ThreatFox IOCs for 2025-07-15
Severity: mediumType: malware
ThreatFox IOCs for 2025-07-15
AI Analysis
Technical Summary
The provided information describes a security threat categorized as malware with a medium severity level, sourced from the ThreatFox MISP feed dated July 15, 2025. The threat is associated with OSINT (Open Source Intelligence) and involves network activity and payload delivery. However, the details are sparse, with no specific affected software versions, no known exploits in the wild, no patch availability, and no concrete indicators of compromise (IOCs) listed. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution metrics provided but without further elaboration. The lack of CWE identifiers and absence of technical details about the malware's behavior, infection vectors, or payload specifics limits the depth of technical understanding. The classification under OSINT and network activity suggests that this threat might involve reconnaissance or data gathering activities, potentially as a precursor to more targeted attacks or as part of a broader malware campaign delivering malicious payloads over the network. Given the absence of known exploits and patches, this threat appears to be in an early or observational stage rather than an active widespread attack. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction, suggesting that the threat intelligence is intended for broad dissemination and awareness rather than immediate emergency response.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of detailed information and absence of known active exploitation. However, the involvement of OSINT and network activity implies potential risks related to data confidentiality and network integrity if the malware successfully delivers payloads or facilitates unauthorized data collection. Organizations engaged in sensitive sectors such as finance, government, critical infrastructure, and technology could face increased risks if this threat evolves into a more active or targeted campaign. The medium severity rating suggests moderate potential for disruption or data compromise, but without specific exploit details or affected products, the immediate operational impact is likely low. Nonetheless, the presence of such malware in the threat landscape underscores the need for vigilance in monitoring network traffic and payload delivery mechanisms to preempt escalation.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing network monitoring and threat intelligence integration. European organizations should implement advanced network traffic analysis tools capable of detecting anomalous payload delivery and reconnaissance activities typical of OSINT-related malware. Employing intrusion detection and prevention systems (IDPS) with updated threat signatures from feeds like ThreatFox can help identify emerging threats early. Organizations should also enforce strict network segmentation to limit lateral movement and potential payload spread. Regularly updating and patching all systems remains critical, even though no specific patches are available for this threat, to reduce the attack surface. Additionally, fostering information sharing within industry-specific ISACs (Information Sharing and Analysis Centers) and leveraging publicly available threat intelligence can improve preparedness. Conducting employee awareness training on recognizing suspicious network behaviors and potential phishing attempts that could serve as initial infection vectors is also advisable.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- url: http://172.245.253.10:8888/supershell/login/
- file: 172.245.253.10
- hash: 8888
- url: http://143.92.62.30:8888/supershell/login/
- url: https://github.com/cryptsniper/sniperchek/releases/download/1%2c0/gmbh_2.2.zip
- domain: security.guaerdflfare.com
- domain: jemriz.com
- url: https://lebensversicherungvergleich.top/jjj/index.php
- url: https://lebensversicherungvergleich.top/jjj/include.js
- url: https://pre-order.sodakconcretecoatings.com/viewdashboard
- domain: pre-order.sodakconcretecoatings.com
- file: 23.133.88.221
- hash: 443
- file: 38.207.176.60
- hash: 443
- file: 8.130.191.106
- hash: 18080
- file: 154.222.24.236
- hash: 80
- file: 38.54.1.115
- hash: 8888
- file: 206.82.6.166
- hash: 8443
- file: 114.215.175.221
- hash: 8888
- file: 5.231.220.79
- hash: 8808
- file: 177.255.88.14
- hash: 8082
- file: 196.251.80.35
- hash: 80
- file: 20.33.48.7
- hash: 8080
- file: 167.160.161.196
- hash: 443
- url: http://lumma-market.ru/login
- url: http://144.172.96.106/login
- file: 172.98.23.21
- hash: 668
- url: https://falsiu.shop/zpah
- file: 65.21.101.232
- hash: 7705
- file: 156.227.236.210
- hash: 1777
- url: http://a1071370.xsph.ru/l1nc0in.php
- domain: ecs-124-71-152-57.compute.hwclouds-dns.com
- file: 167.160.161.140
- hash: 1012
- file: 45.81.23.43
- hash: 80
- file: 45.81.23.43
- hash: 4444
- file: 69.165.74.248
- hash: 60000
- file: 8.137.157.249
- hash: 9090
- file: 18.116.53.10
- hash: 443
- file: 103.235.75.70
- hash: 3333
- file: 194.213.18.31
- hash: 4444
- file: 188.251.130.187
- hash: 443
- file: 172.188.98.251
- hash: 443
- file: 203.145.218.33
- hash: 3333
- file: 47.237.16.8
- hash: 4444
- file: 178.63.188.61
- hash: 3333
- file: 43.143.38.177
- hash: 81
- file: 116.202.51.148
- hash: 3333
- file: 82.165.237.202
- hash: 8080
- file: 51.81.135.240
- hash: 23
- file: 172.191.46.82
- hash: 80
- file: 114.67.254.132
- hash: 10001
- file: 167.160.161.192
- hash: 443
- file: 46.105.34.222
- hash: 4781
- file: 47.109.140.12
- hash: 8443
- file: 35.171.82.188
- hash: 443
- file: 146.70.213.35
- hash: 4443
- file: 162.254.85.213
- hash: 4433
- file: 62.171.185.202
- hash: 31337
- file: 152.42.233.8
- hash: 7443
- file: 103.130.215.202
- hash: 47808
- file: 59.92.219.41
- hash: 53806
- file: 3.145.103.147
- hash: 15443
- url: https://144.172.96.106/login
- url: https://www.backup.fedor-turin.ru/login
- url: https://stg.fedor-turin.ru/login
- url: https://www.v1.fedor-turin.ru/login
- url: https://qkiaolnd.sasha-solzhenicyn.ru/login
- url: https://dashboard.fedor-turin.ru/login
- url: http://196.251.80.35/
- domain: rdlaw.mywire.org
- domain: abremeh.top
- url: https://pastebin.com/raw/c9vnlkux
- url: https://pastebin.com/raw/u37crern
- domain: alcapulco.duckdns.org
- domain: still-ie.gl.at.ply.gg
- file: 147.185.221.30
- hash: 2368
- file: 38.92.47.211
- hash: 5353
- file: 154.40.35.205
- hash: 4444
- file: 47.105.55.186
- hash: 8888
- file: 47.109.20.126
- hash: 1234
- file: 91.245.254.85
- hash: 80
- file: 124.222.54.126
- hash: 8443
- file: 167.160.161.247
- hash: 8594
- file: 167.160.161.247
- hash: 8596
- file: 167.160.161.247
- hash: 8595
- file: 206.238.199.226
- hash: 6666
- file: 206.238.199.226
- hash: 80
- file: 172.98.23.21
- hash: 866
- domain: b3kylyu7z.localto.net
- file: 139.155.83.240
- hash: 9999
- file: 223.4.33.190
- hash: 80
- file: 154.94.232.230
- hash: 80
- file: 103.146.159.70
- hash: 8888
- file: 45.81.23.42
- hash: 4444
- file: 139.162.176.251
- hash: 7443
- file: 185.205.210.226
- hash: 7443
- domain: hwsrv-1285168.hostwindsdns.com
- file: 15.161.111.151
- hash: 1912
- file: 157.175.176.151
- hash: 4894
- file: 157.175.176.151
- hash: 1194
- file: 198.55.98.230
- hash: 1911
- file: 52.243.66.182
- hash: 443
- file: 167.160.161.197
- hash: 443
- file: 2.50.99.204
- hash: 443
- domain: mcaumnb.shop
- domain: daruubs.top
- domain: cidtfhh.shop
- domain: rayrhs.top
- domain: furwmsx.shop
- file: 52.184.82.90
- hash: 4449
- url: http://cy63408.tw1.ru/88c21e5b.php
- url: http://179.43.186.224:5900/ezgw
- url: https://steamcommunity.com/profiles/76561199878419187
- url: https://t.me/iry2am
- file: 45.134.26.74
- hash: 56002
- file: 45.134.26.74
- hash: 56003
- file: 104.207.148.168
- hash: 4646
- domain: monkkn.top
- file: 49.235.64.155
- hash: 4444
- file: 146.70.213.35
- hash: 6443
- file: 162.254.85.213
- hash: 6443
- file: 191.234.213.148
- hash: 31337
- file: 18.61.127.197
- hash: 5277
- file: 37.107.173.213
- hash: 3460
- url: https://78.47.76.152
- url: https://st.w.sachdevalawpublishers.com
- domain: st.w.sachdevalawpublishers.com
- domain: jekwuserver.ydns.eu
- domain: nwa2323.ydns.eu
- file: 192.227.134.159
- hash: 9505
- url: http://101.126.83.136:443/jquery-3.3.2.slim.min.js
- file: 189.1.243.105
- hash: 4443
- file: 212.64.38.105
- hash: 443
- file: 185.156.175.171
- hash: 42830
- domain: rovider.net
- domain: record-examined.gl.at.ply.gg
- url: https://resqtk.top/adlp
- domain: host0.quoteconsumers.biz
- file: 185.234.72.160
- hash: 8808
- file: 45.81.23.43
- hash: 443
- file: 62.117.98.115
- hash: 3001
- file: 173.195.100.143
- hash: 7443
- domain: omnivva.shop
- file: 89.3.12.64
- hash: 1963
- file: 185.222.57.78
- hash: 55615
- file: 54.204.63.61
- hash: 4730
- file: 18.231.251.86
- hash: 2078
- file: 54.244.59.22
- hash: 135
- file: 154.83.14.104
- hash: 9527
- file: 160.30.21.117
- hash: 80
- file: 223.109.211.19
- hash: 10001
- file: 192.99.8.184
- hash: 10001
- file: 162.33.177.183
- hash: 7712
- domain: 1357504293-h43knumeov.ap-guangzhou.tencentscf.com
- domain: bcdc37vn5vr5t.cfc-execute.bj.baidubce.com
- file: 1.12.248.6
- hash: 443
- file: 1.12.248.6
- hash: 80
- file: 101.33.195.153
- hash: 80
- file: 119.188.220.36
- hash: 80
- file: 120.27.198.212
- hash: 80
- file: 124.221.9.167
- hash: 443
- file: 124.71.204.3
- hash: 8443
- file: 14.205.93.45
- hash: 80
- file: 146.70.232.43
- hash: 8080
- file: 167.160.161.186
- hash: 443
- file: 201.92.134.212
- hash: 443
- file: 43.137.92.12
- hash: 80
- file: 49.71.36.87
- hash: 80
- file: 49.71.38.88
- hash: 80
- file: 61.240.220.118
- hash: 443
- url: https://siyju.pics/anbz
- url: https://t.me/ghifty86
- url: https://monkkn.top/twud
- url: https://sopzbd.top/gakk
- url: https://t.me/fdg7df75
- url: https://t.me/fewsdfsdfvb23b432
- url: https://teijx.lat/bjud
- url: https://files.tucsonrenovationservices.com/viewdashboard
- domain: files.tucsonrenovationservices.com
- file: 157.254.167.93
- hash: 443
- file: 196.251.117.152
- hash: 2404
- file: 104.243.32.185
- hash: 22109
- url: https://prexn.top/qwkd
- url: http://111.231.19.37:80/jquery-3.3.2.slim.min.js
- file: 141.8.198.169
- hash: 8080
- url: https://dimtl.top/xadk
- url: https://t.me/elmentyi2
- file: 34.41.139.193
- hash: 80
- file: 118.107.2.232
- hash: 1668
- file: 154.94.232.243
- hash: 6666
- url: https://cidtfhh.shop/zdik
- url: https://daruubs.top/griw
- url: https://furwmsx.shop/xowq
- url: https://mcaumnb.shop/dpsz
- url: https://rayrhs.top/aktr
- url: https://geczs.xyz/xkao
- file: 118.31.18.77
- hash: 1000
- file: 155.94.175.189
- hash: 80
- file: 81.70.221.86
- hash: 4444
- file: 106.12.215.229
- hash: 8080
- file: 142.93.15.10
- hash: 50000
- file: 185.224.129.217
- hash: 80
- file: 186.169.76.124
- hash: 4000
- file: 185.130.212.73
- hash: 7443
- domain: ec2-18-168-225-154.eu-west-2.compute.amazonaws.com
- file: 86.54.42.17
- hash: 8855
- file: 157.175.168.179
- hash: 6005
- file: 13.208.249.200
- hash: 53663
- file: 35.199.30.104
- hash: 8080
- file: 185.149.146.172
- hash: 18777
- url: https://moxqk.pics/aijd
- url: https://t.me/cheatzone4u
- domain: flyrbeengeek-25127.portmap.io
- domain: envios25.duckdns.org
- domain: madmrx.duckdns.org
- domain: 8fnuawbfuac.click
- domain: 8eh18dhq9wd.click
- domain: 8hdfiqowchq.click
- domain: 8nioqhxciwoqc.click
- domain: 8fhd2idhacas.click
- domain: witherisagoat-20650.portmap.host
- url: https://shodbj.lat/xodk
- file: 51.75.41.112
- hash: 2464
- file: 154.94.232.243
- hash: 8888
- file: 114.66.41.204
- hash: 6666
- file: 114.66.41.204
- hash: 8888
- file: 114.66.41.204
- hash: 80
- file: 2.59.155.43
- hash: 8090
- file: 118.107.2.131
- hash: 1698
- file: 118.107.2.208
- hash: 1699
- file: 178.255.218.228
- hash: 7003
- file: 45.141.151.117
- hash: 2222
- file: 178.171.122.92
- hash: 13333
- file: 178.171.122.18
- hash: 18888
- url: http://51.15.215.173/82a7a379-f686-4060-afa1-b770c5160c55/index.php
- url: https://t.me/fge5y435y4y5hthtr
- domain: blockchain-projects.com
- file: 196.251.113.10
- hash: 8808
- file: 16.170.93.15
- hash: 7000
- file: 47.98.151.171
- hash: 2999
- url: http://47.98.151.171:2999/rkwi
- file: 39.40.161.234
- hash: 995
- file: 84.200.77.213
- hash: 7712
- file: 31.7.61.18
- hash: 443
- file: 45.11.181.37
- hash: 8443
- url: http://213.202.208.237/gate.php
ThreatFox IOCs for 2025-07-15
Medium
Published: Tue Jul 15 2025 (07/15/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-07-15
AI-Powered Analysis
AILast updated: 07/16/2025, 00:31:12 UTC
Technical Analysis
The provided information describes a security threat categorized as malware with a medium severity level, sourced from the ThreatFox MISP feed dated July 15, 2025. The threat is associated with OSINT (Open Source Intelligence) and involves network activity and payload delivery. However, the details are sparse, with no specific affected software versions, no known exploits in the wild, no patch availability, and no concrete indicators of compromise (IOCs) listed. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution metrics provided but without further elaboration. The lack of CWE identifiers and absence of technical details about the malware's behavior, infection vectors, or payload specifics limits the depth of technical understanding. The classification under OSINT and network activity suggests that this threat might involve reconnaissance or data gathering activities, potentially as a precursor to more targeted attacks or as part of a broader malware campaign delivering malicious payloads over the network. Given the absence of known exploits and patches, this threat appears to be in an early or observational stage rather than an active widespread attack. The TLP (Traffic Light Protocol) white tag indicates that the information is publicly shareable without restriction, suggesting that the threat intelligence is intended for broad dissemination and awareness rather than immediate emergency response.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of detailed information and absence of known active exploitation. However, the involvement of OSINT and network activity implies potential risks related to data confidentiality and network integrity if the malware successfully delivers payloads or facilitates unauthorized data collection. Organizations engaged in sensitive sectors such as finance, government, critical infrastructure, and technology could face increased risks if this threat evolves into a more active or targeted campaign. The medium severity rating suggests moderate potential for disruption or data compromise, but without specific exploit details or affected products, the immediate operational impact is likely low. Nonetheless, the presence of such malware in the threat landscape underscores the need for vigilance in monitoring network traffic and payload delivery mechanisms to preempt escalation.
Mitigation Recommendations
Given the limited technical details, mitigation should focus on enhancing network monitoring and threat intelligence integration. European organizations should implement advanced network traffic analysis tools capable of detecting anomalous payload delivery and reconnaissance activities typical of OSINT-related malware. Employing intrusion detection and prevention systems (IDPS) with updated threat signatures from feeds like ThreatFox can help identify emerging threats early. Organizations should also enforce strict network segmentation to limit lateral movement and potential payload spread. Regularly updating and patching all systems remains critical, even though no specific patches are available for this threat, to reduce the attack surface. Additionally, fostering information sharing within industry-specific ISACs (Information Sharing and Analysis Centers) and leveraging publicly available threat intelligence can improve preparedness. Conducting employee awareness training on recognizing suspicious network behaviors and potential phishing attempts that could serve as initial infection vectors is also advisable.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e5ba7a40-3206-46b4-a53f-849e09a237d0
- Original Timestamp
- 1752624186
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://172.245.253.10:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://143.92.62.30:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://github.com/cryptsniper/sniperchek/releases/download/1%2c0/gmbh_2.2.zip | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://lebensversicherungvergleich.top/jjj/index.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://lebensversicherungvergleich.top/jjj/include.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://pre-order.sodakconcretecoatings.com/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttp://lumma-market.ru/login | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://144.172.96.106/login | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://falsiu.shop/zpah | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://a1071370.xsph.ru/l1nc0in.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://144.172.96.106/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://www.backup.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://stg.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://www.v1.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://qkiaolnd.sasha-solzhenicyn.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttps://dashboard.fedor-turin.ru/login | Lumma Stealer botnet C2 (confidence level: 50%) | |
urlhttp://196.251.80.35/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/c9vnlkux | XWorm botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/u37crern | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://cy63408.tw1.ru/88c21e5b.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://179.43.186.224:5900/ezgw | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://steamcommunity.com/profiles/76561199878419187 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://t.me/iry2am | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://78.47.76.152 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://st.w.sachdevalawpublishers.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://101.126.83.136:443/jquery-3.3.2.slim.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://resqtk.top/adlp | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://siyju.pics/anbz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/ghifty86 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://monkkn.top/twud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://sopzbd.top/gakk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/fdg7df75 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/fewsdfsdfvb23b432 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://teijx.lat/bjud | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://files.tucsonrenovationservices.com/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://prexn.top/qwkd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://111.231.19.37:80/jquery-3.3.2.slim.min.js | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://dimtl.top/xadk | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/elmentyi2 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cidtfhh.shop/zdik | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://daruubs.top/griw | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://furwmsx.shop/xowq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mcaumnb.shop/dpsz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://rayrhs.top/aktr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://geczs.xyz/xkao | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://moxqk.pics/aijd | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/cheatzone4u | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://shodbj.lat/xodk | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://51.15.215.173/82a7a379-f686-4060-afa1-b770c5160c55/index.php | Azorult botnet C2 (confidence level: 100%) | |
urlhttps://t.me/fge5y435y4y5hthtr | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://47.98.151.171:2999/rkwi | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttp://213.202.208.237/gate.php | Arkei Stealer botnet C2 (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file172.245.253.10 | Unknown malware botnet C2 server (confidence level: 100%) | |
file23.133.88.221 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file38.207.176.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.130.191.106 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.222.24.236 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file38.54.1.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.82.6.166 | Unknown malware botnet C2 server (confidence level: 100%) | |
file114.215.175.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.231.220.79 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file177.255.88.14 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.80.35 | Hook botnet C2 server (confidence level: 100%) | |
file20.33.48.7 | Havoc botnet C2 server (confidence level: 100%) | |
file167.160.161.196 | Latrodectus botnet C2 server (confidence level: 90%) | |
file172.98.23.21 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file65.21.101.232 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file156.227.236.210 | XWorm botnet C2 server (confidence level: 100%) | |
file167.160.161.140 | XWorm botnet C2 server (confidence level: 100%) | |
file45.81.23.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.81.23.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file69.165.74.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.137.157.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.116.53.10 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.235.75.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.213.18.31 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.251.130.187 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.188.98.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file203.145.218.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.237.16.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.63.188.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.143.38.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.202.51.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.165.237.202 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.81.135.240 | Bashlite botnet C2 server (confidence level: 90%) | |
file172.191.46.82 | MimiKatz botnet C2 server (confidence level: 100%) | |
file114.67.254.132 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file167.160.161.192 | Latrodectus botnet C2 server (confidence level: 90%) | |
file46.105.34.222 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file47.109.140.12 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file35.171.82.188 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file146.70.213.35 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file162.254.85.213 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file62.171.185.202 | Sliver botnet C2 server (confidence level: 50%) | |
file152.42.233.8 | Unknown malware botnet C2 server (confidence level: 50%) | |
file103.130.215.202 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file59.92.219.41 | Mozi botnet C2 server (confidence level: 50%) | |
file3.145.103.147 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 50%) | |
file38.92.47.211 | XWorm botnet C2 server (confidence level: 100%) | |
file154.40.35.205 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.105.55.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.20.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file91.245.254.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.222.54.126 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.160.161.247 | XWorm botnet C2 server (confidence level: 100%) | |
file167.160.161.247 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file167.160.161.247 | NjRAT botnet C2 server (confidence level: 100%) | |
file206.238.199.226 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file206.238.199.226 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file172.98.23.21 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file139.155.83.240 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file223.4.33.190 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.94.232.230 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file103.146.159.70 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.81.23.42 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file139.162.176.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.205.210.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.161.111.151 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file157.175.176.151 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file157.175.176.151 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file198.55.98.230 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file52.243.66.182 | Nimplant botnet C2 server (confidence level: 100%) | |
file167.160.161.197 | Stealc botnet C2 server (confidence level: 100%) | |
file2.50.99.204 | QakBot botnet C2 server (confidence level: 75%) | |
file52.184.82.90 | XWorm botnet C2 server (confidence level: 75%) | |
file45.134.26.74 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.134.26.74 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file104.207.148.168 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file49.235.64.155 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file146.70.213.35 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file162.254.85.213 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file191.234.213.148 | Sliver botnet C2 server (confidence level: 50%) | |
file18.61.127.197 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file37.107.173.213 | Poison Ivy botnet C2 server (confidence level: 50%) | |
file192.227.134.159 | NetWire RC botnet C2 server (confidence level: 100%) | |
file189.1.243.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.64.38.105 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.156.175.171 | Remcos botnet C2 server (confidence level: 100%) | |
file185.234.72.160 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.81.23.43 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.117.98.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file173.195.100.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.3.12.64 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.222.57.78 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file54.204.63.61 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.231.251.86 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file54.244.59.22 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file154.83.14.104 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file160.30.21.117 | MooBot botnet C2 server (confidence level: 100%) | |
file223.109.211.19 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file192.99.8.184 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file162.33.177.183 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file1.12.248.6 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file1.12.248.6 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file101.33.195.153 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.188.220.36 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file120.27.198.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.221.9.167 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file124.71.204.3 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file14.205.93.45 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file146.70.232.43 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file167.160.161.186 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file201.92.134.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.137.92.12 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file49.71.36.87 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file49.71.38.88 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file61.240.220.118 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file157.254.167.93 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file196.251.117.152 | Remcos botnet C2 server (confidence level: 100%) | |
file104.243.32.185 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file141.8.198.169 | NjRAT botnet C2 server (confidence level: 100%) | |
file34.41.139.193 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file118.107.2.232 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.94.232.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.31.18.77 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file155.94.175.189 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.70.221.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.12.215.229 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file142.93.15.10 | pupy botnet C2 server (confidence level: 100%) | |
file185.224.129.217 | Sliver botnet C2 server (confidence level: 100%) | |
file186.169.76.124 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.130.212.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file86.54.42.17 | DCRat botnet C2 server (confidence level: 100%) | |
file157.175.168.179 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.208.249.200 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file35.199.30.104 | Chaos botnet C2 server (confidence level: 100%) | |
file185.149.146.172 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file51.75.41.112 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file154.94.232.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file114.66.41.204 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file114.66.41.204 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file114.66.41.204 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file2.59.155.43 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.107.2.131 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file118.107.2.208 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file178.255.218.228 | SpyNote botnet C2 server (confidence level: 100%) | |
file45.141.151.117 | SpyNote botnet C2 server (confidence level: 100%) | |
file178.171.122.92 | SpyNote botnet C2 server (confidence level: 100%) | |
file178.171.122.18 | SpyNote botnet C2 server (confidence level: 100%) | |
file196.251.113.10 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file16.170.93.15 | Loda botnet C2 server (confidence level: 100%) | |
file47.98.151.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.40.161.234 | QakBot botnet C2 server (confidence level: 75%) | |
file84.200.77.213 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file31.7.61.18 | Meterpreter botnet C2 server (confidence level: 75%) | |
file45.11.181.37 | Meterpreter botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8082 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash668 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7705 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash1777 | XWorm botnet C2 server (confidence level: 100%) | |
hash1012 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash81 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 90%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash4781 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash4443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash4433 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash47808 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash53806 | Mozi botnet C2 server (confidence level: 50%) | |
hash15443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash2368 | XWorm botnet C2 server (confidence level: 50%) | |
hash5353 | XWorm botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8594 | XWorm botnet C2 server (confidence level: 100%) | |
hash8596 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8595 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash866 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1912 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4894 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1194 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Nimplant botnet C2 server (confidence level: 100%) | |
hash443 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash4449 | XWorm botnet C2 server (confidence level: 75%) | |
hash56002 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash56003 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4646 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash6443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash6443 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash5277 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash3460 | Poison Ivy botnet C2 server (confidence level: 50%) | |
hash9505 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash42830 | Remcos botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3001 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1963 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash4730 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2078 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash135 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9527 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash7712 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash22109 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | NjRAT botnet C2 server (confidence level: 100%) | |
hash80 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1668 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50000 | pupy botnet C2 server (confidence level: 100%) | |
hash80 | Sliver botnet C2 server (confidence level: 100%) | |
hash4000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8855 | DCRat botnet C2 server (confidence level: 100%) | |
hash6005 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash53663 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash18777 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash2464 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8090 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1698 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1699 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash7003 | SpyNote botnet C2 server (confidence level: 100%) | |
hash2222 | SpyNote botnet C2 server (confidence level: 100%) | |
hash13333 | SpyNote botnet C2 server (confidence level: 100%) | |
hash18888 | SpyNote botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7000 | Loda botnet C2 server (confidence level: 100%) | |
hash2999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash7712 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.guaerdflfare.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainjemriz.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpre-order.sodakconcretecoatings.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainecs-124-71-152-57.compute.hwclouds-dns.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainrdlaw.mywire.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainabremeh.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainalcapulco.duckdns.org | XWorm botnet C2 domain (confidence level: 50%) | |
domainstill-ie.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainb3kylyu7z.localto.net | SpyNote botnet C2 domain (confidence level: 100%) | |
domainhwsrv-1285168.hostwindsdns.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainmcaumnb.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindaruubs.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincidtfhh.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrayrhs.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfurwmsx.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmonkkn.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainst.w.sachdevalawpublishers.com | Vidar botnet C2 domain (confidence level: 75%) | |
domainjekwuserver.ydns.eu | Remcos botnet C2 domain (confidence level: 50%) | |
domainnwa2323.ydns.eu | Remcos botnet C2 domain (confidence level: 50%) | |
domainrovider.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrecord-examined.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainhost0.quoteconsumers.biz | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainomnivva.shop | Hook botnet C2 domain (confidence level: 100%) | |
domain1357504293-h43knumeov.ap-guangzhou.tencentscf.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainbcdc37vn5vr5t.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainfiles.tucsonrenovationservices.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainec2-18-168-225-154.eu-west-2.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainflyrbeengeek-25127.portmap.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainenvios25.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmadmrx.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain8fnuawbfuac.click | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain8eh18dhq9wd.click | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain8hdfiqowchq.click | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain8nioqhxciwoqc.click | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain8fhd2idhacas.click | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainwitherisagoat-20650.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainblockchain-projects.com | AsyncRAT botnet C2 domain (confidence level: 100%) |
Threat ID: 6876ef3da83201eaacd1c7bf
Added to database: 7/16/2025, 12:15:57 AM
Last enriched: 7/16/2025, 12:31:12 AM
Last updated: 7/16/2025, 1:15:57 PM
Views: 6
Related Threats
OCTALYN STEALER UNMASKED
MediumMalwareWed Jul 16 2025
Analysis of Secp0 Ransomware
MediumMalwareWed Jul 16 2025
Unmasking AsyncRAT: Navigating the labyrinth of forks
MediumMalwareWed Jul 16 2025
Rainbow Hyena strikes again: new backdoor and shift in tactics
MediumMalwareWed Jul 16 2025
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
MediumMalwareWed Jul 16 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.