ThreatFox IOCs for 2025-07-02

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information describes a security threat categorized as malware with a medium severity level, sourced from the ThreatFox MISP feed. The threat is associated with OSINT (Open Source Intelligence) and involves network activity and payload delivery. However, there are no specific affected product versions, no known exploits in the wild, and no patches available. The threat level is indicated as 2 on an unspecified scale, with moderate distribution (3) and minimal analysis (1). The lack of detailed technical indicators, such as specific malware behavior, attack vectors, or vulnerabilities exploited, limits the depth of technical understanding. The threat appears to be related to the delivery of malicious payloads via network activity, potentially leveraging OSINT techniques for reconnaissance or targeting. The absence of known exploits and patches suggests this may be an emerging or low-profile threat, or one primarily used for intelligence gathering rather than widespread exploitation. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction. Overall, this threat represents a medium-level malware risk involving network-based payload delivery, but with limited actionable technical details at this time.

Potential Impact

For European organizations, this threat could pose risks primarily through network-based malware delivery mechanisms. Given the medium severity and the lack of known exploits, the immediate impact may be limited but could escalate if the threat actors develop more effective exploitation methods. Potential impacts include unauthorized access, data exfiltration, or disruption of services if the payloads are successfully delivered and executed. Organizations with extensive network exposure or those relying on OSINT for threat detection may be more vulnerable. The absence of patches means that mitigation relies heavily on detection and prevention controls. The threat could affect confidentiality, integrity, and availability depending on the payload's nature. European organizations in critical infrastructure, finance, and government sectors should be particularly vigilant due to the potential for targeted attacks leveraging OSINT-derived intelligence.

Mitigation Recommendations

1. Enhance network monitoring to detect unusual payload delivery patterns, focusing on indicators of compromise related to network activity and OSINT-based reconnaissance. 2. Implement strict egress and ingress filtering to limit exposure to malicious payloads. 3. Employ advanced threat detection solutions that incorporate behavioral analysis to identify anomalous activities potentially linked to this threat. 4. Conduct regular threat intelligence updates and integrate ThreatFox and other OSINT feeds into security operations to improve early detection. 5. Train security teams on recognizing OSINT-related threat tactics and payload delivery methods. 6. Since no patches are available, prioritize segmentation and least privilege principles to minimize potential lateral movement if an infection occurs. 7. Maintain up-to-date endpoint protection and ensure rapid incident response capabilities to contain any detected infections promptly.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 166.88.182.99
hash: 443
file: 170.75.160.9
hash: 443
file: 104.168.76.142
hash: 443
file: 18.215.241.71
hash: 80
file: 139.84.210.208
hash: 443
file: 119.45.28.152
hash: 8888
file: 202.55.135.163
hash: 80
file: 128.90.113.160
hash: 5000
file: 196.251.69.34
hash: 8000
file: 50.18.107.175
hash: 8808
file: 78.161.14.229
hash: 8808
file: 13.38.52.144
hash: 40000
file: 89.34.230.116
hash: 8888
file: 136.243.242.29
hash: 8113
url: http://cc18300.tw1.ru/4160b747.php
file: 38.240.50.173
hash: 2404
domain: ecs-113-45-47-3.compute.hwclouds-dns.com
domain: m83-189-135-177.cust.tele2.se
file: 45.94.31.84
hash: 8808
file: 128.90.113.160
hash: 1018
file: 128.90.113.160
hash: 8808
file: 52.232.96.227
hash: 443
file: 3.83.201.170
hash: 7443
file: 170.82.207.50
hash: 9090
file: 107.174.232.94
hash: 60000
file: 95.182.100.211
hash: 3333
file: 3.67.250.99
hash: 80
file: 3.67.250.99
hash: 443
file: 98.82.0.205
hash: 8443
file: 3.127.178.108
hash: 80
file: 3.76.53.35
hash: 80
file: 45.148.29.69
hash: 3333
file: 84.36.21.34
hash: 8080
file: 43.139.8.117
hash: 9090
file: 95.111.227.147
hash: 443
file: 119.29.18.60
hash: 3333
file: 110.42.60.175
hash: 3333
file: 210.16.65.228
hash: 3333
file: 52.58.175.64
hash: 80
file: 52.58.175.64
hash: 443
file: 187.237.186.166
hash: 8081
file: 3.74.29.115
hash: 80
file: 3.74.29.115
hash: 443
file: 195.246.230.100
hash: 3333
file: 137.184.89.111
hash: 443
file: 130.164.175.159
hash: 443
file: 118.174.70.104
hash: 7443
file: 146.70.87.96
hash: 43211
domain: imagoatlowk-58420.portmap.io
domain: andre21.ydns.eu
domain: developer1.ydns.eu
domain: sheddinho1122.ddns.net
domain: j3ru5al3m.duckdns.org
file: 172.245.4.223
hash: 16409
file: 172.245.4.223
hash: 16406
file: 179.43.186.224
hash: 4434
file: 47.113.217.92
hash: 8888
file: 196.251.72.214
hash: 4433
file: 107.148.237.76
hash: 80
file: 170.205.30.146
hash: 4885
file: 174.17.228.250
hash: 1606
url: https://impvmg.pics/xanj
file: 173.211.70.238
hash: 31337
file: 167.71.16.171
hash: 31337
file: 24.199.97.82
hash: 31337
file: 91.99.89.89
hash: 31337
file: 147.50.230.91
hash: 31337
file: 106.75.8.65
hash: 31337
file: 144.172.109.72
hash: 31337
file: 165.232.161.164
hash: 9443
file: 34.242.125.168
hash: 9306
file: 52.66.149.163
hash: 593
file: 51.92.246.140
hash: 37
file: 51.92.246.140
hash: 887
file: 185.75.240.211
hash: 9443
file: 23.249.29.124
hash: 53
file: 23.249.29.124
hash: 90
file: 107.189.25.98
hash: 4443
file: 35.152.180.214
hash: 8405
file: 154.0.170.61
hash: 444
file: 13.60.79.188
hash: 2154
file: 113.45.177.81
hash: 7788
url: http://34.64.111.49:8080/
url: http://113.45.238.149:8888/supershell/login
domain: tel-dv.gl.at.ply.gg
url: http://www.06.top/l36c/
url: http://www.0z442.click/ms14/
url: http://www.2zyo6w.top/l36c/
url: http://www.63bitcoin.info/ms14/
url: http://www.7o.top/ms14/
url: http://www.88.fan/ms14/
url: http://www.8dqy8.top/l36c/
url: http://www.8ksbtrf.lat/ms14/
url: http://www.adisson003.top/ms14/
url: http://www.aichuan.group/ms14/
url: http://www.ainianoffice.net/l36c/
url: http://www.aisoncalme.shop/ms14/
url: http://www.alentabroadgroup.shop/l36c/
url: http://www.alentedgegrouphq.top/l36c/
url: http://www.allantit.net/l36c/
url: http://www.amily-doctor-96553.bond/ms14/
url: http://www.andsbyen-nh.art/l36c/
url: http://www.antwedding.food/l36c/
url: http://www.aoik.net/ms14/
url: http://www.apakliescort.pro/l36c/
url: http://www.arrel.click/ms14/
url: http://www.artechs.net/l36c/
url: http://www.arung065.xyz/ms14/
url: http://www.aser-eye-surgery-gb-ro.sbs/l36c/
url: http://www.astech223.tech/ms14/
url: http://www.auuiqoq.top/ms14/
url: http://www.ayfairoutlet.shop/ms14/
url: http://www.bhvpf.top/ms14/
url: http://www.c.vacations/ms14/
url: http://www.c0739.top/ms14/
url: http://www.c1395.top/ms14/
url: http://www.c2081.top/ms14/
url: http://www.c3162.top/l36c/
url: http://www.c4809.top/l36c/
url: http://www.c5073.top/l36c/
url: http://www.c5349.top/ms14/
url: http://www.cottengland.net/l36c/
url: http://www.cty.top/l36c/
url: http://www.dd0rf.top/ms14/
url: http://www.dl5ue.top/l36c/
url: http://www.ds-adguard.pro/ms14/
url: http://www.dtr.website/l36c/
url: http://www.eadisadev.xyz/l36c/
url: http://www.egundaviareservista.shop/l36c/
url: http://www.elegxzpw.click/l36c/
url: http://www.ellness360.services/ms14/
url: http://www.enior-living-64812.bond/ms14/
url: http://www.erm-life-insurance-guide.sbs/l36c/
url: http://www.ermech.net/l36c/
url: http://www.erora.net/ms14/
url: http://www.eshi.qpon/ms14/
url: http://www.est-gd-888.click/ms14/
url: http://www.estsafe.net/ms14/
url: http://www.etnow-system.cfd/l36c/
url: http://www.f1e3c.pro/l36c/
url: http://www.g-899b8.xyz/l36c/
url: http://www.g51-lfoc1640.vip/l36c/
url: http://www.gstore.vip/l36c/
url: http://www.haymaa.net/l36c/
url: http://www.herightmoment.net/ms14/
url: http://www.herripalmer.shop/l36c/
url: http://www.hetrxio.online/ms14/
url: http://www.hklbx.top/l36c/
url: http://www.hristopher559.forum/ms14/
url: http://www.idgxq.top/ms14/
url: http://www.iewm0.top/l36c/
url: http://www.inebreak.cloud/ms14/
url: http://www.ingitchyvisitwhistle.christmas/ms14/
url: http://www.iongciyuan.app/l36c/
url: http://www.iotrax.tech/ms14/
url: http://www.iq73j.top/ms14/
url: http://www.ir-condition-49726.bond/l36c/
url: http://www.j-turismopg.win/ms14/
url: http://www.kclub.xyz/ms14/
url: http://www.kf5bb.top/ms14/
url: http://www.kgvuz.top/l36c/
url: http://www.kk72g.click/l36c/
url: http://www.leuthly.app/ms14/
url: http://www.lingan.tech/ms14/
url: http://www.lockbuilder.app/l36c/
url: http://www.lovemygod.art/l36c/
url: http://www.lsdh33.lol/l36c/
url: http://www.m5qfk.top/ms14/
url: http://www.mar1.xyz/ms14/
url: http://www.nfq.xyz/l36c/
url: http://www.nhojejagfsmoon482rapid.cfd/l36c/
url: http://www.nviodigitallive.shop/l36c/
url: http://www.nviodigitalsstore.shop/l36c/
url: http://www.nxzlb.top/l36c/
url: http://www.obertdavid.shop/l36c/
url: http://www.odallmikn.xyz/ms14/
url: http://www.odhod.cafe/l36c/
url: http://www.olygon.llc/l36c/
url: http://www.om-etcklb.live/l36c/
url: http://www.ome-portable-1hi3jo.bond/l36c/
url: http://www.onsultacaixa.shop/l36c/
url: http://www.oonlagoon.art/l36c/
url: http://www.ooyoo.cloud/l36c/
url: http://www.oreigndept.xyz/l36c/
url: http://www.orwarderp.net/l36c/
url: http://www.oulscripts.net/ms14/
url: http://www.ourstoreworld.shop/ms14/
url: http://www.pkooity.cfd/ms14/
url: http://www.px.lat/ms14/
url: http://www.qbrn.sbs/l36c/
url: http://www.rafttrd.click/l36c/
url: http://www.ramthrish.lol/ms14/
url: http://www.randperfumer.shop/ms14/
url: http://www.reace.dev/ms14/
url: http://www.remium5.click/l36c/
url: http://www.riaaccounting.net/ms14/
url: http://www.ronostic.tech/ms14/
url: http://www.rownandcleatco.ltd/ms14/
url: http://www.sfglar.shop/l36c/
url: http://www.sgzg.sbs/ms14/
url: http://www.sxzvkf8.xyz/ms14/
url: http://www.sy884.top/l36c/
url: http://www.t2025.net/ms14/
url: http://www.t722.top/ms14/
url: http://www.tgroup.xyz/l36c/
url: http://www.tundst.xyz/l36c/
url: http://www.ukangzhe.xyz/ms14/
url: http://www.uposttracked.live/l36c/
url: http://www.vjii.info/l36c/
url: http://www.w-vshop7-eleven.top/ms14/
url: http://www.xbet-bet-mu.xyz/ms14/
url: http://www.xrfeg.top/l36c/
url: http://www.y7dld.top/ms14/
url: http://www.yudsbnfdg.top/ms14/
url: http://www.yvnub.top/ms14/
file: 115.120.217.77
hash: 8081
file: 115.120.217.77
hash: 8080
domain: www.06.top
domain: www.0z442.click
domain: www.2zyo6w.top
domain: www.63bitcoin.info
domain: www.7o.top
domain: www.88.fan
domain: www.8dqy8.top
domain: www.8ksbtrf.lat
domain: www.adisson003.top
domain: www.aichuan.group
domain: www.ainianoffice.net
domain: www.aisoncalme.shop
domain: www.alentabroadgroup.shop
domain: www.alentedgegrouphq.top
domain: www.allantit.net
domain: www.amily-doctor-96553.bond
domain: www.andsbyen-nh.art
domain: www.antwedding.food
domain: www.aoik.net
domain: www.apakliescort.pro
domain: www.arrel.click
domain: www.artechs.net
domain: www.arung065.xyz
domain: www.aser-eye-surgery-gb-ro.sbs
domain: www.astech223.tech
domain: www.auuiqoq.top
domain: www.ayfairoutlet.shop
domain: www.bhvpf.top
domain: www.c.vacations
domain: www.c0739.top
domain: www.c1395.top
domain: www.c2081.top
domain: www.c3162.top
domain: www.c4809.top
domain: www.c5073.top
domain: www.c5349.top
domain: www.cottengland.net
domain: www.cty.top
domain: www.dd0rf.top
domain: www.dl5ue.top
domain: www.ds-adguard.pro
domain: www.dtr.website
domain: www.eadisadev.xyz
domain: www.egundaviareservista.shop
domain: www.elegxzpw.click
domain: www.ellness360.services
domain: www.enior-living-64812.bond
domain: www.erm-life-insurance-guide.sbs
domain: www.ermech.net
domain: www.erora.net
domain: www.eshi.qpon
domain: www.est-gd-888.click
domain: www.estsafe.net
domain: www.etnow-system.cfd
domain: www.f1e3c.pro
domain: www.g-899b8.xyz
domain: www.g51-lfoc1640.vip
domain: www.gstore.vip
domain: www.haymaa.net
domain: www.herightmoment.net
domain: www.herripalmer.shop
domain: www.hetrxio.online
domain: www.hklbx.top
domain: www.hristopher559.forum
domain: www.idgxq.top
domain: www.iewm0.top
domain: www.inebreak.cloud
domain: www.ingitchyvisitwhistle.christmas
domain: www.iongciyuan.app
domain: www.iotrax.tech
domain: www.iq73j.top
domain: www.ir-condition-49726.bond
domain: www.j-turismopg.win
domain: www.kclub.xyz
domain: www.kf5bb.top
domain: www.kgvuz.top
domain: www.kk72g.click
domain: www.leuthly.app
domain: www.lingan.tech
domain: www.lockbuilder.app
domain: www.lovemygod.art
domain: www.lsdh33.lol
domain: www.m5qfk.top
domain: www.mar1.xyz
domain: www.nfq.xyz
domain: www.nhojejagfsmoon482rapid.cfd
domain: www.nviodigitallive.shop
domain: www.nviodigitalsstore.shop
domain: www.nxzlb.top
domain: www.obertdavid.shop
domain: www.odallmikn.xyz
domain: www.odhod.cafe
domain: www.olygon.llc
domain: www.om-etcklb.live
domain: www.ome-portable-1hi3jo.bond
domain: www.onsultacaixa.shop
domain: www.oonlagoon.art
domain: www.ooyoo.cloud
domain: www.oreigndept.xyz
domain: www.orwarderp.net
domain: www.oulscripts.net
domain: www.ourstoreworld.shop
domain: www.pkooity.cfd
domain: www.px.lat
domain: www.qbrn.sbs
domain: www.rafttrd.click
domain: www.ramthrish.lol
domain: www.randperfumer.shop
domain: www.reace.dev
domain: www.remium5.click
domain: www.riaaccounting.net
domain: www.ronostic.tech
domain: www.rownandcleatco.ltd
domain: www.sfglar.shop
domain: www.sgzg.sbs
domain: www.sxzvkf8.xyz
domain: www.sy884.top
domain: www.t2025.net
domain: www.t722.top
domain: www.tgroup.xyz
domain: www.ukangzhe.xyz
domain: www.uposttracked.live
domain: www.vjii.info
domain: www.w-vshop7-eleven.top
domain: www.xbet-bet-mu.xyz
domain: www.xrfeg.top
domain: www.y7dld.top
domain: www.yudsbnfdg.top
domain: www.yvnub.top
file: 119.3.152.172
hash: 8443
domain: bot.hiddenlists.net
domain: phubotnet.duckdns.org
domain: plaquist-simulator.com
domain: everlight-beta.netlify.app
domain: mythstealer.win
domain: combatshell.com
domain: luraka-game.github.io
domain: yomiragame.blogspot.com
domain: combatsouls.com
domain: myth.cocukporno.lol
domain: ycvduc.xyz
domain: nbcsfar.xyz
domain: admin.primgs.lol
domain: img.responsive.pstatic.autos
domain: img.smartnords.site
domain: img.worksongo.store
domain: show.grip-cdns.space
file: 143.92.56.46
hash: 5200
file: 43.133.39.217
hash: 6666
file: 202.79.172.16
hash: 8880
file: 8.217.127.64
hash: 12020
file: 156.251.16.99
hash: 6628
file: 45.204.215.237
hash: 8081
file: 217.64.151.184
hash: 9779
file: 138.199.38.150
hash: 49443
file: 45.156.87.204
hash: 8080
file: 101.201.49.60
hash: 80
file: 37.120.208.37
hash: 57625
file: 139.224.167.235
hash: 443
file: 193.233.113.134
hash: 2404
file: 88.210.52.201
hash: 9090
file: 198.135.49.79
hash: 4190
file: 103.245.236.239
hash: 8808
file: 88.229.27.40
hash: 888
file: 52.232.101.201
hash: 443
file: 18.168.225.154
hash: 80
file: 173.230.136.136
hash: 8080
file: 54.165.195.193
hash: 443
file: 147.185.221.27
hash: 6351
file: 85.203.4.158
hash: 5000
file: 185.194.175.132
hash: 8000
file: 147.93.0.162
hash: 8080
file: 147.185.221.28
hash: 65045
file: 94.26.90.227
hash: 7000
file: 135.181.27.123
hash: 7443
domain: fakutenshop.cyou
domain: gjsccxw.cyou
domain: www.f-r-a-kuten.cyou
domain: www.shopecxw.cyou
file: 45.133.239.188
hash: 443
file: 38.54.85.112
hash: 443
domain: cbots.m.crooods.com
domain: cdn.burbankskincancercenter.com
domain: ithzb.com
domain: smtp.dkairsystems.com
domain: synchronization.rayanconfnet.ir
domain: techwhispers.org
domain: update.markets-news.com
url: http://147.78.67.188/lowprocessorasyncdletemp.php
url: http://horse18643.temp.swtest.ru/vmlowauthlongpollcentraldownloads.php
file: 106.14.177.133
hash: 443
file: 121.40.87.118
hash: 443
file: 139.224.196.107
hash: 443
file: 155.117.155.75
hash: 80
file: 192.53.121.144
hash: 443
file: 194.87.108.74
hash: 8443
file: 206.206.78.57
hash: 443
file: 34.233.77.255
hash: 8443
file: 44.206.39.60
hash: 8443
file: 47.92.35.113
hash: 443
file: 49.232.151.106
hash: 8080
file: 52.23.43.136
hash: 8443
file: 54.165.122.105
hash: 443
file: 54.213.246.23
hash: 443
file: 54.242.101.70
hash: 8443
file: 54.254.193.199
hash: 8443
file: 8.137.77.215
hash: 443
file: 172.245.4.218
hash: 2404
url: https://favgqu.shop/zajq
url: https://kinwlyo.xyz/gnbt
url: https://zsilvermoonbeam.hair/api
url: https://smoozof.top/ktjw
url: https://redacpq.shop/xpzl
url: https://t.me/kaktusikktvshow
url: https://t.me/edenwda
url: https://t.me/+jri-518b5m1knwjh
url: https://t.me/stftest
url: https://glhvps.lat/aiuq
url: https://estafetaems.top/api
url: https://posqvevibesonly.tech/api
url: https://fpxawz.pics/agmt
url: https://t.me/asdvwq1123f123213
url: https://criminnbkb.run/aplx
url: https://cocjkoonpillow.today/bvzx
url: https://tenbiw.shop/xjah
domain: evilc6604-54395.portmap.io
domain: qquasar.lnpntkd9vth0tup2.rest
domain: ever-transparent.gl.at.ply.gg
domain: done-gather.gl.at.ply.gg
domain: clairos-34961.portmap.io
domain: fall-islam.gl.at.ply.gg
file: 160.202.133.143
hash: 5232
file: 216.247.92.149
hash: 4782
file: 147.185.221.29
hash: 33736
file: 171.1.1.1
hash: 6066
file: 87.121.105.130
hash: 4782
file: 195.177.97.101
hash: 4782
domain: alexmoro.duckdns.org
domain: servicesdrivres1.duckdns.org
domain: gomezgomez.duckdns.org
domain: mistico2032.duckdns.org
domain: conhostlogsdown1.sytes.net
domain: conhostlogsdown2.sytes.net
domain: josemansory980.4cloud.click
file: 31.57.219.224
hash: 44000
file: 50.114.203.173
hash: 4449
file: 8.212.56.13
hash: 4449
file: 172.245.205.105
hash: 1500
file: 8.149.137.211
hash: 4449
file: 193.161.193.99
hash: 47747
file: 193.161.193.99
hash: 4455
file: 193.161.193.99
hash: 61587
domain: xw.lnpntkd9vth0tup2.rest
domain: magazine-tattoo.gl.at.ply.gg
domain: names-compatibility.gl.at.ply.gg
domain: superwx.duckdns.org
file: 147.185.221.23
hash: 25607
file: 147.185.221.29
hash: 30965
file: 45.141.27.119
hash: 7000
file: 193.161.193.99
hash: 24111
domain: btoast.mywire.org
file: 195.206.105.227
hash: 42830
domain: markscott.ddns.net
url: http://77.90.153.129
domain: gallery-article.gl.at.ply.gg
domain: 1221.sytes.net
domain: nokta147.no-ip.biz
domain: both-burlington.gl.at.ply.gg
domain: mosabedz.ddns.net
domain: ckimo.ddns.net
file: 147.185.221.29
hash: 48921
file: 176.122.105.140
hash: 7777
url: http://37.72.175.148/eric/index.php
url: http://proupdateserver.com/wp-content/index.php
domain: duoohr71.top
domain: morttttf08.top
domain: kypersar42.top
domain: morfev07.top
url: http://chuqce14.top/gate.php
domain: phenoms.ddns.net
domain: moneybag042.warzonedns.com
domain: contact-japan.gl.at.ply.gg
file: 154.22.5.243
hash: 25252
domain: cutaylorpascale.top
domain: sdorthyyantonietta.top
domain: jpearl26kacey.top
domain: alfo.zapto.org
domain: zielony.no-ip.org
domain: sfr90.no-ip.org
domain: 4morphis.no-ip.org
domain: the07ayoub.zapto.org
domain: alfoo.no-ip.org
domain: edwardian.zapto.org
domain: italo2011.no-ip.org
domain: juttrdx.no-ip.biz
file: 142.93.218.89
hash: 23
file: 172.245.162.119
hash: 42515
file: 164.132.92.140
hash: 23
file: 94.103.188.54
hash: 666
file: 80.211.189.104
hash: 23
file: 107.173.171.123
hash: 4258
file: 45.85.249.192
hash: 606
file: 206.238.179.199
hash: 5568
file: 107.174.42.72
hash: 2556
file: 196.251.86.217
hash: 2404
file: 213.152.161.107
hash: 26841
url: https://www.vastkupan.com/wp-admin/js/cicdwkknms.pdf
url: https://www.vastkupan.com/wp-admin/js/daupinslenj.pdf
url: https://www.new.eventawardsrussia.com/wp-includes/ypeyqku.pdf
file: 91.92.120.101
hash: 65535
hash: ab250bb831a9715a47610f89d0998f86
hash: cec53e8df6c115eb7494c9ad7d2963d4
hash: eedc8bb54465bd6720f28b41f7a2acf6
hash: 38d29f5ac47583f39a2ff5dc1c366f7d
file: 45.152.65.65
hash: 8848
file: 47.121.222.227
hash: 9090
file: 39.98.110.115
hash: 443
domain: better-allan.gl.at.ply.gg
domain: leading-calculator.gl.at.ply.gg
file: 196.251.85.119
hash: 1000
file: 160.22.106.74
hash: 65430
file: 18.168.225.154
hash: 443
file: 151.243.218.201
hash: 4449
file: 15.161.91.90
hash: 10258
file: 44.201.73.92
hash: 41795
file: 45.9.149.15
hash: 4000
domain: www.denisa.shop
file: 117.222.62.195
hash: 8082
file: 94.237.123.143
hash: 8000
file: 66.63.163.241
hash: 8000
url: http://77.91.68.71
domain: kardan35.zapto.org
file: 82.147.84.124
hash: 1987
url: https://3.s.exifit.eu.org
domain: 3.s.exifit.eu.org
url: https://moslet.lat/tiwq
url: https://t.me/fddsafdsf
url: https://nbcsfar.xyz/tpxz
url: https://prezud.top/xkaj
url: https://t.me/adsvdsadvqwasd
url: https://ycvduc.xyz/trie
url: https://smoskp.shop/zhad
url: http://77.91.68.71/bfbad28342bbb2aa.php
file: 144.172.91.41
hash: 8805
domain: images.venthalpyapp.com
domain: 265ea973-18d6-47d2-8796-29db4decc888-00-lq5hf5va4e7m.pike.replit.dev
file: 114.67.230.150
hash: 80
url: https://blade-govern.sbs/api
url: https://disobey-curly.sbs/api
url: https://leg-sate-boat.sbs/api
url: https://images.venthalpyapp.com/viewdashboard
url: https://motion-treesz.sbs/api
url: https://story-tense-faz.sbs/api
file: 43.139.59.122
hash: 443
file: 77.91.68.71
hash: 80
file: 47.110.239.165
hash: 8009
file: 113.45.4.235
hash: 50050
file: 211.48.234.105
hash: 6000
file: 61.76.128.222
hash: 6001
file: 190.187.99.54
hash: 5454
file: 107.174.0.22
hash: 7443
file: 16.176.97.157
hash: 4500
file: 45.144.221.24
hash: 1337
file: 189.159.170.236
hash: 1604
file: 189.159.170.236
hash: 4444
file: 124.198.131.57
hash: 9792
domain: continue-relationships.gl.at.ply.gg
file: 193.161.193.99
hash: 47228
file: 23.249.28.153
hash: 53
file: 109.107.189.185
hash: 443
file: 77.221.141.213
hash: 17300
file: 34.44.118.54
hash: 80
file: 34.219.200.70
hash: 443
file: 43.156.59.110
hash: 62211
file: 31.57.46.108
hash: 7777
file: 185.196.220.28
hash: 7000
file: 45.150.32.137
hash: 80
domain: musicdownloader.top
domain: kabarbhayangkara.com
file: 143.92.49.230
hash: 10921
file: 143.92.49.230
hash: 10922
file: 202.95.1.68
hash: 8848
file: 191.96.11.215
hash: 5677
domain: net.botwork.cc
file: 216.9.225.221
hash: 14305
file: 82.24.200.99
hash: 4449
file: 8.156.68.94
hash: 29996
domain: dilin2345-47228.portmap.io
file: 23.249.28.153
hash: 90
domain: admin.027dzjl.com
domain: pan.crooods.com
file: 43.143.204.191
hash: 443
file: 45.204.207.207
hash: 443
file: 110.40.185.107
hash: 8443
file: 192.3.146.207
hash: 2404
file: 193.26.115.12
hash: 4000
file: 93.115.172.253
hash: 39621
file: 196.251.116.134
hash: 8808
file: 34.30.106.150
hash: 443
file: 3.28.43.194
hash: 1963
file: 82.29.72.11
hash: 4000
url: http://a1141375.xsph.ru/76188b2b.php
file: 118.89.81.66
hash: 15432
file: 47.122.80.126
hash: 3389
file: 52.222.57.186
hash: 443
file: 75.2.51.175
hash: 443
file: 85.110.201.128
hash: 443
file: 204.77.232.110
hash: 7771
url: http://715239cm.nyashvibe.ru/updategenerator.php

ThreatFox IOCs for 2025-07-02

Severity: medium

Type: malware

ThreatFox IOCs for 2025-07-02

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

file: 166.88.182.99
hash: 443
file: 170.75.160.9
hash: 443
file: 104.168.76.142
hash: 443
file: 18.215.241.71
hash: 80
file: 139.84.210.208
hash: 443
file: 119.45.28.152
hash: 8888
file: 202.55.135.163
hash: 80
file: 128.90.113.160
hash: 5000
file: 196.251.69.34
hash: 8000
file: 50.18.107.175
hash: 8808
file: 78.161.14.229
hash: 8808
file: 13.38.52.144
hash: 40000
file: 89.34.230.116
hash: 8888
file: 136.243.242.29
hash: 8113
url: http://cc18300.tw1.ru/4160b747.php
file: 38.240.50.173
hash: 2404
domain: ecs-113-45-47-3.compute.hwclouds-dns.com
domain: m83-189-135-177.cust.tele2.se
file: 45.94.31.84
hash: 8808
file: 128.90.113.160
hash: 1018
file: 128.90.113.160
hash: 8808
file: 52.232.96.227
hash: 443
file: 3.83.201.170
hash: 7443
file: 170.82.207.50
hash: 9090
file: 107.174.232.94
hash: 60000
file: 95.182.100.211
hash: 3333
file: 3.67.250.99
hash: 80
file: 3.67.250.99
hash: 443
file: 98.82.0.205
hash: 8443
file: 3.127.178.108
hash: 80
file: 3.76.53.35
hash: 80
file: 45.148.29.69
hash: 3333
file: 84.36.21.34
hash: 8080
file: 43.139.8.117
hash: 9090
file: 95.111.227.147
hash: 443
file: 119.29.18.60
hash: 3333
file: 110.42.60.175
hash: 3333
file: 210.16.65.228
hash: 3333
file: 52.58.175.64
hash: 80
file: 52.58.175.64
hash: 443
file: 187.237.186.166
hash: 8081
file: 3.74.29.115
hash: 80
file: 3.74.29.115
hash: 443
file: 195.246.230.100
hash: 3333
file: 137.184.89.111
hash: 443
file: 130.164.175.159
hash: 443
file: 118.174.70.104
hash: 7443
file: 146.70.87.96
hash: 43211
domain: imagoatlowk-58420.portmap.io
domain: andre21.ydns.eu
domain: developer1.ydns.eu
domain: sheddinho1122.ddns.net
domain: j3ru5al3m.duckdns.org
file: 172.245.4.223
hash: 16409
file: 172.245.4.223
hash: 16406
file: 179.43.186.224
hash: 4434
file: 47.113.217.92
hash: 8888
file: 196.251.72.214
hash: 4433
file: 107.148.237.76
hash: 80
file: 170.205.30.146
hash: 4885
file: 174.17.228.250
hash: 1606
url: https://impvmg.pics/xanj
file: 173.211.70.238
hash: 31337
file: 167.71.16.171
hash: 31337
file: 24.199.97.82
hash: 31337
file: 91.99.89.89
hash: 31337
file: 147.50.230.91
hash: 31337
file: 106.75.8.65
hash: 31337
file: 144.172.109.72
hash: 31337
file: 165.232.161.164
hash: 9443
file: 34.242.125.168
hash: 9306
file: 52.66.149.163
hash: 593
file: 51.92.246.140
hash: 37
file: 51.92.246.140
hash: 887
file: 185.75.240.211
hash: 9443
file: 23.249.29.124
hash: 53
file: 23.249.29.124
hash: 90
file: 107.189.25.98
hash: 4443
file: 35.152.180.214
hash: 8405
file: 154.0.170.61
hash: 444
file: 13.60.79.188
hash: 2154
file: 113.45.177.81
hash: 7788
url: http://34.64.111.49:8080/
url: http://113.45.238.149:8888/supershell/login
domain: tel-dv.gl.at.ply.gg
url: http://www.06.top/l36c/
url: http://www.0z442.click/ms14/
url: http://www.2zyo6w.top/l36c/
url: http://www.63bitcoin.info/ms14/
url: http://www.7o.top/ms14/
url: http://www.88.fan/ms14/
url: http://www.8dqy8.top/l36c/
url: http://www.8ksbtrf.lat/ms14/
url: http://www.adisson003.top/ms14/
url: http://www.aichuan.group/ms14/
url: http://www.ainianoffice.net/l36c/
url: http://www.aisoncalme.shop/ms14/
url: http://www.alentabroadgroup.shop/l36c/
url: http://www.alentedgegrouphq.top/l36c/
url: http://www.allantit.net/l36c/
url: http://www.amily-doctor-96553.bond/ms14/
url: http://www.andsbyen-nh.art/l36c/
url: http://www.antwedding.food/l36c/
url: http://www.aoik.net/ms14/
url: http://www.apakliescort.pro/l36c/
url: http://www.arrel.click/ms14/
url: http://www.artechs.net/l36c/
url: http://www.arung065.xyz/ms14/
url: http://www.aser-eye-surgery-gb-ro.sbs/l36c/
url: http://www.astech223.tech/ms14/
url: http://www.auuiqoq.top/ms14/
url: http://www.ayfairoutlet.shop/ms14/
url: http://www.bhvpf.top/ms14/
url: http://www.c.vacations/ms14/
url: http://www.c0739.top/ms14/
url: http://www.c1395.top/ms14/
url: http://www.c2081.top/ms14/
url: http://www.c3162.top/l36c/
url: http://www.c4809.top/l36c/
url: http://www.c5073.top/l36c/
url: http://www.c5349.top/ms14/
url: http://www.cottengland.net/l36c/
url: http://www.cty.top/l36c/
url: http://www.dd0rf.top/ms14/
url: http://www.dl5ue.top/l36c/
url: http://www.ds-adguard.pro/ms14/
url: http://www.dtr.website/l36c/
url: http://www.eadisadev.xyz/l36c/
url: http://www.egundaviareservista.shop/l36c/
url: http://www.elegxzpw.click/l36c/
url: http://www.ellness360.services/ms14/
url: http://www.enior-living-64812.bond/ms14/
url: http://www.erm-life-insurance-guide.sbs/l36c/
url: http://www.ermech.net/l36c/
url: http://www.erora.net/ms14/
url: http://www.eshi.qpon/ms14/
url: http://www.est-gd-888.click/ms14/
url: http://www.estsafe.net/ms14/
url: http://www.etnow-system.cfd/l36c/
url: http://www.f1e3c.pro/l36c/
url: http://www.g-899b8.xyz/l36c/
url: http://www.g51-lfoc1640.vip/l36c/
url: http://www.gstore.vip/l36c/
url: http://www.haymaa.net/l36c/
url: http://www.herightmoment.net/ms14/
url: http://www.herripalmer.shop/l36c/
url: http://www.hetrxio.online/ms14/
url: http://www.hklbx.top/l36c/
url: http://www.hristopher559.forum/ms14/
url: http://www.idgxq.top/ms14/
url: http://www.iewm0.top/l36c/
url: http://www.inebreak.cloud/ms14/
url: http://www.ingitchyvisitwhistle.christmas/ms14/
url: http://www.iongciyuan.app/l36c/
url: http://www.iotrax.tech/ms14/
url: http://www.iq73j.top/ms14/
url: http://www.ir-condition-49726.bond/l36c/
url: http://www.j-turismopg.win/ms14/
url: http://www.kclub.xyz/ms14/
url: http://www.kf5bb.top/ms14/
url: http://www.kgvuz.top/l36c/
url: http://www.kk72g.click/l36c/
url: http://www.leuthly.app/ms14/
url: http://www.lingan.tech/ms14/
url: http://www.lockbuilder.app/l36c/
url: http://www.lovemygod.art/l36c/
url: http://www.lsdh33.lol/l36c/
url: http://www.m5qfk.top/ms14/
url: http://www.mar1.xyz/ms14/
url: http://www.nfq.xyz/l36c/
url: http://www.nhojejagfsmoon482rapid.cfd/l36c/
url: http://www.nviodigitallive.shop/l36c/
url: http://www.nviodigitalsstore.shop/l36c/
url: http://www.nxzlb.top/l36c/
url: http://www.obertdavid.shop/l36c/
url: http://www.odallmikn.xyz/ms14/
url: http://www.odhod.cafe/l36c/
url: http://www.olygon.llc/l36c/
url: http://www.om-etcklb.live/l36c/
url: http://www.ome-portable-1hi3jo.bond/l36c/
url: http://www.onsultacaixa.shop/l36c/
url: http://www.oonlagoon.art/l36c/
url: http://www.ooyoo.cloud/l36c/
url: http://www.oreigndept.xyz/l36c/
url: http://www.orwarderp.net/l36c/
url: http://www.oulscripts.net/ms14/
url: http://www.ourstoreworld.shop/ms14/
url: http://www.pkooity.cfd/ms14/
url: http://www.px.lat/ms14/
url: http://www.qbrn.sbs/l36c/
url: http://www.rafttrd.click/l36c/
url: http://www.ramthrish.lol/ms14/
url: http://www.randperfumer.shop/ms14/
url: http://www.reace.dev/ms14/
url: http://www.remium5.click/l36c/
url: http://www.riaaccounting.net/ms14/
url: http://www.ronostic.tech/ms14/
url: http://www.rownandcleatco.ltd/ms14/
url: http://www.sfglar.shop/l36c/
url: http://www.sgzg.sbs/ms14/
url: http://www.sxzvkf8.xyz/ms14/
url: http://www.sy884.top/l36c/
url: http://www.t2025.net/ms14/
url: http://www.t722.top/ms14/
url: http://www.tgroup.xyz/l36c/
url: http://www.tundst.xyz/l36c/
url: http://www.ukangzhe.xyz/ms14/
url: http://www.uposttracked.live/l36c/
url: http://www.vjii.info/l36c/
url: http://www.w-vshop7-eleven.top/ms14/
url: http://www.xbet-bet-mu.xyz/ms14/
url: http://www.xrfeg.top/l36c/
url: http://www.y7dld.top/ms14/
url: http://www.yudsbnfdg.top/ms14/
url: http://www.yvnub.top/ms14/
file: 115.120.217.77
hash: 8081
file: 115.120.217.77
hash: 8080
domain: www.06.top
domain: www.0z442.click
domain: www.2zyo6w.top
domain: www.63bitcoin.info
domain: www.7o.top
domain: www.88.fan
domain: www.8dqy8.top
domain: www.8ksbtrf.lat
domain: www.adisson003.top
domain: www.aichuan.group
domain: www.ainianoffice.net
domain: www.aisoncalme.shop
domain: www.alentabroadgroup.shop
domain: www.alentedgegrouphq.top
domain: www.allantit.net
domain: www.amily-doctor-96553.bond
domain: www.andsbyen-nh.art
domain: www.antwedding.food
domain: www.aoik.net
domain: www.apakliescort.pro
domain: www.arrel.click
domain: www.artechs.net
domain: www.arung065.xyz
domain: www.aser-eye-surgery-gb-ro.sbs
domain: www.astech223.tech
domain: www.auuiqoq.top
domain: www.ayfairoutlet.shop
domain: www.bhvpf.top
domain: www.c.vacations
domain: www.c0739.top
domain: www.c1395.top
domain: www.c2081.top
domain: www.c3162.top
domain: www.c4809.top
domain: www.c5073.top
domain: www.c5349.top
domain: www.cottengland.net
domain: www.cty.top
domain: www.dd0rf.top
domain: www.dl5ue.top
domain: www.ds-adguard.pro
domain: www.dtr.website
domain: www.eadisadev.xyz
domain: www.egundaviareservista.shop
domain: www.elegxzpw.click
domain: www.ellness360.services
domain: www.enior-living-64812.bond
domain: www.erm-life-insurance-guide.sbs
domain: www.ermech.net
domain: www.erora.net
domain: www.eshi.qpon
domain: www.est-gd-888.click
domain: www.estsafe.net
domain: www.etnow-system.cfd
domain: www.f1e3c.pro
domain: www.g-899b8.xyz
domain: www.g51-lfoc1640.vip
domain: www.gstore.vip
domain: www.haymaa.net
domain: www.herightmoment.net
domain: www.herripalmer.shop
domain: www.hetrxio.online
domain: www.hklbx.top
domain: www.hristopher559.forum
domain: www.idgxq.top
domain: www.iewm0.top
domain: www.inebreak.cloud
domain: www.ingitchyvisitwhistle.christmas
domain: www.iongciyuan.app
domain: www.iotrax.tech
domain: www.iq73j.top
domain: www.ir-condition-49726.bond
domain: www.j-turismopg.win
domain: www.kclub.xyz
domain: www.kf5bb.top
domain: www.kgvuz.top
domain: www.kk72g.click
domain: www.leuthly.app
domain: www.lingan.tech
domain: www.lockbuilder.app
domain: www.lovemygod.art
domain: www.lsdh33.lol
domain: www.m5qfk.top
domain: www.mar1.xyz
domain: www.nfq.xyz
domain: www.nhojejagfsmoon482rapid.cfd
domain: www.nviodigitallive.shop
domain: www.nviodigitalsstore.shop
domain: www.nxzlb.top
domain: www.obertdavid.shop
domain: www.odallmikn.xyz
domain: www.odhod.cafe
domain: www.olygon.llc
domain: www.om-etcklb.live
domain: www.ome-portable-1hi3jo.bond
domain: www.onsultacaixa.shop
domain: www.oonlagoon.art
domain: www.ooyoo.cloud
domain: www.oreigndept.xyz
domain: www.orwarderp.net
domain: www.oulscripts.net
domain: www.ourstoreworld.shop
domain: www.pkooity.cfd
domain: www.px.lat
domain: www.qbrn.sbs
domain: www.rafttrd.click
domain: www.ramthrish.lol
domain: www.randperfumer.shop
domain: www.reace.dev
domain: www.remium5.click
domain: www.riaaccounting.net
domain: www.ronostic.tech
domain: www.rownandcleatco.ltd
domain: www.sfglar.shop
domain: www.sgzg.sbs
domain: www.sxzvkf8.xyz
domain: www.sy884.top
domain: www.t2025.net
domain: www.t722.top
domain: www.tgroup.xyz
domain: www.ukangzhe.xyz
domain: www.uposttracked.live
domain: www.vjii.info
domain: www.w-vshop7-eleven.top
domain: www.xbet-bet-mu.xyz
domain: www.xrfeg.top
domain: www.y7dld.top
domain: www.yudsbnfdg.top
domain: www.yvnub.top
file: 119.3.152.172
hash: 8443
domain: bot.hiddenlists.net
domain: phubotnet.duckdns.org
domain: plaquist-simulator.com
domain: everlight-beta.netlify.app
domain: mythstealer.win
domain: combatshell.com
domain: luraka-game.github.io
domain: yomiragame.blogspot.com
domain: combatsouls.com
domain: myth.cocukporno.lol
domain: ycvduc.xyz
domain: nbcsfar.xyz
domain: admin.primgs.lol
domain: img.responsive.pstatic.autos
domain: img.smartnords.site
domain: img.worksongo.store
domain: show.grip-cdns.space
file: 143.92.56.46
hash: 5200
file: 43.133.39.217
hash: 6666
file: 202.79.172.16
hash: 8880
file: 8.217.127.64
hash: 12020
file: 156.251.16.99
hash: 6628
file: 45.204.215.237
hash: 8081
file: 217.64.151.184
hash: 9779
file: 138.199.38.150
hash: 49443
file: 45.156.87.204
hash: 8080
file: 101.201.49.60
hash: 80
file: 37.120.208.37
hash: 57625
file: 139.224.167.235
hash: 443
file: 193.233.113.134
hash: 2404
file: 88.210.52.201
hash: 9090
file: 198.135.49.79
hash: 4190
file: 103.245.236.239
hash: 8808
file: 88.229.27.40
hash: 888
file: 52.232.101.201
hash: 443
file: 18.168.225.154
hash: 80
file: 173.230.136.136
hash: 8080
file: 54.165.195.193
hash: 443
file: 147.185.221.27
hash: 6351
file: 85.203.4.158
hash: 5000
file: 185.194.175.132
hash: 8000
file: 147.93.0.162
hash: 8080
file: 147.185.221.28
hash: 65045
file: 94.26.90.227
hash: 7000
file: 135.181.27.123
hash: 7443
domain: fakutenshop.cyou
domain: gjsccxw.cyou
domain: www.f-r-a-kuten.cyou
domain: www.shopecxw.cyou
file: 45.133.239.188
hash: 443
file: 38.54.85.112
hash: 443
domain: cbots.m.crooods.com
domain: cdn.burbankskincancercenter.com
domain: ithzb.com
domain: smtp.dkairsystems.com
domain: synchronization.rayanconfnet.ir
domain: techwhispers.org
domain: update.markets-news.com
url: http://147.78.67.188/lowprocessorasyncdletemp.php
url: http://horse18643.temp.swtest.ru/vmlowauthlongpollcentraldownloads.php
file: 106.14.177.133
hash: 443
file: 121.40.87.118
hash: 443
file: 139.224.196.107
hash: 443
file: 155.117.155.75
hash: 80
file: 192.53.121.144
hash: 443
file: 194.87.108.74
hash: 8443
file: 206.206.78.57
hash: 443
file: 34.233.77.255
hash: 8443
file: 44.206.39.60
hash: 8443
file: 47.92.35.113
hash: 443
file: 49.232.151.106
hash: 8080
file: 52.23.43.136
hash: 8443
file: 54.165.122.105
hash: 443
file: 54.213.246.23
hash: 443
file: 54.242.101.70
hash: 8443
file: 54.254.193.199
hash: 8443
file: 8.137.77.215
hash: 443
file: 172.245.4.218
hash: 2404
url: https://favgqu.shop/zajq
url: https://kinwlyo.xyz/gnbt
url: https://zsilvermoonbeam.hair/api
url: https://smoozof.top/ktjw
url: https://redacpq.shop/xpzl
url: https://t.me/kaktusikktvshow
url: https://t.me/edenwda
url: https://t.me/+jri-518b5m1knwjh
url: https://t.me/stftest
url: https://glhvps.lat/aiuq
url: https://estafetaems.top/api
url: https://posqvevibesonly.tech/api
url: https://fpxawz.pics/agmt
url: https://t.me/asdvwq1123f123213
url: https://criminnbkb.run/aplx
url: https://cocjkoonpillow.today/bvzx
url: https://tenbiw.shop/xjah
domain: evilc6604-54395.portmap.io
domain: qquasar.lnpntkd9vth0tup2.rest
domain: ever-transparent.gl.at.ply.gg
domain: done-gather.gl.at.ply.gg
domain: clairos-34961.portmap.io
domain: fall-islam.gl.at.ply.gg
file: 160.202.133.143
hash: 5232
file: 216.247.92.149
hash: 4782
file: 147.185.221.29
hash: 33736
file: 171.1.1.1
hash: 6066
file: 87.121.105.130
hash: 4782
file: 195.177.97.101
hash: 4782
domain: alexmoro.duckdns.org
domain: servicesdrivres1.duckdns.org
domain: gomezgomez.duckdns.org
domain: mistico2032.duckdns.org
domain: conhostlogsdown1.sytes.net
domain: conhostlogsdown2.sytes.net
domain: josemansory980.4cloud.click
file: 31.57.219.224
hash: 44000
file: 50.114.203.173
hash: 4449
file: 8.212.56.13
hash: 4449
file: 172.245.205.105
hash: 1500
file: 8.149.137.211
hash: 4449
file: 193.161.193.99
hash: 47747
file: 193.161.193.99
hash: 4455
file: 193.161.193.99
hash: 61587
domain: xw.lnpntkd9vth0tup2.rest
domain: magazine-tattoo.gl.at.ply.gg
domain: names-compatibility.gl.at.ply.gg
domain: superwx.duckdns.org
file: 147.185.221.23
hash: 25607
file: 147.185.221.29
hash: 30965
file: 45.141.27.119
hash: 7000
file: 193.161.193.99
hash: 24111
domain: btoast.mywire.org
file: 195.206.105.227
hash: 42830
domain: markscott.ddns.net
url: http://77.90.153.129
domain: gallery-article.gl.at.ply.gg
domain: 1221.sytes.net
domain: nokta147.no-ip.biz
domain: both-burlington.gl.at.ply.gg
domain: mosabedz.ddns.net
domain: ckimo.ddns.net
file: 147.185.221.29
hash: 48921
file: 176.122.105.140
hash: 7777
url: http://37.72.175.148/eric/index.php
url: http://proupdateserver.com/wp-content/index.php
domain: duoohr71.top
domain: morttttf08.top
domain: kypersar42.top
domain: morfev07.top
url: http://chuqce14.top/gate.php
domain: phenoms.ddns.net
domain: moneybag042.warzonedns.com
domain: contact-japan.gl.at.ply.gg
file: 154.22.5.243
hash: 25252
domain: cutaylorpascale.top
domain: sdorthyyantonietta.top
domain: jpearl26kacey.top
domain: alfo.zapto.org
domain: zielony.no-ip.org
domain: sfr90.no-ip.org
domain: 4morphis.no-ip.org
domain: the07ayoub.zapto.org
domain: alfoo.no-ip.org
domain: edwardian.zapto.org
domain: italo2011.no-ip.org
domain: juttrdx.no-ip.biz
file: 142.93.218.89
hash: 23
file: 172.245.162.119
hash: 42515
file: 164.132.92.140
hash: 23
file: 94.103.188.54
hash: 666
file: 80.211.189.104
hash: 23
file: 107.173.171.123
hash: 4258
file: 45.85.249.192
hash: 606
file: 206.238.179.199
hash: 5568
file: 107.174.42.72
hash: 2556
file: 196.251.86.217
hash: 2404
file: 213.152.161.107
hash: 26841
url: https://www.vastkupan.com/wp-admin/js/cicdwkknms.pdf
url: https://www.vastkupan.com/wp-admin/js/daupinslenj.pdf
url: https://www.new.eventawardsrussia.com/wp-includes/ypeyqku.pdf
file: 91.92.120.101
hash: 65535
hash: ab250bb831a9715a47610f89d0998f86
hash: cec53e8df6c115eb7494c9ad7d2963d4
hash: eedc8bb54465bd6720f28b41f7a2acf6
hash: 38d29f5ac47583f39a2ff5dc1c366f7d
file: 45.152.65.65
hash: 8848
file: 47.121.222.227
hash: 9090
file: 39.98.110.115
hash: 443
domain: better-allan.gl.at.ply.gg
domain: leading-calculator.gl.at.ply.gg
file: 196.251.85.119
hash: 1000
file: 160.22.106.74
hash: 65430
file: 18.168.225.154
hash: 443
file: 151.243.218.201
hash: 4449
file: 15.161.91.90
hash: 10258
file: 44.201.73.92
hash: 41795
file: 45.9.149.15
hash: 4000
domain: www.denisa.shop
file: 117.222.62.195
hash: 8082
file: 94.237.123.143
hash: 8000
file: 66.63.163.241
hash: 8000
url: http://77.91.68.71
domain: kardan35.zapto.org
file: 82.147.84.124
hash: 1987
url: https://3.s.exifit.eu.org
domain: 3.s.exifit.eu.org
url: https://moslet.lat/tiwq
url: https://t.me/fddsafdsf
url: https://nbcsfar.xyz/tpxz
url: https://prezud.top/xkaj
url: https://t.me/adsvdsadvqwasd
url: https://ycvduc.xyz/trie
url: https://smoskp.shop/zhad
url: http://77.91.68.71/bfbad28342bbb2aa.php
file: 144.172.91.41
hash: 8805
domain: images.venthalpyapp.com
domain: 265ea973-18d6-47d2-8796-29db4decc888-00-lq5hf5va4e7m.pike.replit.dev
file: 114.67.230.150
hash: 80
url: https://blade-govern.sbs/api
url: https://disobey-curly.sbs/api
url: https://leg-sate-boat.sbs/api
url: https://images.venthalpyapp.com/viewdashboard
url: https://motion-treesz.sbs/api
url: https://story-tense-faz.sbs/api
file: 43.139.59.122
hash: 443
file: 77.91.68.71
hash: 80
file: 47.110.239.165
hash: 8009
file: 113.45.4.235
hash: 50050
file: 211.48.234.105
hash: 6000
file: 61.76.128.222
hash: 6001
file: 190.187.99.54
hash: 5454
file: 107.174.0.22
hash: 7443
file: 16.176.97.157
hash: 4500
file: 45.144.221.24
hash: 1337
file: 189.159.170.236
hash: 1604
file: 189.159.170.236
hash: 4444
file: 124.198.131.57
hash: 9792
domain: continue-relationships.gl.at.ply.gg
file: 193.161.193.99
hash: 47228
file: 23.249.28.153
hash: 53
file: 109.107.189.185
hash: 443
file: 77.221.141.213
hash: 17300
file: 34.44.118.54
hash: 80
file: 34.219.200.70
hash: 443
file: 43.156.59.110
hash: 62211
file: 31.57.46.108
hash: 7777
file: 185.196.220.28
hash: 7000
file: 45.150.32.137
hash: 80
domain: musicdownloader.top
domain: kabarbhayangkara.com
file: 143.92.49.230
hash: 10921
file: 143.92.49.230
hash: 10922
file: 202.95.1.68
hash: 8848
file: 191.96.11.215
hash: 5677
domain: net.botwork.cc
file: 216.9.225.221
hash: 14305
file: 82.24.200.99
hash: 4449
file: 8.156.68.94
hash: 29996
domain: dilin2345-47228.portmap.io
file: 23.249.28.153
hash: 90
domain: admin.027dzjl.com
domain: pan.crooods.com
file: 43.143.204.191
hash: 443
file: 45.204.207.207
hash: 443
file: 110.40.185.107
hash: 8443
file: 192.3.146.207
hash: 2404
file: 193.26.115.12
hash: 4000
file: 93.115.172.253
hash: 39621
file: 196.251.116.134
hash: 8808
file: 34.30.106.150
hash: 443
file: 3.28.43.194
hash: 1963
file: 82.29.72.11
hash: 4000
url: http://a1141375.xsph.ru/76188b2b.php
file: 118.89.81.66
hash: 15432
file: 47.122.80.126
hash: 3389
file: 52.222.57.186
hash: 443
file: 75.2.51.175
hash: 443
file: 85.110.201.128
hash: 443
file: 204.77.232.110
hash: 7771
url: http://715239cm.nyashvibe.ru/updategenerator.php

Source: ThreatFox MISP Feed

Published: Wed Jul 02 2025

ThreatFox IOCs for 2025-07-02

Medium

Malwaretype:osint tlp:white

Published: Wed Jul 02 2025 (07/02/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-07-02

AI-Powered Analysis

AILast updated: 07/03/2025, 00:24:38 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: a9a4543b-4616-4137-8765-ece1e2f0bd7d
Original Timestamp: 1751500986

Indicators of Compromise

File

Value	Description	Copy
file166.88.182.99	FAKEUPDATES botnet C2 server (confidence level: 100%)
file170.75.160.9	Sliver botnet C2 server (confidence level: 100%)
file104.168.76.142	Sliver botnet C2 server (confidence level: 100%)
file18.215.241.71	Sliver botnet C2 server (confidence level: 100%)
file139.84.210.208	ShadowPad botnet C2 server (confidence level: 90%)
file119.45.28.152	Unknown malware botnet C2 server (confidence level: 100%)
file202.55.135.163	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.160	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.69.34	AsyncRAT botnet C2 server (confidence level: 100%)
file50.18.107.175	AsyncRAT botnet C2 server (confidence level: 100%)
file78.161.14.229	AsyncRAT botnet C2 server (confidence level: 100%)
file13.38.52.144	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file89.34.230.116	Rhadamanthys botnet C2 server (confidence level: 100%)
file136.243.242.29	Rhadamanthys botnet C2 server (confidence level: 100%)
file38.240.50.173	Remcos botnet C2 server (confidence level: 100%)
file45.94.31.84	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.160	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.160	AsyncRAT botnet C2 server (confidence level: 100%)
file52.232.96.227	Unknown malware botnet C2 server (confidence level: 100%)
file3.83.201.170	Unknown malware botnet C2 server (confidence level: 100%)
file170.82.207.50	DCRat botnet C2 server (confidence level: 100%)
file107.174.232.94	Unknown malware botnet C2 server (confidence level: 100%)
file95.182.100.211	Unknown malware botnet C2 server (confidence level: 100%)
file3.67.250.99	Unknown malware botnet C2 server (confidence level: 100%)
file3.67.250.99	Unknown malware botnet C2 server (confidence level: 100%)
file98.82.0.205	Unknown malware botnet C2 server (confidence level: 100%)
file3.127.178.108	Unknown malware botnet C2 server (confidence level: 100%)
file3.76.53.35	Unknown malware botnet C2 server (confidence level: 100%)
file45.148.29.69	Unknown malware botnet C2 server (confidence level: 100%)
file84.36.21.34	Unknown malware botnet C2 server (confidence level: 100%)
file43.139.8.117	Unknown malware botnet C2 server (confidence level: 100%)
file95.111.227.147	Unknown malware botnet C2 server (confidence level: 100%)
file119.29.18.60	Unknown malware botnet C2 server (confidence level: 100%)
file110.42.60.175	Unknown malware botnet C2 server (confidence level: 100%)
file210.16.65.228	Unknown malware botnet C2 server (confidence level: 100%)
file52.58.175.64	Unknown malware botnet C2 server (confidence level: 100%)
file52.58.175.64	Unknown malware botnet C2 server (confidence level: 100%)
file187.237.186.166	Unknown malware botnet C2 server (confidence level: 100%)
file3.74.29.115	Unknown malware botnet C2 server (confidence level: 100%)
file3.74.29.115	Unknown malware botnet C2 server (confidence level: 100%)
file195.246.230.100	Unknown malware botnet C2 server (confidence level: 100%)
file137.184.89.111	Unknown malware botnet C2 server (confidence level: 100%)
file130.164.175.159	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file118.174.70.104	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file146.70.87.96	AdaptixC2 botnet C2 server (confidence level: 100%)
file172.245.4.223	Remcos botnet C2 server (confidence level: 100%)
file172.245.4.223	Remcos botnet C2 server (confidence level: 100%)
file179.43.186.224	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.113.217.92	Cobalt Strike botnet C2 server (confidence level: 50%)
file196.251.72.214	Cobalt Strike botnet C2 server (confidence level: 50%)
file107.148.237.76	Cobalt Strike botnet C2 server (confidence level: 50%)
file170.205.30.146	Quasar RAT botnet C2 server (confidence level: 100%)
file174.17.228.250	Quasar RAT botnet C2 server (confidence level: 100%)
file173.211.70.238	Sliver botnet C2 server (confidence level: 50%)
file167.71.16.171	Sliver botnet C2 server (confidence level: 50%)
file24.199.97.82	Sliver botnet C2 server (confidence level: 50%)
file91.99.89.89	Sliver botnet C2 server (confidence level: 50%)
file147.50.230.91	Sliver botnet C2 server (confidence level: 50%)
file106.75.8.65	Sliver botnet C2 server (confidence level: 50%)
file144.172.109.72	Sliver botnet C2 server (confidence level: 50%)
file165.232.161.164	Sliver botnet C2 server (confidence level: 50%)
file34.242.125.168	BlackShades botnet C2 server (confidence level: 50%)
file52.66.149.163	BlackShades botnet C2 server (confidence level: 50%)
file51.92.246.140	BlackShades botnet C2 server (confidence level: 50%)
file51.92.246.140	BlackShades botnet C2 server (confidence level: 50%)
file185.75.240.211	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file23.249.29.124	ValleyRAT botnet C2 server (confidence level: 100%)
file23.249.29.124	ValleyRAT botnet C2 server (confidence level: 100%)
file107.189.25.98	Unknown malware botnet C2 server (confidence level: 50%)
file35.152.180.214	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file154.0.170.61	Unknown malware botnet C2 server (confidence level: 50%)
file13.60.79.188	Unknown malware botnet C2 server (confidence level: 50%)
file113.45.177.81	AdaptixC2 botnet C2 server (confidence level: 50%)
file115.120.217.77	Cobalt Strike botnet C2 server (confidence level: 100%)
file115.120.217.77	Cobalt Strike botnet C2 server (confidence level: 100%)
file119.3.152.172	Cobalt Strike botnet C2 server (confidence level: 100%)
file143.92.56.46	Ave Maria botnet C2 server (confidence level: 100%)
file43.133.39.217	ValleyRAT botnet C2 server (confidence level: 100%)
file202.79.172.16	ValleyRAT botnet C2 server (confidence level: 100%)
file8.217.127.64	ValleyRAT botnet C2 server (confidence level: 100%)
file156.251.16.99	ValleyRAT botnet C2 server (confidence level: 100%)
file45.204.215.237	FatalRat botnet C2 server (confidence level: 100%)
file217.64.151.184	XWorm botnet C2 server (confidence level: 100%)
file138.199.38.150	XWorm botnet C2 server (confidence level: 100%)
file45.156.87.204	XWorm botnet C2 server (confidence level: 100%)
file101.201.49.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file37.120.208.37	XWorm botnet C2 server (confidence level: 100%)
file139.224.167.235	Cobalt Strike botnet C2 server (confidence level: 100%)
file193.233.113.134	Remcos botnet C2 server (confidence level: 100%)
file88.210.52.201	Sliver botnet C2 server (confidence level: 100%)
file198.135.49.79	XWorm botnet C2 server (confidence level: 100%)
file103.245.236.239	AsyncRAT botnet C2 server (confidence level: 100%)
file88.229.27.40	AsyncRAT botnet C2 server (confidence level: 100%)
file52.232.101.201	Unknown malware botnet C2 server (confidence level: 100%)
file18.168.225.154	Havoc botnet C2 server (confidence level: 100%)
file173.230.136.136	Havoc botnet C2 server (confidence level: 100%)
file54.165.195.193	Havoc botnet C2 server (confidence level: 100%)
file147.185.221.27	XWorm botnet C2 server (confidence level: 100%)
file85.203.4.158	XWorm botnet C2 server (confidence level: 100%)
file185.194.175.132	Unknown malware botnet C2 server (confidence level: 100%)
file147.93.0.162	Chaos botnet C2 server (confidence level: 100%)
file147.185.221.28	XWorm botnet C2 server (confidence level: 100%)
file94.26.90.227	XWorm botnet C2 server (confidence level: 100%)
file135.181.27.123	Mystic Stealer botnet C2 server (confidence level: 75%)
file45.133.239.188	PlugX botnet C2 server (confidence level: 75%)
file38.54.85.112	PlugX botnet C2 server (confidence level: 75%)
file106.14.177.133	Cobalt Strike botnet C2 server (confidence level: 50%)
file121.40.87.118	Cobalt Strike botnet C2 server (confidence level: 50%)
file139.224.196.107	Cobalt Strike botnet C2 server (confidence level: 50%)
file155.117.155.75	Cobalt Strike botnet C2 server (confidence level: 50%)
file192.53.121.144	Cobalt Strike botnet C2 server (confidence level: 50%)
file194.87.108.74	Cobalt Strike botnet C2 server (confidence level: 50%)
file206.206.78.57	Cobalt Strike botnet C2 server (confidence level: 50%)
file34.233.77.255	Cobalt Strike botnet C2 server (confidence level: 50%)
file44.206.39.60	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.92.35.113	Cobalt Strike botnet C2 server (confidence level: 50%)
file49.232.151.106	Cobalt Strike botnet C2 server (confidence level: 50%)
file52.23.43.136	Cobalt Strike botnet C2 server (confidence level: 50%)
file54.165.122.105	Cobalt Strike botnet C2 server (confidence level: 50%)
file54.213.246.23	Cobalt Strike botnet C2 server (confidence level: 50%)
file54.242.101.70	Cobalt Strike botnet C2 server (confidence level: 50%)
file54.254.193.199	Cobalt Strike botnet C2 server (confidence level: 50%)
file8.137.77.215	Cobalt Strike botnet C2 server (confidence level: 50%)
file172.245.4.218	Remcos botnet C2 server (confidence level: 100%)
file160.202.133.143	Quasar RAT botnet C2 server (confidence level: 100%)
file216.247.92.149	Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.29	Quasar RAT botnet C2 server (confidence level: 100%)
file171.1.1.1	Quasar RAT botnet C2 server (confidence level: 100%)
file87.121.105.130	Quasar RAT botnet C2 server (confidence level: 100%)
file195.177.97.101	Quasar RAT botnet C2 server (confidence level: 100%)
file31.57.219.224	AsyncRAT botnet C2 server (confidence level: 100%)
file50.114.203.173	AsyncRAT botnet C2 server (confidence level: 100%)
file8.212.56.13	AsyncRAT botnet C2 server (confidence level: 100%)
file172.245.205.105	AsyncRAT botnet C2 server (confidence level: 100%)
file8.149.137.211	AsyncRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	AsyncRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	AsyncRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.23	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.29	XWorm botnet C2 server (confidence level: 100%)
file45.141.27.119	XWorm botnet C2 server (confidence level: 100%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 100%)
file195.206.105.227	Remcos botnet C2 server (confidence level: 100%)
file147.185.221.29	NjRAT botnet C2 server (confidence level: 100%)
file176.122.105.140	NjRAT botnet C2 server (confidence level: 100%)
file154.22.5.243	Nanocore RAT botnet C2 server (confidence level: 100%)
file142.93.218.89	Bashlite botnet C2 server (confidence level: 100%)
file172.245.162.119	Bashlite botnet C2 server (confidence level: 100%)
file164.132.92.140	Bashlite botnet C2 server (confidence level: 100%)
file94.103.188.54	Bashlite botnet C2 server (confidence level: 100%)
file80.211.189.104	Bashlite botnet C2 server (confidence level: 100%)
file107.173.171.123	Bashlite botnet C2 server (confidence level: 100%)
file45.85.249.192	Bashlite botnet C2 server (confidence level: 100%)
file206.238.179.199	ValleyRAT botnet C2 server (confidence level: 100%)
file107.174.42.72	XWorm botnet C2 server (confidence level: 100%)
file196.251.86.217	Remcos botnet C2 server (confidence level: 75%)
file213.152.161.107	XWorm botnet C2 server (confidence level: 75%)
file91.92.120.101	PureLogs Stealer botnet C2 server (confidence level: 99%)
file45.152.65.65	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.121.222.227	Cobalt Strike botnet C2 server (confidence level: 100%)
file39.98.110.115	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.85.119	AsyncRAT botnet C2 server (confidence level: 100%)
file160.22.106.74	Quasar RAT botnet C2 server (confidence level: 100%)
file18.168.225.154	Havoc botnet C2 server (confidence level: 100%)
file151.243.218.201	Venom RAT botnet C2 server (confidence level: 100%)
file15.161.91.90	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file44.201.73.92	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.9.149.15	Unknown malware botnet C2 server (confidence level: 100%)
file117.222.62.195	MimiKatz botnet C2 server (confidence level: 100%)
file94.237.123.143	MimiKatz botnet C2 server (confidence level: 100%)
file66.63.163.241	Cobalt Strike botnet C2 server (confidence level: 100%)
file82.147.84.124	NjRAT botnet C2 server (confidence level: 100%)
file144.172.91.41	PureLogs Stealer botnet C2 server (confidence level: 50%)
file114.67.230.150	Cobalt Strike botnet C2 server (confidence level: 75%)
file43.139.59.122	Cobalt Strike botnet C2 server (confidence level: 75%)
file77.91.68.71	Stealc botnet C2 server (confidence level: 100%)
file47.110.239.165	Cobalt Strike botnet C2 server (confidence level: 50%)
file113.45.4.235	Cobalt Strike botnet C2 server (confidence level: 50%)
file211.48.234.105	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file61.76.128.222	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file190.187.99.54	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file107.174.0.22	Unknown malware botnet C2 server (confidence level: 50%)
file16.176.97.157	BlackShades botnet C2 server (confidence level: 50%)
file45.144.221.24	AdaptixC2 botnet C2 server (confidence level: 50%)
file189.159.170.236	DarkComet botnet C2 server (confidence level: 50%)
file189.159.170.236	DarkComet botnet C2 server (confidence level: 50%)
file124.198.131.57	Remcos botnet C2 server (confidence level: 50%)
file193.161.193.99	Quasar RAT botnet C2 server (confidence level: 100%)
file23.249.28.153	ValleyRAT botnet C2 server (confidence level: 100%)
file109.107.189.185	Unknown malware botnet C2 server (confidence level: 100%)
file77.221.141.213	Quasar RAT botnet C2 server (confidence level: 100%)
file34.44.118.54	Havoc botnet C2 server (confidence level: 100%)
file34.219.200.70	Havoc botnet C2 server (confidence level: 100%)
file43.156.59.110	Havoc botnet C2 server (confidence level: 100%)
file31.57.46.108	DCRat botnet C2 server (confidence level: 100%)
file185.196.220.28	BitRAT botnet C2 server (confidence level: 100%)
file45.150.32.137	RMS botnet C2 server (confidence level: 100%)
file143.92.49.230	ValleyRAT botnet C2 server (confidence level: 100%)
file143.92.49.230	ValleyRAT botnet C2 server (confidence level: 100%)
file202.95.1.68	AsyncRAT botnet C2 server (confidence level: 75%)
file191.96.11.215	MooBot botnet C2 server (confidence level: 75%)
file216.9.225.221	Remcos botnet C2 server (confidence level: 100%)
file82.24.200.99	AsyncRAT botnet C2 server (confidence level: 100%)
file8.156.68.94	Quasar RAT botnet C2 server (confidence level: 100%)
file23.249.28.153	ValleyRAT botnet C2 server (confidence level: 100%)
file43.143.204.191	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.204.207.207	Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.185.107	Cobalt Strike botnet C2 server (confidence level: 100%)
file192.3.146.207	Remcos botnet C2 server (confidence level: 100%)
file193.26.115.12	Remcos botnet C2 server (confidence level: 100%)
file93.115.172.253	Sliver botnet C2 server (confidence level: 100%)
file196.251.116.134	AsyncRAT botnet C2 server (confidence level: 100%)
file34.30.106.150	Unknown malware botnet C2 server (confidence level: 100%)
file3.28.43.194	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file82.29.72.11	Unknown malware botnet C2 server (confidence level: 100%)
file118.89.81.66	Havoc botnet C2 server (confidence level: 75%)
file47.122.80.126	Havoc botnet C2 server (confidence level: 75%)
file52.222.57.186	DeimosC2 botnet C2 server (confidence level: 75%)
file75.2.51.175	DeimosC2 botnet C2 server (confidence level: 75%)
file85.110.201.128	QakBot botnet C2 server (confidence level: 75%)
file204.77.232.110	XWorm botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash443	FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash80	Sliver botnet C2 server (confidence level: 100%)
hash443	ShadowPad botnet C2 server (confidence level: 90%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash5000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash40000	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8888	Rhadamanthys botnet C2 server (confidence level: 100%)
hash8113	Rhadamanthys botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1018	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash9090	DCRat botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash9090	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8081	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash43211	AdaptixC2 botnet C2 server (confidence level: 100%)
hash16409	Remcos botnet C2 server (confidence level: 100%)
hash16406	Remcos botnet C2 server (confidence level: 100%)
hash4434	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 50%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash4885	Quasar RAT botnet C2 server (confidence level: 100%)
hash1606	Quasar RAT botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash9443	Sliver botnet C2 server (confidence level: 50%)
hash9306	BlackShades botnet C2 server (confidence level: 50%)
hash593	BlackShades botnet C2 server (confidence level: 50%)
hash37	BlackShades botnet C2 server (confidence level: 50%)
hash887	BlackShades botnet C2 server (confidence level: 50%)
hash9443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash53	ValleyRAT botnet C2 server (confidence level: 100%)
hash90	ValleyRAT botnet C2 server (confidence level: 100%)
hash4443	Unknown malware botnet C2 server (confidence level: 50%)
hash8405	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash444	Unknown malware botnet C2 server (confidence level: 50%)
hash2154	Unknown malware botnet C2 server (confidence level: 50%)
hash7788	AdaptixC2 botnet C2 server (confidence level: 50%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5200	Ave Maria botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash8880	ValleyRAT botnet C2 server (confidence level: 100%)
hash12020	ValleyRAT botnet C2 server (confidence level: 100%)
hash6628	ValleyRAT botnet C2 server (confidence level: 100%)
hash8081	FatalRat botnet C2 server (confidence level: 100%)
hash9779	XWorm botnet C2 server (confidence level: 100%)
hash49443	XWorm botnet C2 server (confidence level: 100%)
hash8080	XWorm botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash57625	XWorm botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash9090	Sliver botnet C2 server (confidence level: 100%)
hash4190	XWorm botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash888	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 100%)
hash8080	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash6351	XWorm botnet C2 server (confidence level: 100%)
hash5000	XWorm botnet C2 server (confidence level: 100%)
hash8000	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Chaos botnet C2 server (confidence level: 100%)
hash65045	XWorm botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash7443	Mystic Stealer botnet C2 server (confidence level: 75%)
hash443	PlugX botnet C2 server (confidence level: 75%)
hash443	PlugX botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash5232	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash33736	Quasar RAT botnet C2 server (confidence level: 100%)
hash6066	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash44000	AsyncRAT botnet C2 server (confidence level: 100%)
hash4449	AsyncRAT botnet C2 server (confidence level: 100%)
hash4449	AsyncRAT botnet C2 server (confidence level: 100%)
hash1500	AsyncRAT botnet C2 server (confidence level: 100%)
hash4449	AsyncRAT botnet C2 server (confidence level: 100%)
hash47747	AsyncRAT botnet C2 server (confidence level: 100%)
hash4455	AsyncRAT botnet C2 server (confidence level: 100%)
hash61587	AsyncRAT botnet C2 server (confidence level: 100%)
hash25607	XWorm botnet C2 server (confidence level: 100%)
hash30965	XWorm botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash24111	XWorm botnet C2 server (confidence level: 100%)
hash42830	Remcos botnet C2 server (confidence level: 100%)
hash48921	NjRAT botnet C2 server (confidence level: 100%)
hash7777	NjRAT botnet C2 server (confidence level: 100%)
hash25252	Nanocore RAT botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash42515	Bashlite botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash666	Bashlite botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash4258	Bashlite botnet C2 server (confidence level: 100%)
hash606	Bashlite botnet C2 server (confidence level: 100%)
hash5568	ValleyRAT botnet C2 server (confidence level: 100%)
hash2556	XWorm botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 75%)
hash26841	XWorm botnet C2 server (confidence level: 75%)
hash65535	PureLogs Stealer botnet C2 server (confidence level: 99%)
hashab250bb831a9715a47610f89d0998f86	PureLogs Stealer payload (confidence level: 75%)
hashcec53e8df6c115eb7494c9ad7d2963d4	PureLogs Stealer payload (confidence level: 75%)
hasheedc8bb54465bd6720f28b41f7a2acf6	PureLogs Stealer payload (confidence level: 75%)
hash38d29f5ac47583f39a2ff5dc1c366f7d	PureLogs Stealer payload (confidence level: 75%)
hash8848	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1000	AsyncRAT botnet C2 server (confidence level: 100%)
hash65430	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash10258	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash41795	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4000	Unknown malware botnet C2 server (confidence level: 100%)
hash8082	MimiKatz botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1987	NjRAT botnet C2 server (confidence level: 100%)
hash8805	PureLogs Stealer botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash8009	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash6000	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5454	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash4500	BlackShades botnet C2 server (confidence level: 50%)
hash1337	AdaptixC2 botnet C2 server (confidence level: 50%)
hash1604	DarkComet botnet C2 server (confidence level: 50%)
hash4444	DarkComet botnet C2 server (confidence level: 50%)
hash9792	Remcos botnet C2 server (confidence level: 50%)
hash47228	Quasar RAT botnet C2 server (confidence level: 100%)
hash53	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash17300	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash62211	Havoc botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash7000	BitRAT botnet C2 server (confidence level: 100%)
hash80	RMS botnet C2 server (confidence level: 100%)
hash10921	ValleyRAT botnet C2 server (confidence level: 100%)
hash10922	ValleyRAT botnet C2 server (confidence level: 100%)
hash8848	AsyncRAT botnet C2 server (confidence level: 75%)
hash5677	MooBot botnet C2 server (confidence level: 75%)
hash14305	Remcos botnet C2 server (confidence level: 100%)
hash4449	AsyncRAT botnet C2 server (confidence level: 100%)
hash29996	Quasar RAT botnet C2 server (confidence level: 100%)
hash90	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash4000	Remcos botnet C2 server (confidence level: 100%)
hash39621	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash1963	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4000	Unknown malware botnet C2 server (confidence level: 100%)
hash15432	Havoc botnet C2 server (confidence level: 75%)
hash3389	Havoc botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash7771	XWorm botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://cc18300.tw1.ru/4160b747.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://impvmg.pics/xanj	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://34.64.111.49:8080/	Chaos botnet C2 (confidence level: 50%)
urlhttp://113.45.238.149:8888/supershell/login	Unknown malware botnet C2 (confidence level: 50%)
urlhttp://www.06.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.0z442.click/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.2zyo6w.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.63bitcoin.info/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.7o.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.88.fan/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.8dqy8.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.8ksbtrf.lat/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.adisson003.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aichuan.group/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ainianoffice.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aisoncalme.shop/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.alentabroadgroup.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.alentedgegrouphq.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.allantit.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.amily-doctor-96553.bond/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.andsbyen-nh.art/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.antwedding.food/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aoik.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.apakliescort.pro/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arrel.click/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.artechs.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.arung065.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aser-eye-surgery-gb-ro.sbs/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.astech223.tech/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.auuiqoq.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ayfairoutlet.shop/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bhvpf.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c.vacations/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c0739.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c1395.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c2081.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c3162.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c4809.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c5073.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c5349.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cottengland.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cty.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dd0rf.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dl5ue.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ds-adguard.pro/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dtr.website/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eadisadev.xyz/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.egundaviareservista.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.elegxzpw.click/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ellness360.services/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.enior-living-64812.bond/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.erm-life-insurance-guide.sbs/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ermech.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.erora.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eshi.qpon/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.est-gd-888.click/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.estsafe.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.etnow-system.cfd/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.f1e3c.pro/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.g-899b8.xyz/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.g51-lfoc1640.vip/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.gstore.vip/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.haymaa.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.herightmoment.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.herripalmer.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hetrxio.online/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hklbx.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hristopher559.forum/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.idgxq.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iewm0.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.inebreak.cloud/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ingitchyvisitwhistle.christmas/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iongciyuan.app/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iotrax.tech/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iq73j.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ir-condition-49726.bond/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.j-turismopg.win/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kclub.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kf5bb.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kgvuz.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kk72g.click/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.leuthly.app/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lingan.tech/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lockbuilder.app/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lovemygod.art/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lsdh33.lol/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.m5qfk.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mar1.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nfq.xyz/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nhojejagfsmoon482rapid.cfd/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nviodigitallive.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nviodigitalsstore.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nxzlb.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.obertdavid.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.odallmikn.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.odhod.cafe/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.olygon.llc/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.om-etcklb.live/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ome-portable-1hi3jo.bond/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.onsultacaixa.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oonlagoon.art/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ooyoo.cloud/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oreigndept.xyz/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.orwarderp.net/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oulscripts.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ourstoreworld.shop/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pkooity.cfd/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.px.lat/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.qbrn.sbs/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rafttrd.click/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ramthrish.lol/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.randperfumer.shop/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.reace.dev/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.remium5.click/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.riaaccounting.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ronostic.tech/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rownandcleatco.ltd/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sfglar.shop/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sgzg.sbs/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sxzvkf8.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sy884.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.t2025.net/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.t722.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tgroup.xyz/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tundst.xyz/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ukangzhe.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uposttracked.live/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vjii.info/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.w-vshop7-eleven.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xbet-bet-mu.xyz/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xrfeg.top/l36c/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.y7dld.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yudsbnfdg.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yvnub.top/ms14/	Formbook botnet C2 (confidence level: 50%)
urlhttp://147.78.67.188/lowprocessorasyncdletemp.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://horse18643.temp.swtest.ru/vmlowauthlongpollcentraldownloads.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://favgqu.shop/zajq	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://kinwlyo.xyz/gnbt	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://zsilvermoonbeam.hair/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://smoozof.top/ktjw	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://redacpq.shop/xpzl	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/kaktusikktvshow	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/edenwda	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/+jri-518b5m1knwjh	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/stftest	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://glhvps.lat/aiuq	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://estafetaems.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://posqvevibesonly.tech/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fpxawz.pics/agmt	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/asdvwq1123f123213	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://criminnbkb.run/aplx	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cocjkoonpillow.today/bvzx	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://tenbiw.shop/xjah	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://77.90.153.129	Stealc botnet C2 (confidence level: 100%)
urlhttp://37.72.175.148/eric/index.php	Azorult botnet C2 (confidence level: 100%)
urlhttp://proupdateserver.com/wp-content/index.php	Azorult botnet C2 (confidence level: 100%)
urlhttp://chuqce14.top/gate.php	CryptBot botnet C2 (confidence level: 100%)
urlhttps://www.vastkupan.com/wp-admin/js/cicdwkknms.pdf	PureLogs Stealer payload delivery URL (confidence level: 75%)
urlhttps://www.vastkupan.com/wp-admin/js/daupinslenj.pdf	PureLogs Stealer payload delivery URL (confidence level: 75%)
urlhttps://www.new.eventawardsrussia.com/wp-includes/ypeyqku.pdf	PureLogs Stealer payload delivery URL (confidence level: 75%)
urlhttp://77.91.68.71	Stealc botnet C2 (confidence level: 100%)
urlhttps://3.s.exifit.eu.org	Vidar botnet C2 (confidence level: 75%)
urlhttps://moslet.lat/tiwq	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/fddsafdsf	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://nbcsfar.xyz/tpxz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://prezud.top/xkaj	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/adsvdsadvqwasd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ycvduc.xyz/trie	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://smoskp.shop/zhad	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://77.91.68.71/bfbad28342bbb2aa.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://blade-govern.sbs/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://disobey-curly.sbs/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://leg-sate-boat.sbs/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://images.venthalpyapp.com/viewdashboard	FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://motion-treesz.sbs/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://story-tense-faz.sbs/api	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://a1141375.xsph.ru/76188b2b.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://715239cm.nyashvibe.ru/updategenerator.php	DCRat botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domainecs-113-45-47-3.compute.hwclouds-dns.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainm83-189-135-177.cust.tele2.se	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainimagoatlowk-58420.portmap.io	XWorm botnet C2 domain (confidence level: 100%)
domainandre21.ydns.eu	XWorm botnet C2 domain (confidence level: 100%)
domaindeveloper1.ydns.eu	XWorm botnet C2 domain (confidence level: 100%)
domainsheddinho1122.ddns.net	Remcos botnet C2 domain (confidence level: 100%)
domainj3ru5al3m.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domaintel-dv.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainwww.06.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.0z442.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.2zyo6w.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.63bitcoin.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.7o.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.88.fan	Formbook botnet C2 domain (confidence level: 50%)
domainwww.8dqy8.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.8ksbtrf.lat	Formbook botnet C2 domain (confidence level: 50%)
domainwww.adisson003.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aichuan.group	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ainianoffice.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aisoncalme.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.alentabroadgroup.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.alentedgegrouphq.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.allantit.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.amily-doctor-96553.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.andsbyen-nh.art	Formbook botnet C2 domain (confidence level: 50%)
domainwww.antwedding.food	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aoik.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.apakliescort.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arrel.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.artechs.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.arung065.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aser-eye-surgery-gb-ro.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.astech223.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.auuiqoq.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ayfairoutlet.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.bhvpf.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c.vacations	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c0739.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c1395.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c2081.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c3162.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c4809.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c5073.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c5349.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cottengland.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cty.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dd0rf.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dl5ue.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ds-adguard.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dtr.website	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eadisadev.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.egundaviareservista.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.elegxzpw.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ellness360.services	Formbook botnet C2 domain (confidence level: 50%)
domainwww.enior-living-64812.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.erm-life-insurance-guide.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ermech.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.erora.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eshi.qpon	Formbook botnet C2 domain (confidence level: 50%)
domainwww.est-gd-888.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.estsafe.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.etnow-system.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.f1e3c.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.g-899b8.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.g51-lfoc1640.vip	Formbook botnet C2 domain (confidence level: 50%)
domainwww.gstore.vip	Formbook botnet C2 domain (confidence level: 50%)
domainwww.haymaa.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.herightmoment.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.herripalmer.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hetrxio.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hklbx.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hristopher559.forum	Formbook botnet C2 domain (confidence level: 50%)
domainwww.idgxq.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iewm0.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.inebreak.cloud	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ingitchyvisitwhistle.christmas	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iongciyuan.app	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iotrax.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iq73j.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ir-condition-49726.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.j-turismopg.win	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kclub.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kf5bb.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kgvuz.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kk72g.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.leuthly.app	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lingan.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lockbuilder.app	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lovemygod.art	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lsdh33.lol	Formbook botnet C2 domain (confidence level: 50%)
domainwww.m5qfk.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mar1.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nfq.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nhojejagfsmoon482rapid.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nviodigitallive.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nviodigitalsstore.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nxzlb.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.obertdavid.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.odallmikn.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.odhod.cafe	Formbook botnet C2 domain (confidence level: 50%)
domainwww.olygon.llc	Formbook botnet C2 domain (confidence level: 50%)
domainwww.om-etcklb.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ome-portable-1hi3jo.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.onsultacaixa.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oonlagoon.art	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ooyoo.cloud	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oreigndept.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.orwarderp.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oulscripts.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ourstoreworld.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.pkooity.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.px.lat	Formbook botnet C2 domain (confidence level: 50%)
domainwww.qbrn.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rafttrd.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ramthrish.lol	Formbook botnet C2 domain (confidence level: 50%)
domainwww.randperfumer.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.reace.dev	Formbook botnet C2 domain (confidence level: 50%)
domainwww.remium5.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.riaaccounting.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ronostic.tech	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rownandcleatco.ltd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sfglar.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sgzg.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sxzvkf8.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sy884.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.t2025.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.t722.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.tgroup.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ukangzhe.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uposttracked.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.vjii.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.w-vshop7-eleven.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xbet-bet-mu.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xrfeg.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.y7dld.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yudsbnfdg.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yvnub.top	Formbook botnet C2 domain (confidence level: 50%)
domainbot.hiddenlists.net	Mirai botnet C2 domain (confidence level: 50%)
domainphubotnet.duckdns.org	Mirai botnet C2 domain (confidence level: 50%)
domainplaquist-simulator.com	Unknown Stealer payload delivery domain (confidence level: 50%)
domaineverlight-beta.netlify.app	Unknown Stealer payload delivery domain (confidence level: 50%)
domainmythstealer.win	Unknown Stealer payload delivery domain (confidence level: 50%)
domaincombatshell.com	Unknown Stealer payload delivery domain (confidence level: 50%)
domainluraka-game.github.io	Unknown Stealer payload delivery domain (confidence level: 50%)
domainyomiragame.blogspot.com	Unknown Stealer payload delivery domain (confidence level: 50%)
domaincombatsouls.com	Unknown Stealer payload delivery domain (confidence level: 50%)
domainmyth.cocukporno.lol	Unknown Stealer payload delivery domain (confidence level: 50%)
domainycvduc.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnbcsfar.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainadmin.primgs.lol	Unknown malware botnet C2 domain (confidence level: 50%)
domainimg.responsive.pstatic.autos	Unknown malware botnet C2 domain (confidence level: 50%)
domainimg.smartnords.site	Unknown malware botnet C2 domain (confidence level: 50%)
domainimg.worksongo.store	Unknown malware botnet C2 domain (confidence level: 50%)
domainshow.grip-cdns.space	Unknown malware botnet C2 domain (confidence level: 50%)
domainfakutenshop.cyou	PlugX botnet C2 domain (confidence level: 75%)
domaingjsccxw.cyou	PlugX botnet C2 domain (confidence level: 75%)
domainwww.f-r-a-kuten.cyou	PlugX botnet C2 domain (confidence level: 75%)
domainwww.shopecxw.cyou	PlugX botnet C2 domain (confidence level: 75%)
domaincbots.m.crooods.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincdn.burbankskincancercenter.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainithzb.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsmtp.dkairsystems.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsynchronization.rayanconfnet.ir	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintechwhispers.org	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainupdate.markets-news.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainevilc6604-54395.portmap.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domainqquasar.lnpntkd9vth0tup2.rest	Quasar RAT botnet C2 domain (confidence level: 100%)
domainever-transparent.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domaindone-gather.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainclairos-34961.portmap.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domainfall-islam.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainalexmoro.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainservicesdrivres1.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domaingomezgomez.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainmistico2032.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainconhostlogsdown1.sytes.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainconhostlogsdown2.sytes.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainjosemansory980.4cloud.click	AsyncRAT botnet C2 domain (confidence level: 100%)
domainxw.lnpntkd9vth0tup2.rest	XWorm botnet C2 domain (confidence level: 100%)
domainmagazine-tattoo.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainnames-compatibility.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainsuperwx.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domainbtoast.mywire.org	BitRAT botnet C2 domain (confidence level: 100%)
domainmarkscott.ddns.net	Remcos botnet C2 domain (confidence level: 100%)
domaingallery-article.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domain1221.sytes.net	NjRAT botnet C2 domain (confidence level: 100%)
domainnokta147.no-ip.biz	NjRAT botnet C2 domain (confidence level: 100%)
domainboth-burlington.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainmosabedz.ddns.net	NjRAT botnet C2 domain (confidence level: 100%)
domainckimo.ddns.net	NjRAT botnet C2 domain (confidence level: 100%)
domainduoohr71.top	CryptBot botnet C2 domain (confidence level: 100%)
domainmorttttf08.top	CryptBot botnet C2 domain (confidence level: 100%)
domainkypersar42.top	CryptBot botnet C2 domain (confidence level: 100%)
domainmorfev07.top	CryptBot botnet C2 domain (confidence level: 100%)
domainphenoms.ddns.net	Nanocore RAT botnet C2 domain (confidence level: 100%)
domainmoneybag042.warzonedns.com	Nanocore RAT botnet C2 domain (confidence level: 100%)
domaincontact-japan.gl.at.ply.gg	Nanocore RAT botnet C2 domain (confidence level: 100%)
domaincutaylorpascale.top	Gozi botnet C2 domain (confidence level: 100%)
domainsdorthyyantonietta.top	Gozi botnet C2 domain (confidence level: 100%)
domainjpearl26kacey.top	Gozi botnet C2 domain (confidence level: 100%)
domainalfo.zapto.org	CyberGate botnet C2 domain (confidence level: 100%)
domainzielony.no-ip.org	CyberGate botnet C2 domain (confidence level: 100%)
domainsfr90.no-ip.org	CyberGate botnet C2 domain (confidence level: 100%)
domain4morphis.no-ip.org	CyberGate botnet C2 domain (confidence level: 100%)
domainthe07ayoub.zapto.org	CyberGate botnet C2 domain (confidence level: 100%)
domainalfoo.no-ip.org	CyberGate botnet C2 domain (confidence level: 100%)
domainedwardian.zapto.org	CyberGate botnet C2 domain (confidence level: 100%)
domainitalo2011.no-ip.org	CyberGate botnet C2 domain (confidence level: 100%)
domainjuttrdx.no-ip.biz	CyberGate botnet C2 domain (confidence level: 100%)
domainbetter-allan.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainleading-calculator.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainwww.denisa.shop	Bashlite botnet C2 domain (confidence level: 100%)
domainkardan35.zapto.org	NjRAT botnet C2 domain (confidence level: 100%)
domain3.s.exifit.eu.org	Vidar botnet C2 domain (confidence level: 75%)
domainimages.venthalpyapp.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domain265ea973-18d6-47d2-8796-29db4decc888-00-lq5hf5va4e7m.pike.replit.dev	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincontinue-relationships.gl.at.ply.gg	Unknown RAT botnet C2 domain (confidence level: 100%)
domainmusicdownloader.top	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainkabarbhayangkara.com	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainnet.botwork.cc	MooBot botnet C2 domain (confidence level: 100%)
domaindilin2345-47228.portmap.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domainadmin.027dzjl.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainpan.crooods.com	Cobalt Strike botnet C2 domain (confidence level: 75%)