ThreatFox IOCs for 2025-07-07
Severity: mediumType: malware
ThreatFox IOCs for 2025-07-07
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-07-07 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or exploit. No affected software versions or specific vulnerabilities are identified, and there are no known exploits in the wild linked to these IOCs. The threat level is indicated as medium, with a threatLevel score of 2, analysis score of 1, and distribution score of 3, suggesting moderate dissemination and some level of analysis but limited technical detail. The absence of patch availability and lack of CWE identifiers imply that this is not tied to a known software vulnerability but rather to observed malicious network behaviors or payload delivery mechanisms detected through OSINT methods. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable without restriction. Overall, this entry serves as a situational awareness update providing network defenders with potential indicators to monitor but lacks detailed technical specifics about the malware or attack vectors.
Potential Impact
For European organizations, the impact of these IOCs depends largely on their ability to integrate and act upon this threat intelligence within their security monitoring frameworks. Since no specific exploited vulnerabilities or malware payload details are provided, the direct risk is moderate. However, the presence of network activity and payload delivery tags suggests potential risks of intrusion attempts or malware infections if these indicators correspond to active campaigns. Organizations relying on OSINT feeds for threat detection can use these IOCs to enhance their detection capabilities and potentially prevent compromise. The lack of known exploits in the wild reduces immediate urgency, but the medium severity rating indicates that vigilance is warranted. European entities with critical infrastructure or sensitive data may face increased risk if these IOCs relate to targeted campaigns, especially if attackers leverage these indicators to bypass defenses or deliver payloads.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enable real-time detection of related network activity. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise or suspicious payload delivery attempts within the network. 3. Enhance network segmentation and implement strict egress filtering to limit the potential spread or communication of malicious payloads. 4. Maintain up-to-date endpoint protection solutions capable of detecting and blocking payloads associated with these indicators. 5. Train security teams to recognize and respond to network activity patterns consistent with the provided threat intelligence. 6. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat landscapes. 7. Since no patches are available, focus on detection and response capabilities rather than remediation of software vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: servicezqp.lol
- file: 189.1.226.116
- hash: 443
- file: 114.132.190.235
- hash: 443
- file: 128.90.115.156
- hash: 5000
- file: 196.251.116.62
- hash: 8888
- file: 103.230.69.188
- hash: 7443
- file: 5.181.2.21
- hash: 443
- file: 52.167.137.175
- hash: 443
- file: 35.180.203.168
- hash: 18572
- file: 13.233.168.184
- hash: 26160
- file: 134.209.207.184
- hash: 23
- file: 160.218.107.14
- hash: 80
- file: 154.91.180.29
- hash: 41433
- file: 108.61.252.113
- hash: 4321
- url: http://89.35.130.147:58819/983a7643.php
- hash: 7482d1cece44511ee978f8d418040867
- file: 206.238.114.75
- hash: 32211
- file: 45.204.192.216
- hash: 8081
- hash: 08759d9ea2712d693891c870bbebbde3
- file: 36.133.99.108
- hash: 4443
- file: 103.176.197.34
- hash: 80
- file: 196.251.116.62
- hash: 222
- file: 5.181.2.21
- hash: 1000
- file: 37.72.168.146
- hash: 45677
- file: 13.246.42.27
- hash: 1963
- file: 51.20.248.15
- hash: 23642
- file: 40.176.253.172
- hash: 45207
- file: 13.60.201.128
- hash: 3333
- file: 65.0.55.238
- hash: 3333
- file: 34.195.162.188
- hash: 8443
- file: 54.91.60.122
- hash: 443
- file: 3.127.89.233
- hash: 80
- file: 122.50.5.70
- hash: 3333
- file: 89.110.81.103
- hash: 80
- url: http://a0747299.xsph.ru/_defaultwindows.php
- url: https://b1.a.exifit.ir/
- url: https://116.202.182.34/
- domain: b1.a.exifit.ir
- file: 116.202.182.34
- hash: 443
- domain: legder-live-desktop.net
- domain: forbescheck.top
- domain: nnnnssss-64548.portmap.io
- file: 196.251.69.238
- hash: 2404
- domain: nuevboprogreso.duckdns.org
- file: 118.195.235.103
- hash: 8808
- file: 45.153.22.11
- hash: 2424
- url: https://parcel-tracks.live/api
- file: 206.238.114.75
- hash: 32212
- file: 150.95.26.55
- hash: 443
- file: 47.239.69.149
- hash: 443
- file: 88.218.93.71
- hash: 443
- file: 114.55.29.53
- hash: 443
- file: 1.92.138.71
- hash: 8080
- file: 47.109.140.12
- hash: 2233
- file: 221.132.29.137
- hash: 4433
- file: 51.68.231.231
- hash: 31337
- file: 142.44.35.188
- hash: 31337
- file: 38.244.195.30
- hash: 31337
- file: 121.186.76.168
- hash: 6001
- file: 205.185.114.104
- hash: 8157
- file: 170.64.207.117
- hash: 80
- file: 196.251.116.62
- hash: 444
- file: 178.19.240.193
- hash: 5938
- file: 84.132.23.65
- hash: 80
- file: 51.250.8.230
- hash: 20001
- url: http://a1055919.xsph.ru/84c32770.php
- domain: 296azure-64092.portmap.io
- domain: madara21-54023.portmap.io
- domain: uranet.duckdns.org
- file: 213.209.150.147
- hash: 6000
- url: http://inventscience.st:443/hsiy
- url: http://inventscience.st:443/jcoa
- url: http://a1144817.xsph.ru/1e3e1c5f.php
- file: 194.59.30.123
- hash: 1750
- file: 119.8.127.123
- hash: 59981
- file: 117.72.70.150
- hash: 80
- file: 103.143.81.95
- hash: 4433
- file: 196.251.116.62
- hash: 2222
- file: 168.231.110.190
- hash: 443
- domain: node.ozzytzy-anomali-adminjomok.panel-store-pterodactyl.my.id
- file: 16.24.145.72
- hash: 7207
- file: 13.38.41.124
- hash: 20001
- file: 185.196.11.182
- hash: 80
- file: 24.158.36.34
- hash: 443
- domain: lbkequityexchange.com
- file: 23.249.29.68
- hash: 90
- file: 43.198.149.5
- hash: 6628
- url: https://lbkequityexchange.com/eqtrn.exe
- file: 147.185.221.29
- hash: 34904
- url: http://a1144925.xsph.ru/945a7ca3.php
- file: 193.161.193.99
- hash: 53895
- domain: summer25hot.org
- file: 106.14.2.243
- hash: 443
- domain: farahsaamer.duckdns.org
- domain: remdynu1.accesscam.org
- domain: remdynu2.accesscam.org
- file: 47.121.130.60
- hash: 8888
- domain: hajouts8koumis9.duckdns.org
- domain: hajouts8koumis910.duckdns.org
- file: 141.11.1.120
- hash: 7443
- file: 94.31.108.120
- hash: 6606
- file: 94.31.108.120
- hash: 7707
- file: 94.31.108.120
- hash: 8808
- domain: wisedreams-53895.portmap.io
- url: https://elopmgg.top/irwq
- file: 176.46.157.64
- hash: 1912
- url: http://45.156.87.219
- url: http://45.156.87.219/7ab1be8d3f144ac7.php
- file: 45.156.87.219
- hash: 80
- file: 194.213.18.34
- hash: 443
- file: 129.204.130.127
- hash: 8080
- file: 43.139.59.122
- hash: 8080
- domain: stable.lanpdt.info
- file: 212.115.41.175
- hash: 16465
- file: 149.22.227.64
- hash: 1111
- url: https://stable.lanpdt.info/viewdashboard
- file: 166.88.164.42
- hash: 443
- domain: anoteryo.top
- domain: videoproduction.demostagingserver.com
- file: 3.126.37.18
- hash: 15761
- file: 18.192.93.86
- hash: 15761
- file: 18.156.13.209
- hash: 15761
- file: 18.157.68.73
- hash: 15761
- domain: mugu3.ydns.eu
- file: 147.185.221.29
- hash: 60301
- file: 27.147.169.101
- hash: 9999
- file: 27.147.169.101
- hash: 7000
- file: 156.238.225.44
- hash: 80
- file: 193.31.28.49
- hash: 5946
- file: 172.81.61.168
- hash: 2404
- file: 176.46.157.34
- hash: 2404
- file: 176.46.157.34
- hash: 8808
- file: 5.101.81.63
- hash: 2404
- file: 185.25.50.35
- hash: 443
- file: 91.92.46.250
- hash: 21
- file: 124.198.131.29
- hash: 2404
- file: 45.201.216.189
- hash: 65535
- file: 80.64.19.69
- hash: 35672
- file: 156.246.3.189
- hash: 9397
- domain: c83-249-230-189.bredband.tele2.se
- file: 161.97.76.244
- hash: 7443
- file: 64.227.189.57
- hash: 7443
- file: 54.65.51.137
- hash: 2762
- file: 18.208.220.64
- hash: 50580
- file: 95.164.123.60
- hash: 1303
- file: 196.251.69.82
- hash: 49002
- domain: en.earthen.io
- file: 128.199.132.98
- hash: 1177
- url: http://92.42.99.73/videolowserversqlprivateuploads.php
- domain: ambakgroup.com
- domain: windows11.webredirect.org
- file: 45.156.87.226
- hash: 9373
- domain: slitterline.xyz
- domain: rem.specialtyfoodnetwork.site
- file: 87.120.186.37
- hash: 57480
- file: 89.39.121.31
- hash: 55500
- url: https://elta-couriiirr.top/api
- domain: nglocalhost.com
- file: 154.94.232.242
- hash: 6666
- file: 154.94.232.242
- hash: 8888
- file: 43.100.117.240
- hash: 443
- file: 43.100.117.240
- hash: 801
- domain: amazon.capeturk.com
- domain: tarek777.no-ip.biz
- domain: reportedfall.no-ip.biz
- url: http://animals713.temp.swtest.ru/longpollbigloaddefault.php
- file: 23.249.28.155
- hash: 443
- file: 193.142.146.64
- hash: 5456
- file: 54.177.153.237
- hash: 12543
- file: 157.230.34.254
- hash: 31337
- file: 15.185.82.178
- hash: 2761
- file: 16.51.99.163
- hash: 15
- file: 107.154.172.8
- hash: 16010
- file: 51.250.8.230
- hash: 21379
- file: 213.209.150.171
- hash: 5010
- url: https://pastebin.com/raw/m9sq3rbn
- file: 147.185.221.20
- hash: 21790
- domain: blog.ictstudents.help
- domain: dns2.e-twfpg.com
- domain: login.ictstudents.help
- domain: ns1.bsetop.top
- domain: ns2.bsetop.top
- domain: ns3.bsetop.top
- domain: support.desktop.wales
- file: 35.78.222.198
- hash: 53
- file: 48.220.32.191
- hash: 53
- file: 5.188.86.168
- hash: 53
- file: 119.91.235.213
- hash: 443
- file: 47.117.143.185
- hash: 443
- file: 196.251.84.172
- hash: 5000
- file: 196.189.21.73
- hash: 443
- file: 77.90.153.204
- hash: 8080
- file: 128.90.115.156
- hash: 2000
- file: 172.86.105.40
- hash: 8089
- file: 148.66.21.235
- hash: 80
- file: 148.66.21.238
- hash: 80
- file: 148.66.21.234
- hash: 80
- file: 196.120.15.116
- hash: 443
- url: https://91.99.201.76
- url: https://17.5.exifit.ir
- domain: 17.5.exifit.ir
- file: 105.96.53.240
- hash: 32103
- file: 110.42.229.59
- hash: 7000
- file: 16.64.3.63
- hash: 443
- file: 176.44.55.45
- hash: 995
- file: 182.30.42.80
- hash: 443
- file: 182.30.50.169
- hash: 443
- file: 184.63.156.132
- hash: 443
- file: 52.27.77.62
- hash: 443
- file: 83.110.196.162
- hash: 443
- file: 85.239.52.249
- hash: 80
- file: 88.129.147.201
- hash: 8080
- file: 27.106.96.167
- hash: 4173
- file: 123.56.43.176
- hash: 4173
- file: 161.97.87.37
- hash: 1337
- file: 81.70.172.120
- hash: 4173
- file: 165.22.209.134
- hash: 443
- file: 152.42.156.19
- hash: 443
- file: 89.58.40.80
- hash: 1337
- file: 80.15.141.250
- hash: 9993
- file: 47.96.125.204
- hash: 40945
- file: 173.234.30.74
- hash: 10001
- file: 223.247.220.26
- hash: 10001
- file: 92.205.165.168
- hash: 10001
- file: 3.74.27.83
- hash: 19275
- file: 147.185.221.29
- hash: 32655
- file: 193.37.69.44
- hash: 443
ThreatFox IOCs for 2025-07-07
Medium
Published: Mon Jul 07 2025 (07/07/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-07-07
AI-Powered Analysis
AILast updated: 07/08/2025, 00:24:46 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-07-07 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or exploit. No affected software versions or specific vulnerabilities are identified, and there are no known exploits in the wild linked to these IOCs. The threat level is indicated as medium, with a threatLevel score of 2, analysis score of 1, and distribution score of 3, suggesting moderate dissemination and some level of analysis but limited technical detail. The absence of patch availability and lack of CWE identifiers imply that this is not tied to a known software vulnerability but rather to observed malicious network behaviors or payload delivery mechanisms detected through OSINT methods. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable without restriction. Overall, this entry serves as a situational awareness update providing network defenders with potential indicators to monitor but lacks detailed technical specifics about the malware or attack vectors.
Potential Impact
For European organizations, the impact of these IOCs depends largely on their ability to integrate and act upon this threat intelligence within their security monitoring frameworks. Since no specific exploited vulnerabilities or malware payload details are provided, the direct risk is moderate. However, the presence of network activity and payload delivery tags suggests potential risks of intrusion attempts or malware infections if these indicators correspond to active campaigns. Organizations relying on OSINT feeds for threat detection can use these IOCs to enhance their detection capabilities and potentially prevent compromise. The lack of known exploits in the wild reduces immediate urgency, but the medium severity rating indicates that vigilance is warranted. European entities with critical infrastructure or sensitive data may face increased risk if these IOCs relate to targeted campaigns, especially if attackers leverage these indicators to bypass defenses or deliver payloads.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enable real-time detection of related network activity. 2. Conduct regular threat hunting exercises using these IOCs to identify any signs of compromise or suspicious payload delivery attempts within the network. 3. Enhance network segmentation and implement strict egress filtering to limit the potential spread or communication of malicious payloads. 4. Maintain up-to-date endpoint protection solutions capable of detecting and blocking payloads associated with these indicators. 5. Train security teams to recognize and respond to network activity patterns consistent with the provided threat intelligence. 6. Collaborate with national and European cybersecurity information sharing organizations to contextualize these IOCs within broader threat landscapes. 7. Since no patches are available, focus on detection and response capabilities rather than remediation of software vulnerabilities.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- cab53ffe-9400-4aa9-85c9-56c2e89aec80
- Original Timestamp
- 1751932987
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainservicezqp.lol | Unknown malware credit card skimming domain (confidence level: 100%) | |
domainb1.a.exifit.ir | Vidar botnet C2 domain (confidence level: 100%) | |
domainlegder-live-desktop.net | Unknown malware payload delivery domain (confidence level: 100%) | |
domainforbescheck.top | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnnnnssss-64548.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainnuevboprogreso.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain296azure-64092.portmap.io | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainmadara21-54023.portmap.io | DarkComet botnet C2 domain (confidence level: 50%) | |
domainuranet.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainnode.ozzytzy-anomali-adminjomok.panel-store-pterodactyl.my.id | Havoc botnet C2 domain (confidence level: 100%) | |
domainlbkequityexchange.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsummer25hot.org | NetSupportManager RAT botnet C2 domain (confidence level: 100%) | |
domainfarahsaamer.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainremdynu1.accesscam.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainremdynu2.accesscam.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainhajouts8koumis9.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainhajouts8koumis910.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainwisedreams-53895.portmap.io | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainstable.lanpdt.info | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainanoteryo.top | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainvideoproduction.demostagingserver.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainmugu3.ydns.eu | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainc83-249-230-189.bredband.tele2.se | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainen.earthen.io | ShadowPad botnet C2 domain (confidence level: 95%) | |
domainambakgroup.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainwindows11.webredirect.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainslitterline.xyz | Remcos botnet C2 domain (confidence level: 100%) | |
domainrem.specialtyfoodnetwork.site | Remcos botnet C2 domain (confidence level: 100%) | |
domainnglocalhost.com | NjRAT botnet C2 domain (confidence level: 100%) | |
domainamazon.capeturk.com | Revenge RAT botnet C2 domain (confidence level: 100%) | |
domaintarek777.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainreportedfall.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainblog.ictstudents.help | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindns2.e-twfpg.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainlogin.ictstudents.help | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns1.bsetop.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.bsetop.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns3.bsetop.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainsupport.desktop.wales | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain17.5.exifit.ir | Vidar botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file189.1.226.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.132.190.235 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file128.90.115.156 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.230.69.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.181.2.21 | Havoc botnet C2 server (confidence level: 100%) | |
file52.167.137.175 | Havoc botnet C2 server (confidence level: 100%) | |
file35.180.203.168 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.233.168.184 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file134.209.207.184 | Bashlite botnet C2 server (confidence level: 100%) | |
file160.218.107.14 | Bashlite botnet C2 server (confidence level: 100%) | |
file154.91.180.29 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file108.61.252.113 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file206.238.114.75 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.204.192.216 | FatalRat botnet C2 server (confidence level: 100%) | |
file36.133.99.108 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.176.197.34 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file196.251.116.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file5.181.2.21 | Havoc botnet C2 server (confidence level: 100%) | |
file37.72.168.146 | Havoc botnet C2 server (confidence level: 100%) | |
file13.246.42.27 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.20.248.15 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file40.176.253.172 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.60.201.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.0.55.238 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.195.162.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.91.60.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.127.89.233 | Unknown malware botnet C2 server (confidence level: 100%) | |
file122.50.5.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.110.81.103 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file116.202.182.34 | Vidar botnet C2 server (confidence level: 100%) | |
file196.251.69.238 | Remcos botnet C2 server (confidence level: 100%) | |
file118.195.235.103 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.153.22.11 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file206.238.114.75 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file150.95.26.55 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.239.69.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file88.218.93.71 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file114.55.29.53 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.92.138.71 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.109.140.12 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file221.132.29.137 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file51.68.231.231 | Sliver botnet C2 server (confidence level: 50%) | |
file142.44.35.188 | Sliver botnet C2 server (confidence level: 50%) | |
file38.244.195.30 | Sliver botnet C2 server (confidence level: 50%) | |
file121.186.76.168 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file205.185.114.104 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file170.64.207.117 | Unknown malware botnet C2 server (confidence level: 50%) | |
file196.251.116.62 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file178.19.240.193 | DarkComet botnet C2 server (confidence level: 50%) | |
file84.132.23.65 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file51.250.8.230 | Unknown malware botnet C2 server (confidence level: 50%) | |
file213.209.150.147 | XWorm botnet C2 server (confidence level: 100%) | |
file194.59.30.123 | STRRAT botnet C2 server (confidence level: 100%) | |
file119.8.127.123 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.70.150 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.143.81.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.116.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file168.231.110.190 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.24.145.72 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.38.41.124 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.196.11.182 | Broomstick botnet C2 server (confidence level: 75%) | |
file24.158.36.34 | QakBot botnet C2 server (confidence level: 75%) | |
file23.249.29.68 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.198.149.5 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.29 | NjRAT botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file106.14.2.243 | pupy botnet C2 server (confidence level: 100%) | |
file47.121.130.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file141.11.1.120 | Unknown malware botnet C2 server (confidence level: 100%) | |
file94.31.108.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.31.108.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file94.31.108.120 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file176.46.157.64 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.156.87.219 | Stealc botnet C2 server (confidence level: 100%) | |
file194.213.18.34 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file129.204.130.127 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.139.59.122 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file212.115.41.175 | Remcos botnet C2 server (confidence level: 75%) | |
file149.22.227.64 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file166.88.164.42 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file3.126.37.18 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.192.93.86 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.156.13.209 | NjRAT botnet C2 server (confidence level: 100%) | |
file18.157.68.73 | NjRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.29 | XWorm botnet C2 server (confidence level: 100%) | |
file27.147.169.101 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file27.147.169.101 | XWorm botnet C2 server (confidence level: 75%) | |
file156.238.225.44 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.31.28.49 | Remcos botnet C2 server (confidence level: 100%) | |
file172.81.61.168 | Remcos botnet C2 server (confidence level: 100%) | |
file176.46.157.34 | Remcos botnet C2 server (confidence level: 100%) | |
file176.46.157.34 | Remcos botnet C2 server (confidence level: 100%) | |
file5.101.81.63 | Remcos botnet C2 server (confidence level: 100%) | |
file185.25.50.35 | Remcos botnet C2 server (confidence level: 100%) | |
file91.92.46.250 | Remcos botnet C2 server (confidence level: 100%) | |
file124.198.131.29 | Remcos botnet C2 server (confidence level: 100%) | |
file45.201.216.189 | Sliver botnet C2 server (confidence level: 100%) | |
file80.64.19.69 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file156.246.3.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file161.97.76.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.227.189.57 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.65.51.137 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.208.220.64 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file95.164.123.60 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file196.251.69.82 | N-W0rm botnet C2 server (confidence level: 100%) | |
file128.199.132.98 | XWorm botnet C2 server (confidence level: 100%) | |
file45.156.87.226 | Remcos botnet C2 server (confidence level: 100%) | |
file87.120.186.37 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file89.39.121.31 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file154.94.232.242 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.94.232.242 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.100.117.240 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.100.117.240 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file23.249.28.155 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.142.146.64 | BitRAT botnet C2 server (confidence level: 100%) | |
file54.177.153.237 | Unknown malware botnet C2 server (confidence level: 50%) | |
file157.230.34.254 | Sliver botnet C2 server (confidence level: 50%) | |
file15.185.82.178 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file16.51.99.163 | BlackShades botnet C2 server (confidence level: 50%) | |
file107.154.172.8 | AdaptixC2 botnet C2 server (confidence level: 50%) | |
file51.250.8.230 | Unknown malware botnet C2 server (confidence level: 50%) | |
file213.209.150.171 | XWorm botnet C2 server (confidence level: 100%) | |
file147.185.221.20 | XWorm botnet C2 server (confidence level: 50%) | |
file35.78.222.198 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file48.220.32.191 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file5.188.86.168 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.91.235.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.117.143.185 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.84.172 | Remcos botnet C2 server (confidence level: 100%) | |
file196.189.21.73 | Sliver botnet C2 server (confidence level: 100%) | |
file77.90.153.204 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file128.90.115.156 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.86.105.40 | Hook botnet C2 server (confidence level: 100%) | |
file148.66.21.235 | DCRat botnet C2 server (confidence level: 100%) | |
file148.66.21.238 | DCRat botnet C2 server (confidence level: 100%) | |
file148.66.21.234 | DCRat botnet C2 server (confidence level: 100%) | |
file196.120.15.116 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file105.96.53.240 | QakBot botnet C2 server (confidence level: 75%) | |
file110.42.229.59 | Havoc botnet C2 server (confidence level: 75%) | |
file16.64.3.63 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file176.44.55.45 | QakBot botnet C2 server (confidence level: 75%) | |
file182.30.42.80 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file182.30.50.169 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file184.63.156.132 | QakBot botnet C2 server (confidence level: 75%) | |
file52.27.77.62 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file83.110.196.162 | QakBot botnet C2 server (confidence level: 75%) | |
file85.239.52.249 | Broomstick botnet C2 server (confidence level: 75%) | |
file88.129.147.201 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file27.106.96.167 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file123.56.43.176 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file161.97.87.37 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file81.70.172.120 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file165.22.209.134 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file152.42.156.19 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file89.58.40.80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file80.15.141.250 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file47.96.125.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file173.234.30.74 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file223.247.220.26 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file92.205.165.168 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file3.74.27.83 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.29 | XWorm botnet C2 server (confidence level: 100%) | |
file193.37.69.44 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8888 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash18572 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash26160 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash41433 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4321 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash7482d1cece44511ee978f8d418040867 | Nitrogen Loader payload (confidence level: 50%) | |
hash32211 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8081 | FatalRat botnet C2 server (confidence level: 100%) | |
hash08759d9ea2712d693891c870bbebbde3 | Unknown malware payload (confidence level: 50%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1000 | Havoc botnet C2 server (confidence level: 100%) | |
hash45677 | Havoc botnet C2 server (confidence level: 100%) | |
hash1963 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash23642 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash45207 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2424 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash32212 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash2233 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash6001 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash8157 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash5938 | DarkComet botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash20001 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1750 | STRRAT botnet C2 server (confidence level: 100%) | |
hash59981 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7207 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash20001 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Broomstick botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6628 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash34904 | NjRAT botnet C2 server (confidence level: 100%) | |
hash53895 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash16465 | Remcos botnet C2 server (confidence level: 75%) | |
hash1111 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash15761 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15761 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15761 | NjRAT botnet C2 server (confidence level: 100%) | |
hash15761 | NjRAT botnet C2 server (confidence level: 100%) | |
hash60301 | XWorm botnet C2 server (confidence level: 100%) | |
hash9999 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5946 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash21 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash65535 | Sliver botnet C2 server (confidence level: 100%) | |
hash35672 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash9397 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2762 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash50580 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1303 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash49002 | N-W0rm botnet C2 server (confidence level: 100%) | |
hash1177 | XWorm botnet C2 server (confidence level: 100%) | |
hash9373 | Remcos botnet C2 server (confidence level: 100%) | |
hash57480 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash55500 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash801 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash5456 | BitRAT botnet C2 server (confidence level: 100%) | |
hash12543 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash2761 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash15 | BlackShades botnet C2 server (confidence level: 50%) | |
hash16010 | AdaptixC2 botnet C2 server (confidence level: 50%) | |
hash21379 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash5010 | XWorm botnet C2 server (confidence level: 100%) | |
hash21790 | XWorm botnet C2 server (confidence level: 50%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | DCRat botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash32103 | QakBot botnet C2 server (confidence level: 75%) | |
hash7000 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash80 | Broomstick botnet C2 server (confidence level: 75%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4173 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash4173 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash4173 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash9993 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash40945 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash19275 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash32655 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://89.35.130.147:58819/983a7643.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://a0747299.xsph.ru/_defaultwindows.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://b1.a.exifit.ir/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://116.202.182.34/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://parcel-tracks.live/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://a1055919.xsph.ru/84c32770.php | DCRat botnet C2 (confidence level: 50%) | |
urlhttp://inventscience.st:443/hsiy | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://inventscience.st:443/jcoa | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://a1144817.xsph.ru/1e3e1c5f.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://lbkequityexchange.com/eqtrn.exe | AsyncRAT payload delivery URL (confidence level: 100%) | |
urlhttp://a1144925.xsph.ru/945a7ca3.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://elopmgg.top/irwq | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://45.156.87.219 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://45.156.87.219/7ab1be8d3f144ac7.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://stable.lanpdt.info/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttp://92.42.99.73/videolowserversqlprivateuploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://elta-couriiirr.top/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://animals713.temp.swtest.ru/longpollbigloaddefault.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/m9sq3rbn | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://91.99.201.76 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://17.5.exifit.ir | Vidar botnet C2 (confidence level: 75%) |
Threat ID: 686c61ae6f40f0eb72ee1c5e
Added to database: 7/8/2025, 12:09:18 AM
Last enriched: 7/8/2025, 12:24:46 AM
Last updated: 7/8/2025, 12:24:18 PM
Views: 7
Related Threats
Pakistan’s APT36 Transparent Tribe Targets Indian Defense Sector with New Linux Malware
MediumMalwareTue Jul 08 2025
Digging Gold with a Spoon – Resurgence of Monero-mining Malware
MediumMalwareMon Jul 07 2025
BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
MediumMalwareMon Jul 07 2025
SatanLock Ransomware Ends Operations, Says Stolen Data Will Be Leaked
MediumMalwareMon Jul 07 2025
Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats
MediumMalwareMon Jul 07 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.