ThreatFox IOCs for 2025-07-18
Severity: mediumType: malware
ThreatFox IOCs for 2025-07-18
AI Analysis
Technical Summary
The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is documented in the ThreatFox MISP Feed with a publication date of July 18, 2025. The threat is tagged as 'type:osint' and 'tlp:white', indicating that the information is intended for public sharing without restrictions. The technical details include a threat level of 2, analysis level of 1, and distribution level of 3, suggesting a moderate threat with limited analysis and moderate distribution. No specific affected versions or products are identified, and no patch is available. There are no known exploits in the wild, and no Common Weakness Enumerations (CWEs) are listed. The lack of indicators of compromise (IOCs) or detailed technical specifics limits the ability to fully characterize the malware's behavior or attack vectors. The threat appears to be related to the delivery of malicious payloads potentially leveraging OSINT techniques for reconnaissance or targeting, with network activity involved in its operation or propagation. However, the absence of detailed technical data or exploit information suggests this may be an emerging or low-profile threat currently under observation rather than an active widespread campaign.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium, consistent with the provided severity rating. The potential risks include unauthorized network activity that could lead to data exfiltration, system compromise, or the delivery of additional malicious payloads. Given the lack of known exploits in the wild and no available patches, organizations may face challenges in detection and prevention. The threat's association with OSINT implies that attackers might be leveraging publicly available information to tailor attacks, increasing the risk of targeted intrusions. European entities with significant network infrastructure or those involved in sensitive sectors such as finance, government, or critical infrastructure could be at risk if the threat evolves or is leveraged in targeted campaigns. However, the current limited distribution and analysis suggest the immediate impact is contained, though vigilance is warranted.
Mitigation Recommendations
To mitigate this threat effectively, European organizations should implement enhanced network monitoring focusing on unusual outbound traffic patterns that could indicate payload delivery or command-and-control communications. Employing advanced threat detection tools that incorporate behavioral analytics and anomaly detection can help identify subtle indicators of compromise associated with OSINT-driven attacks. Organizations should also conduct regular threat intelligence updates and integrate feeds like ThreatFox into their security operations to stay informed about emerging IOCs. Since no patches are available, emphasis should be placed on hardening network perimeters, enforcing strict access controls, and conducting employee awareness training to recognize social engineering attempts that may accompany OSINT-based attacks. Additionally, segmenting networks to limit lateral movement and maintaining robust incident response plans will reduce potential damage if an infection occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- domain: security.flegurasec.com
- domain: erpoci.com
- file: 149.88.86.36
- hash: 80
- file: 45.38.20.87
- hash: 443
- file: 5.230.34.149
- hash: 7443
- file: 18.183.174.110
- hash: 6697
- file: 40.177.115.50
- hash: 104
- file: 52.194.225.30
- hash: 3390
- domain: m.fbwatch.live
- file: 3.126.10.249
- hash: 10001
- file: 118.107.244.48
- hash: 10001
- file: 120.221.24.103
- hash: 10001
- file: 45.142.122.114
- hash: 7705
- file: 15.235.188.250
- hash: 4782
- file: 160.202.255.27
- hash: 443
- file: 152.32.168.243
- hash: 80
- file: 152.32.168.243
- hash: 443
- file: 123.56.87.43
- hash: 8001
- file: 154.201.86.212
- hash: 18443
- file: 149.88.86.56
- hash: 80
- file: 52.12.185.192
- hash: 443
- file: 185.207.65.19
- hash: 443
- file: 95.130.227.189
- hash: 31337
- file: 47.243.207.46
- hash: 8888
- file: 65.21.85.133
- hash: 81
- file: 45.155.126.158
- hash: 80
- file: 77.93.142.238
- hash: 81
- domain: aafastservice.top
- file: 64.94.84.22
- hash: 443
- file: 15.160.172.231
- hash: 20547
- file: 152.42.235.181
- hash: 80
- file: 23.227.203.198
- hash: 43211
- file: 47.251.169.234
- hash: 60000
- file: 111.231.115.25
- hash: 60000
- file: 118.24.77.84
- hash: 60000
- file: 124.220.77.21
- hash: 60000
- file: 64.176.192.152
- hash: 443
- file: 13.202.232.165
- hash: 443
- file: 189.1.227.128
- hash: 55533
- file: 152.32.188.119
- hash: 8080
- file: 68.183.230.144
- hash: 3333
- file: 43.132.173.54
- hash: 3333
- file: 38.73.236.58
- hash: 443
- file: 34.134.99.243
- hash: 10443
- file: 194.37.80.183
- hash: 3333
- file: 179.190.41.148
- hash: 3333
- file: 20.240.200.189
- hash: 3333
- file: 106.15.59.123
- hash: 53333
- file: 46.62.158.255
- hash: 443
- file: 3.95.92.198
- hash: 80
- file: 4.180.248.64
- hash: 3333
- file: 16.171.233.6
- hash: 8000
- file: 61.47.41.7
- hash: 3355
- file: 159.65.27.176
- hash: 3333
- file: 34.61.69.33
- hash: 10443
- file: 43.129.173.66
- hash: 443
- file: 172.201.181.206
- hash: 3333
- file: 15.206.76.189
- hash: 80
- file: 143.198.90.71
- hash: 3333
- file: 13.235.200.14
- hash: 3333
- file: 179.43.172.97
- hash: 3333
- file: 20.199.23.67
- hash: 8443
- file: 65.2.69.79
- hash: 3333
- file: 18.130.231.213
- hash: 7008
- domain: together-well.gl.at.ply.gg
- file: 213.165.42.15
- hash: 443
- file: 47.109.149.149
- hash: 80
- file: 160.202.133.13
- hash: 5356
- file: 31.56.36.12
- hash: 42308
- file: 110.41.77.117
- hash: 7777
- url: http://sleaqwad.shop
- domain: test.accendente.tn
- file: 123.56.87.43
- hash: 8111
- domain: v2.egrfbumsu.cn
- file: 103.176.197.31
- hash: 50
- file: 103.176.197.31
- hash: 90
- file: 154.3.35.65
- hash: 8000
- file: 64.176.60.64
- hash: 88
- file: 47.96.224.76
- hash: 9999
- file: 185.141.219.164
- hash: 80
- url: http://ban1zons.beget.tech/95a84570.php
- file: 116.203.165.206
- hash: 443
- file: 65.109.242.126
- hash: 443
- file: 5.101.81.65
- hash: 8080
- url: https://famigh.shop/xpal
- file: 124.223.31.164
- hash: 8889
- file: 152.136.107.108
- hash: 443
- file: 81.109.131.3
- hash: 928
- file: 45.76.158.90
- hash: 443
- file: 139.162.235.160
- hash: 443
- file: 179.60.147.176
- hash: 8080
- file: 194.87.216.75
- hash: 8080
- file: 196.251.117.171
- hash: 15230
- file: 3.127.138.57
- hash: 15761
- file: 45.74.38.47
- hash: 443
- file: 3.125.188.168
- hash: 11722
- file: 13.114.32.108
- hash: 443
- file: 5.129.197.185
- hash: 80
- file: 13.48.17.233
- hash: 443
- file: 147.185.221.26
- hash: 20738
- file: 178.156.131.128
- hash: 6368
- file: 44.204.237.230
- hash: 80
- file: 52.212.234.248
- hash: 443
- file: 184.105.237.196
- hash: 3535
- file: 172.67.141.148
- hash: 80
- file: 51.21.152.46
- hash: 443
- file: 138.199.50.129
- hash: 4444
- file: 3.127.59.75
- hash: 13615
- file: 192.169.69.25
- hash: 6782
- file: 110.40.155.27
- hash: 80
- file: 43.163.221.96
- hash: 8080
- file: 38.190.198.46
- hash: 18443
- file: 39.105.178.12
- hash: 80
- file: 101.34.211.17
- hash: 80
- file: 62.109.9.165
- hash: 31337
- domain: tryfancify.com
- file: 124.198.132.230
- hash: 8808
- file: 172.104.161.105
- hash: 443
- file: 206.189.227.148
- hash: 7443
- domain: pasotslv.shop
- file: 85.208.84.20
- hash: 45051
- file: 45.150.34.112
- hash: 50555
- file: 35.180.121.47
- hash: 179
- file: 123.60.13.251
- hash: 10001
- file: 54.46.8.204
- hash: 443
- file: 106.52.179.150
- hash: 4433
- file: 34.154.223.30
- hash: 443
- domain: cooawbi.top
- domain: ourkbpw.top
- file: 92.255.85.34
- hash: 4444
- file: 185.242.5.90
- hash: 4040
- url: http://soyasticks.club/user/joe/five/fre.php
- url: http://sleaqwad.shop/45cc90de006049c9.php
- domain: sleaqwad.shop
- file: 193.142.146.158
- hash: 7878
- url: http://20.2.161.33:8888/supershell/login/
- file: 59.110.81.93
- hash: 9999
- file: 89.116.100.76
- hash: 443
- domain: police-turkish.gl.at.ply.gg
- file: 181.141.40.93
- hash: 1906
- file: 45.141.233.131
- hash: 5902
- url: https://swalocf.lat/atxi
- file: 139.162.18.28
- hash: 443
- file: 51.16.209.16
- hash: 20342
- file: 185.247.226.213
- hash: 11425
- file: 183.66.27.19
- hash: 58476
- url: https://cooawbi.top/dpla
- url: https://ourkbpw.top/aoti
- url: https://bond007.xyz/publishertag/apstag.js
- domain: bond007.xyz
- url: https://bond007.xyz/publishertag/buffer.js
- url: http://getcredentialingdone.com:80/lal.ps1
- domain: getcredentialingdone.com
- url: https://www.getcredentialingdone.com/hsqw.zip
- url: https://saviutf.pics/tiwq
- domain: www.souguo.icu
- file: 175.178.104.252
- hash: 443
- file: 193.112.84.248
- hash: 443
- file: 43.224.34.90
- hash: 443
- file: 47.116.181.81
- hash: 443
- file: 59.110.64.250
- hash: 8080
- file: 185.244.29.224
- hash: 7000
- file: 192.238.177.48
- hash: 6667
- domain: dl.newtoyourgame.com
- url: https://dl.newtoyourgame.com/viewdashboard
- file: 209.141.50.22
- hash: 443
- domain: mgmt.studerandson.us
- file: 82.25.34.95
- hash: 4782
- url: http://cx74809.tw1.ru/c68f57f3.php
- domain: hfdjmoedkjf.asia
- file: 185.218.137.204
- hash: 443
- domain: socketapiupdates.com
- file: 38.12.36.234
- hash: 443
- file: 172.232.151.42
- hash: 7443
- domain: f-v1-url-fd220acde0-c.marlin-development.com
- file: 100.27.209.121
- hash: 615
- file: 100.27.209.121
- hash: 14265
- url: https://116.203.14.51
- url: https://sx.optionchain.dpdns.org
- domain: sx.optionchain.dpdns.org
- url: http://x1le.atwebpages.com/0a2b7e8a.php
- domain: select-soma.gl.at.ply.gg
- domain: goodfilesvibresgood.dynuddns.net
- file: 103.199.18.230
- hash: 8437
- domain: www.vidrloscobo.com
- file: 46.183.223.75
- hash: 6709
- file: 146.90.81.215
- hash: 7514
- domain: detalles12.duckdns.org
- domain: sellers-lit.gl.at.ply.gg
- file: 66.49.164.6
- hash: 4782
- domain: grigori.ddns.net
- url: https://aczpy.pics/daog
- domain: cvv6.com
- file: 211.149.175.185
- hash: 20803
- domain: mode-civil.gl.at.ply.gg
- domain: 552e3ca1f307.ngrok-free.app
- file: 103.176.197.31
- hash: 53
- url: http://quantumegypt.com/images/navigation/enclosures/xvc/admin2/fre.php
- domain: cichau.lat
- domain: thoqp.lat
- url: https://exveaxa.lat/atjx
- url: https://t.me/dfg7drt7dh5
- url: https://cawbn.pics/zjdu
- file: 185.196.10.120
- hash: 443
- file: 103.125.248.109
- hash: 8089
- file: 151.241.129.49
- hash: 8443
- file: 37.45.26.188
- hash: 44818
- file: 37.45.26.188
- hash: 45734
- file: 37.45.26.188
- hash: 52200
- file: 37.45.26.188
- hash: 58000
- file: 37.45.26.188
- hash: 1194
- file: 37.45.26.188
- hash: 2455
- file: 37.45.26.188
- hash: 14072
- file: 37.45.26.188
- hash: 31039
- file: 37.45.26.188
- hash: 58603
- file: 37.45.26.188
- hash: 2096
- file: 37.45.26.188
- hash: 5671
- file: 37.45.26.188
- hash: 36160
- file: 193.23.3.29
- hash: 8889
- file: 162.215.8.193
- hash: 8443
- file: 15.204.9.20
- hash: 443
- file: 124.198.132.230
- hash: 7707
- file: 83.222.191.118
- hash: 15647
- file: 139.162.18.30
- hash: 7443
- file: 139.162.18.28
- hash: 7443
- domain: vmi2330570.contaboserver.net
- file: 45.74.10.14
- hash: 8089
- file: 198.7.115.133
- hash: 80
- file: 198.7.115.133
- hash: 8082
- file: 198.7.115.133
- hash: 8089
- file: 103.230.69.188
- hash: 6000
- file: 46.246.82.13
- hash: 3000
- file: 43.208.5.219
- hash: 7170
- file: 8.139.6.64
- hash: 54681
- file: 104.164.104.15
- hash: 80
- file: 102.158.123.182
- hash: 443
- file: 109.145.252.38
- hash: 2222
- file: 188.92.79.123
- hash: 443
- file: 70.27.138.55
- hash: 2222
- file: 75.2.11.125
- hash: 8113
- file: 85.98.49.5
- hash: 443
- file: 94.98.69.21
- hash: 443
- file: 111.217.141.70
- hash: 465
- file: 111.217.141.70
- hash: 443
- url: https://gh.optionchain.dpdns.org
- domain: gh.optionchain.dpdns.org
ThreatFox IOCs for 2025-07-18
Medium
Published: Fri Jul 18 2025 (07/18/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-07-18
AI-Powered Analysis
AILast updated: 07/19/2025, 00:31:14 UTC
Technical Analysis
The provided information pertains to a security threat categorized as malware, specifically related to OSINT (Open Source Intelligence) and payload delivery with associated network activity. The threat is documented in the ThreatFox MISP Feed with a publication date of July 18, 2025. The threat is tagged as 'type:osint' and 'tlp:white', indicating that the information is intended for public sharing without restrictions. The technical details include a threat level of 2, analysis level of 1, and distribution level of 3, suggesting a moderate threat with limited analysis and moderate distribution. No specific affected versions or products are identified, and no patch is available. There are no known exploits in the wild, and no Common Weakness Enumerations (CWEs) are listed. The lack of indicators of compromise (IOCs) or detailed technical specifics limits the ability to fully characterize the malware's behavior or attack vectors. The threat appears to be related to the delivery of malicious payloads potentially leveraging OSINT techniques for reconnaissance or targeting, with network activity involved in its operation or propagation. However, the absence of detailed technical data or exploit information suggests this may be an emerging or low-profile threat currently under observation rather than an active widespread campaign.
Potential Impact
For European organizations, the impact of this threat is currently assessed as medium, consistent with the provided severity rating. The potential risks include unauthorized network activity that could lead to data exfiltration, system compromise, or the delivery of additional malicious payloads. Given the lack of known exploits in the wild and no available patches, organizations may face challenges in detection and prevention. The threat's association with OSINT implies that attackers might be leveraging publicly available information to tailor attacks, increasing the risk of targeted intrusions. European entities with significant network infrastructure or those involved in sensitive sectors such as finance, government, or critical infrastructure could be at risk if the threat evolves or is leveraged in targeted campaigns. However, the current limited distribution and analysis suggest the immediate impact is contained, though vigilance is warranted.
Mitigation Recommendations
To mitigate this threat effectively, European organizations should implement enhanced network monitoring focusing on unusual outbound traffic patterns that could indicate payload delivery or command-and-control communications. Employing advanced threat detection tools that incorporate behavioral analytics and anomaly detection can help identify subtle indicators of compromise associated with OSINT-driven attacks. Organizations should also conduct regular threat intelligence updates and integrate feeds like ThreatFox into their security operations to stay informed about emerging IOCs. Since no patches are available, emphasis should be placed on hardening network perimeters, enforcing strict access controls, and conducting employee awareness training to recognize social engineering attempts that may accompany OSINT-based attacks. Additionally, segmenting networks to limit lateral movement and maintaining robust incident response plans will reduce potential damage if an infection occurs.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 038b1736-e48b-4e98-b6e5-7c24b788b5b1
- Original Timestamp
- 1752883385
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.flegurasec.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainerpoci.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainm.fbwatch.live | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainaafastservice.top | Hook botnet C2 domain (confidence level: 100%) | |
domaintogether-well.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintest.accendente.tn | NjRAT botnet C2 domain (confidence level: 100%) | |
domainv2.egrfbumsu.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domaintryfancify.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainpasotslv.shop | Hook botnet C2 domain (confidence level: 100%) | |
domaincooawbi.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainourkbpw.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsleaqwad.shop | Stealc botnet C2 domain (confidence level: 100%) | |
domainpolice-turkish.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbond007.xyz | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domaingetcredentialingdone.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainwww.souguo.icu | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaindl.newtoyourgame.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainmgmt.studerandson.us | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainhfdjmoedkjf.asia | ClearFake payload delivery domain (confidence level: 100%) | |
domainsocketapiupdates.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainf-v1-url-fd220acde0-c.marlin-development.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainsx.optionchain.dpdns.org | Vidar botnet C2 domain (confidence level: 75%) | |
domainselect-soma.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaingoodfilesvibresgood.dynuddns.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainwww.vidrloscobo.com | Remcos botnet C2 domain (confidence level: 100%) | |
domaindetalles12.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainsellers-lit.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingrigori.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaincvv6.com | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainmode-civil.gl.at.ply.gg | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domain552e3ca1f307.ngrok-free.app | SpyNote botnet C2 domain (confidence level: 100%) | |
domaincichau.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthoqp.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvmi2330570.contaboserver.net | Hook botnet C2 domain (confidence level: 100%) | |
domaingh.optionchain.dpdns.org | Vidar botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file149.88.86.36 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file45.38.20.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.230.34.149 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.183.174.110 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file40.177.115.50 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file52.194.225.30 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file3.126.10.249 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file118.107.244.48 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file120.221.24.103 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file45.142.122.114 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file15.235.188.250 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file160.202.255.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.32.168.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file152.32.168.243 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.56.87.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.86.212 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.88.86.56 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file52.12.185.192 | Sliver botnet C2 server (confidence level: 90%) | |
file185.207.65.19 | Sliver botnet C2 server (confidence level: 90%) | |
file95.130.227.189 | Sliver botnet C2 server (confidence level: 90%) | |
file47.243.207.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.21.85.133 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.155.126.158 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file77.93.142.238 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file64.94.84.22 | Havoc botnet C2 server (confidence level: 100%) | |
file15.160.172.231 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file152.42.235.181 | MooBot botnet C2 server (confidence level: 100%) | |
file23.227.203.198 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file47.251.169.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.231.115.25 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.24.77.84 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.220.77.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file64.176.192.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.202.232.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file189.1.227.128 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.32.188.119 | Unknown malware botnet C2 server (confidence level: 100%) | |
file68.183.230.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.132.173.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file38.73.236.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.134.99.243 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.37.80.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file179.190.41.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.240.200.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file106.15.59.123 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.62.158.255 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.95.92.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.180.248.64 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.233.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.47.41.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.65.27.176 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.61.69.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.129.173.66 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.201.181.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file15.206.76.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file143.198.90.71 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.235.200.14 | Unknown malware botnet C2 server (confidence level: 100%) | |
file179.43.172.97 | Unknown malware botnet C2 server (confidence level: 100%) | |
file20.199.23.67 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.2.69.79 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.130.231.213 | XWorm botnet C2 server (confidence level: 100%) | |
file213.165.42.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.109.149.149 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file160.202.133.13 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file31.56.36.12 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file110.41.77.117 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.56.87.43 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.176.197.31 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.176.197.31 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.3.35.65 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.176.60.64 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.96.224.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.141.219.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file116.203.165.206 | Vidar botnet C2 server (confidence level: 100%) | |
file65.109.242.126 | Vidar botnet C2 server (confidence level: 100%) | |
file5.101.81.65 | XWorm botnet C2 server (confidence level: 100%) | |
file124.223.31.164 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file152.136.107.108 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file81.109.131.3 | NjRAT botnet C2 server (confidence level: 75%) | |
file45.76.158.90 | Havoc botnet C2 server (confidence level: 75%) | |
file139.162.235.160 | Havoc botnet C2 server (confidence level: 75%) | |
file179.60.147.176 | Chaos botnet C2 server (confidence level: 75%) | |
file194.87.216.75 | Chaos botnet C2 server (confidence level: 75%) | |
file196.251.117.171 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file3.127.138.57 | NjRAT botnet C2 server (confidence level: 75%) | |
file45.74.38.47 | Havoc botnet C2 server (confidence level: 75%) | |
file3.125.188.168 | NjRAT botnet C2 server (confidence level: 75%) | |
file13.114.32.108 | Havoc botnet C2 server (confidence level: 75%) | |
file5.129.197.185 | Havoc botnet C2 server (confidence level: 75%) | |
file13.48.17.233 | Havoc botnet C2 server (confidence level: 75%) | |
file147.185.221.26 | NjRAT botnet C2 server (confidence level: 75%) | |
file178.156.131.128 | NjRAT botnet C2 server (confidence level: 75%) | |
file44.204.237.230 | Havoc botnet C2 server (confidence level: 75%) | |
file52.212.234.248 | Havoc botnet C2 server (confidence level: 75%) | |
file184.105.237.196 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file172.67.141.148 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file51.21.152.46 | Havoc botnet C2 server (confidence level: 75%) | |
file138.199.50.129 | NjRAT botnet C2 server (confidence level: 75%) | |
file3.127.59.75 | NjRAT botnet C2 server (confidence level: 75%) | |
file192.169.69.25 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
file110.40.155.27 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.163.221.96 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.190.198.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.178.12 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.34.211.17 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.109.9.165 | Sliver botnet C2 server (confidence level: 100%) | |
file124.198.132.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file172.104.161.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.189.227.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file85.208.84.20 | Hook botnet C2 server (confidence level: 100%) | |
file45.150.34.112 | Hook botnet C2 server (confidence level: 100%) | |
file35.180.121.47 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file123.60.13.251 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file54.46.8.204 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file106.52.179.150 | Havoc botnet C2 server (confidence level: 75%) | |
file34.154.223.30 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file92.255.85.34 | XWorm botnet C2 server (confidence level: 100%) | |
file185.242.5.90 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file193.142.146.158 | XWorm botnet C2 server (confidence level: 100%) | |
file59.110.81.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.116.100.76 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file181.141.40.93 | Remcos botnet C2 server (confidence level: 100%) | |
file45.141.233.131 | Remcos botnet C2 server (confidence level: 100%) | |
file139.162.18.28 | Unknown malware botnet C2 server (confidence level: 100%) | |
file51.16.209.16 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file185.247.226.213 | Stealc botnet C2 server (confidence level: 100%) | |
file183.66.27.19 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file175.178.104.252 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file193.112.84.248 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file43.224.34.90 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.116.181.81 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file59.110.64.250 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.244.29.224 | NjRAT botnet C2 server (confidence level: 100%) | |
file192.238.177.48 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file209.141.50.22 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file82.25.34.95 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.218.137.204 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file38.12.36.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.232.151.42 | Unknown malware botnet C2 server (confidence level: 100%) | |
file100.27.209.121 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file100.27.209.121 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file103.199.18.230 | Remcos botnet C2 server (confidence level: 100%) | |
file46.183.223.75 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file146.90.81.215 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file66.49.164.6 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file211.149.175.185 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.176.197.31 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file185.196.10.120 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.125.248.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file151.241.129.49 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file37.45.26.188 | DarkComet botnet C2 server (confidence level: 100%) | |
file193.23.3.29 | Remcos botnet C2 server (confidence level: 100%) | |
file162.215.8.193 | Sliver botnet C2 server (confidence level: 100%) | |
file15.204.9.20 | Sliver botnet C2 server (confidence level: 100%) | |
file124.198.132.230 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file83.222.191.118 | SectopRAT botnet C2 server (confidence level: 100%) | |
file139.162.18.30 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.18.28 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.74.10.14 | Hook botnet C2 server (confidence level: 100%) | |
file198.7.115.133 | Hook botnet C2 server (confidence level: 100%) | |
file198.7.115.133 | Hook botnet C2 server (confidence level: 100%) | |
file198.7.115.133 | Hook botnet C2 server (confidence level: 100%) | |
file103.230.69.188 | DCRat botnet C2 server (confidence level: 100%) | |
file46.246.82.13 | DCRat botnet C2 server (confidence level: 100%) | |
file43.208.5.219 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file8.139.6.64 | Chaos botnet C2 server (confidence level: 100%) | |
file104.164.104.15 | Bashlite botnet C2 server (confidence level: 100%) | |
file102.158.123.182 | QakBot botnet C2 server (confidence level: 75%) | |
file109.145.252.38 | QakBot botnet C2 server (confidence level: 75%) | |
file188.92.79.123 | WarmCookie botnet C2 server (confidence level: 100%) | |
file70.27.138.55 | QakBot botnet C2 server (confidence level: 75%) | |
file75.2.11.125 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file85.98.49.5 | QakBot botnet C2 server (confidence level: 75%) | |
file94.98.69.21 | QakBot botnet C2 server (confidence level: 75%) | |
file111.217.141.70 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file111.217.141.70 | DOPLUGS botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6697 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash104 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3390 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash7705 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash20547 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash55533 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash53333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3355 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7008 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5356 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash42308 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash8080 | XWorm botnet C2 server (confidence level: 100%) | |
hash8889 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash928 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash8080 | Chaos botnet C2 server (confidence level: 75%) | |
hash8080 | Chaos botnet C2 server (confidence level: 75%) | |
hash15230 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash15761 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash11722 | NjRAT botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash80 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash20738 | NjRAT botnet C2 server (confidence level: 75%) | |
hash6368 | NjRAT botnet C2 server (confidence level: 75%) | |
hash80 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash3535 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash80 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash4444 | NjRAT botnet C2 server (confidence level: 75%) | |
hash13615 | NjRAT botnet C2 server (confidence level: 75%) | |
hash6782 | Nanocore RAT botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash18443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash45051 | Hook botnet C2 server (confidence level: 100%) | |
hash50555 | Hook botnet C2 server (confidence level: 100%) | |
hash179 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4433 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash4040 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7878 | XWorm botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1906 | Remcos botnet C2 server (confidence level: 100%) | |
hash5902 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash20342 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash11425 | Stealc botnet C2 server (confidence level: 100%) | |
hash58476 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7000 | NjRAT botnet C2 server (confidence level: 100%) | |
hash6667 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash615 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash14265 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8437 | Remcos botnet C2 server (confidence level: 100%) | |
hash6709 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7514 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash20803 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash44818 | DarkComet botnet C2 server (confidence level: 100%) | |
hash45734 | DarkComet botnet C2 server (confidence level: 100%) | |
hash52200 | DarkComet botnet C2 server (confidence level: 100%) | |
hash58000 | DarkComet botnet C2 server (confidence level: 100%) | |
hash1194 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2455 | DarkComet botnet C2 server (confidence level: 100%) | |
hash14072 | DarkComet botnet C2 server (confidence level: 100%) | |
hash31039 | DarkComet botnet C2 server (confidence level: 100%) | |
hash58603 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2096 | DarkComet botnet C2 server (confidence level: 100%) | |
hash5671 | DarkComet botnet C2 server (confidence level: 100%) | |
hash36160 | DarkComet botnet C2 server (confidence level: 100%) | |
hash8889 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash6000 | DCRat botnet C2 server (confidence level: 100%) | |
hash3000 | DCRat botnet C2 server (confidence level: 100%) | |
hash7170 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash54681 | Chaos botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | WarmCookie botnet C2 server (confidence level: 100%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash8113 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash465 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://sleaqwad.shop | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://ban1zons.beget.tech/95a84570.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://famigh.shop/xpal | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://soyasticks.club/user/joe/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://sleaqwad.shop/45cc90de006049c9.php | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://20.2.161.33:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://swalocf.lat/atxi | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://cooawbi.top/dpla | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://ourkbpw.top/aoti | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://bond007.xyz/publishertag/apstag.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://bond007.xyz/publishertag/buffer.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://getcredentialingdone.com:80/lal.ps1 | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://www.getcredentialingdone.com/hsqw.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://saviutf.pics/tiwq | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://dl.newtoyourgame.com/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttp://cx74809.tw1.ru/c68f57f3.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://116.203.14.51 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://sx.optionchain.dpdns.org | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://x1le.atwebpages.com/0a2b7e8a.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://aczpy.pics/daog | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttp://quantumegypt.com/images/navigation/enclosures/xvc/admin2/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://exveaxa.lat/atjx | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/dfg7drt7dh5 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://cawbn.pics/zjdu | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://gh.optionchain.dpdns.org | Vidar botnet C2 (confidence level: 75%) |
Threat ID: 687ae3bda83201eaacf7af56
Added to database: 7/19/2025, 12:15:57 AM
Last enriched: 7/19/2025, 12:31:14 AM
Last updated: 7/19/2025, 9:15:57 AM
Views: 4
Related Threats
LameHug: first AI-Powered malware linked to Russia’s APT28
MediumMalwareFri Jul 18 2025
Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware
MediumMalwareFri Jul 18 2025
KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles
MediumMalwareFri Jul 18 2025
Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities
MediumMalwareFri Jul 18 2025
From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up
MediumMalwareFri Jul 18 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.