ThreatFox IOCs for 2025-04-06
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-06
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-06," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat data. The report is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical characteristics of the malware are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. The analysis score is 1, and distribution is rated 3, suggesting a moderate level of dissemination or potential reach. There are no known exploits in the wild linked to this threat at the time of publication, and no concrete indicators of compromise (IOCs) are listed. The absence of detailed technical data, such as attack vectors, payload behavior, or targeted vulnerabilities, limits the ability to perform a deep technical dissection. However, the classification as malware and the medium severity imply a potential risk that warrants attention, especially given the distribution rating. The lack of authentication or user interaction details suggests that the threat's exploitation complexity is unclear. Overall, this appears to be an early-stage or low-profile malware threat with moderate distribution potential but limited current impact evidence.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and the distribution score of 3. Without specific details on the malware's capabilities, it is difficult to ascertain precise effects on confidentiality, integrity, or availability. However, malware typically poses risks such as data exfiltration, system disruption, or unauthorized access. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation. European entities relying on open-source intelligence tools or platforms similar to ThreatFox might be indirectly affected if the malware targets such environments or leverages OSINT data for reconnaissance. The potential impact could be more pronounced in sectors with high reliance on OSINT for threat detection, such as cybersecurity firms, government agencies, and critical infrastructure operators. Additionally, the medium severity suggests that while the threat is not currently critical, it could evolve or be part of a broader attack campaign. Organizations should remain vigilant, especially given the moderate distribution rating, which implies a non-negligible spread or presence.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing general malware defense and OSINT data handling practices. Specific recommendations include: 1) Implement robust endpoint protection solutions with updated malware signatures and heuristic detection capabilities to identify and block unknown or emerging threats. 2) Monitor OSINT platforms and threat intelligence feeds closely for updates or new IOCs related to this malware to enable timely detection and response. 3) Enforce strict access controls and network segmentation around systems that consume or process OSINT data to limit lateral movement in case of compromise. 4) Conduct regular threat hunting exercises focusing on unusual activity patterns that could indicate malware presence, especially in environments handling open-source intelligence. 5) Educate security teams on the importance of validating OSINT sources and integrating multiple intelligence feeds to reduce reliance on potentially compromised data. 6) Maintain up-to-date backups and incident response plans tailored to malware incidents to minimize operational disruption. These measures go beyond generic advice by emphasizing OSINT-specific risk management and proactive threat intelligence integration.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy
Indicators of Compromise
- file: 176.65.144.18
- hash: 666
- domain: pepperiop.digital
- domain: captcha-verify-6r4x.com
- url: http://103.142.102.1:8888/supershell/login/
- domain: captcha-verify-2q7y.com
- domain: bravelyko.run
- domain: nalandareporter.com
- domain: www.leszartistes.art
- domain: power.moon-river-coin.xyz
- url: http://45.93.20.64/c090b39aa5004512.php
- url: http://45.93.20.28/3d15e67552d448ff.php
- url: http://81.19.131.77/6f35b3aacc54463f.php
- file: 45.93.20.64
- hash: 80
- file: 45.93.20.28
- hash: 80
- file: 81.19.131.77
- hash: 80
- file: 38.246.253.80
- hash: 80
- file: 78.164.223.72
- hash: 20000
- file: 179.100.48.53
- hash: 5000
- file: 196.251.118.210
- hash: 8082
- domain: account.farmandconstructionequipment.com
- file: 43.206.154.248
- hash: 2079
- domain: autodiscover.b.ora-0-web.com
- domain: mail.e.multi-canale.com
- domain: cpcalendars.b.multi-canale.com
- domain: mail.eversioneweb.com
- file: 138.68.79.95
- hash: 6522
- file: 108.186.255.119
- hash: 40000
- file: 8.220.176.89
- hash: 8888
- file: 176.65.143.159
- hash: 7777
- file: 176.65.144.32
- hash: 7777
- file: 78.164.223.72
- hash: 1000
- file: 13.36.177.151
- hash: 7443
- file: 176.65.144.237
- hash: 80
- file: 31.59.131.10
- hash: 8082
- file: 213.159.68.41
- hash: 8082
- file: 34.219.245.253
- hash: 10080
- domain: proximus-me.com
- file: 196.251.117.88
- hash: 2404
- file: 109.248.6.228
- hash: 8080
- domain: ogs.farmandconstructionequipment.com
- file: 45.137.198.124
- hash: 80
- file: 185.17.3.70
- hash: 88
- file: 159.203.16.243
- hash: 60000
- file: 154.38.162.182
- hash: 60000
- file: 18.194.7.178
- hash: 3333
- file: 3.23.103.84
- hash: 8080
- file: 85.215.131.84
- hash: 3333
- file: 13.232.52.251
- hash: 443
- file: 13.238.81.224
- hash: 443
- file: 183.179.149.2
- hash: 55535
- file: 54.205.7.84
- hash: 443
- file: 154.55.115.48
- hash: 81
- file: 13.78.86.115
- hash: 3333
- file: 65.38.98.61
- hash: 8443
- file: 52.224.246.147
- hash: 3333
- file: 3.127.102.68
- hash: 80
- file: 3.127.102.68
- hash: 443
- file: 54.243.26.20
- hash: 443
- file: 13.201.186.65
- hash: 8443
- file: 3.85.158.49
- hash: 443
- file: 47.108.216.208
- hash: 3333
- file: 147.185.221.27
- hash: 17182
- domain: lake-observation.gl.at.ply.gg
- file: 44.204.211.51
- hash: 26223
- file: 179.95.197.65
- hash: 9990
- domain: qq.ap.4t.com
- url: https://qq.ap.4t.com/
- file: 78.47.105.59
- hash: 443
- url: https://xiaoll.com/macshare.php
- domain: xiaoll.com
- domain: net-killer.ooguy.com
- domain: net-killer.cameraddns.net
- domain: most-killer.duckdns.org
- file: 176.65.144.253
- hash: 56999
- domain: connect.antiwifi.dev
- url: https://5pepperiop.digital/oage
- url: https://7advennture.top/gksiio
- url: https://7quavabvc.top/iuzhd
- url: https://cplantainklj.run/opafg
- url: https://fjrxsafer.top/shpaoz
- url: https://gpuerrogfh.live/iqwez
- url: https://mrambutanvcx.run/adioz
- url: https://npepperiop.digital/oage
- url: https://1quavabvc.top/iuzhd
- url: https://8jrxsafer.top/shpaoz
- url: https://bplantainklj.run/opafg
- url: https://njywmedici.top/noagis
- url: https://tzpuerrogfh.live/iqwez
- url: https://xpuerrogfh.live/iqwez
- url: https://2plantainklj.run/opafg
- url: https://6puerrogfh.live/iqwez
- url: https://7jrxsafer.top/shpaoz
- url: https://kquavabvc.top/iuzhd
- url: https://sadvennture.top/gksiio
- url: https://srambutanvcx.run/adioz
- url: https://yplantainklj.run/opafg
- url: https://0quavabvc.top/iuzhd
- url: https://flourishfo.run/ayuio
- url: https://iquavabvc.top/iuzhd
- url: https://ptargett.top/dsangt
- domain: us02web-zoom.icu
- file: 144.202.100.226
- hash: 1912
- domain: zoom-us.live
- domain: us06web.zoom-us.live
- file: 129.226.212.179
- hash: 10001
- file: 129.226.212.179
- hash: 20000
- file: 192.52.242.41
- hash: 443
- file: 172.111.244.211
- hash: 9907
- file: 95.217.34.113
- hash: 69
- file: 128.90.113.107
- hash: 4000
- file: 96.2.91.102
- hash: 443
- file: 185.196.11.208
- hash: 7443
- file: 18.138.195.208
- hash: 80
- domain: quanmingl.com
- file: 176.65.144.237
- hash: 8089
- file: 13.208.71.18
- hash: 49331
- domain: cpcontacts.e.ora-0-web.com
- file: 115.29.224.229
- hash: 80
- file: 147.124.211.116
- hash: 443
- file: 147.124.211.116
- hash: 80
- url: https://gquavabvc.top/iuzhd
- file: 173.187.25.9
- hash: 995
- file: 35.169.63.213
- hash: 443
- file: 38.132.122.163
- hash: 8888
- file: 85.239.62.195
- hash: 443
- file: 85.239.62.195
- hash: 80
- url: https://1ywmedici.top/noagis
- url: https://6plantainklj.run/opafg
- url: https://ujjrxsafer.top/shpaoz
- url: https://vpepperiop.digital/oage
- url: https://advancesg.live/aoias
- file: 129.226.212.179
- hash: 10002
- file: 47.106.229.212
- hash: 443
- file: 83.229.121.234
- hash: 443
- file: 191.232.247.88
- hash: 31337
- file: 128.90.113.107
- hash: 8808
- file: 102.117.168.190
- hash: 7443
- file: 64.226.68.251
- hash: 8880
- file: 45.141.233.171
- hash: 80
- file: 87.120.166.48
- hash: 80
- file: 31.59.131.10
- hash: 80
- file: 176.65.137.250
- hash: 443
- file: 45.139.104.170
- hash: 25
- domain: af5n6505ezcdp.cfc-execute.bj.baidubce.com
- domain: cbqk67k2sd04d.cfc-execute.bj.baidubce.com
- domain: f4jr3v36b1sd7.cfc-execute.bj.baidubce.com
- url: https://6ywmedici.top/noagis
- url: https://gplantainklj.run/opafg
- url: https://zestyasd.run/igsup
- file: 107.174.192.179
- hash: 80
- file: 82.29.67.160
- hash: 443
- domain: plantainklj.run
- file: 47.106.229.212
- hash: 801
- file: 143.110.241.106
- hash: 443
- file: 176.65.141.98
- hash: 8808
- file: 188.126.90.65
- hash: 7031
- file: 34.23.94.159
- hash: 7443
- file: 45.141.233.172
- hash: 8089
- file: 45.88.186.129
- hash: 8082
- file: 13.246.40.30
- hash: 1961
- file: 52.47.171.145
- hash: 443
- file: 35.79.81.8
- hash: 80
- file: 176.65.144.253
- hash: 12972
- file: 149.88.84.102
- hash: 6666
- file: 111.229.108.128
- hash: 12233
- file: 166.88.61.176
- hash: 8443
- file: 15.229.22.115
- hash: 80
- file: 15.229.22.115
- hash: 443
- file: 47.96.136.148
- hash: 8099
- file: 18.227.13.197
- hash: 80
- file: 129.204.146.115
- hash: 50050
- file: 64.176.44.186
- hash: 63210
- file: 142.202.190.39
- hash: 31337
- file: 157.180.44.116
- hash: 31337
- file: 138.124.116.155
- hash: 31337
- file: 45.76.143.197
- hash: 31337
- file: 143.198.1.58
- hash: 31337
- file: 159.223.233.165
- hash: 31337
- file: 194.35.12.15
- hash: 31337
- file: 185.208.158.227
- hash: 31337
- file: 192.161.162.116
- hash: 31337
- file: 38.180.62.25
- hash: 31337
- file: 165.22.37.20
- hash: 31337
- file: 18.162.82.100
- hash: 31337
- file: 45.38.42.187
- hash: 31337
- file: 37.60.244.185
- hash: 31337
- file: 24.137.215.163
- hash: 31337
- file: 157.173.192.228
- hash: 31337
- file: 167.71.240.130
- hash: 31337
- file: 206.206.76.53
- hash: 31337
- file: 36.227.134.100
- hash: 31337
- file: 136.144.163.253
- hash: 9312
- file: 47.129.114.201
- hash: 9333
- file: 54.178.49.171
- hash: 8728
- file: 54.167.126.234
- hash: 17
- file: 18.119.101.156
- hash: 11000
- file: 65.39.69.46
- hash: 5001
- file: 23.24.178.33
- hash: 5454
- file: 34.216.6.87
- hash: 9306
- file: 141.164.37.48
- hash: 80
- file: 158.247.255.100
- hash: 443
- file: 204.12.253.10
- hash: 443
- file: 194.127.192.94
- hash: 3333
- file: 110.42.45.101
- hash: 9205
- file: 118.26.39.189
- hash: 9443
- file: 84.46.239.89
- hash: 10443
- file: 152.204.236.49
- hash: 9999
- file: 51.159.110.219
- hash: 10001
- file: 18.175.163.249
- hash: 2762
- file: 195.82.146.32
- hash: 4443
- file: 177.136.225.145
- hash: 8443
- file: 54.160.167.20
- hash: 2048
- file: 117.212.172.74
- hash: 50997
- url: http://31.59.131.10/
- url: http://176.65.144.237/
- url: http://45.88.186.129/
- url: http://176.117.68.103/
- url: http://176.65.143.191/
- url: http://176.65.143.173/m0xmdru/login.php
- domain: javv-46764.portmap.host
- domain: would-perspectives.gl.at.ply.gg
- domain: landing.survival-kitz.co
- domain: candidt.live
- domain: ingotyxx.live
- domain: liberatuie.run
- domain: styleclinic-beautyicon.shop
- file: 176.100.37.198
- hash: 443
- file: 163.5.32.183
- hash: 8808
- file: 78.164.223.72
- hash: 888
- file: 96.9.125.174
- hash: 7443
- file: 196.251.70.173
- hash: 8089
- file: 159.223.171.199
- hash: 4443
- file: 52.47.171.145
- hash: 16993
- file: 185.39.206.11
- hash: 80
- file: 5.95.41.119
- hash: 443
- file: 101.37.12.180
- hash: 47486
- file: 143.110.241.106
- hash: 2083
- file: 188.4.199.72
- hash: 995
- domain: coi.coicoi.filegear-sg.me
ThreatFox IOCs for 2025-04-06
Medium
Published: Sun Apr 06 2025 (04/06/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-06
AI-Powered Analysis
AILast updated: 06/19/2025, 15:01:51 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-06," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat data. The report is categorized under "type:osint," indicating that it primarily involves open-source intelligence data rather than a specific malware family or exploit. No specific affected product versions or detailed technical characteristics of the malware are provided, and there are no associated Common Weakness Enumerations (CWEs) or patch links. The threat level is indicated as 2 on an unspecified scale, with a medium severity rating assigned by the source. The analysis score is 1, and distribution is rated 3, suggesting a moderate level of dissemination or potential reach. There are no known exploits in the wild linked to this threat at the time of publication, and no concrete indicators of compromise (IOCs) are listed. The absence of detailed technical data, such as attack vectors, payload behavior, or targeted vulnerabilities, limits the ability to perform a deep technical dissection. However, the classification as malware and the medium severity imply a potential risk that warrants attention, especially given the distribution rating. The lack of authentication or user interaction details suggests that the threat's exploitation complexity is unclear. Overall, this appears to be an early-stage or low-profile malware threat with moderate distribution potential but limited current impact evidence.
Potential Impact
For European organizations, the impact of this threat is currently assessed as moderate due to the medium severity rating and the distribution score of 3. Without specific details on the malware's capabilities, it is difficult to ascertain precise effects on confidentiality, integrity, or availability. However, malware typically poses risks such as data exfiltration, system disruption, or unauthorized access. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation. European entities relying on open-source intelligence tools or platforms similar to ThreatFox might be indirectly affected if the malware targets such environments or leverages OSINT data for reconnaissance. The potential impact could be more pronounced in sectors with high reliance on OSINT for threat detection, such as cybersecurity firms, government agencies, and critical infrastructure operators. Additionally, the medium severity suggests that while the threat is not currently critical, it could evolve or be part of a broader attack campaign. Organizations should remain vigilant, especially given the moderate distribution rating, which implies a non-negligible spread or presence.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing general malware defense and OSINT data handling practices. Specific recommendations include: 1) Implement robust endpoint protection solutions with updated malware signatures and heuristic detection capabilities to identify and block unknown or emerging threats. 2) Monitor OSINT platforms and threat intelligence feeds closely for updates or new IOCs related to this malware to enable timely detection and response. 3) Enforce strict access controls and network segmentation around systems that consume or process OSINT data to limit lateral movement in case of compromise. 4) Conduct regular threat hunting exercises focusing on unusual activity patterns that could indicate malware presence, especially in environments handling open-source intelligence. 5) Educate security teams on the importance of validating OSINT sources and integrating multiple intelligence feeds to reduce reliance on potentially compromised data. 6) Maintain up-to-date backups and incident response plans tailored to malware incidents to minimize operational disruption. These measures go beyond generic advice by emphasizing OSINT-specific risk management and proactive threat intelligence integration.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 29ef4424-a95c-42d2-b432-f8855984f7d4
- Original Timestamp
- 1743984187
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file176.65.144.18 | Bashlite botnet C2 server (confidence level: 75%) | |
file45.93.20.64 | Stealc botnet C2 server (confidence level: 50%) | |
file45.93.20.28 | Stealc botnet C2 server (confidence level: 50%) | |
file81.19.131.77 | Stealc botnet C2 server (confidence level: 50%) | |
file38.246.253.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file78.164.223.72 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file179.100.48.53 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file196.251.118.210 | Havoc botnet C2 server (confidence level: 100%) | |
file43.206.154.248 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file138.68.79.95 | NjRAT botnet C2 server (confidence level: 75%) | |
file108.186.255.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.220.176.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.143.159 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.144.32 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.223.72 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file13.36.177.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.144.237 | Hook botnet C2 server (confidence level: 100%) | |
file31.59.131.10 | Hook botnet C2 server (confidence level: 100%) | |
file213.159.68.41 | Hook botnet C2 server (confidence level: 100%) | |
file34.219.245.253 | Havoc botnet C2 server (confidence level: 100%) | |
file196.251.117.88 | Remcos botnet C2 server (confidence level: 100%) | |
file109.248.6.228 | Sliver botnet C2 server (confidence level: 100%) | |
file45.137.198.124 | MooBot botnet C2 server (confidence level: 100%) | |
file185.17.3.70 | Sliver botnet C2 server (confidence level: 100%) | |
file159.203.16.243 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.38.162.182 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.194.7.178 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.23.103.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.215.131.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.232.52.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.238.81.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file183.179.149.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.205.7.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.55.115.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.78.86.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.38.98.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.224.246.147 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.127.102.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.127.102.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.243.26.20 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.201.186.65 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.85.158.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.108.216.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.185.221.27 | NjRAT botnet C2 server (confidence level: 75%) | |
file44.204.211.51 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file179.95.197.65 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file78.47.105.59 | Vidar botnet C2 server (confidence level: 75%) | |
file176.65.144.253 | Mirai botnet C2 server (confidence level: 75%) | |
file144.202.100.226 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file129.226.212.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.226.212.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.52.242.41 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.244.211 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.217.34.113 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.107 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file96.2.91.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.196.11.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.138.195.208 | Hook botnet C2 server (confidence level: 100%) | |
file176.65.144.237 | Hook botnet C2 server (confidence level: 100%) | |
file13.208.71.18 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file115.29.224.229 | MimiKatz botnet C2 server (confidence level: 100%) | |
file147.124.211.116 | Rhysida botnet C2 server (confidence level: 75%) | |
file147.124.211.116 | Rhysida botnet C2 server (confidence level: 75%) | |
file173.187.25.9 | QakBot botnet C2 server (confidence level: 75%) | |
file35.169.63.213 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file38.132.122.163 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file85.239.62.195 | Rhysida botnet C2 server (confidence level: 75%) | |
file85.239.62.195 | Rhysida botnet C2 server (confidence level: 75%) | |
file129.226.212.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.106.229.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file83.229.121.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file191.232.247.88 | Sliver botnet C2 server (confidence level: 100%) | |
file128.90.113.107 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.168.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.226.68.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.141.233.171 | Hook botnet C2 server (confidence level: 100%) | |
file87.120.166.48 | Hook botnet C2 server (confidence level: 100%) | |
file31.59.131.10 | Hook botnet C2 server (confidence level: 100%) | |
file176.65.137.250 | Havoc botnet C2 server (confidence level: 100%) | |
file45.139.104.170 | Venom RAT botnet C2 server (confidence level: 100%) | |
file107.174.192.179 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
file82.29.67.160 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
file47.106.229.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file143.110.241.106 | Sliver botnet C2 server (confidence level: 100%) | |
file176.65.141.98 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file188.126.90.65 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.23.94.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.141.233.172 | Hook botnet C2 server (confidence level: 100%) | |
file45.88.186.129 | Hook botnet C2 server (confidence level: 100%) | |
file13.246.40.30 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.47.171.145 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.79.81.8 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
file176.65.144.253 | Mirai botnet C2 server (confidence level: 100%) | |
file149.88.84.102 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file111.229.108.128 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file166.88.61.176 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file15.229.22.115 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file15.229.22.115 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.96.136.148 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file18.227.13.197 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file129.204.146.115 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file64.176.44.186 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file142.202.190.39 | Sliver botnet C2 server (confidence level: 50%) | |
file157.180.44.116 | Sliver botnet C2 server (confidence level: 50%) | |
file138.124.116.155 | Sliver botnet C2 server (confidence level: 50%) | |
file45.76.143.197 | Sliver botnet C2 server (confidence level: 50%) | |
file143.198.1.58 | Sliver botnet C2 server (confidence level: 50%) | |
file159.223.233.165 | Sliver botnet C2 server (confidence level: 50%) | |
file194.35.12.15 | Sliver botnet C2 server (confidence level: 50%) | |
file185.208.158.227 | Sliver botnet C2 server (confidence level: 50%) | |
file192.161.162.116 | Sliver botnet C2 server (confidence level: 50%) | |
file38.180.62.25 | Sliver botnet C2 server (confidence level: 50%) | |
file165.22.37.20 | Sliver botnet C2 server (confidence level: 50%) | |
file18.162.82.100 | Sliver botnet C2 server (confidence level: 50%) | |
file45.38.42.187 | Sliver botnet C2 server (confidence level: 50%) | |
file37.60.244.185 | Sliver botnet C2 server (confidence level: 50%) | |
file24.137.215.163 | Sliver botnet C2 server (confidence level: 50%) | |
file157.173.192.228 | Sliver botnet C2 server (confidence level: 50%) | |
file167.71.240.130 | Sliver botnet C2 server (confidence level: 50%) | |
file206.206.76.53 | Sliver botnet C2 server (confidence level: 50%) | |
file36.227.134.100 | Sliver botnet C2 server (confidence level: 50%) | |
file136.144.163.253 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file47.129.114.201 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.178.49.171 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file54.167.126.234 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file18.119.101.156 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file65.39.69.46 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file23.24.178.33 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file34.216.6.87 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file141.164.37.48 | Kimsuky botnet C2 server (confidence level: 50%) | |
file158.247.255.100 | Kimsuky botnet C2 server (confidence level: 50%) | |
file204.12.253.10 | Kimsuky botnet C2 server (confidence level: 50%) | |
file194.127.192.94 | Unknown malware botnet C2 server (confidence level: 50%) | |
file110.42.45.101 | Unknown malware botnet C2 server (confidence level: 50%) | |
file118.26.39.189 | Unknown malware botnet C2 server (confidence level: 50%) | |
file84.46.239.89 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file152.204.236.49 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file51.159.110.219 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file18.175.163.249 | BlackShades botnet C2 server (confidence level: 50%) | |
file195.82.146.32 | DCRat botnet C2 server (confidence level: 50%) | |
file177.136.225.145 | Havoc botnet C2 server (confidence level: 50%) | |
file54.160.167.20 | Unknown malware botnet C2 server (confidence level: 50%) | |
file117.212.172.74 | Mozi botnet C2 server (confidence level: 50%) | |
file176.100.37.198 | Sliver botnet C2 server (confidence level: 100%) | |
file163.5.32.183 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.164.223.72 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file96.9.125.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.70.173 | Hook botnet C2 server (confidence level: 100%) | |
file159.223.171.199 | Venom RAT botnet C2 server (confidence level: 100%) | |
file52.47.171.145 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.39.206.11 | ERMAC botnet C2 server (confidence level: 100%) | |
file5.95.41.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.37.12.180 | Chaos botnet C2 server (confidence level: 100%) | |
file143.110.241.106 | Sliver botnet C2 server (confidence level: 75%) | |
file188.4.199.72 | QakBot botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash666 | Bashlite botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 50%) | |
hash80 | Stealc botnet C2 server (confidence level: 50%) | |
hash80 | Stealc botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8082 | Havoc botnet C2 server (confidence level: 100%) | |
hash2079 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6522 | NjRAT botnet C2 server (confidence level: 75%) | |
hash40000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash10080 | Havoc botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash88 | Sliver botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash55535 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash81 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash17182 | NjRAT botnet C2 server (confidence level: 75%) | |
hash26223 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 75%) | |
hash56999 | Mirai botnet C2 server (confidence level: 75%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash10001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash9907 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash49331 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | Rhysida botnet C2 server (confidence level: 75%) | |
hash80 | Rhysida botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8888 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | Rhysida botnet C2 server (confidence level: 75%) | |
hash80 | Rhysida botnet C2 server (confidence level: 75%) | |
hash10002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8880 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash25 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
hash443 | DarkVision RAT botnet C2 server (confidence level: 75%) | |
hash801 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7031 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash1961 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Brute Ratel C4 botnet C2 server (confidence level: 100%) | |
hash12972 | Mirai botnet C2 server (confidence level: 100%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash12233 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8099 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash63210 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash9312 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9333 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8728 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash17 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash11000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash5454 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9306 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash2762 | BlackShades botnet C2 server (confidence level: 50%) | |
hash4443 | DCRat botnet C2 server (confidence level: 50%) | |
hash8443 | Havoc botnet C2 server (confidence level: 50%) | |
hash2048 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash50997 | Mozi botnet C2 server (confidence level: 50%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash4443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash16993 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash2083 | Sliver botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainpepperiop.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincaptcha-verify-6r4x.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaincaptcha-verify-2q7y.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainbravelyko.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnalandareporter.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.leszartistes.art | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpower.moon-river-coin.xyz | ClearFake payload delivery domain (confidence level: 100%) | |
domainaccount.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainautodiscover.b.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmail.e.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domaincpcalendars.b.multi-canale.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainmail.eversioneweb.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainproximus-me.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainogs.farmandconstructionequipment.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainlake-observation.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 75%) | |
domainqq.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainxiaoll.com | AMOS botnet C2 domain (confidence level: 100%) | |
domainnet-killer.ooguy.com | MooBot botnet C2 domain (confidence level: 100%) | |
domainnet-killer.cameraddns.net | MooBot botnet C2 domain (confidence level: 100%) | |
domainmost-killer.duckdns.org | MooBot botnet C2 domain (confidence level: 100%) | |
domainconnect.antiwifi.dev | Mirai botnet C2 domain (confidence level: 75%) | |
domainus02web-zoom.icu | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainzoom-us.live | RedLine Stealer payload delivery domain (confidence level: 100%) | |
domainus06web.zoom-us.live | RedLine Stealer payload delivery domain (confidence level: 100%) | |
domainquanmingl.com | Hook botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.e.ora-0-web.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainaf5n6505ezcdp.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincbqk67k2sd04d.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainf4jr3v36b1sd7.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainplantainklj.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjavv-46764.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainwould-perspectives.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainlanding.survival-kitz.co | Unknown Loader botnet C2 domain (confidence level: 50%) | |
domaincandidt.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainingotyxx.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainliberatuie.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainstyleclinic-beautyicon.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincoi.coicoi.filegear-sg.me | Cobalt Strike botnet C2 domain (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://103.142.102.1:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://45.93.20.64/c090b39aa5004512.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://45.93.20.28/3d15e67552d448ff.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://81.19.131.77/6f35b3aacc54463f.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://qq.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://xiaoll.com/macshare.php | AMOS botnet C2 (confidence level: 100%) | |
urlhttps://5pepperiop.digital/oage | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://7advennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://7quavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cplantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://fjrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gpuerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mrambutanvcx.run/adioz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://npepperiop.digital/oage | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1quavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://8jrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bplantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://njywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://tzpuerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xpuerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://2plantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://6puerrogfh.live/iqwez | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://7jrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://kquavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sadvennture.top/gksiio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://srambutanvcx.run/adioz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://yplantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://0quavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://flourishfo.run/ayuio | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://iquavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ptargett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gquavabvc.top/iuzhd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1ywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://6plantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ujjrxsafer.top/shpaoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vpepperiop.digital/oage | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://advancesg.live/aoias | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://6ywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gplantainklj.run/opafg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zestyasd.run/igsup | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://31.59.131.10/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://176.65.144.237/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://45.88.186.129/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://176.117.68.103/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://176.65.143.191/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://176.65.143.173/m0xmdru/login.php | Amadey botnet C2 (confidence level: 50%) |
Threat ID: 682c7db4e8347ec82d2af207
Added to database: 5/20/2025, 1:03:48 PM
Last enriched: 6/19/2025, 3:01:51 PM
Last updated: 8/16/2025, 9:01:30 AM
Views: 17
Related Threats
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.