Skip to main content

ThreatFox IOCs for 2025-04-24

Medium
Published: Thu Apr 24 2025 (04/24/2025, 00:00:00 UTC)
Source: MISP

Description

ThreatFox IOCs for 2025-04-24

AI-Powered Analysis

AILast updated: 07/03/2025, 06:55:34 UTC

Technical Analysis

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-04-24 by ThreatFox, sourced from MISP (Malware Information Sharing Platform). The data is categorized as OSINT (Open Source Intelligence) with a TLP (Traffic Light Protocol) designation of white, indicating it is publicly shareable. However, the threat type is marked as 'unknown,' and no specific affected software versions, vulnerabilities, or attack vectors are detailed. There are no associated CWEs (Common Weakness Enumerations), no patch links, and no known exploits in the wild. The technical details provide minimal insight: a threat level of 2 (on an unspecified scale), analysis rating of 1, and distribution rating of 3, which may imply moderate distribution but low confidence or impact. The absence of concrete indicators or technical specifics suggests this entry is a placeholder or a preliminary report of potential threat intelligence without actionable details. Consequently, it is not possible to provide a detailed technical explanation of the threat mechanisms, attack vectors, or exploitation techniques based on the available data.

Potential Impact

Given the lack of detailed technical information, specific affected systems, or known exploits, the potential impact on European organizations cannot be precisely assessed. The medium severity rating and moderate distribution hint at some level of concern, but without concrete indicators or affected products, the risk remains theoretical. European organizations should remain vigilant, as the presence of IOCs in OSINT repositories can signal emerging threats or reconnaissance activities. However, no immediate or direct impact can be inferred from the current information.

Mitigation Recommendations

In the absence of specific threat details, European organizations should focus on general best practices for threat intelligence consumption and incident response: 1) Integrate OSINT feeds such as ThreatFox into existing Security Information and Event Management (SIEM) systems to monitor for any matching indicators once they become available. 2) Maintain up-to-date asset inventories to quickly identify if any future IOCs correspond to internal systems. 3) Ensure robust network segmentation and least privilege access controls to limit potential lateral movement if a threat materializes. 4) Conduct regular threat hunting exercises using updated IOC feeds to detect early signs of compromise. 5) Establish clear communication channels with national Computer Security Incident Response Teams (CSIRTs) to receive timely alerts and guidance. These steps go beyond generic advice by emphasizing proactive intelligence integration and organizational preparedness in the face of incomplete threat data.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3

Indicators of Compromise

Hash

ValueDescriptionCopy
hashe7444b62dcb531132353d3d769f2963e70d146583a3ec94765fee140a4bc11a9
Unknown malware payload (confidence level: 75%)
hash37402bbc031a233108bd09776b6143bc3476805557560bb0a61bac966d4b4118
Unknown malware payload (confidence level: 50%)
hash24be50c52e97d3a197f9215f390160f3be24cb6325c4f3dd3aed28e93181fc52
Unknown malware payload (confidence level: 100%)
hashd4b09937bd7dbbd61dc84051a9b96f2c3e3bc10a711473fabc04d460a6f1e5b7
Unknown malware payload (confidence level: 25%)
hash7fd4dfb52087b38b35b9728714d903c23e7645737607dd6a4ba44bab99aabb9e
Unknown malware payload (confidence level: 75%)
hashc49757ac008b2f3e58b76da2a1812e26ef601a809c2622efb353c4fc92e39449
Unknown malware payload (confidence level: 75%)
hashc5f79bf3a4d68a78dba47934ca6ba12d646d3aa2f45699e3ccd6525726b5803a
Unknown malware payload (confidence level: 75%)
hashf97280d7fd9ad4077469d8ea85c389af3f57bd79a1c4a6f8cdb4b16bbbc0b270
Unknown malware payload (confidence level: 50%)
hash088cf60b3630da9d0b4fa437bfa7b8c6f589262ccfd025dc229be818709dfada
Unknown malware payload (confidence level: 75%)
hash2f16aaee07be96aadaad389ef9fd1f7c3b41352ddafc3ddd4396b1a065e6e5c7
Unknown malware payload (confidence level: 50%)
hashafa620a74f7689af08e95b979f763260d327e8dd99822e983169d2ce7358e9ae
Unknown malware payload (confidence level: 75%)
hash7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02
Unknown malware payload (confidence level: 75%)
hash93d38e4cadaba09d904c7aae90763e8ae3ae76a10a81ee331a365d78b7b123bf
Unknown malware payload (confidence level: 75%)
hash07394ab960ab570348b01cd338fab5c62e19bb3e7b1c7e1fc8d54b4980ad4196
Unknown malware payload (confidence level: 75%)
hash26419c804866d6dc84519a441cf24d6e6aec0873baded47b53435c23b3988a8c
Unknown malware payload (confidence level: 50%)
hash580e5ed7a6adb244400c5e103ec30808845b08fac5390f1306aace0505c1d56b
Unknown malware payload (confidence level: 75%)
hashc3ace44f55bc551c095b0a87b7fd6f36b879c7d1b4884a27dfd742e3246710e8
Unknown malware payload (confidence level: 25%)
hash1478f3c7bd18975c28b416594ebf0d0f512664cbdd36fa3e6a5a0e52efc06d49
Unknown malware payload (confidence level: 75%)
hash9f853270989312dc74fd62d9dbfe7a443d8c2204753bf9133b08c1df88db0844
Unknown malware payload (confidence level: 100%)
hashba41d3e87ee762faabcb29295688b73b3c4b600e4b8f58f2b5c65f3870a82d2d
Unknown malware payload (confidence level: 75%)
hash3a22118865632de462bb62ae039f12e731cb4994ad73a2d7cb183c91c41e5f99
Unknown malware payload (confidence level: 75%)
hash5c039bb6b4a517caf6d518138c23749b97504b89bb1afc1235237a105491ccd9
Unknown malware payload (confidence level: 75%)
hash9a7c0adedc4c68760e49274700218507
Unknown malware payload (confidence level: 50%)
hash76a487a46cfeb94eb5a6290ceffabb923c35befe71a1a3b7b7d67341a40bc454
Mirai payload (confidence level: 100%)
hash75d031e8faaf3aa0e9cafd5ef0fd7de1a2a80aaa245a9e92bae6433a17f48385
Mirai payload (confidence level: 100%)
hashfbdd5cba193a5e097cd12694efe14a15eb0fc059623f82da6c0bf99cbcfa22f8
Mirai payload (confidence level: 100%)
hash0dde88e9e5a0670e19c3b3e864de1b6319aaf92989739602e55b494b09873fbe
Mirai payload (confidence level: 100%)
hash15c9d7a63fa419305d7f2710b63f71cc38178973c0ccf6d437ce8b6feeca4ee1
Mirai payload (confidence level: 100%)
hash427399864232c6c099f183704b23bff241c7e0de642e9eec66cc56890e8a6304
Mirai payload (confidence level: 100%)
hash4f0ba25183ecb79a0721037a0ff9452fa8c19448f82943deca01b36555f2cc99
Mirai payload (confidence level: 100%)
hashc0abb19b3a72bd2785e8b567e82300423da672a463eefdeda6dd60872ff0e072
Mirai payload (confidence level: 100%)
hashdae8dae748be54ba0d5785ab27b1fdf42b7e66c48ab19177d4981bcc032cfb1c
Mirai payload (confidence level: 100%)
hash9f098920613bd0390d6485936256a67ae310b633124cfbf503936904e69a81bf
Mirai payload (confidence level: 100%)
hashe547306d6dee4b5b2b6ce3e989b9713a5c21ebe3fefa0f5c1a1ea37cec37e20f
Mirai payload (confidence level: 100%)
hashb910e77ee686d7d6769fab8cb8f9b17a4609c4e164bb4ed80d9717d9ddad364f
Mirai payload (confidence level: 100%)
hash44a526f20c592fd95b4f7d61974c6f87701e33776b68a5d0b44ccd2fa3f48c5d
Mirai payload (confidence level: 100%)
hashefb0153047b08aa1876e1e4e97a082f6cb05af75479e1e9069b77d98473a11f4
Mirai payload (confidence level: 100%)
hash9a9b5bdeb1f23736ceffba623c8950d627a791a0b40c4d44ae2f80e02a43955d
Mirai payload (confidence level: 100%)
hash5dc90cbb0f69f283ccf52a2a79b3dfe94ee8b3474cf6474cfcbe9f66f245a55d
Mirai payload (confidence level: 100%)
hashb68e2d852ad157fc01da34e11aa24a5ab30845b706d7827b8119a3e648ce2cf1
Mirai payload (confidence level: 100%)
hash9e660ce74e1bdb0a75293758200b03efd5f807e7896665addb684e0ffb53afd2
Mirai payload (confidence level: 100%)
hashec9e77f1185f644462305184cf8afcf5d12c7eb524a2d3f4090a658a198c20ce
Mirai payload (confidence level: 100%)
hash114b460012412411363c9a3ab0246e48a584ce86fc6c0b7855495ec531dd05a1
Mirai payload (confidence level: 100%)
hash1697fd5230f7f09a7b43fee1a1693013ed98beeb7a182cd3f0393d93dd1b7576
Mirai payload (confidence level: 100%)

Domain

ValueDescriptionCopy
domainvyzap.icu
ClearFake payload delivery domain (confidence level: 100%)
domainvickmarine.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaintc1.easingaffix.site
ClearFake payload delivery domain (confidence level: 100%)
domainmrdltd.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainiguanadx.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintycok.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindealmakerwealthsociety.com
FAKEUPDATES payload delivery domain (confidence level: 90%)
domainid.webaudiomessages.xyz
Unknown Loader payload delivery domain (confidence level: 100%)
domainmansionsnowy.click
Unknown Loader payload delivery domain (confidence level: 100%)
domainoutlook.webaudiomessages.xyz
Unknown Loader payload delivery domain (confidence level: 100%)
domainairbluefootgear.com
FAKEUPDATES payload delivery domain (confidence level: 90%)
domainfastylamberta.click
Unknown Loader payload delivery domain (confidence level: 100%)
domainreact.webaudiomessages.xyz
Unknown Loader payload delivery domain (confidence level: 100%)
domainwalkinsonbeer.click
Unknown Loader payload delivery domain (confidence level: 100%)
domainlorda.hopto.org
Mirai botnet C2 domain (confidence level: 100%)
domaineicp.byxwgimpbwiskniw.info
Mirai botnet C2 domain (confidence level: 100%)
domaingeographys.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintropiscbs.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincartograhphy.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbiosphxere.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintopographky.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainvigorbridgoe.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsso.zalopay.site
Unknown malware botnet C2 domain (confidence level: 100%)
domainportal.zalopay.site
Unknown malware botnet C2 domain (confidence level: 100%)
domainpepuq.icu
ClearFake payload delivery domain (confidence level: 100%)
domainginoz.icu
ClearFake payload delivery domain (confidence level: 100%)
domainrocyg.icu
ClearFake payload delivery domain (confidence level: 100%)
domaingubuj.icu
ClearFake payload delivery domain (confidence level: 100%)
domainjahoc.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincdn-credit-d814.101archstreet.workers.dev
Cobalt Strike botnet C2 domain (confidence level: 75%)
domaingutom.icu
ClearFake payload delivery domain (confidence level: 100%)
domaincuxer.icu
ClearFake payload delivery domain (confidence level: 100%)
domainpiver.icu
ClearFake payload delivery domain (confidence level: 100%)
domainecs-116-205-242-143.compute.hwclouds-dns.com
Cobalt Strike botnet C2 domain (confidence level: 100%)
domainfallenminer.com
Unknown malware botnet C2 domain (confidence level: 100%)
domainlogin.zalopay.site
Unknown malware botnet C2 domain (confidence level: 100%)
domainaccount.zalopay.site
Unknown malware botnet C2 domain (confidence level: 100%)
domainndgadfqwywqe.pages.dev
ClearFake payload delivery domain (confidence level: 100%)
domainjjiiiiiiiiijjjj.pages.dev
ClearFake payload delivery domain (confidence level: 100%)
domainflamencobeents.click
Unknown Loader payload delivery domain (confidence level: 100%)
domainkoonenmagaziner.click
Unknown Loader payload delivery domain (confidence level: 100%)
domaingutenortherad.click
Unknown Loader payload delivery domain (confidence level: 100%)
domaincdn-app-server.vewojo9572.workers.dev
SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainhobir.icu
ClearFake payload delivery domain (confidence level: 100%)
domainhylur.icu
ClearFake payload delivery domain (confidence level: 100%)
domainhamditebz-51107.portmap.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainsewektrip.shop
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwindows.ddnsguru.com
Unknown malware botnet C2 domain (confidence level: 50%)
domaingyner.icu
ClearFake payload delivery domain (confidence level: 100%)
domaintazaz.icu
ClearFake payload delivery domain (confidence level: 100%)
domain185-38-142-128.cprapid.com
Remcos botnet C2 domain (confidence level: 100%)
domainnationwidedirectlender.org
Hook botnet C2 domain (confidence level: 100%)
domainwoodpeckersd.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwolverineas.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfyquc.icu
ClearFake payload delivery domain (confidence level: 100%)
domaintimov.icu
ClearFake payload delivery domain (confidence level: 100%)
domainqwlpert.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainlupuj.icu
ClearFake payload delivery domain (confidence level: 100%)
domainpypim.icu
ClearFake payload delivery domain (confidence level: 100%)
domaindvrhelper.anondns.net
Mirai botnet C2 domain (confidence level: 100%)
domaintechsupport.anondns.net
Mirai botnet C2 domain (confidence level: 100%)
domainrustbot.anondns.net
Mirai botnet C2 domain (confidence level: 100%)
domainmiraisucks.anondns.net
Mirai botnet C2 domain (confidence level: 100%)
domainu1.putdownpopcorn.digital
ClearFake payload delivery domain (confidence level: 100%)
domainvekeq.icu
ClearFake payload delivery domain (confidence level: 100%)
domainui.chnaiuincom.cfd
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainusd1g6.cyou
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainpybal.icu
ClearFake payload delivery domain (confidence level: 100%)
domainpromo.kimmwhite.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainbyqaj.press
ClearFake payload delivery domain (confidence level: 100%)
domainqegyx.press
ClearFake payload delivery domain (confidence level: 100%)
domainhikig.press
ClearFake payload delivery domain (confidence level: 100%)
domainbobab.press
ClearFake payload delivery domain (confidence level: 100%)
domainpenev.press
ClearFake payload delivery domain (confidence level: 100%)
domaincogov.press
ClearFake payload delivery domain (confidence level: 100%)
domainvezof.press
ClearFake payload delivery domain (confidence level: 100%)
domainns.aqjcjss.top
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainjsmakert.shop
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwww.ambiopharmconsultingltd.com
Remcos botnet C2 domain (confidence level: 100%)
domainwww.ugconsultanceltd.com
Remcos botnet C2 domain (confidence level: 100%)
domainbadnesspandemic.shop
ACR Stealer botnet C2 domain (confidence level: 100%)
domainrcraftstipaddrsrv17.duckdns.org
XWorm botnet C2 domain (confidence level: 100%)
domainssh.setuap1.sbs
Unknown malware botnet C2 domain (confidence level: 100%)
domainu1.spottyscary.top
ClearFake botnet C2 domain (confidence level: 100%)
domainharmonyos.life
Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://bpchangeaie.top/geps
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://vickmarine.com/3w1s.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://mrdltd.com/5q2g.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://atrandu.lt/wp-content/plugins/wp-automatic/pwlbdv.php?gdqg=q32e
Latrodectus payload delivery URL (confidence level: 95%)
urlhttps://crushingthehairbiz.com/wp-content/plugins/wp-automatic/dwyrnb.php?dpf=1kw5q
Latrodectus payload delivery URL (confidence level: 95%)
urlhttps://emblemat.com/moszna/wp-content/plugins/resads/mfls.php?id=z3m8addgydqo8tnqiyri
Latrodectus payload delivery URL (confidence level: 95%)
urlhttps://www.wearerescue.com/wp-login.php?redirect_to=https%3a%2f%2fwww.wearerescue.com%2fwp-content%2fplugins%2fresads%2fmfls.php%3fid%3dqwspuwlh23twhnr6fmpi&bp-auth=1&action=bpnoaccess
Latrodectus payload delivery URL (confidence level: 95%)
urlhttps://setecores.com.br/wp-content/plugins/resads/mfls.php?id=z8gvgx523ii0amyem9qw
Latrodectus payload delivery URL (confidence level: 95%)
urlhttp://twizt.net
Unknown malware botnet C2 (confidence level: 50%)
urlhttps://3piratetwrath.run/ytus
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://gluerrs.com/init1234
Unknown RAT botnet C2 (confidence level: 100%)
urlhttp://grodis.cc/init1234
Unknown RAT botnet C2 (confidence level: 100%)
urlhttp://kloders.com/init1234
Unknown RAT botnet C2 (confidence level: 100%)
urlhttps://v98acd.ssafileaccess.ru/
Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://38.60.199.31:5000/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://renkpin.net/zdblmtc4yzkwodk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://lospallos25.com/zdblmtc4yzkwodk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://sinagogdahaham1453.com/zdblmtc4yzkwodk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://santorinotornado5.com/zdblmtc4yzkwodk2/
Coper botnet C2 (confidence level: 80%)
urlhttps://hahohahohoahoa.com/zdblmtc4yzkwodk2/
Coper botnet C2 (confidence level: 80%)
urlhttp://94.158.247.5:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttp://152.36.128.18/cgi-bin/p.cgi?r=72&i=13i915o3fg6i2h12
Prometei botnet C2 (confidence level: 100%)
urlhttp://152.36.128.18/cgi-bin/p.cgi?add=aw5mbyb7dqp2nc4wmlzfvw5pedy0dqp1ynvudhuymja0lwftzdy0ltiwmjuwmza3lwvultancg0kmxggqu1eievqwumguhjvy2vzc29ydqoymdexmdcyigtcdqprru1vdqptdgfuzgfyzcbqqybfatq0mezyicsgueljwcwgmtk5nl8ncg0kdqpvynvudhugmjiumdquncbmvfmgjiaymi4wnc40iexuuyaosmftbxkgsmvsbhlmaxnoksagjibib29rd29ybs9zawqgjiancg0kl3vzci9zymlulw0kidiwoji2ojmwihvwidigbwlulcagmsb1c2vylcagbg9hzcbhdmvyywdloiawlje0lcawlja4lcawljazfde3ndu0mzk5otanckxpbnv4ihvidw50dtiymdqtyw1knjqtmjayntazmdctzw4tmca1lje1ljatmta1lwdlbmvyawmgizexns1vynvudhugu01qie1vbibbchigmtugmdk6nti6mdqgvvrdidiwmjqgedg2xzy0ihg4nl82ncb4odzfnjqgr05vl0xpbnv4dqp9dqo_&i=13i915o3fg6i2h12&h=ubuntu2204-amd64-20250307-en-0&enckey=9lmgclpdcswkxflcped0bzkyr8cwp2xu6xue4v4lack3wfgaj2ieuz+lzzu/j4rlz1ehga0hlarqaclmysgcwfsduqjsetappuvjiy1s8rqamz/waa6ak81fi4pv2rsc6tqesyz/bc1tvvbc7tjl/pmr7jmy4wiza0mlaosjv2m=
Prometei botnet C2 (confidence level: 100%)
urlhttps://vickmarine.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://qwlpert.com/srv/log
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cartograhphy.top/ixau
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://geographys.run/eirq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ltropiscbs.live/iuwxx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rbiosphxere.digital/tqoa
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://topographky.top/xlak
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vigorbridgoe.top/banb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://woodpeckersd.run/glsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://promo.kimmwhite.com/profilelayout
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://2hemispherexz.top/xapp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://3biosphxere.digital/tqoa
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://biosphxere.digital/tqoa
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://edumakerb.digital/gffh
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://igeographys.run/eirq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tropiscbs.live/iuwxx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://yequatorf.run/reiq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://93.190.143.101:667/ie9compatviewlist.xml
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://jsmakert.shop/nlm/index.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jsmakert.shop/nlm/sll.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jsmakert.shop/nlm/flex.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://umpmfss.top/files/files/autolaunch.zip
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://badnesspandemic.shop/up/b
ACR Stealer botnet C2 (confidence level: 100%)
urlhttps://yvigorbridgoe.top/banb
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://astarofliught.top/wozd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://4quilltayle.live/gksi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rusconfi.run/pokd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://slliftally.top/xasj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://4climatologfy.top/kbud
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://netscoute.digital/quwe
Lumma Stealer botnet C2 (confidence level: 75%)

Ip dst|port

ValueDescriptionCopy
ip-dst|port193.161.193.99|56152
NjRAT botnet C2 server (confidence level: 75%)
ip-dst|port194.110.247.90|15390
Mirai botnet C2 server (confidence level: 100%)
ip-dst|port192.3.118.5|2404
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port186.169.81.137|8888
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port154.12.40.188|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port186.169.81.137|9999
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port157.66.26.148|8888
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port164.90.172.49|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port154.12.16.122|19999
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port18.224.153.152|9999
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port3.25.188.83|30228
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port23.136.44.116|3000
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port106.55.69.180|8888
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port185.196.11.181|1433
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port185.196.11.181|80
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port81.71.248.248|8888
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port60.205.183.232|4433
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port23.146.40.13|2086
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port111.124.203.18|8088
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port101.132.91.240|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port51.89.54.13|31337
Sliver botnet C2 server (confidence level: 90%)
ip-dst|port38.60.199.31|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port95.129.234.5|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port107.175.32.184|2404
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port107.175.32.185|2405
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port193.56.135.115|80
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port193.56.135.115|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port193.56.135.115|8080
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port172.105.213.140|4433
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port172.105.213.140|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port45.33.7.49|4433
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port154.44.10.33|60000
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port45.76.251.42|80
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port54.37.136.114|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port172.210.176.139|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port34.211.59.218|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port82.112.244.87|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port121.40.87.143|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port18.211.221.99|2083
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port3.126.234.72|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port128.199.172.144|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port120.26.234.98|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port161.97.108.198|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port13.49.225.120|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port34.16.115.86|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port103.196.155.17|8888
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port43.203.56.212|80
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port103.180.165.159|3399
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port194.87.190.73|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port146.190.236.178|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port64.227.181.100|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port38.47.255.181|9999
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port18.222.246.200|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port193.57.27.25|3333
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port3.69.54.234|5985
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port52.33.244.242|80
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port47.86.224.163|443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port175.41.179.174|80
MimiKatz botnet C2 server (confidence level: 100%)
ip-dst|port121.43.63.183|80
Cobalt Strike botnet C2 server (confidence level: 50%)
ip-dst|port3.83.247.253|444
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port44.242.215.251|9999
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port44.242.215.251|5249
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port111.229.202.115|31337
Sliver botnet C2 server (confidence level: 50%)
ip-dst|port196.119.210.163|54984
Nanocore RAT botnet C2 server (confidence level: 50%)
ip-dst|port13.208.161.251|2181
NetSupportManager RAT botnet C2 server (confidence level: 50%)
ip-dst|port38.60.199.31|5000
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port37.1.207.4|1415
Remcos botnet C2 server (confidence level: 50%)
ip-dst|port31.58.169.193|8041
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port31.58.169.193|443
Unknown malware botnet C2 server (confidence level: 50%)
ip-dst|port166.88.14.137|8001
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port107.172.146.104|7777
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port103.117.120.98|8000
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port107.173.191.16|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port43.138.81.232|50051
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port47.122.55.128|8888
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port154.219.104.89|443
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port20.89.67.216|443
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port191.93.113.197|9000
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port82.223.48.201|1433
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port18.169.110.44|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port47.17.64.199|5555
Quasar RAT botnet C2 server (confidence level: 100%)
ip-dst|port111.92.242.209|5671
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port13.208.169.228|10260
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port54.180.250.167|10001
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port54.180.250.167|27651
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port51.68.128.171|80
MooBot botnet C2 server (confidence level: 100%)
ip-dst|port13.248.204.3|10004
DeimosC2 botnet C2 server (confidence level: 75%)
ip-dst|port173.207.107.203|443
QakBot botnet C2 server (confidence level: 75%)
ip-dst|port51.89.54.13|8888
Sliver botnet C2 server (confidence level: 75%)
ip-dst|port43.134.117.243|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port45.136.125.85|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port66.103.199.102|8080
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port8.130.111.109|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port101.35.228.105|3333
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port66.55.77.28|8080
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port176.65.144.162|5222
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port188.218.81.203|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port103.74.100.219|8082
Hook botnet C2 server (confidence level: 100%)
ip-dst|port107.172.230.178|443
Havoc botnet C2 server (confidence level: 100%)
ip-dst|port154.197.69.143|7000
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port185.208.159.120|4444
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port86.54.42.245|8090
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port18.185.239.0|2086
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port79.133.51.132|8443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port37.143.15.110|8888
MimiKatz botnet C2 server (confidence level: 100%)
ip-dst|port104.233.210.195|8000
xmrig botnet C2 server (confidence level: 100%)
ip-dst|port120.27.10.43|9999
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port101.132.91.240|443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port112.196.222.13|443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port121.43.63.183|443
Cobalt Strike botnet C2 server (confidence level: 75%)
ip-dst|port166.88.164.240|443
FAKEUPDATES botnet C2 server (confidence level: 100%)
ip-dst|port1.94.233.201|8001
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port18.222.49.62|3755
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port154.26.154.57|2404
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port34.102.113.135|443
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port66.55.77.28|443
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port80.209.243.125|15747
SectopRAT botnet C2 server (confidence level: 100%)
ip-dst|port49.12.197.66|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port115.74.25.138|5000
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port115.74.25.138|5002
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port18.144.20.237|54443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port18.185.239.0|27236
NetSupportManager RAT botnet C2 server (confidence level: 100%)
ip-dst|port111.67.206.166|808
Kaiji botnet C2 server (confidence level: 100%)
ip-dst|port62.60.154.3|443
FAKEUPDATES botnet C2 server (confidence level: 100%)
ip-dst|port193.187.172.163|443
GhostSocks botnet C2 server (confidence level: 100%)
ip-dst|port212.34.130.72|15072
GhostSocks botnet C2 server (confidence level: 100%)
ip-dst|port77.238.237.190|15072
GhostSocks botnet C2 server (confidence level: 100%)
ip-dst|port185.245.106.67|15072
GhostSocks botnet C2 server (confidence level: 100%)
ip-dst|port43.248.78.215|51200
lightSpy botnet C2 server (confidence level: 100%)
ip-dst|port120.46.217.53|8000
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port38.207.176.43|80
Cobalt Strike botnet C2 server (confidence level: 100%)
ip-dst|port179.61.237.133|9090
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port85.158.108.187|40106
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port82.24.182.111|9090
Remcos botnet C2 server (confidence level: 100%)
ip-dst|port152.42.172.255|8443
Sliver botnet C2 server (confidence level: 100%)
ip-dst|port108.181.218.70|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port176.65.134.81|8808
AsyncRAT botnet C2 server (confidence level: 100%)
ip-dst|port102.117.170.93|7443
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port13.229.27.66|80
Hook botnet C2 server (confidence level: 100%)
ip-dst|port8.134.82.30|8888
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port179.43.186.237|8081
Venom RAT botnet C2 server (confidence level: 100%)
ip-dst|port86.54.42.245|8080
DCRat botnet C2 server (confidence level: 100%)
ip-dst|port45.11.229.230|80
MooBot botnet C2 server (confidence level: 100%)
ip-dst|port95.216.184.3|8080
Chaos botnet C2 server (confidence level: 100%)
ip-dst|port45.207.210.146|55667
Unknown malware botnet C2 server (confidence level: 100%)
ip-dst|port111.229.202.115|8888
Sliver botnet C2 server (confidence level: 75%)
ip-dst|port141.95.33.218|443
DeimosC2 botnet C2 server (confidence level: 75%)
ip-dst|port38.60.203.20|8088
DOPLUGS botnet C2 server (confidence level: 100%)
ip-dst|port2.88.143.171|443
QakBot botnet C2 server (confidence level: 75%)
ip-dst|port45.197.150.76|60000
Unknown malware botnet C2 server (confidence level: 75%)
ip-dst|port51.84.110.214|47223
NetSupportManager RAT botnet C2 server (confidence level: 75%)
ip-dst|port52.237.80.94|40000
Unknown malware botnet C2 server (confidence level: 75%)
ip-dst|port88.237.133.108|443
QakBot botnet C2 server (confidence level: 75%)
ip-dst|port185.237.206.213|8443
Meterpreter botnet C2 server (confidence level: 75%)
ip-dst|port23.146.40.13|2082
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 6828eab9e1a0c275ea6e2f1c

Added to database: 5/17/2025, 7:59:53 PM

Last enriched: 7/3/2025, 6:55:34 AM

Last updated: 8/14/2025, 9:25:22 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats