ThreatFox IOCs for 2025-04-20

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-20," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the 'malware' type and is associated with OSINT (Open Source Intelligence) products, indicating that the information may be derived from publicly available sources or shared for awareness and defensive purposes. The technical details include a threat level rated as 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or reach. However, there are no specific affected versions, CWE identifiers, patch links, or known exploits in the wild associated with this entry. The absence of concrete indicators of compromise (IOCs) such as hashes, IP addresses, or domain names limits the ability to perform detailed technical correlation or detection. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this entry appears to be a medium-severity malware-related intelligence update with limited technical specifics and no immediate evidence of active exploitation or targeted campaigns.

Potential Impact

Given the limited technical details and lack of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related intelligence suggests a potential risk if the threat evolves or if related malware variants emerge targeting systems within Europe. The absence of specific affected products or versions complicates targeted defense strategies. European organizations relying on OSINT feeds or threat intelligence platforms like ThreatFox may benefit from early awareness but should not consider this a direct or imminent threat without further contextual information. Potential impacts could include unauthorized access, data exfiltration, or disruption if the malware were to be weaponized or if related IOCs become active. The medium severity rating implies that while the threat is not critical, organizations should maintain vigilance, especially those in sectors with high exposure to malware threats such as finance, critical infrastructure, and government entities.

Mitigation Recommendations

Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enhance detection capabilities for emerging IOCs. Conduct regular threat hunting exercises focusing on malware behaviors and patterns consistent with medium-level threats, even in the absence of specific IOCs. Maintain up-to-date endpoint protection solutions with heuristic and behavior-based detection to identify novel or unknown malware variants. Implement network segmentation and strict access controls to limit lateral movement should a malware infection occur. Educate security teams on the importance of monitoring OSINT sources and validating threat intelligence before operationalizing it. Establish incident response playbooks that include procedures for handling medium-severity malware threats, emphasizing containment and eradication. Regularly review and update vulnerability management programs to reduce attack surfaces that malware could exploit indirectly.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 88.214.48.65
hash: 422
file: 88.214.48.66
hash: 420
file: 88.214.48.64
hash: 428
file: 88.214.48.65
hash: 430
file: 88.214.48.64
hash: 420
file: 88.214.48.64
hash: 419
file: 88.214.48.66
hash: 428
file: 88.214.48.65
hash: 420
file: 88.214.48.64
hash: 430
file: 147.185.221.27
hash: 47881
domain: yet-continental.gl.at.ply.gg
file: 88.214.48.66
hash: 431
file: 88.214.48.64
hash: 431
file: 88.214.48.64
hash: 417
file: 88.214.48.64
hash: 427
file: 88.214.48.64
hash: 425
file: 88.214.48.65
hash: 427
file: 88.214.48.64
hash: 422
file: 88.214.48.65
hash: 421
file: 88.214.48.66
hash: 422
domain: check.pejel.icu
file: 88.214.48.66
hash: 426
hash: dee2ecb51fbfa2f1de9dbe9a7524da12
hash: bcd51ee1df396f07af0b0a345a6dbaf4
hash: 935d7db2557d62a55a23b6020d42351c
hash: b5e1521ea5ffa2d5ec13cef61ffe363d
file: 88.214.48.66
hash: 423
file: 88.214.48.64
hash: 423
file: 88.214.48.64
hash: 421
url: http://172.82.91.106/p.txt
file: 88.243.7.236
hash: 1604
file: 88.214.48.66
hash: 425
file: 88.214.48.66
hash: 424
file: 88.214.48.65
hash: 426
file: 88.214.48.66
hash: 419
file: 88.214.48.66
hash: 429
file: 88.214.48.65
hash: 429
domain: ladoicese.org
file: 88.214.48.66
hash: 418
file: 88.214.48.64
hash: 429
file: 88.214.48.66
hash: 417
file: 3.67.15.169
hash: 13573
file: 35.157.111.131
hash: 13573
domain: kaohej.com
domain: core.kaohej.com
domain: kaohej.info
domain: core.kaohej.info
domain: kaohej.org
domain: core.kaohej.org
file: 88.214.48.64
hash: 416
file: 88.214.48.65
hash: 418
file: 120.26.139.176
hash: 8080
file: 173.212.245.215
hash: 80
file: 49.232.62.197
hash: 443
file: 62.60.226.114
hash: 40103
file: 193.168.143.13
hash: 443
file: 144.91.103.204
hash: 8443
file: 91.208.184.195
hash: 7412
file: 196.251.69.26
hash: 888
file: 196.251.69.26
hash: 2222
file: 196.251.116.155
hash: 8443
file: 2.59.117.173
hash: 8089
file: 83.217.209.65
hash: 8089
domain: react.socalmediazone.com
file: 118.195.162.44
hash: 443
file: 5.161.207.95
hash: 8080
file: 171.227.30.106
hash: 9999
file: 3.69.197.94
hash: 44818
file: 134.175.89.138
hash: 80
file: 8.213.235.187
hash: 10443
file: 88.214.48.66
hash: 427
file: 212.237.218.41
hash: 80
file: 196.251.90.83
hash: 3000
file: 103.39.79.160
hash: 8443
file: 84.247.148.249
hash: 8443
file: 23.227.167.188
hash: 8808
file: 47.128.167.206
hash: 80
file: 171.22.31.46
hash: 80
domain: o.socalmediazone.com
file: 196.251.87.16
hash: 8089
file: 45.33.7.49
hash: 8080
file: 51.15.194.103
hash: 4443
file: 36.138.95.31
hash: 60000
file: 192.145.45.61
hash: 3333
file: 65.108.209.233
hash: 4444
file: 38.242.221.155
hash: 3333
file: 192.145.28.124
hash: 4443
file: 52.204.130.225
hash: 443
file: 52.72.220.219
hash: 443
file: 101.200.29.152
hash: 3333
file: 47.94.8.20
hash: 3333
file: 51.178.141.34
hash: 1234
file: 1.92.144.199
hash: 3333
file: 52.139.216.69
hash: 8080
file: 165.232.47.88
hash: 3333
file: 157.230.97.17
hash: 1724
file: 3.7.190.114
hash: 443
file: 174.35.59.229
hash: 13333
file: 111.229.149.224
hash: 3333
file: 118.184.187.174
hash: 54681
file: 107.150.0.237
hash: 8080
domain: autodiscover.aa.104-168-101-27.cprapid.com
file: 2.122.168.171
hash: 443
file: 154.246.33.169
hash: 443
file: 185.39.17.70
hash: 8848
file: 103.89.137.180
hash: 80
file: 146.19.170.222
hash: 443
file: 2.57.241.52
hash: 80
url: https://dustfurniture.xyz/art.php
url: http://pancakebag.xyz/bik.php
url: http://auntapproval.icu/apr.php
url: http://auntapproval.icu/apri.php
domain: lowwood.xyz
url: https://3quilltayle.live/gksi
file: 185.9.146.38
hash: 443
file: 43.133.72.43
hash: 80
file: 124.70.203.28
hash: 10443
file: 47.93.135.155
hash: 31337
file: 43.131.5.83
hash: 31337
file: 65.38.98.101
hash: 31337
file: 185.141.216.95
hash: 31337
file: 138.197.61.237
hash: 31337
file: 3.123.4.89
hash: 21025
file: 3.123.4.89
hash: 1025
file: 54.180.138.77
hash: 7634
file: 13.203.75.50
hash: 21025
file: 13.245.82.245
hash: 9761
file: 13.37.233.32
hash: 8723
file: 3.26.2.255
hash: 902
file: 171.227.30.106
hash: 5001
file: 108.141.125.190
hash: 3333
url: http://196.251.72.215:3000/
url: http://196.251.72.216:3000/
url: http://196.251.87.16/
url: http://partner-id3695.com/
url: https://odash.aarkernerse.com/
domain: envio10-04-25.duckdns.org
file: 185.94.29.209
hash: 8080
file: 194.59.30.194
hash: 6606
file: 194.59.30.194
hash: 7707
file: 194.59.30.194
hash: 8808
domain: boards-essential.gl.at.ply.gg
domain: earth-schedules.gl.at.ply.gg
domain: summer-malaysia.gl.at.ply.gg
domain: technical-equally.gl.at.ply.g
file: 111.180.190.199
hash: 31880
file: 111.180.190.199
hash: 8848
file: 176.65.134.55
hash: 3470
file: 77.105.161.9
hash: 3232
domain: bot.argus-services.xyz
url: https://pastebin.com/raw/nfvynppg
file: 107.174.85.153
hash: 443
file: 125.77.172.64
hash: 8888
file: 45.230.255.103
hash: 8000
file: 194.59.31.31
hash: 2500
url: https://pastebin.com/raw/00mybwuz
file: 137.184.35.179
hash: 8888
file: 163.172.125.253
hash: 400
file: 13.250.199.140
hash: 80
file: 181.162.178.29
hash: 8080
domain: hiesa-56152.portmap.host
domain: feb-travelers.gl.at.ply.gg
file: 54.212.58.238
hash: 32298
file: 162.216.112.124
hash: 8088
file: 198.2.208.57
hash: 1523
domain: check.pikip.icu
url: https://check.pikip.icu/gkcxv.google
url: http://a8.xquwjhogz.ru/53lem5c/
url: http://cjgo.qdgekfr.es/4duz/
url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?
url: http://yw.vyponky.es/zwre/
url: http://mm4c.kmyrtgic.com/ngk03wlh/$sealogistics.ve@slurpmail.net
url: http://hkn.omxdjymjrp.es/da3ycqo0/
url: http://tsd.oqitjjf.es/nongo/
url: http://bvmffod.oqitjjf.es/nongo/
url: http://if.wntfxw.es/iboctllz/
url: http://bobcroft.me/wp-oistne/index.html
url: http://gardon.blob.core.windows.net/gardon/gardon.html
url: http://2fqw.ozeubkt.ru/bfakpv/
url: http://x1.qkbnkruvtjo.es/uvq9w4jk/
url: http://4d.examzl.es/22jxe9ka/
url: http://ttp.mindlooip.ru/fvc68/
url: http://4lw.tytprngxckyk.es/red/
url: http://c5r.ykgznx.es/3bkuu985ym8vgeu/
url: http://art.zkmwcsprv.es/iisbetmi/
url: http://bhj9j.cgehpee.es/9crzk/
url: http://4pl.bzlvvm.es/wpm6/
url: http://8q.azpbc.es/wgfhz9i/
url: http://mwp.riywmc.es/m0wvbcga/
url: http://uja5.gpkfnynp.es/gqncds8idt8ti9j/
url: http://v7wd.jbifnidlafjb.es/wqd2hea/
url: http://kya8k-fdm4.hcwniwgrqy.es/rt5c/
url: http://1y.zuxsc.es/dnvci/
url: http://laucc-fdm4.hcwniwgrqy.es/rt5c/
url: http://90.bpahhcicdbw.es/9rgxd7g5st7wqpf/
url: http://gtnc.erwelrastoc.ru/kyt5d/
url: http://4fu36-cosaction.hcwniwgrqy.es/rt5c/
url: http://fpc8.usktcp.es/fkyj/
url: http://api.us2.500apps.com/mailsend/v1/click/555860/372270/227/651/238?url=https%3a//hugofajardo.com.br/wp-content/bitill/prevents/bill/copper/go/loop/index&t=n#bwf0dghldy5jb2nocmfuqgfncmkub2hpby5nb3y=
url: http://bjq.yclnjj.es/4swhfy2z/
url: http://0eaw.ykgznx.es/3bkuu985ym8vgeu/
url: http://uka.xvypywmiv.es/l1wvb/
url: http://t6y.zdzhwsdskx.es/poavxb/
url: http://bz.yyevowobz.es/mucnjv6/
url: http://eb.kyvankvg.es/wdky1/
url: http://gd.yvgherre.ru/rpsylky/
url: http://htu.fzpoqs.es/cukg/
url: http://tli.manisnionti.ru/9nge/
url: http://ek.kyvankvg.es/wdky1/
url: http://ilovecondo.net/redirectpage.aspx?url=https://hyi.ozsicprvvbo.ru/wox/
url: http://hyi.ozsicprvvbo.ru/wox/
url: http://fhhp.yclnjj.es/4swhfy2z/
url: http://wl7.htheaded.ru/mwfbcbz/
url: http://s8.ingolothy.ru/xbq3wdj/
url: http://n1.izowddta.es/o97yr9kq/
url: http://nt.maiupr.es/mcy5ppt/
url: http://eastgold.xyxmusr.es/anewa/
url: http://mbtrzn.sdcaznbe.es/o06kif/
url: http://plfo.zdzhwsdskx.es/poavxb/
url: http://oit.qlhtjv.es/1qbiaha/
url: http://mongreta.blob.core.windows.net/mongreta/mongreta.html
url: http://7xlg.rkqymjx.es/c7r4/
url: http://nvzz.cxprnvhh.es/sguejwf/
url: http://oqd.qwivrle.es/jxxf4rdj/
url: http://4829482948294829482948294829482948482948.uronfecit.ru/hlnz62kk/
url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?3mail@slurpmail.net
url: http://uivd.rzvpovoqysa.es/2ns5x6/
url: http://yiv.stqevw.ru/mx2ovzlqy/%23xwlunders@slurpmail.net
url: http://hp0vrx.utepfqpn.es/kehl/
url: http://rff.rrtussgb.es/eqxhz/
url: http://z9j.hflumi.es/ssxkohf/
url: http://kxi.riywmc.es/m0wvbcga/
url: http://y4.keusxhpgy.es/1jgkofpl/
url: http://incture.xgtfctr.es/uocms/
url: http://1nc.smlyhe.es/t6gxxj4z/
url: http://t445xrxe.bavdaea.es/ppxzv/
url: http://5jp.rbitatiab.ru/jgx71p/
url: http://yv.qhynyhmkhob.es/uwqofq/
url: http://bereila.blob.core.windows.net/bereila/bereila.html
url: http://nnkn.oaczr.es/wclezf/
url: http://6p.ziyzgd.es/hw30u4y6/
url: http://ibi4.ueinrrv.es/joqz06s/
url: http://ji.qslwif.es/tjor/
url: http://oj.elindactori.ru/msg1w31/
url: http://t5.wfuxsnwjnjb.es/activ/$/
url: http://oyoa.wcjysnwknbgv.es/taine4k0/%23slee@slurpmail.net
url: http://ndd.ifnqmlwx.es/1pcfpg/
url: http://gaj6u.hjywaif.es/kgtkh4o0/
url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?matt.woodbury@slurpmail.net
url: http://blog.tytprngxckyk.es/red/
url: http://hze.phiachiphe.ru/xqczefkg/
url: http://9rgf.datafforge.ru/xxzeoy/
url: http://assignideate.dsudag.es/eme4si/
url: http://cqne.zuxsc.es/dnvci/$mattf@jfrealestate.com
url: http://dto.bpdaokygwg.es/70bdkbd4anto6gd/
url: http://axcd.iwwhyw.es/w63ksk/
url: http://hlq.lbhoci.es/f4mmzlxu/
url: https://pstarofliught.top/wozd
url: https://v7salaccgfa.top/gsooz
url: https://3salaccgfa.top/gsooz
url: https://dquilltayle.live/gksi
url: https://lpiratetwrath.run/ytus
file: 67.71.45.223
hash: 2222
file: 176.65.149.155
hash: 8080
url: https://lquilltayle.live/gksi
file: 107.149.213.17
hash: 1430
file: 107.149.213.18
hash: 1430
file: 137.175.86.215
hash: 1430
file: 137.175.86.216
hash: 1430
file: 137.175.86.217
hash: 1430
file: 137.175.86.219
hash: 1430
file: 137.175.90.209
hash: 1430
file: 137.175.90.210
hash: 1430
file: 137.175.90.211
hash: 1430
file: 137.175.90.212
hash: 1430
file: 137.175.90.213
hash: 1430
file: 198.2.208.57
hash: 1430
file: 198.2.208.59
hash: 1430
file: 198.2.208.60
hash: 1430
file: 198.2.208.61
hash: 1430
file: 3.67.62.142
hash: 18188
url: https://wnighetwhisper.top/lekd
url: https://check.carin.icu/gkcxv.google
domain: check.carin.icu
file: 47.93.25.72
hash: 9088
file: 107.148.49.212
hash: 31337
file: 203.245.0.121
hash: 443
file: 52.18.3.105
hash: 4506
file: 31.25.24.159
hash: 7777
file: 47.109.203.76
hash: 8080
file: 116.204.85.234
hash: 80
file: 101.36.122.13
hash: 80
file: 107.150.0.56
hash: 8808
url: https://kick.us.com/
url: https://kick.us.com/fwgwng.bat
file: 171.227.30.106
hash: 5002
file: 173.249.198.224
hash: 8547
file: 156.238.245.37
hash: 8080
file: 95.140.156.252
hash: 80
url: http://203.245.0.121
file: 80.241.209.53
hash: 12182
domain: technical-equally.gl.at.ply.gg
file: 45.88.186.43
hash: 7232
domain: r-tube.ru
file: 43.139.50.42
hash: 62005
file: 31.58.51.98
hash: 24529
file: 31.58.51.98
hash: 59999
file: 51.38.137.114
hash: 3771
file: 103.178.235.240
hash: 3778
file: 103.178.235.240
hash: 9555
file: 104.168.101.27
hash: 1412
file: 104.168.101.27
hash: 3211
file: 176.65.137.221
hash: 41214
file: 176.65.137.221
hash: 12312
file: 176.65.138.240
hash: 3778
file: 176.65.140.174
hash: 1995
file: 176.65.140.174
hash: 1337
file: 176.65.141.183
hash: 101
file: 176.65.142.252
hash: 25634
file: 176.65.144.193
hash: 26425
file: 176.65.144.193
hash: 44115
file: 176.65.144.253
hash: 9654
file: 185.196.9.222
hash: 2211
file: 185.196.9.222
hash: 7733
file: 192.241.146.135
hash: 3778
file: 192.241.146.135
hash: 9555
file: 196.251.71.29
hash: 56412
file: 196.251.71.29
hash: 25478
file: 196.251.80.200
hash: 3912
file: 216.9.224.47
hash: 1312
file: 216.9.224.47
hash: 3912
file: 213.209.143.24
hash: 34411
file: 103.77.241.250
hash: 2023
file: 103.77.241.250
hash: 2025
file: 89.187.28.82
hash: 3778
file: 66.63.187.82
hash: 6666
file: 205.185.125.181
hash: 56412
file: 205.185.125.181
hash: 420
file: 61.7.209.115
hash: 3211
file: 61.7.209.115
hash: 207
file: 45.125.12.175
hash: 23966
domain: academy.entrepreneurwealthhub.com
domain: hub.unlimitedcashflowevent.com
domain: ceo.cowholesaling.com
domain: newsite.iapmd.org
domain: cpanel.buyjlindustriesonline.com
domain: webmail.ebuildingsource.com
domain: subscribe.bigeznola.com
domain: customer.aaddigitalstrategies.com
domain: regular.ptbaconsulting.com
domain: check.pivum.icu
url: https://check.pivum.icu/gkcxv.google
file: 94.156.115.12
hash: 43957
domain: ddwall.duckdns.org
domain: itunesextractor.com
file: 120.27.162.47
hash: 80
file: 117.23.59.90
hash: 8000
file: 8.140.25.155
hash: 8089
file: 36.133.14.65
hash: 9090
file: 16.163.161.107
hash: 53
file: 3.8.78.144
hash: 8808
file: 109.120.137.57
hash: 8808
file: 46.201.81.233
hash: 443
domain: neathealth.beauty
file: 146.56.51.149
hash: 443
domain: check.juket.icu
url: https://check.juket.icu/gkcxv.google
file: 146.19.170.222
hash: 4443
url: http://117.248.206.180:54905/mozi.m
file: 47.97.0.235
hash: 6666
file: 45.227.253.91
hash: 32400
file: 47.99.169.201
hash: 50050
file: 1.94.105.46
hash: 50050
file: 84.46.239.239
hash: 4443
file: 37.13.39.51
hash: 6001
file: 54.90.144.239
hash: 4321
file: 67.217.228.14
hash: 8080
domain: given-neither.gl.at.ply.gg
domain: botnet9.ddns.net
file: 193.26.115.218
hash: 8808
file: 155.138.241.220
hash: 8888
file: 196.251.115.31
hash: 5555
file: 88.119.169.53
hash: 7443
file: 45.32.124.13
hash: 4782
file: 18.176.122.97
hash: 80
file: 45.144.50.8
hash: 443
url: https://check.letoq.icu/gkcxv.google
domain: api.xiaoyaoruchu.com

ThreatFox IOCs for 2025-04-20

Severity: medium

Type: malware

ThreatFox IOCs for 2025-04-20

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 88.214.48.65
hash: 422
file: 88.214.48.66
hash: 420
file: 88.214.48.64
hash: 428
file: 88.214.48.65
hash: 430
file: 88.214.48.64
hash: 420
file: 88.214.48.64
hash: 419
file: 88.214.48.66
hash: 428
file: 88.214.48.65
hash: 420
file: 88.214.48.64
hash: 430
file: 147.185.221.27
hash: 47881
domain: yet-continental.gl.at.ply.gg
file: 88.214.48.66
hash: 431
file: 88.214.48.64
hash: 431
file: 88.214.48.64
hash: 417
file: 88.214.48.64
hash: 427
file: 88.214.48.64
hash: 425
file: 88.214.48.65
hash: 427
file: 88.214.48.64
hash: 422
file: 88.214.48.65
hash: 421
file: 88.214.48.66
hash: 422
domain: check.pejel.icu
file: 88.214.48.66
hash: 426
hash: dee2ecb51fbfa2f1de9dbe9a7524da12
hash: bcd51ee1df396f07af0b0a345a6dbaf4
hash: 935d7db2557d62a55a23b6020d42351c
hash: b5e1521ea5ffa2d5ec13cef61ffe363d
file: 88.214.48.66
hash: 423
file: 88.214.48.64
hash: 423
file: 88.214.48.64
hash: 421
url: http://172.82.91.106/p.txt
file: 88.243.7.236
hash: 1604
file: 88.214.48.66
hash: 425
file: 88.214.48.66
hash: 424
file: 88.214.48.65
hash: 426
file: 88.214.48.66
hash: 419
file: 88.214.48.66
hash: 429
file: 88.214.48.65
hash: 429
domain: ladoicese.org
file: 88.214.48.66
hash: 418
file: 88.214.48.64
hash: 429
file: 88.214.48.66
hash: 417
file: 3.67.15.169
hash: 13573
file: 35.157.111.131
hash: 13573
domain: kaohej.com
domain: core.kaohej.com
domain: kaohej.info
domain: core.kaohej.info
domain: kaohej.org
domain: core.kaohej.org
file: 88.214.48.64
hash: 416
file: 88.214.48.65
hash: 418
file: 120.26.139.176
hash: 8080
file: 173.212.245.215
hash: 80
file: 49.232.62.197
hash: 443
file: 62.60.226.114
hash: 40103
file: 193.168.143.13
hash: 443
file: 144.91.103.204
hash: 8443
file: 91.208.184.195
hash: 7412
file: 196.251.69.26
hash: 888
file: 196.251.69.26
hash: 2222
file: 196.251.116.155
hash: 8443
file: 2.59.117.173
hash: 8089
file: 83.217.209.65
hash: 8089
domain: react.socalmediazone.com
file: 118.195.162.44
hash: 443
file: 5.161.207.95
hash: 8080
file: 171.227.30.106
hash: 9999
file: 3.69.197.94
hash: 44818
file: 134.175.89.138
hash: 80
file: 8.213.235.187
hash: 10443
file: 88.214.48.66
hash: 427
file: 212.237.218.41
hash: 80
file: 196.251.90.83
hash: 3000
file: 103.39.79.160
hash: 8443
file: 84.247.148.249
hash: 8443
file: 23.227.167.188
hash: 8808
file: 47.128.167.206
hash: 80
file: 171.22.31.46
hash: 80
domain: o.socalmediazone.com
file: 196.251.87.16
hash: 8089
file: 45.33.7.49
hash: 8080
file: 51.15.194.103
hash: 4443
file: 36.138.95.31
hash: 60000
file: 192.145.45.61
hash: 3333
file: 65.108.209.233
hash: 4444
file: 38.242.221.155
hash: 3333
file: 192.145.28.124
hash: 4443
file: 52.204.130.225
hash: 443
file: 52.72.220.219
hash: 443
file: 101.200.29.152
hash: 3333
file: 47.94.8.20
hash: 3333
file: 51.178.141.34
hash: 1234
file: 1.92.144.199
hash: 3333
file: 52.139.216.69
hash: 8080
file: 165.232.47.88
hash: 3333
file: 157.230.97.17
hash: 1724
file: 3.7.190.114
hash: 443
file: 174.35.59.229
hash: 13333
file: 111.229.149.224
hash: 3333
file: 118.184.187.174
hash: 54681
file: 107.150.0.237
hash: 8080
domain: autodiscover.aa.104-168-101-27.cprapid.com
file: 2.122.168.171
hash: 443
file: 154.246.33.169
hash: 443
file: 185.39.17.70
hash: 8848
file: 103.89.137.180
hash: 80
file: 146.19.170.222
hash: 443
file: 2.57.241.52
hash: 80
url: https://dustfurniture.xyz/art.php
url: http://pancakebag.xyz/bik.php
url: http://auntapproval.icu/apr.php
url: http://auntapproval.icu/apri.php
domain: lowwood.xyz
url: https://3quilltayle.live/gksi
file: 185.9.146.38
hash: 443
file: 43.133.72.43
hash: 80
file: 124.70.203.28
hash: 10443
file: 47.93.135.155
hash: 31337
file: 43.131.5.83
hash: 31337
file: 65.38.98.101
hash: 31337
file: 185.141.216.95
hash: 31337
file: 138.197.61.237
hash: 31337
file: 3.123.4.89
hash: 21025
file: 3.123.4.89
hash: 1025
file: 54.180.138.77
hash: 7634
file: 13.203.75.50
hash: 21025
file: 13.245.82.245
hash: 9761
file: 13.37.233.32
hash: 8723
file: 3.26.2.255
hash: 902
file: 171.227.30.106
hash: 5001
file: 108.141.125.190
hash: 3333
url: http://196.251.72.215:3000/
url: http://196.251.72.216:3000/
url: http://196.251.87.16/
url: http://partner-id3695.com/
url: https://odash.aarkernerse.com/
domain: envio10-04-25.duckdns.org
file: 185.94.29.209
hash: 8080
file: 194.59.30.194
hash: 6606
file: 194.59.30.194
hash: 7707
file: 194.59.30.194
hash: 8808
domain: boards-essential.gl.at.ply.gg
domain: earth-schedules.gl.at.ply.gg
domain: summer-malaysia.gl.at.ply.gg
domain: technical-equally.gl.at.ply.g
file: 111.180.190.199
hash: 31880
file: 111.180.190.199
hash: 8848
file: 176.65.134.55
hash: 3470
file: 77.105.161.9
hash: 3232
domain: bot.argus-services.xyz
url: https://pastebin.com/raw/nfvynppg
file: 107.174.85.153
hash: 443
file: 125.77.172.64
hash: 8888
file: 45.230.255.103
hash: 8000
file: 194.59.31.31
hash: 2500
url: https://pastebin.com/raw/00mybwuz
file: 137.184.35.179
hash: 8888
file: 163.172.125.253
hash: 400
file: 13.250.199.140
hash: 80
file: 181.162.178.29
hash: 8080
domain: hiesa-56152.portmap.host
domain: feb-travelers.gl.at.ply.gg
file: 54.212.58.238
hash: 32298
file: 162.216.112.124
hash: 8088
file: 198.2.208.57
hash: 1523
domain: check.pikip.icu
url: https://check.pikip.icu/gkcxv.google
url: http://a8.xquwjhogz.ru/53lem5c/
url: http://cjgo.qdgekfr.es/4duz/
url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?
url: http://yw.vyponky.es/zwre/
url: http://mm4c.kmyrtgic.com/ngk03wlh/$sealogistics.ve@slurpmail.net
url: http://hkn.omxdjymjrp.es/da3ycqo0/
url: http://tsd.oqitjjf.es/nongo/
url: http://bvmffod.oqitjjf.es/nongo/
url: http://if.wntfxw.es/iboctllz/
url: http://bobcroft.me/wp-oistne/index.html
url: http://gardon.blob.core.windows.net/gardon/gardon.html
url: http://2fqw.ozeubkt.ru/bfakpv/
url: http://x1.qkbnkruvtjo.es/uvq9w4jk/
url: http://4d.examzl.es/22jxe9ka/
url: http://ttp.mindlooip.ru/fvc68/
url: http://4lw.tytprngxckyk.es/red/
url: http://c5r.ykgznx.es/3bkuu985ym8vgeu/
url: http://art.zkmwcsprv.es/iisbetmi/
url: http://bhj9j.cgehpee.es/9crzk/
url: http://4pl.bzlvvm.es/wpm6/
url: http://8q.azpbc.es/wgfhz9i/
url: http://mwp.riywmc.es/m0wvbcga/
url: http://uja5.gpkfnynp.es/gqncds8idt8ti9j/
url: http://v7wd.jbifnidlafjb.es/wqd2hea/
url: http://kya8k-fdm4.hcwniwgrqy.es/rt5c/
url: http://1y.zuxsc.es/dnvci/
url: http://laucc-fdm4.hcwniwgrqy.es/rt5c/
url: http://90.bpahhcicdbw.es/9rgxd7g5st7wqpf/
url: http://gtnc.erwelrastoc.ru/kyt5d/
url: http://4fu36-cosaction.hcwniwgrqy.es/rt5c/
url: http://fpc8.usktcp.es/fkyj/
url: http://api.us2.500apps.com/mailsend/v1/click/555860/372270/227/651/238?url=https%3a//hugofajardo.com.br/wp-content/bitill/prevents/bill/copper/go/loop/index&t=n#bwf0dghldy5jb2nocmfuqgfncmkub2hpby5nb3y=
url: http://bjq.yclnjj.es/4swhfy2z/
url: http://0eaw.ykgznx.es/3bkuu985ym8vgeu/
url: http://uka.xvypywmiv.es/l1wvb/
url: http://t6y.zdzhwsdskx.es/poavxb/
url: http://bz.yyevowobz.es/mucnjv6/
url: http://eb.kyvankvg.es/wdky1/
url: http://gd.yvgherre.ru/rpsylky/
url: http://htu.fzpoqs.es/cukg/
url: http://tli.manisnionti.ru/9nge/
url: http://ek.kyvankvg.es/wdky1/
url: http://ilovecondo.net/redirectpage.aspx?url=https://hyi.ozsicprvvbo.ru/wox/
url: http://hyi.ozsicprvvbo.ru/wox/
url: http://fhhp.yclnjj.es/4swhfy2z/
url: http://wl7.htheaded.ru/mwfbcbz/
url: http://s8.ingolothy.ru/xbq3wdj/
url: http://n1.izowddta.es/o97yr9kq/
url: http://nt.maiupr.es/mcy5ppt/
url: http://eastgold.xyxmusr.es/anewa/
url: http://mbtrzn.sdcaznbe.es/o06kif/
url: http://plfo.zdzhwsdskx.es/poavxb/
url: http://oit.qlhtjv.es/1qbiaha/
url: http://mongreta.blob.core.windows.net/mongreta/mongreta.html
url: http://7xlg.rkqymjx.es/c7r4/
url: http://nvzz.cxprnvhh.es/sguejwf/
url: http://oqd.qwivrle.es/jxxf4rdj/
url: http://4829482948294829482948294829482948482948.uronfecit.ru/hlnz62kk/
url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?3mail@slurpmail.net
url: http://uivd.rzvpovoqysa.es/2ns5x6/
url: http://yiv.stqevw.ru/mx2ovzlqy/%23xwlunders@slurpmail.net
url: http://hp0vrx.utepfqpn.es/kehl/
url: http://rff.rrtussgb.es/eqxhz/
url: http://z9j.hflumi.es/ssxkohf/
url: http://kxi.riywmc.es/m0wvbcga/
url: http://y4.keusxhpgy.es/1jgkofpl/
url: http://incture.xgtfctr.es/uocms/
url: http://1nc.smlyhe.es/t6gxxj4z/
url: http://t445xrxe.bavdaea.es/ppxzv/
url: http://5jp.rbitatiab.ru/jgx71p/
url: http://yv.qhynyhmkhob.es/uwqofq/
url: http://bereila.blob.core.windows.net/bereila/bereila.html
url: http://nnkn.oaczr.es/wclezf/
url: http://6p.ziyzgd.es/hw30u4y6/
url: http://ibi4.ueinrrv.es/joqz06s/
url: http://ji.qslwif.es/tjor/
url: http://oj.elindactori.ru/msg1w31/
url: http://t5.wfuxsnwjnjb.es/activ/$/
url: http://oyoa.wcjysnwknbgv.es/taine4k0/%23slee@slurpmail.net
url: http://ndd.ifnqmlwx.es/1pcfpg/
url: http://gaj6u.hjywaif.es/kgtkh4o0/
url: http://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?matt.woodbury@slurpmail.net
url: http://blog.tytprngxckyk.es/red/
url: http://hze.phiachiphe.ru/xqczefkg/
url: http://9rgf.datafforge.ru/xxzeoy/
url: http://assignideate.dsudag.es/eme4si/
url: http://cqne.zuxsc.es/dnvci/$mattf@jfrealestate.com
url: http://dto.bpdaokygwg.es/70bdkbd4anto6gd/
url: http://axcd.iwwhyw.es/w63ksk/
url: http://hlq.lbhoci.es/f4mmzlxu/
url: https://pstarofliught.top/wozd
url: https://v7salaccgfa.top/gsooz
url: https://3salaccgfa.top/gsooz
url: https://dquilltayle.live/gksi
url: https://lpiratetwrath.run/ytus
file: 67.71.45.223
hash: 2222
file: 176.65.149.155
hash: 8080
url: https://lquilltayle.live/gksi
file: 107.149.213.17
hash: 1430
file: 107.149.213.18
hash: 1430
file: 137.175.86.215
hash: 1430
file: 137.175.86.216
hash: 1430
file: 137.175.86.217
hash: 1430
file: 137.175.86.219
hash: 1430
file: 137.175.90.209
hash: 1430
file: 137.175.90.210
hash: 1430
file: 137.175.90.211
hash: 1430
file: 137.175.90.212
hash: 1430
file: 137.175.90.213
hash: 1430
file: 198.2.208.57
hash: 1430
file: 198.2.208.59
hash: 1430
file: 198.2.208.60
hash: 1430
file: 198.2.208.61
hash: 1430
file: 3.67.62.142
hash: 18188
url: https://wnighetwhisper.top/lekd
url: https://check.carin.icu/gkcxv.google
domain: check.carin.icu
file: 47.93.25.72
hash: 9088
file: 107.148.49.212
hash: 31337
file: 203.245.0.121
hash: 443
file: 52.18.3.105
hash: 4506
file: 31.25.24.159
hash: 7777
file: 47.109.203.76
hash: 8080
file: 116.204.85.234
hash: 80
file: 101.36.122.13
hash: 80
file: 107.150.0.56
hash: 8808
url: https://kick.us.com/
url: https://kick.us.com/fwgwng.bat
file: 171.227.30.106
hash: 5002
file: 173.249.198.224
hash: 8547
file: 156.238.245.37
hash: 8080
file: 95.140.156.252
hash: 80
url: http://203.245.0.121
file: 80.241.209.53
hash: 12182
domain: technical-equally.gl.at.ply.gg
file: 45.88.186.43
hash: 7232
domain: r-tube.ru
file: 43.139.50.42
hash: 62005
file: 31.58.51.98
hash: 24529
file: 31.58.51.98
hash: 59999
file: 51.38.137.114
hash: 3771
file: 103.178.235.240
hash: 3778
file: 103.178.235.240
hash: 9555
file: 104.168.101.27
hash: 1412
file: 104.168.101.27
hash: 3211
file: 176.65.137.221
hash: 41214
file: 176.65.137.221
hash: 12312
file: 176.65.138.240
hash: 3778
file: 176.65.140.174
hash: 1995
file: 176.65.140.174
hash: 1337
file: 176.65.141.183
hash: 101
file: 176.65.142.252
hash: 25634
file: 176.65.144.193
hash: 26425
file: 176.65.144.193
hash: 44115
file: 176.65.144.253
hash: 9654
file: 185.196.9.222
hash: 2211
file: 185.196.9.222
hash: 7733
file: 192.241.146.135
hash: 3778
file: 192.241.146.135
hash: 9555
file: 196.251.71.29
hash: 56412
file: 196.251.71.29
hash: 25478
file: 196.251.80.200
hash: 3912
file: 216.9.224.47
hash: 1312
file: 216.9.224.47
hash: 3912
file: 213.209.143.24
hash: 34411
file: 103.77.241.250
hash: 2023
file: 103.77.241.250
hash: 2025
file: 89.187.28.82
hash: 3778
file: 66.63.187.82
hash: 6666
file: 205.185.125.181
hash: 56412
file: 205.185.125.181
hash: 420
file: 61.7.209.115
hash: 3211
file: 61.7.209.115
hash: 207
file: 45.125.12.175
hash: 23966
domain: academy.entrepreneurwealthhub.com
domain: hub.unlimitedcashflowevent.com
domain: ceo.cowholesaling.com
domain: newsite.iapmd.org
domain: cpanel.buyjlindustriesonline.com
domain: webmail.ebuildingsource.com
domain: subscribe.bigeznola.com
domain: customer.aaddigitalstrategies.com
domain: regular.ptbaconsulting.com
domain: check.pivum.icu
url: https://check.pivum.icu/gkcxv.google
file: 94.156.115.12
hash: 43957
domain: ddwall.duckdns.org
domain: itunesextractor.com
file: 120.27.162.47
hash: 80
file: 117.23.59.90
hash: 8000
file: 8.140.25.155
hash: 8089
file: 36.133.14.65
hash: 9090
file: 16.163.161.107
hash: 53
file: 3.8.78.144
hash: 8808
file: 109.120.137.57
hash: 8808
file: 46.201.81.233
hash: 443
domain: neathealth.beauty
file: 146.56.51.149
hash: 443
domain: check.juket.icu
url: https://check.juket.icu/gkcxv.google
file: 146.19.170.222
hash: 4443
url: http://117.248.206.180:54905/mozi.m
file: 47.97.0.235
hash: 6666
file: 45.227.253.91
hash: 32400
file: 47.99.169.201
hash: 50050
file: 1.94.105.46
hash: 50050
file: 84.46.239.239
hash: 4443
file: 37.13.39.51
hash: 6001
file: 54.90.144.239
hash: 4321
file: 67.217.228.14
hash: 8080
domain: given-neither.gl.at.ply.gg
domain: botnet9.ddns.net
file: 193.26.115.218
hash: 8808
file: 155.138.241.220
hash: 8888
file: 196.251.115.31
hash: 5555
file: 88.119.169.53
hash: 7443
file: 45.32.124.13
hash: 4782
file: 18.176.122.97
hash: 80
file: 45.144.50.8
hash: 443
url: https://check.letoq.icu/gkcxv.google
domain: api.xiaoyaoruchu.com

Source: ThreatFox

Published: Sun Apr 20 2025

ThreatFox IOCs for 2025-04-20

Medium

Malwaretype:osint tlp:white

Published: Sun Apr 20 2025 (04/20/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-04-20

AI-Powered Analysis

AILast updated: 06/19/2025, 15:18:54 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 88a0cef2-7922-4a3d-af21-6329c8d7252e
Original Timestamp: 1745193787

Indicators of Compromise

File

Value	Description	Copy
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file147.185.221.27	NjRAT botnet C2 server (confidence level: 75%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.243.7.236	DarkComet botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file3.67.15.169	NjRAT botnet C2 server (confidence level: 75%)
file35.157.111.131	NjRAT botnet C2 server (confidence level: 75%)
file88.214.48.64	Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65	Tofsee botnet C2 server (confidence level: 100%)
file120.26.139.176	Cobalt Strike botnet C2 server (confidence level: 100%)
file173.212.245.215	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.62.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file62.60.226.114	Remcos botnet C2 server (confidence level: 100%)
file193.168.143.13	Sliver botnet C2 server (confidence level: 100%)
file144.91.103.204	Sliver botnet C2 server (confidence level: 100%)
file91.208.184.195	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.69.26	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.26	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.155	AsyncRAT botnet C2 server (confidence level: 100%)
file2.59.117.173	Hook botnet C2 server (confidence level: 100%)
file83.217.209.65	Hook botnet C2 server (confidence level: 100%)
file118.195.162.44	Quasar RAT botnet C2 server (confidence level: 100%)
file5.161.207.95	Havoc botnet C2 server (confidence level: 100%)
file171.227.30.106	Venom RAT botnet C2 server (confidence level: 100%)
file3.69.197.94	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file134.175.89.138	Cobalt Strike botnet C2 server (confidence level: 75%)
file8.213.235.187	Cobalt Strike botnet C2 server (confidence level: 75%)
file88.214.48.66	Tofsee botnet C2 server (confidence level: 100%)
file212.237.218.41	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.90.83	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.39.79.160	Cobalt Strike botnet C2 server (confidence level: 100%)
file84.247.148.249	Sliver botnet C2 server (confidence level: 90%)
file23.227.167.188	AsyncRAT botnet C2 server (confidence level: 100%)
file47.128.167.206	Hook botnet C2 server (confidence level: 100%)
file171.22.31.46	Hook botnet C2 server (confidence level: 100%)
file196.251.87.16	Hook botnet C2 server (confidence level: 100%)
file45.33.7.49	Unknown malware botnet C2 server (confidence level: 100%)
file51.15.194.103	Unknown malware botnet C2 server (confidence level: 100%)
file36.138.95.31	Unknown malware botnet C2 server (confidence level: 100%)
file192.145.45.61	Unknown malware botnet C2 server (confidence level: 100%)
file65.108.209.233	Unknown malware botnet C2 server (confidence level: 100%)
file38.242.221.155	Unknown malware botnet C2 server (confidence level: 100%)
file192.145.28.124	Unknown malware botnet C2 server (confidence level: 100%)
file52.204.130.225	Unknown malware botnet C2 server (confidence level: 100%)
file52.72.220.219	Unknown malware botnet C2 server (confidence level: 100%)
file101.200.29.152	Unknown malware botnet C2 server (confidence level: 100%)
file47.94.8.20	Unknown malware botnet C2 server (confidence level: 100%)
file51.178.141.34	Unknown malware botnet C2 server (confidence level: 100%)
file1.92.144.199	Unknown malware botnet C2 server (confidence level: 100%)
file52.139.216.69	Unknown malware botnet C2 server (confidence level: 100%)
file165.232.47.88	Unknown malware botnet C2 server (confidence level: 100%)
file157.230.97.17	Unknown malware botnet C2 server (confidence level: 100%)
file3.7.190.114	Unknown malware botnet C2 server (confidence level: 100%)
file174.35.59.229	Unknown malware botnet C2 server (confidence level: 100%)
file111.229.149.224	Unknown malware botnet C2 server (confidence level: 100%)
file118.184.187.174	Chaos botnet C2 server (confidence level: 100%)
file107.150.0.237	Chaos botnet C2 server (confidence level: 100%)
file2.122.168.171	QakBot botnet C2 server (confidence level: 100%)
file154.246.33.169	QakBot botnet C2 server (confidence level: 100%)
file185.39.17.70	AsyncRAT botnet C2 server (confidence level: 75%)
file103.89.137.180	Cobalt Strike botnet C2 server (confidence level: 100%)
file146.19.170.222	Cobalt Strike botnet C2 server (confidence level: 100%)
file2.57.241.52	Cobalt Strike botnet C2 server (confidence level: 100%)
file185.9.146.38	Cobalt Strike botnet C2 server (confidence level: 50%)
file43.133.72.43	Cobalt Strike botnet C2 server (confidence level: 50%)
file124.70.203.28	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.93.135.155	Sliver botnet C2 server (confidence level: 50%)
file43.131.5.83	Sliver botnet C2 server (confidence level: 50%)
file65.38.98.101	Sliver botnet C2 server (confidence level: 50%)
file185.141.216.95	Sliver botnet C2 server (confidence level: 50%)
file138.197.61.237	Sliver botnet C2 server (confidence level: 50%)
file3.123.4.89	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.123.4.89	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.180.138.77	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.203.75.50	BlackShades botnet C2 server (confidence level: 50%)
file13.245.82.245	BlackShades botnet C2 server (confidence level: 50%)
file13.37.233.32	Unknown malware botnet C2 server (confidence level: 50%)
file3.26.2.255	Unknown malware botnet C2 server (confidence level: 50%)
file171.227.30.106	Venom RAT botnet C2 server (confidence level: 50%)
file108.141.125.190	Unknown malware botnet C2 server (confidence level: 50%)
file185.94.29.209	AsyncRAT botnet C2 server (confidence level: 50%)
file194.59.30.194	AsyncRAT botnet C2 server (confidence level: 50%)
file194.59.30.194	AsyncRAT botnet C2 server (confidence level: 50%)
file194.59.30.194	AsyncRAT botnet C2 server (confidence level: 50%)
file111.180.190.199	DCRat botnet C2 server (confidence level: 50%)
file111.180.190.199	DCRat botnet C2 server (confidence level: 50%)
file176.65.134.55	DCRat botnet C2 server (confidence level: 50%)
file77.105.161.9	DCRat botnet C2 server (confidence level: 50%)
file107.174.85.153	Cobalt Strike botnet C2 server (confidence level: 100%)
file125.77.172.64	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.230.255.103	Remcos botnet C2 server (confidence level: 100%)
file194.59.31.31	Remcos botnet C2 server (confidence level: 100%)
file137.184.35.179	Unknown malware botnet C2 server (confidence level: 100%)
file163.172.125.253	AsyncRAT botnet C2 server (confidence level: 100%)
file13.250.199.140	Hook botnet C2 server (confidence level: 100%)
file181.162.178.29	Quasar RAT botnet C2 server (confidence level: 100%)
file54.212.58.238	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file162.216.112.124	BianLian botnet C2 server (confidence level: 100%)
file198.2.208.57	XOR DDoS botnet C2 server (confidence level: 50%)
file67.71.45.223	QakBot botnet C2 server (confidence level: 75%)
file176.65.149.155	Meterpreter botnet C2 server (confidence level: 75%)
file107.149.213.17	XOR DDoS botnet C2 server (confidence level: 75%)
file107.149.213.18	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.215	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.216	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.217	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.219	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.209	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.210	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.211	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.212	XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.213	XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.57	XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.59	XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.60	XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.61	XOR DDoS botnet C2 server (confidence level: 75%)
file3.67.62.142	NjRAT botnet C2 server (confidence level: 75%)
file47.93.25.72	Cobalt Strike botnet C2 server (confidence level: 50%)
file107.148.49.212	Sliver botnet C2 server (confidence level: 50%)
file203.245.0.121	Kimsuky botnet C2 server (confidence level: 50%)
file52.18.3.105	Unknown malware botnet C2 server (confidence level: 50%)
file31.25.24.159	Unknown malware botnet C2 server (confidence level: 50%)
file47.109.203.76	Cobalt Strike botnet C2 server (confidence level: 100%)
file116.204.85.234	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.36.122.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.150.0.56	AsyncRAT botnet C2 server (confidence level: 100%)
file171.227.30.106	Venom RAT botnet C2 server (confidence level: 100%)
file173.249.198.224	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file156.238.245.37	ERMAC botnet C2 server (confidence level: 100%)
file95.140.156.252	Bashlite botnet C2 server (confidence level: 100%)
file80.241.209.53	CapraRAT botnet C2 server (confidence level: 50%)
file45.88.186.43	XWorm botnet C2 server (confidence level: 50%)
file43.139.50.42	Cobalt Strike botnet C2 server (confidence level: 75%)
file31.58.51.98	Mirai botnet C2 server (confidence level: 100%)
file31.58.51.98	Mirai botnet C2 server (confidence level: 100%)
file51.38.137.114	Mirai botnet C2 server (confidence level: 100%)
file103.178.235.240	Mirai botnet C2 server (confidence level: 100%)
file103.178.235.240	Mirai botnet C2 server (confidence level: 100%)
file104.168.101.27	Mirai botnet C2 server (confidence level: 100%)
file104.168.101.27	Mirai botnet C2 server (confidence level: 100%)
file176.65.137.221	Mirai botnet C2 server (confidence level: 100%)
file176.65.137.221	Mirai botnet C2 server (confidence level: 100%)
file176.65.138.240	Mirai botnet C2 server (confidence level: 100%)
file176.65.140.174	Mirai botnet C2 server (confidence level: 100%)
file176.65.140.174	Mirai botnet C2 server (confidence level: 100%)
file176.65.141.183	Mirai botnet C2 server (confidence level: 100%)
file176.65.142.252	Mirai botnet C2 server (confidence level: 100%)
file176.65.144.193	Mirai botnet C2 server (confidence level: 100%)
file176.65.144.193	Mirai botnet C2 server (confidence level: 100%)
file176.65.144.253	Mirai botnet C2 server (confidence level: 100%)
file185.196.9.222	Mirai botnet C2 server (confidence level: 100%)
file185.196.9.222	Mirai botnet C2 server (confidence level: 100%)
file192.241.146.135	Mirai botnet C2 server (confidence level: 100%)
file192.241.146.135	Mirai botnet C2 server (confidence level: 100%)
file196.251.71.29	Mirai botnet C2 server (confidence level: 100%)
file196.251.71.29	Mirai botnet C2 server (confidence level: 100%)
file196.251.80.200	Mirai botnet C2 server (confidence level: 100%)
file216.9.224.47	Mirai botnet C2 server (confidence level: 100%)
file216.9.224.47	Mirai botnet C2 server (confidence level: 100%)
file213.209.143.24	Mirai botnet C2 server (confidence level: 100%)
file103.77.241.250	Mirai botnet C2 server (confidence level: 100%)
file103.77.241.250	Mirai botnet C2 server (confidence level: 100%)
file89.187.28.82	Mirai botnet C2 server (confidence level: 100%)
file66.63.187.82	Mirai botnet C2 server (confidence level: 100%)
file205.185.125.181	Mirai botnet C2 server (confidence level: 100%)
file205.185.125.181	Mirai botnet C2 server (confidence level: 100%)
file61.7.209.115	Mirai botnet C2 server (confidence level: 100%)
file61.7.209.115	Mirai botnet C2 server (confidence level: 100%)
file45.125.12.175	Bashlite botnet C2 server (confidence level: 75%)
file94.156.115.12	MooBot botnet C2 server (confidence level: 75%)
file120.27.162.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file117.23.59.90	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.25.155	Cobalt Strike botnet C2 server (confidence level: 100%)
file36.133.14.65	Cobalt Strike botnet C2 server (confidence level: 100%)
file16.163.161.107	ShadowPad botnet C2 server (confidence level: 90%)
file3.8.78.144	AsyncRAT botnet C2 server (confidence level: 100%)
file109.120.137.57	AsyncRAT botnet C2 server (confidence level: 100%)
file46.201.81.233	Havoc botnet C2 server (confidence level: 100%)
file146.56.51.149	Unknown malware botnet C2 server (confidence level: 100%)
file146.19.170.222	Cobalt Strike botnet C2 server (confidence level: 75%)
file47.97.0.235	Cobalt Strike botnet C2 server (confidence level: 50%)
file45.227.253.91	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.99.169.201	Cobalt Strike botnet C2 server (confidence level: 50%)
file1.94.105.46	Cobalt Strike botnet C2 server (confidence level: 50%)
file84.46.239.239	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file37.13.39.51	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.90.144.239	BlackShades botnet C2 server (confidence level: 50%)
file67.217.228.14	FAKEUPDATES payload delivery server (confidence level: 50%)
file193.26.115.218	AsyncRAT botnet C2 server (confidence level: 100%)
file155.138.241.220	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.115.31	AsyncRAT botnet C2 server (confidence level: 100%)
file88.119.169.53	Unknown malware botnet C2 server (confidence level: 100%)
file45.32.124.13	Quasar RAT botnet C2 server (confidence level: 100%)
file18.176.122.97	Brute Ratel C4 botnet C2 server (confidence level: 100%)
file45.144.50.8	Meterpreter botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash428	Tofsee botnet C2 server (confidence level: 100%)
hash420	Tofsee botnet C2 server (confidence level: 100%)
hash430	Tofsee botnet C2 server (confidence level: 100%)
hash47881	NjRAT botnet C2 server (confidence level: 75%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash431	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash422	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hashdee2ecb51fbfa2f1de9dbe9a7524da12	Unknown malware payload (confidence level: 50%)
hashbcd51ee1df396f07af0b0a345a6dbaf4	Unknown malware payload (confidence level: 50%)
hash935d7db2557d62a55a23b6020d42351c	Unknown malware payload (confidence level: 50%)
hashb5e1521ea5ffa2d5ec13cef61ffe363d	Unknown malware payload (confidence level: 50%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash423	Tofsee botnet C2 server (confidence level: 100%)
hash421	Tofsee botnet C2 server (confidence level: 100%)
hash1604	DarkComet botnet C2 server (confidence level: 100%)
hash425	Tofsee botnet C2 server (confidence level: 100%)
hash424	Tofsee botnet C2 server (confidence level: 100%)
hash426	Tofsee botnet C2 server (confidence level: 100%)
hash419	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash429	Tofsee botnet C2 server (confidence level: 100%)
hash417	Tofsee botnet C2 server (confidence level: 100%)
hash13573	NjRAT botnet C2 server (confidence level: 75%)
hash13573	NjRAT botnet C2 server (confidence level: 75%)
hash416	Tofsee botnet C2 server (confidence level: 100%)
hash418	Tofsee botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash40103	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8443	Sliver botnet C2 server (confidence level: 100%)
hash7412	Unknown malware botnet C2 server (confidence level: 100%)
hash888	AsyncRAT botnet C2 server (confidence level: 100%)
hash2222	AsyncRAT botnet C2 server (confidence level: 100%)
hash8443	AsyncRAT botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash443	Quasar RAT botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash9999	Venom RAT botnet C2 server (confidence level: 100%)
hash44818	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash10443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash427	Tofsee botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash3000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Sliver botnet C2 server (confidence level: 90%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash4443	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash4444	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash4443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash1234	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash1724	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash13333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash54681	Chaos botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash8848	AsyncRAT botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash10443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash21025	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1025	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash7634	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash21025	BlackShades botnet C2 server (confidence level: 50%)
hash9761	BlackShades botnet C2 server (confidence level: 50%)
hash8723	Unknown malware botnet C2 server (confidence level: 50%)
hash902	Unknown malware botnet C2 server (confidence level: 50%)
hash5001	Venom RAT botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash8080	AsyncRAT botnet C2 server (confidence level: 50%)
hash6606	AsyncRAT botnet C2 server (confidence level: 50%)
hash7707	AsyncRAT botnet C2 server (confidence level: 50%)
hash8808	AsyncRAT botnet C2 server (confidence level: 50%)
hash31880	DCRat botnet C2 server (confidence level: 50%)
hash8848	DCRat botnet C2 server (confidence level: 50%)
hash3470	DCRat botnet C2 server (confidence level: 50%)
hash3232	DCRat botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000	Remcos botnet C2 server (confidence level: 100%)
hash2500	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash400	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash32298	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8088	BianLian botnet C2 server (confidence level: 100%)
hash1523	XOR DDoS botnet C2 server (confidence level: 50%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash8080	Meterpreter botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash1430	XOR DDoS botnet C2 server (confidence level: 75%)
hash18188	NjRAT botnet C2 server (confidence level: 75%)
hash9088	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash443	Kimsuky botnet C2 server (confidence level: 50%)
hash4506	Unknown malware botnet C2 server (confidence level: 50%)
hash7777	Unknown malware botnet C2 server (confidence level: 50%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash5002	Venom RAT botnet C2 server (confidence level: 100%)
hash8547	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash8080	ERMAC botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash12182	CapraRAT botnet C2 server (confidence level: 50%)
hash7232	XWorm botnet C2 server (confidence level: 50%)
hash62005	Cobalt Strike botnet C2 server (confidence level: 75%)
hash24529	Mirai botnet C2 server (confidence level: 100%)
hash59999	Mirai botnet C2 server (confidence level: 100%)
hash3771	Mirai botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash9555	Mirai botnet C2 server (confidence level: 100%)
hash1412	Mirai botnet C2 server (confidence level: 100%)
hash3211	Mirai botnet C2 server (confidence level: 100%)
hash41214	Mirai botnet C2 server (confidence level: 100%)
hash12312	Mirai botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash1995	Mirai botnet C2 server (confidence level: 100%)
hash1337	Mirai botnet C2 server (confidence level: 100%)
hash101	Mirai botnet C2 server (confidence level: 100%)
hash25634	Mirai botnet C2 server (confidence level: 100%)
hash26425	Mirai botnet C2 server (confidence level: 100%)
hash44115	Mirai botnet C2 server (confidence level: 100%)
hash9654	Mirai botnet C2 server (confidence level: 100%)
hash2211	Mirai botnet C2 server (confidence level: 100%)
hash7733	Mirai botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash9555	Mirai botnet C2 server (confidence level: 100%)
hash56412	Mirai botnet C2 server (confidence level: 100%)
hash25478	Mirai botnet C2 server (confidence level: 100%)
hash3912	Mirai botnet C2 server (confidence level: 100%)
hash1312	Mirai botnet C2 server (confidence level: 100%)
hash3912	Mirai botnet C2 server (confidence level: 100%)
hash34411	Mirai botnet C2 server (confidence level: 100%)
hash2023	Mirai botnet C2 server (confidence level: 100%)
hash2025	Mirai botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 100%)
hash6666	Mirai botnet C2 server (confidence level: 100%)
hash56412	Mirai botnet C2 server (confidence level: 100%)
hash420	Mirai botnet C2 server (confidence level: 100%)
hash3211	Mirai botnet C2 server (confidence level: 100%)
hash207	Mirai botnet C2 server (confidence level: 100%)
hash23966	Bashlite botnet C2 server (confidence level: 75%)
hash43957	MooBot botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash53	ShadowPad botnet C2 server (confidence level: 90%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash4443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash6666	Cobalt Strike botnet C2 server (confidence level: 50%)
hash32400	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash4443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4321	BlackShades botnet C2 server (confidence level: 50%)
hash8080	FAKEUPDATES payload delivery server (confidence level: 50%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash5555	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash443	Meterpreter botnet C2 server (confidence level: 75%)

Domain

Value	Description	Copy
domainyet-continental.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 75%)
domaincheck.pejel.icu	ClearFake payload delivery domain (confidence level: 100%)
domainladoicese.org	Unknown malware payload delivery domain (confidence level: 100%)
domainkaohej.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincore.kaohej.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainkaohej.info	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincore.kaohej.info	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainkaohej.org	FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincore.kaohej.org	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainreact.socalmediazone.com	Hook botnet C2 domain (confidence level: 100%)
domaino.socalmediazone.com	Hook botnet C2 domain (confidence level: 100%)
domainautodiscover.aa.104-168-101-27.cprapid.com	Bashlite botnet C2 domain (confidence level: 100%)
domainlowwood.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainenvio10-04-25.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 50%)
domainboards-essential.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainearth-schedules.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainsummer-malaysia.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domaintechnical-equally.gl.at.ply.g	DCRat botnet C2 domain (confidence level: 50%)
domainbot.argus-services.xyz	Mirai botnet C2 domain (confidence level: 50%)
domainhiesa-56152.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainfeb-travelers.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domaincheck.pikip.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.carin.icu	ClearFake payload delivery domain (confidence level: 100%)
domaintechnical-equally.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainr-tube.ru	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainacademy.entrepreneurwealthhub.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainhub.unlimitedcashflowevent.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainceo.cowholesaling.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainnewsite.iapmd.org	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domaincpanel.buyjlindustriesonline.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainwebmail.ebuildingsource.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainsubscribe.bigeznola.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domaincustomer.aaddigitalstrategies.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainregular.ptbaconsulting.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domaincheck.pivum.icu	ClearFake payload delivery domain (confidence level: 100%)
domainddwall.duckdns.org	MooBot botnet C2 domain (confidence level: 75%)
domainitunesextractor.com	FAKEUPDATES payload delivery domain (confidence level: 80%)
domainneathealth.beauty	Havoc botnet C2 domain (confidence level: 100%)
domaincheck.juket.icu	ClearFake payload delivery domain (confidence level: 100%)
domaingiven-neither.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainbotnet9.ddns.net	Mirai botnet C2 domain (confidence level: 50%)
domainapi.xiaoyaoruchu.com	Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

Value	Description	Copy
urlhttp://172.82.91.106/p.txt	XOR DDoS payload delivery URL (confidence level: 100%)
urlhttps://dustfurniture.xyz/art.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://pancakebag.xyz/bik.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://auntapproval.icu/apr.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://auntapproval.icu/apri.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://3quilltayle.live/gksi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://196.251.72.215:3000/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://196.251.72.216:3000/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://196.251.87.16/	Hook botnet C2 (confidence level: 50%)
urlhttp://partner-id3695.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://odash.aarkernerse.com/	Unknown RAT payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/nfvynppg	NjRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/00mybwuz	XWorm botnet C2 (confidence level: 50%)
urlhttps://check.pikip.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://a8.xquwjhogz.ru/53lem5c/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://cjgo.qdgekfr.es/4duz/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://yw.vyponky.es/zwre/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mm4c.kmyrtgic.com/ngk03wlh/$sealogistics.ve@slurpmail.net	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hkn.omxdjymjrp.es/da3ycqo0/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://tsd.oqitjjf.es/nongo/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bvmffod.oqitjjf.es/nongo/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://if.wntfxw.es/iboctllz/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bobcroft.me/wp-oistne/index.html	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gardon.blob.core.windows.net/gardon/gardon.html	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://2fqw.ozeubkt.ru/bfakpv/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://x1.qkbnkruvtjo.es/uvq9w4jk/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4d.examzl.es/22jxe9ka/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ttp.mindlooip.ru/fvc68/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4lw.tytprngxckyk.es/red/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://c5r.ykgznx.es/3bkuu985ym8vgeu/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://art.zkmwcsprv.es/iisbetmi/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bhj9j.cgehpee.es/9crzk/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4pl.bzlvvm.es/wpm6/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://8q.azpbc.es/wgfhz9i/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mwp.riywmc.es/m0wvbcga/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://uja5.gpkfnynp.es/gqncds8idt8ti9j/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://v7wd.jbifnidlafjb.es/wqd2hea/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://kya8k-fdm4.hcwniwgrqy.es/rt5c/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://1y.zuxsc.es/dnvci/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://laucc-fdm4.hcwniwgrqy.es/rt5c/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://90.bpahhcicdbw.es/9rgxd7g5st7wqpf/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gtnc.erwelrastoc.ru/kyt5d/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4fu36-cosaction.hcwniwgrqy.es/rt5c/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://fpc8.usktcp.es/fkyj/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://api.us2.500apps.com/mailsend/v1/click/555860/372270/227/651/238?url=https%3a//hugofajardo.com.br/wp-content/bitill/prevents/bill/copper/go/loop/index&t=n#bwf0dghldy5jb2nocmfuqgfncmkub2hpby5nb3y=	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bjq.yclnjj.es/4swhfy2z/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://0eaw.ykgznx.es/3bkuu985ym8vgeu/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://uka.xvypywmiv.es/l1wvb/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://t6y.zdzhwsdskx.es/poavxb/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bz.yyevowobz.es/mucnjv6/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://eb.kyvankvg.es/wdky1/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gd.yvgherre.ru/rpsylky/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://htu.fzpoqs.es/cukg/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://tli.manisnionti.ru/9nge/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ek.kyvankvg.es/wdky1/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ilovecondo.net/redirectpage.aspx?url=https://hyi.ozsicprvvbo.ru/wox/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hyi.ozsicprvvbo.ru/wox/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://fhhp.yclnjj.es/4swhfy2z/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://wl7.htheaded.ru/mwfbcbz/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://s8.ingolothy.ru/xbq3wdj/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://n1.izowddta.es/o97yr9kq/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://nt.maiupr.es/mcy5ppt/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://eastgold.xyxmusr.es/anewa/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mbtrzn.sdcaznbe.es/o06kif/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://plfo.zdzhwsdskx.es/poavxb/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oit.qlhtjv.es/1qbiaha/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mongreta.blob.core.windows.net/mongreta/mongreta.html	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://7xlg.rkqymjx.es/c7r4/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://nvzz.cxprnvhh.es/sguejwf/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oqd.qwivrle.es/jxxf4rdj/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4829482948294829482948294829482948482948.uronfecit.ru/hlnz62kk/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?3mail@slurpmail.net	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://uivd.rzvpovoqysa.es/2ns5x6/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://yiv.stqevw.ru/mx2ovzlqy/%23xwlunders@slurpmail.net	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hp0vrx.utepfqpn.es/kehl/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://rff.rrtussgb.es/eqxhz/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://z9j.hflumi.es/ssxkohf/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://kxi.riywmc.es/m0wvbcga/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://y4.keusxhpgy.es/1jgkofpl/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://incture.xgtfctr.es/uocms/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://1nc.smlyhe.es/t6gxxj4z/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://t445xrxe.bavdaea.es/ppxzv/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://5jp.rbitatiab.ru/jgx71p/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://yv.qhynyhmkhob.es/uwqofq/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bereila.blob.core.windows.net/bereila/bereila.html	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://nnkn.oaczr.es/wclezf/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://6p.ziyzgd.es/hw30u4y6/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ibi4.ueinrrv.es/joqz06s/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ji.qslwif.es/tjor/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oj.elindactori.ru/msg1w31/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://t5.wfuxsnwjnjb.es/activ/$/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oyoa.wcjysnwknbgv.es/taine4k0/%23slee@slurpmail.net	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ndd.ifnqmlwx.es/1pcfpg/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gaj6u.hjywaif.es/kgtkh4o0/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?matt.woodbury@slurpmail.net	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://blog.tytprngxckyk.es/red/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hze.phiachiphe.ru/xqczefkg/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://9rgf.datafforge.ru/xxzeoy/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://assignideate.dsudag.es/eme4si/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://cqne.zuxsc.es/dnvci/$mattf@jfrealestate.com	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://dto.bpdaokygwg.es/70bdkbd4anto6gd/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://axcd.iwwhyw.es/w63ksk/	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hlq.lbhoci.es/f4mmzlxu/	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pstarofliught.top/wozd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://v7salaccgfa.top/gsooz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://3salaccgfa.top/gsooz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dquilltayle.live/gksi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lpiratetwrath.run/ytus	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lquilltayle.live/gksi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wnighetwhisper.top/lekd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.carin.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://kick.us.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://kick.us.com/fwgwng.bat	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://203.245.0.121	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://check.pivum.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.juket.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://117.248.206.180:54905/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://check.letoq.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)

Threat ID: 682c7db3e8347ec82d2a5423

Added to database: 5/20/2025, 1:03:47 PM

Last enriched: 6/19/2025, 3:18:54 PM

Last updated: 8/14/2025, 4:43:42 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-04-20

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-04-20

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Domain

Url

Related Threats

ThreatFox IOCs for 2025-08-18

Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft

Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility