Skip to main content

ThreatFox IOCs for 2025-04-20

Medium
Published: Sun Apr 20 2025 (04/20/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-20

AI-Powered Analysis

AILast updated: 06/19/2025, 15:18:54 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related report titled "ThreatFox IOCs for 2025-04-20," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the 'malware' type and is associated with OSINT (Open Source Intelligence) products, indicating that the information may be derived from publicly available sources or shared for awareness and defensive purposes. The technical details include a threat level rated as 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or reach. However, there are no specific affected versions, CWE identifiers, patch links, or known exploits in the wild associated with this entry. The absence of concrete indicators of compromise (IOCs) such as hashes, IP addresses, or domain names limits the ability to perform detailed technical correlation or detection. The threat is tagged with 'tlp:white,' indicating that the information is intended for public sharing without restrictions. Overall, this entry appears to be a medium-severity malware-related intelligence update with limited technical specifics and no immediate evidence of active exploitation or targeted campaigns.

Potential Impact

Given the limited technical details and lack of known exploits in the wild, the immediate impact on European organizations is likely to be low to medium. However, the presence of malware-related intelligence suggests a potential risk if the threat evolves or if related malware variants emerge targeting systems within Europe. The absence of specific affected products or versions complicates targeted defense strategies. European organizations relying on OSINT feeds or threat intelligence platforms like ThreatFox may benefit from early awareness but should not consider this a direct or imminent threat without further contextual information. Potential impacts could include unauthorized access, data exfiltration, or disruption if the malware were to be weaponized or if related IOCs become active. The medium severity rating implies that while the threat is not critical, organizations should maintain vigilance, especially those in sectors with high exposure to malware threats such as finance, critical infrastructure, and government entities.

Mitigation Recommendations

Integrate ThreatFox and similar OSINT feeds into existing Security Information and Event Management (SIEM) systems to enhance detection capabilities for emerging IOCs. Conduct regular threat hunting exercises focusing on malware behaviors and patterns consistent with medium-level threats, even in the absence of specific IOCs. Maintain up-to-date endpoint protection solutions with heuristic and behavior-based detection to identify novel or unknown malware variants. Implement network segmentation and strict access controls to limit lateral movement should a malware infection occur. Educate security teams on the importance of monitoring OSINT sources and validating threat intelligence before operationalizing it. Establish incident response playbooks that include procedures for handling medium-severity malware threats, emphasizing containment and eradication. Regularly review and update vulnerability management programs to reduce attack surfaces that malware could exploit indirectly.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
88a0cef2-7922-4a3d-af21-6329c8d7252e
Original Timestamp
1745193787

Indicators of Compromise

File

ValueDescriptionCopy
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file147.185.221.27
NjRAT botnet C2 server (confidence level: 75%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.243.7.236
DarkComet botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file3.67.15.169
NjRAT botnet C2 server (confidence level: 75%)
file35.157.111.131
NjRAT botnet C2 server (confidence level: 75%)
file88.214.48.64
Tofsee botnet C2 server (confidence level: 100%)
file88.214.48.65
Tofsee botnet C2 server (confidence level: 100%)
file120.26.139.176
Cobalt Strike botnet C2 server (confidence level: 100%)
file173.212.245.215
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.62.197
Cobalt Strike botnet C2 server (confidence level: 100%)
file62.60.226.114
Remcos botnet C2 server (confidence level: 100%)
file193.168.143.13
Sliver botnet C2 server (confidence level: 100%)
file144.91.103.204
Sliver botnet C2 server (confidence level: 100%)
file91.208.184.195
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.69.26
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.26
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.155
AsyncRAT botnet C2 server (confidence level: 100%)
file2.59.117.173
Hook botnet C2 server (confidence level: 100%)
file83.217.209.65
Hook botnet C2 server (confidence level: 100%)
file118.195.162.44
Quasar RAT botnet C2 server (confidence level: 100%)
file5.161.207.95
Havoc botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file3.69.197.94
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file134.175.89.138
Cobalt Strike botnet C2 server (confidence level: 75%)
file8.213.235.187
Cobalt Strike botnet C2 server (confidence level: 75%)
file88.214.48.66
Tofsee botnet C2 server (confidence level: 100%)
file212.237.218.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.90.83
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.39.79.160
Cobalt Strike botnet C2 server (confidence level: 100%)
file84.247.148.249
Sliver botnet C2 server (confidence level: 90%)
file23.227.167.188
AsyncRAT botnet C2 server (confidence level: 100%)
file47.128.167.206
Hook botnet C2 server (confidence level: 100%)
file171.22.31.46
Hook botnet C2 server (confidence level: 100%)
file196.251.87.16
Hook botnet C2 server (confidence level: 100%)
file45.33.7.49
Unknown malware botnet C2 server (confidence level: 100%)
file51.15.194.103
Unknown malware botnet C2 server (confidence level: 100%)
file36.138.95.31
Unknown malware botnet C2 server (confidence level: 100%)
file192.145.45.61
Unknown malware botnet C2 server (confidence level: 100%)
file65.108.209.233
Unknown malware botnet C2 server (confidence level: 100%)
file38.242.221.155
Unknown malware botnet C2 server (confidence level: 100%)
file192.145.28.124
Unknown malware botnet C2 server (confidence level: 100%)
file52.204.130.225
Unknown malware botnet C2 server (confidence level: 100%)
file52.72.220.219
Unknown malware botnet C2 server (confidence level: 100%)
file101.200.29.152
Unknown malware botnet C2 server (confidence level: 100%)
file47.94.8.20
Unknown malware botnet C2 server (confidence level: 100%)
file51.178.141.34
Unknown malware botnet C2 server (confidence level: 100%)
file1.92.144.199
Unknown malware botnet C2 server (confidence level: 100%)
file52.139.216.69
Unknown malware botnet C2 server (confidence level: 100%)
file165.232.47.88
Unknown malware botnet C2 server (confidence level: 100%)
file157.230.97.17
Unknown malware botnet C2 server (confidence level: 100%)
file3.7.190.114
Unknown malware botnet C2 server (confidence level: 100%)
file174.35.59.229
Unknown malware botnet C2 server (confidence level: 100%)
file111.229.149.224
Unknown malware botnet C2 server (confidence level: 100%)
file118.184.187.174
Chaos botnet C2 server (confidence level: 100%)
file107.150.0.237
Chaos botnet C2 server (confidence level: 100%)
file2.122.168.171
QakBot botnet C2 server (confidence level: 100%)
file154.246.33.169
QakBot botnet C2 server (confidence level: 100%)
file185.39.17.70
AsyncRAT botnet C2 server (confidence level: 75%)
file103.89.137.180
Cobalt Strike botnet C2 server (confidence level: 100%)
file146.19.170.222
Cobalt Strike botnet C2 server (confidence level: 100%)
file2.57.241.52
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.9.146.38
Cobalt Strike botnet C2 server (confidence level: 50%)
file43.133.72.43
Cobalt Strike botnet C2 server (confidence level: 50%)
file124.70.203.28
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.93.135.155
Sliver botnet C2 server (confidence level: 50%)
file43.131.5.83
Sliver botnet C2 server (confidence level: 50%)
file65.38.98.101
Sliver botnet C2 server (confidence level: 50%)
file185.141.216.95
Sliver botnet C2 server (confidence level: 50%)
file138.197.61.237
Sliver botnet C2 server (confidence level: 50%)
file3.123.4.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.123.4.89
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.180.138.77
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.203.75.50
BlackShades botnet C2 server (confidence level: 50%)
file13.245.82.245
BlackShades botnet C2 server (confidence level: 50%)
file13.37.233.32
Unknown malware botnet C2 server (confidence level: 50%)
file3.26.2.255
Unknown malware botnet C2 server (confidence level: 50%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 50%)
file108.141.125.190
Unknown malware botnet C2 server (confidence level: 50%)
file185.94.29.209
AsyncRAT botnet C2 server (confidence level: 50%)
file194.59.30.194
AsyncRAT botnet C2 server (confidence level: 50%)
file194.59.30.194
AsyncRAT botnet C2 server (confidence level: 50%)
file194.59.30.194
AsyncRAT botnet C2 server (confidence level: 50%)
file111.180.190.199
DCRat botnet C2 server (confidence level: 50%)
file111.180.190.199
DCRat botnet C2 server (confidence level: 50%)
file176.65.134.55
DCRat botnet C2 server (confidence level: 50%)
file77.105.161.9
DCRat botnet C2 server (confidence level: 50%)
file107.174.85.153
Cobalt Strike botnet C2 server (confidence level: 100%)
file125.77.172.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file45.230.255.103
Remcos botnet C2 server (confidence level: 100%)
file194.59.31.31
Remcos botnet C2 server (confidence level: 100%)
file137.184.35.179
Unknown malware botnet C2 server (confidence level: 100%)
file163.172.125.253
AsyncRAT botnet C2 server (confidence level: 100%)
file13.250.199.140
Hook botnet C2 server (confidence level: 100%)
file181.162.178.29
Quasar RAT botnet C2 server (confidence level: 100%)
file54.212.58.238
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file162.216.112.124
BianLian botnet C2 server (confidence level: 100%)
file198.2.208.57
XOR DDoS botnet C2 server (confidence level: 50%)
file67.71.45.223
QakBot botnet C2 server (confidence level: 75%)
file176.65.149.155
Meterpreter botnet C2 server (confidence level: 75%)
file107.149.213.17
XOR DDoS botnet C2 server (confidence level: 75%)
file107.149.213.18
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.215
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.216
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.217
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.86.219
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.209
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.210
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.211
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.212
XOR DDoS botnet C2 server (confidence level: 75%)
file137.175.90.213
XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.57
XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.59
XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.60
XOR DDoS botnet C2 server (confidence level: 75%)
file198.2.208.61
XOR DDoS botnet C2 server (confidence level: 75%)
file3.67.62.142
NjRAT botnet C2 server (confidence level: 75%)
file47.93.25.72
Cobalt Strike botnet C2 server (confidence level: 50%)
file107.148.49.212
Sliver botnet C2 server (confidence level: 50%)
file203.245.0.121
Kimsuky botnet C2 server (confidence level: 50%)
file52.18.3.105
Unknown malware botnet C2 server (confidence level: 50%)
file31.25.24.159
Unknown malware botnet C2 server (confidence level: 50%)
file47.109.203.76
Cobalt Strike botnet C2 server (confidence level: 100%)
file116.204.85.234
Cobalt Strike botnet C2 server (confidence level: 100%)
file101.36.122.13
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.150.0.56
AsyncRAT botnet C2 server (confidence level: 100%)
file171.227.30.106
Venom RAT botnet C2 server (confidence level: 100%)
file173.249.198.224
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file156.238.245.37
ERMAC botnet C2 server (confidence level: 100%)
file95.140.156.252
Bashlite botnet C2 server (confidence level: 100%)
file80.241.209.53
CapraRAT botnet C2 server (confidence level: 50%)
file45.88.186.43
XWorm botnet C2 server (confidence level: 50%)
file43.139.50.42
Cobalt Strike botnet C2 server (confidence level: 75%)
file31.58.51.98
Mirai botnet C2 server (confidence level: 100%)
file31.58.51.98
Mirai botnet C2 server (confidence level: 100%)
file51.38.137.114
Mirai botnet C2 server (confidence level: 100%)
file103.178.235.240
Mirai botnet C2 server (confidence level: 100%)
file103.178.235.240
Mirai botnet C2 server (confidence level: 100%)
file104.168.101.27
Mirai botnet C2 server (confidence level: 100%)
file104.168.101.27
Mirai botnet C2 server (confidence level: 100%)
file176.65.137.221
Mirai botnet C2 server (confidence level: 100%)
file176.65.137.221
Mirai botnet C2 server (confidence level: 100%)
file176.65.138.240
Mirai botnet C2 server (confidence level: 100%)
file176.65.140.174
Mirai botnet C2 server (confidence level: 100%)
file176.65.140.174
Mirai botnet C2 server (confidence level: 100%)
file176.65.141.183
Mirai botnet C2 server (confidence level: 100%)
file176.65.142.252
Mirai botnet C2 server (confidence level: 100%)
file176.65.144.193
Mirai botnet C2 server (confidence level: 100%)
file176.65.144.193
Mirai botnet C2 server (confidence level: 100%)
file176.65.144.253
Mirai botnet C2 server (confidence level: 100%)
file185.196.9.222
Mirai botnet C2 server (confidence level: 100%)
file185.196.9.222
Mirai botnet C2 server (confidence level: 100%)
file192.241.146.135
Mirai botnet C2 server (confidence level: 100%)
file192.241.146.135
Mirai botnet C2 server (confidence level: 100%)
file196.251.71.29
Mirai botnet C2 server (confidence level: 100%)
file196.251.71.29
Mirai botnet C2 server (confidence level: 100%)
file196.251.80.200
Mirai botnet C2 server (confidence level: 100%)
file216.9.224.47
Mirai botnet C2 server (confidence level: 100%)
file216.9.224.47
Mirai botnet C2 server (confidence level: 100%)
file213.209.143.24
Mirai botnet C2 server (confidence level: 100%)
file103.77.241.250
Mirai botnet C2 server (confidence level: 100%)
file103.77.241.250
Mirai botnet C2 server (confidence level: 100%)
file89.187.28.82
Mirai botnet C2 server (confidence level: 100%)
file66.63.187.82
Mirai botnet C2 server (confidence level: 100%)
file205.185.125.181
Mirai botnet C2 server (confidence level: 100%)
file205.185.125.181
Mirai botnet C2 server (confidence level: 100%)
file61.7.209.115
Mirai botnet C2 server (confidence level: 100%)
file61.7.209.115
Mirai botnet C2 server (confidence level: 100%)
file45.125.12.175
Bashlite botnet C2 server (confidence level: 75%)
file94.156.115.12
MooBot botnet C2 server (confidence level: 75%)
file120.27.162.47
Cobalt Strike botnet C2 server (confidence level: 100%)
file117.23.59.90
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.140.25.155
Cobalt Strike botnet C2 server (confidence level: 100%)
file36.133.14.65
Cobalt Strike botnet C2 server (confidence level: 100%)
file16.163.161.107
ShadowPad botnet C2 server (confidence level: 90%)
file3.8.78.144
AsyncRAT botnet C2 server (confidence level: 100%)
file109.120.137.57
AsyncRAT botnet C2 server (confidence level: 100%)
file46.201.81.233
Havoc botnet C2 server (confidence level: 100%)
file146.56.51.149
Unknown malware botnet C2 server (confidence level: 100%)
file146.19.170.222
Cobalt Strike botnet C2 server (confidence level: 75%)
file47.97.0.235
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.227.253.91
Cobalt Strike botnet C2 server (confidence level: 50%)
file47.99.169.201
Cobalt Strike botnet C2 server (confidence level: 50%)
file1.94.105.46
Cobalt Strike botnet C2 server (confidence level: 50%)
file84.46.239.239
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file37.13.39.51
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.90.144.239
BlackShades botnet C2 server (confidence level: 50%)
file67.217.228.14
FAKEUPDATES payload delivery server (confidence level: 50%)
file193.26.115.218
AsyncRAT botnet C2 server (confidence level: 100%)
file155.138.241.220
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.115.31
AsyncRAT botnet C2 server (confidence level: 100%)
file88.119.169.53
Unknown malware botnet C2 server (confidence level: 100%)
file45.32.124.13
Quasar RAT botnet C2 server (confidence level: 100%)
file18.176.122.97
Brute Ratel C4 botnet C2 server (confidence level: 100%)
file45.144.50.8
Meterpreter botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash422
Tofsee botnet C2 server (confidence level: 100%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash430
Tofsee botnet C2 server (confidence level: 100%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash419
Tofsee botnet C2 server (confidence level: 100%)
hash428
Tofsee botnet C2 server (confidence level: 100%)
hash420
Tofsee botnet C2 server (confidence level: 100%)
hash430
Tofsee botnet C2 server (confidence level: 100%)
hash47881
NjRAT botnet C2 server (confidence level: 75%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash431
Tofsee botnet C2 server (confidence level: 100%)
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash427
Tofsee botnet C2 server (confidence level: 100%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash427
Tofsee botnet C2 server (confidence level: 100%)
hash422
Tofsee botnet C2 server (confidence level: 100%)
hash421
Tofsee botnet C2 server (confidence level: 100%)
hash422
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hashdee2ecb51fbfa2f1de9dbe9a7524da12
Unknown malware payload (confidence level: 50%)
hashbcd51ee1df396f07af0b0a345a6dbaf4
Unknown malware payload (confidence level: 50%)
hash935d7db2557d62a55a23b6020d42351c
Unknown malware payload (confidence level: 50%)
hashb5e1521ea5ffa2d5ec13cef61ffe363d
Unknown malware payload (confidence level: 50%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash423
Tofsee botnet C2 server (confidence level: 100%)
hash421
Tofsee botnet C2 server (confidence level: 100%)
hash1604
DarkComet botnet C2 server (confidence level: 100%)
hash425
Tofsee botnet C2 server (confidence level: 100%)
hash424
Tofsee botnet C2 server (confidence level: 100%)
hash426
Tofsee botnet C2 server (confidence level: 100%)
hash419
Tofsee botnet C2 server (confidence level: 100%)
hash429
Tofsee botnet C2 server (confidence level: 100%)
hash429
Tofsee botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash429
Tofsee botnet C2 server (confidence level: 100%)
hash417
Tofsee botnet C2 server (confidence level: 100%)
hash13573
NjRAT botnet C2 server (confidence level: 75%)
hash13573
NjRAT botnet C2 server (confidence level: 75%)
hash416
Tofsee botnet C2 server (confidence level: 100%)
hash418
Tofsee botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash40103
Remcos botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 100%)
hash7412
Unknown malware botnet C2 server (confidence level: 100%)
hash888
AsyncRAT botnet C2 server (confidence level: 100%)
hash2222
AsyncRAT botnet C2 server (confidence level: 100%)
hash8443
AsyncRAT botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash443
Quasar RAT botnet C2 server (confidence level: 100%)
hash8080
Havoc botnet C2 server (confidence level: 100%)
hash9999
Venom RAT botnet C2 server (confidence level: 100%)
hash44818
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash10443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash427
Tofsee botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443
Sliver botnet C2 server (confidence level: 90%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash1234
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash1724
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash13333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash54681
Chaos botnet C2 server (confidence level: 100%)
hash8080
Chaos botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash443
QakBot botnet C2 server (confidence level: 100%)
hash8848
AsyncRAT botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash80
Cobalt Strike botnet C2 server (confidence level: 50%)
hash10443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash21025
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1025
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash7634
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash21025
BlackShades botnet C2 server (confidence level: 50%)
hash9761
BlackShades botnet C2 server (confidence level: 50%)
hash8723
Unknown malware botnet C2 server (confidence level: 50%)
hash902
Unknown malware botnet C2 server (confidence level: 50%)
hash5001
Venom RAT botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash8080
AsyncRAT botnet C2 server (confidence level: 50%)
hash6606
AsyncRAT botnet C2 server (confidence level: 50%)
hash7707
AsyncRAT botnet C2 server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 50%)
hash31880
DCRat botnet C2 server (confidence level: 50%)
hash8848
DCRat botnet C2 server (confidence level: 50%)
hash3470
DCRat botnet C2 server (confidence level: 50%)
hash3232
DCRat botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Remcos botnet C2 server (confidence level: 100%)
hash2500
Remcos botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash400
AsyncRAT botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8080
Quasar RAT botnet C2 server (confidence level: 100%)
hash32298
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8088
BianLian botnet C2 server (confidence level: 100%)
hash1523
XOR DDoS botnet C2 server (confidence level: 50%)
hash2222
QakBot botnet C2 server (confidence level: 75%)
hash8080
Meterpreter botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash1430
XOR DDoS botnet C2 server (confidence level: 75%)
hash18188
NjRAT botnet C2 server (confidence level: 75%)
hash9088
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash443
Kimsuky botnet C2 server (confidence level: 50%)
hash4506
Unknown malware botnet C2 server (confidence level: 50%)
hash7777
Unknown malware botnet C2 server (confidence level: 50%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash5002
Venom RAT botnet C2 server (confidence level: 100%)
hash8547
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash8080
ERMAC botnet C2 server (confidence level: 100%)
hash80
Bashlite botnet C2 server (confidence level: 100%)
hash12182
CapraRAT botnet C2 server (confidence level: 50%)
hash7232
XWorm botnet C2 server (confidence level: 50%)
hash62005
Cobalt Strike botnet C2 server (confidence level: 75%)
hash24529
Mirai botnet C2 server (confidence level: 100%)
hash59999
Mirai botnet C2 server (confidence level: 100%)
hash3771
Mirai botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash9555
Mirai botnet C2 server (confidence level: 100%)
hash1412
Mirai botnet C2 server (confidence level: 100%)
hash3211
Mirai botnet C2 server (confidence level: 100%)
hash41214
Mirai botnet C2 server (confidence level: 100%)
hash12312
Mirai botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash1995
Mirai botnet C2 server (confidence level: 100%)
hash1337
Mirai botnet C2 server (confidence level: 100%)
hash101
Mirai botnet C2 server (confidence level: 100%)
hash25634
Mirai botnet C2 server (confidence level: 100%)
hash26425
Mirai botnet C2 server (confidence level: 100%)
hash44115
Mirai botnet C2 server (confidence level: 100%)
hash9654
Mirai botnet C2 server (confidence level: 100%)
hash2211
Mirai botnet C2 server (confidence level: 100%)
hash7733
Mirai botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash9555
Mirai botnet C2 server (confidence level: 100%)
hash56412
Mirai botnet C2 server (confidence level: 100%)
hash25478
Mirai botnet C2 server (confidence level: 100%)
hash3912
Mirai botnet C2 server (confidence level: 100%)
hash1312
Mirai botnet C2 server (confidence level: 100%)
hash3912
Mirai botnet C2 server (confidence level: 100%)
hash34411
Mirai botnet C2 server (confidence level: 100%)
hash2023
Mirai botnet C2 server (confidence level: 100%)
hash2025
Mirai botnet C2 server (confidence level: 100%)
hash3778
Mirai botnet C2 server (confidence level: 100%)
hash6666
Mirai botnet C2 server (confidence level: 100%)
hash56412
Mirai botnet C2 server (confidence level: 100%)
hash420
Mirai botnet C2 server (confidence level: 100%)
hash3211
Mirai botnet C2 server (confidence level: 100%)
hash207
Mirai botnet C2 server (confidence level: 100%)
hash23966
Bashlite botnet C2 server (confidence level: 75%)
hash43957
MooBot botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090
Cobalt Strike botnet C2 server (confidence level: 100%)
hash53
ShadowPad botnet C2 server (confidence level: 90%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Cobalt Strike botnet C2 server (confidence level: 75%)
hash6666
Cobalt Strike botnet C2 server (confidence level: 50%)
hash32400
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050
Cobalt Strike botnet C2 server (confidence level: 50%)
hash4443
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash6001
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4321
BlackShades botnet C2 server (confidence level: 50%)
hash8080
FAKEUPDATES payload delivery server (confidence level: 50%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash8888
AsyncRAT botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4782
Quasar RAT botnet C2 server (confidence level: 100%)
hash80
Brute Ratel C4 botnet C2 server (confidence level: 100%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)

Domain

ValueDescriptionCopy
domainyet-continental.gl.at.ply.gg
NjRAT botnet C2 domain (confidence level: 75%)
domaincheck.pejel.icu
ClearFake payload delivery domain (confidence level: 100%)
domainladoicese.org
Unknown malware payload delivery domain (confidence level: 100%)
domainkaohej.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincore.kaohej.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainkaohej.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincore.kaohej.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainkaohej.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaincore.kaohej.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainreact.socalmediazone.com
Hook botnet C2 domain (confidence level: 100%)
domaino.socalmediazone.com
Hook botnet C2 domain (confidence level: 100%)
domainautodiscover.aa.104-168-101-27.cprapid.com
Bashlite botnet C2 domain (confidence level: 100%)
domainlowwood.xyz
Unknown Loader botnet C2 domain (confidence level: 100%)
domainenvio10-04-25.duckdns.org
AsyncRAT botnet C2 domain (confidence level: 50%)
domainboards-essential.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainearth-schedules.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainsummer-malaysia.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domaintechnical-equally.gl.at.ply.g
DCRat botnet C2 domain (confidence level: 50%)
domainbot.argus-services.xyz
Mirai botnet C2 domain (confidence level: 50%)
domainhiesa-56152.portmap.host
XWorm botnet C2 domain (confidence level: 50%)
domainfeb-travelers.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domaincheck.pikip.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincheck.carin.icu
ClearFake payload delivery domain (confidence level: 100%)
domaintechnical-equally.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainr-tube.ru
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainacademy.entrepreneurwealthhub.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainhub.unlimitedcashflowevent.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainceo.cowholesaling.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainnewsite.iapmd.org
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domaincpanel.buyjlindustriesonline.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainwebmail.ebuildingsource.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainsubscribe.bigeznola.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domaincustomer.aaddigitalstrategies.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainregular.ptbaconsulting.com
FAKEUPDATES botnet C2 domain (confidence level: 50%)
domaincheck.pivum.icu
ClearFake payload delivery domain (confidence level: 100%)
domainddwall.duckdns.org
MooBot botnet C2 domain (confidence level: 75%)
domainitunesextractor.com
FAKEUPDATES payload delivery domain (confidence level: 80%)
domainneathealth.beauty
Havoc botnet C2 domain (confidence level: 100%)
domaincheck.juket.icu
ClearFake payload delivery domain (confidence level: 100%)
domaingiven-neither.gl.at.ply.gg
DCRat botnet C2 domain (confidence level: 50%)
domainbotnet9.ddns.net
Mirai botnet C2 domain (confidence level: 50%)
domainapi.xiaoyaoruchu.com
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://172.82.91.106/p.txt
XOR DDoS payload delivery URL (confidence level: 100%)
urlhttps://dustfurniture.xyz/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://pancakebag.xyz/bik.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://auntapproval.icu/apr.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://auntapproval.icu/apri.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://3quilltayle.live/gksi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://196.251.72.215:3000/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://196.251.72.216:3000/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://196.251.87.16/
Hook botnet C2 (confidence level: 50%)
urlhttp://partner-id3695.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://odash.aarkernerse.com/
Unknown RAT payload delivery URL (confidence level: 50%)
urlhttps://pastebin.com/raw/nfvynppg
NjRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/00mybwuz
XWorm botnet C2 (confidence level: 50%)
urlhttps://check.pikip.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://a8.xquwjhogz.ru/53lem5c/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://cjgo.qdgekfr.es/4duz/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://yw.vyponky.es/zwre/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mm4c.kmyrtgic.com/ngk03wlh/$sealogistics.ve@slurpmail.net
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hkn.omxdjymjrp.es/da3ycqo0/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://tsd.oqitjjf.es/nongo/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bvmffod.oqitjjf.es/nongo/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://if.wntfxw.es/iboctllz/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bobcroft.me/wp-oistne/index.html
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gardon.blob.core.windows.net/gardon/gardon.html
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://2fqw.ozeubkt.ru/bfakpv/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://x1.qkbnkruvtjo.es/uvq9w4jk/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4d.examzl.es/22jxe9ka/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ttp.mindlooip.ru/fvc68/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4lw.tytprngxckyk.es/red/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://c5r.ykgznx.es/3bkuu985ym8vgeu/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://art.zkmwcsprv.es/iisbetmi/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bhj9j.cgehpee.es/9crzk/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4pl.bzlvvm.es/wpm6/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://8q.azpbc.es/wgfhz9i/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mwp.riywmc.es/m0wvbcga/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://uja5.gpkfnynp.es/gqncds8idt8ti9j/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://v7wd.jbifnidlafjb.es/wqd2hea/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://kya8k-fdm4.hcwniwgrqy.es/rt5c/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://1y.zuxsc.es/dnvci/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://laucc-fdm4.hcwniwgrqy.es/rt5c/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://90.bpahhcicdbw.es/9rgxd7g5st7wqpf/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gtnc.erwelrastoc.ru/kyt5d/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4fu36-cosaction.hcwniwgrqy.es/rt5c/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://fpc8.usktcp.es/fkyj/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://api.us2.500apps.com/mailsend/v1/click/555860/372270/227/651/238?url=https%3a//hugofajardo.com.br/wp-content/bitill/prevents/bill/copper/go/loop/index&t=n#bwf0dghldy5jb2nocmfuqgfncmkub2hpby5nb3y=
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bjq.yclnjj.es/4swhfy2z/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://0eaw.ykgznx.es/3bkuu985ym8vgeu/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://uka.xvypywmiv.es/l1wvb/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://t6y.zdzhwsdskx.es/poavxb/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bz.yyevowobz.es/mucnjv6/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://eb.kyvankvg.es/wdky1/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gd.yvgherre.ru/rpsylky/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://htu.fzpoqs.es/cukg/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://tli.manisnionti.ru/9nge/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ek.kyvankvg.es/wdky1/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ilovecondo.net/redirectpage.aspx?url=https://hyi.ozsicprvvbo.ru/wox/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hyi.ozsicprvvbo.ru/wox/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://fhhp.yclnjj.es/4swhfy2z/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://wl7.htheaded.ru/mwfbcbz/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://s8.ingolothy.ru/xbq3wdj/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://n1.izowddta.es/o97yr9kq/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://nt.maiupr.es/mcy5ppt/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://eastgold.xyxmusr.es/anewa/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mbtrzn.sdcaznbe.es/o06kif/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://plfo.zdzhwsdskx.es/poavxb/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oit.qlhtjv.es/1qbiaha/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://mongreta.blob.core.windows.net/mongreta/mongreta.html
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://7xlg.rkqymjx.es/c7r4/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://nvzz.cxprnvhh.es/sguejwf/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oqd.qwivrle.es/jxxf4rdj/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://4829482948294829482948294829482948482948.uronfecit.ru/hlnz62kk/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?3mail@slurpmail.net
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://uivd.rzvpovoqysa.es/2ns5x6/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://yiv.stqevw.ru/mx2ovzlqy/%23xwlunders@slurpmail.net
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hp0vrx.utepfqpn.es/kehl/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://rff.rrtussgb.es/eqxhz/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://z9j.hflumi.es/ssxkohf/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://kxi.riywmc.es/m0wvbcga/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://y4.keusxhpgy.es/1jgkofpl/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://incture.xgtfctr.es/uocms/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://1nc.smlyhe.es/t6gxxj4z/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://t445xrxe.bavdaea.es/ppxzv/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://5jp.rbitatiab.ru/jgx71p/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://yv.qhynyhmkhob.es/uwqofq/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://bereila.blob.core.windows.net/bereila/bereila.html
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://nnkn.oaczr.es/wclezf/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://6p.ziyzgd.es/hw30u4y6/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ibi4.ueinrrv.es/joqz06s/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ji.qslwif.es/tjor/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oj.elindactori.ru/msg1w31/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://t5.wfuxsnwjnjb.es/activ/$/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://oyoa.wcjysnwknbgv.es/taine4k0/%23slee@slurpmail.net
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://ndd.ifnqmlwx.es/1pcfpg/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gaj6u.hjywaif.es/kgtkh4o0/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://pub-4cb2d2ab6eaf43e8bf67c734cdf12e01.r2.dev/indexx.html?matt.woodbury@slurpmail.net
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://blog.tytprngxckyk.es/red/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hze.phiachiphe.ru/xqczefkg/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://9rgf.datafforge.ru/xxzeoy/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://assignideate.dsudag.es/eme4si/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://cqne.zuxsc.es/dnvci/$mattf@jfrealestate.com
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://dto.bpdaokygwg.es/70bdkbd4anto6gd/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://axcd.iwwhyw.es/w63ksk/
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://hlq.lbhoci.es/f4mmzlxu/
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://pstarofliught.top/wozd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://v7salaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://3salaccgfa.top/gsooz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dquilltayle.live/gksi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lpiratetwrath.run/ytus
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lquilltayle.live/gksi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wnighetwhisper.top/lekd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.carin.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://kick.us.com/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://kick.us.com/fwgwng.bat
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://203.245.0.121
Kimsuky botnet C2 (confidence level: 50%)
urlhttps://check.pivum.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.juket.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)
urlhttp://117.248.206.180:54905/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://check.letoq.icu/gkcxv.google
ClearFake payload delivery URL (confidence level: 100%)

Threat ID: 682c7db3e8347ec82d2a5423

Added to database: 5/20/2025, 1:03:47 PM

Last enriched: 6/19/2025, 3:18:54 PM

Last updated: 8/14/2025, 4:43:42 PM

Views: 31

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats