ThreatFox IOCs for 2025-06-11
Severity: mediumType: malware
ThreatFox IOCs for 2025-06-11
AI Analysis
Technical Summary
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-06-11," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery. The absence of specific affected product versions and lack of detailed indicators of compromise (IOCs) suggest this entry serves as a general alert or a collection of IOCs rather than a detailed vulnerability or exploit report. The technical details indicate a moderate threat level (threatLevel: 2) with some analysis and distribution activity, but no known exploits in the wild or available patches. The malware type and its association with OSINT imply that the threat may involve the use of publicly available information to facilitate network-based payload delivery, potentially targeting systems through reconnaissance and subsequent exploitation phases. Given the lack of concrete technical specifics such as attack vectors, payload characteristics, or targeted vulnerabilities, the threat appears to be in an early or observational stage, possibly highlighting emerging malware trends or campaign indicators rather than an active, widespread attack. The medium severity rating aligns with this assessment, indicating a moderate risk that requires attention but does not currently pose an immediate critical threat. Overall, this threat intelligence entry serves as a situational awareness tool for cybersecurity teams to monitor evolving malware activities and prepare defensive measures accordingly.
Potential Impact
For European organizations, the potential impact of this threat is moderate but should not be underestimated. Since the threat involves OSINT and network activity related to payload delivery, it could facilitate targeted attacks such as spear-phishing, network intrusions, or malware deployment leveraging publicly available information. This could lead to unauthorized access, data exfiltration, or disruption of services. The absence of known exploits in the wild and patches suggests that exploitation may require specific conditions or manual attacker effort, limiting immediate widespread impact. However, organizations with high-value assets, especially those in critical infrastructure, finance, or government sectors, could be at risk if attackers leverage OSINT to tailor their payload delivery effectively. The threat may also serve as a precursor to more sophisticated attacks, making early detection and response crucial to mitigate potential damage. European entities should consider this threat as part of their broader threat landscape, emphasizing the importance of monitoring network activity and OSINT-derived intelligence to prevent successful payload delivery and subsequent compromise.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Implement continuous monitoring of open-source intelligence to detect emerging threats and indicators related to malware campaigns. 2. Network Traffic Analysis: Deploy advanced network traffic analysis tools capable of identifying anomalous payload delivery attempts, including unusual outbound connections or data flows. 3. Threat Intelligence Integration: Integrate ThreatFox and other reputable threat intelligence feeds into security information and event management (SIEM) systems to correlate and respond to relevant IOCs promptly. 4. User Awareness and Training: Conduct targeted training to educate employees about the risks of social engineering and spear-phishing attacks that may leverage OSINT data. 5. Network Segmentation: Apply strict network segmentation to limit the lateral movement potential of malware if payload delivery is successful. 6. Endpoint Detection and Response (EDR): Utilize EDR solutions to detect and contain suspicious activities at the endpoint level, focusing on payload execution and persistence mechanisms. 7. Incident Response Preparedness: Develop and regularly update incident response plans to address malware infections, including containment, eradication, and recovery procedures. 8. Access Controls and Least Privilege: Enforce strong access controls and the principle of least privilege to reduce the impact of potential compromises. These measures go beyond generic advice by emphasizing proactive OSINT monitoring, integration of specific threat feeds, and tailored network defenses aligned with the nature of the threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- file: 89.117.67.63
- hash: 443
- domain: security.flapegjardse.com
- domain: nesapa.com
- url: https://nesapa.com/shield.msi
- file: 146.70.113.140
- hash: 443
- file: 103.51.144.18
- hash: 443
- file: 156.238.233.76
- hash: 443
- file: 138.197.71.186
- hash: 443
- file: 43.139.233.218
- hash: 443
- file: 154.89.152.16
- hash: 443
- file: 194.233.82.123
- hash: 443
- file: 103.19.190.184
- hash: 443
- file: 47.92.213.214
- hash: 80
- file: 18.226.52.135
- hash: 443
- file: 38.12.25.192
- hash: 8888
- file: 95.111.221.117
- hash: 7443
- file: 35.184.95.33
- hash: 7443
- domain: static.148.29.9.176.clients.your-server.de
- file: 18.197.16.79
- hash: 6362
- file: 54.207.185.124
- hash: 8089
- file: 156.244.13.120
- hash: 443
- file: 45.207.207.97
- hash: 808
- file: 36.50.135.191
- hash: 80
- file: 62.60.226.19
- hash: 8888
- file: 196.119.20.171
- hash: 10000
- file: 18.163.37.253
- hash: 9094
- file: 106.55.66.241
- hash: 443
- file: 147.253.132.187
- hash: 5655
- domain: etnxin63.tk10.top
- domain: outlook.optimumcs.org
- domain: etnsg6.nicetk.top
- domain: login.optimumcs.org
- domain: kf.pinkbnb.net
- file: 39.98.204.142
- hash: 9090
- file: 38.46.221.61
- hash: 33485
- file: 196.251.70.106
- hash: 8808
- file: 78.161.6.158
- hash: 1000
- file: 18.223.88.214
- hash: 8443
- file: 144.172.114.99
- hash: 7443
- domain: lpmrsa.net
- file: 186.169.95.151
- hash: 8090
- file: 94.26.90.82
- hash: 4444
- file: 1.94.146.179
- hash: 60000
- file: 154.31.216.198
- hash: 60000
- file: 8.137.146.17
- hash: 60000
- file: 159.75.132.242
- hash: 60000
- file: 118.178.89.112
- hash: 60000
- file: 8.152.208.83
- hash: 60000
- file: 51.20.51.181
- hash: 3333
- file: 3.130.101.244
- hash: 8080
- file: 8.218.222.240
- hash: 443
- file: 194.110.220.77
- hash: 10010
- file: 212.233.94.157
- hash: 3333
- file: 37.208.107.91
- hash: 3333
- file: 43.142.137.164
- hash: 80
- file: 149.104.24.51
- hash: 63333
- file: 135.181.44.53
- hash: 20000
- file: 52.23.197.204
- hash: 443
- file: 95.216.161.54
- hash: 3333
- file: 95.142.42.212
- hash: 3333
- file: 35.169.86.240
- hash: 443
- file: 3.66.101.24
- hash: 80
- file: 3.66.101.24
- hash: 443
- file: 34.59.203.213
- hash: 10443
- file: 13.233.89.168
- hash: 6008
- file: 52.221.228.115
- hash: 2376
- file: 3.107.160.120
- hash: 5432
- domain: appsmacosx.com
- domain: macapps-apple.com
- domain: macapp-apple.com
- domain: republicasiamedia.com
- domain: cryptoinfo-news.com
- domain: macosxappstore.com
- domain: macosx-apps.com
- url: https://78.47.69.208/
- url: https://32.0.4t.com/
- domain: 32.0.4t.com
- file: 88.99.120.102
- hash: 443
- file: 78.47.69.208
- hash: 443
- file: 139.159.225.141
- hash: 443
- file: 193.37.69.42
- hash: 5389
- file: 134.185.106.227
- hash: 4444
- file: 101.226.8.163
- hash: 53
- file: 118.25.106.80
- hash: 443
- file: 124.230.106.166
- hash: 9999
- file: 206.238.220.35
- hash: 8808
- file: 78.161.6.158
- hash: 3000
- file: 91.99.105.252
- hash: 80
- file: 65.38.120.27
- hash: 443
- file: 43.128.130.252
- hash: 443
- file: 111.180.190.199
- hash: 18008
- file: 94.26.90.243
- hash: 443
- file: 160.250.137.130
- hash: 80
- file: 34.64.111.49
- hash: 8080
- file: 206.123.145.22
- hash: 443
- file: 129.204.146.115
- hash: 50080
- file: 101.126.87.235
- hash: 443
- file: 8.218.77.224
- hash: 8432
- file: 86.54.42.108
- hash: 443
- file: 45.55.159.60
- hash: 443
- file: 222.73.22.7
- hash: 50050
- file: 13.201.38.58
- hash: 666
- file: 3.145.80.162
- hash: 4321
- file: 43.198.207.95
- hash: 8649
- file: 43.198.207.95
- hash: 4949
- file: 43.198.207.95
- hash: 18049
- file: 213.131.49.166
- hash: 4899
- file: 37.12.5.43
- hash: 6001
- file: 170.64.233.123
- hash: 31337
- file: 176.65.148.219
- hash: 31337
- file: 107.172.76.117
- hash: 31337
- file: 185.87.253.242
- hash: 31337
- file: 54.165.18.182
- hash: 443
- file: 176.9.117.52
- hash: 9443
- file: 147.50.253.4
- hash: 10134
- file: 63.176.167.215
- hash: 20440
- url: https://api.telegram.org/bot6593110417:aahd3ejsvvfs6uyfmjwwzrgcoimyda6p5zg/
- domain: mexko.ddns.net
- file: 43.250.174.49
- hash: 8850
- url: https://andreameixueiro.com/iransat_vlxwzzs182.bin
- url: https://drive.google.com/uc?export=download&id=1zs8dtti5_wmj-76xq2wmobnkdizyljak
- url: https://onedrive.live.com/download?cid=72ef66c14df86b76&resid=72ef66c14df86b76%21173&authkey=alqcuouptad_r-q
- domain: diegoluis.no-ip.org
- domain: chromeparts.icu
- domain: billing.roofnrack.us
- domain: shool.digital
- domain: zwiirl.xyz
- domain: sldnys.xyz
- domain: resdcv.xyz
- domain: anzkb.xyz
- domain: ineyay.xyz
- domain: assixny.xyz
- domain: clirujf.xyz
- domain: triobm.xyz
- domain: negqjcj.xyz
- domain: horavd.xyz
- domain: ravisrq.xyz
- domain: shaqgn.xyz
- domain: ethnugm.xyz
- domain: unvkoj.xyz
- domain: lakxd.xyz
- domain: mordpdv.xyz
- domain: callbacywo.xyz
- domain: mindlevqtg.xyz
- file: 172.234.115.91
- hash: 40056
- file: 23.249.28.155
- hash: 53
- file: 194.59.31.87
- hash: 6220
- file: 188.245.69.165
- hash: 8443
- file: 92.63.196.47
- hash: 5389
- file: 103.84.89.9
- hash: 429
- file: 193.233.254.162
- hash: 5555
- file: 193.161.193.99
- hash: 27672
- file: 14.103.183.200
- hash: 443
- file: 27.124.34.101
- hash: 10086
- file: 196.251.92.210
- hash: 2404
- file: 147.135.215.25
- hash: 2406
- file: 193.161.193.99
- hash: 37228
- file: 194.163.190.186
- hash: 7443
- file: 91.99.108.177
- hash: 443
- file: 87.120.84.230
- hash: 443
- domain: 6gpwqae72132.cfc-execute.gz.baidubce.com
- file: 113.45.175.15
- hash: 443
- file: 85.175.101.203
- hash: 8080
- domain: ntzljkg5d.localto.net
- file: 191.101.131.45
- hash: 49152
- domain: secure.nashbashmotorsports.com
- url: http://89.38.128.49/externalsecurecpuupdatetestuniversaltemporary.php
- file: 156.234.58.194
- hash: 52110
- url: https://secure.nashbashmotorsports.com/ajaxaction
- file: 144.172.87.101
- hash: 7706
- file: 45.8.125.163
- hash: 8041
- file: 101.201.153.25
- hash: 443
- file: 93.95.229.133
- hash: 8888
- file: 209.126.83.54
- hash: 8808
- file: 20.229.186.157
- hash: 80
- domain: hvc.adcsa.org
- file: 45.141.233.147
- hash: 443
- file: 64.72.205.204
- hash: 12521
- file: 51.20.96.28
- hash: 43063
- url: https://valifoprofsto.com/work/
- url: https://visafropik.com/work/
- url: https://bnpparibas.top/lg/index.js
- domain: bnpparibas.top
- url: https://vikingtenerife.com/head.php
- url: https://vikingtenerife.com/rwsaxsws.zip
- domain: vikingtenerife.com
- file: 94.158.245.63
- hash: 443
- file: 101.32.209.51
- hash: 446
- url: https://leftykreh.com/4f2s.js
- domain: leftykreh.com
- url: https://leftykreh.com/js.php
- url: https://dnsmicrosoftds-data.com/log/in
- domain: dnsmicrosoftds-data.com
- file: 165.50.8.95
- hash: 7772
- file: 3.138.180.119
- hash: 19869
- file: 3.136.65.236
- hash: 19869
- file: 3.133.207.110
- hash: 19869
- domain: furry-femboys.top
- file: 123.57.2.124
- hash: 6667
- file: 144.172.110.221
- hash: 8080
- file: 196.251.66.59
- hash: 5000
- file: 46.246.6.20
- hash: 2404
- file: 146.190.95.159
- hash: 31337
- file: 45.80.158.115
- hash: 8808
- file: 134.199.200.232
- hash: 8808
- file: 213.209.143.170
- hash: 1337
- file: 23.95.106.22
- hash: 8437
- file: 103.245.231.26
- hash: 443
- file: 8.148.212.158
- hash: 7443
- file: 154.90.54.98
- hash: 8089
- file: 31.57.219.5
- hash: 5938
- file: 23.254.215.118
- hash: 445
- file: 54.210.203.58
- hash: 6009
- file: 178.20.208.225
- hash: 8000
- file: 95.142.45.249
- hash: 443
- domain: cross-compiling.org
- domain: i-kiss-boys.com
- domain: 3gipcam.com
- file: 144.172.112.27
- hash: 101
- file: 15.197.152.206
- hash: 443
- file: 154.247.137.31
- hash: 443
- file: 201.103.116.94
- hash: 995
- file: 23.227.199.37
- hash: 6443
- file: 39.40.183.133
- hash: 995
- file: 181.131.218.182
- hash: 5080
- file: 196.251.115.76
- hash: 5000
- file: 196.251.115.1
- hash: 5000
- file: 196.251.80.125
- hash: 7000
- domain: coming-taken.gl.at.ply.gg
- domain: fuckedup-sales.duckdns.org
- file: 185.196.9.229
- hash: 1100
- domain: statistics-kennedy.gl.at.ply.gg
- domain: boys-october.gl.at.ply.gg
- domain: msn-throwing.gl.at.ply.gg
- domain: faq-licence.gl.at.ply.gg
- file: 193.23.216.36
- hash: 9999
- domain: reader-chicken.gl.at.ply.gg
- domain: kimsoylak.ddns.net
- domain: studies-royal.at.ply.gg
- domain: usa-departments.at.ply.gg
- domain: category-in.at.ply.gg
- domain: lbinc.grandmasgreengarage.tk
- file: 181.131.218.182
- hash: 8050
- domain: armandovillareal504010.duckdns.org
- domain: carlosmendoza504070.duckdns.org
- domain: andersondavid4070.duckdns.org
- domain: antonioguerrero4050.duckdns.org
- domain: velisariosantiago7080.duckdns.org
- domain: camilorestrepo9050702.duckdns.org
- domain: trinidadtobago5020.duckdns.org
- domain: andrescasablanca9030.duckdns.org
- domain: gustavovalencia9070.duckdns.org
- domain: santiagotrujillo9010.duckdns.org
- domain: germancastillo9050.duckdns.org
- domain: carlosvillalba9040.duckdns.org
- domain: miguelurrutia7040.duckdns.org
- domain: andresvalderrama4070.duckdns.org
- domain: carlossantrich9080.duckdns.org
- domain: sandraverdecia708091.duckdns.org
- domain: jaimefernandez203040.duckdns.org
- domain: franciscodaza3090.duckdns.org
- domain: armandoquiroz7020.duckdns.org
- domain: camilotorrenegra9080.duckdns.org
- domain: sergiovalderrama2040.duckdns.org
- domain: javiersandoval9030.duckdns.org
- domain: carlosurrutia8050202.duckdns.org
- domain: carlosfernandez401020.duckdns.org
- domain: carlosurrutia805020.duckdns.org
- domain: spring-looks.gl.at.ply.gg
- file: 175.178.98.219
- hash: 443
- file: 47.98.195.230
- hash: 2222
ThreatFox IOCs for 2025-06-11
Medium
Published: Wed Jun 11 2025 (06/11/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-06-11
AI-Powered Analysis
AILast updated: 06/12/2025, 00:23:35 UTC
Technical Analysis
The provided threat intelligence pertains to a malware-related entry titled "ThreatFox IOCs for 2025-06-11," sourced from the ThreatFox MISP Feed. The threat is categorized primarily under OSINT (Open Source Intelligence), network activity, and payload delivery. The absence of specific affected product versions and lack of detailed indicators of compromise (IOCs) suggest this entry serves as a general alert or a collection of IOCs rather than a detailed vulnerability or exploit report. The technical details indicate a moderate threat level (threatLevel: 2) with some analysis and distribution activity, but no known exploits in the wild or available patches. The malware type and its association with OSINT imply that the threat may involve the use of publicly available information to facilitate network-based payload delivery, potentially targeting systems through reconnaissance and subsequent exploitation phases. Given the lack of concrete technical specifics such as attack vectors, payload characteristics, or targeted vulnerabilities, the threat appears to be in an early or observational stage, possibly highlighting emerging malware trends or campaign indicators rather than an active, widespread attack. The medium severity rating aligns with this assessment, indicating a moderate risk that requires attention but does not currently pose an immediate critical threat. Overall, this threat intelligence entry serves as a situational awareness tool for cybersecurity teams to monitor evolving malware activities and prepare defensive measures accordingly.
Potential Impact
For European organizations, the potential impact of this threat is moderate but should not be underestimated. Since the threat involves OSINT and network activity related to payload delivery, it could facilitate targeted attacks such as spear-phishing, network intrusions, or malware deployment leveraging publicly available information. This could lead to unauthorized access, data exfiltration, or disruption of services. The absence of known exploits in the wild and patches suggests that exploitation may require specific conditions or manual attacker effort, limiting immediate widespread impact. However, organizations with high-value assets, especially those in critical infrastructure, finance, or government sectors, could be at risk if attackers leverage OSINT to tailor their payload delivery effectively. The threat may also serve as a precursor to more sophisticated attacks, making early detection and response crucial to mitigate potential damage. European entities should consider this threat as part of their broader threat landscape, emphasizing the importance of monitoring network activity and OSINT-derived intelligence to prevent successful payload delivery and subsequent compromise.
Mitigation Recommendations
1. Enhance OSINT Monitoring: Implement continuous monitoring of open-source intelligence to detect emerging threats and indicators related to malware campaigns. 2. Network Traffic Analysis: Deploy advanced network traffic analysis tools capable of identifying anomalous payload delivery attempts, including unusual outbound connections or data flows. 3. Threat Intelligence Integration: Integrate ThreatFox and other reputable threat intelligence feeds into security information and event management (SIEM) systems to correlate and respond to relevant IOCs promptly. 4. User Awareness and Training: Conduct targeted training to educate employees about the risks of social engineering and spear-phishing attacks that may leverage OSINT data. 5. Network Segmentation: Apply strict network segmentation to limit the lateral movement potential of malware if payload delivery is successful. 6. Endpoint Detection and Response (EDR): Utilize EDR solutions to detect and contain suspicious activities at the endpoint level, focusing on payload execution and persistence mechanisms. 7. Incident Response Preparedness: Develop and regularly update incident response plans to address malware infections, including containment, eradication, and recovery procedures. 8. Access Controls and Least Privilege: Enforce strong access controls and the principle of least privilege to reduce the impact of potential compromises. These measures go beyond generic advice by emphasizing proactive OSINT monitoring, integration of specific threat feeds, and tailored network defenses aligned with the nature of the threat.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 64d40fba-f7b4-4b9f-b244-a0e4404fa9c7
- Original Timestamp
- 1749686586
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file89.117.67.63 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file146.70.113.140 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file103.51.144.18 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file156.238.233.76 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file138.197.71.186 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.139.233.218 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file154.89.152.16 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file194.233.82.123 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file103.19.190.184 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.213.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.226.52.135 | Sliver botnet C2 server (confidence level: 100%) | |
file38.12.25.192 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.111.221.117 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.184.95.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.197.16.79 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.207.185.124 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file156.244.13.120 | Nimplant botnet C2 server (confidence level: 100%) | |
file45.207.207.97 | Kaiji botnet C2 server (confidence level: 100%) | |
file36.50.135.191 | MooBot botnet C2 server (confidence level: 100%) | |
file62.60.226.19 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file196.119.20.171 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.163.37.253 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file106.55.66.241 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file147.253.132.187 | RMS botnet C2 server (confidence level: 100%) | |
file39.98.204.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.46.221.61 | Sliver botnet C2 server (confidence level: 90%) | |
file196.251.70.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.158 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file18.223.88.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.172.114.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.169.95.151 | DCRat botnet C2 server (confidence level: 100%) | |
file94.26.90.82 | DCRat botnet C2 server (confidence level: 100%) | |
file1.94.146.179 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.31.216.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.137.146.17 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.75.132.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.178.89.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.152.208.83 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.20.51.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.130.101.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.218.222.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.110.220.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.233.94.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.208.107.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.142.137.164 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.104.24.51 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.181.44.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.23.197.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.216.161.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.142.42.212 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.169.86.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.66.101.24 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.66.101.24 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.59.203.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.233.89.168 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.221.228.115 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.107.160.120 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file88.99.120.102 | Vidar botnet C2 server (confidence level: 100%) | |
file78.47.69.208 | Vidar botnet C2 server (confidence level: 100%) | |
file139.159.225.141 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.37.69.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file134.185.106.227 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.226.8.163 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.25.106.80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.230.106.166 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file206.238.220.35 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file78.161.6.158 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file91.99.105.252 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.38.120.27 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.128.130.252 | Havoc botnet C2 server (confidence level: 100%) | |
file111.180.190.199 | DCRat botnet C2 server (confidence level: 100%) | |
file94.26.90.243 | Latrodectus botnet C2 server (confidence level: 90%) | |
file160.250.137.130 | MooBot botnet C2 server (confidence level: 100%) | |
file34.64.111.49 | Chaos botnet C2 server (confidence level: 100%) | |
file206.123.145.22 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file129.204.146.115 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file101.126.87.235 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.218.77.224 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file86.54.42.108 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file45.55.159.60 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file222.73.22.7 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file13.201.38.58 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.145.80.162 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file43.198.207.95 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file43.198.207.95 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file43.198.207.95 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file213.131.49.166 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file37.12.5.43 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file170.64.233.123 | Sliver botnet C2 server (confidence level: 50%) | |
file176.65.148.219 | Sliver botnet C2 server (confidence level: 50%) | |
file107.172.76.117 | Sliver botnet C2 server (confidence level: 50%) | |
file185.87.253.242 | Sliver botnet C2 server (confidence level: 50%) | |
file54.165.18.182 | Unknown malware botnet C2 server (confidence level: 50%) | |
file176.9.117.52 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.50.253.4 | Orcus RAT botnet C2 server (confidence level: 50%) | |
file63.176.167.215 | Unknown malware botnet C2 server (confidence level: 50%) | |
file43.250.174.49 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file172.234.115.91 | Havoc botnet C2 server (confidence level: 75%) | |
file23.249.28.155 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file194.59.31.87 | Remcos botnet C2 server (confidence level: 100%) | |
file188.245.69.165 | Meterpreter botnet C2 server (confidence level: 75%) | |
file92.63.196.47 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file103.84.89.9 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.233.254.162 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
file193.161.193.99 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
file14.103.183.200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file27.124.34.101 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file196.251.92.210 | Remcos botnet C2 server (confidence level: 100%) | |
file147.135.215.25 | Remcos botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
file194.163.190.186 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.99.108.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file87.120.84.230 | Mirai botnet C2 server (confidence level: 100%) | |
file113.45.175.15 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file85.175.101.203 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file191.101.131.45 | XWorm botnet C2 server (confidence level: 100%) | |
file156.234.58.194 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file144.172.87.101 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
file45.8.125.163 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file101.201.153.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file93.95.229.133 | Sliver botnet C2 server (confidence level: 100%) | |
file209.126.83.54 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file20.229.186.157 | Hook botnet C2 server (confidence level: 100%) | |
file45.141.233.147 | Latrodectus botnet C2 server (confidence level: 90%) | |
file64.72.205.204 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.20.96.28 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file94.158.245.63 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file101.32.209.51 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file165.50.8.95 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.138.180.119 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.136.65.236 | NjRAT botnet C2 server (confidence level: 100%) | |
file3.133.207.110 | NjRAT botnet C2 server (confidence level: 100%) | |
file123.57.2.124 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file144.172.110.221 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.66.59 | Remcos botnet C2 server (confidence level: 100%) | |
file46.246.6.20 | Remcos botnet C2 server (confidence level: 100%) | |
file146.190.95.159 | Sliver botnet C2 server (confidence level: 100%) | |
file45.80.158.115 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file134.199.200.232 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.209.143.170 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file23.95.106.22 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.245.231.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.148.212.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.90.54.98 | Hook botnet C2 server (confidence level: 100%) | |
file31.57.219.5 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file23.254.215.118 | Havoc botnet C2 server (confidence level: 100%) | |
file54.210.203.58 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file178.20.208.225 | MimiKatz botnet C2 server (confidence level: 100%) | |
file95.142.45.249 | BianLian botnet C2 server (confidence level: 100%) | |
file144.172.112.27 | MooBot botnet C2 server (confidence level: 100%) | |
file15.197.152.206 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file154.247.137.31 | QakBot botnet C2 server (confidence level: 75%) | |
file201.103.116.94 | QakBot botnet C2 server (confidence level: 75%) | |
file23.227.199.37 | BianLian botnet C2 server (confidence level: 75%) | |
file39.40.183.133 | QakBot botnet C2 server (confidence level: 75%) | |
file181.131.218.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.115.76 | XWorm botnet C2 server (confidence level: 100%) | |
file196.251.115.1 | XWorm botnet C2 server (confidence level: 100%) | |
file196.251.80.125 | XWorm botnet C2 server (confidence level: 100%) | |
file185.196.9.229 | XWorm botnet C2 server (confidence level: 100%) | |
file193.23.216.36 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file181.131.218.182 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file175.178.98.219 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.98.195.230 | ValleyRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6362 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8089 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Nimplant botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8888 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) | |
hash9094 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash5655 | RMS botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash33485 | Sliver botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8090 | DCRat botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10010 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash63333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash20000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6008 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2376 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash5432 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5389 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash18008 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash50080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8432 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash50050 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash666 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4321 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8649 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4949 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash18049 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash4899 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash10134 | Orcus RAT botnet C2 server (confidence level: 50%) | |
hash20440 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash8850 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash40056 | Havoc botnet C2 server (confidence level: 75%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6220 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash5389 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash429 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash5555 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
hash27672 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash10086 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2406 | Remcos botnet C2 server (confidence level: 100%) | |
hash37228 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Mirai botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash49152 | XWorm botnet C2 server (confidence level: 100%) | |
hash52110 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7706 | PureLogs Stealer botnet C2 server (confidence level: 50%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash12521 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash43063 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash446 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7772 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash19869 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19869 | NjRAT botnet C2 server (confidence level: 100%) | |
hash19869 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6667 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8437 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash5938 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash445 | Havoc botnet C2 server (confidence level: 100%) | |
hash6009 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash101 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash6443 | BianLian botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash5080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1100 | XWorm botnet C2 server (confidence level: 100%) | |
hash9999 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8050 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2222 | ValleyRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.flapegjardse.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnesapa.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainstatic.148.29.9.176.clients.your-server.de | Havoc botnet C2 domain (confidence level: 100%) | |
domainetnxin63.tk10.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainoutlook.optimumcs.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainetnsg6.nicetk.top | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainlogin.optimumcs.org | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainkf.pinkbnb.net | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainlpmrsa.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainappsmacosx.com | AMOS payload delivery domain (confidence level: 75%) | |
domainmacapps-apple.com | AMOS payload delivery domain (confidence level: 75%) | |
domainmacapp-apple.com | AMOS payload delivery domain (confidence level: 75%) | |
domainrepublicasiamedia.com | AMOS payload delivery domain (confidence level: 75%) | |
domaincryptoinfo-news.com | AMOS payload delivery domain (confidence level: 75%) | |
domainmacosxappstore.com | AMOS payload delivery domain (confidence level: 75%) | |
domainmacosx-apps.com | AMOS payload delivery domain (confidence level: 75%) | |
domain32.0.4t.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainmexko.ddns.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaindiegoluis.no-ip.org | NjRAT botnet C2 domain (confidence level: 50%) | |
domainchromeparts.icu | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainbilling.roofnrack.us | Unknown Loader payload delivery domain (confidence level: 50%) | |
domainshool.digital | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainzwiirl.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainsldnys.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainresdcv.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainanzkb.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainineyay.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainassixny.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainclirujf.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaintriobm.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainnegqjcj.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainhoravd.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainravisrq.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainshaqgn.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainethnugm.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainunvkoj.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainlakxd.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmordpdv.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaincallbacywo.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainmindlevqtg.xyz | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domain6gpwqae72132.cfc-execute.gz.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainntzljkg5d.localto.net | XWorm botnet C2 domain (confidence level: 100%) | |
domainsecure.nashbashmotorsports.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainhvc.adcsa.org | Havoc botnet C2 domain (confidence level: 100%) | |
domainbnpparibas.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainvikingtenerife.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainleftykreh.com | KongTuke payload delivery domain (confidence level: 100%) | |
domaindnsmicrosoftds-data.com | KongTuke payload delivery domain (confidence level: 100%) | |
domainfurry-femboys.top | Mirai botnet C2 domain (confidence level: 100%) | |
domaincross-compiling.org | Mirai botnet C2 domain (confidence level: 100%) | |
domaini-kiss-boys.com | Mirai botnet C2 domain (confidence level: 100%) | |
domain3gipcam.com | Mirai botnet C2 domain (confidence level: 100%) | |
domaincoming-taken.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfuckedup-sales.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainstatistics-kennedy.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainboys-october.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmsn-throwing.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainfaq-licence.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainreader-chicken.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainkimsoylak.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainstudies-royal.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainusa-departments.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincategory-in.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainlbinc.grandmasgreengarage.tk | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainarmandovillareal504010.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincarlosmendoza504070.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainandersondavid4070.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainantonioguerrero4050.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvelisariosantiago7080.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincamilorestrepo9050702.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintrinidadtobago5020.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainandrescasablanca9030.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingustavovalencia9070.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsantiagotrujillo9010.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaingermancastillo9050.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincarlosvillalba9040.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmiguelurrutia7040.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainandresvalderrama4070.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincarlossantrich9080.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsandraverdecia708091.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjaimefernandez203040.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfranciscodaza3090.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainarmandoquiroz7020.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincamilotorrenegra9080.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsergiovalderrama2040.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainjaviersandoval9030.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincarlosurrutia8050202.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincarlosfernandez401020.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaincarlosurrutia805020.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainspring-looks.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://nesapa.com/shield.msi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://78.47.69.208/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://32.0.4t.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://api.telegram.org/bot6593110417:aahd3ejsvvfs6uyfmjwwzrgcoimyda6p5zg/ | Agent Tesla botnet C2 (confidence level: 50%) | |
urlhttps://andreameixueiro.com/iransat_vlxwzzs182.bin | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttps://drive.google.com/uc?export=download&id=1zs8dtti5_wmj-76xq2wmobnkdizyljak | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttps://onedrive.live.com/download?cid=72ef66c14df86b76&resid=72ef66c14df86b76%21173&authkey=alqcuouptad_r-q | Unknown Loader botnet C2 (confidence level: 50%) | |
urlhttp://89.38.128.49/externalsecurecpuupdatetestuniversaltemporary.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://secure.nashbashmotorsports.com/ajaxaction | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://valifoprofsto.com/work/ | Latrodectus botnet C2 (confidence level: 50%) | |
urlhttps://visafropik.com/work/ | Latrodectus botnet C2 (confidence level: 50%) | |
urlhttps://bnpparibas.top/lg/index.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://vikingtenerife.com/head.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://vikingtenerife.com/rwsaxsws.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://leftykreh.com/4f2s.js | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://leftykreh.com/js.php | KongTuke payload delivery URL (confidence level: 100%) | |
urlhttps://dnsmicrosoftds-data.com/log/in | KongTuke payload delivery URL (confidence level: 100%) |
Threat ID: 684a1a71358c65714e69d43b
Added to database: 6/12/2025, 12:08:17 AM
Last enriched: 6/12/2025, 12:23:35 AM
Last updated: 8/13/2025, 1:14:18 AM
Views: 24
Related Threats
ThreatFox IOCs for 2025-08-15
MediumMalwareSat Aug 16 2025
Threat Actor Profile: Interlock Ransomware
MediumMalwareFri Aug 15 2025
'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
MediumMalwareFri Aug 15 2025
Kawabunga, Dude, You've Been Ransomed!
MediumMalwareFri Aug 15 2025
ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
MediumMalwareFri Aug 15 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.