ThreatFox IOCs for 2025-04-16
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-16
AI Analysis
Technical Summary
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2025-04-16," sourced from ThreatFox, which is an OSINT (Open Source Intelligence) platform. The report is dated April 16, 2025, and is classified with a medium severity level by the source. The threat is categorized under malware but lacks detailed technical indicators such as specific affected software versions, attack vectors, or exploit mechanisms. There are no associated Common Weakness Enumerations (CWEs), patch links, or known exploits in the wild, indicating that this intelligence may be preliminary or focused on indicator sharing rather than active exploitation. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination of the indicators or related information. The absence of indicators of compromise (IOCs) in the report limits the ability to perform deep technical analysis or attribution. The threat is tagged as "type:osint" and marked with TLP (Traffic Light Protocol) white, meaning the information is intended for public sharing without restrictions. Overall, this intelligence appears to be a collection or update of IOCs related to malware activity, intended for situational awareness and defensive preparation rather than signaling an immediate, active threat campaign.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact of this threat on European organizations is likely low to medium. However, since the threat relates to malware and is disseminated through OSINT channels, it could potentially be used by threat actors to enhance their reconnaissance and targeting capabilities. European organizations that rely heavily on open-source threat intelligence feeds may incorporate these IOCs into their detection systems, which could improve their defensive posture. Conversely, if these indicators are incomplete or outdated, there is a risk of false positives or misallocation of security resources. The lack of specific affected products or vulnerabilities reduces the likelihood of direct compromise, but the presence of malware-related intelligence underscores the ongoing need for vigilance against malware infections, which can impact confidentiality, integrity, and availability of systems. Critical sectors such as finance, energy, and government in Europe could be indirectly affected if threat actors leverage this intelligence to craft more targeted attacks in the future.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities, ensuring continuous updates from ThreatFox and other OSINT sources. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify potential early signs of malware activity within the network. 3. Maintain robust malware defense layers including up-to-date antivirus/antimalware solutions, network segmentation, and strict application whitelisting policies. 4. Enhance user awareness training focusing on malware infection vectors such as phishing and malicious downloads, as the report does not specify attack vectors but malware commonly exploits these. 5. Establish a process for validating and contextualizing OSINT-derived IOCs to minimize false positives and ensure efficient use of security resources. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely alerts about emerging malware threats. 7. Regularly review and update incident response plans to incorporate scenarios involving malware infections, even when specific exploits are not yet known.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland
Indicators of Compromise
- domain: check.babuc.icu
- domain: check.vegyt.icu
- domain: security.cloydgvarde.com
- file: 121.199.15.46
- hash: 443
- file: 185.239.85.137
- hash: 443
- file: 172.94.122.71
- hash: 1962
- file: 193.23.3.29
- hash: 38999
- file: 31.57.33.159
- hash: 2404
- file: 172.111.139.117
- hash: 2405
- file: 198.244.224.198
- hash: 2404
- file: 54.210.225.27
- hash: 443
- file: 194.31.55.110
- hash: 4444
- file: 157.66.26.144
- hash: 8888
- file: 172.86.104.42
- hash: 8808
- file: 87.16.31.128
- hash: 4444
- file: 144.172.74.153
- hash: 80
- file: 62.60.153.191
- hash: 5555
- file: 37.120.208.37
- hash: 53018
- file: 27.124.41.252
- hash: 65503
- file: 27.124.41.250
- hash: 65503
- domain: check.nejyd.icu
- url: https://check.nejyd.icu/gkcxv.google
- file: 107.172.76.160
- hash: 61890
- file: 43.143.63.212
- hash: 10443
- file: 8.155.36.190
- hash: 8080
- file: 114.116.227.2
- hash: 80
- file: 196.251.72.5
- hash: 143
- file: 104.245.145.186
- hash: 7443
- domain: mythic.swiftlydetecting.com
- file: 159.198.64.103
- hash: 7443
- file: 82.147.84.26
- hash: 8082
- file: 176.65.138.18
- hash: 8082
- file: 107.172.20.215
- hash: 60000
- file: 24.199.127.159
- hash: 443
- file: 49.51.171.133
- hash: 3333
- file: 103.57.250.125
- hash: 60017
- file: 116.232.13.138
- hash: 8181
- file: 16.171.30.143
- hash: 3333
- file: 150.109.78.121
- hash: 443
- file: 144.172.104.45
- hash: 8080
- file: 128.199.56.234
- hash: 443
- file: 18.144.12.35
- hash: 10252
- file: 93.198.191.182
- hash: 82
- file: 52.56.213.66
- hash: 9796
- file: 81.70.19.188
- hash: 443
- domain: ctaccs.devhelp.top
- file: 37.221.67.201
- hash: 8880
- file: 23.95.230.147
- hash: 443
- file: 121.41.54.248
- hash: 6666
- file: 47.121.138.97
- hash: 7777
- file: 112.124.68.87
- hash: 5555
- file: 8.154.46.39
- hash: 80
- file: 217.15.22.199
- hash: 50050
- file: 102.189.244.243
- hash: 1177
- file: 147.50.253.233
- hash: 1177
- file: 64.69.37.55
- hash: 31337
- file: 57.180.245.137
- hash: 119
- file: 18.143.183.86
- hash: 12394
- file: 124.70.142.36
- hash: 80
- url: http://176.65.134.159/
- url: https://api.telegram.org/bot8163968789:aahohmrl8qgcemiamrdrfypqw6xk7klmfz0/
- url: https://a36e-78-175-182-33.ngrok-free.app
- domain: 7sipxslhd.localto.net
- domain: a36e-78-175-182-33.ngrok-free.app
- domain: asyncratlog.duckdns.org
- domain: corporation-handhelds.gl.at.ply.gg
- domain: cryptoghost.zapto.org
- file: 172.86.70.97
- hash: 4782
- file: 172.86.70.97
- hash: 6606
- file: 172.86.70.97
- hash: 7707
- file: 172.86.70.97
- hash: 8808
- domain: above-aspect.gl.at.ply.gg
- domain: phentermine-colleagues.gl.at.ply.gg
- file: 147.185.221.25
- hash: 3232
- file: 147.185.221.25
- hash: 51578
- domain: kazeku.ddns.net
- domain: kazeku.duckdns.org
- domain: kazeku.linkpc.net
- domain: greattravelexperiencegettingfromthenewth.duckdns.org
- domain: remjouhs9kpiu1.duckdns.org
- domain: remjouhs9kpiu2.duckdns.org
- domain: remjouhs9kpiu3.duckdns.org
- domain: remjouhs9kpiu4.duckdns.org
- domain: remjouhs9kpiu5.duckdns.org
- domain: fjcad.com
- domain: microsoftonlines.com
- domain: office.rsvp
- domain: raedom.store
- domain: pomelohgj.top
- domain: ms-azure.azdatastore.workers.dev
- domain: security.flearegaurdc.com
- file: 107.175.183.193
- hash: 8000
- file: 120.27.235.78
- hash: 81
- file: 1.15.106.229
- hash: 4444
- file: 160.250.128.225
- hash: 80
- file: 118.195.243.223
- hash: 80
- file: 118.195.243.223
- hash: 443
- file: 38.207.179.52
- hash: 5555
- url: https://qg.ap.4t.com/
- domain: qg.ap.4t.com
- url: https://4inputrreparnt.com/api
- url: https://87kytorpdidebar.com/api
- file: 45.227.252.199
- hash: 7712
- file: 46.4.119.125
- hash: 7712
- file: 62.60.226.101
- hash: 40101
- file: 62.60.226.101
- hash: 40105
- file: 62.60.226.114
- hash: 40101
- file: 146.190.108.105
- hash: 7712
- file: 198.251.84.107
- hash: 7712
- domain: maneholding.com
- file: 161.97.138.238
- hash: 8080
- file: 150.158.199.164
- hash: 80
- file: 150.158.199.164
- hash: 81
- file: 112.126.68.61
- hash: 80
- file: 122.112.206.54
- hash: 8888
- file: 178.128.214.21
- hash: 443
- file: 66.175.213.233
- hash: 4443
- file: 185.241.208.176
- hash: 8808
- file: 104.168.56.76
- hash: 3371
- file: 52.76.197.180
- hash: 80
- file: 129.208.7.60
- hash: 1337
- file: 35.88.121.146
- hash: 40902
- file: 163.181.198.20
- hash: 4506
- file: 189.140.54.61
- hash: 443
- file: 66.175.213.233
- hash: 8888
- file: 81.177.215.62
- hash: 7443
- domain: check.hyjaz.icu
- url: https://check.hyjaz.icu/gkcxv.google
- file: 160.187.146.122
- hash: 56999
- domain: snowsro.com
- file: 176.65.141.183
- hash: 15390
- domain: main.url-longer.click
- domain: check.cisyn.icu
- url: https://check.cisyn.icu/gkcxv.google
- file: 18.198.77.177
- hash: 14219
- file: 35.158.159.254
- hash: 14219
- file: 18.157.68.73
- hash: 16744
- domain: digitreepco.digital
- domain: owlfmamir.digital
- domain: frosbtkeep.digital
- domain: inflacoine.digital
- domain: sceeptersong.digital
- domain: quasarxp.shop
- domain: criittercom.shop
- domain: irzonshield.digital
- domain: agrreestabbe.shop
- domain: shiftvc.digital
- domain: producesility.icu
- domain: polandecor.digital
- domain: underdarkp.digital
- domain: tapejstryart.digital
- domain: forgelegacy.digital
- domain: canadatatu.digital
- domain: argbizzh.digital
- domain: econusi.digital
- domain: druidstoine.digital
- domain: greeconu.digital
- domain: fokuspeedr.digital
- domain: econlithw.digital
- domain: estoneconq.digital
- domain: ogpenhearts.tech
- domain: hqdataep.digital
- domain: beyondth.icu
- domain: overlapseq.digital
- domain: stonefuorge.digital
- domain: lordsvquest.digital
- domain: nurseryejec.digital
- domain: warmoda.digital
- domain: econfro.digital
- domain: bardstoryx.digital
- domain: econnit.digital
- domain: agrifyn.digital
- domain: winetersgard.digital
- domain: braileconr.digital
- domain: lacdailyw.digital
- domain: wildflameo.digital
- domain: econbele.digital
- domain: orcisthbane.digital
- domain: econczecyh.digital
- domain: banglrateq.digital
- domain: ugandenxw.digital
- domain: knightsoulf.digital
- domain: minstrelsj.digital
- domain: southratee.digital
- domain: unbinddas.digital
- domain: truestoryc.digital
- domain: sacredtaxle.digital
- domain: africeconc.digital
- domain: unbrokyenvow.digital
- domain: relricwatch.digital
- domain: swoerdgrip.digital
- domain: qneverquest.digital
- domain: extender.digital
- domain: goldenuage.digital
- domain: wawrdenshire.digital
- domain: scalemodm.digital
- domain: elevatmef.digital
- domain: heatmodd.digital
- domain: givedpooreko.icu
- domain: renewmodf.digital
- domain: modtechp.digital
- domain: assembslyais.shop
- domain: relicstoned.digital
- domain: thnnkzt.digital
- domain: thnkmodt.digital
- domain: zestfad.digital
- domain: liftmodb.digital
- domain: bxattlepath.digital
- domain: smartmodw.digital
- domain: getupmodx.digital
- domain: archanyeltie.digital
- domain: minstrelwpay.digital
- domain: lightyu.digital
- domain: awakene.digital
- domain: stelmeal.digital
- domain: ratedevea.top
- domain: launchzh.digital
- domain: fqairylance.digital
- domain: changey.digital
- domain: upmodisei.digital
- domain: rushmn.digital
- domain: winningxc.digital
- domain: happyfds.digital
- domain: betteray.digital
- domain: emergoe.digital
- domain: springqw.digital
- domain: weavegfg.digital
- domain: modsmartu.digital
- domain: proenhann.digital
- domain: coolmodej.digital
- domain: animalhyinfo.shop
- domain: modflowv.digital
- domain: exaltiazx.digital
- domain: brightplf.digital
- domain: noblegf.digital
- domain: moduplifct.digital
- domain: getbetterc.digital
- domain: knightatch.digital
- domain: risevc.digital
- domain: changetee.digital
- domain: smartupw.digital
- domain: vegimedp.digital
- domain: locatedcork.shop
- domain: anidmalallies.shop
- domain: videfavcotr.icu
- domain: libertyvb.digital
- domain: shieldwallj.digital
- domain: sunsethorsizons.icu
- domain: fastfwdo.digital
- domain: openwq.digital
- domain: modmovel.digital
- domain: modadaptb.digital
- domain: modnextq.digital
- domain: technolwtrends.shop
- domain: modupx.digital
- domain: releasegjh.digital
- domain: joinqw.digital
- domain: rxoamify.shop
- domain: knowledgtebase.icu
- domain: skyflopi.shop
- domain: tridpgaze.shop
- domain: sprkingawakening.icu
- domain: paincopp.digital
- domain: modpeersr.digital
- domain: safeaido.digital
- domain: xmedoror.digital
- domain: esucapist.shop
- domain: drearmypillows.icu
- domain: neburonz.shop
- domain: skyblastu.shop
- domain: astfacea.shop
- domain: adventukre.shop
- domain: techinssvight.icu
- domain: lunaflyq.shop
- domain: nebuwaxe.shop
- domain: qualiftyquar.icu
- domain: addictecathef.shop
- domain: trekifyx.shop
- domain: astraeal.shop
- domain: shootingge.shop
- domain: lunapicu.shop
- domain: astronab.shop
- domain: starsciw.shop
- domain: galactes.shop
- domain: yardedrinkk.shop
- domain: restedpinllow.shop
- domain: nebuxlyh.shop
- domain: equipentxer.icu
- domain: shinehaired.icu
- domain: agritxtion.icu
- domain: oqutdoorserenity.icu
- domain: gregarioite.fun
- domain: gapporbite.fun
- file: 129.211.28.117
- hash: 4433
- file: 64.69.34.217
- hash: 443
- file: 8.130.101.163
- hash: 8888
- file: 47.122.51.245
- hash: 8080
- file: 27.106.109.232
- hash: 80
- file: 121.37.156.32
- hash: 443
- file: 152.136.21.233
- hash: 443
- file: 188.208.197.80
- hash: 8082
- file: 91.132.92.182
- hash: 8000
- file: 45.141.233.154
- hash: 7000
- file: 176.65.137.229
- hash: 8082
- file: 96.126.124.158
- hash: 80
- domain: static-host210-2-169-213.link.net.pk
- domain: craekuro.duckdns.org
- file: 172.111.213.197
- hash: 1950
- file: 166.78.199.87
- hash: 443
- domain: check.zaxys.icu
- domain: helloworld-aogxlrocvl.cn-hangzhou.fcapp.run
- url: https://check.zaxys.icu/gkcxv.google
- domain: westrosei.live
- domain: homesteadingjourney.world
- domain: labupfdates.world
- domain: ridgeviemme.live
- domain: zpawsandplay.live
- domain: farmerpreneur.live
- domain: iqnterstellles.live
- domain: animalantpics.live
- domain: flwuffyfriends.live
- domain: datafhgorge.live
- domain: chemcryexplore.live
- domain: infotechizone.live
- domain: gregenearthjourney.live
- domain: signin.certifiedbk.com
- domain: check.rulix.icu
- url: https://check.rulix.icu/gkcxv.google
- file: 138.201.174.58
- hash: 12444
- file: 3.77.42.26
- hash: 195
- file: 172.232.234.198
- hash: 31337
- file: 35.183.69.7
- hash: 487
- file: 45.138.16.158
- hash: 1337
- file: 167.179.118.29
- hash: 443
- url: https://pub-30caf6f8f73a40888d1e31d2ce495d94.r2.dev/verify-me-first-to-continue-m-14.html
- url: https://idbookingreserva1123.icu/
- url: https://pub-a5d7fdd3aa9b494b88125ff1cef2effc.r2.dev/verify-cap-web-go.html
- url: https://booking-april-recapt09993748.com/
- url: https://www.twitch.ws/
- url: https://www.cloudflare.getsoftware.us/
- url: https://i9xir.24secur.ru/
- url: https://bd9eb.ssafileaccess.ru/
- domain: s-turned.gl.at.ply.gg
- url: http://nedcare.help
- url: https://nedcare.help
- url: https://carflotyup.com/test/
- url: https://architrata.com/test/
- url: https://tendencyrose.icu/apri.php
- url: https://tendencyrose.icu/apr.php
- domain: snakecheese.xyz
- url: https://agroeconb.live/bayz
- file: 66.63.187.72
- hash: 3000
- file: 85.209.153.84
- hash: 3000
- file: 107.189.25.109
- hash: 1224
- file: 45.59.163.23
- hash: 1244
- file: 107.189.20.152
- hash: 1224
- file: 107.189.24.80
- hash: 1224
- file: 196.251.80.109
- hash: 7722
- domain: speedupde.run
- file: 8.135.237.16
- hash: 443
- file: 38.180.254.179
- hash: 80
- file: 47.113.217.92
- hash: 8001
- file: 5.187.7.167
- hash: 80
- file: 8.148.224.96
- hash: 8888
- file: 39.105.6.249
- hash: 8080
- file: 113.45.253.80
- hash: 443
- file: 38.242.208.134
- hash: 2425
- file: 173.225.102.26
- hash: 2505
- file: 172.111.244.163
- hash: 2404
- file: 172.111.137.163
- hash: 46167
- file: 20.121.52.1
- hash: 5709
- file: 45.74.15.228
- hash: 3402
- file: 196.251.73.133
- hash: 4257
- file: 209.38.233.153
- hash: 443
- file: 196.251.115.31
- hash: 7777
- file: 94.131.121.103
- hash: 80
- file: 45.61.169.4
- hash: 443
- file: 82.5.33.90
- hash: 50001
- file: 185.208.159.245
- hash: 443
- file: 124.222.154.123
- hash: 80
- file: 171.250.176.134
- hash: 5001
- file: 185.208.159.120
- hash: 4443
- file: 94.223.186.150
- hash: 3389
- file: 45.196.239.74
- hash: 443
- file: 176.126.103.251
- hash: 4000
- file: 95.111.197.227
- hash: 8000
- domain: myonline40804.duckdns.org
- file: 20.121.52.1
- hash: 5707
- file: 139.155.68.35
- hash: 80
- file: 101.43.226.36
- hash: 7007
- file: 47.113.217.92
- hash: 8000
- file: 47.93.2.89
- hash: 8888
- file: 176.65.144.34
- hash: 7707
- file: 196.251.116.112
- hash: 7777
- file: 45.141.233.154
- hash: 6606
- file: 163.172.125.253
- hash: 408
- file: 196.251.70.130
- hash: 7777
- file: 85.31.236.216
- hash: 443
- file: 111.229.202.115
- hash: 443
- file: 107.178.104.186
- hash: 4444
- file: 185.208.159.120
- hash: 591
- file: 185.208.159.120
- hash: 8080
- file: 185.208.159.120
- hash: 8090
- file: 15.237.41.135
- hash: 5902
- file: 45.146.253.213
- hash: 80
- file: 101.133.153.245
- hash: 444
- file: 47.92.108.229
- hash: 9999
- file: 202.144.192.24
- hash: 80
- file: 39.108.176.121
- hash: 50050
- file: 164.92.157.124
- hash: 443
- file: 5.34.176.3
- hash: 443
- file: 93.105.1.235
- hash: 6688
- file: 93.183.124.59
- hash: 1604
- file: 165.227.221.223
- hash: 31337
- file: 162.254.86.108
- hash: 5986
- file: 92.81.96.116
- hash: 19
- file: 206.189.19.79
- hash: 3333
- url: http://94.131.121.103/
- domain: johnanthonylifestyle.com
- domain: kitai1245-43780.portmap.io
- file: 31.57.33.159
- hash: 3740
- domain: srohoahong.com
- file: 183.82.155.7
- hash: 2025
- file: 130.43.22.239
- hash: 995
- file: 188.48.119.221
- hash: 443
- file: 54.38.94.225
- hash: 8900
- file: 95.12.147.154
- hash: 443
- file: 170.253.27.240
- hash: 8443
- file: 98.177.107.142
- hash: 60444
- url: https://econdeni.live/tuib
- url: https://gzestmodp.top/zeda
- url: https://mowlflright.digital/qopy
- url: https://thundercoall.live/gepc
- file: 196.251.116.149
- hash: 4507
ThreatFox IOCs for 2025-04-16
Medium
Published: Wed Apr 16 2025 (04/16/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-16
AI-Powered Analysis
AILast updated: 06/19/2025, 15:19:06 UTC
Technical Analysis
The provided threat intelligence concerns a malware-related report titled "ThreatFox IOCs for 2025-04-16," sourced from ThreatFox, which is an OSINT (Open Source Intelligence) platform. The report is dated April 16, 2025, and is classified with a medium severity level by the source. The threat is categorized under malware but lacks detailed technical indicators such as specific affected software versions, attack vectors, or exploit mechanisms. There are no associated Common Weakness Enumerations (CWEs), patch links, or known exploits in the wild, indicating that this intelligence may be preliminary or focused on indicator sharing rather than active exploitation. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination of the indicators or related information. The absence of indicators of compromise (IOCs) in the report limits the ability to perform deep technical analysis or attribution. The threat is tagged as "type:osint" and marked with TLP (Traffic Light Protocol) white, meaning the information is intended for public sharing without restrictions. Overall, this intelligence appears to be a collection or update of IOCs related to malware activity, intended for situational awareness and defensive preparation rather than signaling an immediate, active threat campaign.
Potential Impact
Given the limited technical details and absence of known exploits in the wild, the immediate impact of this threat on European organizations is likely low to medium. However, since the threat relates to malware and is disseminated through OSINT channels, it could potentially be used by threat actors to enhance their reconnaissance and targeting capabilities. European organizations that rely heavily on open-source threat intelligence feeds may incorporate these IOCs into their detection systems, which could improve their defensive posture. Conversely, if these indicators are incomplete or outdated, there is a risk of false positives or misallocation of security resources. The lack of specific affected products or vulnerabilities reduces the likelihood of direct compromise, but the presence of malware-related intelligence underscores the ongoing need for vigilance against malware infections, which can impact confidentiality, integrity, and availability of systems. Critical sectors such as finance, energy, and government in Europe could be indirectly affected if threat actors leverage this intelligence to craft more targeted attacks in the future.
Mitigation Recommendations
1. Integrate the provided IOCs into existing security information and event management (SIEM) and endpoint detection and response (EDR) systems to enhance detection capabilities, ensuring continuous updates from ThreatFox and other OSINT sources. 2. Conduct regular threat hunting exercises using the latest OSINT feeds to identify potential early signs of malware activity within the network. 3. Maintain robust malware defense layers including up-to-date antivirus/antimalware solutions, network segmentation, and strict application whitelisting policies. 4. Enhance user awareness training focusing on malware infection vectors such as phishing and malicious downloads, as the report does not specify attack vectors but malware commonly exploits these. 5. Establish a process for validating and contextualizing OSINT-derived IOCs to minimize false positives and ensure efficient use of security resources. 6. Collaborate with national and European cybersecurity centers (e.g., ENISA) to share intelligence and receive timely alerts about emerging malware threats. 7. Regularly review and update incident response plans to incorporate scenarios involving malware infections, even when specific exploits are not yet known.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 867aab83-1200-472a-b774-a7300fd059ce
- Original Timestamp
- 1744848187
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaincheck.babuc.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck.vegyt.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity.cloydgvarde.com | Lumma Stealer payload delivery domain (confidence level: 100%) | |
domaincheck.nejyd.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainmythic.swiftlydetecting.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainctaccs.devhelp.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domain7sipxslhd.localto.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaina36e-78-175-182-33.ngrok-free.app | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainasyncratlog.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincorporation-handhelds.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincryptoghost.zapto.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainabove-aspect.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainphentermine-colleagues.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainkazeku.ddns.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainkazeku.duckdns.org | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainkazeku.linkpc.net | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaingreattravelexperiencegettingfromthenewth.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainremjouhs9kpiu1.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainremjouhs9kpiu2.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainremjouhs9kpiu3.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainremjouhs9kpiu4.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainremjouhs9kpiu5.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainfjcad.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainmicrosoftonlines.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainoffice.rsvp | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainraedom.store | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainpomelohgj.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainms-azure.azdatastore.workers.dev | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainsecurity.flearegaurdc.com | Unknown Loader botnet C2 domain (confidence level: 50%) | |
domainqg.ap.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmaneholding.com | DOPLUGS botnet C2 domain (confidence level: 100%) | |
domaincheck.hyjaz.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainsnowsro.com | Mirai botnet C2 domain (confidence level: 75%) | |
domainmain.url-longer.click | Mirai botnet C2 domain (confidence level: 75%) | |
domaincheck.cisyn.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domaindigitreepco.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainowlfmamir.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainfrosbtkeep.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaininflacoine.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsceeptersong.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainquasarxp.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincriittercom.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainirzonshield.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainagrreestabbe.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainshiftvc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainproducesility.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainpolandecor.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainunderdarkp.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintapejstryart.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainforgelegacy.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincanadatatu.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainargbizzh.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineconusi.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindruidstoine.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingreeconu.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainfokuspeedr.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineconlithw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainestoneconq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainogpenhearts.tech | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhqdataep.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbeyondth.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainoverlapseq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainstonefuorge.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlordsvquest.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainnurseryejec.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwarmoda.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineconfro.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbardstoryx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineconnit.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainagrifyn.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwinetersgard.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbraileconr.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlacdailyw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwildflameo.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineconbele.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainorcisthbane.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaineconczecyh.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbanglrateq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainugandenxw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainknightsoulf.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainminstrelsj.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsouthratee.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainunbinddas.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintruestoryc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsacredtaxle.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainafriceconc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainunbrokyenvow.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrelricwatch.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainswoerdgrip.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainqneverquest.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainextender.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingoldenuage.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwawrdenshire.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainscalemodm.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainelevatmef.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainheatmodd.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingivedpooreko.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrenewmodf.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodtechp.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainassembslyais.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrelicstoned.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainthnnkzt.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainthnkmodt.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainzestfad.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainliftmodb.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbxattlepath.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsmartmodw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingetupmodx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainarchanyeltie.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainminstrelwpay.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlightyu.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainawakene.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainstelmeal.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainratedevea.top | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlaunchzh.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainfqairylance.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainchangey.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainupmodisei.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrushmn.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwinningxc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhappyfds.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbetteray.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainemergoe.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainspringqw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainweavegfg.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodsmartu.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainproenhann.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincoolmodej.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainanimalhyinfo.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodflowv.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainexaltiazx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbrightplf.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainnoblegf.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmoduplifct.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingetbetterc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainknightatch.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrisevc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainchangetee.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsmartupw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainvegimedp.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlocatedcork.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainanidmalallies.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainvidefavcotr.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlibertyvb.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainshieldwallj.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsunsethorsizons.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainfastfwdo.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainopenwq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodmovel.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodadaptb.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodnextq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintechnolwtrends.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodupx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainreleasegjh.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainjoinqw.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrxoamify.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainknowledgtebase.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainskyflopi.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintridpgaze.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsprkingawakening.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainpaincopp.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainmodpeersr.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsafeaido.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainxmedoror.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainesucapist.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindrearmypillows.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainneburonz.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainskyblastu.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainastfacea.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainadventukre.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintechinssvight.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlunaflyq.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainnebuwaxe.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainqualiftyquar.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainaddictecathef.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintrekifyx.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainastraeal.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainshootingge.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlunapicu.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainastronab.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainstarsciw.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingalactes.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainyardedrinkk.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainrestedpinllow.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainnebuxlyh.shop | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainequipentxer.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainshinehaired.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainagritxtion.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainoqutdoorserenity.icu | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingregarioite.fun | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingapporbite.fun | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainstatic-host210-2-169-213.link.net.pk | Havoc botnet C2 domain (confidence level: 100%) | |
domaincraekuro.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domaincheck.zaxys.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domainhelloworld-aogxlrocvl.cn-hangzhou.fcapp.run | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainwestrosei.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhomesteadingjourney.world | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlabupfdates.world | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainridgeviemme.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainzpawsandplay.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainfarmerpreneur.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainiqnterstellles.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainanimalantpics.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainflwuffyfriends.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindatafhgorge.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainchemcryexplore.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaininfotechizone.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaingregenearthjourney.live | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsignin.certifiedbk.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domaincheck.rulix.icu | ClearFake payload delivery domain (confidence level: 100%) | |
domains-turned.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsnakecheese.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainspeedupde.run | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmyonline40804.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainjohnanthonylifestyle.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainkitai1245-43780.portmap.io | DCRat botnet C2 domain (confidence level: 50%) | |
domainsrohoahong.com | Mirai botnet C2 domain (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file121.199.15.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.239.85.137 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.122.71 | Remcos botnet C2 server (confidence level: 100%) | |
file193.23.3.29 | Remcos botnet C2 server (confidence level: 100%) | |
file31.57.33.159 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.139.117 | Remcos botnet C2 server (confidence level: 100%) | |
file198.244.224.198 | Remcos botnet C2 server (confidence level: 100%) | |
file54.210.225.27 | Sliver botnet C2 server (confidence level: 100%) | |
file194.31.55.110 | Sliver botnet C2 server (confidence level: 100%) | |
file157.66.26.144 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.86.104.42 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file87.16.31.128 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.172.74.153 | Hook botnet C2 server (confidence level: 100%) | |
file62.60.153.191 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file37.120.208.37 | Venom RAT botnet C2 server (confidence level: 100%) | |
file27.124.41.252 | DCRat botnet C2 server (confidence level: 100%) | |
file27.124.41.250 | DCRat botnet C2 server (confidence level: 100%) | |
file107.172.76.160 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.143.63.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.155.36.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.116.227.2 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.72.5 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.245.145.186 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.198.64.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.147.84.26 | Hook botnet C2 server (confidence level: 100%) | |
file176.65.138.18 | Hook botnet C2 server (confidence level: 100%) | |
file107.172.20.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.199.127.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.51.171.133 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.57.250.125 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.232.13.138 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.30.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file150.109.78.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.172.104.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.199.56.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.144.12.35 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file93.198.191.182 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.56.213.66 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file81.70.19.188 | SquidLoader botnet C2 server (confidence level: 100%) | |
file37.221.67.201 | Unknown RAT botnet C2 server (confidence level: 75%) | |
file23.95.230.147 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file121.41.54.248 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.121.138.97 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file112.124.68.87 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.154.46.39 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file217.15.22.199 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file102.189.244.243 | NjRAT botnet C2 server (confidence level: 50%) | |
file147.50.253.233 | NjRAT botnet C2 server (confidence level: 50%) | |
file64.69.37.55 | Sliver botnet C2 server (confidence level: 50%) | |
file57.180.245.137 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file18.143.183.86 | BlackShades botnet C2 server (confidence level: 50%) | |
file124.70.142.36 | Unknown malware botnet C2 server (confidence level: 50%) | |
file172.86.70.97 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.86.70.97 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.86.70.97 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.86.70.97 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | DCRat botnet C2 server (confidence level: 50%) | |
file147.185.221.25 | DCRat botnet C2 server (confidence level: 50%) | |
file107.175.183.193 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.27.235.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.15.106.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file160.250.128.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.195.243.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.195.243.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.207.179.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.227.252.199 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file46.4.119.125 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file62.60.226.101 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file62.60.226.101 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file62.60.226.114 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file146.190.108.105 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file198.251.84.107 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
file161.97.138.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.199.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file150.158.199.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file112.126.68.61 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.112.206.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.128.214.21 | Sliver botnet C2 server (confidence level: 100%) | |
file66.175.213.233 | Sliver botnet C2 server (confidence level: 100%) | |
file185.241.208.176 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.168.56.76 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file52.76.197.180 | Hook botnet C2 server (confidence level: 100%) | |
file129.208.7.60 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file35.88.121.146 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file163.181.198.20 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file189.140.54.61 | QakBot botnet C2 server (confidence level: 75%) | |
file66.175.213.233 | Sliver botnet C2 server (confidence level: 75%) | |
file81.177.215.62 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file160.187.146.122 | Mirai botnet C2 server (confidence level: 75%) | |
file176.65.141.183 | Mirai botnet C2 server (confidence level: 75%) | |
file18.198.77.177 | NjRAT botnet C2 server (confidence level: 75%) | |
file35.158.159.254 | NjRAT botnet C2 server (confidence level: 75%) | |
file18.157.68.73 | NjRAT botnet C2 server (confidence level: 75%) | |
file129.211.28.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.69.34.217 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.101.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.122.51.245 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.106.109.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.37.156.32 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.136.21.233 | Sliver botnet C2 server (confidence level: 100%) | |
file188.208.197.80 | Sliver botnet C2 server (confidence level: 100%) | |
file91.132.92.182 | Sliver botnet C2 server (confidence level: 100%) | |
file45.141.233.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.65.137.229 | Hook botnet C2 server (confidence level: 100%) | |
file96.126.124.158 | Havoc botnet C2 server (confidence level: 100%) | |
file172.111.213.197 | Remcos botnet C2 server (confidence level: 50%) | |
file166.78.199.87 | PlugX botnet C2 server (confidence level: 100%) | |
file138.201.174.58 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.77.42.26 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file172.232.234.198 | Sliver botnet C2 server (confidence level: 50%) | |
file35.183.69.7 | BlackShades botnet C2 server (confidence level: 50%) | |
file45.138.16.158 | DCRat botnet C2 server (confidence level: 50%) | |
file167.179.118.29 | Havoc botnet C2 server (confidence level: 50%) | |
file66.63.187.72 | Unknown Loader botnet C2 server (confidence level: 75%) | |
file85.209.153.84 | Unknown Loader botnet C2 server (confidence level: 75%) | |
file107.189.25.109 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
file45.59.163.23 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
file107.189.20.152 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
file107.189.24.80 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
file196.251.80.109 | XWorm botnet C2 server (confidence level: 75%) | |
file8.135.237.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.180.254.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.113.217.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.187.7.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.224.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.6.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.253.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.242.208.134 | Remcos botnet C2 server (confidence level: 100%) | |
file173.225.102.26 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.244.163 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.137.163 | Remcos botnet C2 server (confidence level: 100%) | |
file20.121.52.1 | Remcos botnet C2 server (confidence level: 100%) | |
file45.74.15.228 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.73.133 | Remcos botnet C2 server (confidence level: 100%) | |
file209.38.233.153 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.115.31 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.131.121.103 | Hook botnet C2 server (confidence level: 100%) | |
file45.61.169.4 | Havoc botnet C2 server (confidence level: 100%) | |
file82.5.33.90 | Havoc botnet C2 server (confidence level: 100%) | |
file185.208.159.245 | Havoc botnet C2 server (confidence level: 100%) | |
file124.222.154.123 | Venom RAT botnet C2 server (confidence level: 100%) | |
file171.250.176.134 | Venom RAT botnet C2 server (confidence level: 100%) | |
file185.208.159.120 | DCRat botnet C2 server (confidence level: 100%) | |
file94.223.186.150 | DCRat botnet C2 server (confidence level: 100%) | |
file45.196.239.74 | MooBot botnet C2 server (confidence level: 100%) | |
file176.126.103.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.111.197.227 | MimiKatz botnet C2 server (confidence level: 100%) | |
file20.121.52.1 | Remcos botnet C2 server (confidence level: 75%) | |
file139.155.68.35 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file101.43.226.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.113.217.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.93.2.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.144.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.112 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.141.233.154 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file163.172.125.253 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.70.130 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file85.31.236.216 | Havoc botnet C2 server (confidence level: 100%) | |
file111.229.202.115 | Havoc botnet C2 server (confidence level: 100%) | |
file107.178.104.186 | DCRat botnet C2 server (confidence level: 100%) | |
file185.208.159.120 | DCRat botnet C2 server (confidence level: 100%) | |
file185.208.159.120 | DCRat botnet C2 server (confidence level: 100%) | |
file185.208.159.120 | DCRat botnet C2 server (confidence level: 100%) | |
file15.237.41.135 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.146.253.213 | MooBot botnet C2 server (confidence level: 100%) | |
file101.133.153.245 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.92.108.229 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file202.144.192.24 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file39.108.176.121 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file164.92.157.124 | Unknown malware botnet C2 server (confidence level: 50%) | |
file5.34.176.3 | Unknown malware botnet C2 server (confidence level: 50%) | |
file93.105.1.235 | DarkComet botnet C2 server (confidence level: 50%) | |
file93.183.124.59 | DarkComet botnet C2 server (confidence level: 50%) | |
file165.227.221.223 | Sliver botnet C2 server (confidence level: 50%) | |
file162.254.86.108 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file92.81.96.116 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file206.189.19.79 | Unknown malware botnet C2 server (confidence level: 50%) | |
file31.57.33.159 | DCRat botnet C2 server (confidence level: 50%) | |
file183.82.155.7 | Remcos botnet C2 server (confidence level: 50%) | |
file130.43.22.239 | QakBot botnet C2 server (confidence level: 75%) | |
file188.48.119.221 | QakBot botnet C2 server (confidence level: 75%) | |
file54.38.94.225 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file95.12.147.154 | QakBot botnet C2 server (confidence level: 75%) | |
file170.253.27.240 | Meterpreter botnet C2 server (confidence level: 75%) | |
file98.177.107.142 | Meterpreter botnet C2 server (confidence level: 75%) | |
file196.251.116.149 | Remcos botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1962 | Remcos botnet C2 server (confidence level: 100%) | |
hash38999 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash5555 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash53018 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash61890 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash10443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash143 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60017 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8181 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10252 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9796 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | SquidLoader botnet C2 server (confidence level: 100%) | |
hash8880 | Unknown RAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6666 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash119 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash12394 | BlackShades botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash4782 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash3232 | DCRat botnet C2 server (confidence level: 50%) | |
hash51578 | DCRat botnet C2 server (confidence level: 50%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7712 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash7712 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash40101 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash40105 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash40101 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash7712 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash7712 | Unknown Stealer botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash4443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3371 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash1337 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash40902 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash7443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash56999 | Mirai botnet C2 server (confidence level: 75%) | |
hash15390 | Mirai botnet C2 server (confidence level: 75%) | |
hash14219 | NjRAT botnet C2 server (confidence level: 75%) | |
hash14219 | NjRAT botnet C2 server (confidence level: 75%) | |
hash16744 | NjRAT botnet C2 server (confidence level: 75%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8082 | Sliver botnet C2 server (confidence level: 100%) | |
hash8000 | Sliver botnet C2 server (confidence level: 100%) | |
hash7000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash1950 | Remcos botnet C2 server (confidence level: 50%) | |
hash443 | PlugX botnet C2 server (confidence level: 100%) | |
hash12444 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash195 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash487 | BlackShades botnet C2 server (confidence level: 50%) | |
hash1337 | DCRat botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash3000 | Unknown Loader botnet C2 server (confidence level: 75%) | |
hash3000 | Unknown Loader botnet C2 server (confidence level: 75%) | |
hash1224 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
hash1244 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
hash1224 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
hash1224 | InvisibleFerret botnet C2 server (confidence level: 75%) | |
hash7722 | XWorm botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2425 | Remcos botnet C2 server (confidence level: 100%) | |
hash2505 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash46167 | Remcos botnet C2 server (confidence level: 100%) | |
hash5709 | Remcos botnet C2 server (confidence level: 100%) | |
hash3402 | Remcos botnet C2 server (confidence level: 100%) | |
hash4257 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash50001 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash5001 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4443 | DCRat botnet C2 server (confidence level: 100%) | |
hash3389 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | MooBot botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5707 | Remcos botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7007 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash408 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash8080 | DCRat botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash5902 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6688 | DarkComet botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash5986 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash19 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3740 | DCRat botnet C2 server (confidence level: 50%) | |
hash2025 | Remcos botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8900 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash60444 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash4507 | Remcos botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://check.nejyd.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttp://176.65.134.159/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://api.telegram.org/bot8163968789:aahohmrl8qgcemiamrdrfypqw6xk7klmfz0/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://a36e-78-175-182-33.ngrok-free.app | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttps://qg.ap.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://4inputrreparnt.com/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://87kytorpdidebar.com/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://check.hyjaz.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.cisyn.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.zaxys.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://check.rulix.icu/gkcxv.google | ClearFake payload delivery URL (confidence level: 100%) | |
urlhttps://pub-30caf6f8f73a40888d1e31d2ce495d94.r2.dev/verify-me-first-to-continue-m-14.html | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://idbookingreserva1123.icu/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pub-a5d7fdd3aa9b494b88125ff1cef2effc.r2.dev/verify-cap-web-go.html | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://booking-april-recapt09993748.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.twitch.ws/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.cloudflare.getsoftware.us/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://i9xir.24secur.ru/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://bd9eb.ssafileaccess.ru/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://nedcare.help | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://nedcare.help | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://carflotyup.com/test/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttps://architrata.com/test/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttps://tendencyrose.icu/apri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://tendencyrose.icu/apr.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://agroeconb.live/bayz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://94.131.121.103/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://econdeni.live/tuib | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gzestmodp.top/zeda | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mowlflright.digital/qopy | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://thundercoall.live/gepc | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7db3e8347ec82d2a6182
Added to database: 5/20/2025, 1:03:47 PM
Last enriched: 6/19/2025, 3:19:06 PM
Last updated: 8/18/2025, 11:14:56 AM
Views: 37
Related Threats
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities
MediumMalwareSat Aug 16 2025
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.