ThreatFox IOCs for 2025-04-09
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-09
AI Analysis
Technical Summary
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-04-09," sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it is related to open-source intelligence or derived from OSINT methodologies. However, the data lacks specific details about the malware's behavior, attack vectors, affected software versions, or technical indicators such as hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with an analysis score of 1 and a distribution score of 3, suggesting moderate dissemination or awareness. No known exploits in the wild have been reported, and no patches or mitigations are linked. The absence of CWE identifiers and technical specifics limits the ability to precisely characterize the malware's capabilities or attack mechanisms. Overall, this appears to be an early-stage or low-profile malware threat with limited technical disclosure, primarily serving as an alert or collection of IOCs for further monitoring and analysis.
Potential Impact
Given the limited technical details and the absence of known exploits in the wild, the immediate impact on European organizations is likely to be moderate. The threat's classification as malware implies potential risks to confidentiality, integrity, or availability if successfully deployed. However, without specifics on infection vectors, payloads, or targeted systems, it is difficult to assess the full scope. European organizations relying on OSINT tools or platforms that integrate ThreatFox data might be indirectly affected if the malware targets such environments or if the IOCs are used to detect related threats. The medium severity rating suggests a moderate risk level, possibly indicating that exploitation requires some level of user interaction or specific conditions. The lack of authentication or user interaction requirements cannot be confirmed. Overall, the threat could lead to data compromise, system disruption, or espionage activities if leveraged effectively, but current information does not indicate widespread or critical impact.
Mitigation Recommendations
To mitigate this threat effectively, European organizations should: 1) Integrate ThreatFox IOCs into their existing security monitoring and threat intelligence platforms to enhance detection capabilities. 2) Conduct regular OSINT-based threat hunting exercises focusing on emerging malware indicators shared by reputable sources like ThreatFox. 3) Maintain up-to-date endpoint protection solutions capable of detecting generic malware behaviors, given the lack of specific signatures. 4) Implement network segmentation and strict access controls to limit potential lateral movement if an infection occurs. 5) Educate users on recognizing phishing or social engineering attempts, as these are common malware delivery methods, especially when technical details are sparse. 6) Collaborate with national and European cybersecurity centers to share intelligence and receive timely updates on evolving threats. These steps go beyond generic advice by emphasizing proactive intelligence integration and user awareness tailored to the nature of this OSINT-derived malware threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium
Indicators of Compromise
- file: 185.39.19.51
- hash: 427
- file: 185.39.19.51
- hash: 430
- file: 185.39.19.51
- hash: 417
- file: 185.39.19.51
- hash: 418
- file: 185.39.19.51
- hash: 420
- domain: check.nikys.icu
- file: 45.204.213.149
- hash: 8080
- file: 114.96.89.69
- hash: 8088
- file: 179.13.9.223
- hash: 2404
- file: 176.65.144.34
- hash: 8808
- file: 128.90.106.149
- hash: 2000
- file: 102.117.165.92
- hash: 7443
- file: 64.227.25.115
- hash: 7443
- file: 176.100.37.204
- hash: 7443
- file: 85.215.173.244
- hash: 443
- file: 88.119.169.53
- hash: 443
- domain: anrczccx.com
- file: 93.105.1.235
- hash: 8888
- file: 13.58.215.216
- hash: 443
- file: 196.251.116.122
- hash: 8888
- file: 144.202.42.37
- hash: 2000
- file: 209.141.43.189
- hash: 7443
- domain: focused-moore.165-227-157-172.plesk.page
- domain: ai.cf90.cc
- domain: sendwaves.co
- file: 139.155.78.66
- hash: 60000
- file: 101.42.1.218
- hash: 60000
- file: 38.47.80.157
- hash: 3333
- file: 188.166.199.174
- hash: 8080
- file: 159.65.130.32
- hash: 8080
- file: 159.89.96.111
- hash: 3333
- file: 16.171.41.160
- hash: 3333
- file: 3.229.176.93
- hash: 443
- file: 68.183.103.145
- hash: 3333
- file: 51.15.92.203
- hash: 443
- file: 152.203.28.168
- hash: 8080
- file: 139.162.33.158
- hash: 443
- file: 52.18.75.83
- hash: 443
- file: 18.220.239.73
- hash: 8443
- file: 89.248.165.79
- hash: 15647
- file: 3.86.107.117
- hash: 24247
- file: 54.184.25.65
- hash: 5900
- domain: cpcontacts.versioneonline.com
- file: 209.74.89.67
- hash: 3333
- file: 4.185.79.65
- hash: 3333
- file: 52.33.2.63
- hash: 31337
- file: 45.192.216.152
- hash: 31337
- file: 143.198.186.79
- hash: 7443
- file: 123.60.12.89
- hash: 8000
- file: 78.164.223.72
- hash: 3001
- file: 129.208.135.168
- hash: 1337
- file: 194.59.30.88
- hash: 10134
- url: http://43.156.71.210:8888/supershell/login
- url: https://greatborken.com/login
- url: http://196.251.88.44/
- url: https://www.youtude.net/
- url: https://www.youtude.net/watch/?v=i50wel2lvsw
- url: https://complaintguest2.com/
- domain: real3232afa.duckdns.org
- domain: bot.chinaddos.vip
- domain: bytemirai.duckdns.org
- url: https://pastebin.com/raw/bpz4d7sx
- domain: hrggrevsdc-21182.portmap.io
- domain: together-min.gl.at.ply.gg
- domain: trusting-smoke-90361.pktriot.net
- file: 193.161.193.99
- hash: 21182
- domain: bstionline.com
- domain: alhasba.com
- domain: palsmedq.run
- domain: zealjkh.digital
- domain: clarmodq.top
- domain: changeaie.top
- domain: easyupgw.live
- domain: liftally.top
- domain: upmodini.digital
- domain: salaccgfa.top
- domain: zestmodp.top
- domain: xcelmodo.run
- url: http://ducksapproval.xyz/ury.php
- url: http://ducksapproval.xyz/uri.php
- url: http://existencedust.icu/gruns.php
- domain: ducksapproval.xyz
- domain: existencedust.icu
- url: https://qy.ap.4t.com/
- domain: qy.ap.4t.com
- url: https://5krxspint.digital/kendwz
- url: https://healhgf.digital/sodz
- domain: lazarishvili.ydns.eu
- domain: remsw.ydns.eu
- domain: 001remsw.ydns.eu
- domain: rem002sw.ydns.eu
- domain: dip.realmensw.com
- domain: sw004rem.ydns.eu
- domain: rem001sw.ydns.eu
- url: https://premiumserviceds.xyz/mzmxnze5mjexy2q3/
- url: https://4354premiumserviceds.xyz/mzmxnze5mjexy2q3/
- url: https://pre12341234miumserviceds.xyz/mzmxnze5mjexy2q3/
- url: https://premiu865mserviceds.xyz/mzmxnze5mjexy2q3/
- url: https://premi6453umserviceds.xyz/mzmxnze5mjexy2q3/
- url: https://pre2343252iumserviceds.xyz/mzmxnze5mjexy2q3/
- url: https://zoecozum.com/zgzlztniythimjcx/
- url: https://adilemutlubirhayat2.com/zgzlztniythimjcx/
- url: https://naber25naber.com/zgzlztniythimjcx/
- url: https://kelimecozm2u.com/zgzlztniythimjcx/
- url: https://naberk1rvee34.com/zgzlztniythimjcx/
- file: 185.7.214.181
- hash: 1414
- file: 194.219.181.40
- hash: 4447
- file: 12.221.146.138
- hash: 5858
- file: 121.43.104.179
- hash: 82
- file: 35.247.182.150
- hash: 443
- file: 176.65.141.184
- hash: 8808
- domain: greatborken.com
- domain: market-lumer.com
- file: 24.199.120.164
- hash: 7443
- file: 88.89.218.240
- hash: 443
- file: 91.245.255.53
- hash: 443
- domain: iuer.iioo.one
- file: 54.184.25.65
- hash: 52200
- file: 18.157.182.192
- hash: 21280
- file: 18.157.182.192
- hash: 50580
- file: 18.157.182.192
- hash: 8080
- file: 18.157.182.192
- hash: 8880
- file: 185.100.157.105
- hash: 80
- file: 103.245.231.56
- hash: 80
- url: http://103.245.231.56/pentateuchal.php
- file: 81.109.5.62
- hash: 8848
- url: http://89.169.12.42/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
- file: 103.119.47.250
- hash: 443
- file: 103.151.95.174
- hash: 2222
- file: 138.124.116.155
- hash: 8888
- file: 142.247.197.37
- hash: 443
- file: 143.198.1.58
- hash: 443
- file: 185.208.158.227
- hash: 8888
- file: 189.140.30.39
- hash: 443
- file: 191.112.9.166
- hash: 443
- file: 196.251.118.24
- hash: 35712
- file: 201.124.112.137
- hash: 995
- file: 37.152.175.205
- hash: 8803
- file: 38.132.122.163
- hash: 55555
- file: 5.63.58.182
- hash: 443
- file: 51.159.85.219
- hash: 9090
- file: 62.1.223.123
- hash: 995
- file: 67.197.179.166
- hash: 443
- file: 67.71.30.198
- hash: 2222
- file: 88.119.169.53
- hash: 9001
- domain: efc04b0016686e5b9c1b54af55e8a208.uatider.com
- domain: lock.xn--y7aa.cc
- file: 124.71.161.5
- hash: 2095
- file: 155.138.197.226
- hash: 443
- file: 45.66.157.21
- hash: 2083
- file: 109.248.163.95
- hash: 443
- file: 8.156.75.111
- hash: 80
- file: 117.72.74.85
- hash: 80
- file: 176.65.141.98
- hash: 6606
- file: 176.65.141.184
- hash: 7707
- file: 142.93.225.19
- hash: 7443
- domain: b.stats.st4b4n.fr
- file: 156.208.31.143
- hash: 4445
- file: 52.195.178.254
- hash: 18246
- file: 179.43.182.115
- hash: 80
- file: 45.207.215.32
- hash: 8000
- file: 95.111.212.188
- hash: 8080
- domain: members.viottoenterprises.com
- domain: check.comyk.icu
- url: https://check.comyk.icu/gkcxv.google
- domain: peggbir.live
- url: https://dyfot.dyfot.fun/d6d0c07fe5ee8c61f23e1cf95c5035fc
- domain: dyfot.dyfot.fun
- url: https://6peggbir.live/goisoz
- url: https://changeaie.top/geps
- url: https://easyupgw.live/eosz
- url: https://liftally.top/xasj
- url: https://upmodini.digital/gokk
- url: https://xcelmodo.run/nahd
- url: https://zestmodp.top/zeda
- domain: ol.minernaft.com
- file: 119.45.178.251
- hash: 80
- file: 119.91.244.48
- hash: 8080
- file: 134.175.89.138
- hash: 443
- domain: check.ditez.icu
- url: https://check.ditez.icu/gkcxv.google
- url: https://94.159.113.152/blog/tech-trends/
- domain: check.foquh.icu
- url: https://check.foquh.icu/gkcxv.google
- domain: check.bibyn.icu
- url: https://check.bibyn.icu/gkcxv.google
- domain: dacsi.cl
- domain: vtmarkets.top
- domain: talktalky.com
- domain: remc.climate-connect.com
- domain: svetvip.ru
- domain: mail.cambodiatouristservice.com
- domain: horno-rafelet.es
- domain: amun.jintsume.net
- domain: strikezonez.com
- domain: mail.laborpartyjo.com
- url: https://clarmodq.top/qoxo
- url: https://qsalaccgfa.top/gsooz
- url: https://3easyupgw.live/eosz
- url: https://4zestmodp.top/zeda
- file: 120.46.75.218
- hash: 1234
- file: 3.122.177.125
- hash: 443
- file: 62.234.24.38
- hash: 8889
- file: 172.111.213.6
- hash: 51485
- file: 181.131.216.154
- hash: 2016
- file: 77.234.129.14
- hash: 22245
- file: 162.212.154.8
- hash: 8808
- file: 104.243.47.80
- hash: 8808
- file: 46.101.236.176
- hash: 4727
- file: 44.243.82.28
- hash: 15999
- file: 107.152.32.206
- hash: 7443
- file: 44.201.19.178
- hash: 443
- domain: www.upsite.up-edu-mx.shop
- url: http://82.146.62.232
- domain: check.wafag.icu
- url: https://check.wafag.icu/gkcxv.google
- file: 112.124.68.87
- hash: 8080
- url: https://nypipeline.com/4w1q.js
- domain: nypipeline.com
- url: https://nypipeline.com/js.php
- url: https://3liftally.top/xasj
- url: https://nsoursopsf.run/gsoiao
- url: https://riseupsz.live/uijy
- url: https://supmodini.digital/gokk
- domain: check.boruq.icu
- url: https://check.boruq.icu/gkcxv.google
- url: https://check.farur.icu/gkcxv.google
- url: https://check.zarew.icu/gkcxv.google
- file: 139.9.103.149
- hash: 8888
- file: 113.45.228.7
- hash: 80
- file: 154.212.129.91
- hash: 8022
- file: 65.38.121.94
- hash: 80
- file: 156.225.26.79
- hash: 18080
- file: 196.251.116.122
- hash: 8808
- file: 91.84.97.238
- hash: 7443
- file: 185.208.159.121
- hash: 6000
- file: 181.131.216.154
- hash: 2030
- file: 186.169.55.158
- hash: 8090
- file: 159.223.159.200
- hash: 443
- file: 209.141.60.63
- hash: 1337
- file: 195.66.213.237
- hash: 10000
- file: 185.198.234.139
- hash: 7198
- file: 209.141.37.88
- hash: 10938
- file: 87.121.84.51
- hash: 9090
- file: 198.251.81.204
- hash: 1337
- file: 74.50.81.60
- hash: 7331
- file: 31.58.58.130
- hash: 9090
- file: 80.94.92.144
- hash: 1337
- file: 37.114.63.145
- hash: 61807
- file: 193.200.78.62
- hash: 9090
- file: 104.234.168.3
- hash: 111
- file: 92.112.125.88
- hash: 2052
- file: 51.81.104.125
- hash: 1337
- file: 185.196.11.216
- hash: 9876
- file: 150.241.99.36
- hash: 9999
- file: 194.62.248.58
- hash: 10000
- file: 196.251.89.29
- hash: 6729
- file: 92.112.125.86
- hash: 2052
- file: 198.251.81.124
- hash: 2115
- file: 198.251.81.124
- hash: 9999
- url: https://check.mulaq.icu/gkcxv.google
- file: 196.251.84.126
- hash: 7777
- file: 101.43.91.156
- hash: 18081
- file: 49.7.54.162
- hash: 8443
- file: 38.45.120.236
- hash: 81
- file: 149.104.26.224
- hash: 8089
- file: 172.245.133.15
- hash: 31337
- file: 31.129.99.187
- hash: 31337
- file: 139.59.84.190
- hash: 60001
- file: 91.184.242.206
- hash: 3333
- file: 209.141.61.254
- hash: 443
- file: 45.56.165.164
- hash: 80
- url: https://market-lumer.com/
- url: https://ghibli-fi.org/
- url: https://airbnb.927484.cfd/
- url: https://market.csgo-recovery.icu/
- domain: main.jojoasmr.xyz
- url: http://telegatt.top/jdiamond13
- url: http://telegin.top/jdiamond13
- url: http://telegka.top/jdiamond13
- url: https://t.me/jdiamond13
- domain: bartsbee.kozow.com
- url: https://pastebin.com/raw/gzkrgs6c
- domain: plhotacepl-35143.portmap.io
- domain: extra-internationally.gl.at.ply.gg
- url: https://3upmodini.digital/gokk
- url: https://7salaccgfa.top/gsooz
- url: https://newmodelm.live/oikj
- url: https://qchangeaie.top/geps
- url: https://freshenqew.digital/wpoo
- url: https://p6ywmedici.top/noagis
- url: https://qsoursopsf.run/gsoiao
- url: https://upliftume.live/ijkm
- url: https://wzestmodp.top/zeda
- url: https://3targett.top/dsangt
- url: https://dipsafals.digital/oxwp
- url: https://improvsv.live/lopd
- url: https://f2xcelmodo.run/nahd
- url: https://nextgenzn.run/ujhn
- url: https://peggbir.live/goisoz
ThreatFox IOCs for 2025-04-09
Medium
Published: Wed Apr 09 2025 (04/09/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-09
AI-Powered Analysis
AILast updated: 06/19/2025, 15:02:45 UTC
Technical Analysis
The provided information pertains to a malware-related threat identified as "ThreatFox IOCs for 2025-04-09," sourced from ThreatFox, which is a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under "type:osint," indicating it is related to open-source intelligence or derived from OSINT methodologies. However, the data lacks specific details about the malware's behavior, attack vectors, affected software versions, or technical indicators such as hashes, IP addresses, or domains. The threat level is indicated as 2 on an unspecified scale, with an analysis score of 1 and a distribution score of 3, suggesting moderate dissemination or awareness. No known exploits in the wild have been reported, and no patches or mitigations are linked. The absence of CWE identifiers and technical specifics limits the ability to precisely characterize the malware's capabilities or attack mechanisms. Overall, this appears to be an early-stage or low-profile malware threat with limited technical disclosure, primarily serving as an alert or collection of IOCs for further monitoring and analysis.
Potential Impact
Given the limited technical details and the absence of known exploits in the wild, the immediate impact on European organizations is likely to be moderate. The threat's classification as malware implies potential risks to confidentiality, integrity, or availability if successfully deployed. However, without specifics on infection vectors, payloads, or targeted systems, it is difficult to assess the full scope. European organizations relying on OSINT tools or platforms that integrate ThreatFox data might be indirectly affected if the malware targets such environments or if the IOCs are used to detect related threats. The medium severity rating suggests a moderate risk level, possibly indicating that exploitation requires some level of user interaction or specific conditions. The lack of authentication or user interaction requirements cannot be confirmed. Overall, the threat could lead to data compromise, system disruption, or espionage activities if leveraged effectively, but current information does not indicate widespread or critical impact.
Mitigation Recommendations
To mitigate this threat effectively, European organizations should: 1) Integrate ThreatFox IOCs into their existing security monitoring and threat intelligence platforms to enhance detection capabilities. 2) Conduct regular OSINT-based threat hunting exercises focusing on emerging malware indicators shared by reputable sources like ThreatFox. 3) Maintain up-to-date endpoint protection solutions capable of detecting generic malware behaviors, given the lack of specific signatures. 4) Implement network segmentation and strict access controls to limit potential lateral movement if an infection occurs. 5) Educate users on recognizing phishing or social engineering attempts, as these are common malware delivery methods, especially when technical details are sparse. 6) Collaborate with national and European cybersecurity centers to share intelligence and receive timely updates on evolving threats. These steps go beyond generic advice by emphasizing proactive intelligence integration and user awareness tailored to the nature of this OSINT-derived malware threat.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 8ca5778d-89ca-4158-8739-81169b9ac991
- Original Timestamp
- 1744243386
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file185.39.19.51 | Tofsee botnet C2 server (confidence level: 100%) | |
file45.204.213.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.96.89.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.13.9.223 | Remcos botnet C2 server (confidence level: 100%) | |
file176.65.144.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.165.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.227.25.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.100.37.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.215.173.244 | Havoc botnet C2 server (confidence level: 100%) | |
file88.119.169.53 | Havoc botnet C2 server (confidence level: 100%) | |
file93.105.1.235 | DarkComet botnet C2 server (confidence level: 100%) | |
file13.58.215.216 | Sliver botnet C2 server (confidence level: 90%) | |
file196.251.116.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.202.42.37 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file209.141.43.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.155.78.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file101.42.1.218 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.47.80.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.166.199.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.65.130.32 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.89.96.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.41.160 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.229.176.93 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.183.103.145 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.15.92.203 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.203.28.168 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.33.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.18.75.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.220.239.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.248.165.79 | SectopRAT botnet C2 server (confidence level: 100%) | |
file3.86.107.117 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.184.25.65 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file209.74.89.67 | Unknown malware botnet C2 server (confidence level: 50%) | |
file4.185.79.65 | Unknown malware botnet C2 server (confidence level: 50%) | |
file52.33.2.63 | Sliver botnet C2 server (confidence level: 50%) | |
file45.192.216.152 | Sliver botnet C2 server (confidence level: 50%) | |
file143.198.186.79 | Unknown malware botnet C2 server (confidence level: 50%) | |
file123.60.12.89 | ShadowPad botnet C2 server (confidence level: 50%) | |
file78.164.223.72 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file129.208.135.168 | Quasar RAT botnet C2 server (confidence level: 50%) | |
file194.59.30.88 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file185.7.214.181 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file194.219.181.40 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file12.221.146.138 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file121.43.104.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file35.247.182.150 | pupy botnet C2 server (confidence level: 100%) | |
file176.65.141.184 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file24.199.120.164 | Unknown malware botnet C2 server (confidence level: 100%) | |
file88.89.218.240 | Havoc botnet C2 server (confidence level: 100%) | |
file91.245.255.53 | Havoc botnet C2 server (confidence level: 100%) | |
file54.184.25.65 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.157.182.192 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.157.182.192 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.157.182.192 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.157.182.192 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.100.157.105 | XWorm botnet C2 server (confidence level: 100%) | |
file103.245.231.56 | Koi Loader botnet C2 server (confidence level: 75%) | |
file81.109.5.62 | NjRAT botnet C2 server (confidence level: 75%) | |
file103.119.47.250 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file103.151.95.174 | QakBot botnet C2 server (confidence level: 75%) | |
file138.124.116.155 | Sliver botnet C2 server (confidence level: 75%) | |
file142.247.197.37 | QakBot botnet C2 server (confidence level: 75%) | |
file143.198.1.58 | Sliver botnet C2 server (confidence level: 75%) | |
file185.208.158.227 | Sliver botnet C2 server (confidence level: 75%) | |
file189.140.30.39 | QakBot botnet C2 server (confidence level: 75%) | |
file191.112.9.166 | QakBot botnet C2 server (confidence level: 75%) | |
file196.251.118.24 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file201.124.112.137 | QakBot botnet C2 server (confidence level: 75%) | |
file37.152.175.205 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file38.132.122.163 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file5.63.58.182 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file51.159.85.219 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file62.1.223.123 | QakBot botnet C2 server (confidence level: 75%) | |
file67.197.179.166 | QakBot botnet C2 server (confidence level: 75%) | |
file67.71.30.198 | QakBot botnet C2 server (confidence level: 75%) | |
file88.119.169.53 | Havoc botnet C2 server (confidence level: 75%) | |
file124.71.161.5 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file155.138.197.226 | Meterpreter botnet C2 server (confidence level: 75%) | |
file45.66.157.21 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file109.248.163.95 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file8.156.75.111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.74.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.141.98 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.141.184 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file142.93.225.19 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.208.31.143 | DCRat botnet C2 server (confidence level: 100%) | |
file52.195.178.254 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file179.43.182.115 | MooBot botnet C2 server (confidence level: 100%) | |
file45.207.215.32 | MimiKatz botnet C2 server (confidence level: 100%) | |
file95.111.212.188 | MimiKatz botnet C2 server (confidence level: 100%) | |
file119.45.178.251 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.91.244.48 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file134.175.89.138 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file120.46.75.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file3.122.177.125 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.234.24.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.111.213.6 | Remcos botnet C2 server (confidence level: 100%) | |
file181.131.216.154 | Remcos botnet C2 server (confidence level: 100%) | |
file77.234.129.14 | Sliver botnet C2 server (confidence level: 100%) | |
file162.212.154.8 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.243.47.80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.101.236.176 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file44.243.82.28 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.152.32.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.201.19.178 | Nimplant botnet C2 server (confidence level: 100%) | |
file112.124.68.87 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file139.9.103.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.228.7 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.212.129.91 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file65.38.121.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.225.26.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.116.122 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.84.97.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.208.159.121 | Venom RAT botnet C2 server (confidence level: 100%) | |
file181.131.216.154 | DCRat botnet C2 server (confidence level: 100%) | |
file186.169.55.158 | DCRat botnet C2 server (confidence level: 100%) | |
file159.223.159.200 | PoshC2 botnet C2 server (confidence level: 100%) | |
file209.141.60.63 | Mirai botnet C2 server (confidence level: 100%) | |
file195.66.213.237 | Mirai botnet C2 server (confidence level: 100%) | |
file185.198.234.139 | Mirai botnet C2 server (confidence level: 100%) | |
file209.141.37.88 | Mirai botnet C2 server (confidence level: 100%) | |
file87.121.84.51 | Mirai botnet C2 server (confidence level: 100%) | |
file198.251.81.204 | Mirai botnet C2 server (confidence level: 100%) | |
file74.50.81.60 | Mirai botnet C2 server (confidence level: 100%) | |
file31.58.58.130 | Mirai botnet C2 server (confidence level: 100%) | |
file80.94.92.144 | Mirai botnet C2 server (confidence level: 100%) | |
file37.114.63.145 | Mirai botnet C2 server (confidence level: 100%) | |
file193.200.78.62 | Mirai botnet C2 server (confidence level: 100%) | |
file104.234.168.3 | Mirai botnet C2 server (confidence level: 100%) | |
file92.112.125.88 | Mirai botnet C2 server (confidence level: 100%) | |
file51.81.104.125 | Mirai botnet C2 server (confidence level: 100%) | |
file185.196.11.216 | Mirai botnet C2 server (confidence level: 100%) | |
file150.241.99.36 | Mirai botnet C2 server (confidence level: 100%) | |
file194.62.248.58 | Mirai botnet C2 server (confidence level: 100%) | |
file196.251.89.29 | Mirai botnet C2 server (confidence level: 100%) | |
file92.112.125.86 | Mirai botnet C2 server (confidence level: 100%) | |
file198.251.81.124 | Mirai botnet C2 server (confidence level: 100%) | |
file198.251.81.124 | Mirai botnet C2 server (confidence level: 100%) | |
file196.251.84.126 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file101.43.91.156 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file49.7.54.162 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.45.120.236 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file149.104.26.224 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.245.133.15 | Sliver botnet C2 server (confidence level: 50%) | |
file31.129.99.187 | Sliver botnet C2 server (confidence level: 50%) | |
file139.59.84.190 | Unknown malware botnet C2 server (confidence level: 50%) | |
file91.184.242.206 | Unknown malware botnet C2 server (confidence level: 50%) | |
file209.141.61.254 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.56.165.164 | Unknown malware botnet C2 server (confidence level: 50%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash427 | Tofsee botnet C2 server (confidence level: 100%) | |
hash430 | Tofsee botnet C2 server (confidence level: 100%) | |
hash417 | Tofsee botnet C2 server (confidence level: 100%) | |
hash418 | Tofsee botnet C2 server (confidence level: 100%) | |
hash420 | Tofsee botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8888 | DarkComet botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash24247 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5900 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8000 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash3001 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash1337 | Quasar RAT botnet C2 server (confidence level: 50%) | |
hash10134 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash21182 | XWorm botnet C2 server (confidence level: 50%) | |
hash1414 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash4447 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash5858 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash52200 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash21280 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash50580 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8880 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Koi Loader botnet C2 server (confidence level: 75%) | |
hash8848 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash35712 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash8803 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash55555 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash9090 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash9001 | Havoc botnet C2 server (confidence level: 75%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash2083 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4445 | DCRat botnet C2 server (confidence level: 100%) | |
hash18246 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash8080 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8889 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash51485 | Remcos botnet C2 server (confidence level: 100%) | |
hash2016 | Remcos botnet C2 server (confidence level: 100%) | |
hash22245 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4727 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15999 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Nimplant botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8022 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash2030 | DCRat botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | PoshC2 botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash10000 | Mirai botnet C2 server (confidence level: 100%) | |
hash7198 | Mirai botnet C2 server (confidence level: 100%) | |
hash10938 | Mirai botnet C2 server (confidence level: 100%) | |
hash9090 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash7331 | Mirai botnet C2 server (confidence level: 100%) | |
hash9090 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash61807 | Mirai botnet C2 server (confidence level: 100%) | |
hash9090 | Mirai botnet C2 server (confidence level: 100%) | |
hash111 | Mirai botnet C2 server (confidence level: 100%) | |
hash2052 | Mirai botnet C2 server (confidence level: 100%) | |
hash1337 | Mirai botnet C2 server (confidence level: 100%) | |
hash9876 | Mirai botnet C2 server (confidence level: 100%) | |
hash9999 | Mirai botnet C2 server (confidence level: 100%) | |
hash10000 | Mirai botnet C2 server (confidence level: 100%) | |
hash6729 | Mirai botnet C2 server (confidence level: 100%) | |
hash2052 | Mirai botnet C2 server (confidence level: 100%) | |
hash2115 | Mirai botnet C2 server (confidence level: 100%) | |
hash9999 | Mirai botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash18081 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash60001 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.nikys.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainanrczccx.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainfocused-moore.165-227-157-172.plesk.page | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainai.cf90.cc | Havoc botnet C2 domain (confidence level: 100%) | |
domainsendwaves.co | Remcos botnet C2 domain (confidence level: 100%) | |
domaincpcontacts.versioneonline.com | Bashlite botnet C2 domain (confidence level: 100%) | |
domainreal3232afa.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainbot.chinaddos.vip | Mirai botnet C2 domain (confidence level: 50%) | |
domainbytemirai.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainhrggrevsdc-21182.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domaintogether-min.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaintrusting-smoke-90361.pktriot.net | XWorm botnet C2 domain (confidence level: 50%) | |
domainbstionline.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainalhasba.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainpalsmedq.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainzealjkh.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclarmodq.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainchangeaie.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaineasyupgw.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainliftally.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainupmodini.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsalaccgfa.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainzestmodp.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainxcelmodo.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainducksapproval.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainexistencedust.icu | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainqy.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainlazarishvili.ydns.eu | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainremsw.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domain001remsw.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainrem002sw.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaindip.realmensw.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainsw004rem.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainrem001sw.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaingreatborken.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmarket-lumer.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainiuer.iioo.one | Havoc botnet C2 domain (confidence level: 100%) | |
domainefc04b0016686e5b9c1b54af55e8a208.uatider.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainlock.xn--y7aa.cc | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainb.stats.st4b4n.fr | Havoc botnet C2 domain (confidence level: 100%) | |
domainmembers.viottoenterprises.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincheck.comyk.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeggbir.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindyfot.dyfot.fun | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domainol.minernaft.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincheck.ditez.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.foquh.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.bibyn.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindacsi.cl | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvtmarkets.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintalktalky.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainremc.climate-connect.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsvetvip.ru | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmail.cambodiatouristservice.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainhorno-rafelet.es | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainamun.jintsume.net | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainstrikezonez.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmail.laborpartyjo.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwww.upsite.up-edu-mx.shop | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaincheck.wafag.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainnypipeline.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domaincheck.boruq.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmain.jojoasmr.xyz | Mirai botnet C2 domain (confidence level: 50%) | |
domainbartsbee.kozow.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainplhotacepl-35143.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domainextra-internationally.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://43.156.71.210:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://greatborken.com/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://196.251.88.44/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://www.youtude.net/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.youtude.net/watch/?v=i50wel2lvsw | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://complaintguest2.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/bpz4d7sx | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://ducksapproval.xyz/ury.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://ducksapproval.xyz/uri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://existencedust.icu/gruns.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://qy.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://5krxspint.digital/kendwz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://healhgf.digital/sodz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://premiumserviceds.xyz/mzmxnze5mjexy2q3/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://4354premiumserviceds.xyz/mzmxnze5mjexy2q3/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://pre12341234miumserviceds.xyz/mzmxnze5mjexy2q3/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://premiu865mserviceds.xyz/mzmxnze5mjexy2q3/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://premi6453umserviceds.xyz/mzmxnze5mjexy2q3/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://pre2343252iumserviceds.xyz/mzmxnze5mjexy2q3/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://zoecozum.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://adilemutlubirhayat2.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://naber25naber.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://kelimecozm2u.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttps://naberk1rvee34.com/zgzlztniythimjcx/ | Coper botnet C2 (confidence level: 80%) | |
urlhttp://103.245.231.56/pentateuchal.php | Koi Loader botnet C2 (confidence level: 100%) | |
urlhttp://89.169.12.42/api/ytasodysodisowqsytesodgsotasotusnjusn2qs | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://check.comyk.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://dyfot.dyfot.fun/d6d0c07fe5ee8c61f23e1cf95c5035fc | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://6peggbir.live/goisoz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://changeaie.top/geps | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://easyupgw.live/eosz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://liftally.top/xasj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://upmodini.digital/gokk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xcelmodo.run/nahd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zestmodp.top/zeda | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.ditez.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://94.159.113.152/blog/tech-trends/ | Matanbuchus botnet C2 (confidence level: 100%) | |
urlhttps://check.foquh.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.bibyn.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://clarmodq.top/qoxo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qsalaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://3easyupgw.live/eosz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://4zestmodp.top/zeda | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://82.146.62.232 | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://check.wafag.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://nypipeline.com/4w1q.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://nypipeline.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://3liftally.top/xasj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nsoursopsf.run/gsoiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://riseupsz.live/uijy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://supmodini.digital/gokk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.boruq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.farur.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.zarew.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.mulaq.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://market-lumer.com/ | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://ghibli-fi.org/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://airbnb.927484.cfd/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://market.csgo-recovery.icu/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://telegatt.top/jdiamond13 | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegin.top/jdiamond13 | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegka.top/jdiamond13 | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/jdiamond13 | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/gzkrgs6c | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://3upmodini.digital/gokk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://7salaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://newmodelm.live/oikj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qchangeaie.top/geps | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://freshenqew.digital/wpoo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://p6ywmedici.top/noagis | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qsoursopsf.run/gsoiao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://upliftume.live/ijkm | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wzestmodp.top/zeda | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://3targett.top/dsangt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dipsafals.digital/oxwp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://improvsv.live/lopd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://f2xcelmodo.run/nahd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nextgenzn.run/ujhn | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://peggbir.live/goisoz | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7db4e8347ec82d2af85b
Added to database: 5/20/2025, 1:03:48 PM
Last enriched: 6/19/2025, 3:02:45 PM
Last updated: 7/31/2025, 12:37:22 AM
Views: 8
Related Threats
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.