ThreatFox IOCs for 2025-07-13
Severity: mediumType: malware
ThreatFox IOCs for 2025-07-13
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on July 13, 2025, by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit. There are no affected software versions listed, no patches available, and no known exploits in the wild, indicating that this is not a direct vulnerability or active exploit but rather intelligence data intended to aid detection and response efforts. The threat level is rated as medium, with a threatLevel metric of 2, analysis at 1, and distribution at 3, suggesting moderate confidence and distribution of these IOCs. The absence of technical details such as specific malware names, attack vectors, or payload descriptions limits the ability to provide a detailed technical breakdown of the threat. The tags and categories imply that these IOCs are related to network-based payload delivery mechanisms and are intended for use in OSINT operations to identify malicious activity. The TLP (Traffic Light Protocol) white tag indicates that this information is intended for public sharing without restriction. Overall, this entry represents a general intelligence update rather than a direct security threat or vulnerability requiring immediate remediation.
Potential Impact
For European organizations, the impact of these IOCs is primarily in enhancing threat detection capabilities rather than mitigating an active or imminent threat. Since no specific malware or exploit is detailed, the direct risk to confidentiality, integrity, or availability is unclear. However, the presence of new or updated IOCs can improve the ability of security teams to identify and respond to malicious network activity, potentially reducing the window of exposure to payload delivery attempts or network intrusions. Organizations relying on OSINT feeds and threat intelligence platforms can integrate these indicators to strengthen their monitoring and incident response processes. The medium severity rating suggests that while the threat is not critical, ignoring these IOCs could allow adversaries to operate undetected. European entities with mature security operations centers (SOCs) and threat hunting capabilities stand to benefit most from incorporating this intelligence. Conversely, organizations with limited threat intelligence integration may see less immediate impact but should still consider updating detection rules accordingly.
Mitigation Recommendations
Given the nature of this content as threat intelligence IOCs rather than a direct exploit, mitigation focuses on operational security measures: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related network activity or payload delivery attempts. 2) Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3) Ensure that network segmentation and strict access controls are in place to limit the spread of any detected payloads. 4) Maintain up-to-date threat intelligence feeds and automate IOC ingestion to reduce response times. 5) Train security analysts to recognize patterns associated with these indicators and to escalate suspicious activity promptly. 6) Since no patches are available, emphasize layered defenses and monitoring rather than relying on software updates. 7) Collaborate with information sharing communities to contextualize these IOCs within broader threat landscapes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: analyticasnodez.com
- domain: security.faraleshiaeld.com
- domain: solpendi.com
- file: 185.244.0.116
- hash: 8080
- file: 121.61.109.25
- hash: 444
- file: 107.149.154.103
- hash: 80
- file: 156.236.74.163
- hash: 3666
- file: 216.250.250.246
- hash: 443
- file: 196.251.113.10
- hash: 80
- file: 196.251.81.62
- hash: 8089
- file: 216.245.184.59
- hash: 8443
- file: 176.96.137.222
- hash: 2222
- file: 148.66.21.234
- hash: 403
- file: 51.17.184.103
- hash: 3390
- file: 51.17.184.103
- hash: 8090
- file: 51.84.57.233
- hash: 443
- file: 51.84.57.233
- hash: 2443
- file: 51.84.57.233
- hash: 4093
- file: 128.199.249.3
- hash: 80
- file: 68.69.185.162
- hash: 80
- file: 217.154.237.203
- hash: 80
- file: 13.127.6.17
- hash: 1337
- file: 158.69.252.241
- hash: 10001
- file: 64.110.26.156
- hash: 10001
- file: 49.228.131.157
- hash: 6760
- url: http://cj13224.tw1.ru/85d4698c.php
- url: https://saawzig.pics/gutd
- file: 43.248.173.147
- hash: 3011
- domain: xn--2vrub.cc
- file: 101.43.136.183
- hash: 8443
- file: 47.109.45.147
- hash: 23072
- file: 128.90.113.149
- hash: 5000
- file: 172.191.69.182
- hash: 80
- file: 192.110.165.89
- hash: 8089
- domain: 157-230-34-254.cprapid.com
- domain: biaderibra.info
- file: 147.93.137.12
- hash: 443
- file: 148.66.21.235
- hash: 403
- file: 149.28.225.119
- hash: 3333
- file: 143.198.193.104
- hash: 3333
- file: 220.135.236.111
- hash: 3333
- file: 31.97.183.134
- hash: 443
- file: 118.26.39.189
- hash: 9333
- file: 165.232.131.87
- hash: 443
- file: 134.122.114.251
- hash: 443
- file: 24.199.116.141
- hash: 3333
- file: 208.94.246.62
- hash: 2404
- file: 13.233.99.139
- hash: 58194
- file: 179.95.201.82
- hash: 9990
- file: 107.189.20.81
- hash: 7000
- file: 144.172.100.183
- hash: 8040
- file: 41.250.151.246
- hash: 9321
- domain: craftsgamer.4cloud.click
- url: http://prolprolprol.shop
- domain: xntryz.thddns.net
- file: 206.119.178.103
- hash: 8081
- file: 198.12.126.169
- hash: 4445
- url: http://94.156.177.41/mrc/five/fre.php
- file: 101.35.95.220
- hash: 21081
- file: 38.38.251.165
- hash: 8443
- file: 47.111.139.209
- hash: 8333
- file: 156.245.14.43
- hash: 443
- file: 47.94.53.65
- hash: 443
- file: 47.94.53.65
- hash: 8443
- file: 1.92.137.130
- hash: 8080
- file: 38.38.251.165
- hash: 443
- file: 182.92.118.224
- hash: 6443
- file: 103.130.215.202
- hash: 7777
- file: 103.130.215.202
- hash: 80
- file: 103.130.215.202
- hash: 7400
- file: 103.130.215.202
- hash: 69
- file: 103.130.215.202
- hash: 3283
- file: 103.130.215.202
- hash: 5006
- file: 103.130.215.202
- hash: 1434
- file: 147.78.130.42
- hash: 31337
- file: 192.227.236.198
- hash: 31337
- file: 95.130.227.6
- hash: 31337
- file: 3.145.103.147
- hash: 993
- file: 3.145.103.147
- hash: 9043
- file: 3.145.103.147
- hash: 593
- file: 16.28.107.52
- hash: 55554
- file: 2.56.109.124
- hash: 1604
- url: https://62.60.226.188/e9591576f6114884.php
- domain: bibl129.ddns.net
- domain: names-jelsoft.gl.at.ply.gg
- file: 147.185.221.29
- hash: 62304
- domain: top1miku.duckdns.org
- domain: lethaldose.nodns.ca
- domain: envrem07.duckdns.org
- domain: second-ep.gl.at.ply.gg
- url: https://pastebin.com/edit/fwjes08r
- url: https://pastebin.com/raw/mazt3hdb
- domain: partner-expedia.gl.at.ply.gg
- file: 193.233.113.56
- hash: 443
- file: 108.186.255.117
- hash: 896
- file: 175.27.249.96
- hash: 80
- file: 103.176.197.34
- hash: 8080
- file: 80.64.19.165
- hash: 6000
- file: 139.159.153.21
- hash: 85
- file: 193.242.208.53
- hash: 443
- file: 45.152.84.192
- hash: 443
- file: 148.66.21.237
- hash: 403
- file: 39.98.168.60
- hash: 10001
- file: 144.172.96.98
- hash: 443
- file: 193.37.212.74
- hash: 443
- file: 72.133.241.6
- hash: 2083
- file: 181.142.211.98
- hash: 30204
- file: 117.72.69.118
- hash: 8081
- file: 34.221.83.3
- hash: 9999
- file: 200.9.155.157
- hash: 6853
- file: 27.124.3.175
- hash: 9091
- file: 193.37.69.42
- hash: 4432
- domain: solutions-samsung.gl.at.ply.gg
- file: 156.238.233.72
- hash: 12345
- domain: page-prostores.gl.at.ply.gg
- file: 217.195.153.118
- hash: 48734
- url: https://nelospaet.cfd/api
- file: 196.251.116.62
- hash: 5555
- file: 172.233.44.144
- hash: 443
- file: 213.209.150.225
- hash: 443
- file: 45.207.199.11
- hash: 808
- file: 122.143.2.28
- hash: 54681
- file: 123.60.148.209
- hash: 10001
- file: 27.124.3.175
- hash: 9092
- file: 27.124.3.175
- hash: 9093
- url: https://sthfna.pics/zjaj
- file: 194.156.79.89
- hash: 55615
- url: https://chehmk.top/taow
- url: https://dirhcr.lat/xodg
- url: https://sofo.lat/aotw/api
- url: https://t.me/t7ert7dfg
- file: 45.204.221.233
- hash: 7891
- url: https://nejibn.lat/nbsz
- domain: ongmanibeimeihong.microsolt.org
- file: 106.55.138.214
- hash: 8080
- file: 8.137.157.191
- hash: 443
- file: 8.137.157.191
- hash: 80
- file: 206.119.82.192
- hash: 8880
- domain: prvqhm.shop
- domain: sorrij.top
- domain: ungryo.shop
- domain: perdvg.lat
- file: 147.185.221.30
- hash: 7877
- file: 43.250.174.49
- hash: 1989
- file: 115.190.8.204
- hash: 4567
- file: 18.216.6.142
- hash: 80
- file: 80.64.19.138
- hash: 7712
- hash: 0600abfaae8c11c14dd88dabcc8a230b35d2294921085dc299fd2d3e4bf1b03c
- hash: 38e9a217d00e3b5b9873bad810ed1ed4d1d19b7a421365092e529ed5fd47a11d
- hash: 7fa03d9f6fed85029600e9e4dff8f8275c258b155f33e000f76e3d8e1205ac20
- file: 185.241.149.206
- hash: 1024
- file: 206.233.249.153
- hash: 555
- file: 45.204.211.49
- hash: 8880
- file: 79.215.191.81
- hash: 6606
- file: 79.215.191.81
- hash: 7707
- file: 79.215.191.81
- hash: 8808
- file: 79.215.191.81
- hash: 55667
- domain: win2325.webredirect.org
- url: https://drohba.top/anas
- domain: adamha.duckdns.org
- domain: already-ibm.gl.at.ply.gg
- url: http://prolprolprol.shop/45cc90de006049c9.php
- domain: darkhacker07.no-ip.biz
- file: 93.185.157.200
- hash: 80
- url: https://annwt.xyz/xkan
- url: https://bardj.xyz/tieq
- url: https://bitjbpc.top/anvx
- url: https://dryzc.xyz/apxe
- url: https://perdvg.lat/gnbd
- url: https://prvqhm.shop/zaus
- url: https://sorrij.top/adjh
- url: https://ungryo.shop/gnbw
- url: https://vervzv.xyz/xmgr
- file: 134.122.184.74
- hash: 8880
- file: 47.122.30.177
- hash: 80
- file: 172.245.253.10
- hash: 443
- file: 8.138.27.20
- hash: 4433
- file: 103.130.215.202
- hash: 623
- file: 103.130.215.202
- hash: 5008
- file: 103.130.215.202
- hash: 129
- file: 103.130.215.202
- hash: 8888
- file: 103.130.215.202
- hash: 6969
- file: 198.167.199.234
- hash: 31337
- file: 177.124.72.24
- hash: 31337
- file: 103.73.67.164
- hash: 31337
- file: 4.201.105.254
- hash: 31337
- file: 205.185.114.104
- hash: 10254
- file: 211.197.187.141
- hash: 6000
- file: 3.144.111.80
- hash: 17000
- file: 78.162.57.179
- hash: 444
- file: 78.162.57.179
- hash: 3001
- file: 91.4.44.64
- hash: 80
- file: 154.216.157.235
- hash: 443
- url: https://94.156.177.41/mrc/five/pvqdq929bsx_a_d_m1n_a.php
- file: 148.113.214.176
- hash: 6600
- file: 192.210.222.88
- hash: 443
- domain: attack.emocc.cc
- file: 212.193.24.92
- hash: 80
- file: 38.12.36.139
- hash: 443
- file: 23.80.81.218
- hash: 80
- file: 193.134.211.41
- hash: 8443
- file: 115.120.193.95
- hash: 80
- file: 85.117.242.173
- hash: 2404
- file: 155.138.255.149
- hash: 8443
- file: 98.142.247.3
- hash: 8808
- file: 3.85.192.21
- hash: 443
- file: 13.213.19.51
- hash: 4839
- file: 8.149.141.15
- hash: 47486
- file: 8.222.218.205
- hash: 10001
- file: 147.185.221.30
- hash: 6704
- file: 189.228.171.242
- hash: 995
- file: 217.165.61.172
- hash: 443
- file: 51.38.140.83
- hash: 8888
- file: 94.49.37.25
- hash: 443
- file: 94.49.37.25
- hash: 995
- url: http://a1147050.xsph.ru/7d3b490b.php
- file: 45.76.172.9
- hash: 80
- file: 45.74.15.131
- hash: 7000
- file: 196.251.66.200
- hash: 2024
ThreatFox IOCs for 2025-07-13
Medium
Published: Sun Jul 13 2025 (07/13/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-07-13
AI-Powered Analysis
AILast updated: 07/14/2025, 00:31:10 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on July 13, 2025, by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit. There are no affected software versions listed, no patches available, and no known exploits in the wild, indicating that this is not a direct vulnerability or active exploit but rather intelligence data intended to aid detection and response efforts. The threat level is rated as medium, with a threatLevel metric of 2, analysis at 1, and distribution at 3, suggesting moderate confidence and distribution of these IOCs. The absence of technical details such as specific malware names, attack vectors, or payload descriptions limits the ability to provide a detailed technical breakdown of the threat. The tags and categories imply that these IOCs are related to network-based payload delivery mechanisms and are intended for use in OSINT operations to identify malicious activity. The TLP (Traffic Light Protocol) white tag indicates that this information is intended for public sharing without restriction. Overall, this entry represents a general intelligence update rather than a direct security threat or vulnerability requiring immediate remediation.
Potential Impact
For European organizations, the impact of these IOCs is primarily in enhancing threat detection capabilities rather than mitigating an active or imminent threat. Since no specific malware or exploit is detailed, the direct risk to confidentiality, integrity, or availability is unclear. However, the presence of new or updated IOCs can improve the ability of security teams to identify and respond to malicious network activity, potentially reducing the window of exposure to payload delivery attempts or network intrusions. Organizations relying on OSINT feeds and threat intelligence platforms can integrate these indicators to strengthen their monitoring and incident response processes. The medium severity rating suggests that while the threat is not critical, ignoring these IOCs could allow adversaries to operate undetected. European entities with mature security operations centers (SOCs) and threat hunting capabilities stand to benefit most from incorporating this intelligence. Conversely, organizations with limited threat intelligence integration may see less immediate impact but should still consider updating detection rules accordingly.
Mitigation Recommendations
Given the nature of this content as threat intelligence IOCs rather than a direct exploit, mitigation focuses on operational security measures: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related network activity or payload delivery attempts. 2) Conduct regular threat hunting exercises using these IOCs to proactively identify potential compromises. 3) Ensure that network segmentation and strict access controls are in place to limit the spread of any detected payloads. 4) Maintain up-to-date threat intelligence feeds and automate IOC ingestion to reduce response times. 5) Train security analysts to recognize patterns associated with these indicators and to escalate suspicious activity promptly. 6) Since no patches are available, emphasize layered defenses and monitoring rather than relying on software updates. 7) Collaborate with information sharing communities to contextualize these IOCs within broader threat landscapes.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 6c6e3ea0-5017-40df-be53-02a56fdf845f
- Original Timestamp
- 1752451386
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainanalyticasnodez.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsecurity.faraleshiaeld.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsolpendi.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainxn--2vrub.cc | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domain157-230-34-254.cprapid.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainbiaderibra.info | Havoc botnet C2 domain (confidence level: 100%) | |
domaincraftsgamer.4cloud.click | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainxntryz.thddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainbibl129.ddns.net | DarkComet botnet C2 domain (confidence level: 50%) | |
domainnames-jelsoft.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domaintop1miku.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainlethaldose.nodns.ca | NjRAT botnet C2 domain (confidence level: 50%) | |
domainenvrem07.duckdns.org | Remcos botnet C2 domain (confidence level: 50%) | |
domainsecond-ep.gl.at.ply.gg | XenoRAT botnet C2 domain (confidence level: 50%) | |
domainpartner-expedia.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainsolutions-samsung.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpage-prostores.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainongmanibeimeihong.microsolt.org | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainprvqhm.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsorrij.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainungryo.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainperdvg.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwin2325.webredirect.org | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainadamha.duckdns.org | NjRAT botnet C2 domain (confidence level: 100%) | |
domainalready-ibm.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaindarkhacker07.no-ip.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domainattack.emocc.cc | Mirai botnet C2 domain (confidence level: 50%) |
File
| Value | Description | Copy |
|---|---|---|
file185.244.0.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.61.109.25 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.149.154.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.236.74.163 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file216.250.250.246 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.113.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.81.62 | Hook botnet C2 server (confidence level: 100%) | |
file216.245.184.59 | Havoc botnet C2 server (confidence level: 100%) | |
file176.96.137.222 | Venom RAT botnet C2 server (confidence level: 100%) | |
file148.66.21.234 | DCRat botnet C2 server (confidence level: 100%) | |
file51.17.184.103 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.17.184.103 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.84.57.233 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.84.57.233 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file51.84.57.233 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file128.199.249.3 | MooBot botnet C2 server (confidence level: 100%) | |
file68.69.185.162 | MooBot botnet C2 server (confidence level: 100%) | |
file217.154.237.203 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file13.127.6.17 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file158.69.252.241 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file64.110.26.156 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file49.228.131.157 | NjRAT botnet C2 server (confidence level: 100%) | |
file43.248.173.147 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file101.43.136.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.45.147 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.90.113.149 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.191.69.182 | Hook botnet C2 server (confidence level: 100%) | |
file192.110.165.89 | Hook botnet C2 server (confidence level: 100%) | |
file147.93.137.12 | Havoc botnet C2 server (confidence level: 100%) | |
file148.66.21.235 | DCRat botnet C2 server (confidence level: 100%) | |
file149.28.225.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.198.193.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file220.135.236.111 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.97.183.134 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.26.39.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.232.131.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.122.114.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.199.116.141 | Unknown malware botnet C2 server (confidence level: 100%) | |
file208.94.246.62 | Remcos botnet C2 server (confidence level: 100%) | |
file13.233.99.139 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file179.95.201.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file107.189.20.81 | XWorm botnet C2 server (confidence level: 100%) | |
file144.172.100.183 | XWorm botnet C2 server (confidence level: 100%) | |
file41.250.151.246 | XWorm botnet C2 server (confidence level: 100%) | |
file206.119.178.103 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file198.12.126.169 | Remcos botnet C2 server (confidence level: 100%) | |
file101.35.95.220 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.38.251.165 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.111.139.209 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file156.245.14.43 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.94.53.65 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file47.94.53.65 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file1.92.137.130 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file38.38.251.165 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file182.92.118.224 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file147.78.130.42 | Sliver botnet C2 server (confidence level: 50%) | |
file192.227.236.198 | Sliver botnet C2 server (confidence level: 50%) | |
file95.130.227.6 | Sliver botnet C2 server (confidence level: 50%) | |
file3.145.103.147 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.145.103.147 | Unknown malware botnet C2 server (confidence level: 50%) | |
file3.145.103.147 | Unknown malware botnet C2 server (confidence level: 50%) | |
file16.28.107.52 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file2.56.109.124 | DarkComet botnet C2 server (confidence level: 50%) | |
file147.185.221.29 | DCRat botnet C2 server (confidence level: 50%) | |
file193.233.113.56 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.186.255.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file175.27.249.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.176.197.34 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file80.64.19.165 | Remcos botnet C2 server (confidence level: 100%) | |
file139.159.153.21 | Sliver botnet C2 server (confidence level: 100%) | |
file193.242.208.53 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.152.84.192 | Havoc botnet C2 server (confidence level: 100%) | |
file148.66.21.237 | DCRat botnet C2 server (confidence level: 100%) | |
file39.98.168.60 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file144.172.96.98 | Havoc botnet C2 server (confidence level: 75%) | |
file193.37.212.74 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file72.133.241.6 | QakBot botnet C2 server (confidence level: 75%) | |
file181.142.211.98 | Remcos botnet C2 server (confidence level: 100%) | |
file117.72.69.118 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.221.83.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file200.9.155.157 | XWorm botnet C2 server (confidence level: 100%) | |
file27.124.3.175 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.37.69.42 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.238.233.72 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file217.195.153.118 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.116.62 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.233.44.144 | Havoc botnet C2 server (confidence level: 100%) | |
file213.209.150.225 | Havoc botnet C2 server (confidence level: 100%) | |
file45.207.199.11 | Kaiji botnet C2 server (confidence level: 100%) | |
file122.143.2.28 | Chaos botnet C2 server (confidence level: 100%) | |
file123.60.148.209 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file27.124.3.175 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file27.124.3.175 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file194.156.79.89 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file45.204.221.233 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file106.55.138.214 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.137.157.191 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file8.137.157.191 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file206.119.82.192 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file43.250.174.49 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file115.190.8.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file18.216.6.142 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file80.64.19.138 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file185.241.149.206 | Remcos botnet C2 server (confidence level: 100%) | |
file206.233.249.153 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file45.204.211.49 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file79.215.191.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file79.215.191.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file79.215.191.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file79.215.191.81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file93.185.157.200 | StrelaStealer botnet C2 server (confidence level: 100%) | |
file134.122.184.74 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.122.30.177 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file172.245.253.10 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file8.138.27.20 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file198.167.199.234 | Sliver botnet C2 server (confidence level: 50%) | |
file177.124.72.24 | Sliver botnet C2 server (confidence level: 50%) | |
file103.73.67.164 | Sliver botnet C2 server (confidence level: 50%) | |
file4.201.105.254 | Sliver botnet C2 server (confidence level: 50%) | |
file205.185.114.104 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file211.197.187.141 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file3.144.111.80 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file78.162.57.179 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file78.162.57.179 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file91.4.44.64 | Ghost RAT botnet C2 server (confidence level: 50%) | |
file154.216.157.235 | Unknown malware botnet C2 server (confidence level: 50%) | |
file148.113.214.176 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file192.210.222.88 | DanaBot botnet C2 server (confidence level: 50%) | |
file212.193.24.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.12.36.139 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.80.81.218 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.134.211.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file115.120.193.95 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file85.117.242.173 | Remcos botnet C2 server (confidence level: 100%) | |
file155.138.255.149 | Sliver botnet C2 server (confidence level: 100%) | |
file98.142.247.3 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file3.85.192.21 | Havoc botnet C2 server (confidence level: 100%) | |
file13.213.19.51 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file8.149.141.15 | Chaos botnet C2 server (confidence level: 100%) | |
file8.222.218.205 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file189.228.171.242 | QakBot botnet C2 server (confidence level: 75%) | |
file217.165.61.172 | QakBot botnet C2 server (confidence level: 75%) | |
file51.38.140.83 | Sliver botnet C2 server (confidence level: 75%) | |
file94.49.37.25 | QakBot botnet C2 server (confidence level: 75%) | |
file94.49.37.25 | QakBot botnet C2 server (confidence level: 75%) | |
file45.76.172.9 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file45.74.15.131 | XWorm botnet C2 server (confidence level: 100%) | |
file196.251.66.200 | XWorm botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3666 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash8443 | Havoc botnet C2 server (confidence level: 100%) | |
hash2222 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash403 | DCRat botnet C2 server (confidence level: 100%) | |
hash3390 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8090 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4093 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash6760 | NjRAT botnet C2 server (confidence level: 100%) | |
hash3011 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash23072 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash403 | DCRat botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash58194 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9990 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8040 | XWorm botnet C2 server (confidence level: 100%) | |
hash9321 | XWorm botnet C2 server (confidence level: 100%) | |
hash8081 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4445 | Remcos botnet C2 server (confidence level: 100%) | |
hash21081 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8333 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash7777 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash80 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash7400 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash69 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash3283 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash5006 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash1434 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash993 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash9043 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash593 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash55554 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash62304 | DCRat botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash896 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash6000 | Remcos botnet C2 server (confidence level: 100%) | |
hash85 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash403 | DCRat botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2083 | QakBot botnet C2 server (confidence level: 75%) | |
hash30204 | Remcos botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash6853 | XWorm botnet C2 server (confidence level: 100%) | |
hash9091 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4432 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash12345 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash48734 | Sliver botnet C2 server (confidence level: 100%) | |
hash5555 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash54681 | Chaos botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash9092 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9093 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7891 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8880 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7877 | XWorm botnet C2 server (confidence level: 100%) | |
hash1989 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4567 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash7712 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash0600abfaae8c11c14dd88dabcc8a230b35d2294921085dc299fd2d3e4bf1b03c | Lumma Stealer payload (confidence level: 100%) | |
hash38e9a217d00e3b5b9873bad810ed1ed4d1d19b7a421365092e529ed5fd47a11d | Lumma Stealer payload (confidence level: 100%) | |
hash7fa03d9f6fed85029600e9e4dff8f8275c258b155f33e000f76e3d8e1205ac20 | Lumma Stealer payload (confidence level: 100%) | |
hash1024 | Remcos botnet C2 server (confidence level: 100%) | |
hash555 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8880 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash55667 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | StrelaStealer botnet C2 server (confidence level: 100%) | |
hash8880 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash623 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash5008 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash129 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash8888 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash6969 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash10254 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash6000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash17000 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash444 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash3001 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash6600 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash443 | DanaBot botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4839 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash47486 | Chaos botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash6704 | XWorm botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash2024 | XWorm botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://cj13224.tw1.ru/85d4698c.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://saawzig.pics/gutd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://prolprolprol.shop | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://94.156.177.41/mrc/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://62.60.226.188/e9591576f6114884.php | Stealc botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/edit/fwjes08r | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/mazt3hdb | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://nelospaet.cfd/api | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://sthfna.pics/zjaj | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://chehmk.top/taow | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dirhcr.lat/xodg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sofo.lat/aotw/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/t7ert7dfg | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nejibn.lat/nbsz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://drohba.top/anas | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://prolprolprol.shop/45cc90de006049c9.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://annwt.xyz/xkan | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bardj.xyz/tieq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bitjbpc.top/anvx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dryzc.xyz/apxe | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://perdvg.lat/gnbd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://prvqhm.shop/zaus | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sorrij.top/adjh | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ungryo.shop/gnbw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://vervzv.xyz/xmgr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://94.156.177.41/mrc/five/pvqdq929bsx_a_d_m1n_a.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttp://a1147050.xsph.ru/7d3b490b.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 68744c3da83201eaacbf98ce
Added to database: 7/14/2025, 12:15:57 AM
Last enriched: 7/14/2025, 12:31:10 AM
Last updated: 7/16/2025, 10:22:56 AM
Views: 6
Related Threats
OCTALYN STEALER UNMASKED
MediumMalwareWed Jul 16 2025
Analysis of Secp0 Ransomware
MediumMalwareWed Jul 16 2025
Unmasking AsyncRAT: Navigating the labyrinth of forks
MediumMalwareWed Jul 16 2025
Rainbow Hyena strikes again: new backdoor and shift in tactics
MediumMalwareWed Jul 16 2025
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
MediumMalwareWed Jul 16 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.