Skip to main content

ThreatFox IOCs for 2025-04-28

Medium
Published: Mon Apr 28 2025 (04/28/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-28

AI-Powered Analysis

AILast updated: 06/19/2025, 15:02:35 UTC

Technical Analysis

The provided threat intelligence relates to a malware category entry titled "ThreatFox IOCs for 2025-04-28," sourced from ThreatFox, a platform known for sharing Indicators of Compromise (IOCs) and threat intelligence data. The entry is classified under the "osint" product type, indicating it is primarily related to open-source intelligence gathering or dissemination rather than a specific software product vulnerability. There are no affected versions or specific software products listed, and no known exploits in the wild have been reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination or sharing of these IOCs. The absence of concrete technical indicators, CWEs, or patch links implies that this entry serves more as a repository or update of threat intelligence data rather than describing a novel or active malware campaign. The medium severity rating assigned by the source likely reflects the potential utility of these IOCs for defensive purposes rather than an immediate critical threat. Overall, this entry represents a collection of threat intelligence indicators that security teams can use to enhance detection and response capabilities but does not describe an active exploit or vulnerability targeting specific systems.

Potential Impact

For European organizations, the impact of this threat intelligence entry is indirect but valuable. Since it consists of IOCs related to malware, it can improve the detection and mitigation of potential malware infections if integrated into security monitoring tools such as SIEMs, endpoint detection and response (EDR) systems, or threat intelligence platforms. However, as there are no known active exploits or specific affected products, the immediate risk to confidentiality, integrity, or availability is low. The primary benefit is enhanced situational awareness and preparedness against malware threats that may emerge using these IOCs. Organizations that fail to incorporate such intelligence may experience delayed detection of malware infections, potentially leading to increased dwell time and impact. Therefore, the impact is more on the operational security posture and incident response effectiveness rather than direct compromise or disruption.

Mitigation Recommendations

1. Integrate the provided IOCs into existing threat intelligence platforms and security monitoring tools to enable real-time detection of related malware activity. 2. Regularly update endpoint protection and network security solutions with the latest threat intelligence feeds, including those from ThreatFox and similar OSINT sources. 3. Conduct periodic threat hunting exercises using these IOCs to proactively identify any signs of compromise within the network. 4. Enhance logging and monitoring capabilities to capture relevant events that could correlate with the indicators provided. 5. Train security analysts to recognize patterns associated with the shared IOCs and incorporate them into incident response playbooks. 6. Collaborate with information sharing communities and CERTs to receive timely updates and contextual analysis related to these IOCs. 7. Since no patches or exploits are currently known, focus on detection and response rather than patch management for this specific intelligence.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
c2d44351-c0e9-4ce9-bf7f-9df89f64839a
Original Timestamp
1745884987

Indicators of Compromise

Domain

ValueDescriptionCopy
domainfoqin.press
ClearFake payload delivery domain (confidence level: 100%)
domainwudav.press
ClearFake payload delivery domain (confidence level: 100%)
domainddos.dnsnb8.net
Unknown malware botnet C2 domain (confidence level: 75%)
domainec2-13-251-180-166.ap-southeast-1.compute.amazonaws.com
Hook botnet C2 domain (confidence level: 100%)
domainec2-3-84-178-184.compute-1.amazonaws.com
Havoc botnet C2 domain (confidence level: 100%)
domaindenemescprittt.com
AsyncRAT botnet C2 domain (confidence level: 100%)
domainhovno.tobim6.eu
xmrig botnet C2 domain (confidence level: 100%)
domainaluminumsternness.shop
ACR Stealer botnet C2 domain (confidence level: 100%)
domainfivel.press
ClearFake payload delivery domain (confidence level: 100%)
domaintyfew.press
ClearFake payload delivery domain (confidence level: 100%)
domainmylan.press
ClearFake payload delivery domain (confidence level: 100%)
domainzenithcorde.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintechguidet.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbtcgeared.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintechsyncq.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintoptalentw.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindrindin.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaindubyl.press
ClearFake payload delivery domain (confidence level: 100%)
domainbookings.odoc.life
Hook botnet C2 domain (confidence level: 100%)
domainwww.normanwaddell.com
Havoc botnet C2 domain (confidence level: 100%)
domainasperod.tech
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainmilerdrew.cc
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsolidwork.pro
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainjimriehls.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaindoreblue.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainjulerise.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainquzem.press
ClearFake payload delivery domain (confidence level: 100%)
domaincpanel.paulmaguire.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainxelesex.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainwww.eurobrandsindia.com
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainfolew.press
ClearFake payload delivery domain (confidence level: 100%)
domainlammysecurity.com
ClearFake payload delivery domain (confidence level: 100%)
domainms2.rybos.fun
ClearFake payload delivery domain (confidence level: 100%)
domainvuram.press
ClearFake payload delivery domain (confidence level: 100%)
domainmagiklink.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domaintitanumsheld.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainwavob.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domain2rivercsg.com
Unknown malware payload delivery domain (confidence level: 100%)
domaincgplk.press
ClearFake payload delivery domain (confidence level: 100%)
domainaplhadrink.org
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainlwhkr.press
ClearFake payload delivery domain (confidence level: 100%)
domain3a.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domain71.3a.4t.com
Vidar botnet C2 domain (confidence level: 100%)
domainringtoday.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainfwwls.press
ClearFake payload delivery domain (confidence level: 100%)
domainkingrouder.tech
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainu1.paralegalchemicals.run
ClearFake botnet C2 domain (confidence level: 100%)
domainkamru.su
Mirai botnet C2 domain (confidence level: 100%)
domainukrainianhorseriding.kamru.su
Mirai botnet C2 domain (confidence level: 100%)

File

ValueDescriptionCopy
file78.159.131.80
Unknown malware botnet C2 server (confidence level: 75%)
file46.246.14.5
Unknown malware botnet C2 server (confidence level: 75%)
file52.57.120.10
Unknown malware botnet C2 server (confidence level: 75%)
file185.228.72.71
Unknown malware botnet C2 server (confidence level: 75%)
file62.60.226.21
Unknown malware botnet C2 server (confidence level: 75%)
file62.60.226.101
Unknown malware botnet C2 server (confidence level: 75%)
file62.60.226.21
Unknown malware botnet C2 server (confidence level: 75%)
file62.60.226.21
Unknown malware botnet C2 server (confidence level: 75%)
file185.29.11.31
Unknown malware botnet C2 server (confidence level: 75%)
file193.151.108.40
Unknown malware botnet C2 server (confidence level: 50%)
file23.95.140.60
Unknown malware botnet C2 server (confidence level: 100%)
file23.94.70.113
Unknown malware botnet C2 server (confidence level: 100%)
file34.96.225.28
Unknown malware botnet C2 server (confidence level: 100%)
file139.59.247.82
Unknown malware botnet C2 server (confidence level: 100%)
file64.185.233.163
Unknown malware botnet C2 server (confidence level: 100%)
file206.238.68.237
Unknown malware botnet C2 server (confidence level: 100%)
file103.215.78.185
Unknown malware botnet C2 server (confidence level: 100%)
file23.94.70.114
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.34.26
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.34.31
Unknown malware botnet C2 server (confidence level: 100%)
file107.173.111.26
Unknown malware botnet C2 server (confidence level: 100%)
file103.215.78.213
Unknown malware botnet C2 server (confidence level: 100%)
file38.54.16.203
Unknown malware botnet C2 server (confidence level: 100%)
file38.147.170.252
Unknown malware botnet C2 server (confidence level: 100%)
file198.58.100.186
Unknown malware botnet C2 server (confidence level: 100%)
file35.78.114.163
Unknown malware botnet C2 server (confidence level: 100%)
file165.154.199.35
Unknown malware botnet C2 server (confidence level: 100%)
file27.124.34.25
Unknown malware botnet C2 server (confidence level: 100%)
file192.253.235.50
Unknown malware botnet C2 server (confidence level: 100%)
file47.108.175.134
Unknown malware botnet C2 server (confidence level: 100%)
file114.116.254.52
Unknown malware botnet C2 server (confidence level: 100%)
file206.238.70.142
Unknown malware botnet C2 server (confidence level: 100%)
file103.79.118.72
Unknown malware botnet C2 server (confidence level: 100%)
file16.163.161.51
Unknown malware botnet C2 server (confidence level: 100%)
file64.185.233.162
Unknown malware botnet C2 server (confidence level: 100%)
file66.135.26.190
Unknown malware botnet C2 server (confidence level: 100%)
file103.12.148.112
Unknown malware botnet C2 server (confidence level: 100%)
file23.95.44.47
Unknown malware botnet C2 server (confidence level: 100%)
file147.93.111.114
Unknown malware botnet C2 server (confidence level: 50%)
file172.94.111.186
DarkComet botnet C2 server (confidence level: 100%)
file45.192.164.238
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.116.129
AsyncRAT botnet C2 server (confidence level: 100%)
file51.195.91.59
Unknown malware botnet C2 server (confidence level: 100%)
file195.210.178.70
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file144.126.246.44
MooBot botnet C2 server (confidence level: 100%)
file62.60.187.68
Unknown malware botnet C2 server (confidence level: 100%)
file172.111.163.163
Unknown malware botnet C2 server (confidence level: 75%)
file196.251.86.197
Remcos botnet C2 server (confidence level: 75%)
file124.221.56.49
Cobalt Strike botnet C2 server (confidence level: 75%)
file159.138.34.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.116.115
AsyncRAT botnet C2 server (confidence level: 100%)
file195.211.191.54
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.68
AsyncRAT botnet C2 server (confidence level: 100%)
file167.71.236.37
Unknown malware botnet C2 server (confidence level: 100%)
file187.101.165.234
Quasar RAT botnet C2 server (confidence level: 100%)
file154.91.226.168
DCRat botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file121.37.237.250
Unknown malware botnet C2 server (confidence level: 100%)
file54.75.31.65
Unknown malware botnet C2 server (confidence level: 100%)
file34.34.87.254
Unknown malware botnet C2 server (confidence level: 100%)
file222.184.253.70
Unknown malware botnet C2 server (confidence level: 100%)
file80.211.194.153
Unknown malware botnet C2 server (confidence level: 100%)
file34.244.45.33
Unknown malware botnet C2 server (confidence level: 100%)
file186.67.120.154
Unknown malware botnet C2 server (confidence level: 100%)
file18.201.179.180
Unknown malware botnet C2 server (confidence level: 100%)
file52.215.233.215
Unknown malware botnet C2 server (confidence level: 100%)
file3.254.210.225
Unknown malware botnet C2 server (confidence level: 100%)
file34.9.145.167
Unknown malware botnet C2 server (confidence level: 100%)
file193.134.211.236
Unknown malware botnet C2 server (confidence level: 100%)
file164.90.216.69
Unknown malware botnet C2 server (confidence level: 100%)
file149.90.103.193
Unknown malware botnet C2 server (confidence level: 100%)
file47.238.30.194
Unknown malware botnet C2 server (confidence level: 100%)
file44.233.122.24
Unknown malware botnet C2 server (confidence level: 100%)
file44.233.122.24
Unknown malware botnet C2 server (confidence level: 100%)
file168.138.2.167
Unknown malware botnet C2 server (confidence level: 100%)
file143.110.147.139
Unknown malware botnet C2 server (confidence level: 100%)
file51.75.22.182
Unknown malware botnet C2 server (confidence level: 100%)
file142.171.29.139
Unknown malware botnet C2 server (confidence level: 100%)
file3.125.68.215
Unknown malware botnet C2 server (confidence level: 100%)
file3.125.68.215
Unknown malware botnet C2 server (confidence level: 100%)
file43.140.243.146
Cobalt Strike botnet C2 server (confidence level: 100%)
file182.92.131.115
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.93.25.72
Cobalt Strike botnet C2 server (confidence level: 100%)
file151.236.16.211
Cobalt Strike botnet C2 server (confidence level: 100%)
file95.129.234.24
AsyncRAT botnet C2 server (confidence level: 100%)
file128.199.68.233
Unknown malware botnet C2 server (confidence level: 100%)
file107.189.21.227
Unknown malware botnet C2 server (confidence level: 100%)
file116.104.55.198
Quasar RAT botnet C2 server (confidence level: 100%)
file42.118.180.182
Quasar RAT botnet C2 server (confidence level: 100%)
file58.186.113.138
Quasar RAT botnet C2 server (confidence level: 100%)
file116.104.55.175
Quasar RAT botnet C2 server (confidence level: 100%)
file116.104.55.150
Quasar RAT botnet C2 server (confidence level: 100%)
file42.118.180.168
Quasar RAT botnet C2 server (confidence level: 100%)
file171.224.210.244
Quasar RAT botnet C2 server (confidence level: 100%)
file116.104.55.173
Quasar RAT botnet C2 server (confidence level: 100%)
file116.104.55.159
Quasar RAT botnet C2 server (confidence level: 100%)
file58.186.113.141
Quasar RAT botnet C2 server (confidence level: 100%)
file58.186.168.187
Quasar RAT botnet C2 server (confidence level: 100%)
file42.118.180.174
Quasar RAT botnet C2 server (confidence level: 100%)
file84.32.22.36
Havoc botnet C2 server (confidence level: 100%)
file154.21.201.16
Havoc botnet C2 server (confidence level: 100%)
file195.2.92.39
Unknown malware botnet C2 server (confidence level: 100%)
file196.251.86.182
AsyncRAT botnet C2 server (confidence level: 75%)
file142.171.44.245
Sliver botnet C2 server (confidence level: 75%)
file196.251.69.149
Remcos botnet C2 server (confidence level: 75%)
file31.131.251.47
DeimosC2 botnet C2 server (confidence level: 75%)
file70.176.149.88
QakBot botnet C2 server (confidence level: 75%)
file84.38.189.55
DeimosC2 botnet C2 server (confidence level: 75%)
file195.128.100.227
Meterpreter botnet C2 server (confidence level: 75%)
file39.100.70.144
Cobalt Strike botnet C2 server (confidence level: 100%)
file3.252.248.209
Sliver botnet C2 server (confidence level: 100%)
file8.219.49.148
Unknown malware botnet C2 server (confidence level: 100%)
file154.211.90.65
AsyncRAT botnet C2 server (confidence level: 100%)
file154.211.90.252
AsyncRAT botnet C2 server (confidence level: 100%)
file82.223.48.201
AsyncRAT botnet C2 server (confidence level: 100%)
file158.220.83.114
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.129
AsyncRAT botnet C2 server (confidence level: 100%)
file80.64.30.203
SectopRAT botnet C2 server (confidence level: 100%)
file155.138.132.158
Unknown malware botnet C2 server (confidence level: 100%)
file102.117.172.150
Unknown malware botnet C2 server (confidence level: 100%)
file193.233.203.26
Havoc botnet C2 server (confidence level: 100%)
file172.187.178.33
Havoc botnet C2 server (confidence level: 100%)
file13.244.95.122
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file91.229.239.12
MooBot botnet C2 server (confidence level: 100%)
file23.88.62.122
Chaos botnet C2 server (confidence level: 100%)
file91.151.95.206
Bashlite botnet C2 server (confidence level: 100%)
file47.90.155.109
MimiKatz botnet C2 server (confidence level: 100%)
file147.124.221.148
Rhadamanthys botnet C2 server (confidence level: 100%)
file185.244.30.100
Remcos botnet C2 server (confidence level: 75%)
file185.244.30.100
Remcos botnet C2 server (confidence level: 75%)
file185.244.30.100
Remcos botnet C2 server (confidence level: 75%)
file47.253.165.251
Cobalt Strike botnet C2 server (confidence level: 75%)
file185.225.17.74
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.228.234.238
FAKEUPDATES payload delivery server (confidence level: 100%)
file198.44.168.41
Cobalt Strike botnet C2 server (confidence level: 100%)
file113.44.152.64
Cobalt Strike botnet C2 server (confidence level: 100%)
file84.32.188.17
Unknown malware botnet C2 server (confidence level: 100%)
file209.38.253.70
Unknown malware botnet C2 server (confidence level: 100%)
file45.141.233.172
Hook botnet C2 server (confidence level: 100%)
file34.134.221.76
Havoc botnet C2 server (confidence level: 100%)
file85.9.198.162
MimiKatz botnet C2 server (confidence level: 100%)
file49.12.113.201
Vidar botnet C2 server (confidence level: 100%)
file65.109.240.225
Vidar botnet C2 server (confidence level: 100%)
file5.75.209.111
Vidar botnet C2 server (confidence level: 100%)
file109.120.137.79
AsyncRAT botnet C2 server (confidence level: 75%)
file67.205.137.180
Mirai botnet C2 server (confidence level: 75%)
file67.205.137.180
Mirai botnet C2 server (confidence level: 75%)
file128.199.208.158
Mirai botnet C2 server (confidence level: 75%)
file85.93.9.165
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.233.253.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.242.201.14
Cobalt Strike botnet C2 server (confidence level: 100%)
file107.151.246.44
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.195.65.195
Sliver botnet C2 server (confidence level: 100%)
file114.55.28.140
Unknown malware botnet C2 server (confidence level: 100%)
file15.168.20.99
AsyncRAT botnet C2 server (confidence level: 100%)
file107.189.21.227
Unknown malware botnet C2 server (confidence level: 100%)
file91.92.46.3
Hook botnet C2 server (confidence level: 100%)
file23.227.199.59
Havoc botnet C2 server (confidence level: 100%)
file62.182.82.146
DCRat botnet C2 server (confidence level: 100%)
file95.125.143.155
MimiKatz botnet C2 server (confidence level: 100%)
file172.111.137.167
Remcos botnet C2 server (confidence level: 75%)
file176.65.140.153
Remcos botnet C2 server (confidence level: 75%)
file191.112.9.128
QakBot botnet C2 server (confidence level: 75%)
file195.211.191.54
Remcos botnet C2 server (confidence level: 75%)
file196.251.84.214
Remcos botnet C2 server (confidence level: 75%)
file198.135.49.79
Remcos botnet C2 server (confidence level: 75%)
file213.209.143.57
Remcos botnet C2 server (confidence level: 75%)
file70.31.125.193
QakBot botnet C2 server (confidence level: 75%)

Hash

ValueDescriptionCopy
hash81
Unknown malware botnet C2 server (confidence level: 75%)
hash2404
Unknown malware botnet C2 server (confidence level: 75%)
hash12802
Unknown malware botnet C2 server (confidence level: 75%)
hash1533
Unknown malware botnet C2 server (confidence level: 75%)
hash40105
Unknown malware botnet C2 server (confidence level: 75%)
hash40104
Unknown malware botnet C2 server (confidence level: 75%)
hash40104
Unknown malware botnet C2 server (confidence level: 75%)
hash40103
Unknown malware botnet C2 server (confidence level: 75%)
hash3765
Unknown malware botnet C2 server (confidence level: 75%)
hash4444
Unknown malware botnet C2 server (confidence level: 50%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash3232
Unknown malware botnet C2 server (confidence level: 100%)
hash4444
Unknown malware botnet C2 server (confidence level: 50%)
hash16161
DarkComet botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash16993
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3911
Unknown malware botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 75%)
hash56789
Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555
AsyncRAT botnet C2 server (confidence level: 100%)
hash2983
AsyncRAT botnet C2 server (confidence level: 100%)
hash6606
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash5000
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
DCRat botnet C2 server (confidence level: 100%)
hash81
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash8000
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash60000
Unknown malware botnet C2 server (confidence level: 100%)
hash3636
Unknown malware botnet C2 server (confidence level: 100%)
hash4141
Unknown malware botnet C2 server (confidence level: 100%)
hash56562
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash2083
Unknown malware botnet C2 server (confidence level: 100%)
hash3334
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8088
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash9999
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash3333
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash8888
Quasar RAT botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash4449
AsyncRAT botnet C2 server (confidence level: 75%)
hash8443
Sliver botnet C2 server (confidence level: 75%)
hash8000
Remcos botnet C2 server (confidence level: 75%)
hash10250
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash6443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
Meterpreter botnet C2 server (confidence level: 75%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash443
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash1005
AsyncRAT botnet C2 server (confidence level: 100%)
hash7707
AsyncRAT botnet C2 server (confidence level: 100%)
hash15647
SectopRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash8993
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash44819
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash8090
Chaos botnet C2 server (confidence level: 100%)
hash50001
Bashlite botnet C2 server (confidence level: 100%)
hash3000
MimiKatz botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 100%)
hash4800
Remcos botnet C2 server (confidence level: 75%)
hash4801
Remcos botnet C2 server (confidence level: 75%)
hash4802
Remcos botnet C2 server (confidence level: 75%)
hash7890
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443
FAKEUPDATES payload delivery server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash6667
Cobalt Strike botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash50555
Hook botnet C2 server (confidence level: 100%)
hash80
Havoc botnet C2 server (confidence level: 100%)
hash8080
MimiKatz botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash443
Vidar botnet C2 server (confidence level: 100%)
hash401
AsyncRAT botnet C2 server (confidence level: 75%)
hash38975
Mirai botnet C2 server (confidence level: 75%)
hash41829
Mirai botnet C2 server (confidence level: 75%)
hash8456
Mirai botnet C2 server (confidence level: 75%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash18088
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash14443
Havoc botnet C2 server (confidence level: 100%)
hash4444
DCRat botnet C2 server (confidence level: 100%)
hash80
MimiKatz botnet C2 server (confidence level: 100%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash8000
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash2222
QakBot botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://20.54.80.208
Unknown malware botnet C2 (confidence level: 25%)
urlhttp://archiv.social-neos.eu:8080/forum/viewtopic.php
Unknown malware botnet C2 (confidence level: 75%)
urlhttp://cloud.social-neos.eu:8080/forum/viewtopic.php
Unknown malware botnet C2 (confidence level: 75%)
urlhttp://eyon-neos.eu:8080/forum/viewtopic.php
Unknown malware botnet C2 (confidence level: 75%)
urlhttp://quest.social-neos.eu:8080/forum/viewtopic.php
Unknown malware botnet C2 (confidence level: 75%)
urlhttp://47.92.166.75:8989/ezl2
Unknown malware botnet C2 (confidence level: 75%)
urlhttp://aluminumsternness.shop/up/b
ACR Stealer botnet C2 (confidence level: 100%)
urlhttp://192.168.1.18:80/9dvj
Unknown malware botnet C2 (confidence level: 75%)
urlhttps://asperod.tech/sign/in
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://coveridea.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://sofacent.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://0tbiosphxere.digital/tqoa
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6topographky.top/xlak
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://1u6clarmodq.top/qoxo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://24parakehjet.run/kewk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://9buzzarddf.live/ktnt
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://awoodpeckersd.run/glsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gfishgh.digital/tequ
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://solidwork.pro/sign/in
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://154.31.216.212:8888/supershell/login/
Unknown malware botnet C2 (confidence level: 100%)
urlhttps://jimriehls.com/5t3e.js
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jimriehls.com/js.php
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://152.252.95.130:48616/mozi.m
Mozi payload delivery URL (confidence level: 50%)
urlhttps://xelesex.top/ifh/min.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://xelesex.top/ifh/select.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://xelesex.top/ifh/lll.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://www.eurobrandsindia.com/wp-content/kile.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://cpanel.paulmaguire.com/profilelayout
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://wavob.top/ifh/select.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://wavob.top/ifh/lll.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://www.eurobrandsindia.com/wp-content/leki.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199851454339
Vidar botnet C2 (confidence level: 100%)
urlhttps://t.me/m00f3r
Vidar botnet C2 (confidence level: 100%)
urlhttps://71.3a.4t.com/
Vidar botnet C2 (confidence level: 100%)
urlhttps://49.12.113.201/
Vidar botnet C2 (confidence level: 100%)
urlhttps://65.109.240.225/
Vidar botnet C2 (confidence level: 100%)
urlhttps://5tropiscbs.live/iuwxx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://pclimatologfy.top/kbud
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://bardcauft.run/tured
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ifishgh.digital/tequ
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ogeographys.run/eirq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rwoodpeckersd.run/glsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sorcery.digital/renq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://btcgeared.live/lbak
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://techguidet.digital/apdo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://techsyncq.run/riid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zenithcorde.top/auid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://iwoodpeckersd.run/glsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://utropiscbs.live/iuwxx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://warldonvu.live/wxgd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6fishgh.digital/tequ
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://lucticiq.run/tqwu
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://pfishgh.digital/tequ
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rclarmodq.top/qoxo
Lumma Stealer botnet C2 (confidence level: 75%)

Threat ID: 682c7db2e8347ec82d2a3d1c

Added to database: 5/20/2025, 1:03:46 PM

Last enriched: 6/19/2025, 3:02:35 PM

Last updated: 8/13/2025, 11:36:35 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats