: katekasoft.com
- domain: osbrankoradicevickm.com
- domain: meditationsecretsforwomen.com
- domain: nailemkosmetik.de
- domain: topledgrowlights.malapascuaisland.com
- domain: beldy.ma
- domain: oreironx.live
- file: 64.23.174.180
- hash: 8080
- url: https://9ferromny.digital/gwpd
- url: https://kweldorae.digital/geds
- url: https://check.nuxiy.icu/gkcxv.google
- domain: check.nuxiy.icu
- file: 111.230.8.147
- hash: 5555
- file: 43.143.229.126
- hash: 443
- url: https://wdtargett.top/dsangt
- url: https://check.xamuy.icu/gkcxv.google
- url: https://cosmozya.digital/aisuzo
- domain: check.xamuy.icu
- url: https://v4travelilx.top/gskaiz
- url: https://pironloxp.live/aksdd
- domain: e.elvax.live
- domain: heyues.live
- domain: win-shops-sh.com
- domain: bretux.com
- file: 94.158.244.124
- hash: 443
- file: 173.242.114.92
- hash: 8080
- file: 185.198.58.20
- hash: 3333
- file: 144.202.66.198
- hash: 7443
- file: 38.132.122.177
- hash: 12443
- file: 23.235.146.73
- hash: 8848
- file: 23.235.146.84
- hash: 8848
- file: 23.235.146.70
- hash: 8848
- file: 23.235.146.83
- hash: 8848
- file: 160.124.30.48
- hash: 8848
- file: 23.235.158.24
- hash: 8848
- file: 154.216.35.24
- hash: 8848
- file: 23.235.158.12
- hash: 8848
- file: 23.235.146.72
- hash: 8848
- file: 23.235.158.15
- hash: 8848
- file: 23.235.146.94
- hash: 8848
- file: 160.124.65.226
- hash: 8848
- file: 160.124.135.174
- hash: 8849
- file: 23.235.146.91
- hash: 8848
- file: 160.124.65.236
- hash: 8848
- file: 23.235.146.77
- hash: 8848
- file: 23.235.146.89
- hash: 8848
- file: 160.124.30.45
- hash: 8848
- file: 23.235.146.67
- hash: 8848
- file: 154.92.54.171
- hash: 8848
- file: 23.235.146.80
- hash: 8848
- file: 154.216.35.11
- hash: 8848
- file: 23.235.146.69
- hash: 8848
- file: 192.129.178.62
- hash: 5020
- file: 195.167.27.182
- hash: 443
- file: 176.65.141.182
- hash: 15390
- domain: server.neugumma.makeup
- url: https://ee.ap.4t.com/
- domain: ee.ap.4t.com
- url: https://movtime78.shop/pictures/analytics.js
- url: https://movtime78.shop/pictures/index.php
- url: https://movtime78.shop/pictures/video.php
- url: https://zaharaflowers.com/comcat.zip
- domain: zaharaflowers.com
- domain: pa-portal.premierhomeviews.com
- domain: check.lafae.icu
- url: https://check.lafae.icu/gkcxv.google
- domain: comexisj.digital
- url: https://rodsmann.live/zvxbm
- url: https://xtargett.top/dsangt
- domain: check.rajuy.icu
- url: https://check.rajuy.icu/gkcxv.google
- file: 146.70.58.162
- hash: 61166
- url: https://dreliefr.digital/qiwr
- url: https://hgalxnetb.today/gsuiao
- url: https://psteelixr.live/aguiz
- url: http://knottwig.xyz/ury.php
- url: http://knottwig.xyz/uri.php
- url: http://moneyghost.xyz/mons.php
- url: https://yystarcloc.bet/goksao
- domain: existenceshame.icu
- url: https://etargett.top/dsangt
- url: https://ingotyxx.live/ionags
- hash: 470a328ad3705d0c6866a48912a3f718
- hash: fd471239a6c4314c4f5f2ea7cc8e5cd5
- hash: be5af780a67635d1eae32bc959450aff
- hash: f162816f1d7b0006cfa0bfaf95c492c4
- hash: 4d5bec4d9d32e00c7d0b9d89e3948c8f
- url: https://nironloxp.live/aksdd
- url: https://vstarcloc.bet/goksao
- url: https://ailmentr.run/oapinsg
- file: 79.110.49.98
- hash: 1223
- url: https://itargett.top/dsangt
- url: https://gumcarey.digital/igaoz
- url: https://kmetalsyo.digital/opsa
- url: https://medimado.run/adodosp
- url: https://zvgalxnetb.today/gsuiao
- file: 116.26.11.93
- hash: 36041
- url: https://benoidr.live/aposq
- url: https://healthzo.digital/lsxnzh
- url: https://mstarcloc.bet/goksao
- url: https://phapimolu.run/qwopjz
- url: https://zgalxnetb.today/gsuiao
- file: 172.245.11.64
- hash: 40090
- file: 173.225.99.47
- hash: 6349
- file: 172.65.235.212
- hash: 80
- file: 45.55.224.10
- hash: 443
- file: 185.142.184.119
- hash: 8443
- file: 213.209.143.57
- hash: 8888
- file: 51.195.218.230
- hash: 7443
- file: 8.152.218.67
- hash: 8080
- file: 88.224.24.88
- hash: 9090
- file: 45.196.239.74
- hash: 80
- file: 94.103.188.118
- hash: 80
- domain: webdisk.h.web-app-on.com
- domain: check.gihua.icu
- url: https://check.gihua.icu/gkcxv.google
- file: 148.66.57.50
- hash: 443
- file: 148.66.57.51
- hash: 443
- domain: r.netluc.live
- domain: ipsi.live
- domain: wowi.live
- file: 172.233.183.147
- hash: 8888
- file: 172.233.65.36
- hash: 443
- domain: qq51f.short.gy
- url: https://check.donau.icu/gkcxv.google
- domain: check.donau.icu
- url: http://192.15.10.49:37420/mozi.m
- url: https://check.dobai.icu/gkcxv.google
- file: 156.225.17.236
- hash: 8817
- file: 49.232.171.41
- hash: 8080
- file: 185.208.158.227
- hash: 80
- file: 121.36.0.126
- hash: 443
- file: 123.60.16.239
- hash: 443
- file: 123.56.160.155
- hash: 60002
- file: 196.251.84.194
- hash: 8883
- file: 46.109.0.125
- hash: 8808
- file: 78.171.42.106
- hash: 59
- file: 198.244.130.241
- hash: 7443
- file: 38.132.122.177
- hash: 45677
- file: 103.60.148.11
- hash: 8848
- file: 103.60.148.13
- hash: 8848
- file: 176.65.144.18
- hash: 80
- file: 85.9.210.132
- hash: 9000
- file: 194.35.12.15
- hash: 2053
- file: 45.141.233.87
- hash: 443
- file: 45.55.224.10
- hash: 8888
- file: 84.212.64.20
- hash: 995
- domain: 2za55fsge8fbj.cfc-execute.bj.baidubce.com
ThreatFox IOCs for 2025-04-01
Medium
Published: Tue Apr 01 2025 (04/01/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-01
AI-Powered Analysis
AILast updated: 06/19/2025, 15:03:54 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on April 1, 2025, by ThreatFox, a platform known for sharing threat intelligence data. The threat is categorized as malware-related and is associated with OSINT (Open Source Intelligence) products or tools. However, no specific affected software versions or detailed technical characteristics are provided. The severity is marked as medium, with a threat level of 2 on an unspecified scale, indicating a moderate concern. The analysis and distribution scores (1 and 3 respectively) suggest limited in-depth analysis and moderate distribution or prevalence of the threat. There are no known exploits in the wild linked to this malware, and no patch information is available, implying either a newly discovered threat or one that does not target a specific software vulnerability. The absence of CWEs (Common Weakness Enumerations) and detailed technical indicators limits the ability to precisely characterize the malware's behavior, infection vectors, or payload. The threat is tagged with 'type:osint' and 'tlp:white', indicating that the information is publicly shareable without restrictions. Overall, this appears to be a general malware-related threat intelligence update focusing on IOCs rather than a specific exploit or vulnerability, with limited technical detail provided.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact on European organizations is likely to be moderate. The malware could potentially be used for reconnaissance or initial infection stages, especially if it relates to OSINT tools or data collection mechanisms. If leveraged effectively by threat actors, it could lead to unauthorized data access, espionage, or serve as a foothold for further attacks. The medium severity rating suggests a moderate risk to confidentiality and integrity, with availability impact less certain. European organizations relying heavily on OSINT tools or those involved in intelligence, defense, or critical infrastructure sectors might face increased risk if these IOCs are indicators of targeted campaigns. However, without specific infection vectors or payload details, the scope of impact remains uncertain. The lack of known exploits reduces the likelihood of widespread immediate compromise but does not eliminate the risk of future exploitation or targeted attacks using these IOCs.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security monitoring tools such as SIEM (Security Information and Event Management) and endpoint detection platforms to enhance detection capabilities. 2. Conduct targeted threat hunting exercises using these IOCs to identify any signs of compromise within the network. 3. Maintain up-to-date OSINT tools and ensure they are sourced from trusted vendors to reduce the risk of supply chain attacks. 4. Implement strict access controls and network segmentation, especially for systems involved in intelligence gathering or sensitive data processing. 5. Educate security teams on the nature of OSINT-related threats and encourage proactive monitoring of threat intelligence feeds like ThreatFox. 6. Since no patches are available, focus on behavioral detection and anomaly monitoring to identify suspicious activities related to the malware. 7. Regularly update and audit incident response plans to incorporate scenarios involving OSINT-related malware threats. 8. Collaborate with European cybersecurity information sharing organizations to stay informed about evolving threats and mitigation strategies.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 61363207-1c32-46c3-8013-8deff008a95e
- Original Timestamp
- 1743552186
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://bretux.com/blog/tech-trends/2025-trends/index.php | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttps://machine-a-plastifier.com/pictures/analytics.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://machine-a-plastifier.com/pictures/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://machine-a-plastifier.com/pictures/video.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://coconnexion.com/comcat.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://185.184.123.138/api/ytasodysodisowqsytesodgsotasotusnjusn2qs | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttp://207.174.3.213:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://check.poxuv.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://2targett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.cymyv.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.giriq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://ex.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://talentdock.world/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://mein-gutschein.online/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://leak-my-tits.linkpc.net/recaptcha-verify | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://59.96.142.20:33782/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://deflamep.live/dasoie | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dmetalsyo.digital/opsa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.bukuu.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://9ferromny.digital/gwpd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kweldorae.digital/geds | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.nuxiy.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://wdtargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.xamuy.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://cosmozya.digital/aisuzo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://v4travelilx.top/gskaiz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pironloxp.live/aksdd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ee.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://movtime78.shop/pictures/analytics.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://movtime78.shop/pictures/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://movtime78.shop/pictures/video.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://zaharaflowers.com/comcat.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.lafae.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://rodsmann.live/zvxbm | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xtargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.rajuy.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://dreliefr.digital/qiwr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hgalxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://psteelixr.live/aguiz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://knottwig.xyz/ury.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://knottwig.xyz/uri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://moneyghost.xyz/mons.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://yystarcloc.bet/goksao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://etargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ingotyxx.live/ionags | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nironloxp.live/aksdd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vstarcloc.bet/goksao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ailmentr.run/oapinsg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://itargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gumcarey.digital/igaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kmetalsyo.digital/opsa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://medimado.run/adodosp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zvgalxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://benoidr.live/aposq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://healthzo.digital/lsxnzh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mstarcloc.bet/goksao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://phapimolu.run/qwopjz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zgalxnetb.today/gsuiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.gihua.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.donau.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://192.15.10.49:37420/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://check.dobai.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file194.180.191.51 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file207.174.3.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.3.53.177 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.80.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.158.108.187 | Remcos botnet C2 server (confidence level: 100%) | |
file194.35.12.15 | Sliver botnet C2 server (confidence level: 100%) | |
file23.95.162.53 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.7.214.25 | SectopRAT botnet C2 server (confidence level: 100%) | |
file196.251.83.99 | Hook botnet C2 server (confidence level: 100%) | |
file193.233.254.132 | Hook botnet C2 server (confidence level: 100%) | |
file151.243.81.80 | Havoc botnet C2 server (confidence level: 100%) | |
file157.20.182.35 | Venom RAT botnet C2 server (confidence level: 100%) | |
file154.213.48.90 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.229 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.93 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.91 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.92 | DCRat botnet C2 server (confidence level: 100%) | |
file146.70.49.42 | DCRat botnet C2 server (confidence level: 100%) | |
file45.133.180.154 | DCRat botnet C2 server (confidence level: 100%) | |
file13.214.145.72 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.144.53.8 | ERMAC botnet C2 server (confidence level: 100%) | |
file216.250.252.47 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file3.12.245.36 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.135.250.11 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.146.103.81 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.190.63.84 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.137.60.53 | NjRAT botnet C2 server (confidence level: 75%) | |
file86.54.42.119 | Remcos botnet C2 server (confidence level: 100%) | |
file35.93.33.54 | Sliver botnet C2 server (confidence level: 100%) | |
file172.232.44.165 | Sliver botnet C2 server (confidence level: 100%) | |
file23.106.140.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.20.182.31 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.69.138 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file156.253.228.17 | Hook botnet C2 server (confidence level: 100%) | |
file160.124.135.168 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.190 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.21 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.85 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.11 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.66 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.78 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.67 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.162 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.92 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.76 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.86 | DCRat botnet C2 server (confidence level: 100%) | |
file154.213.48.71 | DCRat botnet C2 server (confidence level: 100%) | |
file3.94.10.63 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file167.86.161.92 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.65.142.201 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file154.216.35.4 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.181 | DCRat botnet C2 server (confidence level: 100%) | |
file129.226.212.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.224.130.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.55.199.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.94.177.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.245.186.4 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.65.52.52 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.62.184.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.165.107.246 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.37.82.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.58.25.134 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.241.149.228 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.73.28.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.174.32.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.144.102.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.39.219.126 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.29.54.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.29.54.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.203.23.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.135.3.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.46.134.100 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.226.209.76 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.68.108.27 | Sliver botnet C2 server (confidence level: 50%) | |
file91.242.229.159 | Sliver botnet C2 server (confidence level: 50%) | |
file37.12.35.141 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file118.122.8.221 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file78.179.180.85 | DarkComet botnet C2 server (confidence level: 50%) | |
file24.16.186.15 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file84.247.139.205 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.185.221.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file102.156.21.111 | NjRAT botnet C2 server (confidence level: 75%) | |
file202.165.123.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.95.77.144 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.159.144.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.168.15.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.230.8.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.99.75.103 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.103.83 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.229.81.203 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.255.57.7 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.255.57.7 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.233.254.132 | Hook botnet C2 server (confidence level: 100%) | |
file154.216.35.12 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.27 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.18 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.186 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.189 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.173 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.93 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.183 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.17 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.30.57 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.9 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.242 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.30.38 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.23 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.27 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.227 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.30 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.28 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.179 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.178 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.16 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.169 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.184 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.183 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.85 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.175 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.79 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.5 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.30.53 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.20 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.75 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.170 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.22 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.239 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.26 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.176 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.174 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.167 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.187 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.68 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.252 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.246 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.14 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.188 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.30.40 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.82 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.71 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.66 | DCRat botnet C2 server (confidence level: 100%) | |
file103.60.148.12 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.181 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.162 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.22 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.19 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.245 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.81 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.167 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.26 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.17 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.88 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.243 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.235 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.20 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.237 | DCRat botnet C2 server (confidence level: 100%) | |
file3.94.10.63 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.94.10.63 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file64.23.174.180 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file111.230.8.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.143.229.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file94.158.244.124 | Matanbuchus payload delivery server (confidence level: 100%) | |
file173.242.114.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.198.58.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.202.66.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.132.122.177 | Havoc botnet C2 server (confidence level: 100%) | |
file23.235.146.73 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.84 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.70 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.83 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.30.48 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.24 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.24 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.12 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.72 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.158.15 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.94 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.226 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.174 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.91 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.65.236 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.77 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.89 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.30.45 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.67 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.171 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.80 | DCRat botnet C2 server (confidence level: 100%) | |
file154.216.35.11 | DCRat botnet C2 server (confidence level: 100%) | |
file23.235.146.69 | DCRat botnet C2 server (confidence level: 100%) | |
file192.129.178.62 | DCRat botnet C2 server (confidence level: 100%) | |
file195.167.27.182 | BianLian botnet C2 server (confidence level: 100%) | |
file176.65.141.182 | Mirai botnet C2 server (confidence level: 75%) | |
file146.70.58.162 | Remcos botnet C2 server (confidence level: 75%) | |
file79.110.49.98 | XWorm botnet C2 server (confidence level: 75%) | |
file116.26.11.93 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file172.245.11.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.225.99.47 | Remcos botnet C2 server (confidence level: 100%) | |
file172.65.235.212 | Remcos botnet C2 server (confidence level: 100%) | |
file45.55.224.10 | Sliver botnet C2 server (confidence level: 100%) | |
file185.142.184.119 | Sliver botnet C2 server (confidence level: 100%) | |
file213.209.143.57 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.195.218.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.152.218.67 | DCRat botnet C2 server (confidence level: 100%) | |
file88.224.24.88 | DCRat botnet C2 server (confidence level: 100%) | |
file45.196.239.74 | MooBot botnet C2 server (confidence level: 100%) | |
file94.103.188.118 | MooBot botnet C2 server (confidence level: 100%) | |
file148.66.57.50 | Sliver botnet C2 server (confidence level: 75%) | |
file148.66.57.51 | Sliver botnet C2 server (confidence level: 75%) | |
file172.233.183.147 | Sliver botnet C2 server (confidence level: 75%) | |
file172.233.65.36 | Havoc botnet C2 server (confidence level: 75%) | |
file156.225.17.236 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file49.232.171.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.208.158.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.36.0.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.60.16.239 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.56.160.155 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.84.194 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.109.0.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.171.42.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file198.244.130.241 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.132.122.177 | Havoc botnet C2 server (confidence level: 100%) | |
file103.60.148.11 | DCRat botnet C2 server (confidence level: 100%) | |
file103.60.148.13 | DCRat botnet C2 server (confidence level: 100%) | |
file176.65.144.18 | Bashlite botnet C2 server (confidence level: 100%) | |
file85.9.210.132 | MimiKatz botnet C2 server (confidence level: 100%) | |
file194.35.12.15 | Sliver botnet C2 server (confidence level: 75%) | |
file45.141.233.87 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file45.55.224.10 | Sliver botnet C2 server (confidence level: 75%) | |
file84.212.64.20 | QakBot botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash38e527de7dff14aed82d61bb306be1e225c33de0d1fabf3eee14b714ff2e08d7 | Unknown Stealer payload (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2053 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash40504 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash2053 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash9090 | DCRat botnet C2 server (confidence level: 100%) | |
hash5050 | DCRat botnet C2 server (confidence level: 100%) | |
hash9090 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash11421 | NjRAT botnet C2 server (confidence level: 75%) | |
hash11421 | NjRAT botnet C2 server (confidence level: 75%) | |
hash11421 | NjRAT botnet C2 server (confidence level: 75%) | |
hash11421 | NjRAT botnet C2 server (confidence level: 75%) | |
hash11421 | NjRAT botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash4444 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1833 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash8333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash55609 | NjRAT botnet C2 server (confidence level: 75%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash995 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash18244 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash39994 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Matanbuchus payload delivery server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3333 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash12443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash5020 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash15390 | Mirai botnet C2 server (confidence level: 75%) | |
hash61166 | Remcos botnet C2 server (confidence level: 75%) | |
hash470a328ad3705d0c6866a48912a3f718 | Unknown malware payload (confidence level: 50%) | |
hashfd471239a6c4314c4f5f2ea7cc8e5cd5 | Unknown malware payload (confidence level: 50%) | |
hashbe5af780a67635d1eae32bc959450aff | Unknown malware payload (confidence level: 50%) | |
hashf162816f1d7b0006cfa0bfaf95c492c4 | Unknown malware payload (confidence level: 50%) | |
hash4d5bec4d9d32e00c7d0b9d89e3948c8f | Unknown malware payload (confidence level: 50%) | |
hash1223 | XWorm botnet C2 server (confidence level: 75%) | |
hash36041 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash40090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6349 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash9090 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash8817 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash60002 | Sliver botnet C2 server (confidence level: 100%) | |
hash8883 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash45677 | Havoc botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash9000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash2053 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.pijuk.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainthequestforkn.top | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.aa.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.poxuv.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainferroyxo.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpalivorena.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainip66-175-239-156.pbiaas.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincpanel.gfjd.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainbolt.citrixapp.net | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.cymyv.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.giriq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainrules-binary.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainiafec.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaindixiemgmt.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaintripfjoyq.life | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainironloxp.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmeltonep.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmetalsyo.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainnavstarx.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainrodformi.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainvoyagiei.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaindreliefr.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainex.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainfuckfrance25.ddns.net | NjRAT botnet C2 domain (confidence level: 75%) | |
domaincheck.bukuu.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainautodiscover.c.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainhumanrights.co.ke | Konni botnet C2 domain (confidence level: 49%) | |
domainpolice.co.ke | Konni botnet C2 domain (confidence level: 49%) | |
domainsweetsonian.com | Konni botnet C2 domain (confidence level: 49%) | |
domainsarahmariegerrity.com | Konni botnet C2 domain (confidence level: 49%) | |
domainnationalinterestparty.com | Konni botnet C2 domain (confidence level: 49%) | |
domainxcellentrenovations.com | Konni botnet C2 domain (confidence level: 49%) | |
domainplaydxb.com | Konni botnet C2 domain (confidence level: 49%) | |
domainoldfoxcompany.com | Konni botnet C2 domain (confidence level: 49%) | |
domainnotkittenaround.digmoo.com | Konni botnet C2 domain (confidence level: 49%) | |
domainpriesttools.com | Konni botnet C2 domain (confidence level: 49%) | |
domainaabbe.shop | Konni botnet C2 domain (confidence level: 49%) | |
domaintechtorev.com | Konni botnet C2 domain (confidence level: 49%) | |
domainkatekasoft.com | Konni botnet C2 domain (confidence level: 49%) | |
domainosbrankoradicevickm.com | Konni botnet C2 domain (confidence level: 49%) | |
domainmeditationsecretsforwomen.com | Konni botnet C2 domain (confidence level: 49%) | |
domainnailemkosmetik.de | Konni botnet C2 domain (confidence level: 49%) | |
domaintopledgrowlights.malapascuaisland.com | Konni botnet C2 domain (confidence level: 49%) | |
domainbeldy.ma | Konni botnet C2 domain (confidence level: 49%) | |
domainoreironx.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.nuxiy.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.xamuy.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaine.elvax.live | Matanbuchus payload delivery domain (confidence level: 100%) | |
domainheyues.live | Matanbuchus payload delivery domain (confidence level: 100%) | |
domainwin-shops-sh.com | Matanbuchus payload delivery domain (confidence level: 100%) | |
domainbretux.com | Matanbuchus payload delivery domain (confidence level: 100%) | |
domainserver.neugumma.makeup | Mirai botnet C2 domain (confidence level: 75%) | |
domainee.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainzaharaflowers.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainpa-portal.premierhomeviews.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincheck.lafae.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincomexisj.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.rajuy.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainexistenceshame.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainwebdisk.h.web-app-on.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincheck.gihua.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainr.netluc.live | Unknown malware payload delivery domain (confidence level: 100%) | |
domainipsi.live | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwowi.live | Unknown malware payload delivery domain (confidence level: 100%) | |
domainqq51f.short.gy | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.donau.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domain2za55fsge8fbj.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Threat ID: 682c7db5e8347ec82d2b0a53
Added to database: 5/20/2025, 1:03:49 PM
Last enriched: 6/19/2025, 3:03:54 PM
Last updated: 8/16/2025, 9:01:54 AM
Views: 19
Related Threats
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.