ThreatFox IOCs for 2025-07-16

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-07-16 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data lacks specific details about the malware family, attack vectors, or affected software versions, and no known exploits in the wild are reported. The threat level is rated as medium (threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis depth (analysis: 1). The absence of affected versions and patch availability suggests this is an intelligence update rather than a newly discovered vulnerability or active exploit. The IOCs likely serve as indicators to detect or monitor potential malicious activity related to payload delivery mechanisms or network communications associated with malware campaigns. Given the OSINT tag and TLP:white classification, this information is intended for broad sharing to aid in threat detection and response. However, the lack of technical specifics limits the ability to assess attack methods or payload characteristics in detail.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of known exploits and detailed technical data. However, the presence of IOCs related to payload delivery and network activity indicates potential reconnaissance or preparatory stages of malware campaigns that could lead to data exfiltration, service disruption, or unauthorized access if leveraged in targeted attacks. Organizations relying on OSINT feeds for threat intelligence can use these IOCs to enhance detection capabilities and preemptively identify suspicious network traffic or payloads. The medium severity rating suggests a moderate risk that could escalate if threat actors develop active exploits or integrate these IOCs into broader attack frameworks. European entities with critical infrastructure or high-value data assets should remain vigilant, as early detection is crucial to mitigating potential downstream impacts such as ransomware, espionage, or supply chain compromises.

Mitigation Recommendations

1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Intrusion Detection/Prevention Systems (IDS/IPS) to enhance detection of related network activity and payload delivery attempts. 2. Conduct regular threat hunting exercises using these IOCs to identify any latent or emerging malicious activity within the network. 3. Maintain up-to-date network segmentation and strict egress filtering to limit the impact of potential payload delivery and lateral movement. 4. Employ behavioral analytics to detect anomalies in network traffic that may not match known signatures but align with the threat patterns indicated by the IOCs. 5. Educate security teams on the importance of OSINT feeds and encourage collaboration with threat intelligence sharing platforms to stay informed about evolving threats. 6. Since no patches are available, focus on proactive monitoring and incident response readiness rather than remediation. 7. Validate and enrich these IOCs with additional threat intelligence sources to improve context and prioritization of alerts.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

domain: deathmatchuk.com
url: https://deathmatchuk.com/5l4j.js
url: https://deathmatchuk.com/js.php
url: https://cute-pudding-05af50.netlify.app/file.ps1
url: https://unique-kataifi-8d2aac.netlify.app/myfiles.zip
domain: warpdrive.top
url: https://warpdrive.top/jjj/include.js
url: https://warpdrive.top/jjj/index.php
url: https://sos-atlanta.com/lal.ps1
url: https://sos-atlanta.com/vuzs.zip
domain: security.flnwareguward.com
domain: repolix.com
domain: cute-pudding-05af50.netlify.app
url: https://warpdrive.top/jjj/buffer.js
url: http://sos-atlanta.com:80/lal.ps1
domain: sos-atlanta.com
file: 47.245.61.75
hash: 4444
file: 206.82.6.166
hash: 80
domain: www.quoteconsumer.net
file: 195.206.234.19
hash: 8808
file: 13.41.224.200
hash: 8808
file: 172.111.151.97
hash: 75
file: 78.162.57.179
hash: 306
file: 95.111.254.223
hash: 7443
file: 54.215.245.94
hash: 2083
file: 54.215.245.94
hash: 4433
domain: m365.office.safelogins.su
domain: funny-rhodes.194-26-192-12.plesk.page
domain: friendly-proskuriakova.194-26-192-12.plesk.page
file: 167.160.161.224
hash: 443
url: https://discord.com/api/webhooks/1346459311483785276/cqnvudaoifjcdf4vo7vwtgnnfbmuju8qxk65l_ltd8czz2u1kst1eghktrtcfuco5-er
url: https://discord.com/api/webhooks/1394334234881032193/9ruzztqms46d9b4edtm6npywy6pust8914wri2ydakz9kvzgb3fv4rgntql5amb96msn
url: https://discordapp.com/api/webhooks/1392417824688967680/ugweb1gocyp_fziwdwuqzkhnhuzyxunnl_pbjpjtaw8t_cutnjq_laola-n5fyhs3bt9
domain: if-www.com
domain: denis39.site
domain: iqi-www.com
domain: www.anydesk-en.com
domain: www.iqq-www.com
domain: www.ig-www.com
domain: iqy-www.com
domain: irisglobals.com
domain: ekspert-audit.ru
domain: bet365x.es
domain: www.anydesk-us.com
domain: www.iqe-www.com
domain: app-odoo.com
domain: ih-www.com
domain: ix-www.com
domain: ic-www.com
domain: ib-www.com
domain: advanced-ip-scanes.com
domain: ik-www.com
domain: calendls.com
domain: iw-www.com
domain: advanced-ip-scaners.com
domain: il-www.com
domain: www.iqw-www.com
domain: cinemaclty.com
domain: apps.odoo-en.com
domain: www.ij-www.com
domain: ae-salik-pay.com
domain: io-www.com
domain: iq-www.com
domain: www.dz-www.com
domain: www.iu-www.com
domain: www.in-www.com
domain: www.dee-www.com
domain: moblierecharge.store
domain: ii-www.com
domain: www.is-www.com
domain: iqu-www.com
domain: zoho-en.com
domain: ultravlewer.store
domain: www.ru-whatsapp-web.com
domain: iqr-www.com
domain: tradlngvlew.com
domain: jam-software-en.com
domain: www.iv-www.com
domain: iv-www.com
domain: www.iqt-www.com
domain: en-putty.com
domain: advanced-ip-scanner.space
domain: in-www.com
domain: di-www.com
domain: es-bet365.com
domain: www.iz-www.com
domain: ae-salik.com
domain: angryip.info
domain: wwh-club.shop
domain: dtt-www.com
domain: davabux.site
domain: ip-www.com
domain: is-www.com
domain: www.ip-www.com
domain: netsuite-en.com
domain: en-aave.com
domain: clnemaclty.com
domain: aave-en.com
domain: odoo-en.pro
domain: www.seo-rub.ru
domain: microsoftdesktop.com
domain: youtubedownloading.com
domain: topmicrosoft.com
domain: www.googleaccount.org
domain: infallible-tereshkova.199-247-22-187.plesk.page
domain: kasperskyupdate.com
domain: channels.openvista.ma
domain: cfverclsid.top
domain: cdn-web-server1.techserver01.workers.dev
domain: soft-base-01.ginigiy117.workers.dev
domain: sfibhzu3ubhza.top
domain: dash-server.servertech03.workers.dev
domain: server-cdn.xohahey822.workers.dev
domain: server-cdn.sidoke9822.workers.dev
domain: server-cdn.jawigaw383.workers.dev
domain: server-cdn.virej10913.workers.dev
domain: server-cdn.lafise2419.workers.dev
domain: 08us4w0132ps.shop
domain: br.citrix-connect.com
domain: server-cdn.lecoc56350.workers.dev
domain: smart.mymedhospital.com
domain: adevsoftinc.com
domain: bugs.jquery.sh
domain: 164-90-144-91.ipv4.staticdns3.io
domain: brc4.online
domain: cdn1.poyag17470.workers.dev
domain: www.test-explr-academy.com
domain: fazubuzbw3u2.top
domain: ikhgijabfnkajem.top
domain: tibhzuygfuyz.top
domain: jbznk.com
domain: test-test-explr-academy.com
domain: stlrg124.top
domain: bizu3uvgz3z.top
domain: bnzuyeubizh3f.top
domain: segibuzh3hbz.top
domain: 527newagain.top
domain: robnzuwubz.top
domain: prighxzuebb3e.top
domain: mnatyvgzy3r.top
url: https://discord.com/api/webhooks/1260642604438126643/aa_uuahsuzkuos2vlsibcqbkyeofmp2ohl9qsbw53deoiyknwkncmzqv8l5t08t9fhd5
file: 91.92.120.10
hash: 62520
file: 78.159.156.10
hash: 33728
url: https://collarmom.xyz/bin.php
file: 185.208.159.235
hash: 33897
file: 189.1.243.105
hash: 808
url: http://nutkittens.info/kul.php
domain: sleephouses.info
url: http://65.38.121.161:8888/supershell/login/
file: 65.38.121.161
hash: 8888
url: http://cq24072.tw1.ru/556dbd6f.php
url: https://t.me/mamaamaboy
url: http://141.98.6.181/4c8837c73f7c4af9.php
url: http://172.94.96.95/panel/gate.php
domain: eucdn2.asia
domain: ecs-1-94-183-238.compute.hwclouds-dns.com
domain: dashboard.nm.xevil.cn
file: 47.245.90.197
hash: 443
file: 120.24.241.109
hash: 6001
domain: www.blofin.live
file: 78.162.57.179
hash: 1000
domain: beni.bigbankorg.com
file: 194.102.175.170
hash: 7443
file: 196.251.66.195
hash: 2404
file: 193.23.3.29
hash: 38990
file: 45.205.28.92
hash: 80
file: 13.228.16.160
hash: 443
file: 35.86.123.170
hash: 443
file: 3.0.197.101
hash: 8080
file: 44.221.75.225
hash: 443
file: 136.144.247.17
hash: 80
file: 152.136.137.248
hash: 55533
file: 109.123.235.161
hash: 3333
file: 35.202.156.38
hash: 443
file: 81.70.200.232
hash: 8081
file: 35.213.191.155
hash: 443
file: 18.61.159.31
hash: 2262
file: 91.147.113.214
hash: 80
file: 139.129.32.152
hash: 8443
file: 66.23.207.166
hash: 10001
file: 5.101.84.178
hash: 1234
file: 172.94.96.153
hash: 7788
file: 172.94.127.2
hash: 4000
domain: landing.kamal1.cs2.dk
domain: sirlegacy.duckdns.org
domain: sirlegacy1.duckdns.org
domain: asegurar.mysynology.net
file: 212.102.52.77
hash: 4782
url: http://87.120.93.21
domain: job3.trnebaiek.cn
file: 45.204.195.253
hash: 1688
file: 45.204.215.253
hash: 2533
file: 45.204.215.253
hash: 8756
file: 116.203.165.124
hash: 443
file: 95.217.242.157
hash: 443
file: 65.109.243.34
hash: 443
file: 78.47.76.152
hash: 443
file: 15.235.176.150
hash: 4781
domain: archivedcnd-s1.asia
file: 160.19.79.249
hash: 80
file: 104.223.123.227
hash: 1234
file: 47.245.90.197
hash: 80
file: 8.138.243.76
hash: 80
file: 47.237.120.206
hash: 80
file: 47.111.10.183
hash: 8080
file: 189.1.243.105
hash: 4444
domain: cdnperf.asia
file: 1.94.98.11
hash: 8082
file: 47.120.48.100
hash: 80
file: 47.93.222.225
hash: 80
file: 146.70.79.53
hash: 80
file: 196.251.66.31
hash: 2404
file: 167.160.161.103
hash: 2404
file: 196.251.69.234
hash: 2404
file: 196.251.81.126
hash: 6000
file: 181.206.158.190
hash: 3000
file: 94.198.52.217
hash: 443
file: 128.90.106.114
hash: 2000
file: 142.202.191.184
hash: 9999
file: 13.247.186.229
hash: 20201
file: 168.100.8.8
hash: 80
url: http://87.120.93.21/78b887e60b7f4fed.php
file: 87.120.93.21
hash: 80
file: 101.75.234.48
hash: 4506
file: 16.64.20.31
hash: 443
file: 18.253.82.42
hash: 443
file: 2.50.14.223
hash: 443
file: 34.99.229.14
hash: 443
file: 47.117.167.30
hash: 443
file: 71.12.4.11
hash: 443
file: 47.109.140.12
hash: 4432
file: 8.152.96.21
hash: 7777
file: 47.121.136.179
hash: 443
file: 42.51.34.56
hash: 8009
file: 113.29.231.186
hash: 9205
file: 3.145.103.147
hash: 15044
file: 18.61.2.132
hash: 8174
file: 18.61.159.31
hash: 11112
file: 205.185.114.104
hash: 21314
file: 15.161.95.95
hash: 4444
file: 216.45.61.141
hash: 31337
file: 168.110.192.252
hash: 31337
file: 103.130.215.202
hash: 500
file: 45.197.147.36
hash: 443
file: 40.176.177.156
hash: 9018
url: https://www.katz-stealer.com/
url: https://pastebin.com/raw/pr2cvtis
domain: faho-24634.portmap.host
file: 193.161.193.99
hash: 24634
domain: myhoster123.zapto.org
file: 146.168.34.244
hash: 1604
file: 110.40.80.89
hash: 25000
url: http://www.0qpd5.click/um09/
url: http://www.1f8zn.click/um09/
url: http://www.3-155-18-241.lol/um09/
url: http://www.46.top/um09/
url: http://www.66ny5.top/um09/
url: http://www.89clubb.art/um09/
url: http://www.8vip135.net/um09/
url: http://www.ailseent.cfd/um09/
url: http://www.alank.ltd/um09/
url: http://www.amtech.dev/um09/
url: http://www.ancyglobal.capital/um09/
url: http://www.anopyops.net/um09/
url: http://www.ansenlan.net/um09/
url: http://www.apitronis.xyz/um09/
url: http://www.apply.xyz/um09/
url: http://www.aptrailhunterzone.click/um09/
url: http://www.aroon.media/um09/
url: http://www.ataract-surgery-85805.bond/um09/
url: http://www.atchehub.xyz/um09/
url: http://www.avinnorris.shop/um09/
url: http://www.awangmburiabang.sbs/um09/
url: http://www.c3471.top/um09/
url: http://www.cto.design/um09/
url: http://www.diryacare.xyz/um09/
url: http://www.edresans.cfd/um09/
url: http://www.emoreplay.shop/um09/
url: http://www.evxxw.top/um09/
url: http://www.h44x.top/um09/
url: http://www.iberacaaodigital.shop/um09/
url: http://www.ingerie-22584.bond/um09/
url: http://www.ireoverseasgroup.shop/um09/
url: http://www.itrinkizi20.xyz/um09/
url: http://www.ittledeath.art/um09/
url: http://www.j5.top/um09/
url: http://www.levatedynamics.net/um09/
url: http://www.lmj8zx.pro/um09/
url: http://www.mersdty.xyz/um09/
url: http://www.mphmu.top/um09/
url: http://www.mstj.xyz/um09/
url: http://www.ndke.top/um09/
url: http://www.ndovsjepangkemarin7.buzz/um09/
url: http://www.nerrj.vip/um09/
url: http://www.nr1fp.top/um09/
url: http://www.nugglebuds.net/um09/
url: http://www.okerdom0398.buzz/um09/
url: http://www.olarisfinance.pro/um09/
url: http://www.oldchain-br037.sbs/um09/
url: http://www.oma.club/um09/
url: http://www.ook.photo/um09/
url: http://www.oungandassociatesmusic.net/um09/
url: http://www.ov-imhg.live/um09/
url: http://www.ov-pukr.cfd/um09/
url: http://www.pcigieikmfhw.website/um09/
url: http://www.pujosa.top/um09/
url: http://www.rand-bewin.pro/um09/
url: http://www.rbetano.app/um09/
url: http://www.tbi5r.top/um09/
url: http://www.uckice.shop/um09/
url: http://www.uestrasenda.cloud/um09/
url: http://www.uperstar360.net/um09/
url: http://www.uxe.rent/um09/
url: http://www.uziweilai.top/um09/
url: http://www.vhlkau0.xyz/um09/
url: http://www.viary.lol/um09/
url: http://www.wxyn3.top/um09/
domain: www.0qpd5.click
domain: www.1f8zn.click
domain: www.3-155-18-241.lol
domain: www.46.top
domain: www.66ny5.top
domain: www.89clubb.art
domain: www.8vip135.net
domain: www.ailseent.cfd
domain: www.alank.ltd
domain: www.amtech.dev
domain: www.ancyglobal.capital
domain: www.anopyops.net
domain: www.ansenlan.net
domain: www.apitronis.xyz
domain: www.apply.xyz
domain: www.aptrailhunterzone.click
domain: www.aroon.media
domain: www.ataract-surgery-85805.bond
domain: www.atchehub.xyz
domain: www.avinnorris.shop
domain: www.awangmburiabang.sbs
domain: www.c3471.top
domain: www.cto.design
domain: www.diryacare.xyz
domain: www.edresans.cfd
domain: www.emoreplay.shop
domain: www.evxxw.top
domain: www.h44x.top
domain: www.iberacaaodigital.shop
domain: www.ingerie-22584.bond
domain: www.ireoverseasgroup.shop
domain: www.itrinkizi20.xyz
domain: www.ittledeath.art
domain: www.j5.top
domain: www.levatedynamics.net
domain: www.lmj8zx.pro
domain: www.mersdty.xyz
domain: www.mphmu.top
domain: www.mstj.xyz
domain: www.ndke.top
domain: www.ndovsjepangkemarin7.buzz
domain: www.nerrj.vip
domain: www.nr1fp.top
domain: www.nugglebuds.net
domain: www.okerdom0398.buzz
domain: www.olarisfinance.pro
domain: www.oldchain-br037.sbs
domain: www.oma.club
domain: www.ook.photo
domain: www.oungandassociatesmusic.net
domain: www.ov-imhg.live
domain: www.ov-pukr.cfd
domain: www.pcigieikmfhw.website
domain: www.pujosa.top
domain: www.rand-bewin.pro
domain: www.rbetano.app
domain: www.tbi5r.top
domain: www.uckice.shop
domain: www.uestrasenda.cloud
domain: www.uperstar360.net
domain: www.uxe.rent
domain: www.uziweilai.top
domain: www.vhlkau0.xyz
domain: www.viary.lol
domain: www.wxyn3.top
domain: anranapi.xyz
domain: cnc.mutao.in
domain: cns.mutao.in
domain: main.minefarm19.o-r.kr
file: 172.245.4.223
hash: 13508
file: 172.245.4.223
hash: 13509
domain: tharq.shop
domain: niazw.pics
url: https://kilcvv.top/xdod
file: 45.141.233.100
hash: 7708
domain: gigohe.top
domain: blihlo.shop
hash: 1676e8960e5687f305e8d12a6069f92ab5e085593cea049d60fff6f0a2f451df
hash: 7d98f588fa0a8fb77dfa2b104578da98170520dfe45f66c83f5663ad26bacb03
file: 64.112.124.86
hash: 443
url: https://ashesplayer.top/jjj/include.js
domain: ashesplayer.top
url: https://ashesplayer.top/jjj/buffer.js
url: http://sizzlingcareer.com:80/lal.ps1
domain: sizzlingcareer.com
url: https://sizzlingcareer.com/lal.ps1
url: https://sizzlingcareer.com/beqw.zip
file: 147.185.221.29
hash: 63503
url: https://elilzy.shop/aggs
url: https://t.me/dfr5sser4
file: 107.172.30.201
hash: 80
domain: take-reseller.gl.at.ply.gg
domain: entertainment-remembered.gl.at.ply.gg
domain: responsibility-occasion.gl.at.ply.gg
file: 1.12.73.153
hash: 80
domain: bestevagirlsheisanangelformyfgirlforever.duckdns.org
file: 213.14.158.35
hash: 1605
file: 128.90.106.114
hash: 5000
url: https://collb.shop/tiwq
url: https://inbeso.lat/pdgs
url: https://germon.pics/taiw
file: 84.200.128.150
hash: 7443
file: 18.163.127.62
hash: 443
file: 136.50.37.144
hash: 80
file: 144.172.98.81
hash: 35361
url: http://147.45.47.68
domain: login.office.safelogins.su
file: 104.164.110.7
hash: 80
file: 43.143.4.38
hash: 443
domain: skelet.lol
domain: wz.stehsuxwy.cn
file: 117.72.57.11
hash: 8000
file: 31.57.97.126
hash: 111
file: 31.57.97.217
hash: 2322
file: 144.172.105.184
hash: 7777
file: 176.97.212.251
hash: 3390
file: 192.3.198.13
hash: 6000
url: http://147.45.47.68/a8f961c72f0d877c.php
file: 147.45.47.68
hash: 80
file: 185.163.45.41
hash: 443
file: 120.26.98.190
hash: 6001
file: 43.138.22.149
hash: 8080
file: 45.88.186.227
hash: 7474
domain: m.awareinsurance.com
url: https://m.awareinsurance.com/viewdashboard
file: 89.116.64.57
hash: 443
url: https://nebdulaq.digital/aqwdw
url: https://t.me/acobass
url: https://gratcf.digital/apd
url: https://t.me/guarama229
url: https://t.me/steamwork97
url: https://fieldhitty.click/api
url: https://t.me/cobask1234
url: https://digitmopdg.live/fhyy
url: https://t.me/wowpepka
url: https://cheapptaxysu.click/api
url: https://t.me/cobaroma
url: https://thebeautylovelytop.top/api
url: https://joyfulhezart.tech/api
url: https://azurgewhisper.hair/api
url: https://t.me/sgsjlghj234
url: https://crimod.xyz/gsew
url: https://snras.run/lxad
url: https://t.me/cobask12345
url: https://hypothesizys.click/api
url: https://advertised.life/api
url: https://t.me/cobersk
url: https://lossekniyyt.click/api
url: https://shfsz.xyz/xjda
url: https://sizefixeds.icu/api
url: https://tawdrydadysz.icu/api
url: https://adventurestoptop.top/api
url: https://fluffycqomfort.world/qwed
url: https://guerp.xyz/faif
url: https://uncombsguq.xyz/aziq
url: https://nuttyshopr.biz/j
url: https://t.me/messilion33
url: https://scieseandbeyond.world/api
url: https://theadventureclubstop.top/api
url: https://boldcyanvas.top/api
url: https://crowdwarek.shop/c
url: https://minndfulpath.top/api
url: https://gecoea.lat/daiw
url: https://t.me/cobasck
url: https://t.me/qwertypepka
url: https://t.me/onepepka1
url: https://vwibrantwonders.rest/api
url: https://t.me/kldslumba
url: https://genhqq.xyz/gair
url: https://t.me/cob1488
url: https://investiigato.website/api
url: https://resonantpasot.icu/api
url: https://digitalmarketing101.click/api
url: https://t.me/coba128
url: https://plugboth.digital/aoijsau
url: https://hopezx.run/opsgz
url: https://unicorntop.top/api
url: https://t.me/cosmicsex
url: https://balfts.lat/zanb
url: https://t.me/onetwothreegghh
url: https://thrivintgcommunity.top/api
url: https://kbracketba.shop/bdwo
url: https://t.me/usbanklog123
url: https://fearleszsjourney.tech/api
url: https://creativeoutlookstop.top/api
url: https://clammyblushi.biz/api
url: https://offbeat-moans.cyou/api
url: https://thehealthylifesstop.top/api
url: https://gunrightsp.run/bksahyg
url: https://blockhubr.live/jhgf
url: https://t.me/socialsscesforum
url: https://creewuh.shop/qazx
file: 194.32.76.77
hash: 443
file: 45.76.251.57
hash: 443
file: 87.120.186.37
hash: 5799
file: 147.185.221.28
hash: 36293
file: 92.63.106.237
hash: 8848
file: 89.39.121.31
hash: 57077
file: 185.200.38.8
hash: 4782
file: 94.31.108.120
hash: 4782
file: 87.120.186.37
hash: 37802
file: 45.141.215.163
hash: 6969
domain: vps.tuxy.lol
domain: client123.zapto.org
domain: funds-ct.gl.at.ply.gg
domain: bay-butterfly.gl.at.ply.gg
url: https://api.telegram.org/bot7968139020:aagrchl7dwuvko0vxiefvlsyn6oa3yw3hk8/sendmessage
url: https://api.telegram.org/bot7625290642:aaec_tisp8mxv-r4b_jsskporsmz8qerti0/sendmessage
url: https://api.telegram.org/bot6699976426:aah3lwim2dsmrmtymddbyw-cxnazrc7tx3e/sendmessage
url: https://api.telegram.org/bot7242353426:aae0umuucxqsmpt1hxoo869o-44qr09kzwu/sendmessage
file: 148.113.165.11
hash: 2525
file: 147.185.221.30
hash: 55718
file: 8.218.33.116
hash: 56122
file: 147.185.221.30
hash: 13258
file: 147.185.221.29
hash: 8081
domain: hotels-eq.gl.at.ply.gg
domain: planning-sas.gl.at.ply.gg
domain: thread-realistic.gl.at.ply.gg
domain: york-pavilion.gl.at.ply.gg
domain: because-constitutional.gl.at.ply.gg
domain: mentirosaputa5-27719.portmap.host
domain: zulo88.ddns.net
domain: william-numerical.gl.at.ply.gg
file: 79.124.8.6
hash: 2404
file: 198.23.175.45
hash: 4900
file: 118.107.43.154
hash: 4030
url: https://116.203.14.96
url: https://dev.www.francotamouls.com
domain: dev.www.francotamouls.com
url: https://blihlo.shop/atkg
url: https://gigohe.top/diau
file: 206.233.129.49
hash: 7891
file: 38.45.122.163
hash: 5536
file: 39.101.64.124
hash: 9999
file: 45.144.214.106
hash: 443
file: 34.242.163.197
hash: 31337
file: 118.194.235.107
hash: 58443
file: 45.81.23.42
hash: 443
domain: login.secure-verifications.es
file: 13.38.81.62
hash: 5903
file: 13.38.81.62
hash: 11103
file: 13.61.105.64
hash: 80
file: 122.192.134.139
hash: 10001
file: 120.221.22.94
hash: 10001
url: https://genuine-seahorse-f5e9c4.netlify.app/file.ps1
domain: genuine-seahorse-f5e9c4.netlify.app
url: https://bedoueroom.top
url: https://bedoueroom.top/kll/buf.js
url: https://spifd.top/aiuw
file: 103.245.164.128
hash: 5552
url: http://109.172.55.110/index.php
domain: drglockz-48262.portmap.io
domain: nanoemailing-46446.portmap.host
domain: ganggang300182312-32221.portmap.host
domain: luciphas.xyz
domain: ares25.duckdns.org
domain: email-server.xyz
domain: legacysystemsettings.is-an-engineer.com
domain: white-edited.gl.at.ply.gg
domain: cvko-56792.portmap.host
file: 206.233.129.49
hash: 8888
file: 206.233.129.49
hash: 6666
file: 193.161.193.99
hash: 32221
file: 147.185.221.22
hash: 24961
file: 188.214.129.181
hash: 4448
file: 147.185.221.17
hash: 50048
file: 193.161.193.99
hash: 40602
file: 81.70.221.86
hash: 6001
file: 154.222.24.214
hash: 80
file: 206.238.221.252
hash: 8899
file: 47.245.126.17
hash: 8088
file: 45.81.23.42
hash: 80
file: 45.146.130.136
hash: 9000
file: 178.128.48.155
hash: 443
file: 150.139.133.212
hash: 10001
file: 185.170.154.149
hash: 34000
file: 8.210.41.102
hash: 80
file: 198.135.49.199
hash: 8784
file: 198.135.49.199
hash: 7071
file: 5.163.124.135
hash: 443
file: 75.2.81.90
hash: 443
file: 125.77.172.124
hash: 443
url: http://ci35578.tw1.ru/9a91613d.php
file: 45.146.81.254
hash: 1212
file: 147.185.221.30
hash: 7304
domain: ns1.nsebseshop.cloud
domain: ns2.nsebseshop.cloud
domain: ns3.nsebseshop.cloud
file: 101.43.94.35
hash: 9180

ThreatFox IOCs for 2025-07-16

Severity: medium

Type: malware

ThreatFox IOCs for 2025-07-16

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy

Indicators of Compromise

domain: deathmatchuk.com
url: https://deathmatchuk.com/5l4j.js
url: https://deathmatchuk.com/js.php
url: https://cute-pudding-05af50.netlify.app/file.ps1
url: https://unique-kataifi-8d2aac.netlify.app/myfiles.zip
domain: warpdrive.top
url: https://warpdrive.top/jjj/include.js
url: https://warpdrive.top/jjj/index.php
url: https://sos-atlanta.com/lal.ps1
url: https://sos-atlanta.com/vuzs.zip
domain: security.flnwareguward.com
domain: repolix.com
domain: cute-pudding-05af50.netlify.app
url: https://warpdrive.top/jjj/buffer.js
url: http://sos-atlanta.com:80/lal.ps1
domain: sos-atlanta.com
file: 47.245.61.75
hash: 4444
file: 206.82.6.166
hash: 80
domain: www.quoteconsumer.net
file: 195.206.234.19
hash: 8808
file: 13.41.224.200
hash: 8808
file: 172.111.151.97
hash: 75
file: 78.162.57.179
hash: 306
file: 95.111.254.223
hash: 7443
file: 54.215.245.94
hash: 2083
file: 54.215.245.94
hash: 4433
domain: m365.office.safelogins.su
domain: funny-rhodes.194-26-192-12.plesk.page
domain: friendly-proskuriakova.194-26-192-12.plesk.page
file: 167.160.161.224
hash: 443
url: https://discord.com/api/webhooks/1346459311483785276/cqnvudaoifjcdf4vo7vwtgnnfbmuju8qxk65l_ltd8czz2u1kst1eghktrtcfuco5-er
url: https://discord.com/api/webhooks/1394334234881032193/9ruzztqms46d9b4edtm6npywy6pust8914wri2ydakz9kvzgb3fv4rgntql5amb96msn
url: https://discordapp.com/api/webhooks/1392417824688967680/ugweb1gocyp_fziwdwuqzkhnhuzyxunnl_pbjpjtaw8t_cutnjq_laola-n5fyhs3bt9
domain: if-www.com
domain: denis39.site
domain: iqi-www.com
domain: www.anydesk-en.com
domain: www.iqq-www.com
domain: www.ig-www.com
domain: iqy-www.com
domain: irisglobals.com
domain: ekspert-audit.ru
domain: bet365x.es
domain: www.anydesk-us.com
domain: www.iqe-www.com
domain: app-odoo.com
domain: ih-www.com
domain: ix-www.com
domain: ic-www.com
domain: ib-www.com
domain: advanced-ip-scanes.com
domain: ik-www.com
domain: calendls.com
domain: iw-www.com
domain: advanced-ip-scaners.com
domain: il-www.com
domain: www.iqw-www.com
domain: cinemaclty.com
domain: apps.odoo-en.com
domain: www.ij-www.com
domain: ae-salik-pay.com
domain: io-www.com
domain: iq-www.com
domain: www.dz-www.com
domain: www.iu-www.com
domain: www.in-www.com
domain: www.dee-www.com
domain: moblierecharge.store
domain: ii-www.com
domain: www.is-www.com
domain: iqu-www.com
domain: zoho-en.com
domain: ultravlewer.store
domain: www.ru-whatsapp-web.com
domain: iqr-www.com
domain: tradlngvlew.com
domain: jam-software-en.com
domain: www.iv-www.com
domain: iv-www.com
domain: www.iqt-www.com
domain: en-putty.com
domain: advanced-ip-scanner.space
domain: in-www.com
domain: di-www.com
domain: es-bet365.com
domain: www.iz-www.com
domain: ae-salik.com
domain: angryip.info
domain: wwh-club.shop
domain: dtt-www.com
domain: davabux.site
domain: ip-www.com
domain: is-www.com
domain: www.ip-www.com
domain: netsuite-en.com
domain: en-aave.com
domain: clnemaclty.com
domain: aave-en.com
domain: odoo-en.pro
domain: www.seo-rub.ru
domain: microsoftdesktop.com
domain: youtubedownloading.com
domain: topmicrosoft.com
domain: www.googleaccount.org
domain: infallible-tereshkova.199-247-22-187.plesk.page
domain: kasperskyupdate.com
domain: channels.openvista.ma
domain: cfverclsid.top
domain: cdn-web-server1.techserver01.workers.dev
domain: soft-base-01.ginigiy117.workers.dev
domain: sfibhzu3ubhza.top
domain: dash-server.servertech03.workers.dev
domain: server-cdn.xohahey822.workers.dev
domain: server-cdn.sidoke9822.workers.dev
domain: server-cdn.jawigaw383.workers.dev
domain: server-cdn.virej10913.workers.dev
domain: server-cdn.lafise2419.workers.dev
domain: 08us4w0132ps.shop
domain: br.citrix-connect.com
domain: server-cdn.lecoc56350.workers.dev
domain: smart.mymedhospital.com
domain: adevsoftinc.com
domain: bugs.jquery.sh
domain: 164-90-144-91.ipv4.staticdns3.io
domain: brc4.online
domain: cdn1.poyag17470.workers.dev
domain: www.test-explr-academy.com
domain: fazubuzbw3u2.top
domain: ikhgijabfnkajem.top
domain: tibhzuygfuyz.top
domain: jbznk.com
domain: test-test-explr-academy.com
domain: stlrg124.top
domain: bizu3uvgz3z.top
domain: bnzuyeubizh3f.top
domain: segibuzh3hbz.top
domain: 527newagain.top
domain: robnzuwubz.top
domain: prighxzuebb3e.top
domain: mnatyvgzy3r.top
url: https://discord.com/api/webhooks/1260642604438126643/aa_uuahsuzkuos2vlsibcqbkyeofmp2ohl9qsbw53deoiyknwkncmzqv8l5t08t9fhd5
file: 91.92.120.10
hash: 62520
file: 78.159.156.10
hash: 33728
url: https://collarmom.xyz/bin.php
file: 185.208.159.235
hash: 33897
file: 189.1.243.105
hash: 808
url: http://nutkittens.info/kul.php
domain: sleephouses.info
url: http://65.38.121.161:8888/supershell/login/
file: 65.38.121.161
hash: 8888
url: http://cq24072.tw1.ru/556dbd6f.php
url: https://t.me/mamaamaboy
url: http://141.98.6.181/4c8837c73f7c4af9.php
url: http://172.94.96.95/panel/gate.php
domain: eucdn2.asia
domain: ecs-1-94-183-238.compute.hwclouds-dns.com
domain: dashboard.nm.xevil.cn
file: 47.245.90.197
hash: 443
file: 120.24.241.109
hash: 6001
domain: www.blofin.live
file: 78.162.57.179
hash: 1000
domain: beni.bigbankorg.com
file: 194.102.175.170
hash: 7443
file: 196.251.66.195
hash: 2404
file: 193.23.3.29
hash: 38990
file: 45.205.28.92
hash: 80
file: 13.228.16.160
hash: 443
file: 35.86.123.170
hash: 443
file: 3.0.197.101
hash: 8080
file: 44.221.75.225
hash: 443
file: 136.144.247.17
hash: 80
file: 152.136.137.248
hash: 55533
file: 109.123.235.161
hash: 3333
file: 35.202.156.38
hash: 443
file: 81.70.200.232
hash: 8081
file: 35.213.191.155
hash: 443
file: 18.61.159.31
hash: 2262
file: 91.147.113.214
hash: 80
file: 139.129.32.152
hash: 8443
file: 66.23.207.166
hash: 10001
file: 5.101.84.178
hash: 1234
file: 172.94.96.153
hash: 7788
file: 172.94.127.2
hash: 4000
domain: landing.kamal1.cs2.dk
domain: sirlegacy.duckdns.org
domain: sirlegacy1.duckdns.org
domain: asegurar.mysynology.net
file: 212.102.52.77
hash: 4782
url: http://87.120.93.21
domain: job3.trnebaiek.cn
file: 45.204.195.253
hash: 1688
file: 45.204.215.253
hash: 2533
file: 45.204.215.253
hash: 8756
file: 116.203.165.124
hash: 443
file: 95.217.242.157
hash: 443
file: 65.109.243.34
hash: 443
file: 78.47.76.152
hash: 443
file: 15.235.176.150
hash: 4781
domain: archivedcnd-s1.asia
file: 160.19.79.249
hash: 80
file: 104.223.123.227
hash: 1234
file: 47.245.90.197
hash: 80
file: 8.138.243.76
hash: 80
file: 47.237.120.206
hash: 80
file: 47.111.10.183
hash: 8080
file: 189.1.243.105
hash: 4444
domain: cdnperf.asia
file: 1.94.98.11
hash: 8082
file: 47.120.48.100
hash: 80
file: 47.93.222.225
hash: 80
file: 146.70.79.53
hash: 80
file: 196.251.66.31
hash: 2404
file: 167.160.161.103
hash: 2404
file: 196.251.69.234
hash: 2404
file: 196.251.81.126
hash: 6000
file: 181.206.158.190
hash: 3000
file: 94.198.52.217
hash: 443
file: 128.90.106.114
hash: 2000
file: 142.202.191.184
hash: 9999
file: 13.247.186.229
hash: 20201
file: 168.100.8.8
hash: 80
url: http://87.120.93.21/78b887e60b7f4fed.php
file: 87.120.93.21
hash: 80
file: 101.75.234.48
hash: 4506
file: 16.64.20.31
hash: 443
file: 18.253.82.42
hash: 443
file: 2.50.14.223
hash: 443
file: 34.99.229.14
hash: 443
file: 47.117.167.30
hash: 443
file: 71.12.4.11
hash: 443
file: 47.109.140.12
hash: 4432
file: 8.152.96.21
hash: 7777
file: 47.121.136.179
hash: 443
file: 42.51.34.56
hash: 8009
file: 113.29.231.186
hash: 9205
file: 3.145.103.147
hash: 15044
file: 18.61.2.132
hash: 8174
file: 18.61.159.31
hash: 11112
file: 205.185.114.104
hash: 21314
file: 15.161.95.95
hash: 4444
file: 216.45.61.141
hash: 31337
file: 168.110.192.252
hash: 31337
file: 103.130.215.202
hash: 500
file: 45.197.147.36
hash: 443
file: 40.176.177.156
hash: 9018
url: https://www.katz-stealer.com/
url: https://pastebin.com/raw/pr2cvtis
domain: faho-24634.portmap.host
file: 193.161.193.99
hash: 24634
domain: myhoster123.zapto.org
file: 146.168.34.244
hash: 1604
file: 110.40.80.89
hash: 25000
url: http://www.0qpd5.click/um09/
url: http://www.1f8zn.click/um09/
url: http://www.3-155-18-241.lol/um09/
url: http://www.46.top/um09/
url: http://www.66ny5.top/um09/
url: http://www.89clubb.art/um09/
url: http://www.8vip135.net/um09/
url: http://www.ailseent.cfd/um09/
url: http://www.alank.ltd/um09/
url: http://www.amtech.dev/um09/
url: http://www.ancyglobal.capital/um09/
url: http://www.anopyops.net/um09/
url: http://www.ansenlan.net/um09/
url: http://www.apitronis.xyz/um09/
url: http://www.apply.xyz/um09/
url: http://www.aptrailhunterzone.click/um09/
url: http://www.aroon.media/um09/
url: http://www.ataract-surgery-85805.bond/um09/
url: http://www.atchehub.xyz/um09/
url: http://www.avinnorris.shop/um09/
url: http://www.awangmburiabang.sbs/um09/
url: http://www.c3471.top/um09/
url: http://www.cto.design/um09/
url: http://www.diryacare.xyz/um09/
url: http://www.edresans.cfd/um09/
url: http://www.emoreplay.shop/um09/
url: http://www.evxxw.top/um09/
url: http://www.h44x.top/um09/
url: http://www.iberacaaodigital.shop/um09/
url: http://www.ingerie-22584.bond/um09/
url: http://www.ireoverseasgroup.shop/um09/
url: http://www.itrinkizi20.xyz/um09/
url: http://www.ittledeath.art/um09/
url: http://www.j5.top/um09/
url: http://www.levatedynamics.net/um09/
url: http://www.lmj8zx.pro/um09/
url: http://www.mersdty.xyz/um09/
url: http://www.mphmu.top/um09/
url: http://www.mstj.xyz/um09/
url: http://www.ndke.top/um09/
url: http://www.ndovsjepangkemarin7.buzz/um09/
url: http://www.nerrj.vip/um09/
url: http://www.nr1fp.top/um09/
url: http://www.nugglebuds.net/um09/
url: http://www.okerdom0398.buzz/um09/
url: http://www.olarisfinance.pro/um09/
url: http://www.oldchain-br037.sbs/um09/
url: http://www.oma.club/um09/
url: http://www.ook.photo/um09/
url: http://www.oungandassociatesmusic.net/um09/
url: http://www.ov-imhg.live/um09/
url: http://www.ov-pukr.cfd/um09/
url: http://www.pcigieikmfhw.website/um09/
url: http://www.pujosa.top/um09/
url: http://www.rand-bewin.pro/um09/
url: http://www.rbetano.app/um09/
url: http://www.tbi5r.top/um09/
url: http://www.uckice.shop/um09/
url: http://www.uestrasenda.cloud/um09/
url: http://www.uperstar360.net/um09/
url: http://www.uxe.rent/um09/
url: http://www.uziweilai.top/um09/
url: http://www.vhlkau0.xyz/um09/
url: http://www.viary.lol/um09/
url: http://www.wxyn3.top/um09/
domain: www.0qpd5.click
domain: www.1f8zn.click
domain: www.3-155-18-241.lol
domain: www.46.top
domain: www.66ny5.top
domain: www.89clubb.art
domain: www.8vip135.net
domain: www.ailseent.cfd
domain: www.alank.ltd
domain: www.amtech.dev
domain: www.ancyglobal.capital
domain: www.anopyops.net
domain: www.ansenlan.net
domain: www.apitronis.xyz
domain: www.apply.xyz
domain: www.aptrailhunterzone.click
domain: www.aroon.media
domain: www.ataract-surgery-85805.bond
domain: www.atchehub.xyz
domain: www.avinnorris.shop
domain: www.awangmburiabang.sbs
domain: www.c3471.top
domain: www.cto.design
domain: www.diryacare.xyz
domain: www.edresans.cfd
domain: www.emoreplay.shop
domain: www.evxxw.top
domain: www.h44x.top
domain: www.iberacaaodigital.shop
domain: www.ingerie-22584.bond
domain: www.ireoverseasgroup.shop
domain: www.itrinkizi20.xyz
domain: www.ittledeath.art
domain: www.j5.top
domain: www.levatedynamics.net
domain: www.lmj8zx.pro
domain: www.mersdty.xyz
domain: www.mphmu.top
domain: www.mstj.xyz
domain: www.ndke.top
domain: www.ndovsjepangkemarin7.buzz
domain: www.nerrj.vip
domain: www.nr1fp.top
domain: www.nugglebuds.net
domain: www.okerdom0398.buzz
domain: www.olarisfinance.pro
domain: www.oldchain-br037.sbs
domain: www.oma.club
domain: www.ook.photo
domain: www.oungandassociatesmusic.net
domain: www.ov-imhg.live
domain: www.ov-pukr.cfd
domain: www.pcigieikmfhw.website
domain: www.pujosa.top
domain: www.rand-bewin.pro
domain: www.rbetano.app
domain: www.tbi5r.top
domain: www.uckice.shop
domain: www.uestrasenda.cloud
domain: www.uperstar360.net
domain: www.uxe.rent
domain: www.uziweilai.top
domain: www.vhlkau0.xyz
domain: www.viary.lol
domain: www.wxyn3.top
domain: anranapi.xyz
domain: cnc.mutao.in
domain: cns.mutao.in
domain: main.minefarm19.o-r.kr
file: 172.245.4.223
hash: 13508
file: 172.245.4.223
hash: 13509
domain: tharq.shop
domain: niazw.pics
url: https://kilcvv.top/xdod
file: 45.141.233.100
hash: 7708
domain: gigohe.top
domain: blihlo.shop
hash: 1676e8960e5687f305e8d12a6069f92ab5e085593cea049d60fff6f0a2f451df
hash: 7d98f588fa0a8fb77dfa2b104578da98170520dfe45f66c83f5663ad26bacb03
file: 64.112.124.86
hash: 443
url: https://ashesplayer.top/jjj/include.js
domain: ashesplayer.top
url: https://ashesplayer.top/jjj/buffer.js
url: http://sizzlingcareer.com:80/lal.ps1
domain: sizzlingcareer.com
url: https://sizzlingcareer.com/lal.ps1
url: https://sizzlingcareer.com/beqw.zip
file: 147.185.221.29
hash: 63503
url: https://elilzy.shop/aggs
url: https://t.me/dfr5sser4
file: 107.172.30.201
hash: 80
domain: take-reseller.gl.at.ply.gg
domain: entertainment-remembered.gl.at.ply.gg
domain: responsibility-occasion.gl.at.ply.gg
file: 1.12.73.153
hash: 80
domain: bestevagirlsheisanangelformyfgirlforever.duckdns.org
file: 213.14.158.35
hash: 1605
file: 128.90.106.114
hash: 5000
url: https://collb.shop/tiwq
url: https://inbeso.lat/pdgs
url: https://germon.pics/taiw
file: 84.200.128.150
hash: 7443
file: 18.163.127.62
hash: 443
file: 136.50.37.144
hash: 80
file: 144.172.98.81
hash: 35361
url: http://147.45.47.68
domain: login.office.safelogins.su
file: 104.164.110.7
hash: 80
file: 43.143.4.38
hash: 443
domain: skelet.lol
domain: wz.stehsuxwy.cn
file: 117.72.57.11
hash: 8000
file: 31.57.97.126
hash: 111
file: 31.57.97.217
hash: 2322
file: 144.172.105.184
hash: 7777
file: 176.97.212.251
hash: 3390
file: 192.3.198.13
hash: 6000
url: http://147.45.47.68/a8f961c72f0d877c.php
file: 147.45.47.68
hash: 80
file: 185.163.45.41
hash: 443
file: 120.26.98.190
hash: 6001
file: 43.138.22.149
hash: 8080
file: 45.88.186.227
hash: 7474
domain: m.awareinsurance.com
url: https://m.awareinsurance.com/viewdashboard
file: 89.116.64.57
hash: 443
url: https://nebdulaq.digital/aqwdw
url: https://t.me/acobass
url: https://gratcf.digital/apd
url: https://t.me/guarama229
url: https://t.me/steamwork97
url: https://fieldhitty.click/api
url: https://t.me/cobask1234
url: https://digitmopdg.live/fhyy
url: https://t.me/wowpepka
url: https://cheapptaxysu.click/api
url: https://t.me/cobaroma
url: https://thebeautylovelytop.top/api
url: https://joyfulhezart.tech/api
url: https://azurgewhisper.hair/api
url: https://t.me/sgsjlghj234
url: https://crimod.xyz/gsew
url: https://snras.run/lxad
url: https://t.me/cobask12345
url: https://hypothesizys.click/api
url: https://advertised.life/api
url: https://t.me/cobersk
url: https://lossekniyyt.click/api
url: https://shfsz.xyz/xjda
url: https://sizefixeds.icu/api
url: https://tawdrydadysz.icu/api
url: https://adventurestoptop.top/api
url: https://fluffycqomfort.world/qwed
url: https://guerp.xyz/faif
url: https://uncombsguq.xyz/aziq
url: https://nuttyshopr.biz/j
url: https://t.me/messilion33
url: https://scieseandbeyond.world/api
url: https://theadventureclubstop.top/api
url: https://boldcyanvas.top/api
url: https://crowdwarek.shop/c
url: https://minndfulpath.top/api
url: https://gecoea.lat/daiw
url: https://t.me/cobasck
url: https://t.me/qwertypepka
url: https://t.me/onepepka1
url: https://vwibrantwonders.rest/api
url: https://t.me/kldslumba
url: https://genhqq.xyz/gair
url: https://t.me/cob1488
url: https://investiigato.website/api
url: https://resonantpasot.icu/api
url: https://digitalmarketing101.click/api
url: https://t.me/coba128
url: https://plugboth.digital/aoijsau
url: https://hopezx.run/opsgz
url: https://unicorntop.top/api
url: https://t.me/cosmicsex
url: https://balfts.lat/zanb
url: https://t.me/onetwothreegghh
url: https://thrivintgcommunity.top/api
url: https://kbracketba.shop/bdwo
url: https://t.me/usbanklog123
url: https://fearleszsjourney.tech/api
url: https://creativeoutlookstop.top/api
url: https://clammyblushi.biz/api
url: https://offbeat-moans.cyou/api
url: https://thehealthylifesstop.top/api
url: https://gunrightsp.run/bksahyg
url: https://blockhubr.live/jhgf
url: https://t.me/socialsscesforum
url: https://creewuh.shop/qazx
file: 194.32.76.77
hash: 443
file: 45.76.251.57
hash: 443
file: 87.120.186.37
hash: 5799
file: 147.185.221.28
hash: 36293
file: 92.63.106.237
hash: 8848
file: 89.39.121.31
hash: 57077
file: 185.200.38.8
hash: 4782
file: 94.31.108.120
hash: 4782
file: 87.120.186.37
hash: 37802
file: 45.141.215.163
hash: 6969
domain: vps.tuxy.lol
domain: client123.zapto.org
domain: funds-ct.gl.at.ply.gg
domain: bay-butterfly.gl.at.ply.gg
url: https://api.telegram.org/bot7968139020:aagrchl7dwuvko0vxiefvlsyn6oa3yw3hk8/sendmessage
url: https://api.telegram.org/bot7625290642:aaec_tisp8mxv-r4b_jsskporsmz8qerti0/sendmessage
url: https://api.telegram.org/bot6699976426:aah3lwim2dsmrmtymddbyw-cxnazrc7tx3e/sendmessage
url: https://api.telegram.org/bot7242353426:aae0umuucxqsmpt1hxoo869o-44qr09kzwu/sendmessage
file: 148.113.165.11
hash: 2525
file: 147.185.221.30
hash: 55718
file: 8.218.33.116
hash: 56122
file: 147.185.221.30
hash: 13258
file: 147.185.221.29
hash: 8081
domain: hotels-eq.gl.at.ply.gg
domain: planning-sas.gl.at.ply.gg
domain: thread-realistic.gl.at.ply.gg
domain: york-pavilion.gl.at.ply.gg
domain: because-constitutional.gl.at.ply.gg
domain: mentirosaputa5-27719.portmap.host
domain: zulo88.ddns.net
domain: william-numerical.gl.at.ply.gg
file: 79.124.8.6
hash: 2404
file: 198.23.175.45
hash: 4900
file: 118.107.43.154
hash: 4030
url: https://116.203.14.96
url: https://dev.www.francotamouls.com
domain: dev.www.francotamouls.com
url: https://blihlo.shop/atkg
url: https://gigohe.top/diau
file: 206.233.129.49
hash: 7891
file: 38.45.122.163
hash: 5536
file: 39.101.64.124
hash: 9999
file: 45.144.214.106
hash: 443
file: 34.242.163.197
hash: 31337
file: 118.194.235.107
hash: 58443
file: 45.81.23.42
hash: 443
domain: login.secure-verifications.es
file: 13.38.81.62
hash: 5903
file: 13.38.81.62
hash: 11103
file: 13.61.105.64
hash: 80
file: 122.192.134.139
hash: 10001
file: 120.221.22.94
hash: 10001
url: https://genuine-seahorse-f5e9c4.netlify.app/file.ps1
domain: genuine-seahorse-f5e9c4.netlify.app
url: https://bedoueroom.top
url: https://bedoueroom.top/kll/buf.js
url: https://spifd.top/aiuw
file: 103.245.164.128
hash: 5552
url: http://109.172.55.110/index.php
domain: drglockz-48262.portmap.io
domain: nanoemailing-46446.portmap.host
domain: ganggang300182312-32221.portmap.host
domain: luciphas.xyz
domain: ares25.duckdns.org
domain: email-server.xyz
domain: legacysystemsettings.is-an-engineer.com
domain: white-edited.gl.at.ply.gg
domain: cvko-56792.portmap.host
file: 206.233.129.49
hash: 8888
file: 206.233.129.49
hash: 6666
file: 193.161.193.99
hash: 32221
file: 147.185.221.22
hash: 24961
file: 188.214.129.181
hash: 4448
file: 147.185.221.17
hash: 50048
file: 193.161.193.99
hash: 40602
file: 81.70.221.86
hash: 6001
file: 154.222.24.214
hash: 80
file: 206.238.221.252
hash: 8899
file: 47.245.126.17
hash: 8088
file: 45.81.23.42
hash: 80
file: 45.146.130.136
hash: 9000
file: 178.128.48.155
hash: 443
file: 150.139.133.212
hash: 10001
file: 185.170.154.149
hash: 34000
file: 8.210.41.102
hash: 80
file: 198.135.49.199
hash: 8784
file: 198.135.49.199
hash: 7071
file: 5.163.124.135
hash: 443
file: 75.2.81.90
hash: 443
file: 125.77.172.124
hash: 443
url: http://ci35578.tw1.ru/9a91613d.php
file: 45.146.81.254
hash: 1212
file: 147.185.221.30
hash: 7304
domain: ns1.nsebseshop.cloud
domain: ns2.nsebseshop.cloud
domain: ns3.nsebseshop.cloud
file: 101.43.94.35
hash: 9180

Source: ThreatFox MISP Feed

Published: Wed Jul 16 2025

ThreatFox IOCs for 2025-07-16

Medium

Malwaretype:osint tlp:white

Published: Wed Jul 16 2025 (07/16/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-07-16

AI-Powered Analysis

AILast updated: 07/17/2025, 00:31:14 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: e4cf329d-7f2e-414c-acd7-c16d645265c0
Original Timestamp: 1752710585

Indicators of Compromise

Domain

Value	Description	Copy
domaindeathmatchuk.com	KongTuke payload delivery domain (confidence level: 100%)
domainwarpdrive.top	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainsecurity.flnwareguward.com	Unknown malware payload delivery domain (confidence level: 100%)
domainrepolix.com	Unknown malware payload delivery domain (confidence level: 100%)
domaincute-pudding-05af50.netlify.app	KongTuke payload delivery domain (confidence level: 100%)
domainsos-atlanta.com	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainwww.quoteconsumer.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainm365.office.safelogins.su	Unknown malware botnet C2 domain (confidence level: 100%)
domainfunny-rhodes.194-26-192-12.plesk.page	Bashlite botnet C2 domain (confidence level: 100%)
domainfriendly-proskuriakova.194-26-192-12.plesk.page	Bashlite botnet C2 domain (confidence level: 100%)
domainif-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaindenis39.site	Unknown Loader payload delivery domain (confidence level: 90%)
domainiqi-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.anydesk-en.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iqq-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.ig-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainiqy-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainirisglobals.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainekspert-audit.ru	Unknown Loader payload delivery domain (confidence level: 90%)
domainbet365x.es	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.anydesk-us.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iqe-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainapp-odoo.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainih-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainix-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainic-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainib-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainadvanced-ip-scanes.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainik-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaincalendls.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainiw-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainadvanced-ip-scaners.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainil-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iqw-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaincinemaclty.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainapps.odoo-en.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.ij-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainae-salik-pay.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainio-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainiq-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.dz-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iu-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.in-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.dee-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainmoblierecharge.store	Unknown Loader payload delivery domain (confidence level: 90%)
domainii-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.is-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainiqu-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainzoho-en.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainultravlewer.store	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.ru-whatsapp-web.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainiqr-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaintradlngvlew.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainjam-software-en.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iv-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainiv-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iqt-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainen-putty.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainadvanced-ip-scanner.space	Unknown Loader payload delivery domain (confidence level: 90%)
domainin-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaindi-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaines-bet365.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.iz-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainae-salik.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainangryip.info	Unknown Loader payload delivery domain (confidence level: 90%)
domainwwh-club.shop	Unknown Loader payload delivery domain (confidence level: 90%)
domaindtt-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domaindavabux.site	Unknown Loader payload delivery domain (confidence level: 90%)
domainip-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainis-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.ip-www.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainnetsuite-en.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainen-aave.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainclnemaclty.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainaave-en.com	Unknown Loader payload delivery domain (confidence level: 90%)
domainodoo-en.pro	Unknown Loader payload delivery domain (confidence level: 90%)
domainwww.seo-rub.ru	Unknown Loader payload delivery domain (confidence level: 90%)
domainmicrosoftdesktop.com	ShadowPad botnet C2 domain (confidence level: 95%)
domainyoutubedownloading.com	ShadowPad botnet C2 domain (confidence level: 95%)
domaintopmicrosoft.com	ShadowPad botnet C2 domain (confidence level: 95%)
domainwww.googleaccount.org	ShadowPad botnet C2 domain (confidence level: 95%)
domaininfallible-tereshkova.199-247-22-187.plesk.page	ShadowPad botnet C2 domain (confidence level: 95%)
domainkasperskyupdate.com	ShadowPad botnet C2 domain (confidence level: 95%)
domainchannels.openvista.ma	ShadowPad botnet C2 domain (confidence level: 95%)
domaincfverclsid.top	MintsLoader botnet C2 domain (confidence level: 100%)
domaincdn-web-server1.techserver01.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainsoft-base-01.ginigiy117.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainsfibhzu3ubhza.top	MintsLoader botnet C2 domain (confidence level: 100%)
domaindash-server.servertech03.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainserver-cdn.xohahey822.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainserver-cdn.sidoke9822.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainserver-cdn.jawigaw383.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainserver-cdn.virej10913.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainserver-cdn.lafise2419.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domain08us4w0132ps.shop	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domainbr.citrix-connect.com	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domainserver-cdn.lecoc56350.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainsmart.mymedhospital.com	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domainadevsoftinc.com	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domainbugs.jquery.sh	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domain164-90-144-91.ipv4.staticdns3.io	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domainbrc4.online	Brute Ratel C4 botnet C2 domain (confidence level: 100%)
domaincdn1.poyag17470.workers.dev	SMOKEDHAM botnet C2 domain (confidence level: 100%)
domainwww.test-explr-academy.com	MintsLoader botnet C2 domain (confidence level: 100%)
domainfazubuzbw3u2.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainikhgijabfnkajem.top	MintsLoader botnet C2 domain (confidence level: 100%)
domaintibhzuygfuyz.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainjbznk.com	MintsLoader botnet C2 domain (confidence level: 100%)
domaintest-test-explr-academy.com	MintsLoader botnet C2 domain (confidence level: 100%)
domainstlrg124.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainbizu3uvgz3z.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainbnzuyeubizh3f.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainsegibuzh3hbz.top	MintsLoader botnet C2 domain (confidence level: 100%)
domain527newagain.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainrobnzuwubz.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainprighxzuebb3e.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainmnatyvgzy3r.top	MintsLoader botnet C2 domain (confidence level: 100%)
domainsleephouses.info	Unknown Loader botnet C2 domain (confidence level: 100%)
domaineucdn2.asia	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainecs-1-94-183-238.compute.hwclouds-dns.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domaindashboard.nm.xevil.cn	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainwww.blofin.live	AsyncRAT botnet C2 domain (confidence level: 100%)
domainbeni.bigbankorg.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainlanding.kamal1.cs2.dk	Unknown Loader payload delivery domain (confidence level: 100%)
domainsirlegacy.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domainsirlegacy1.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domainasegurar.mysynology.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainjob3.trnebaiek.cn	ValleyRAT botnet C2 domain (confidence level: 100%)
domainarchivedcnd-s1.asia	Unknown Stealer botnet C2 domain (confidence level: 100%)
domaincdnperf.asia	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainfaho-24634.portmap.host	AsyncRAT botnet C2 domain (confidence level: 50%)
domainmyhoster123.zapto.org	DarkComet botnet C2 domain (confidence level: 50%)
domainwww.0qpd5.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.1f8zn.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.3-155-18-241.lol	Formbook botnet C2 domain (confidence level: 50%)
domainwww.46.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.66ny5.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.89clubb.art	Formbook botnet C2 domain (confidence level: 50%)
domainwww.8vip135.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ailseent.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.alank.ltd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.amtech.dev	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ancyglobal.capital	Formbook botnet C2 domain (confidence level: 50%)
domainwww.anopyops.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ansenlan.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.apitronis.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.apply.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aptrailhunterzone.click	Formbook botnet C2 domain (confidence level: 50%)
domainwww.aroon.media	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ataract-surgery-85805.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.atchehub.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.avinnorris.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.awangmburiabang.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c3471.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cto.design	Formbook botnet C2 domain (confidence level: 50%)
domainwww.diryacare.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.edresans.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.emoreplay.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.evxxw.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.h44x.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iberacaaodigital.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ingerie-22584.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ireoverseasgroup.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.itrinkizi20.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ittledeath.art	Formbook botnet C2 domain (confidence level: 50%)
domainwww.j5.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.levatedynamics.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lmj8zx.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mersdty.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mphmu.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mstj.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ndke.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ndovsjepangkemarin7.buzz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nerrj.vip	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nr1fp.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nugglebuds.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.okerdom0398.buzz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.olarisfinance.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oldchain-br037.sbs	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oma.club	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ook.photo	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oungandassociatesmusic.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ov-imhg.live	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ov-pukr.cfd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.pcigieikmfhw.website	Formbook botnet C2 domain (confidence level: 50%)
domainwww.pujosa.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rand-bewin.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rbetano.app	Formbook botnet C2 domain (confidence level: 50%)
domainwww.tbi5r.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uckice.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uestrasenda.cloud	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uperstar360.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uxe.rent	Formbook botnet C2 domain (confidence level: 50%)
domainwww.uziweilai.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.vhlkau0.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.viary.lol	Formbook botnet C2 domain (confidence level: 50%)
domainwww.wxyn3.top	Formbook botnet C2 domain (confidence level: 50%)
domainanranapi.xyz	Mirai botnet C2 domain (confidence level: 50%)
domaincnc.mutao.in	Mirai botnet C2 domain (confidence level: 50%)
domaincns.mutao.in	Mirai botnet C2 domain (confidence level: 50%)
domainmain.minefarm19.o-r.kr	Mirai botnet C2 domain (confidence level: 50%)
domaintharq.shop	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainniazw.pics	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingigohe.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainblihlo.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainashesplayer.top	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainsizzlingcareer.com	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domaintake-reseller.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainentertainment-remembered.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainresponsibility-occasion.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainbestevagirlsheisanangelformyfgirlforever.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainlogin.office.safelogins.su	Unknown malware botnet C2 domain (confidence level: 100%)
domainskelet.lol	Bashlite botnet C2 domain (confidence level: 100%)
domainwz.stehsuxwy.cn	ValleyRAT botnet C2 domain (confidence level: 100%)
domainm.awareinsurance.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainvps.tuxy.lol	Quasar RAT botnet C2 domain (confidence level: 100%)
domainclient123.zapto.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainfunds-ct.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainbay-butterfly.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainhotels-eq.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainplanning-sas.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainthread-realistic.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainyork-pavilion.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainbecause-constitutional.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainmentirosaputa5-27719.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainzulo88.ddns.net	XWorm botnet C2 domain (confidence level: 100%)
domainwilliam-numerical.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaindev.www.francotamouls.com	Vidar botnet C2 domain (confidence level: 75%)
domainlogin.secure-verifications.es	Havoc botnet C2 domain (confidence level: 100%)
domaingenuine-seahorse-f5e9c4.netlify.app	KongTuke payload delivery domain (confidence level: 100%)
domaindrglockz-48262.portmap.io	XWorm botnet C2 domain (confidence level: 100%)
domainnanoemailing-46446.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainganggang300182312-32221.portmap.host	Remcos botnet C2 domain (confidence level: 100%)
domainluciphas.xyz	Remcos botnet C2 domain (confidence level: 100%)
domainares25.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainemail-server.xyz	Remcos botnet C2 domain (confidence level: 100%)
domainlegacysystemsettings.is-an-engineer.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainwhite-edited.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domaincvko-56792.portmap.host	Quasar RAT botnet C2 domain (confidence level: 100%)
domainns1.nsebseshop.cloud	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns2.nsebseshop.cloud	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainns3.nsebseshop.cloud	Cobalt Strike botnet C2 domain (confidence level: 75%)

Url

Value	Description	Copy
urlhttps://deathmatchuk.com/5l4j.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://deathmatchuk.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://cute-pudding-05af50.netlify.app/file.ps1	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://unique-kataifi-8d2aac.netlify.app/myfiles.zip	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://warpdrive.top/jjj/include.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://warpdrive.top/jjj/index.php	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://sos-atlanta.com/lal.ps1	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://sos-atlanta.com/vuzs.zip	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://warpdrive.top/jjj/buffer.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://sos-atlanta.com:80/lal.ps1	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://discord.com/api/webhooks/1346459311483785276/cqnvudaoifjcdf4vo7vwtgnnfbmuju8qxk65l_ltd8czz2u1kst1eghktrtcfuco5-er	Umbral botnet C2 (confidence level: 100%)
urlhttps://discord.com/api/webhooks/1394334234881032193/9ruzztqms46d9b4edtm6npywy6pust8914wri2ydakz9kvzgb3fv4rgntql5amb96msn	Umbral botnet C2 (confidence level: 100%)
urlhttps://discordapp.com/api/webhooks/1392417824688967680/ugweb1gocyp_fziwdwuqzkhnhuzyxunnl_pbjpjtaw8t_cutnjq_laola-n5fyhs3bt9	Umbral botnet C2 (confidence level: 100%)
urlhttps://discord.com/api/webhooks/1260642604438126643/aa_uuahsuzkuos2vlsibcqbkyeofmp2ohl9qsbw53deoiyknwkncmzqv8l5t08t9fhd5	Umbral botnet C2 (confidence level: 100%)
urlhttps://collarmom.xyz/bin.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://nutkittens.info/kul.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttp://65.38.121.161:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://cq24072.tw1.ru/556dbd6f.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://t.me/mamaamaboy	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://141.98.6.181/4c8837c73f7c4af9.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://172.94.96.95/panel/gate.php	Athena botnet C2 (confidence level: 100%)
urlhttp://87.120.93.21	Stealc botnet C2 (confidence level: 100%)
urlhttp://87.120.93.21/78b887e60b7f4fed.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://www.katz-stealer.com/	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/pr2cvtis	AsyncRAT botnet C2 (confidence level: 50%)
urlhttp://www.0qpd5.click/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.1f8zn.click/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.3-155-18-241.lol/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.46.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.66ny5.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.89clubb.art/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.8vip135.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ailseent.cfd/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.alank.ltd/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.amtech.dev/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ancyglobal.capital/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.anopyops.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ansenlan.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.apitronis.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.apply.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aptrailhunterzone.click/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.aroon.media/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ataract-surgery-85805.bond/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.atchehub.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.avinnorris.shop/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.awangmburiabang.sbs/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c3471.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cto.design/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.diryacare.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.edresans.cfd/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.emoreplay.shop/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.evxxw.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.h44x.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iberacaaodigital.shop/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ingerie-22584.bond/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ireoverseasgroup.shop/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itrinkizi20.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ittledeath.art/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.j5.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.levatedynamics.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lmj8zx.pro/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mersdty.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mphmu.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mstj.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ndke.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ndovsjepangkemarin7.buzz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nerrj.vip/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nr1fp.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nugglebuds.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.okerdom0398.buzz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.olarisfinance.pro/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oldchain-br037.sbs/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oma.club/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ook.photo/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oungandassociatesmusic.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ov-imhg.live/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ov-pukr.cfd/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pcigieikmfhw.website/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pujosa.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rand-bewin.pro/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rbetano.app/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tbi5r.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uckice.shop/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uestrasenda.cloud/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uperstar360.net/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uxe.rent/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.uziweilai.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.vhlkau0.xyz/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.viary.lol/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.wxyn3.top/um09/	Formbook botnet C2 (confidence level: 50%)
urlhttps://kilcvv.top/xdod	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://ashesplayer.top/jjj/include.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://ashesplayer.top/jjj/buffer.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://sizzlingcareer.com:80/lal.ps1	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://sizzlingcareer.com/lal.ps1	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://sizzlingcareer.com/beqw.zip	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://elilzy.shop/aggs	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/dfr5sser4	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://collb.shop/tiwq	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://inbeso.lat/pdgs	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://germon.pics/taiw	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://147.45.47.68	Stealc botnet C2 (confidence level: 100%)
urlhttp://147.45.47.68/a8f961c72f0d877c.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://m.awareinsurance.com/viewdashboard	FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttps://nebdulaq.digital/aqwdw	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/acobass	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://gratcf.digital/apd	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/guarama229	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/steamwork97	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fieldhitty.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cobask1234	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://digitmopdg.live/fhyy	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/wowpepka	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cheapptaxysu.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cobaroma	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://thebeautylovelytop.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://joyfulhezart.tech/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://azurgewhisper.hair/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/sgsjlghj234	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://crimod.xyz/gsew	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://snras.run/lxad	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cobask12345	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hypothesizys.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://advertised.life/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cobersk	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://lossekniyyt.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://shfsz.xyz/xjda	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://sizefixeds.icu/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://tawdrydadysz.icu/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://adventurestoptop.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fluffycqomfort.world/qwed	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://guerp.xyz/faif	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://uncombsguq.xyz/aziq	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://nuttyshopr.biz/j	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/messilion33	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://scieseandbeyond.world/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://theadventureclubstop.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://boldcyanvas.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://crowdwarek.shop/c	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://minndfulpath.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://gecoea.lat/daiw	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cobasck	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/qwertypepka	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/onepepka1	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://vwibrantwonders.rest/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/kldslumba	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://genhqq.xyz/gair	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cob1488	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://investiigato.website/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://resonantpasot.icu/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://digitalmarketing101.click/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/coba128	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://plugboth.digital/aoijsau	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://hopezx.run/opsgz	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://unicorntop.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/cosmicsex	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://balfts.lat/zanb	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/onetwothreegghh	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://thrivintgcommunity.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://kbracketba.shop/bdwo	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/usbanklog123	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://fearleszsjourney.tech/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://creativeoutlookstop.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://clammyblushi.biz/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://offbeat-moans.cyou/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://thehealthylifesstop.top/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://gunrightsp.run/bksahyg	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://blockhubr.live/jhgf	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://t.me/socialsscesforum	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://creewuh.shop/qazx	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7968139020:aagrchl7dwuvko0vxiefvlsyn6oa3yw3hk8/sendmessage	AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7625290642:aaec_tisp8mxv-r4b_jsskporsmz8qerti0/sendmessage	AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot6699976426:aah3lwim2dsmrmtymddbyw-cxnazrc7tx3e/sendmessage	AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot7242353426:aae0umuucxqsmpt1hxoo869o-44qr09kzwu/sendmessage	AsyncRAT botnet C2 (confidence level: 100%)
urlhttps://116.203.14.96	Vidar botnet C2 (confidence level: 75%)
urlhttps://dev.www.francotamouls.com	Vidar botnet C2 (confidence level: 75%)
urlhttps://blihlo.shop/atkg	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gigohe.top/diau	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://genuine-seahorse-f5e9c4.netlify.app/file.ps1	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://bedoueroom.top	NetSupportManager RAT payload delivery URL (confidence level: 75%)
urlhttps://bedoueroom.top/kll/buf.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://spifd.top/aiuw	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://109.172.55.110/index.php	Koi Loader botnet C2 (confidence level: 100%)
urlhttp://ci35578.tw1.ru/9a91613d.php	DCRat botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file47.245.61.75	Cobalt Strike botnet C2 server (confidence level: 100%)
file206.82.6.166	Unknown malware botnet C2 server (confidence level: 100%)
file195.206.234.19	AsyncRAT botnet C2 server (confidence level: 100%)
file13.41.224.200	AsyncRAT botnet C2 server (confidence level: 100%)
file172.111.151.97	AsyncRAT botnet C2 server (confidence level: 100%)
file78.162.57.179	AsyncRAT botnet C2 server (confidence level: 100%)
file95.111.254.223	Unknown malware botnet C2 server (confidence level: 100%)
file54.215.245.94	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.215.245.94	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file167.160.161.224	Latrodectus botnet C2 server (confidence level: 90%)
file91.92.120.10	PureLogs Stealer botnet C2 server (confidence level: 100%)
file78.159.156.10	Mirai botnet C2 server (confidence level: 75%)
file185.208.159.235	Cobalt Strike botnet C2 server (confidence level: 75%)
file189.1.243.105	Cobalt Strike botnet C2 server (confidence level: 75%)
file65.38.121.161	Unknown malware botnet C2 server (confidence level: 100%)
file47.245.90.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file120.24.241.109	Cobalt Strike botnet C2 server (confidence level: 100%)
file78.162.57.179	AsyncRAT botnet C2 server (confidence level: 100%)
file194.102.175.170	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.66.195	Remcos botnet C2 server (confidence level: 100%)
file193.23.3.29	Remcos botnet C2 server (confidence level: 100%)
file45.205.28.92	Unknown malware botnet C2 server (confidence level: 100%)
file13.228.16.160	Unknown malware botnet C2 server (confidence level: 100%)
file35.86.123.170	Unknown malware botnet C2 server (confidence level: 100%)
file3.0.197.101	Unknown malware botnet C2 server (confidence level: 100%)
file44.221.75.225	Unknown malware botnet C2 server (confidence level: 100%)
file136.144.247.17	Unknown malware botnet C2 server (confidence level: 100%)
file152.136.137.248	Unknown malware botnet C2 server (confidence level: 100%)
file109.123.235.161	Unknown malware botnet C2 server (confidence level: 100%)
file35.202.156.38	Unknown malware botnet C2 server (confidence level: 100%)
file81.70.200.232	Unknown malware botnet C2 server (confidence level: 100%)
file35.213.191.155	Unknown malware botnet C2 server (confidence level: 100%)
file18.61.159.31	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file91.147.113.214	Bashlite botnet C2 server (confidence level: 100%)
file139.129.32.152	AdaptixC2 botnet C2 server (confidence level: 100%)
file66.23.207.166	Xtreme RAT botnet C2 server (confidence level: 100%)
file5.101.84.178	Rhadamanthys botnet C2 server (confidence level: 100%)
file172.94.96.153	NjRAT botnet C2 server (confidence level: 75%)
file172.94.127.2	XWorm botnet C2 server (confidence level: 100%)
file212.102.52.77	Quasar RAT botnet C2 server (confidence level: 100%)
file45.204.195.253	ValleyRAT botnet C2 server (confidence level: 100%)
file45.204.215.253	ValleyRAT botnet C2 server (confidence level: 100%)
file45.204.215.253	ValleyRAT botnet C2 server (confidence level: 100%)
file116.203.165.124	Vidar botnet C2 server (confidence level: 100%)
file95.217.242.157	Vidar botnet C2 server (confidence level: 100%)
file65.109.243.34	Vidar botnet C2 server (confidence level: 100%)
file78.47.76.152	Vidar botnet C2 server (confidence level: 100%)
file15.235.176.150	Quasar RAT botnet C2 server (confidence level: 75%)
file160.19.79.249	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.223.123.227	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.245.90.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.138.243.76	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.237.120.206	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.111.10.183	Cobalt Strike botnet C2 server (confidence level: 100%)
file189.1.243.105	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.98.11	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.120.48.100	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.93.222.225	Cobalt Strike botnet C2 server (confidence level: 100%)
file146.70.79.53	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.66.31	Remcos botnet C2 server (confidence level: 100%)
file167.160.161.103	Remcos botnet C2 server (confidence level: 100%)
file196.251.69.234	Remcos botnet C2 server (confidence level: 100%)
file196.251.81.126	Remcos botnet C2 server (confidence level: 100%)
file181.206.158.190	Remcos botnet C2 server (confidence level: 100%)
file94.198.52.217	Sliver botnet C2 server (confidence level: 100%)
file128.90.106.114	AsyncRAT botnet C2 server (confidence level: 100%)
file142.202.191.184	AsyncRAT botnet C2 server (confidence level: 100%)
file13.247.186.229	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file168.100.8.8	Empire Downloader botnet C2 server (confidence level: 100%)
file87.120.93.21	Stealc botnet C2 server (confidence level: 100%)
file101.75.234.48	DeimosC2 botnet C2 server (confidence level: 75%)
file16.64.20.31	DeimosC2 botnet C2 server (confidence level: 75%)
file18.253.82.42	DeimosC2 botnet C2 server (confidence level: 75%)
file2.50.14.223	QakBot botnet C2 server (confidence level: 75%)
file34.99.229.14	DeimosC2 botnet C2 server (confidence level: 75%)
file47.117.167.30	Havoc botnet C2 server (confidence level: 75%)
file71.12.4.11	QakBot botnet C2 server (confidence level: 75%)
file47.109.140.12	Cobalt Strike botnet C2 server (confidence level: 50%)
file8.152.96.21	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.121.136.179	Cobalt Strike botnet C2 server (confidence level: 50%)
file42.51.34.56	Cobalt Strike botnet C2 server (confidence level: 50%)
file113.29.231.186	Unknown malware botnet C2 server (confidence level: 50%)
file3.145.103.147	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file18.61.2.132	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file18.61.159.31	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file205.185.114.104	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file15.161.95.95	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file216.45.61.141	Sliver botnet C2 server (confidence level: 50%)
file168.110.192.252	Sliver botnet C2 server (confidence level: 50%)
file103.130.215.202	Xtreme RAT botnet C2 server (confidence level: 50%)
file45.197.147.36	Unknown malware botnet C2 server (confidence level: 50%)
file40.176.177.156	Unknown malware botnet C2 server (confidence level: 50%)
file193.161.193.99	AsyncRAT botnet C2 server (confidence level: 50%)
file146.168.34.244	DarkComet botnet C2 server (confidence level: 50%)
file110.40.80.89	Unknown malware botnet C2 server (confidence level: 50%)
file172.245.4.223	Remcos botnet C2 server (confidence level: 50%)
file172.245.4.223	Remcos botnet C2 server (confidence level: 50%)
file45.141.233.100	PureLogs Stealer botnet C2 server (confidence level: 100%)
file64.112.124.86	Meterpreter botnet C2 server (confidence level: 75%)
file147.185.221.29	NjRAT botnet C2 server (confidence level: 100%)
file107.172.30.201	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.12.73.153	Cobalt Strike botnet C2 server (confidence level: 100%)
file213.14.158.35	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.106.114	AsyncRAT botnet C2 server (confidence level: 100%)
file84.200.128.150	Unknown malware botnet C2 server (confidence level: 100%)
file18.163.127.62	Quasar RAT botnet C2 server (confidence level: 100%)
file136.50.37.144	Quasar RAT botnet C2 server (confidence level: 100%)
file144.172.98.81	RedLine Stealer botnet C2 server (confidence level: 100%)
file104.164.110.7	Bashlite botnet C2 server (confidence level: 100%)
file43.143.4.38	ValleyRAT botnet C2 server (confidence level: 100%)
file117.72.57.11	Cobalt Strike botnet C2 server (confidence level: 100%)
file31.57.97.126	XWorm botnet C2 server (confidence level: 100%)
file31.57.97.217	XWorm botnet C2 server (confidence level: 100%)
file144.172.105.184	XWorm botnet C2 server (confidence level: 100%)
file176.97.212.251	XWorm botnet C2 server (confidence level: 100%)
file192.3.198.13	XWorm botnet C2 server (confidence level: 100%)
file147.45.47.68	Stealc botnet C2 server (confidence level: 100%)
file185.163.45.41	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file120.26.98.190	Cobalt Strike botnet C2 server (confidence level: 75%)
file43.138.22.149	Cobalt Strike botnet C2 server (confidence level: 75%)
file45.88.186.227	XWorm botnet C2 server (confidence level: 100%)
file89.116.64.57	FAKEUPDATES botnet C2 server (confidence level: 100%)
file194.32.76.77	DanaBot botnet C2 server (confidence level: 100%)
file45.76.251.57	DanaBot botnet C2 server (confidence level: 100%)
file87.120.186.37	Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.28	Quasar RAT botnet C2 server (confidence level: 100%)
file92.63.106.237	Quasar RAT botnet C2 server (confidence level: 100%)
file89.39.121.31	Quasar RAT botnet C2 server (confidence level: 100%)
file185.200.38.8	Quasar RAT botnet C2 server (confidence level: 100%)
file94.31.108.120	Quasar RAT botnet C2 server (confidence level: 100%)
file87.120.186.37	Quasar RAT botnet C2 server (confidence level: 100%)
file45.141.215.163	Quasar RAT botnet C2 server (confidence level: 100%)
file148.113.165.11	AsyncRAT botnet C2 server (confidence level: 100%)
file147.185.221.30	XWorm botnet C2 server (confidence level: 100%)
file8.218.33.116	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.30	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.29	XWorm botnet C2 server (confidence level: 100%)
file79.124.8.6	Remcos botnet C2 server (confidence level: 100%)
file198.23.175.45	Remcos botnet C2 server (confidence level: 100%)
file118.107.43.154	ValleyRAT botnet C2 server (confidence level: 100%)
file206.233.129.49	ValleyRAT botnet C2 server (confidence level: 100%)
file38.45.122.163	ValleyRAT botnet C2 server (confidence level: 100%)
file39.101.64.124	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.144.214.106	Remcos botnet C2 server (confidence level: 100%)
file34.242.163.197	Sliver botnet C2 server (confidence level: 100%)
file118.194.235.107	Sliver botnet C2 server (confidence level: 100%)
file45.81.23.42	AsyncRAT botnet C2 server (confidence level: 100%)
file13.38.81.62	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.38.81.62	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.61.105.64	Unknown malware botnet C2 server (confidence level: 100%)
file122.192.134.139	Xtreme RAT botnet C2 server (confidence level: 100%)
file120.221.22.94	Xtreme RAT botnet C2 server (confidence level: 100%)
file103.245.164.128	NjRAT botnet C2 server (confidence level: 100%)
file206.233.129.49	ValleyRAT botnet C2 server (confidence level: 100%)
file206.233.129.49	ValleyRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.22	XWorm botnet C2 server (confidence level: 100%)
file188.214.129.181	FireBird RAT botnet C2 server (confidence level: 100%)
file147.185.221.17	NjRAT botnet C2 server (confidence level: 100%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 100%)
file81.70.221.86	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.222.24.214	Ghost RAT botnet C2 server (confidence level: 100%)
file206.238.221.252	Ghost RAT botnet C2 server (confidence level: 100%)
file47.245.126.17	Sliver botnet C2 server (confidence level: 100%)
file45.81.23.42	AsyncRAT botnet C2 server (confidence level: 100%)
file45.146.130.136	SectopRAT botnet C2 server (confidence level: 100%)
file178.128.48.155	Havoc botnet C2 server (confidence level: 100%)
file150.139.133.212	Xtreme RAT botnet C2 server (confidence level: 100%)
file185.170.154.149	Rhadamanthys botnet C2 server (confidence level: 100%)
file8.210.41.102	XWorm botnet C2 server (confidence level: 100%)
file198.135.49.199	NjRAT botnet C2 server (confidence level: 100%)
file198.135.49.199	XWorm botnet C2 server (confidence level: 100%)
file5.163.124.135	QakBot botnet C2 server (confidence level: 75%)
file75.2.81.90	DeimosC2 botnet C2 server (confidence level: 75%)
file125.77.172.124	Cobalt Strike botnet C2 server (confidence level: 90%)
file45.146.81.254	NjRAT botnet C2 server (confidence level: 100%)
file147.185.221.30	NjRAT botnet C2 server (confidence level: 100%)
file101.43.94.35	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash75	AsyncRAT botnet C2 server (confidence level: 100%)
hash306	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash2083	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4433	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash62520	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash33728	Mirai botnet C2 server (confidence level: 75%)
hash33897	Cobalt Strike botnet C2 server (confidence level: 75%)
hash808	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash6001	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1000	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash38990	Remcos botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash55533	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8081	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash2262	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash8443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash1234	Rhadamanthys botnet C2 server (confidence level: 100%)
hash7788	NjRAT botnet C2 server (confidence level: 75%)
hash4000	XWorm botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash1688	ValleyRAT botnet C2 server (confidence level: 100%)
hash2533	ValleyRAT botnet C2 server (confidence level: 100%)
hash8756	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash4781	Quasar RAT botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1234	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash6000	Remcos botnet C2 server (confidence level: 100%)
hash3000	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash2000	AsyncRAT botnet C2 server (confidence level: 100%)
hash9999	AsyncRAT botnet C2 server (confidence level: 100%)
hash20201	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Empire Downloader botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash4506	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash4432	Cobalt Strike botnet C2 server (confidence level: 50%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8009	Cobalt Strike botnet C2 server (confidence level: 50%)
hash9205	Unknown malware botnet C2 server (confidence level: 50%)
hash15044	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash8174	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash11112	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash21314	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4444	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash500	Xtreme RAT botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash9018	Unknown malware botnet C2 server (confidence level: 50%)
hash24634	AsyncRAT botnet C2 server (confidence level: 50%)
hash1604	DarkComet botnet C2 server (confidence level: 50%)
hash25000	Unknown malware botnet C2 server (confidence level: 50%)
hash13508	Remcos botnet C2 server (confidence level: 50%)
hash13509	Remcos botnet C2 server (confidence level: 50%)
hash7708	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash1676e8960e5687f305e8d12a6069f92ab5e085593cea049d60fff6f0a2f451df	XWorm payload (confidence level: 75%)
hash7d98f588fa0a8fb77dfa2b104578da98170520dfe45f66c83f5663ad26bacb03	XWorm payload (confidence level: 75%)
hash443	Meterpreter botnet C2 server (confidence level: 75%)
hash63503	NjRAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash1605	AsyncRAT botnet C2 server (confidence level: 100%)
hash5000	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Quasar RAT botnet C2 server (confidence level: 100%)
hash35361	RedLine Stealer botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash443	ValleyRAT botnet C2 server (confidence level: 100%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash111	XWorm botnet C2 server (confidence level: 100%)
hash2322	XWorm botnet C2 server (confidence level: 100%)
hash7777	XWorm botnet C2 server (confidence level: 100%)
hash3390	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6001	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 75%)
hash7474	XWorm botnet C2 server (confidence level: 100%)
hash443	FAKEUPDATES botnet C2 server (confidence level: 100%)
hash443	DanaBot botnet C2 server (confidence level: 100%)
hash443	DanaBot botnet C2 server (confidence level: 100%)
hash5799	Quasar RAT botnet C2 server (confidence level: 100%)
hash36293	Quasar RAT botnet C2 server (confidence level: 100%)
hash8848	Quasar RAT botnet C2 server (confidence level: 100%)
hash57077	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash37802	Quasar RAT botnet C2 server (confidence level: 100%)
hash6969	Quasar RAT botnet C2 server (confidence level: 100%)
hash2525	AsyncRAT botnet C2 server (confidence level: 100%)
hash55718	XWorm botnet C2 server (confidence level: 100%)
hash56122	XWorm botnet C2 server (confidence level: 100%)
hash13258	XWorm botnet C2 server (confidence level: 100%)
hash8081	XWorm botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash4900	Remcos botnet C2 server (confidence level: 100%)
hash4030	ValleyRAT botnet C2 server (confidence level: 100%)
hash7891	ValleyRAT botnet C2 server (confidence level: 100%)
hash5536	ValleyRAT botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash58443	Sliver botnet C2 server (confidence level: 100%)
hash443	AsyncRAT botnet C2 server (confidence level: 100%)
hash5903	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash11103	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash5552	NjRAT botnet C2 server (confidence level: 100%)
hash8888	ValleyRAT botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash32221	Quasar RAT botnet C2 server (confidence level: 100%)
hash24961	XWorm botnet C2 server (confidence level: 100%)
hash4448	FireBird RAT botnet C2 server (confidence level: 100%)
hash50048	NjRAT botnet C2 server (confidence level: 100%)
hash40602	XWorm botnet C2 server (confidence level: 100%)
hash6001	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Ghost RAT botnet C2 server (confidence level: 100%)
hash8899	Ghost RAT botnet C2 server (confidence level: 100%)
hash8088	Sliver botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash34000	Rhadamanthys botnet C2 server (confidence level: 100%)
hash80	XWorm botnet C2 server (confidence level: 100%)
hash8784	NjRAT botnet C2 server (confidence level: 100%)
hash7071	XWorm botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 90%)
hash1212	NjRAT botnet C2 server (confidence level: 100%)
hash7304	NjRAT botnet C2 server (confidence level: 100%)
hash9180	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 687840bda83201eaacdfd997

Added to database: 7/17/2025, 12:15:57 AM

Last enriched: 7/17/2025, 12:31:14 AM

Last updated: 7/17/2025, 6:15:57 PM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-07-16

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-07-16

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

Url

File

Hash

Related Threats

June 2025 Security Issues in Korean & Global Financial Sector

Crypto Wallets Continue to be Drained in Elaborate Social Media Scam

OCTALYN STEALER UNMASKED

Analysis of Secp0 Ransomware

Unmasking AsyncRAT: Navigating the labyrinth of forks

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility