ThreatFox IOCs for 2025-05-15
Severity: mediumType: malware
ThreatFox IOCs for 2025-05-15
AI Analysis
Technical Summary
The provided threat information pertains to a malware-related security threat identified as "ThreatFox IOCs for 2025-05-15." The threat is categorized under the "osint" product type, indicating that it likely involves open-source intelligence data or tools. The data includes indicators of compromise (IOCs) collected and shared via ThreatFox, a platform known for aggregating threat intelligence. However, the specific technical details about the malware's behavior, attack vectors, or affected software versions are not provided, and no known exploits in the wild have been reported. The threat level is rated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination potential but limited detailed analysis. The absence of affected versions and patch links implies that this threat may be related to emerging or less well-defined malware samples rather than a known vulnerability in a specific product. The tags "type:osint" and "tlp:white" indicate that the information is publicly shareable and relates to open-source intelligence, which may be used for reconnaissance or initial stages of an attack. Overall, this threat appears to be a medium-severity malware-related intelligence report with limited technical specifics and no active exploitation currently documented.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the lack of detailed exploitation data and absence of known active attacks. However, since the threat involves malware and is disseminated through open-source intelligence channels, it could be leveraged by threat actors for reconnaissance, initial access, or lateral movement within networks. The medium severity rating suggests potential risks to confidentiality, integrity, or availability if the malware is deployed effectively. European entities relying heavily on OSINT tools or platforms similar to ThreatFox might face increased exposure to reconnaissance activities or targeted malware campaigns. Additionally, sectors with high sensitivity to malware infections, such as finance, critical infrastructure, and government, could experience operational disruptions or data breaches if this threat evolves or is weaponized. The lack of authentication or user interaction details limits precise impact assessment, but the distribution rating indicates a moderate potential for spread, which could affect multiple organizations if exploited.
Mitigation Recommendations
Given the limited technical details, European organizations should adopt a proactive and layered defense approach. Specific recommendations include: 1) Enhance monitoring of OSINT platforms and threat intelligence feeds to detect emerging IOCs related to this malware promptly. 2) Implement network segmentation and strict access controls to limit malware propagation if initial compromise occurs. 3) Conduct regular threat hunting exercises focusing on malware behaviors associated with OSINT-based reconnaissance and delivery mechanisms. 4) Ensure endpoint detection and response (EDR) solutions are updated and configured to detect anomalous activities potentially linked to this threat. 5) Train security teams to recognize and respond to early indicators of malware infections, especially those originating from open-source intelligence sources. 6) Collaborate with national and European cybersecurity centers to share intelligence and receive timely alerts about developments related to this threat. These measures go beyond generic advice by focusing on the unique aspects of OSINT-related malware dissemination and the need for active threat intelligence integration.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: saxecocnak.live
- domain: emphatakpn.bet
- domain: laminaflbx.shop
- domain: brandenfrancseet.sbs
- file: 47.96.114.159
- hash: 443
- file: 159.65.9.106
- hash: 443
- file: 47.115.202.126
- hash: 9998
- file: 205.198.88.140
- hash: 80
- url: https://fmovies123.top/fix/select.js
- domain: fmovies123.top
- url: https://fmovies123.top/fix/his.php
- url: https://probuildgroupusa.com/xsxs.zip
- file: 39.100.76.142
- hash: 8086
- file: 134.175.229.167
- hash: 443
- file: 196.251.85.128
- hash: 9090
- file: 172.111.244.102
- hash: 37830
- file: 3.17.164.16
- hash: 443
- file: 8.218.254.239
- hash: 8888
- file: 186.169.82.245
- hash: 9999
- file: 3.215.185.215
- hash: 8808
- file: 45.141.84.229
- hash: 15647
- file: 206.206.126.216
- hash: 8082
- file: 37.252.19.120
- hash: 443
- file: 194.195.251.227
- hash: 4000
- domain: ndgpt.ru
- file: 182.16.26.210
- hash: 56105
- domain: zdqdc.ru
- domain: ec2-54-183-101-23.us-west-1.compute.amazonaws.com
- domain: flowergrandeseen.sbs
- domain: console24.online
- url: http://ck92448.tw1.ru/5d8ad51b.php
- url: https://7lancery.digital/goj
- domain: dvwct.ru
- file: 193.124.41.54
- hash: 80
- file: 175.27.250.248
- hash: 8888
- file: 128.90.106.147
- hash: 2000
- file: 128.90.113.220
- hash: 8808
- file: 196.251.116.59
- hash: 2222
- file: 196.251.116.59
- hash: 7777
- file: 54.36.114.72
- hash: 3001
- file: 35.227.3.131
- hash: 7443
- domain: mahsa2283qt9.mahsaaminivpn.com
- file: 156.208.9.253
- hash: 4445
- file: 217.18.210.142
- hash: 1995
- domain: webpanel.elementfx.com
- file: 80.74.28.101
- hash: 80
- file: 45.249.244.192
- hash: 60000
- file: 5.129.200.87
- hash: 3434
- file: 49.12.113.198
- hash: 3333
- file: 132.220.9.187
- hash: 3333
- file: 18.141.207.185
- hash: 8443
- file: 209.74.83.112
- hash: 80
- file: 134.199.174.247
- hash: 8080
- file: 191.252.214.71
- hash: 3333
- file: 34.93.255.12
- hash: 3000
- file: 172.189.165.37
- hash: 3333
- file: 147.135.75.234
- hash: 3333
- file: 203.177.95.83
- hash: 80
- file: 194.206.75.137
- hash: 443
- file: 185.181.8.193
- hash: 8080
- file: 13.51.128.227
- hash: 443
- file: 13.51.246.31
- hash: 443
- file: 4.180.175.67
- hash: 443
- file: 172.190.97.151
- hash: 3333
- file: 52.29.87.239
- hash: 80
- file: 52.29.87.239
- hash: 443
- file: 46.36.41.35
- hash: 9876
- file: 35.182.126.131
- hash: 833
- domain: ecs-113-44-39-1.compute.hwclouds-dns.com
- file: 45.66.248.239
- hash: 443
- url: https://files.catbox.moe/olyfi3.001
- hash: bf3b43f5e4398ac810f005200519e096349b2237587d920d3c9b83525bb6bafc
- hash: 9940de30f3930cf0d0e9e9c8769148594240d11242fcd6c9dd9e9f572f68ac01
- hash: 30738450f69c3de74971368192a4a647e4ed9c658f076459e42683b110baf371
- hash: 1269c968258999930b573682699fe72de72d96401e3beb314ae91baf0e0e49e8
- file: 8.134.70.73
- hash: 7777
- file: 113.45.137.206
- hash: 80
- file: 212.162.155.38
- hash: 443
- file: 139.9.197.63
- hash: 8888
- file: 18.167.69.145
- hash: 443
- file: 47.92.142.110
- hash: 1234
- file: 66.181.36.218
- hash: 80
- url: http://206.206.126.216/
- url: https://onedrive.live.com/download?cid=74f1199a49c3215b&resid=74f1199a49c3215b%21122&authkey=aagy326uc3bhn_ks
- domain: silver-map.gl.at.ply.gg
- domain: frederichoms.com
- domain: tool.municipiodechepo.org
- domain: api.incapdns.kz
- domain: blog.jasonlees.com
- domain: report.monicabellucci.kz
- domain: developer.master.org.kz
- domain: cast.voxcdn.kz
- domain: host.moresecurity.kz
- domain: ryanberardi.com
- domain: onlinemail.kz
- domain: contactlistsagregator.com
- domain: blameaowi.run
- domain: changenwg.run
- domain: flamingof.run
- url: http://crackarithmetic.icu/glo.php
- domain: bootplate.info
- domain: sistertable.xyz
- url: https://mflowerexju.bet/lanz
- url: https://nposseswsnc.top/akds
- url: https://ycornerdurv.top/adwq
- file: 45.133.180.138
- hash: 6432
- url: https://4featurlyin.top/pdal
- url: https://demphatakpn.bet/ladk
- url: https://o9cornerdurv.top/adwq
- url: https://ylaminaflbx.shop/twoq
- file: 216.9.224.158
- hash: 13403
- file: 216.9.224.158
- hash: 13404
- url: https://raraucahkbm.live/baneb
- url: https://wfeaturlyin.top/pdal
- file: 166.88.182.216
- hash: 443
- url: https://steamcommunity.com/profiles/76561199855598339
- url: https://t.me/eom25h
- url: https://16.16.4t.com/
- url: https://49.12.106.231/
- domain: 16.16.4t.com
- file: 78.47.78.115
- hash: 443
- file: 49.12.106.231
- hash: 443
- file: 156.238.233.94
- hash: 8888
- file: 193.43.91.117
- hash: 443
- file: 124.70.25.169
- hash: 80
- file: 198.55.102.43
- hash: 2404
- file: 172.94.9.180
- hash: 1962
- file: 120.55.126.188
- hash: 8443
- file: 121.127.33.197
- hash: 8888
- file: 172.81.135.7
- hash: 8000
- domain: anna-akhmatova.com
- file: 23.145.40.108
- hash: 7443
- file: 192.227.209.49
- hash: 7443
- file: 47.128.228.209
- hash: 3260
- file: 47.128.228.209
- hash: 8010
- file: 45.150.34.16
- hash: 80
- file: 111.230.6.33
- hash: 443
- file: 192.227.128.8
- hash: 2082
- file: 143.198.86.20
- hash: 443
- file: 205.185.122.202
- hash: 8000
- file: 81.69.17.187
- hash: 8000
- file: 47.92.218.188
- hash: 80
- file: 101.126.136.95
- hash: 443
- file: 34.237.228.97
- hash: 443
- url: https://pub-d4469a7a24f7423989c5026116ada945.r2.dev/vpncmgr.exe
- file: 106.225.242.93
- hash: 4506
- url: https://12.innospark.cloud/vpnmcg.txt
- file: 164.90.170.149
- hash: 8000
- file: 191.112.19.228
- hash: 443
- hash: 4ebd79e8935076a7916e19650f98cc8c20aef4fb5c9da57807b472ee012d6d8c
- file: 44.197.118.25
- hash: 443
- file: 70.27.138.240
- hash: 2222
- file: 112.121.172.10
- hash: 6666
- domain: jerusd.digital
- domain: golconz.digital
- domain: cladwybn.digital
- url: https://eqcobwuxr.digital/mnf
- url: https://7meteorplyp.live/lekp
- url: https://milkwevvmw.run/gakz
- url: https://winterpwthc.digital/juab
- file: 206.238.115.155
- hash: 6606
- file: 206.238.115.155
- hash: 7707
- domain: ou.qymj.ru
- domain: fanclubsemantics.sbs
- file: 156.243.1.71
- hash: 443
- url: http://a0651821.xsph.ru/multiasync.php
- file: 54.90.144.239
- hash: 11112
- url: https://anna-akhmatova.com/login
- domain: aneesh-technomakest.duckdns.org
- domain: aneesh-technomakestbk.duckdns.org
- file: 148.113.214.176
- hash: 4090
- file: 191.96.39.104
- hash: 23083
- file: 47.109.177.97
- hash: 88
- file: 8.153.206.206
- hash: 80
- file: 1.15.174.189
- hash: 8896
- file: 154.92.15.53
- hash: 81
- file: 118.178.189.206
- hash: 80
- file: 118.178.188.203
- hash: 80
- file: 120.27.197.246
- hash: 8081
- file: 51.89.204.11
- hash: 64387
- file: 142.171.3.163
- hash: 8888
- file: 128.90.106.147
- hash: 4000
- file: 144.172.104.135
- hash: 6606
- file: 196.251.116.59
- hash: 222
- file: 196.251.116.59
- hash: 888
- file: 3.226.74.199
- hash: 80
- file: 34.148.218.89
- hash: 4443
- file: 20.67.242.112
- hash: 443
- file: 47.121.30.118
- hash: 8082
- domain: wss.telegrma.app
- file: 120.70.25.169
- hash: 80
- url: https://lovingcaredisabilityservices.com.au/up/
- url: https://ch1.s3.fr-par.scw.cloud/two-factor-auth-challenge-next-v6b7.html
- url: https://payment-verify.com/
- url: http://103.171.35.26:9443/dot.gif
- domain: stealer.cy
- url: https://stealer.cy
- url: https://16testcawepr.run/dsap
- url: https://6laminaflbx.shop/twoq
- url: https://www.rivercitymech.biz/profilelayout
- domain: www.rivercitymech.biz
- domain: awndsjkduiukekwltdadjwadawds.ru
- domain: pentagonstealer.ru
- domain: pentagon.cy
- domain: testwebsite01-70h.pages.dev
- url: https://8jugulagklc.live/roek
- url: https://jemphatakpn.bet/ladk
- url: https://zsaxecocnak.live/manj
- url: https://chiasmymnb.live/godk
- url: https://regopramide.top/lav/xf_addon.js
- url: https://regopramide.top/lav/select.js
- url: https://regopramide.top/lav/lll.php
- url: https://badgervolleyball.org/fsos.zip
- domain: badgervolleyball.org
- file: 104.223.123.147
- hash: 80
- file: 134.175.229.167
- hash: 10002
- file: 85.239.52.195
- hash: 443
- file: 45.86.230.235
- hash: 443
- file: 141.98.6.13
- hash: 80
- file: 159.89.17.182
- hash: 443
- file: 47.128.236.179
- hash: 80
- url: https://qfeaturlyin.top/pdal
- domain: qv.gahq.ru
- file: 185.222.57.92
- hash: 55615
- url: http://77.246.158.103/securetrafficpublic.php
- url: https://8r.czlw.ru/2f5a9e85-ee81-41df-8f15-e83a4ffac6c2
- domain: 8r.czlw.ru
- file: 60.204.169.16
- hash: 9999
- file: 119.28.116.34
- hash: 443
- file: 179.12.116.83
- hash: 2404
- file: 103.79.76.40
- hash: 8444
- file: 5.35.125.78
- hash: 8443
- file: 5.35.125.78
- hash: 31337
- file: 156.244.7.77
- hash: 11949
- file: 176.65.140.223
- hash: 8089
- file: 172.86.110.114
- hash: 443
- file: 37.252.19.120
- hash: 80
- file: 5.12.198.153
- hash: 8080
- file: 139.59.242.226
- hash: 80
- file: 185.146.232.235
- hash: 4000
- file: 13.209.225.120
- hash: 443
- url: https://2otestcawepr.run/dsap
- url: https://psearchilyo.run/gsna
- file: 172.86.110.114
- hash: 8443
- file: 18.142.54.122
- hash: 443
- file: 194.219.251.137
- hash: 995
- file: 35.239.145.98
- hash: 443
- file: 45.134.62.106
- hash: 2376
- file: 70.27.138.240
- hash: 2078
- file: 75.2.11.125
- hash: 8127
ThreatFox IOCs for 2025-05-15
Medium
Published: Thu May 15 2025 (05/15/2025, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-05-15
AI-Powered Analysis
AILast updated: 06/19/2025, 14:05:52 UTC
Technical Analysis
The provided threat information pertains to a malware-related security threat identified as "ThreatFox IOCs for 2025-05-15." The threat is categorized under the "osint" product type, indicating that it likely involves open-source intelligence data or tools. The data includes indicators of compromise (IOCs) collected and shared via ThreatFox, a platform known for aggregating threat intelligence. However, the specific technical details about the malware's behavior, attack vectors, or affected software versions are not provided, and no known exploits in the wild have been reported. The threat level is rated as 2 on an unspecified scale, with an analysis rating of 1 and a distribution rating of 3, suggesting moderate dissemination potential but limited detailed analysis. The absence of affected versions and patch links implies that this threat may be related to emerging or less well-defined malware samples rather than a known vulnerability in a specific product. The tags "type:osint" and "tlp:white" indicate that the information is publicly shareable and relates to open-source intelligence, which may be used for reconnaissance or initial stages of an attack. Overall, this threat appears to be a medium-severity malware-related intelligence report with limited technical specifics and no active exploitation currently documented.
Potential Impact
For European organizations, the impact of this threat is currently moderate due to the lack of detailed exploitation data and absence of known active attacks. However, since the threat involves malware and is disseminated through open-source intelligence channels, it could be leveraged by threat actors for reconnaissance, initial access, or lateral movement within networks. The medium severity rating suggests potential risks to confidentiality, integrity, or availability if the malware is deployed effectively. European entities relying heavily on OSINT tools or platforms similar to ThreatFox might face increased exposure to reconnaissance activities or targeted malware campaigns. Additionally, sectors with high sensitivity to malware infections, such as finance, critical infrastructure, and government, could experience operational disruptions or data breaches if this threat evolves or is weaponized. The lack of authentication or user interaction details limits precise impact assessment, but the distribution rating indicates a moderate potential for spread, which could affect multiple organizations if exploited.
Mitigation Recommendations
Given the limited technical details, European organizations should adopt a proactive and layered defense approach. Specific recommendations include: 1) Enhance monitoring of OSINT platforms and threat intelligence feeds to detect emerging IOCs related to this malware promptly. 2) Implement network segmentation and strict access controls to limit malware propagation if initial compromise occurs. 3) Conduct regular threat hunting exercises focusing on malware behaviors associated with OSINT-based reconnaissance and delivery mechanisms. 4) Ensure endpoint detection and response (EDR) solutions are updated and configured to detect anomalous activities potentially linked to this threat. 5) Train security teams to recognize and respond to early indicators of malware infections, especially those originating from open-source intelligence sources. 6) Collaborate with national and European cybersecurity centers to share intelligence and receive timely alerts about developments related to this threat. These measures go beyond generic advice by focusing on the unique aspects of OSINT-related malware dissemination and the need for active threat intelligence integration.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- f50b8cca-387f-4f85-9417-4d0b7524c63f
- Original Timestamp
- 1747353786
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainsaxecocnak.live | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainemphatakpn.bet | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlaminaflbx.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbrandenfrancseet.sbs | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainfmovies123.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainndgpt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzdqdc.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainec2-54-183-101-23.us-west-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainflowergrandeseen.sbs | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainconsole24.online | Unknown Loader payload delivery domain (confidence level: 100%) | |
domaindvwct.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmahsa2283qt9.mahsaaminivpn.com | Hook botnet C2 domain (confidence level: 100%) | |
domainwebpanel.elementfx.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainecs-113-44-39-1.compute.hwclouds-dns.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainsilver-map.gl.at.ply.gg | Remcos botnet C2 domain (confidence level: 50%) | |
domainfrederichoms.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaintool.municipiodechepo.org | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainapi.incapdns.kz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainblog.jasonlees.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainreport.monicabellucci.kz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaindeveloper.master.org.kz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaincast.voxcdn.kz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainhost.moresecurity.kz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainryanberardi.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainonlinemail.kz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaincontactlistsagregator.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainblameaowi.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainchangenwg.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainflamingof.run | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainbootplate.info | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domainsistertable.xyz | Unknown Loader botnet C2 domain (confidence level: 100%) | |
domain16.16.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainanna-akhmatova.com | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainjerusd.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingolconz.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincladwybn.digital | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainou.qymj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfanclubsemantics.sbs | Unknown Loader payload delivery domain (confidence level: 100%) | |
domainaneesh-technomakest.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainaneesh-technomakestbk.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainwss.telegrma.app | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainstealer.cy | Unknown Stealer payload delivery domain (confidence level: 50%) | |
domainwww.rivercitymech.biz | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainawndsjkduiukekwltdadjwadawds.ru | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainpentagonstealer.ru | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainpentagon.cy | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domaintestwebsite01-70h.pages.dev | Unknown Stealer botnet C2 domain (confidence level: 50%) | |
domainbadgervolleyball.org | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainqv.gahq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8r.czlw.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file47.96.114.159 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.65.9.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.115.202.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file205.198.88.140 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.100.76.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file134.175.229.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.85.128 | Remcos botnet C2 server (confidence level: 100%) | |
file172.111.244.102 | Remcos botnet C2 server (confidence level: 100%) | |
file3.17.164.16 | Sliver botnet C2 server (confidence level: 100%) | |
file8.218.254.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.169.82.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.215.185.215 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.141.84.229 | SectopRAT botnet C2 server (confidence level: 100%) | |
file206.206.126.216 | Hook botnet C2 server (confidence level: 100%) | |
file37.252.19.120 | Havoc botnet C2 server (confidence level: 100%) | |
file194.195.251.227 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.16.26.210 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.124.41.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.27.250.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.106.147 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.220 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file54.36.114.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.227.3.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.208.9.253 | DCRat botnet C2 server (confidence level: 100%) | |
file217.18.210.142 | DCRat botnet C2 server (confidence level: 100%) | |
file80.74.28.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.249.244.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.129.200.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.12.113.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file132.220.9.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.141.207.185 | Unknown malware botnet C2 server (confidence level: 100%) | |
file209.74.83.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.174.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file191.252.214.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.93.255.12 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.189.165.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.135.75.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file203.177.95.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.206.75.137 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.181.8.193 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.51.128.227 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.51.246.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.180.175.67 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.190.97.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.29.87.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.29.87.239 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.36.41.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.182.126.131 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.66.248.239 | Latrodectus botnet C2 server (confidence level: 90%) | |
file8.134.70.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file113.45.137.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.162.155.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file139.9.197.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.167.69.145 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.142.110 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file66.181.36.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.133.180.138 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file216.9.224.158 | Remcos botnet C2 server (confidence level: 75%) | |
file216.9.224.158 | Remcos botnet C2 server (confidence level: 75%) | |
file166.88.182.216 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file78.47.78.115 | Vidar botnet C2 server (confidence level: 100%) | |
file49.12.106.231 | Vidar botnet C2 server (confidence level: 100%) | |
file156.238.233.94 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.43.91.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.70.25.169 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.55.102.43 | Remcos botnet C2 server (confidence level: 100%) | |
file172.94.9.180 | Remcos botnet C2 server (confidence level: 100%) | |
file120.55.126.188 | Sliver botnet C2 server (confidence level: 100%) | |
file121.127.33.197 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.81.135.7 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.145.40.108 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.227.209.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.128.228.209 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file47.128.228.209 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.150.34.16 | MooBot botnet C2 server (confidence level: 100%) | |
file111.230.6.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.227.128.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file143.198.86.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file205.185.122.202 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.69.17.187 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.218.188 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.126.136.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.237.228.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.225.242.93 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file164.90.170.149 | Havoc botnet C2 server (confidence level: 75%) | |
file191.112.19.228 | QakBot botnet C2 server (confidence level: 75%) | |
file44.197.118.25 | Havoc botnet C2 server (confidence level: 75%) | |
file70.27.138.240 | QakBot botnet C2 server (confidence level: 75%) | |
file112.121.172.10 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file206.238.115.155 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file206.238.115.155 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file156.243.1.71 | Meterpreter botnet C2 server (confidence level: 75%) | |
file54.90.144.239 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file148.113.214.176 | Remcos botnet C2 server (confidence level: 50%) | |
file191.96.39.104 | Remcos botnet C2 server (confidence level: 50%) | |
file47.109.177.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.153.206.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file1.15.174.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.92.15.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.178.189.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.178.188.203 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.27.197.246 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file51.89.204.11 | Remcos botnet C2 server (confidence level: 100%) | |
file142.171.3.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.106.147 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.172.104.135 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.59 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.226.74.199 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.148.218.89 | Havoc botnet C2 server (confidence level: 100%) | |
file20.67.242.112 | Havoc botnet C2 server (confidence level: 100%) | |
file47.121.30.118 | Vshell botnet C2 server (confidence level: 100%) | |
file120.70.25.169 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file104.223.123.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file134.175.229.167 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.239.52.195 | Latrodectus botnet C2 server (confidence level: 90%) | |
file45.86.230.235 | Latrodectus botnet C2 server (confidence level: 90%) | |
file141.98.6.13 | Hook botnet C2 server (confidence level: 100%) | |
file159.89.17.182 | Havoc botnet C2 server (confidence level: 100%) | |
file47.128.236.179 | MimiKatz botnet C2 server (confidence level: 100%) | |
file185.222.57.92 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file60.204.169.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.28.116.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file179.12.116.83 | Remcos botnet C2 server (confidence level: 100%) | |
file103.79.76.40 | pupy botnet C2 server (confidence level: 100%) | |
file5.35.125.78 | Sliver botnet C2 server (confidence level: 100%) | |
file5.35.125.78 | Sliver botnet C2 server (confidence level: 100%) | |
file156.244.7.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file176.65.140.223 | Hook botnet C2 server (confidence level: 100%) | |
file172.86.110.114 | Havoc botnet C2 server (confidence level: 100%) | |
file37.252.19.120 | Havoc botnet C2 server (confidence level: 100%) | |
file5.12.198.153 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file139.59.242.226 | MooBot botnet C2 server (confidence level: 100%) | |
file185.146.232.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.209.225.120 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file172.86.110.114 | Havoc botnet C2 server (confidence level: 75%) | |
file18.142.54.122 | BianLian botnet C2 server (confidence level: 75%) | |
file194.219.251.137 | QakBot botnet C2 server (confidence level: 75%) | |
file35.239.145.98 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file45.134.62.106 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file70.27.138.240 | QakBot botnet C2 server (confidence level: 75%) | |
file75.2.11.125 | DeimosC2 botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9998 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8086 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Remcos botnet C2 server (confidence level: 100%) | |
hash37830 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash56105 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4445 | DCRat botnet C2 server (confidence level: 100%) | |
hash1995 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3434 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9876 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash833 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hashbf3b43f5e4398ac810f005200519e096349b2237587d920d3c9b83525bb6bafc | DarkCloud Stealer payload (confidence level: 50%) | |
hash9940de30f3930cf0d0e9e9c8769148594240d11242fcd6c9dd9e9f572f68ac01 | DarkCloud Stealer payload (confidence level: 50%) | |
hash30738450f69c3de74971368192a4a647e4ed9c658f076459e42683b110baf371 | DarkCloud Stealer payload (confidence level: 50%) | |
hash1269c968258999930b573682699fe72de72d96401e3beb314ae91baf0e0e49e8 | DarkCloud Stealer payload (confidence level: 50%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6432 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash13403 | Remcos botnet C2 server (confidence level: 75%) | |
hash13404 | Remcos botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash1962 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3260 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8010 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2082 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4506 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8000 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash4ebd79e8935076a7916e19650f98cc8c20aef4fb5c9da57807b472ee012d6d8c | Lumma Stealer payload (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash11112 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4090 | Remcos botnet C2 server (confidence level: 50%) | |
hash23083 | Remcos botnet C2 server (confidence level: 50%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8896 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash64387 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8082 | Vshell botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8444 | pupy botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash11949 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash8080 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | BianLian botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2376 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2078 | QakBot botnet C2 server (confidence level: 75%) | |
hash8127 | DeimosC2 botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://fmovies123.top/fix/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://fmovies123.top/fix/his.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://probuildgroupusa.com/xsxs.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://ck92448.tw1.ru/5d8ad51b.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://7lancery.digital/goj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://files.catbox.moe/olyfi3.001 | DarkCloud Stealer payload delivery URL (confidence level: 50%) | |
urlhttp://206.206.126.216/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://onedrive.live.com/download?cid=74f1199a49c3215b&resid=74f1199a49c3215b%21122&authkey=aagy326uc3bhn_ks | Unknown Loader payload delivery URL (confidence level: 50%) | |
urlhttp://crackarithmetic.icu/glo.php | Unknown Loader botnet C2 (confidence level: 100%) | |
urlhttps://mflowerexju.bet/lanz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nposseswsnc.top/akds | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ycornerdurv.top/adwq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://4featurlyin.top/pdal | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://demphatakpn.bet/ladk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://o9cornerdurv.top/adwq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ylaminaflbx.shop/twoq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://raraucahkbm.live/baneb | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wfeaturlyin.top/pdal | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://steamcommunity.com/profiles/76561199855598339 | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://t.me/eom25h | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://16.16.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://49.12.106.231/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://pub-d4469a7a24f7423989c5026116ada945.r2.dev/vpncmgr.exe | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://12.innospark.cloud/vpnmcg.txt | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://eqcobwuxr.digital/mnf | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://7meteorplyp.live/lekp | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://milkwevvmw.run/gakz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://winterpwthc.digital/juab | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://a0651821.xsph.ru/multiasync.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://anna-akhmatova.com/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://lovingcaredisabilityservices.com.au/up/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://ch1.s3.fr-par.scw.cloud/two-factor-auth-challenge-next-v6b7.html | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://payment-verify.com/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://103.171.35.26:9443/dot.gif | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://stealer.cy | Unknown Stealer botnet C2 (confidence level: 50%) | |
urlhttps://16testcawepr.run/dsap | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://6laminaflbx.shop/twoq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://www.rivercitymech.biz/profilelayout | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://8jugulagklc.live/roek | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://jemphatakpn.bet/ladk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://zsaxecocnak.live/manj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://chiasmymnb.live/godk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://regopramide.top/lav/xf_addon.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://regopramide.top/lav/select.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://regopramide.top/lav/lll.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://badgervolleyball.org/fsos.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://qfeaturlyin.top/pdal | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://77.246.158.103/securetrafficpublic.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://8r.czlw.ru/2f5a9e85-ee81-41df-8f15-e83a4ffac6c2 | ClearFake payload delivery URL (confidence level: 50%) | |
urlhttps://2otestcawepr.run/dsap | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://psearchilyo.run/gsna | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 682c7ab9e3e6de8ceb73f782
Added to database: 5/20/2025, 12:51:05 PM
Last enriched: 6/19/2025, 2:05:52 PM
Last updated: 8/13/2025, 3:31:53 PM
Views: 12
Related Threats
ThreatFox IOCs for 2025-08-18
MediumMalwareTue Aug 19 2025
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
MediumMalwareMon Aug 18 2025
Phishing Scam with Fake Copyright Notices Drops New Noodlophile Stealer Variant
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-17
MediumMalwareMon Aug 18 2025
ThreatFox IOCs for 2025-08-16
MediumMalwareSun Aug 17 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.