ThreatFox IOCs for 2025-04-04
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-04
AI Analysis
Technical Summary
The provided threat intelligence relates to a malware-related entry titled "ThreatFox IOCs for 2025-04-04," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under "type:osint," indicating it is primarily an open-source intelligence report rather than a detailed technical disclosure of a specific malware strain or vulnerability. No specific affected product versions or detailed technical characteristics of the malware are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 (on an unspecified scale), with analysis and distribution scores of 1 and 3 respectively, suggesting limited analysis depth but moderate distribution potential. There are no known exploits in the wild, and no concrete indicators such as hashes, IP addresses, or domains are included. The absence of detailed technical data, affected software versions, or exploit information implies this report serves as a general alert or collection of IOCs rather than a description of an active, targeted malware campaign. The medium severity rating likely reflects the potential risk posed by the malware category but is constrained by the lack of concrete exploitation evidence or impact data.
Potential Impact
Given the limited technical details and absence of known exploits, the immediate impact on European organizations is difficult to quantify precisely. However, as the threat is classified as malware with moderate distribution potential, it could pose risks such as unauthorized access, data exfiltration, or disruption if deployed successfully. European organizations relying on open-source intelligence tools or platforms that may ingest or process ThreatFox data could be indirectly affected if malicious IOCs are integrated without proper validation. The lack of specific affected products or versions reduces the likelihood of widespread direct compromise. Nonetheless, sectors with high reliance on OSINT for threat detection, such as cybersecurity firms, government agencies, and critical infrastructure operators, should remain vigilant. The medium severity suggests a moderate risk level, where successful exploitation could impact confidentiality and integrity, with potential availability effects depending on the malware's payload. The absence of known exploits and the need for further analysis imply the threat is not currently active or widespread but could evolve.
Mitigation Recommendations
1. Implement rigorous validation and vetting processes for integrating IOCs from open-source platforms like ThreatFox to avoid false positives or malicious data poisoning. 2. Maintain up-to-date endpoint protection solutions with behavioral detection capabilities to identify and block unknown or emerging malware variants. 3. Enhance network monitoring and anomaly detection to identify unusual communication patterns that may indicate malware distribution or command and control activity. 4. Conduct regular threat hunting exercises focusing on OSINT-related threat feeds to proactively identify potential compromises. 5. Educate security teams on the limitations and proper use of OSINT data to prevent overreliance on incomplete or unverified intelligence. 6. Establish incident response plans that include procedures for handling alerts derived from OSINT sources, ensuring rapid validation and containment. 7. Collaborate with information sharing communities to receive timely updates and context about emerging threats related to OSINT malware.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Belgium
Indicators of Compromise
- file: 213.209.129.92
- hash: 34241
- domain: clo.grey-nuke-camera.us
- domain: check.xuxyf.icu
- domain: unicornu.digital
- url: http://206.81.22.85:8888/supershell/login/
- url: https://landing.survival-kitz.com/profilelayout
- hash: 10de1e14a9a64af2d06fff3741cb870d21bcd7508e6b645a7e98f11d05b811be
- hash: 66bfa4c9eae391a7770f71f80015110e7ad626335ad2c9e4c061ff179379b16a
- hash: a9b3a658f99f023f97580dca4bb0ca23da4a249ed0180877273ca398030159d6
- file: 172.171.224.91
- hash: 8000
- file: 107.158.128.43
- hash: 8443
- file: 88.151.195.187
- hash: 8888
- file: 146.70.143.185
- hash: 4869
- file: 193.25.215.45
- hash: 8808
- file: 160.178.141.90
- hash: 7443
- file: 103.122.221.199
- hash: 7443
- file: 176.65.143.191
- hash: 80
- file: 45.9.100.168
- hash: 443
- file: 139.84.158.174
- hash: 443
- domain: notifications.farmandconstructionequipment.com
- domain: mcasproxy.farmandconstructionequipment.com
- domain: 79-72-70-85.dynamic.dsl.as9105.com
- domain: live.farmandconstructionequipment.com
- domain: ssl.farmandconstructionequipment.com
- domain: outlook-us.farmandconstructionequipment.com
- file: 202.181.148.28
- hash: 4449
- file: 160.124.30.50
- hash: 8849
- file: 154.92.54.184
- hash: 8849
- file: 160.124.135.163
- hash: 8849
- file: 13.244.157.101
- hash: 60000
- domain: cp.devoplx.com
- domain: autodiscover.oraonweb.com
- domain: cpcalendars.gfjd.104-168-101-27.cprapid.com
- file: 185.173.37.124
- hash: 443
- file: 38.134.189.215
- hash: 1103
- file: 193.222.96.222
- hash: 2404
- file: 90.113.172.156
- hash: 7777
- domain: hydrat48.duckdns.org
- file: 211.178.25.134
- hash: 1493
- domain: 5za27x0ff58mr.cfc-execute.bj.baidubce.com
- domain: blck-apt.team
- file: 116.205.242.143
- hash: 443
- file: 128.65.199.135
- hash: 8080
- file: 128.90.113.250
- hash: 2000
- file: 5.175.136.65
- hash: 80
- file: 176.65.142.113
- hash: 6606
- file: 128.90.103.245
- hash: 8808
- file: 173.212.220.5
- hash: 1781
- file: 185.100.157.253
- hash: 80
- file: 170.64.162.236
- hash: 443
- domain: blogger.farmandconstructionequipment.com
- domain: fonts.farmandconstructionequipment.com
- domain: autologon.farmandconstructionequipment.com
- file: 144.91.103.204
- hash: 4444
- file: 193.142.146.101
- hash: 4449
- file: 178.253.55.15
- hash: 80
- file: 130.164.172.59
- hash: 443
- file: 222.186.21.14
- hash: 60000
- file: 137.184.143.194
- hash: 60000
- file: 4.233.209.144
- hash: 60000
- file: 108.186.255.119
- hash: 60000
- file: 192.153.57.251
- hash: 60000
- file: 176.123.2.185
- hash: 9000
- file: 85.215.131.84
- hash: 443
- file: 68.183.107.169
- hash: 3333
- file: 188.245.255.109
- hash: 3333
- file: 66.55.74.200
- hash: 3333
- file: 149.137.198.143
- hash: 3333
- file: 85.215.211.6
- hash: 8001
- file: 217.171.25.73
- hash: 3333
- file: 3.110.249.192
- hash: 443
- file: 104.196.99.189
- hash: 443
- domain: webmail.adesso-online.com
- file: 13.61.44.72
- hash: 3333
- file: 103.27.236.240
- hash: 3333
- file: 128.251.130.98
- hash: 4433
- file: 1.9.127.53
- hash: 3333
- file: 3.20.73.170
- hash: 443
- file: 129.151.167.252
- hash: 3333
- file: 143.244.177.17
- hash: 3333
- file: 54.186.211.20
- hash: 443
- file: 64.226.84.117
- hash: 3333
- file: 34.100.236.204
- hash: 8000
- domain: vitaleboutique.com
- domain: dentalimplantsnevada.com
- domain: allworldnewstoday.com
- file: 103.79.120.67
- hash: 443
- file: 103.79.120.67
- hash: 5000
- file: 103.107.104.82
- hash: 443
- file: 103.107.104.82
- hash: 5000
- file: 185.221.215.41
- hash: 443
- domain: flighttr.run
- domain: check.wewit.icu
- url: https://check.wewit.icu/gkcxv.google
- url: http://45.164.177.122:11943/mozi.m
- url: https://guidebusiness.icu/art.php
- url: https://0scenarisacri.top/ghsayuqo
- url: https://28jrxsafer.top/shpaoz
- url: https://kadvennture.top/gksiio
- url: https://mywmedici.top/noagis
- url: https://njrxsafer.top/shpaoz
- url: https://sspacedbv.world/ekdlsk
- url: https://synmedsp.live/lzkdj
- url: https://zkrxspint.digital/kendwz
- url: https://gg1.cewal.fun/700815a50547b01b29cf3a1ca55d7a7e3058e7d911072018.html
- domain: gg1.cewal.fun
- url: https://sezolo.shop/firstplayinglist.ogg
- domain: sezolo.shop
- url: https://flighttr.run/lkaga
- file: 47.237.2.4
- hash: 443
- file: 188.242.34.19
- hash: 4443
- file: 142.171.234.115
- hash: 9999
- file: 137.184.103.54
- hash: 82
- file: 8.137.118.181
- hash: 80
- file: 103.97.179.16
- hash: 80
- file: 45.77.251.101
- hash: 443
- file: 206.237.22.145
- hash: 8888
- file: 103.27.110.192
- hash: 4444
- file: 194.113.106.236
- hash: 4433
- file: 124.70.47.247
- hash: 80
- file: 118.26.38.52
- hash: 8080
- file: 43.139.104.189
- hash: 4567
- file: 172.171.224.91
- hash: 443
- file: 176.65.142.113
- hash: 8808
- file: 84.32.185.206
- hash: 443
- file: 160.124.65.254
- hash: 8849
- file: 13.40.105.17
- hash: 8089
- file: 45.61.158.240
- hash: 2212
- file: 209.38.202.104
- hash: 4000
- domain: sjekk-profil.info
- url: http://217.156.66.15/index.php
- url: https://studiolegaledesanctis.eu/wp-content/uploads/2024/07/caginessebuk.php
- url: http://217.156.66.15/gnathopoda.php
- url: https://studiolegaledesanctis.eu/wp-content/uploads/2024/07/ventage3a.php
- file: 46.246.12.65
- hash: 2703
- file: 185.12.130.161
- hash: 7789
- domain: michiko.linkpc.net
- file: 103.83.87.190
- hash: 5817
- url: https://1grxeasyw.digital/xxepw
- url: https://29krxspint.digital/kendwz
- url: https://erhxhube.run/pogrs
- url: https://gkrxspint.digital/kendwz
- url: https://mbywmedici.top/noagis
- url: https://ztrlxspoty.run/nogoaz
- file: 107.158.128.43
- hash: 8888
- file: 13.60.154.198
- hash: 443
- url: https://99rhxhube.run/pogrs
- url: https://crhxhube.run/pogrs
- url: https://hywmedici.top/noagis
- url: https://igrxeasyw.digital/xxepw
- url: https://mgrxeasyw.digital/xxepw
- url: https://xuzkrxspint.digital/kendwz
- file: 185.14.31.210
- hash: 443
- file: 34.31.17.178
- hash: 3389
- url: https://fprivileggoe.live/api
- url: https://gdeaddereaste.today/api
- url: https://luncertainyelemz.bet/api
- url: https://okrxspint.digital/kendwz
- file: 82.115.223.158
- hash: 28288
- url: https://ocrhxhube.run/pogrs
- hash: da942516a250676ff489beee9f55ef3d260c64af9c699eeba7c70ee5f6d1b342
- hash: 4dd6f7f42abf0112e6b9b24ace7fa25ee5c13b355fa236dab8d399a399b4c23f
- hash: 4613803241dbf642f36565eb603faa5dfbd400b248dc9ef04abb9a01dde7d987
- hash: e6610abf46a2333bb226a68f62ee499ebac392f83c909f61c1cbd9efe0190667
- hash: 9cbe5e153169c032a94f9fffd41d4621ab28fe390db8a4eda3597d9da8639849
- hash: 67fbeb252dd08badcf4e160d19f5f1fdc3cf3a9837ff4d7eba80408e6a66541d
- hash: 579d9534cca977fcc4ba9fdf076a07de8b76569d549bcc11ccafc0b6f4fb5cd7
- domain: tenacious-axiom-8.cfd
- domain: dynamic-summit-cfd.cfd
- domain: gilokio.website
- url: https://8advennture.top/gksiio
- url: https://ptriplooqp.world/apowko
- url: https://skywavej.digital/soasjai
- domain: soft-metal-software.cfd
- url: https://lancasternh.com/6t7y.js
- domain: lancasternh.com
- url: https://lancasternh.com/js.php
- url: http://137.184.103.54:82/t7y9
- domain: j00.lol
- file: 39.100.65.83
- hash: 9091
- file: 195.211.191.54
- hash: 3981
- file: 45.76.45.142
- hash: 7443
- domain: neathealth.online
- domain: vds2386299.my-ihor.ru
- file: 176.65.144.253
- hash: 80
- domain: net-5-88-105-146.cust.vodafonedsl.it
- file: 217.154.22.37
- hash: 8080
- domain: phpmyadmin.emeraldpineventures.com
- domain: server.neugumma.monster
- domain: 4jvm9hwq0d2j4.cfc-execute.gz.baidubce.com
- file: 118.178.128.98
- hash: 8010
- file: 196.251.81.9
- hash: 5555
- file: 196.251.86.234
- hash: 5555
- domain: run.fox-chair-dust.xyz
- file: 185.49.126.133
- hash: 2404
- file: 196.251.81.176
- hash: 2404
- file: 95.169.180.105
- hash: 8443
- file: 45.11.59.50
- hash: 443
- file: 185.17.3.70
- hash: 8443
- file: 78.171.42.106
- hash: 2009
- file: 50.215.42.61
- hash: 8808
- file: 102.117.161.105
- hash: 7443
- file: 176.117.68.103
- hash: 80
- file: 196.251.85.235
- hash: 8848
- file: 54.151.39.99
- hash: 2628
- file: 35.188.50.102
- hash: 7443
- domain: check.kedep.icu
- url: https://check.kedep.icu/gkcxv.google
- url: https://telefoncuhanem54.com/zjq2njg0mwjjnge0/
- url: https://cantikpidebursa161.com/zjq2njg0mwjjnge0/
- url: https://cigeryiyorum35.com/zjq2njg0mwjjnge0/
- file: 67.211.208.99
- hash: 56001
- domain: anlarilblspureuk.duckdns.org
- url: https://3z7advennture.top/gksiio
- url: https://ogrxeasyw.digital/xxepw
- url: https://pepperiop.digital/oage
- url: https://plantainklj.run/opafg
- url: https://puerrogfh.live/iqwez
- url: https://quavabvc.top/iuzhd
- url: https://rambutanvcx.run/adioz
- url: https://gededewe.shop/files/frontend.js
- domain: gededewe.shop
- url: https://gededewe.shop/files/index.php
- url: https://gededewe.shop/files/vid.php
- url: https://liddar.ca/wp-content/wia64.zip
- url: https://reboundui.live/aomgd
- url: https://hannibal.dev/uploads/gxhvw9/
- url: http://185.228.72.203/wins/index.php
- url: http://185.228.72.203/wm/index.php
- url: http://185.228.72.203/boy/index.php
- url: http://185.228.72.203/ig/index.php
- file: 166.88.117.11
- hash: 8088
- file: 166.88.117.11
- hash: 443
- url: https://check.gekan.icu/gkcxv.google
- domain: check.gekan.icu
- domain: yuiwan.com
- file: 129.226.212.179
- hash: 10000
- file: 49.232.65.225
- hash: 443
- file: 196.251.84.4
- hash: 8808
- file: 65.38.120.27
- hash: 7443
- file: 54.179.225.239
- hash: 80
- file: 178.239.151.59
- hash: 10000
- file: 141.98.112.241
- hash: 8080
- file: 176.65.141.186
- hash: 8888
- file: 138.124.78.140
- hash: 80
- file: 197.2.63.236
- hash: 443
- file: 45.121.51.176
- hash: 10000
ThreatFox IOCs for 2025-04-04
Medium
Published: Fri Apr 04 2025 (04/04/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-04
AI-Powered Analysis
AILast updated: 06/19/2025, 15:01:38 UTC
Technical Analysis
The provided threat intelligence relates to a malware-related entry titled "ThreatFox IOCs for 2025-04-04," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is categorized under "type:osint," indicating it is primarily an open-source intelligence report rather than a detailed technical disclosure of a specific malware strain or vulnerability. No specific affected product versions or detailed technical characteristics of the malware are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 (on an unspecified scale), with analysis and distribution scores of 1 and 3 respectively, suggesting limited analysis depth but moderate distribution potential. There are no known exploits in the wild, and no concrete indicators such as hashes, IP addresses, or domains are included. The absence of detailed technical data, affected software versions, or exploit information implies this report serves as a general alert or collection of IOCs rather than a description of an active, targeted malware campaign. The medium severity rating likely reflects the potential risk posed by the malware category but is constrained by the lack of concrete exploitation evidence or impact data.
Potential Impact
Given the limited technical details and absence of known exploits, the immediate impact on European organizations is difficult to quantify precisely. However, as the threat is classified as malware with moderate distribution potential, it could pose risks such as unauthorized access, data exfiltration, or disruption if deployed successfully. European organizations relying on open-source intelligence tools or platforms that may ingest or process ThreatFox data could be indirectly affected if malicious IOCs are integrated without proper validation. The lack of specific affected products or versions reduces the likelihood of widespread direct compromise. Nonetheless, sectors with high reliance on OSINT for threat detection, such as cybersecurity firms, government agencies, and critical infrastructure operators, should remain vigilant. The medium severity suggests a moderate risk level, where successful exploitation could impact confidentiality and integrity, with potential availability effects depending on the malware's payload. The absence of known exploits and the need for further analysis imply the threat is not currently active or widespread but could evolve.
Mitigation Recommendations
1. Implement rigorous validation and vetting processes for integrating IOCs from open-source platforms like ThreatFox to avoid false positives or malicious data poisoning. 2. Maintain up-to-date endpoint protection solutions with behavioral detection capabilities to identify and block unknown or emerging malware variants. 3. Enhance network monitoring and anomaly detection to identify unusual communication patterns that may indicate malware distribution or command and control activity. 4. Conduct regular threat hunting exercises focusing on OSINT-related threat feeds to proactively identify potential compromises. 5. Educate security teams on the limitations and proper use of OSINT data to prevent overreliance on incomplete or unverified intelligence. 6. Establish incident response plans that include procedures for handling alerts derived from OSINT sources, ensuring rapid validation and containment. 7. Collaborate with information sharing communities to receive timely updates and context about emerging threats related to OSINT malware.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- c330c1dd-2190-49f0-ae4b-6a92ef878a2b
- Original Timestamp
- 1743811386
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file213.209.129.92 | Mirai botnet C2 server (confidence level: 75%) | |
file172.171.224.91 | Sliver botnet C2 server (confidence level: 100%) | |
file107.158.128.43 | Sliver botnet C2 server (confidence level: 100%) | |
file88.151.195.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file146.70.143.185 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.25.215.45 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file160.178.141.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.122.221.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.143.191 | Hook botnet C2 server (confidence level: 100%) | |
file45.9.100.168 | Havoc botnet C2 server (confidence level: 100%) | |
file139.84.158.174 | Havoc botnet C2 server (confidence level: 100%) | |
file202.181.148.28 | Venom RAT botnet C2 server (confidence level: 100%) | |
file160.124.30.50 | DCRat botnet C2 server (confidence level: 100%) | |
file154.92.54.184 | DCRat botnet C2 server (confidence level: 100%) | |
file160.124.135.163 | DCRat botnet C2 server (confidence level: 100%) | |
file13.244.157.101 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.173.37.124 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file38.134.189.215 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file193.222.96.222 | Remcos botnet C2 server (confidence level: 75%) | |
file90.113.172.156 | NjRAT botnet C2 server (confidence level: 75%) | |
file211.178.25.134 | NjRAT botnet C2 server (confidence level: 75%) | |
file116.205.242.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.65.199.135 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.90.113.250 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.175.136.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.142.113 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.103.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file173.212.220.5 | Remcos botnet C2 server (confidence level: 100%) | |
file185.100.157.253 | Hook botnet C2 server (confidence level: 100%) | |
file170.64.162.236 | Havoc botnet C2 server (confidence level: 100%) | |
file144.91.103.204 | Sliver botnet C2 server (confidence level: 100%) | |
file193.142.146.101 | Venom RAT botnet C2 server (confidence level: 100%) | |
file178.253.55.15 | MooBot botnet C2 server (confidence level: 100%) | |
file130.164.172.59 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file222.186.21.14 | Unknown malware botnet C2 server (confidence level: 100%) | |
file137.184.143.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.233.209.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.186.255.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.153.57.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.123.2.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.215.131.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.183.107.169 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.245.255.109 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.55.74.200 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.137.198.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.215.211.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.171.25.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.110.249.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.196.99.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.61.44.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.27.236.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.251.130.98 | Unknown malware botnet C2 server (confidence level: 100%) | |
file1.9.127.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.20.73.170 | Unknown malware botnet C2 server (confidence level: 100%) | |
file129.151.167.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.244.177.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.186.211.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.226.84.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.100.236.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.79.120.67 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file103.79.120.67 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file103.107.104.82 | DOPLUGS botnet C2 server (confidence level: 75%) | |
file103.107.104.82 | DOPLUGS botnet C2 server (confidence level: 75%) | |
file185.221.215.41 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file47.237.2.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file188.242.34.19 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.171.234.115 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file137.184.103.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.137.118.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.97.179.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.77.251.101 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.237.22.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.27.110.192 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.113.106.236 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.47.247 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.26.38.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.104.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.171.224.91 | Sliver botnet C2 server (confidence level: 100%) | |
file176.65.142.113 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file84.32.185.206 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
file160.124.65.254 | DCRat botnet C2 server (confidence level: 100%) | |
file13.40.105.17 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.61.158.240 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file209.38.202.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.246.12.65 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file185.12.130.161 | XWorm botnet C2 server (confidence level: 75%) | |
file103.83.87.190 | Remcos botnet C2 server (confidence level: 75%) | |
file107.158.128.43 | Sliver botnet C2 server (confidence level: 75%) | |
file13.60.154.198 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file185.14.31.210 | DanaBot botnet C2 server (confidence level: 75%) | |
file34.31.17.178 | Havoc botnet C2 server (confidence level: 75%) | |
file82.115.223.158 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file39.100.65.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.211.191.54 | Remcos botnet C2 server (confidence level: 100%) | |
file45.76.45.142 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.144.253 | MooBot botnet C2 server (confidence level: 100%) | |
file217.154.22.37 | Chaos botnet C2 server (confidence level: 100%) | |
file118.178.128.98 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file196.251.81.9 | Remcos botnet C2 server (confidence level: 75%) | |
file196.251.86.234 | Remcos botnet C2 server (confidence level: 75%) | |
file185.49.126.133 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.81.176 | Remcos botnet C2 server (confidence level: 100%) | |
file95.169.180.105 | Sliver botnet C2 server (confidence level: 100%) | |
file45.11.59.50 | Sliver botnet C2 server (confidence level: 100%) | |
file185.17.3.70 | Sliver botnet C2 server (confidence level: 100%) | |
file78.171.42.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file50.215.42.61 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.161.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.117.68.103 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.85.235 | DCRat botnet C2 server (confidence level: 100%) | |
file54.151.39.99 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.188.50.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.211.208.99 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file166.88.117.11 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file166.88.117.11 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file129.226.212.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.65.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.84.4 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.38.120.27 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.179.225.239 | Hook botnet C2 server (confidence level: 100%) | |
file178.239.151.59 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file141.98.112.241 | Venom RAT botnet C2 server (confidence level: 100%) | |
file176.65.141.186 | Venom RAT botnet C2 server (confidence level: 100%) | |
file138.124.78.140 | MooBot botnet C2 server (confidence level: 100%) | |
file197.2.63.236 | QakBot botnet C2 server (confidence level: 75%) | |
file45.121.51.176 | DeimosC2 botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash34241 | Mirai botnet C2 server (confidence level: 75%) | |
hash10de1e14a9a64af2d06fff3741cb870d21bcd7508e6b645a7e98f11d05b811be | Unknown Stealer payload (confidence level: 100%) | |
hash66bfa4c9eae391a7770f71f80015110e7ad626335ad2c9e4c061ff179379b16a | Unknown Stealer payload (confidence level: 100%) | |
hasha9b3a658f99f023f97580dca4bb0ca23da4a249ed0180877273ca398030159d6 | Unknown Stealer payload (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4869 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash60000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash1103 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash7777 | NjRAT botnet C2 server (confidence level: 75%) | |
hash1493 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1781 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | Sliver botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash5000 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 75%) | |
hash5000 | DOPLUGS botnet C2 server (confidence level: 75%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4567 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Lumma Stealer botnet C2 server (confidence level: 100%) | |
hash8849 | DCRat botnet C2 server (confidence level: 100%) | |
hash8089 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2212 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2703 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7789 | XWorm botnet C2 server (confidence level: 75%) | |
hash5817 | Remcos botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DanaBot botnet C2 server (confidence level: 75%) | |
hash3389 | Havoc botnet C2 server (confidence level: 75%) | |
hash28288 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hashda942516a250676ff489beee9f55ef3d260c64af9c699eeba7c70ee5f6d1b342 | Unknown Stealer payload (confidence level: 100%) | |
hash4dd6f7f42abf0112e6b9b24ace7fa25ee5c13b355fa236dab8d399a399b4c23f | Unknown Stealer payload (confidence level: 100%) | |
hash4613803241dbf642f36565eb603faa5dfbd400b248dc9ef04abb9a01dde7d987 | Unknown Stealer payload (confidence level: 100%) | |
hashe6610abf46a2333bb226a68f62ee499ebac392f83c909f61c1cbd9efe0190667 | Unknown Stealer payload (confidence level: 100%) | |
hash9cbe5e153169c032a94f9fffd41d4621ab28fe390db8a4eda3597d9da8639849 | Unknown Stealer payload (confidence level: 100%) | |
hash67fbeb252dd08badcf4e160d19f5f1fdc3cf3a9837ff4d7eba80408e6a66541d | Unknown Stealer payload (confidence level: 100%) | |
hash579d9534cca977fcc4ba9fdf076a07de8b76569d549bcc11ccafc0b6f4fb5cd7 | Unknown Stealer payload (confidence level: 100%) | |
hash9091 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3981 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash8010 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash5555 | Remcos botnet C2 server (confidence level: 75%) | |
hash5555 | Remcos botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash2009 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash2628 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash56001 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8088 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash10000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash10000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash10000 | DeimosC2 botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainclo.grey-nuke-camera.us | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.xuxyf.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainunicornu.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnotifications.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainmcasproxy.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domain79-72-70-85.dynamic.dsl.as9105.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainlive.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainssl.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainoutlook-us.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaincp.devoplx.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainautodiscover.oraonweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.gfjd.104-168-101-27.cprapid.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainhydrat48.duckdns.org | NjRAT botnet C2 domain (confidence level: 75%) | |
domain5za27x0ff58mr.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainblck-apt.team | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainblogger.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainfonts.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainautologon.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwebmail.adesso-online.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainvitaleboutique.com | DOPLUGS botnet C2 domain (confidence level: 100%) | |
domaindentalimplantsnevada.com | DOPLUGS botnet C2 domain (confidence level: 100%) | |
domainallworldnewstoday.com | DOPLUGS botnet C2 domain (confidence level: 100%) | |
domainflighttr.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincheck.wewit.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaingg1.cewal.fun | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainsezolo.shop | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainsjekk-profil.info | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmichiko.linkpc.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaintenacious-axiom-8.cfd | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaindynamic-summit-cfd.cfd | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingilokio.website | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsoft-metal-software.cfd | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainlancasternh.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainj00.lol | Raspberry Robin payload delivery domain (confidence level: 100%) | |
domainneathealth.online | Havoc botnet C2 domain (confidence level: 100%) | |
domainvds2386299.my-ihor.ru | Havoc botnet C2 domain (confidence level: 100%) | |
domainnet-5-88-105-146.cust.vodafonedsl.it | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainphpmyadmin.emeraldpineventures.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainserver.neugumma.monster | Mirai botnet C2 domain (confidence level: 75%) | |
domain4jvm9hwq0d2j4.cfc-execute.gz.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainrun.fox-chair-dust.xyz | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.kedep.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainanlarilblspureuk.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingededewe.shop | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.gekan.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainyuiwan.com | DOPLUGS botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://206.81.22.85:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://landing.survival-kitz.com/profilelayout | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://check.wewit.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://45.164.177.122:11943/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://guidebusiness.icu/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://0scenarisacri.top/ghsayuqo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://28jrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kadvennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://njrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sspacedbv.world/ekdlsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://synmedsp.live/lzkdj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zkrxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gg1.cewal.fun/700815a50547b01b29cf3a1ca55d7a7e3058e7d911072018.html | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://sezolo.shop/firstplayinglist.ogg | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://flighttr.run/lkaga | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://217.156.66.15/index.php | Koi Loader botnet C2 (confidence level: 100%) | |
urlhttps://studiolegaledesanctis.eu/wp-content/uploads/2024/07/caginessebuk.php | Koi Loader botnet C2 (confidence level: 100%) | |
urlhttp://217.156.66.15/gnathopoda.php | Koi Loader botnet C2 (confidence level: 100%) | |
urlhttps://studiolegaledesanctis.eu/wp-content/uploads/2024/07/ventage3a.php | Koi Loader botnet C2 (confidence level: 100%) | |
urlhttps://1grxeasyw.digital/xxepw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://29krxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://erhxhube.run/pogrs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gkrxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mbywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ztrlxspoty.run/nogoaz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://99rhxhube.run/pogrs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://crhxhube.run/pogrs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://igrxeasyw.digital/xxepw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mgrxeasyw.digital/xxepw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xuzkrxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://fprivileggoe.live/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gdeaddereaste.today/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://luncertainyelemz.bet/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://okrxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ocrhxhube.run/pogrs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://8advennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ptriplooqp.world/apowko | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://skywavej.digital/soasjai | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lancasternh.com/6t7y.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://lancasternh.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://137.184.103.54:82/t7y9 | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://check.kedep.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://telefoncuhanem54.com/zjq2njg0mwjjnge0/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cantikpidebursa161.com/zjq2njg0mwjjnge0/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://cigeryiyorum35.com/zjq2njg0mwjjnge0/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://3z7advennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ogrxeasyw.digital/xxepw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pepperiop.digital/oage | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://plantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://puerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://quavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rambutanvcx.run/adioz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gededewe.shop/files/frontend.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gededewe.shop/files/index.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://gededewe.shop/files/vid.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://liddar.ca/wp-content/wia64.zip | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://reboundui.live/aomgd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hannibal.dev/uploads/gxhvw9/ | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttp://185.228.72.203/wins/index.php | JanelaRAT botnet C2 (confidence level: 100%) | |
urlhttp://185.228.72.203/wm/index.php | JanelaRAT botnet C2 (confidence level: 100%) | |
urlhttp://185.228.72.203/boy/index.php | JanelaRAT botnet C2 (confidence level: 100%) | |
urlhttp://185.228.72.203/ig/index.php | JanelaRAT botnet C2 (confidence level: 100%) | |
urlhttps://check.gekan.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) |
Threat ID: 682c7db5e8347ec82d2b049f
Added to database: 5/20/2025, 1:03:49 PM
Last enriched: 6/19/2025, 3:01:38 PM
Last updated: 8/13/2025, 4:15:50 PM
Views: 18
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.