ThreatFox IOCs for 2025-04-25
Severity: mediumType: malware
ThreatFox IOCs for 2025-04-25
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related entry titled 'ThreatFox IOCs for 2025-04-25,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data or is related to OSINT methodologies. However, the technical details are minimal, with no specific affected software versions, no CWE identifiers, no patch information, and no known exploits currently observed in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis rated at 1 and distribution at 3, suggesting moderate dissemination but limited technical analysis or confirmed impact. The absence of concrete technical indicators, such as malware signatures, attack vectors, or exploitation methods, limits the depth of technical understanding. The threat appears to be in an early or observational stage, possibly representing newly identified IOCs that have not yet been linked to active exploitation campaigns. The 'tlp:white' tag implies that the information is freely shareable without restrictions, which may facilitate broad awareness and collaborative defense efforts. Overall, this entry signals the presence of emerging malware-related IOCs that require monitoring but currently lack evidence of active exploitation or significant impact.
Potential Impact
Given the lack of confirmed exploits and detailed technical information, the immediate impact of this threat on European organizations is likely limited. However, the distribution rating of 3 suggests that the IOCs or related malware samples might be moderately widespread, potentially increasing the risk of future exploitation. If these IOCs are associated with malware capable of compromising confidentiality, integrity, or availability, organizations could face risks such as data breaches, system disruptions, or espionage. European entities relying on OSINT tools or platforms that might be targeted or leveraged by this malware could be at heightened risk. Additionally, sectors with high exposure to open-source intelligence gathering, such as cybersecurity firms, government agencies, and critical infrastructure operators, may be more susceptible. The absence of known exploits in the wild reduces the likelihood of immediate operational impact but does not preclude future developments. Vigilance is warranted to detect any escalation or active campaigns leveraging these IOCs.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: Incorporate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enable early detection of related activity. 2. Monitor OSINT Tools and Platforms: Conduct regular security assessments of OSINT tools and data sources used within the organization to identify potential compromise or misuse. 3. Network Segmentation and Access Controls: Limit exposure of critical systems to potential malware distribution vectors by enforcing strict network segmentation and least privilege access policies. 4. Employee Awareness and Training: Educate staff on recognizing suspicious activity related to OSINT data handling and potential malware indicators, emphasizing cautious handling of open-source data. 5. Incident Response Preparedness: Update incident response plans to include scenarios involving emerging OSINT-related malware threats, ensuring rapid containment and remediation capabilities. 6. Collaborate with Information Sharing Communities: Engage with European and international cybersecurity information sharing groups to receive timely updates and share findings related to this threat. These measures go beyond generic advice by focusing on the specific context of OSINT-related malware and the integration of emerging IOCs into proactive defense mechanisms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Belgium, Sweden
Indicators of Compromise
- domain: tafoz.press
- domain: microsoftftp.serveftp.com
- hash: 5105e61845ae0f024981b0eecee299c235768a6df15a9af1a1b0761bdd92e3b7
- hash: 8b6d4834df5a195ee0b81ae1e0d7b4ee93d0d6b9f83bc175e2d2bf151ab9ca8c
- domain: vogos.press
- url: https://analytiwave.com/api/geturl
- url: https://goclouder.org/6a1f2b3c4d5e6f7a8b9c0d1e2f3a4b5/
- url: https://security.cludfgard.com/b6c4d1a9f8g3h7e5n6b5a9de4f
- url: https://security.cludfgard.com/wordpress
- url: https://www.nemzieo.info/cloudflare.msi
- domain: www.nemzieo.info
- url: https://undo.sg/file.exe
- domain: undo.sg
- domain: napiv.press
- file: 43.250.174.95
- hash: 8080
- file: 47.115.139.118
- hash: 443
- file: 85.9.204.228
- hash: 2404
- file: 51.89.177.234
- hash: 443
- file: 194.102.105.105
- hash: 2404
- file: 15.235.37.196
- hash: 443
- file: 161.129.65.68
- hash: 8888
- file: 45.10.154.125
- hash: 8808
- file: 176.57.188.16
- hash: 80
- file: 104.248.194.142
- hash: 80
- domain: ec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com
- domain: 96-126-124-158.ip.linodeusercontent.com
- file: 13.246.39.244
- hash: 6005
- domain: goclouder.org
- url: https://security.flaearegyaard.com/b6c4d1a9f8g3h7e5n6b5a9de4f
- domain: security.flaearegyaard.com
- url: https://security.flaearegyaard.com/wordpress
- url: https://keloimnau.com/cloudflare.msi
- domain: keloimnau.com
- url: http://139.5.1.172:43399/mozi.m
- url: https://www.keloimnau.com/cloudflare.msi
- url: https://keloimnau.info/cloudflare.msi
- domain: keloimnau.info
- url: https://grrlspace.com/4d2a.js
- url: https://grrlspace.com/js.php
- url: https://core.keloimnau.com/cloudflare.msi
- domain: core.keloimnau.com
- file: 194.36.171.78
- hash: 80
- file: 113.45.10.142
- hash: 443
- file: 111.173.104.176
- hash: 8888
- file: 176.65.142.74
- hash: 3371
- file: 128.90.106.101
- hash: 4000
- file: 128.90.106.101
- hash: 8808
- file: 192.24.224.215
- hash: 7443
- file: 192.24.224.215
- hash: 8880
- file: 194.164.93.107
- hash: 443
- file: 192.153.57.116
- hash: 443
- file: 86.54.42.245
- hash: 4444
- file: 94.26.90.48
- hash: 443
- file: 140.228.29.33
- hash: 2404
- file: 80.98.145.41
- hash: 7443
- file: 181.32.34.147
- hash: 8080
- file: 51.68.26.225
- hash: 3333
- file: 157.10.73.118
- hash: 8443
- file: 217.125.90.31
- hash: 4433
- file: 13.127.79.254
- hash: 443
- file: 3.126.234.72
- hash: 3333
- file: 128.85.35.85
- hash: 38935
- file: 13.49.223.229
- hash: 443
- file: 188.213.174.59
- hash: 443
- file: 3.82.48.232
- hash: 443
- file: 41.78.75.244
- hash: 8443
- file: 35.202.11.12
- hash: 10443
- file: 3.228.32.116
- hash: 443
- file: 188.166.208.112
- hash: 80
- file: 167.86.174.240
- hash: 443
- file: 124.71.199.135
- hash: 443
- url: https://www.keloimnau.info/cloudflare.msi
- hash: d7ad18e63064ef80cc6b98db54516f6f
- hash: 97150d47ea7779101be6582fc329c2cd
- hash: 084deb26cd9d8eff3f972e8e0c4adfe6
- hash: 6dc5021a0cbdbe6dea26d78afb43ebb3
- domain: xuvyc.top
- url: https://keloimnau.org/cloudflare.msi
- domain: keloimnau.org
- file: 139.159.212.103
- hash: 7777
- file: 47.111.125.229
- hash: 80
- file: 43.137.42.33
- hash: 1234
- file: 47.121.222.227
- hash: 9999
- file: 160.202.227.54
- hash: 9999
- file: 121.40.154.130
- hash: 7777
- file: 1.94.255.158
- hash: 80
- domain: kuqob.top
- url: https://fleshplants.xyz/art.php
- url: http://beemorning.icu/apr.php
- url: http://beemorning.icu/apri.php
- url: http://birthteeth.xyz/oil.php
- url: https://digilayerx.digital/hmand
- url: https://fclarmodq.top/qoxo
- url: https://mclimatologfy.top/kbud
- url: https://rlatitudert.live/teui
- url: https://0topographky.top/xlak
- url: https://8biosphxere.digital/tqoa
- url: https://ahemispherexz.top/xapp
- url: https://hnwoodpeckersd.run/glsk
- url: https://nequatorf.run/reiq
- url: https://slatitudert.live/teui
- url: https://xclarmodq.top/qoxo
- url: https://ybiosphxere.digital/tqoa
- hash: 74ee8681dae4256ddc98a24f8fcf781312498958e8c46f5beab5f81105eb518e
- url: https://core.keloimnau.info/cloudflare.msi
- domain: core.keloimnau.info
- domain: know-knock-who-is-here.pages.dev
- domain: security-a2k8-go.com
- domain: rugyg.top
- file: 49.232.56.252
- hash: 443
- file: 194.36.171.78
- hash: 443
- file: 47.109.82.220
- hash: 80
- file: 104.37.4.100
- hash: 6001
- file: 147.93.146.25
- hash: 2404
- file: 57.128.219.114
- hash: 31337
- file: 49.113.75.76
- hash: 8888
- file: 16.162.136.113
- hash: 80
- file: 45.61.151.127
- hash: 2096
- file: 86.54.42.245
- hash: 591
- file: 18.185.33.50
- hash: 4841
- file: 3.96.191.215
- hash: 2761
- url: https://www.keloimnau.org/cloudflare.msi
- domain: u1.pridefulamaretto.digital
- file: 185.43.4.70
- hash: 8005
- file: 160.19.79.251
- hash: 8443
- file: 185.243.96.104
- hash: 5556
- file: 207.2.122.10
- hash: 443
- file: 18.159.210.194
- hash: 443
- file: 119.45.178.251
- hash: 50050
- file: 119.91.49.133
- hash: 443
- file: 43.163.196.208
- hash: 31337
- file: 139.84.172.231
- hash: 31337
- file: 84.247.148.249
- hash: 31337
- file: 157.20.182.6
- hash: 1337
- file: 172.111.139.42
- hash: 4444
- file: 3.91.49.221
- hash: 15
- file: 3.26.24.29
- hash: 14082
- file: 177.136.225.145
- hash: 9443
- file: 23.254.215.118
- hash: 443
- file: 158.247.247.157
- hash: 80
- file: 158.247.243.223
- hash: 443
- file: 60.17.15.218
- hash: 7443
- file: 194.87.232.26
- hash: 443
- file: 95.182.122.252
- hash: 80
- file: 196.251.84.27
- hash: 443
- file: 105.197.154.83
- hash: 1177
- file: 13.232.77.18
- hash: 427
- file: 54.70.105.247
- hash: 11065
- file: 177.234.144.240
- hash: 3333
- url: http://147.45.44.116/c60d76a15a1d4de5.php
- url: http://185.147.124.116/m0xmdru/login.php
- url: https://we-will.servegame.com/verify/
- url: https://chaintraderx.com/
- file: 114.66.58.133
- hash: 8995
- domain: donaldcity.club
- domain: nevernews.club
- domain: fiushion.online
- domain: huyxingum.mikustore.net
- domain: hacking01.ddns.net
- domain: a-ended.gl.at.ply.gg
- file: 147.185.221.27
- hash: 54782
- domain: friends-virginia.gl.at.ply.gg
- domain: games-travel.gl.at.ply.gg
- domain: scriptdagoat-42745.portmap.io
- domain: tobixhere-32449.portmap.io
- file: 80.64.16.35
- hash: 1912
- domain: obinwannedimna.ydns.eu
- domain: rem25rem.duckdns.org
- file: 62.60.226.139
- hash: 30303
- file: 62.60.226.139
- hash: 30304
- file: 62.60.226.139
- hash: 30305
- url: https://pastebin.com/raw/4jmdmm15
- url: https://pastebin.com/raw/rnbkqg1e
- url: https://pastebin.com/raw/s21lhj8e
- domain: zdwdwadzdwa-51598.portmap.io
- domain: centre-shake.gl.at.ply.gg
- domain: reo.gl.at.ply.gg
- file: 193.161.193.99
- hash: 29924
- file: 147.185.221.27
- hash: 58573
- file: 154.81.179.131
- hash: 9645
- domain: eshopper.top
- domain: mvhelp.cc
- domain: helpset123.site
- domain: 300005.ru
- domain: desktool.buzz
- domain: aardvarkw.live
- domain: cdn.optitc.com
- domain: signature908.golf
- domain: corner427.space
- url: https://3cartograhphy.top/ixau
- url: https://ufclimatologfy.top/kbud
- url: https://ywoodpeckersd.run/glsk
- file: 1.161.124.86
- hash: 443
- file: 117.24.3.176
- hash: 4506
- url: https://avigorbridgoe.top/banb
- url: https://ciwoodpeckersd.run/glsk
- url: https://lbiosphxere.digital/tqoa
- url: http://79.124.78.173/incongruousness.php
- url: https://bclimatologfy.top/kbud
- url: https://eclimatologfy.top/kbud
- url: https://qfybiosphxere.digital/tqoa
- file: 89.185.84.127
- hash: 443
- domain: maxbusinessclub.duckdns.org
- file: 172.111.163.162
- hash: 2983
- url: https://core.keloimnau.org/cloudflare.msi
- domain: core.keloimnau.org
- file: 196.251.86.114
- hash: 5050
- url: https://vlongitudde.digital/wizu
- domain: muhoj.top
- file: 45.114.60.209
- hash: 31337
- file: 149.210.66.4
- hash: 443
- url: http://www.1198.pet/an20/
- url: http://www.4260621.xyz/an20/
- url: http://www.4260686.xyz/an20/
- url: http://www.488ns.top/an20/
- url: http://www.8ekcmt.top/an20/
- url: http://www.8j3tfb2djzoo.xyz/an20/
- url: http://www.9o8yd.top/an20/
- url: http://www.alisisi.xyz/an20/
- url: http://www.andygirls.biz/an20/
- url: http://www.arisasuestalvey.net/an20/
- url: http://www.arka.group/an20/
- url: http://www.aser-eye-surgery-3291.bond/an20/
- url: http://www.ash-paying-jobs-79621.bond/an20/
- url: http://www.asinocruiseclub.net/an20/
- url: http://www.astertechhub.info/an20/
- url: http://www.atizenairdrop.bet/an20/
- url: http://www.audace.shop/an20/
- url: http://www.avino.website/an20/
- url: http://www.bcw1219.xyz/an20/
- url: http://www.ellwish.online/an20/
- url: http://www.ethil.xyz/an20/
- url: http://www.fp8ch.cfd/an20/
- url: http://www.hieh33.xyz/an20/
- url: http://www.ideoxxfree.xyz/an20/
- url: http://www.igaborgz.xyz/an20/
- url: http://www.ightmareroad.net/an20/
- url: http://www.inancialfreedomclub.xyz/an20/
- url: http://www.ires-72090.bond/an20/
- url: http://www.ixmy.beauty/an20/
- url: http://www.khsim.top/an20/
- url: http://www.ksp679.top/an20/
- url: http://www.lanajoyeria.shop/an20/
- url: http://www.layplus77.vip/an20/
- url: http://www.levateballoonco.net/an20/
- url: http://www.lobaltravelbookings.xyz/an20/
- url: http://www.mail-marketing-job-62763.bond/an20/
- url: http://www.marcato.online/an20/
- url: http://www.ndimadeahome.net/an20/
- url: http://www.nnotechbs.online/an20/
- url: http://www.odeatoll.shop/an20/
- url: http://www.odzat.info/an20/
- url: http://www.oftfusion.shop/an20/
- url: http://www.ogparks.club/an20/
- url: http://www.omiq.tech/an20/
- url: http://www.orchers.world/an20/
- url: http://www.orkshopaicollaborationhub.xyz/an20/
- url: http://www.ovaecho.shop/an20/
- url: http://www.palmsrd.net/an20/
- url: http://www.reta99.info/an20/
- url: http://www.rishticodiegfortysix.online/an20/
- url: http://www.ritishpanel.net/an20/
- url: http://www.rostygust.shop/an20/
- url: http://www.slarose.online/an20/
- url: http://www.ssiduousate.online/an20/
- url: http://www.tn67n.cfd/an20/
- url: http://www.uangjiahao.online/an20/
- url: http://www.uper-bowl-kickoff-time.cfd/an20/
- url: http://www.uponbs3.pro/an20/
- url: http://www.upport-meta2903.online/an20/
- url: http://www.uv3kq5tvbkys.xyz/an20/
- url: http://www.vertdzb.xyz/an20/
- url: http://www.winx6.casino/an20/
- url: http://www.x39q.top/an20/
- url: http://www.zev.net/an20/
- url: http://www.zw5m.top/an20/
- domain: www.1198.pet
- domain: www.4260621.xyz
- domain: www.4260686.xyz
- domain: www.488ns.top
- domain: www.8ekcmt.top
- domain: www.8j3tfb2djzoo.xyz
- domain: www.9o8yd.top
- domain: www.alisisi.xyz
- domain: www.andygirls.biz
- domain: www.arisasuestalvey.net
- domain: www.arka.group
- domain: www.aser-eye-surgery-3291.bond
- domain: www.ash-paying-jobs-79621.bond
- domain: www.asinocruiseclub.net
- domain: www.astertechhub.info
- domain: www.atizenairdrop.bet
- domain: www.audace.shop
- domain: www.avino.website
- domain: www.bcw1219.xyz
- domain: www.ellwish.online
- domain: www.ethil.xyz
- domain: www.fp8ch.cfd
- domain: www.hieh33.xyz
- domain: www.ideoxxfree.xyz
- domain: www.igaborgz.xyz
- domain: www.ightmareroad.net
- domain: www.inancialfreedomclub.xyz
- domain: www.ires-72090.bond
- domain: www.ixmy.beauty
- domain: www.khsim.top
- domain: www.ksp679.top
- domain: www.lanajoyeria.shop
- domain: www.layplus77.vip
- domain: www.levateballoonco.net
- domain: www.lobaltravelbookings.xyz
- domain: www.mail-marketing-job-62763.bond
- domain: www.marcato.online
- domain: www.ndimadeahome.net
- domain: www.nnotechbs.online
- domain: www.odeatoll.shop
- domain: www.odzat.info
- domain: www.oftfusion.shop
- domain: www.ogparks.club
- domain: www.omiq.tech
- domain: www.orchers.world
- domain: www.orkshopaicollaborationhub.xyz
- domain: www.ovaecho.shop
- domain: www.palmsrd.net
- domain: www.reta99.info
- domain: www.rishticodiegfortysix.online
- domain: www.ritishpanel.net
- domain: www.rostygust.shop
- domain: www.slarose.online
- domain: www.ssiduousate.online
- domain: www.tn67n.cfd
- domain: www.uangjiahao.online
- domain: www.uper-bowl-kickoff-time.cfd
- domain: www.uponbs3.pro
- domain: www.upport-meta2903.online
- domain: www.uv3kq5tvbkys.xyz
- domain: www.vertdzb.xyz
- domain: www.winx6.casino
- domain: www.x39q.top
- domain: www.zev.net
- domain: www.zw5m.top
- file: 116.198.229.197
- hash: 9999
- file: 194.102.104.25
- hash: 8443
- file: 149.104.30.130
- hash: 80
- file: 47.109.177.97
- hash: 8082
- file: 104.37.4.101
- hash: 6002
- file: 144.172.87.71
- hash: 7443
- domain: ip131.ip-139-99-25.net
- file: 139.99.25.131
- hash: 80
- file: 139.99.25.131
- hash: 8082
- file: 77.83.198.61
- hash: 443
- file: 156.208.38.51
- hash: 4445
- file: 93.198.191.241
- hash: 82
- file: 209.145.56.66
- hash: 8443
- domain: sylaj.top
- file: 123.207.79.51
- hash: 443
- url: https://security.guarbcfelare.com/b6c4d1a9f8g3h7e5n6b5a9de4f
- domain: security.guarbcfelare.com
- url: https://security.guarbcfelare.com/wordpress
- url: https://www.coligeme.com/cloudflare.msi
- domain: www.coligeme.com
- domain: files.fnomworldwide.com
- domain: lizyf.top
- file: 3.112.192.119
- hash: 443
- hash: f48857263991eea1880de0f62b3d1d37101c2e7739dcd8629b24260d08850f9c
- hash: 1dd64c00f061425d484dd67b359ad99df533aa430632c55fa7e7617b55dab6a8
- hash: b1221000f43734436ec8022caaa34b133f4581ca3ae8eccd8d57ea62573f301d
- url: http://88.214.50.3/login
- domain: lianxinxiao.com
- file: 31.9.48.183
- hash: 5555
- url: https://coligeme.com/cloudflare.msi
- url: https://vickmarine.com/4r2h.js
- domain: machinehiub.digital
- domain: techformb.digital
- domain: lifecubeq.digital
- domain: technomindc.digital
- domain: quicktecho.digital
- domain: hackergala.digital
- domain: datacubei.digital
- domain: appstreawm.digital
- domain: innovtechg.digital
- domain: pixelcodey.digital
- domain: coderspartk.digital
- domain: dsystemx.digital
- domain: digilayerx.digital
- domain: smartbitsx.digital
- file: 8.148.224.96
- hash: 50050
- file: 123.57.239.178
- hash: 443
- file: 92.255.57.31
- hash: 9000
- file: 194.246.83.10
- hash: 9000
- file: 45.118.248.29
- hash: 9000
- file: 80.209.243.125
- hash: 9000
- file: 5.230.54.243
- hash: 9000
- file: 185.125.50.140
- hash: 9000
- file: 185.157.214.192
- hash: 9000
- file: 77.239.117.135
- hash: 9000
- file: 193.201.9.252
- hash: 9000
- file: 185.147.124.103
- hash: 9000
- file: 45.141.84.60
- hash: 9000
- domain: habyg.press
- file: 107.189.26.70
- hash: 49
- file: 8.130.119.171
- hash: 80
- url: http://185.39.17.163/su8kud7i/login.php
- url: https://cloudflareapage.pages.dev/robots.txt
- url: https://pastebin.com/raw/ywwcu7xx
- domain: kenut.press
- file: 45.159.209.179
- hash: 80
- file: 206.123.152.100
- hash: 46167
- file: 158.247.192.174
- hash: 443
- file: 103.134.22.156
- hash: 443
- domain: bouldercountymedicarehelp.org
- file: 194.164.93.107
- hash: 80
- file: 20.190.118.69
- hash: 443
- file: 146.59.161.204
- hash: 80
- file: 62.60.226.89
- hash: 19000
- url: https://coligeme.info/cloudflare.msi
- domain: coligeme.info
- url: https://8starofliught.top/wozd
- url: https://k2salaccgfa.top/gsooz
- url: https://quonecony.live/tpeo
- url: https://1cartograhphy.top/ixau
- url: https://atropiscbs.live/iuwxx
- url: https://btopographky.top/xlak
- url: https://egeographys.run/eirq
- url: https://lgeographys.run/eirq
- url: https://ttopographky.top/xlak
- file: 89.168.81.122
- hash: 443
- file: 146.19.143.149
- hash: 1338
- file: 176.65.148.219
- hash: 3128
- file: 62.113.117.216
- hash: 443
- file: 82.147.88.84
- hash: 9000
- file: 92.255.57.75
- hash: 9000
- file: 45.141.84.208
- hash: 9000
- file: 157.90.192.89
- hash: 9000
- file: 82.117.242.178
- hash: 9000
- file: 91.199.163.74
- hash: 9000
- file: 144.172.97.2
- hash: 9000
- file: 104.238.162.122
- hash: 9000
- file: 45.148.11.14
- hash: 3541
- file: 3.145.178.55
- hash: 13
- file: 45.201.216.188
- hash: 31337
- url: http://139.99.25.131/
- url: http://www.1ewqdas456yhytredvb.autos/fs24/
- url: http://www.3tcart.cyou/fs24/
- url: http://www.5x1r2p5bg86q.xyz/fs24/
- url: http://www.7558a5.vip/fs24/
- url: http://www.9bet.bar/fs24/
- url: http://www.acaushowdesafios.shop/fs24/
- url: http://www.amir7.sbs/fs24/
- url: http://www.anglove.net/fs24/
- url: http://www.arinsurancehints.xyz/fs24/
- url: http://www.bscript.top/fs24/
- url: http://www.bvexil.xyz/fs24/
- url: http://www.dsignageaustralia.online/fs24/
- url: http://www.ealingcarecounseling.net/fs24/
- url: http://www.ealthsewa.online/fs24/
- url: http://www.ellbuyon.shop/fs24/
- url: http://www.emka.live/fs24/
- url: http://www.en-health-37595.bond/fs24/
- url: http://www.enteku.click/fs24/
- url: http://www.epayne.net/fs24/
- url: http://www.erenitypool-spa.net/fs24/
- url: http://www.esilientplaybook.online/fs24/
- url: http://www.et-together.vip/fs24/
- url: http://www.etafury.xyz/fs24/
- url: http://www.etiantang9673.top/fs24/
- url: http://www.extenglishinstitute.online/fs24/
- url: http://www.g9r430o6al1l.xyz/fs24/
- url: http://www.gkjkeiwbzou8pf.xyz/fs24/
- url: http://www.gnouqk3mq.shop/fs24/
- url: http://www.h10y.top/fs24/
- url: http://www.heworkshop.biz/fs24/
- url: http://www.hinaai.club/fs24/
- url: http://www.iqaqua.xyz/fs24/
- url: http://www.ithsugar.net/fs24/
- url: http://www.jdc6.one/fs24/
- url: http://www.klinic.cfd/fs24/
- url: http://www.liza.locker/fs24/
- url: http://www.mrnm.bingo/fs24/
- url: http://www.nonymix.net/fs24/
- url: http://www.obisumo.xyz/fs24/
- url: http://www.od-mine.net/fs24/
- url: http://www.odestapparel.net/fs24/
- url: http://www.ofas-cave-379.world/fs24/
- url: http://www.ogicloop.shop/fs24/
- url: http://www.okuousekizai.net/fs24/
- url: http://www.ooty.city/fs24/
- url: http://www.orgevision147.info/fs24/
- url: http://www.ork-abroad-36556.bond/fs24/
- url: http://www.ospital-care-us-bl-36561.click/fs24/
- url: http://www.ploots.xyz/fs24/
- url: http://www.ptiorder.shop/fs24/
- url: http://www.qx4ie.sbs/fs24/
- url: http://www.ravella.biz/fs24/
- url: http://www.riginorder.shop/fs24/
- url: http://www.rintsforu.shop/fs24/
- url: http://www.roxyduwanjuan.info/fs24/
- url: http://www.sqwe.pet/fs24/
- url: http://www.tbbwd.top/fs24/
- url: http://www.twanguffo.xyz/fs24/
- url: http://www.uikjobs.biz/fs24/
- url: http://www.unfunbigbgames.pics/fs24/
- url: http://www.wandafilmfestival.net/fs24/
- url: http://www.wqrqj.info/fs24/
- url: http://www.ykkg.pet/fs24/
- url: http://www.ysp9.info/fs24/
- url: http://www.zjylsp22.sbs/fs24/
- domain: www.1ewqdas456yhytredvb.autos
- domain: www.3tcart.cyou
- domain: www.5x1r2p5bg86q.xyz
- domain: www.7558a5.vip
- domain: www.9bet.bar
- domain: www.acaushowdesafios.shop
- domain: www.amir7.sbs
- domain: www.anglove.net
- domain: www.arinsurancehints.xyz
- domain: www.bscript.top
- domain: www.bvexil.xyz
- domain: www.dsignageaustralia.online
- domain: www.ealingcarecounseling.net
- domain: www.ealthsewa.online
- domain: www.ellbuyon.shop
- domain: www.emka.live
- domain: www.en-health-37595.bond
- domain: www.enteku.click
- domain: www.epayne.net
- domain: www.erenitypool-spa.net
- domain: www.esilientplaybook.online
- domain: www.et-together.vip
- domain: www.etafury.xyz
- domain: www.etiantang9673.top
- domain: www.extenglishinstitute.online
- domain: www.g9r430o6al1l.xyz
- domain: www.gkjkeiwbzou8pf.xyz
- domain: www.gnouqk3mq.shop
- domain: www.h10y.top
- domain: www.heworkshop.biz
- domain: www.hinaai.club
- domain: www.iqaqua.xyz
- domain: www.ithsugar.net
- domain: www.jdc6.one
- domain: www.klinic.cfd
- domain: www.liza.locker
- domain: www.mrnm.bingo
- domain: www.nonymix.net
- domain: www.obisumo.xyz
- domain: www.od-mine.net
- domain: www.odestapparel.net
- domain: www.ofas-cave-379.world
- domain: www.ogicloop.shop
- domain: www.okuousekizai.net
- domain: www.ooty.city
- domain: www.orgevision147.info
- domain: www.ork-abroad-36556.bond
- domain: www.ospital-care-us-bl-36561.click
- domain: www.ploots.xyz
- domain: www.ptiorder.shop
- domain: www.qx4ie.sbs
- domain: www.ravella.biz
- domain: www.riginorder.shop
- domain: www.rintsforu.shop
- domain: www.roxyduwanjuan.info
- domain: www.sqwe.pet
- domain: www.tbbwd.top
- domain: www.twanguffo.xyz
- domain: www.uikjobs.biz
- domain: www.unfunbigbgames.pics
- domain: www.wandafilmfestival.net
- domain: www.wqrqj.info
- domain: www.ykkg.pet
- domain: www.ysp9.info
- domain: www.zjylsp22.sbs
- domain: rse.pwirn.cc
- domain: allblessingcometome.freemyip.com
- domain: globalmail.dynuddns.net
- domain: janbours92harbubreakthroughs.loseyourip.com
- domain: mailhost.mysynology.net
- domain: postmasterrelayserver.duckdns.org
- domain: wealthyblessedma01n.duckdns.org
- domain: wealthyblessedman.duckdns.org
- url: https://pastebin.com/raw/6rkzrwrv
- domain: payment-lunch.gl.at.ply.gg
- domain: units-dispute.gl.at.ply.gg
- file: 147.185.221.27
- hash: 60338
- file: 38.181.44.107
- hash: 443
- file: 59.110.233.152
- hash: 8888
- file: 173.211.70.87
- hash: 80
- file: 173.211.70.87
- hash: 443
- file: 166.108.206.56
- hash: 8888
- file: 111.119.255.45
- hash: 8888
- file: 103.195.102.3
- hash: 2000
- file: 157.66.26.88
- hash: 8888
- file: 71.191.212.43
- hash: 7443
- file: 139.99.25.131
- hash: 8089
- file: 95.169.180.96
- hash: 443
- file: 38.134.148.106
- hash: 443
- file: 188.25.21.87
- hash: 8080
- file: 45.141.233.166
- hash: 9000
- file: 18.231.183.14
- hash: 4839
- domain: login.thecrabsterchief.work
- file: 82.180.162.193
- hash: 8080
- file: 3.216.87.117
- hash: 443
- file: 178.128.84.59
- hash: 31337
- file: 196.251.84.145
- hash: 8089
- file: 102.158.74.149
- hash: 443
- url: http://vvs.cymru/
- url: http://43.143.246.38:8888/supershell/login/supershell/login
- domain: gvhiz06dl.localto.net
- domain: taoh081018.zapto.org
- file: 176.10.107.180
- hash: 6606
- file: 176.10.107.180
- hash: 7707
- file: 176.10.107.180
- hash: 8808
- domain: physical-loving.gl.at.ply.gg
- url: https://pastebin.com/raw/ws3434
- file: 189.146.233.179
- hash: 995
- file: 92.116.91.140
- hash: 443
- file: 193.176.22.172
- hash: 1414
- file: 8.148.20.113
- hash: 80
ThreatFox IOCs for 2025-04-25
Medium
Published: Fri Apr 25 2025 (04/25/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-04-25
AI-Powered Analysis
AILast updated: 06/19/2025, 15:20:28 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related entry titled 'ThreatFox IOCs for 2025-04-25,' sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The threat is categorized under 'type:osint,' indicating that it primarily involves open-source intelligence data or is related to OSINT methodologies. However, the technical details are minimal, with no specific affected software versions, no CWE identifiers, no patch information, and no known exploits currently observed in the wild. The threat level is indicated as 2 on an unspecified scale, with analysis rated at 1 and distribution at 3, suggesting moderate dissemination but limited technical analysis or confirmed impact. The absence of concrete technical indicators, such as malware signatures, attack vectors, or exploitation methods, limits the depth of technical understanding. The threat appears to be in an early or observational stage, possibly representing newly identified IOCs that have not yet been linked to active exploitation campaigns. The 'tlp:white' tag implies that the information is freely shareable without restrictions, which may facilitate broad awareness and collaborative defense efforts. Overall, this entry signals the presence of emerging malware-related IOCs that require monitoring but currently lack evidence of active exploitation or significant impact.
Potential Impact
Given the lack of confirmed exploits and detailed technical information, the immediate impact of this threat on European organizations is likely limited. However, the distribution rating of 3 suggests that the IOCs or related malware samples might be moderately widespread, potentially increasing the risk of future exploitation. If these IOCs are associated with malware capable of compromising confidentiality, integrity, or availability, organizations could face risks such as data breaches, system disruptions, or espionage. European entities relying on OSINT tools or platforms that might be targeted or leveraged by this malware could be at heightened risk. Additionally, sectors with high exposure to open-source intelligence gathering, such as cybersecurity firms, government agencies, and critical infrastructure operators, may be more susceptible. The absence of known exploits in the wild reduces the likelihood of immediate operational impact but does not preclude future developments. Vigilance is warranted to detect any escalation or active campaigns leveraging these IOCs.
Mitigation Recommendations
1. Enhance Threat Intelligence Integration: Incorporate the provided IOCs into existing security information and event management (SIEM) systems and threat intelligence platforms to enable early detection of related activity. 2. Monitor OSINT Tools and Platforms: Conduct regular security assessments of OSINT tools and data sources used within the organization to identify potential compromise or misuse. 3. Network Segmentation and Access Controls: Limit exposure of critical systems to potential malware distribution vectors by enforcing strict network segmentation and least privilege access policies. 4. Employee Awareness and Training: Educate staff on recognizing suspicious activity related to OSINT data handling and potential malware indicators, emphasizing cautious handling of open-source data. 5. Incident Response Preparedness: Update incident response plans to include scenarios involving emerging OSINT-related malware threats, ensuring rapid containment and remediation capabilities. 6. Collaborate with Information Sharing Communities: Engage with European and international cybersecurity information sharing groups to receive timely updates and share findings related to this threat. These measures go beyond generic advice by focusing on the specific context of OSINT-related malware and the integration of emerging IOCs into proactive defense mechanisms.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- d7c24f93-6c74-4fda-8180-f209a5e33dc6
- Original Timestamp
- 1745625787
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaintafoz.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainmicrosoftftp.serveftp.com | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainvogos.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.nemzieo.info | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainundo.sg | Lumma Stealer payload delivery domain (confidence level: 75%) | |
domainnapiv.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com | Hook botnet C2 domain (confidence level: 100%) | |
domain96-126-124-158.ip.linodeusercontent.com | Havoc botnet C2 domain (confidence level: 100%) | |
domaingoclouder.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsecurity.flaearegyaard.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkeloimnau.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkeloimnau.info | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincore.keloimnau.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainxuvyc.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainkeloimnau.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkuqob.top | ClearFake payload delivery domain (confidence level: 100%) | |
domaincore.keloimnau.info | Unknown malware payload delivery domain (confidence level: 100%) | |
domainknow-knock-who-is-here.pages.dev | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity-a2k8-go.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainrugyg.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.pridefulamaretto.digital | ClearFake botnet C2 domain (confidence level: 100%) | |
domaindonaldcity.club | Glupteba botnet C2 domain (confidence level: 50%) | |
domainnevernews.club | Glupteba botnet C2 domain (confidence level: 50%) | |
domainfiushion.online | Mirai botnet C2 domain (confidence level: 50%) | |
domainhuyxingum.mikustore.net | Mirai botnet C2 domain (confidence level: 50%) | |
domainhacking01.ddns.net | NjRAT botnet C2 domain (confidence level: 50%) | |
domaina-ended.gl.at.ply.gg | Orcus RAT botnet C2 domain (confidence level: 50%) | |
domainfriends-virginia.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaingames-travel.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainscriptdagoat-42745.portmap.io | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domaintobixhere-32449.portmap.io | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainobinwannedimna.ydns.eu | Remcos botnet C2 domain (confidence level: 50%) | |
domainrem25rem.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainzdwdwadzdwa-51598.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domaincentre-shake.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainreo.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domaineshopper.top | Unknown malware payload delivery domain (confidence level: 50%) | |
domainmvhelp.cc | Unknown malware payload delivery domain (confidence level: 50%) | |
domainhelpset123.site | Unknown malware payload delivery domain (confidence level: 50%) | |
domain300005.ru | Unknown malware payload delivery domain (confidence level: 50%) | |
domaindesktool.buzz | Unknown malware payload delivery domain (confidence level: 50%) | |
domainaardvarkw.live | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincdn.optitc.com | Unknown malware payload delivery domain (confidence level: 50%) | |
domainsignature908.golf | Unknown malware payload delivery domain (confidence level: 50%) | |
domaincorner427.space | Unknown malware payload delivery domain (confidence level: 50%) | |
domainmaxbusinessclub.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincore.keloimnau.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmuhoj.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.1198.pet | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.4260621.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.4260686.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.488ns.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.8ekcmt.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.8j3tfb2djzoo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.9o8yd.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.alisisi.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.andygirls.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arisasuestalvey.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arka.group | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.aser-eye-surgery-3291.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ash-paying-jobs-79621.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.asinocruiseclub.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.astertechhub.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.atizenairdrop.bet | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.audace.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.avino.website | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bcw1219.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ellwish.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ethil.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.fp8ch.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hieh33.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ideoxxfree.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.igaborgz.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ightmareroad.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.inancialfreedomclub.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ires-72090.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ixmy.beauty | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.khsim.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ksp679.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lanajoyeria.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.layplus77.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.levateballoonco.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.lobaltravelbookings.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mail-marketing-job-62763.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.marcato.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ndimadeahome.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nnotechbs.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.odeatoll.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.odzat.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.oftfusion.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ogparks.club | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.omiq.tech | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.orchers.world | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.orkshopaicollaborationhub.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ovaecho.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.palmsrd.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.reta99.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rishticodiegfortysix.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ritishpanel.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rostygust.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.slarose.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ssiduousate.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.tn67n.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uangjiahao.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uper-bowl-kickoff-time.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uponbs3.pro | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.upport-meta2903.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uv3kq5tvbkys.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.vertdzb.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.winx6.casino | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.x39q.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zev.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zw5m.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainip131.ip-139-99-25.net | Hook botnet C2 domain (confidence level: 100%) | |
domainsylaj.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainsecurity.guarbcfelare.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwww.coligeme.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfiles.fnomworldwide.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainlizyf.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainlianxinxiao.com | BeaverTail botnet C2 domain (confidence level: 50%) | |
domainmachinehiub.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintechformb.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlifecubeq.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaintechnomindc.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainquicktecho.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhackergala.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindatacubei.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainappstreawm.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaininnovtechg.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainpixelcodey.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincoderspartk.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindsystemx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaindigilayerx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsmartbitsx.digital | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainhabyg.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainkenut.press | ClearFake payload delivery domain (confidence level: 100%) | |
domainbouldercountymedicarehelp.org | Hook botnet C2 domain (confidence level: 100%) | |
domaincoligeme.info | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwww.1ewqdas456yhytredvb.autos | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.3tcart.cyou | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.5x1r2p5bg86q.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.7558a5.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.9bet.bar | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.acaushowdesafios.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.amir7.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.anglove.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.arinsurancehints.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bscript.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.bvexil.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.dsignageaustralia.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ealingcarecounseling.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ealthsewa.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ellbuyon.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.emka.live | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.en-health-37595.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.enteku.click | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.epayne.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.erenitypool-spa.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.esilientplaybook.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.et-together.vip | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.etafury.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.etiantang9673.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.extenglishinstitute.online | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.g9r430o6al1l.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gkjkeiwbzou8pf.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.gnouqk3mq.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.h10y.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.heworkshop.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.hinaai.club | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.iqaqua.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ithsugar.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.jdc6.one | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.klinic.cfd | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.liza.locker | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.mrnm.bingo | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.nonymix.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.obisumo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.od-mine.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.odestapparel.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ofas-cave-379.world | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ogicloop.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.okuousekizai.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ooty.city | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.orgevision147.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ork-abroad-36556.bond | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ospital-care-us-bl-36561.click | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ploots.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ptiorder.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.qx4ie.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ravella.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.riginorder.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.rintsforu.shop | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.roxyduwanjuan.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.sqwe.pet | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.tbbwd.top | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.twanguffo.xyz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.uikjobs.biz | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.unfunbigbgames.pics | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wandafilmfestival.net | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.wqrqj.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ykkg.pet | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.ysp9.info | Formbook botnet C2 domain (confidence level: 50%) | |
domainwww.zjylsp22.sbs | Formbook botnet C2 domain (confidence level: 50%) | |
domainrse.pwirn.cc | Mirai botnet C2 domain (confidence level: 50%) | |
domainallblessingcometome.freemyip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainglobalmail.dynuddns.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainjanbours92harbubreakthroughs.loseyourip.com | Remcos botnet C2 domain (confidence level: 50%) | |
domainmailhost.mysynology.net | Remcos botnet C2 domain (confidence level: 50%) | |
domainpostmasterrelayserver.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainwealthyblessedma01n.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainwealthyblessedman.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainpayment-lunch.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainunits-dispute.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainlogin.thecrabsterchief.work | Unknown malware botnet C2 domain (confidence level: 100%) | |
domaingvhiz06dl.localto.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaintaoh081018.zapto.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainphysical-loving.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash5105e61845ae0f024981b0eecee299c235768a6df15a9af1a1b0761bdd92e3b7 | Unknown malware payload (confidence level: 75%) | |
hash8b6d4834df5a195ee0b81ae1e0d7b4ee93d0d6b9f83bc175e2d2bf151ab9ca8c | Unknown malware payload (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash6005 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3371 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8880 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4433 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash38935 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hashd7ad18e63064ef80cc6b98db54516f6f | Unknown malware payload (confidence level: 50%) | |
hash97150d47ea7779101be6582fc329c2cd | Unknown malware payload (confidence level: 50%) | |
hash084deb26cd9d8eff3f972e8e0c4adfe6 | Unknown malware payload (confidence level: 50%) | |
hash6dc5021a0cbdbe6dea26d78afb43ebb3 | Unknown malware payload (confidence level: 50%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash74ee8681dae4256ddc98a24f8fcf781312498958e8c46f5beab5f81105eb518e | Unknown malware payload (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6001 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2096 | Havoc botnet C2 server (confidence level: 100%) | |
hash591 | DCRat botnet C2 server (confidence level: 100%) | |
hash4841 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2761 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8005 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash5556 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash15 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash14082 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash9443 | Havoc botnet C2 server (confidence level: 50%) | |
hash443 | Havoc botnet C2 server (confidence level: 50%) | |
hash80 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash443 | Kimsuky botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash80 | PoshC2 botnet C2 server (confidence level: 50%) | |
hash443 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash427 | BlackShades botnet C2 server (confidence level: 50%) | |
hash11065 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8995 | DCRat botnet C2 server (confidence level: 50%) | |
hash54782 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
hash30303 | Remcos botnet C2 server (confidence level: 50%) | |
hash30304 | Remcos botnet C2 server (confidence level: 50%) | |
hash30305 | Remcos botnet C2 server (confidence level: 50%) | |
hash29924 | XWorm botnet C2 server (confidence level: 50%) | |
hash58573 | XWorm botnet C2 server (confidence level: 50%) | |
hash9645 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | MetaStealer botnet C2 server (confidence level: 75%) | |
hash2983 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5050 | XWorm botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6002 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4445 | DCRat botnet C2 server (confidence level: 100%) | |
hash82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Unknown RAT botnet C2 server (confidence level: 50%) | |
hashf48857263991eea1880de0f62b3d1d37101c2e7739dcd8629b24260d08850f9c | Unknown RAT payload (confidence level: 50%) | |
hash1dd64c00f061425d484dd67b359ad99df533aa430632c55fa7e7617b55dab6a8 | Unknown RAT payload (confidence level: 50%) | |
hashb1221000f43734436ec8022caaa34b133f4581ca3ae8eccd8d57ea62573f301d | Unknown RAT payload (confidence level: 50%) | |
hash5555 | NjRAT botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash49 | Crimson RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash46167 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | ERMAC botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Mirai botnet C2 server (confidence level: 100%) | |
hash1338 | Mirai botnet C2 server (confidence level: 100%) | |
hash3128 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Matanbuchus botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 50%) | |
hash3541 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash13 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash60338 | XWorm botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash9000 | DCRat botnet C2 server (confidence level: 100%) | |
hash4839 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash8089 | ERMAC botnet C2 server (confidence level: 50%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash1414 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://analytiwave.com/api/geturl | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://goclouder.org/6a1f2b3c4d5e6f7a8b9c0d1e2f3a4b5/ | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://security.cludfgard.com/b6c4d1a9f8g3h7e5n6b5a9de4f | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://security.cludfgard.com/wordpress | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://www.nemzieo.info/cloudflare.msi | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://undo.sg/file.exe | Lumma Stealer payload delivery URL (confidence level: 75%) | |
urlhttps://security.flaearegyaard.com/b6c4d1a9f8g3h7e5n6b5a9de4f | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://security.flaearegyaard.com/wordpress | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://keloimnau.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://139.5.1.172:43399/mozi.m | Mozi payload delivery URL (confidence level: 50%) | |
urlhttps://www.keloimnau.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://keloimnau.info/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://grrlspace.com/4d2a.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://grrlspace.com/js.php | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttps://core.keloimnau.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://www.keloimnau.info/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://keloimnau.org/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://fleshplants.xyz/art.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://beemorning.icu/apr.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://beemorning.icu/apri.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttp://birthteeth.xyz/oil.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://digilayerx.digital/hmand | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://fclarmodq.top/qoxo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mclimatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rlatitudert.live/teui | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://0topographky.top/xlak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://8biosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ahemispherexz.top/xapp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://hnwoodpeckersd.run/glsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nequatorf.run/reiq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://slatitudert.live/teui | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://xclarmodq.top/qoxo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ybiosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://core.keloimnau.info/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://www.keloimnau.org/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://147.45.44.116/c60d76a15a1d4de5.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttp://185.147.124.116/m0xmdru/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://we-will.servegame.com/verify/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://chaintraderx.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/4jmdmm15 | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/rnbkqg1e | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/s21lhj8e | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://3cartograhphy.top/ixau | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ufclimatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ywoodpeckersd.run/glsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://avigorbridgoe.top/banb | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ciwoodpeckersd.run/glsk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lbiosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://79.124.78.173/incongruousness.php | Koi Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bclimatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://eclimatologfy.top/kbud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://qfybiosphxere.digital/tqoa | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://core.keloimnau.org/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://vlongitudde.digital/wizu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://www.1198.pet/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4260621.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.4260686.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.488ns.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.8ekcmt.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.8j3tfb2djzoo.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.9o8yd.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.alisisi.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.andygirls.biz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arisasuestalvey.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arka.group/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.aser-eye-surgery-3291.bond/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ash-paying-jobs-79621.bond/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.asinocruiseclub.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.astertechhub.info/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.atizenairdrop.bet/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.audace.shop/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.avino.website/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bcw1219.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ellwish.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ethil.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.fp8ch.cfd/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hieh33.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ideoxxfree.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.igaborgz.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ightmareroad.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.inancialfreedomclub.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ires-72090.bond/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ixmy.beauty/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.khsim.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ksp679.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lanajoyeria.shop/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.layplus77.vip/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.levateballoonco.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.lobaltravelbookings.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mail-marketing-job-62763.bond/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.marcato.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ndimadeahome.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nnotechbs.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.odeatoll.shop/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.odzat.info/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.oftfusion.shop/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ogparks.club/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.omiq.tech/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orchers.world/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orkshopaicollaborationhub.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ovaecho.shop/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.palmsrd.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.reta99.info/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rishticodiegfortysix.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ritishpanel.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rostygust.shop/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.slarose.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ssiduousate.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tn67n.cfd/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uangjiahao.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uper-bowl-kickoff-time.cfd/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uponbs3.pro/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.upport-meta2903.online/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uv3kq5tvbkys.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.vertdzb.xyz/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.winx6.casino/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.x39q.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zev.net/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zw5m.top/an20/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://security.guarbcfelare.com/b6c4d1a9f8g3h7e5n6b5a9de4f | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://security.guarbcfelare.com/wordpress | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://www.coligeme.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://88.214.50.3/login | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://coligeme.com/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://vickmarine.com/4r2h.js | FAKEUPDATES payload delivery URL (confidence level: 100%) | |
urlhttp://185.39.17.163/su8kud7i/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://cloudflareapage.pages.dev/robots.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://pastebin.com/raw/ywwcu7xx | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://coligeme.info/cloudflare.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://8starofliught.top/wozd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://k2salaccgfa.top/gsooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://quonecony.live/tpeo | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://1cartograhphy.top/ixau | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://atropiscbs.live/iuwxx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://btopographky.top/xlak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://egeographys.run/eirq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://lgeographys.run/eirq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ttopographky.top/xlak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://139.99.25.131/ | Hook botnet C2 (confidence level: 50%) | |
urlhttp://www.1ewqdas456yhytredvb.autos/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.3tcart.cyou/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.5x1r2p5bg86q.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.7558a5.vip/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.9bet.bar/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.acaushowdesafios.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.amir7.sbs/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.anglove.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.arinsurancehints.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bscript.top/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.bvexil.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.dsignageaustralia.online/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ealingcarecounseling.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ealthsewa.online/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ellbuyon.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.emka.live/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.en-health-37595.bond/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.enteku.click/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.epayne.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.erenitypool-spa.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.esilientplaybook.online/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.et-together.vip/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.etafury.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.etiantang9673.top/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.extenglishinstitute.online/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.g9r430o6al1l.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gkjkeiwbzou8pf.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.gnouqk3mq.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.h10y.top/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.heworkshop.biz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.hinaai.club/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.iqaqua.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ithsugar.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.jdc6.one/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.klinic.cfd/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.liza.locker/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.mrnm.bingo/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.nonymix.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.obisumo.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.od-mine.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.odestapparel.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ofas-cave-379.world/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ogicloop.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.okuousekizai.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ooty.city/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.orgevision147.info/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ork-abroad-36556.bond/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ospital-care-us-bl-36561.click/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ploots.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ptiorder.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.qx4ie.sbs/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ravella.biz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.riginorder.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.rintsforu.shop/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.roxyduwanjuan.info/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.sqwe.pet/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.tbbwd.top/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.twanguffo.xyz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.uikjobs.biz/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.unfunbigbgames.pics/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wandafilmfestival.net/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.wqrqj.info/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ykkg.pet/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.ysp9.info/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttp://www.zjylsp22.sbs/fs24/ | Formbook botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/6rkzrwrv | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://vvs.cymru/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://43.143.246.38:8888/supershell/login/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/ws3434 | XWorm botnet C2 (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file43.250.174.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.115.139.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.9.204.228 | Remcos botnet C2 server (confidence level: 100%) | |
file51.89.177.234 | Remcos botnet C2 server (confidence level: 100%) | |
file194.102.105.105 | Remcos botnet C2 server (confidence level: 100%) | |
file15.235.37.196 | Sliver botnet C2 server (confidence level: 100%) | |
file161.129.65.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.10.154.125 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.57.188.16 | Hook botnet C2 server (confidence level: 100%) | |
file104.248.194.142 | Hook botnet C2 server (confidence level: 100%) | |
file13.246.39.244 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file194.36.171.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.10.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.173.104.176 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file176.65.142.74 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.106.101 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file192.24.224.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.24.224.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.164.93.107 | Havoc botnet C2 server (confidence level: 100%) | |
file192.153.57.116 | Havoc botnet C2 server (confidence level: 100%) | |
file86.54.42.245 | DCRat botnet C2 server (confidence level: 100%) | |
file94.26.90.48 | Remcos botnet C2 server (confidence level: 100%) | |
file140.228.29.33 | Remcos botnet C2 server (confidence level: 100%) | |
file80.98.145.41 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.32.34.147 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.68.26.225 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.10.73.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file217.125.90.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.127.79.254 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.126.234.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.85.35.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.49.223.229 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.213.174.59 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.82.48.232 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.78.75.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.202.11.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.228.32.116 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.166.208.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.86.174.240 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file124.71.199.135 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.159.212.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.111.125.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.137.42.33 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.121.222.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file160.202.227.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.40.154.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.94.255.158 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file49.232.56.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.36.171.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.82.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.37.4.100 | Remcos botnet C2 server (confidence level: 100%) | |
file147.93.146.25 | Remcos botnet C2 server (confidence level: 100%) | |
file57.128.219.114 | Sliver botnet C2 server (confidence level: 100%) | |
file49.113.75.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.162.136.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.61.151.127 | Havoc botnet C2 server (confidence level: 100%) | |
file86.54.42.245 | DCRat botnet C2 server (confidence level: 100%) | |
file18.185.33.50 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.96.191.215 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.43.4.70 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file160.19.79.251 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file185.243.96.104 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file207.2.122.10 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file18.159.210.194 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file119.45.178.251 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file119.91.49.133 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.163.196.208 | Sliver botnet C2 server (confidence level: 50%) | |
file139.84.172.231 | Sliver botnet C2 server (confidence level: 50%) | |
file84.247.148.249 | Sliver botnet C2 server (confidence level: 50%) | |
file157.20.182.6 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file172.111.139.42 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file3.91.49.221 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.26.24.29 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file177.136.225.145 | Havoc botnet C2 server (confidence level: 50%) | |
file23.254.215.118 | Havoc botnet C2 server (confidence level: 50%) | |
file158.247.247.157 | Kimsuky botnet C2 server (confidence level: 50%) | |
file158.247.243.223 | Kimsuky botnet C2 server (confidence level: 50%) | |
file60.17.15.218 | Unknown malware botnet C2 server (confidence level: 50%) | |
file194.87.232.26 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file95.182.122.252 | PoshC2 botnet C2 server (confidence level: 50%) | |
file196.251.84.27 | Nanocore RAT botnet C2 server (confidence level: 50%) | |
file105.197.154.83 | NjRAT botnet C2 server (confidence level: 50%) | |
file13.232.77.18 | BlackShades botnet C2 server (confidence level: 50%) | |
file54.70.105.247 | Unknown malware botnet C2 server (confidence level: 50%) | |
file177.234.144.240 | Unknown malware botnet C2 server (confidence level: 50%) | |
file114.66.58.133 | DCRat botnet C2 server (confidence level: 50%) | |
file147.185.221.27 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file80.64.16.35 | RedLine Stealer botnet C2 server (confidence level: 50%) | |
file62.60.226.139 | Remcos botnet C2 server (confidence level: 50%) | |
file62.60.226.139 | Remcos botnet C2 server (confidence level: 50%) | |
file62.60.226.139 | Remcos botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 50%) | |
file147.185.221.27 | XWorm botnet C2 server (confidence level: 50%) | |
file154.81.179.131 | Rhadamanthys botnet C2 server (confidence level: 75%) | |
file1.161.124.86 | QakBot botnet C2 server (confidence level: 75%) | |
file117.24.3.176 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file89.185.84.127 | MetaStealer botnet C2 server (confidence level: 75%) | |
file172.111.163.162 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.86.114 | XWorm botnet C2 server (confidence level: 75%) | |
file45.114.60.209 | Sliver botnet C2 server (confidence level: 50%) | |
file149.210.66.4 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file116.198.229.197 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.102.104.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.30.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.177.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file104.37.4.101 | Remcos botnet C2 server (confidence level: 100%) | |
file144.172.87.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.99.25.131 | Hook botnet C2 server (confidence level: 100%) | |
file139.99.25.131 | Hook botnet C2 server (confidence level: 100%) | |
file77.83.198.61 | Havoc botnet C2 server (confidence level: 100%) | |
file156.208.38.51 | DCRat botnet C2 server (confidence level: 100%) | |
file93.198.191.241 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file209.145.56.66 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file123.207.79.51 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file3.112.192.119 | Unknown RAT botnet C2 server (confidence level: 50%) | |
file31.9.48.183 | NjRAT botnet C2 server (confidence level: 50%) | |
file8.148.224.96 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file123.57.239.178 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file92.255.57.31 | SectopRAT botnet C2 server (confidence level: 50%) | |
file194.246.83.10 | SectopRAT botnet C2 server (confidence level: 50%) | |
file45.118.248.29 | SectopRAT botnet C2 server (confidence level: 50%) | |
file80.209.243.125 | SectopRAT botnet C2 server (confidence level: 50%) | |
file5.230.54.243 | SectopRAT botnet C2 server (confidence level: 50%) | |
file185.125.50.140 | SectopRAT botnet C2 server (confidence level: 50%) | |
file185.157.214.192 | SectopRAT botnet C2 server (confidence level: 50%) | |
file77.239.117.135 | SectopRAT botnet C2 server (confidence level: 50%) | |
file193.201.9.252 | SectopRAT botnet C2 server (confidence level: 50%) | |
file185.147.124.103 | SectopRAT botnet C2 server (confidence level: 50%) | |
file45.141.84.60 | SectopRAT botnet C2 server (confidence level: 50%) | |
file107.189.26.70 | Crimson RAT botnet C2 server (confidence level: 50%) | |
file8.130.119.171 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.159.209.179 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.123.152.100 | Remcos botnet C2 server (confidence level: 100%) | |
file158.247.192.174 | Sliver botnet C2 server (confidence level: 100%) | |
file103.134.22.156 | Sliver botnet C2 server (confidence level: 100%) | |
file194.164.93.107 | Havoc botnet C2 server (confidence level: 100%) | |
file20.190.118.69 | Havoc botnet C2 server (confidence level: 100%) | |
file146.59.161.204 | ERMAC botnet C2 server (confidence level: 100%) | |
file62.60.226.89 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file89.168.81.122 | Mirai botnet C2 server (confidence level: 100%) | |
file146.19.143.149 | Mirai botnet C2 server (confidence level: 100%) | |
file176.65.148.219 | Mirai botnet C2 server (confidence level: 100%) | |
file62.113.117.216 | Matanbuchus botnet C2 server (confidence level: 100%) | |
file82.147.88.84 | SectopRAT botnet C2 server (confidence level: 50%) | |
file92.255.57.75 | SectopRAT botnet C2 server (confidence level: 50%) | |
file45.141.84.208 | SectopRAT botnet C2 server (confidence level: 50%) | |
file157.90.192.89 | SectopRAT botnet C2 server (confidence level: 50%) | |
file82.117.242.178 | SectopRAT botnet C2 server (confidence level: 50%) | |
file91.199.163.74 | SectopRAT botnet C2 server (confidence level: 50%) | |
file144.172.97.2 | SectopRAT botnet C2 server (confidence level: 50%) | |
file104.238.162.122 | SectopRAT botnet C2 server (confidence level: 50%) | |
file45.148.11.14 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.145.178.55 | Unknown malware botnet C2 server (confidence level: 50%) | |
file45.201.216.188 | Sliver botnet C2 server (confidence level: 50%) | |
file147.185.221.27 | XWorm botnet C2 server (confidence level: 50%) | |
file38.181.44.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.233.152 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.211.70.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file173.211.70.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file166.108.206.56 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.119.255.45 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.195.102.3 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.66.26.88 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file71.191.212.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.99.25.131 | Hook botnet C2 server (confidence level: 100%) | |
file95.169.180.96 | Havoc botnet C2 server (confidence level: 100%) | |
file38.134.148.106 | Havoc botnet C2 server (confidence level: 100%) | |
file188.25.21.87 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file45.141.233.166 | DCRat botnet C2 server (confidence level: 100%) | |
file18.231.183.14 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file82.180.162.193 | Chaos botnet C2 server (confidence level: 100%) | |
file3.216.87.117 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file178.128.84.59 | Sliver botnet C2 server (confidence level: 50%) | |
file196.251.84.145 | ERMAC botnet C2 server (confidence level: 50%) | |
file102.158.74.149 | QakBot botnet C2 server (confidence level: 75%) | |
file176.10.107.180 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file176.10.107.180 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file176.10.107.180 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file189.146.233.179 | QakBot botnet C2 server (confidence level: 75%) | |
file92.116.91.140 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file193.176.22.172 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file8.148.20.113 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Threat ID: 682c7db2e8347ec82d2a4e99
Added to database: 5/20/2025, 1:03:46 PM
Last enriched: 6/19/2025, 3:20:28 PM
Last updated: 7/15/2025, 2:48:17 PM
Views: 4
Related Threats
ThreatFox IOCs for 2025-07-27
MediumMalwareMon Jul 28 2025
ThreatFox IOCs for 2025-07-26
MediumMalwareSun Jul 27 2025
Law enforcement operations seized BlackSuit ransomware gang’s darknet sites
MediumMalwareSat Jul 26 2025
ThreatFox IOCs for 2025-07-25
MediumMalwareSat Jul 26 2025
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
MediumMalwareSat Jul 26 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.