ThreatFox IOCs for 2025-07-06
Severity: mediumType: malware
ThreatFox IOCs for 2025-07-06
AI Analysis
Technical Summary
The provided information relates to a set of Indicators of Compromise (IOCs) published on 2025-07-06 by the ThreatFox MISP Feed, categorized under malware and OSINT (Open Source Intelligence) with a focus on network activity. The entry is tagged as 'type:osint' and 'tlp:white', indicating that the information is intended for wide sharing without restrictions. However, the data lacks specific details such as affected software versions, concrete technical indicators, or exploit descriptions. The threat level is rated as 2 on an unspecified scale, with analysis and distribution metrics provided but without elaboration. No known exploits are reported in the wild, and no patches are available or necessary, suggesting this is primarily an intelligence report rather than a direct vulnerability or active exploit. The absence of concrete IOCs or technical details limits the ability to assess the exact nature or mechanism of the threat. Overall, this appears to be a collection or update of OSINT-related malware indicators intended to inform security teams rather than a direct, active threat vector.
Potential Impact
Given the lack of specific exploit details or affected products, the direct impact on European organizations is likely limited at this stage. However, the dissemination of updated IOCs can aid defenders in identifying potential malicious network activity or malware infections early. European organizations that rely heavily on threat intelligence feeds for proactive defense could benefit from integrating these IOCs into their detection systems. Conversely, if these IOCs relate to emerging malware campaigns, failure to incorporate them could delay detection and response, potentially leading to data breaches or operational disruptions. The medium severity rating suggests a moderate risk, possibly reflecting the potential for network reconnaissance or initial infection stages rather than full compromise. The impact is therefore more about preparedness and situational awareness than immediate operational threat.
Mitigation Recommendations
European organizations should ensure that their security operations centers (SOCs) and threat intelligence teams ingest and correlate the latest IOCs from reputable sources such as ThreatFox. Automated integration of these indicators into intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) platforms, and network monitoring tools will enhance early detection capabilities. Regular training and updates for SOC analysts on interpreting OSINT-derived indicators can improve response times. Additionally, organizations should maintain robust network segmentation and monitoring to limit lateral movement if initial compromise occurs. Since no patches are available or required, focus should be on detection and containment strategies. Sharing any observed malicious activity related to these IOCs with trusted information sharing communities can also improve collective defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 91.92.46.210
- hash: 1881
- domain: yu.troutbunion.bet
- file: 193.32.176.103
- hash: 443
- file: 185.76.243.212
- hash: 443
- file: 185.76.243.209
- hash: 443
- file: 47.92.193.143
- hash: 4444
- file: 24.196.214.71
- hash: 80
- file: 172.94.9.229
- hash: 5671
- file: 198.46.159.228
- hash: 8888
- file: 128.90.113.155
- hash: 8808
- file: 103.190.107.26
- hash: 80
- file: 189.177.111.253
- hash: 790
- file: 189.177.111.253
- hash: 808
- file: 189.177.111.253
- hash: 990
- file: 189.177.111.253
- hash: 1099
- file: 189.177.111.253
- hash: 4444
- file: 189.177.111.253
- hash: 4465
- file: 46.246.12.5
- hash: 2003
- file: 51.92.224.227
- hash: 9042
- file: 185.144.159.15
- hash: 8080
- file: 107.158.128.78
- hash: 4321
- file: 23.95.68.186
- hash: 19000
- domain: analytics.digitalflowcloud.com
- domain: dadanyohoocloud.com
- domain: h.yangthousand.hair
- file: 196.251.72.214
- hash: 443
- file: 108.165.179.106
- hash: 2330
- file: 146.70.149.155
- hash: 8808
- file: 196.251.88.247
- hash: 5672
- file: 128.90.113.155
- hash: 5000
- domain: 31.213.176.34.bc.googleusercontent.com
- domain: ozzytzy-anomali-adminjomok.panel-store-pterodactyl.my.id
- file: 206.189.13.43
- hash: 443
- file: 118.107.46.82
- hash: 443
- file: 111.92.240.215
- hash: 443
- file: 54.250.24.180
- hash: 1000
- file: 85.9.198.2
- hash: 8000
- file: 159.75.130.224
- hash: 60000
- file: 52.220.145.23
- hash: 80
- file: 103.125.181.74
- hash: 3333
- file: 149.88.65.211
- hash: 3333
- file: 43.248.78.245
- hash: 3333
- file: 18.138.47.186
- hash: 80
- file: 52.221.228.55
- hash: 80
- file: 13.213.207.113
- hash: 80
- file: 144.91.72.237
- hash: 3333
- file: 164.90.176.178
- hash: 443
- file: 18.163.212.208
- hash: 6666
- url: https://concvek.shop/gfhj
- url: https://t.me/xfbeh45trehgs5y4
- url: https://triobm.xyz/tapw
- file: 45.201.0.222
- hash: 1000
- url: http://maxsim87.beget.tech/javascriptrequestsecurewpcdn.php
- domain: nsxauth.duckdns.org
- domain: respaldofinal.kozow.com
- domain: 1ms0rry-35873.portmap.io
- file: 90.133.225.228
- hash: 4782
- domain: rrs123.no-ip.org
- domain: sidalibelkercha.ddns.net
- domain: hacker9393.ddns.net
- file: 39.108.160.153
- hash: 8001
- file: 39.108.160.153
- hash: 8002
- file: 39.108.160.153
- hash: 80
- domain: thecrazyboyyy.no-ip.biz
- file: 147.50.253.17
- hash: 9569
- file: 47.113.217.92
- hash: 9999
- file: 47.92.116.191
- hash: 9090
- file: 207.254.31.224
- hash: 8443
- file: 45.74.10.16
- hash: 8808
- file: 196.251.117.187
- hash: 40000
- file: 160.250.180.19
- hash: 80
- file: 146.103.101.110
- hash: 443
- file: 176.44.48.186
- hash: 995
- url: http://185.82.200.174/nunu/gate.php
- file: 78.142.231.204
- hash: 4433
- file: 196.251.71.186
- hash: 4433
- file: 114.55.29.53
- hash: 80
- file: 8.137.151.96
- hash: 80
- file: 43.129.64.173
- hash: 8443
- file: 49.232.79.190
- hash: 443
- file: 39.96.179.166
- hash: 9205
- file: 59.110.115.227
- hash: 9205
- file: 184.155.70.172
- hash: 31337
- file: 47.245.126.17
- hash: 31337
- file: 107.148.77.8
- hash: 31337
- file: 18.162.40.221
- hash: 2455
- file: 220.76.181.17
- hash: 6000
- file: 74.177.197.62
- hash: 6007
- file: 102.117.173.10
- hash: 7443
- file: 24.152.37.111
- hash: 1177
- url: http://49.113.78.135:8888/supershell/login
- url: http://182.92.159.149:8888/supershell/login
- url: http://150.109.78.145:8888/supershell/login
- url: http://176.46.157.50/tu3d2rom/login.php
- url: https://94.156.177.41/ffan/five/pvqdq929bsx_a_d_m1n_a.php
- domain: island-towns.gl.at.ply.gg
- domain: kingdom-nu.gl.at.ply.gg
- domain: unique-heard.gl.at.ply.gg
- domain: ec2-13-250-159-36.ap-southeast-1.compute.amazonaws.com
- domain: dubstep33.ddns.net
- file: 147.185.221.29
- hash: 63482
- domain: 360.huiyuan8.vip
- url: http://www.famecy.com/laiga/panel/five/fre.php
- domain: shitfaced.tk
- domain: chernobyl.webhop.me
- domain: hacking702-35743.portmap.io
- file: 107.172.238.21
- hash: 2404
- file: 179.43.186.224
- hash: 5900
- domain: jmaxx2.duckdns.org
- domain: urchamadi.ddns.net
- domain: wizwormskiddoleakexpose-22797.portmap.io
- file: 216.126.225.3
- hash: 7443
- file: 181.162.148.17
- hash: 8080
- file: 185.72.199.80
- hash: 1717
- file: 15.160.119.2
- hash: 1244
- file: 54.171.100.90
- hash: 8888
- file: 13.61.141.59
- hash: 44819
- file: 18.143.94.16
- hash: 6443
- file: 41.216.188.92
- hash: 80
- domain: mohamedmmk.zapto.org
- domain: mohooooo.zapto.org
- file: 117.24.15.81
- hash: 443
- url: http://gopgop21.beget.tech/16475660.php
- file: 148.113.214.176
- hash: 2406
- url: https://trarzcr.top/zxcv
- file: 103.39.109.196
- hash: 8081
- file: 139.224.44.53
- hash: 60000
- file: 5.101.81.63
- hash: 9000
- file: 45.138.16.118
- hash: 2404
- file: 18.162.151.228
- hash: 443
- file: 45.138.183.226
- hash: 8974
- file: 74.48.78.46
- hash: 8888
- domain: ec2-34-219-200-70.us-west-2.compute.amazonaws.com
- file: 54.199.161.171
- hash: 35183
- file: 54.177.38.62
- hash: 1194
- file: 147.93.4.113
- hash: 8080
- url: https://t.me/romalabs1
- url: https://wesajkh.top/pxza
- file: 156.245.198.64
- hash: 6871
- file: 43.132.214.133
- hash: 40110
- file: 27.124.45.87
- hash: 6060
- file: 45.137.201.64
- hash: 187
- file: 77.172.131.127
- hash: 19132
- domain: ak1.ksdcks2.org
- file: 154.94.232.213
- hash: 6666
- file: 154.94.232.213
- hash: 8888
- file: 23.249.28.80
- hash: 53
- file: 23.249.28.80
- hash: 90
- file: 23.249.28.80
- hash: 80
- domain: cantante1.no-ip.org
- domain: ratosorrateiro.hopto.org
- file: 47.92.173.241
- hash: 8081
- file: 101.200.73.120
- hash: 80
- file: 8.152.99.85
- hash: 443
- file: 175.27.249.87
- hash: 80
- file: 88.229.27.40
- hash: 4040
- file: 103.230.69.188
- hash: 443
- file: 31.57.219.32
- hash: 5938
- file: 157.66.56.98
- hash: 5000
- file: 195.26.230.140
- hash: 80
- file: 107.172.86.208
- hash: 1389
- file: 144.34.154.36
- hash: 443
- file: 136.0.157.47
- hash: 8083
- file: 91.151.89.158
- hash: 4783
- file: 185.249.198.213
- hash: 8088
ThreatFox IOCs for 2025-07-06
Medium
Published: Sun Jul 06 2025 (07/06/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-07-06
AI-Powered Analysis
AILast updated: 07/07/2025, 00:24:35 UTC
Technical Analysis
The provided information relates to a set of Indicators of Compromise (IOCs) published on 2025-07-06 by the ThreatFox MISP Feed, categorized under malware and OSINT (Open Source Intelligence) with a focus on network activity. The entry is tagged as 'type:osint' and 'tlp:white', indicating that the information is intended for wide sharing without restrictions. However, the data lacks specific details such as affected software versions, concrete technical indicators, or exploit descriptions. The threat level is rated as 2 on an unspecified scale, with analysis and distribution metrics provided but without elaboration. No known exploits are reported in the wild, and no patches are available or necessary, suggesting this is primarily an intelligence report rather than a direct vulnerability or active exploit. The absence of concrete IOCs or technical details limits the ability to assess the exact nature or mechanism of the threat. Overall, this appears to be a collection or update of OSINT-related malware indicators intended to inform security teams rather than a direct, active threat vector.
Potential Impact
Given the lack of specific exploit details or affected products, the direct impact on European organizations is likely limited at this stage. However, the dissemination of updated IOCs can aid defenders in identifying potential malicious network activity or malware infections early. European organizations that rely heavily on threat intelligence feeds for proactive defense could benefit from integrating these IOCs into their detection systems. Conversely, if these IOCs relate to emerging malware campaigns, failure to incorporate them could delay detection and response, potentially leading to data breaches or operational disruptions. The medium severity rating suggests a moderate risk, possibly reflecting the potential for network reconnaissance or initial infection stages rather than full compromise. The impact is therefore more about preparedness and situational awareness than immediate operational threat.
Mitigation Recommendations
European organizations should ensure that their security operations centers (SOCs) and threat intelligence teams ingest and correlate the latest IOCs from reputable sources such as ThreatFox. Automated integration of these indicators into intrusion detection/prevention systems (IDS/IPS), endpoint detection and response (EDR) platforms, and network monitoring tools will enhance early detection capabilities. Regular training and updates for SOC analysts on interpreting OSINT-derived indicators can improve response times. Additionally, organizations should maintain robust network segmentation and monitoring to limit lateral movement if initial compromise occurs. Since no patches are available or required, focus should be on detection and containment strategies. Sharing any observed malicious activity related to these IOCs with trusted information sharing communities can also improve collective defense.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 53e469b3-7408-4bdd-8f70-a8ed16c92a16
- Original Timestamp
- 1751846587
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file91.92.46.210 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file193.32.176.103 | ACR Stealer botnet C2 server (confidence level: 100%) | |
file185.76.243.212 | ACR Stealer botnet C2 server (confidence level: 100%) | |
file185.76.243.209 | ACR Stealer botnet C2 server (confidence level: 100%) | |
file47.92.193.143 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file24.196.214.71 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.9.229 | Remcos botnet C2 server (confidence level: 100%) | |
file198.46.159.228 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.90.113.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.190.107.26 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file189.177.111.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file189.177.111.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file189.177.111.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file189.177.111.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file189.177.111.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file189.177.111.253 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file46.246.12.5 | DCRat botnet C2 server (confidence level: 100%) | |
file51.92.224.227 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.144.159.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.158.128.78 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.95.68.186 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file196.251.72.214 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file108.165.179.106 | XWorm botnet C2 server (confidence level: 100%) | |
file146.70.149.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.88.247 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.113.155 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file206.189.13.43 | Havoc botnet C2 server (confidence level: 100%) | |
file118.107.46.82 | DCRat botnet C2 server (confidence level: 100%) | |
file111.92.240.215 | DCRat botnet C2 server (confidence level: 100%) | |
file54.250.24.180 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file85.9.198.2 | MimiKatz botnet C2 server (confidence level: 100%) | |
file159.75.130.224 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.220.145.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.125.181.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.88.65.211 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.248.78.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.138.47.186 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.221.228.55 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.213.207.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.91.72.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file164.90.176.178 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.163.212.208 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.201.0.222 | XWorm botnet C2 server (confidence level: 100%) | |
file90.133.225.228 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file39.108.160.153 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file39.108.160.153 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file39.108.160.153 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.50.253.17 | XWorm botnet C2 server (confidence level: 100%) | |
file47.113.217.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.116.191 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file207.254.31.224 | pupy botnet C2 server (confidence level: 100%) | |
file45.74.10.16 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.117.187 | Venom RAT botnet C2 server (confidence level: 100%) | |
file160.250.180.19 | Bashlite botnet C2 server (confidence level: 100%) | |
file146.103.101.110 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
file176.44.48.186 | QakBot botnet C2 server (confidence level: 75%) | |
file78.142.231.204 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file196.251.71.186 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file114.55.29.53 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.137.151.96 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file43.129.64.173 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file49.232.79.190 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file39.96.179.166 | Unknown malware botnet C2 server (confidence level: 50%) | |
file59.110.115.227 | Unknown malware botnet C2 server (confidence level: 50%) | |
file184.155.70.172 | Sliver botnet C2 server (confidence level: 50%) | |
file47.245.126.17 | Sliver botnet C2 server (confidence level: 50%) | |
file107.148.77.8 | Sliver botnet C2 server (confidence level: 50%) | |
file18.162.40.221 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file220.76.181.17 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file74.177.197.62 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file102.117.173.10 | Unknown malware botnet C2 server (confidence level: 50%) | |
file24.152.37.111 | NjRAT botnet C2 server (confidence level: 50%) | |
file147.185.221.29 | DCRat botnet C2 server (confidence level: 50%) | |
file107.172.238.21 | Remcos botnet C2 server (confidence level: 100%) | |
file179.43.186.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.126.225.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.162.148.17 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.72.199.80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file15.160.119.2 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.171.100.90 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.61.141.59 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.143.94.16 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file41.216.188.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file117.24.15.81 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file148.113.214.176 | Remcos botnet C2 server (confidence level: 100%) | |
file103.39.109.196 | FatalRat botnet C2 server (confidence level: 100%) | |
file139.224.44.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.101.81.63 | Remcos botnet C2 server (confidence level: 100%) | |
file45.138.16.118 | Remcos botnet C2 server (confidence level: 100%) | |
file18.162.151.228 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.138.183.226 | Remcos botnet C2 server (confidence level: 100%) | |
file74.48.78.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.199.161.171 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.177.38.62 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file147.93.4.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.245.198.64 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.132.214.133 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file27.124.45.87 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.137.201.64 | XWorm botnet C2 server (confidence level: 100%) | |
file77.172.131.127 | NjRAT botnet C2 server (confidence level: 100%) | |
file154.94.232.213 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.94.232.213 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file23.249.28.80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file23.249.28.80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file23.249.28.80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.92.173.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.200.73.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.152.99.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.27.249.87 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file88.229.27.40 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.230.69.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.57.219.32 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file157.66.56.98 | Venom RAT botnet C2 server (confidence level: 100%) | |
file195.26.230.140 | MooBot botnet C2 server (confidence level: 100%) | |
file107.172.86.208 | xmrig botnet C2 server (confidence level: 100%) | |
file144.34.154.36 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file136.0.157.47 | XWorm botnet C2 server (confidence level: 100%) | |
file91.151.89.158 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file185.249.198.213 | PureLogs Stealer botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash1881 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 100%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 100%) | |
hash443 | ACR Stealer botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5671 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash790 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash808 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash990 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1099 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4444 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4465 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash2003 | DCRat botnet C2 server (confidence level: 100%) | |
hash9042 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash19000 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2330 | XWorm botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5672 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash1000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1000 | XWorm botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8001 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8002 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9569 | XWorm botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9090 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | pupy botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash40000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | Eye Pyramid botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9205 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash2455 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6007 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash1177 | NjRAT botnet C2 server (confidence level: 50%) | |
hash63482 | DCRat botnet C2 server (confidence level: 50%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash5900 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1717 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1244 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8888 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash44819 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2406 | Remcos botnet C2 server (confidence level: 100%) | |
hash8081 | FatalRat botnet C2 server (confidence level: 100%) | |
hash60000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9000 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8974 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash35183 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1194 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6871 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash40110 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6060 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash187 | XWorm botnet C2 server (confidence level: 100%) | |
hash19132 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4040 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5938 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash1389 | xmrig botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8083 | XWorm botnet C2 server (confidence level: 100%) | |
hash4783 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash8088 | PureLogs Stealer botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainyu.troutbunion.bet | ACR Stealer botnet C2 domain (confidence level: 100%) | |
domainanalytics.digitalflowcloud.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindadanyohoocloud.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainh.yangthousand.hair | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain31.213.176.34.bc.googleusercontent.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainozzytzy-anomali-adminjomok.panel-store-pterodactyl.my.id | Havoc botnet C2 domain (confidence level: 100%) | |
domainnsxauth.duckdns.org | XWorm botnet C2 domain (confidence level: 100%) | |
domainrespaldofinal.kozow.com | Remcos botnet C2 domain (confidence level: 100%) | |
domain1ms0rry-35873.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainrrs123.no-ip.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainsidalibelkercha.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainhacker9393.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainthecrazyboyyy.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainisland-towns.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainkingdom-nu.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainunique-heard.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainec2-13-250-159-36.ap-southeast-1.compute.amazonaws.com | Cobalt Strike botnet C2 domain (confidence level: 50%) | |
domaindubstep33.ddns.net | DarkComet botnet C2 domain (confidence level: 50%) | |
domain360.huiyuan8.vip | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainshitfaced.tk | Mirai botnet C2 domain (confidence level: 50%) | |
domainchernobyl.webhop.me | XWorm botnet C2 domain (confidence level: 50%) | |
domainhacking702-35743.portmap.io | XWorm botnet C2 domain (confidence level: 50%) | |
domainjmaxx2.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainurchamadi.ddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainwizwormskiddoleakexpose-22797.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainmohamedmmk.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmohooooo.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainec2-34-219-200-70.us-west-2.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainak1.ksdcks2.org | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domaincantante1.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainratosorrateiro.hopto.org | CyberGate botnet C2 domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://concvek.shop/gfhj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/xfbeh45trehgs5y4 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://triobm.xyz/tapw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://maxsim87.beget.tech/javascriptrequestsecurewpcdn.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://185.82.200.174/nunu/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttp://49.113.78.135:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://182.92.159.149:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://150.109.78.145:8888/supershell/login | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://176.46.157.50/tu3d2rom/login.php | Amadey botnet C2 (confidence level: 50%) | |
urlhttps://94.156.177.41/ffan/five/pvqdq929bsx_a_d_m1n_a.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttp://www.famecy.com/laiga/panel/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttp://gopgop21.beget.tech/16475660.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://trarzcr.top/zxcv | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/romalabs1 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://wesajkh.top/pxza | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 686b102e6f40f0eb72d99409
Added to database: 7/7/2025, 12:09:18 AM
Last enriched: 7/7/2025, 12:24:35 AM
Last updated: 7/9/2025, 12:40:26 AM
Views: 11
Related Threats
Spyware Targets Employees via Weaponized Word Documents Delivering Malware Payloads
MediumMalwareWed Jul 09 2025
Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation
MediumMalwareWed Jul 09 2025
ThreatFox IOCs for 2025-07-08
MediumMalwareWed Jul 09 2025
Pakistan’s APT36 Transparent Tribe Targets Indian Defense Sector with New Linux Malware
MediumMalwareTue Jul 08 2025
ThreatFox IOCs for 2025-07-07
MediumMalwareTue Jul 08 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.