Skip to main content

ThreatFox IOCs for 2025-04-30

Medium
Published: Wed Apr 30 2025 (04/30/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2025-04-30

AI-Powered Analysis

AILast updated: 06/19/2025, 15:02:04 UTC

Technical Analysis

The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-04-30," sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The entry appears to be a collection or update of Indicators of Compromise (IOCs) related to malware activities as of April 30, 2025. However, the technical details are minimal, with no specific affected software versions, no Common Weakness Enumerations (CWEs), and no patch links provided. The threat level is indicated as 2 on an unspecified scale, with analysis rated at 1 and distribution at 3, suggesting moderate dissemination but limited analytical depth. No known exploits are currently reported in the wild, and no direct technical indicators or attack vectors are described. The severity is marked as medium, which aligns with the moderate threat level and distribution. Given the lack of detailed technical information, it is likely that this entry serves as a general alert or repository update for malware-related IOCs rather than a description of a novel or active exploit. The absence of affected versions or products implies that the threat may be generic or broadly applicable to multiple environments rather than targeting a specific software or hardware platform. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, suggesting that the data is not sensitive or restricted. Overall, this threat entry represents a moderate-level malware-related intelligence update with limited actionable technical specifics at this time.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of detailed exploit information or known active attacks. However, the presence of malware-related IOCs implies a potential risk of infection or compromise if these indicators are relevant to the organization's environment. The moderate distribution level suggests that the malware or associated indicators may be circulating within certain communities or sectors, possibly increasing the risk of exposure. European entities involved in cybersecurity monitoring, threat intelligence sharing, or incident response may find value in integrating these IOCs into their detection systems to enhance early warning capabilities. Without specific affected products or vulnerabilities, the direct impact on confidentiality, integrity, or availability remains uncertain but is likely moderate. Organizations with mature security operations centers (SOCs) and threat hunting capabilities can leverage this information to proactively identify potential infections or reconnaissance activities. The lack of known exploits in the wild reduces the immediate threat level but does not eliminate the risk of future exploitation or targeted campaigns leveraging these IOCs.

Mitigation Recommendations

1. Integrate the provided IOCs into existing security monitoring tools such as SIEMs, IDS/IPS, and endpoint detection and response (EDR) platforms to enhance detection capabilities. 2. Conduct regular threat hunting exercises focusing on the indicators associated with this update to identify any early signs of compromise. 3. Maintain up-to-date malware signatures and heuristic detection rules to improve the likelihood of identifying related malware activity. 4. Enhance network segmentation and implement strict access controls to limit lateral movement should an infection occur. 5. Promote user awareness training focused on recognizing phishing and social engineering tactics, as these are common malware delivery methods. 6. Collaborate with national and European cybersecurity information sharing organizations to receive timely updates and contextual threat intelligence. 7. Regularly review and update incident response plans to incorporate procedures for handling malware infections related to emerging IOCs. These recommendations go beyond generic advice by emphasizing proactive integration of IOCs, threat hunting, and collaboration within European cybersecurity frameworks.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
39abdf9b-258e-4612-ad2e-b8b93954db93
Original Timestamp
1746057787

Indicators of Compromise

Domain

ValueDescriptionCopy
domainmentor.omgwowhq.org
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainmypah.press
ClearFake payload delivery domain (confidence level: 100%)
domaincrrtwright.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainmin-js-lib.pages.dev
ClearFake payload delivery domain (confidence level: 100%)
domaingreenhoet.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainnodepathr.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainh1.exceptionicon.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainhywod.press
ClearFake payload delivery domain (confidence level: 100%)
domainlyqej.press
ClearFake payload delivery domain (confidence level: 100%)
domainwakor.press
ClearFake payload delivery domain (confidence level: 100%)
domainmoriartybirds.click
Unknown Loader payload delivery domain (confidence level: 100%)
domainniaolas.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainleeling.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainnetscoute.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwlandersmountain.click
Unknown Loader payload delivery domain (confidence level: 100%)
domainnkdnopfdabcj.izipy.com
Bashlite botnet C2 domain (confidence level: 100%)
domainmuvom.press
ClearFake payload delivery domain (confidence level: 100%)
domainjezyq.press
ClearFake payload delivery domain (confidence level: 100%)
domainbrandihx.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainvictoreqs.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaintuboos.pages.dev
ClearFake payload delivery domain (confidence level: 100%)
domainyuun.pages.dev
ClearFake payload delivery domain (confidence level: 100%)
domainjumstor.cloud
ClearFake payload delivery domain (confidence level: 100%)
domainvytoz.press
ClearFake payload delivery domain (confidence level: 100%)
domaincleaner-consideration-thoroughly-personally.trycloudflare.com
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainu1.spiritismprotozoan.bet
ClearFake botnet C2 domain (confidence level: 75%)
domainzivad.press
ClearFake payload delivery domain (confidence level: 100%)
domainquizzical-golick.94-156-177-241.plesk.page
AsyncRAT botnet C2 domain (confidence level: 100%)
domainbebir.press
ClearFake payload delivery domain (confidence level: 100%)
domain666.20240829.xyz
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainportal.bottomlinepracticesolutions.com
FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainnovow.press
ClearFake payload delivery domain (confidence level: 100%)
domainh1.riverbankrejoicing.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindoriot.info
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainneon.galaxias.cc
Mirai botnet C2 domain (confidence level: 75%)
domainguket.press
ClearFake payload delivery domain (confidence level: 100%)
domainleannon.top
FAKEUPDATES payload delivery domain (confidence level: 100%)
domainyourcialsupply.top
NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainbusinesses-exposure.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domainengineering-groups.gl.at.ply.gg
AsyncRAT botnet C2 domain (confidence level: 50%)
domainernjklnbwerkj-42355.portmap.io
DCRat botnet C2 domain (confidence level: 50%)
domainwww.329-homeremodel.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4260389.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4260524.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4270864.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.4271030.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.5z6hmy3.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.612tw.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.74bet.app
Formbook botnet C2 domain (confidence level: 50%)
domainwww.7579.loan
Formbook botnet C2 domain (confidence level: 50%)
domainwww.7jhm.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.97p7sa2.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.9phm.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.adekclimatecontrol.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.arthes.app
Formbook botnet C2 domain (confidence level: 50%)
domainwww.atasha.group
Formbook botnet C2 domain (confidence level: 50%)
domainwww.attaa-king-fast.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bbrwv.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.bere6.sbs
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ccng90.cyou
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ealthywatches.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.eartlandflagssy.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.empobetteklif.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.erasync.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.fqozq.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gleyucx.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gsp631.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.gsp644.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hatsuptocachee.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.heautocademy.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.heitcommunity.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hljbh.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.hmfdjxvnbsn.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ickisaprick.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iep.cloud
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ilosportsy.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.iwmn.cyou
Formbook botnet C2 domain (confidence level: 50%)
domainwww.jjhldejorbvw.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.k008.casino
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lgox.bot
Formbook botnet C2 domain (confidence level: 50%)
domainwww.limpsepublishing.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.lotpersen789.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.luegreencloud.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nbox.box
Formbook botnet C2 domain (confidence level: 50%)
domainwww.niteview.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.nline4u.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.okf.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.om-dszi.vip
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ordfilm-fans.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.otosnap.pics
Formbook botnet C2 domain (confidence level: 50%)
domainwww.oundationsystems.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.owaniowa.info
Formbook botnet C2 domain (confidence level: 50%)
domainwww.pl7bn.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rabsmp.shop
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rostaten.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.rpxpdgpjn.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.t69oo.xyz
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ucky.business
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ulegame.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.unezstock.net
Formbook botnet C2 domain (confidence level: 50%)
domainwww.uperpaws.online
Formbook botnet C2 domain (confidence level: 50%)
domainwww.vhxvj.cfd
Formbook botnet C2 domain (confidence level: 50%)
domainwww.xbrp6.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.ysteryclick84.top
Formbook botnet C2 domain (confidence level: 50%)
domainwww.zqp5.cyou
Formbook botnet C2 domain (confidence level: 50%)
domainmywebh.kro.kr
Mirai botnet C2 domain (confidence level: 50%)
domain1puohi7iyi.loclx.io
Quasar RAT botnet C2 domain (confidence level: 50%)
domainmxsunami.gotdns.ch
Remcos botnet C2 domain (confidence level: 50%)
domain3214r214r12412-50274.portmap.io
XWorm botnet C2 domain (confidence level: 50%)
domainopportunity-commitment.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainshopping-noted.gl.at.ply.gg
XWorm botnet C2 domain (confidence level: 50%)
domainlife223.center
Unknown malware botnet C2 domain (confidence level: 50%)
domainaloud745.asia
Unknown malware botnet C2 domain (confidence level: 50%)
domaindashboard.peripl.app
Unknown malware botnet C2 domain (confidence level: 50%)
domaindarjkafsg.digital
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmedimado.run
Lumma Stealer botnet C2 domain (confidence level: 50%)
domainviriatoe.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainexitiumt.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainopusculy.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincivitasu.run
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpraetori.live
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainlysez.press
ClearFake payload delivery domain (confidence level: 100%)
domainscriptao.digital
Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindisciplipna.top
Lumma Stealer botnet C2 domain (confidence level: 100%)
domainzimwl.press
ClearFake payload delivery domain (confidence level: 100%)
domainu1.barbellblurry.today
ClearFake botnet C2 domain (confidence level: 100%)
domainns1.dmakk.cn
Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.dmakk.cn
Cobalt Strike botnet C2 domain (confidence level: 75%)

Hash

ValueDescriptionCopy
hash983a20479a281a182d33b75c0945e447
Medusa payload (confidence level: 50%)
hash4fe99e5dc101170750d8ece6ea066155
Medusa payload (confidence level: 50%)
hashdc344328208c3481587d0aab1005fcdd
Medusa payload (confidence level: 50%)
hash10911494fa52daee0279972f91fded01
Medusa payload (confidence level: 50%)
hash24ccd142ff83e8622f00f5443ea5cb2d
Medusa payload (confidence level: 50%)
hasha6980e543efa40771ed1dcf84b29d732
Medusa payload (confidence level: 50%)
hasha162a5c5ab72b3783215f52b9edc3680
Medusa payload (confidence level: 50%)
hash600371ebab1e29429f06a5b1909056e5
Medusa payload (confidence level: 50%)
hash0067679c7033139bcbb273840494b324
Medusa payload (confidence level: 50%)
hash602d720f1184d2ad739568cbf6403331
Medusa payload (confidence level: 50%)
hashec5b1a6de3564c26c4e0e804e6bc2ecb
Medusa payload (confidence level: 50%)
hashf05b57cdc3420acc359efe9e4941c428
Medusa payload (confidence level: 50%)
hash0168a4daa9598e991e140057e59438f6
Medusa payload (confidence level: 50%)
hash6be23d5a1ff1e9cbe99fe7f7c49a5607
Medusa payload (confidence level: 50%)
hashe874240a53fc353bc770f507445cc061
Medusa payload (confidence level: 50%)
hasheb46bc3e2ad88149176ef33c9fea087a
Medusa payload (confidence level: 50%)
hashbdf6ac02664baea655b103d50bdfd6ec
Medusa payload (confidence level: 50%)
hashbd29231bc4f2c6d2f22fa026e2eaca40
Medusa payload (confidence level: 50%)
hash6b0631f823e171da4b7e9350f61a0536
Medusa payload (confidence level: 50%)
hash49b53d3c715ec879efeb51d386b9d923
Medusa payload (confidence level: 50%)
hash8100
Unknown malware botnet C2 server (confidence level: 100%)
hash44285363a25d16417837cf949b9493ec71a94a957fa59c007aad48149fa38235
Unknown malware payload (confidence level: 100%)
hash4ea04c70a903300423462f26891a47de633716efe058cfe62c2fa71ed9009e7c
Unknown malware payload (confidence level: 100%)
hash4432
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8080
Sliver botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7272
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash14443
Havoc botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 100%)
hash8080
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 90%)
hash2000
AsyncRAT botnet C2 server (confidence level: 100%)
hash4000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash4443
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Hook botnet C2 server (confidence level: 100%)
hash8089
Hook botnet C2 server (confidence level: 100%)
hash8008
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash8080
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash80
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash3333
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Unknown malware botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash808
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234
Cobalt Strike botnet C2 server (confidence level: 100%)
hash1488
Unknown malware botnet C2 server (confidence level: 75%)
hash84b88ac81e4872ff3bf15c72f431d101
MedusaLocker payload (confidence level: 50%)
hash47386ee20a6a94830ee4fa38b419a6f7
MedusaLocker payload (confidence level: 50%)
hashf257d37c05d29e725071a900ef49f1c9
MedusaLocker payload (confidence level: 50%)
hashd0706d40e65e2dc6452c2279a4ab882c
MedusaLocker payload (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Sliver botnet C2 server (confidence level: 100%)
hash8888
Unknown malware botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash4444
AsyncRAT botnet C2 server (confidence level: 100%)
hash7443
Unknown malware botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash8080
DCRat botnet C2 server (confidence level: 100%)
hash40257
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8080
DeimosC2 botnet C2 server (confidence level: 75%)
hash2405
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash8001
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash7771
XWorm botnet C2 server (confidence level: 75%)
hash8443
Havoc botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash60448
Meterpreter botnet C2 server (confidence level: 75%)
hash4433
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash28409
Sliver botnet C2 server (confidence level: 100%)
hash8080
Orcus RAT botnet C2 server (confidence level: 100%)
hash80
MooBot botnet C2 server (confidence level: 100%)
hash839
Bashlite botnet C2 server (confidence level: 100%)
hash11453
Rhadamanthys botnet C2 server (confidence level: 100%)
hash19000
Rhadamanthys botnet C2 server (confidence level: 100%)
hash808
Cobalt Strike botnet C2 server (confidence level: 75%)
hash443
FAKEUPDATES botnet C2 server (confidence level: 100%)
hash7070
Remcos botnet C2 server (confidence level: 75%)
hash12121
Mirai botnet C2 server (confidence level: 75%)
hash8083
Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash443
Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash31337
Sliver botnet C2 server (confidence level: 50%)
hash8545
Unknown malware botnet C2 server (confidence level: 50%)
hash12130
Unknown malware botnet C2 server (confidence level: 50%)
hash811
Unknown malware botnet C2 server (confidence level: 50%)
hash811
Unknown malware botnet C2 server (confidence level: 50%)
hash811
Unknown malware botnet C2 server (confidence level: 50%)
hash811
Unknown malware botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash9000
SectopRAT botnet C2 server (confidence level: 50%)
hash17
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash175
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash35002
NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash4444
Unknown malware botnet C2 server (confidence level: 50%)
hash3333
Unknown malware botnet C2 server (confidence level: 50%)
hash8089
Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash8009
AsyncRAT botnet C2 server (confidence level: 50%)
hash1800
Remcos botnet C2 server (confidence level: 50%)
hash7218
BlackShades botnet C2 server (confidence level: 50%)
hash80
Unknown malware botnet C2 server (confidence level: 50%)
hash14305
Remcos botnet C2 server (confidence level: 50%)
hash14306
Remcos botnet C2 server (confidence level: 50%)
hash10001
Cobalt Strike botnet C2 server (confidence level: 100%)
hash12721
Sliver botnet C2 server (confidence level: 100%)
hash3000
AsyncRAT botnet C2 server (confidence level: 100%)
hash8808
AsyncRAT botnet C2 server (confidence level: 100%)
hash591
DCRat botnet C2 server (confidence level: 100%)
hash20548
NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80
Amadey botnet C2 server (confidence level: 50%)
hash8888
Mirai botnet C2 server (confidence level: 100%)
hash81
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888
Cobalt Strike botnet C2 server (confidence level: 100%)
hash80
Cobalt Strike botnet C2 server (confidence level: 100%)
hash443
Havoc botnet C2 server (confidence level: 100%)
hash9000
Unknown malware botnet C2 server (confidence level: 100%)
hash8474
Rhadamanthys botnet C2 server (confidence level: 100%)
hash8080
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash36099
DeimosC2 botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash35889
Remcos botnet C2 server (confidence level: 75%)
hash14646
Remcos botnet C2 server (confidence level: 75%)
hash7070
Remcos botnet C2 server (confidence level: 75%)
hash2404
Remcos botnet C2 server (confidence level: 75%)
hash443
Sliver botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash2535
Remcos botnet C2 server (confidence level: 75%)
hash443
Eye Pyramid botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash995
QakBot botnet C2 server (confidence level: 75%)
hash8888
Sliver botnet C2 server (confidence level: 75%)
hash7443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash8800
DeimosC2 botnet C2 server (confidence level: 75%)
hash2078
QakBot botnet C2 server (confidence level: 75%)
hash443
DeimosC2 botnet C2 server (confidence level: 75%)
hash6443
DeimosC2 botnet C2 server (confidence level: 75%)
hash443
QakBot botnet C2 server (confidence level: 75%)
hash4701
DeimosC2 botnet C2 server (confidence level: 75%)
hash53
Cobalt Strike botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttps://tsoi-zhiv.com/login
Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://leeling.top/sign/in
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://1geographys.run/eirq
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cmwoodpeckersd.run/glsk
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://corexlaib.top/xzea
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://datamanipy.run/bent
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://datawavej.digital/bafy
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://techchaiun.live/qwes
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vecturar.top/zsia
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://4zenithcorde.top/auid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://eaglekl.digital/eand
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ibearjk.live/benj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://pblockhubr.live/jhgf
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wtechguidet.digital/apdo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://canopyselected.com/nwxf4tjx9nrn34/index.php
Amadey botnet C2 (confidence level: 100%)
urlhttp://185.101.93.54/avg/14840646743032cdbox.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://stewframe.icu/art.php
Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://8piratetwrath.run/ytus
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xcelmodo.run/api
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ihemispherexz.top/xapp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://narwhaltr.live/saud
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ustarofliught.top/wozd
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://5datamanipy.run/bent
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://btechwaveg.run/oipz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ddatawavej.digital/bafy
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mzenithcorde.top/auid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qvecturar.top/zsia
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ybearjk.live/benj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xtechsyncq.run/riid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://brandihx.run/lowp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://kdatawavej.digital/bafy
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ktechsyncq.run/riid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cbtcgeared.live/lbak
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://vdatamanipy.run/bent
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wvecturar.top/zsia
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cleaner-consideration-thoroughly-personally.trycloudflare.com/sign/in
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://wpiratetwrath.run/ytus
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://portal.bottomlinepracticesolutions.com/profilelayout
FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://doriot.info
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://leannon.top/sign/in
FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://yourcialsupply.top/ifh/min.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://yourcialsupply.top/ifh/select.js
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://yourcialsupply.top/ifh/lll.php
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://uncustomary.org/kiscos.zip
NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://45.192.164.239:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://111.119.255.45:8888/supershell/login
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://207.244.199.46/index.php
Unknown malware botnet C2 (confidence level: 50%)
urlhttp://144.91.124.44/
Hook botnet C2 (confidence level: 50%)
urlhttp://tsoi-zhiv.com
Lumma Stealer botnet C2 (confidence level: 50%)
urlhttp://185.39.17.122/som9unr/index.php
Amadey botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/s14cuu5g
AsyncRAT botnet C2 (confidence level: 50%)
urlhttp://www.329-homeremodel.sbs/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4260389.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4260524.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4270864.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4271030.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.5z6hmy3.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.612tw.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.74bet.app/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.7579.loan/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.7jhm.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.97p7sa2.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.9phm.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.adekclimatecontrol.online/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arthes.app/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.atasha.group/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.attaa-king-fast.online/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bbrwv.sbs/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bere6.sbs/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ccng90.cyou/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ealthywatches.online/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eartlandflagssy.shop/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.empobetteklif.vip/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.erasync.shop/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.fqozq.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gleyucx.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gsp631.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gsp644.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hatsuptocachee.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.heautocademy.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.heitcommunity.info/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hljbh.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hmfdjxvnbsn.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ickisaprick.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iep.cloud/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ilosportsy.shop/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iwmn.cyou/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.jjhldejorbvw.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.k008.casino/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lgox.bot/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.limpsepublishing.online/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lotpersen789.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.luegreencloud.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nbox.box/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.niteview.shop/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nline4u.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.okf.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.om-dszi.vip/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ordfilm-fans.online/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.otosnap.pics/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oundationsystems.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.owaniowa.info/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pl7bn.cfd/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rabsmp.shop/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rostaten.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rpxpdgpjn.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.t69oo.xyz/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ucky.business/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ulegame.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unezstock.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uperpaws.online/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vhxvj.cfd/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wandafilmfestival.net/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xbrp6.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ysteryclick84.top/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zqp5.cyou/mk20/
Formbook botnet C2 (confidence level: 50%)
urlhttp://185.39.17.122/som9unr/login.php
Amadey botnet C2 (confidence level: 100%)
urlhttps://1i45praetori.live/vepr
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://3disciplipna.top/eqwu
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://3g-sviriatoe.live/laopx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://5opusculy.top/keaj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://civitasu.run/werrp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://exitiumt.digital/xane
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://opusculy.top/keaj
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ovecturar.top/zsia
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://praetori.live/vepr
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://scriptao.digital/vpep
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://viriatoe.live/laopx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ncorexlaib.top/xzea
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://utechsyncq.run/riid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://5civitasu.run/werrp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://disciplipna.top/eqwu
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://jscriptao.digital/vpep
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tpbrandihx.run/lowp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://elonfgshadow.live/xawi
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://dzenithcorde.top/auid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://htechguidet.digital/apdo
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6autogearw.live/tapsz
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://edatawavej.digital/bafy
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gbrandihx.run/lowp
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sviriatoe.live/laopx
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://triremeo.digital/akds
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wzenithcorde.top/auid
Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://zcivitasu.run/werrp
Lumma Stealer botnet C2 (confidence level: 75%)

File

ValueDescriptionCopy
file175.107.38.81
Unknown malware botnet C2 server (confidence level: 100%)
file47.115.227.6
Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.200.251
Cobalt Strike botnet C2 server (confidence level: 100%)
file43.142.157.142
Cobalt Strike botnet C2 server (confidence level: 100%)
file39.101.135.210
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.228
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.227
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.229
Cobalt Strike botnet C2 server (confidence level: 100%)
file185.39.17.25
Sliver botnet C2 server (confidence level: 100%)
file137.184.190.241
Sliver botnet C2 server (confidence level: 100%)
file188.218.201.194
AsyncRAT botnet C2 server (confidence level: 100%)
file173.44.139.179
AsyncRAT botnet C2 server (confidence level: 100%)
file173.208.162.225
Unknown malware botnet C2 server (confidence level: 100%)
file104.248.5.186
Havoc botnet C2 server (confidence level: 100%)
file54.206.1.218
Havoc botnet C2 server (confidence level: 100%)
file146.70.24.193
Havoc botnet C2 server (confidence level: 100%)
file23.227.199.118
Havoc botnet C2 server (confidence level: 100%)
file209.141.55.248
MooBot botnet C2 server (confidence level: 100%)
file147.124.219.157
Rhadamanthys botnet C2 server (confidence level: 100%)
file124.223.32.16
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.226
Cobalt Strike botnet C2 server (confidence level: 100%)
file51.20.93.22
Sliver botnet C2 server (confidence level: 90%)
file128.90.113.26
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.26
AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.26
AsyncRAT botnet C2 server (confidence level: 100%)
file38.76.247.230
Unknown malware botnet C2 server (confidence level: 100%)
file107.172.102.50
Unknown malware botnet C2 server (confidence level: 100%)
file173.208.162.225
Unknown malware botnet C2 server (confidence level: 100%)
file194.164.194.149
Unknown malware botnet C2 server (confidence level: 100%)
file45.134.39.5
Hook botnet C2 server (confidence level: 100%)
file45.134.39.5
Hook botnet C2 server (confidence level: 100%)
file103.127.135.159
Unknown malware botnet C2 server (confidence level: 100%)
file91.99.67.156
Unknown malware botnet C2 server (confidence level: 100%)
file137.184.89.150
Unknown malware botnet C2 server (confidence level: 100%)
file103.8.185.170
Unknown malware botnet C2 server (confidence level: 100%)
file44.231.48.102
Unknown malware botnet C2 server (confidence level: 100%)
file3.141.206.31
Unknown malware botnet C2 server (confidence level: 100%)
file3.129.118.20
Unknown malware botnet C2 server (confidence level: 100%)
file172.208.53.96
Unknown malware botnet C2 server (confidence level: 100%)
file89.248.170.161
Unknown malware botnet C2 server (confidence level: 100%)
file149.90.103.193
Unknown malware botnet C2 server (confidence level: 100%)
file34.72.179.141
Unknown malware botnet C2 server (confidence level: 100%)
file43.205.218.182
Unknown malware botnet C2 server (confidence level: 100%)
file5.78.77.165
Unknown malware botnet C2 server (confidence level: 100%)
file3.142.104.17
Unknown malware botnet C2 server (confidence level: 100%)
file52.14.245.245
Unknown malware botnet C2 server (confidence level: 100%)
file35.173.246.249
Unknown malware botnet C2 server (confidence level: 100%)
file3.216.45.175
Unknown malware botnet C2 server (confidence level: 100%)
file113.44.168.133
Cobalt Strike botnet C2 server (confidence level: 100%)
file103.233.253.26
Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.19.182
Cobalt Strike botnet C2 server (confidence level: 100%)
file124.70.204.188
Cobalt Strike botnet C2 server (confidence level: 100%)
file154.201.74.112
Cobalt Strike botnet C2 server (confidence level: 100%)
file189.1.229.235
Cobalt Strike botnet C2 server (confidence level: 100%)
file62.60.234.10
Unknown malware botnet C2 server (confidence level: 75%)
file34.93.12.185
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.108.158.237
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file148.66.16.230
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.129.6.50
Sliver botnet C2 server (confidence level: 100%)
file139.180.217.142
Unknown malware botnet C2 server (confidence level: 100%)
file45.138.16.100
AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.116.152
AsyncRAT botnet C2 server (confidence level: 100%)
file172.188.218.53
Unknown malware botnet C2 server (confidence level: 100%)
file152.42.195.54
Havoc botnet C2 server (confidence level: 100%)
file195.82.147.63
DCRat botnet C2 server (confidence level: 100%)
file15.157.69.142
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file184.97.3.210
DeimosC2 botnet C2 server (confidence level: 75%)
file185.101.38.39
Remcos botnet C2 server (confidence level: 75%)
file185.244.30.102
Remcos botnet C2 server (confidence level: 75%)
file196.251.84.214
Remcos botnet C2 server (confidence level: 75%)
file198.135.49.120
Remcos botnet C2 server (confidence level: 75%)
file94.26.90.81
XWorm botnet C2 server (confidence level: 75%)
file4.240.2.164
Havoc botnet C2 server (confidence level: 75%)
file70.31.125.193
QakBot botnet C2 server (confidence level: 75%)
file98.177.107.151
Meterpreter botnet C2 server (confidence level: 75%)
file39.101.171.116
Cobalt Strike botnet C2 server (confidence level: 100%)
file121.5.157.134
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.143.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file180.76.244.133
Cobalt Strike botnet C2 server (confidence level: 100%)
file178.128.171.5
Sliver botnet C2 server (confidence level: 100%)
file188.27.76.253
Orcus RAT botnet C2 server (confidence level: 100%)
file109.176.202.86
MooBot botnet C2 server (confidence level: 100%)
file41.216.189.234
Bashlite botnet C2 server (confidence level: 100%)
file43.255.158.248
Rhadamanthys botnet C2 server (confidence level: 100%)
file62.60.226.173
Rhadamanthys botnet C2 server (confidence level: 100%)
file42.194.172.155
Cobalt Strike botnet C2 server (confidence level: 75%)
file166.88.164.186
FAKEUPDATES botnet C2 server (confidence level: 100%)
file176.65.134.30
Remcos botnet C2 server (confidence level: 75%)
file209.141.50.64
Mirai botnet C2 server (confidence level: 75%)
file47.237.1.28
Cobalt Strike botnet C2 server (confidence level: 50%)
file111.230.18.219
Cobalt Strike botnet C2 server (confidence level: 50%)
file45.55.107.101
Cobalt Strike botnet C2 server (confidence level: 50%)
file34.102.113.135
Sliver botnet C2 server (confidence level: 50%)
file15.235.37.196
Sliver botnet C2 server (confidence level: 50%)
file139.162.13.178
Sliver botnet C2 server (confidence level: 50%)
file192.99.38.139
Sliver botnet C2 server (confidence level: 50%)
file185.17.3.70
Sliver botnet C2 server (confidence level: 50%)
file193.168.144.149
Sliver botnet C2 server (confidence level: 50%)
file47.236.136.247
Sliver botnet C2 server (confidence level: 50%)
file3.147.28.47
Unknown malware botnet C2 server (confidence level: 50%)
file118.122.8.155
Unknown malware botnet C2 server (confidence level: 50%)
file118.122.8.156
Unknown malware botnet C2 server (confidence level: 50%)
file118.122.8.154
Unknown malware botnet C2 server (confidence level: 50%)
file118.122.8.157
Unknown malware botnet C2 server (confidence level: 50%)
file118.122.8.155
Unknown malware botnet C2 server (confidence level: 50%)
file77.239.99.150
SectopRAT botnet C2 server (confidence level: 50%)
file193.176.23.5
SectopRAT botnet C2 server (confidence level: 50%)
file92.118.151.157
SectopRAT botnet C2 server (confidence level: 50%)
file92.255.57.32
SectopRAT botnet C2 server (confidence level: 50%)
file51.44.180.18
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file13.200.255.42
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file136.144.164.95
NetSupportManager RAT botnet C2 server (confidence level: 50%)
file34.16.115.86
Unknown malware botnet C2 server (confidence level: 50%)
file16.171.171.2
Unknown malware botnet C2 server (confidence level: 50%)
file4.237.56.192
Unknown malware botnet C2 server (confidence level: 50%)
file95.131.202.38
Brute Ratel C4 botnet C2 server (confidence level: 50%)
file45.207.58.182
AsyncRAT botnet C2 server (confidence level: 50%)
file69.24.199.27
Remcos botnet C2 server (confidence level: 50%)
file18.132.192.123
BlackShades botnet C2 server (confidence level: 50%)
file62.106.66.116
Unknown malware botnet C2 server (confidence level: 50%)
file216.9.225.168
Remcos botnet C2 server (confidence level: 50%)
file216.9.225.168
Remcos botnet C2 server (confidence level: 50%)
file8.138.189.93
Cobalt Strike botnet C2 server (confidence level: 100%)
file208.123.119.210
Sliver botnet C2 server (confidence level: 100%)
file146.70.137.90
AsyncRAT botnet C2 server (confidence level: 100%)
file98.217.73.238
AsyncRAT botnet C2 server (confidence level: 100%)
file195.82.147.63
DCRat botnet C2 server (confidence level: 100%)
file13.127.100.43
NetSupportManager RAT botnet C2 server (confidence level: 100%)
file185.39.17.122
Amadey botnet C2 server (confidence level: 50%)
file37.27.117.170
Mirai botnet C2 server (confidence level: 100%)
file110.41.60.33
Cobalt Strike botnet C2 server (confidence level: 100%)
file47.116.116.87
Cobalt Strike botnet C2 server (confidence level: 100%)
file49.232.143.137
Cobalt Strike botnet C2 server (confidence level: 100%)
file170.205.37.29
Cobalt Strike botnet C2 server (confidence level: 100%)
file172.166.104.19
Havoc botnet C2 server (confidence level: 100%)
file45.86.86.49
Unknown malware botnet C2 server (confidence level: 100%)
file194.113.245.11
Rhadamanthys botnet C2 server (confidence level: 100%)
file107.143.144.156
DeimosC2 botnet C2 server (confidence level: 75%)
file107.175.44.106
DeimosC2 botnet C2 server (confidence level: 75%)
file116.26.11.126
DeimosC2 botnet C2 server (confidence level: 75%)
file144.172.94.163
Remcos botnet C2 server (confidence level: 75%)
file147.189.128.43
Remcos botnet C2 server (confidence level: 75%)
file172.111.244.142
Remcos botnet C2 server (confidence level: 75%)
file172.245.208.17
Remcos botnet C2 server (confidence level: 75%)
file176.65.134.34
Remcos botnet C2 server (confidence level: 75%)
file196.251.85.124
Remcos botnet C2 server (confidence level: 75%)
file208.123.119.210
Sliver botnet C2 server (confidence level: 75%)
file3.115.250.72
DeimosC2 botnet C2 server (confidence level: 75%)
file3.232.226.225
DeimosC2 botnet C2 server (confidence level: 75%)
file3.75.6.25
DeimosC2 botnet C2 server (confidence level: 75%)
file3.96.152.27
Remcos botnet C2 server (confidence level: 75%)
file35.152.200.44
Eye Pyramid botnet C2 server (confidence level: 75%)
file39.40.136.162
QakBot botnet C2 server (confidence level: 75%)
file46.246.210.158
QakBot botnet C2 server (confidence level: 75%)
file47.129.6.50
Sliver botnet C2 server (confidence level: 75%)
file52.223.43.230
DeimosC2 botnet C2 server (confidence level: 75%)
file52.56.163.20
DeimosC2 botnet C2 server (confidence level: 75%)
file65.153.151.61
DeimosC2 botnet C2 server (confidence level: 75%)
file70.31.125.144
QakBot botnet C2 server (confidence level: 75%)
file75.2.99.37
DeimosC2 botnet C2 server (confidence level: 75%)
file77.244.220.81
DeimosC2 botnet C2 server (confidence level: 75%)
file78.168.1.119
QakBot botnet C2 server (confidence level: 75%)
file94.228.113.197
DeimosC2 botnet C2 server (confidence level: 75%)
file18.140.63.132
Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 682c7db2e8347ec82d2a3593

Added to database: 5/20/2025, 1:03:46 PM

Last enriched: 6/19/2025, 3:02:04 PM

Last updated: 8/16/2025, 8:54:10 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats