ThreatFox IOCs for 2025-07-19

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information describes a security threat categorized as malware with a focus on OSINT (Open Source Intelligence) related indicators of compromise (IOCs) dated 2025-07-19. The threat is sourced from the ThreatFox MISP Feed, which is a platform for sharing threat intelligence. The threat is associated with payload delivery and network activity, indicating that it involves mechanisms to deliver malicious payloads over a network, potentially leveraging OSINT techniques for reconnaissance or targeting. No specific affected software versions or products are listed, and no patches or known exploits in the wild are reported. The technical details include a threat level of 2 (on an unspecified scale), an analysis rating of 1, and a distribution rating of 3, suggesting moderate dissemination potential. The absence of concrete indicators of compromise (IOCs) in the data limits detailed technical analysis, but the classification as malware with network activity implies potential risks of unauthorized access, data exfiltration, or disruption. The lack of patches and known exploits suggests this may be a newly identified or emerging threat rather than an actively exploited vulnerability. The threat is tagged with TLP:white, indicating information is intended for wide distribution and sharing. Overall, this appears to be an intelligence update on malware-related IOCs rather than a specific exploit or vulnerability, with medium severity assigned by the source.

Potential Impact

For European organizations, the impact of this threat depends largely on the nature of the malware payload and its delivery mechanism, which are not detailed here. Given the association with OSINT and network activity, there is potential for targeted reconnaissance and subsequent payload delivery that could lead to data breaches, espionage, or disruption of services. Medium severity suggests moderate risk, possibly affecting confidentiality and availability. Organizations relying heavily on networked infrastructure and those involved in sensitive sectors such as finance, government, and critical infrastructure could face increased risk if the malware payload enables lateral movement or data exfiltration. The lack of known exploits in the wild reduces immediate risk but does not preclude future exploitation. The absence of patches means mitigation must focus on detection and prevention rather than remediation of a known vulnerability.

Mitigation Recommendations

Given the lack of specific affected products or versions, mitigation should focus on enhancing network security and threat detection capabilities. European organizations should: 1) Implement robust network monitoring to detect unusual payload delivery or network activity patterns associated with malware. 2) Utilize threat intelligence feeds, including ThreatFox, to update detection signatures and IOC databases regularly. 3) Conduct regular OSINT monitoring to identify potential targeting or reconnaissance activities against their infrastructure. 4) Enforce strict access controls and network segmentation to limit malware propagation. 5) Employ endpoint detection and response (EDR) solutions capable of identifying and isolating suspicious payloads. 6) Train security teams to recognize and respond to emerging threats indicated by OSINT sources. 7) Maintain up-to-date backups and incident response plans to mitigate impact if infection occurs. These steps go beyond generic advice by emphasizing proactive intelligence integration and network behavior analysis tailored to OSINT-related malware threats.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://eventpiggy.com/work/downloader.php
url: https://clickgotheshears.com/work/downloader.php
url: https://synergeahealthcentre.com/work/downloader.php
url: https://royallinefrenchies.com/work/downloader.php
url: https://kortojura.com/work/downloader.php
url: https://kevinleeart.com/work/downloader.php
url: https://digitaj.com/work/downloader.php
url: https://coursecomrade.com/work/downloader.php
url: https://cliniquemedicalerichelieu.com/work/downloader.php
url: https://bellevillepaddlingclub.com/work/downloader.php
url: https://augustinianabbey.com/work/downloader.php
url: https://almondtreehill.com/work/downloader.php
url: https://uasdivision.com/work/downloader.php
url: https://explodingfishamerica.com/work/downloader.php
url: https://sexologoconsulta.com/work/downloader.php
url: https://myoptimalbest.com/work/downloader.php
url: https://lesoiseauxivres.com/work/downloader.php
url: https://windsorcancerresearch.ca/work/downloader.php
url: http://devtools.bond/work/original.js
domain: rose-pole-chip.pages.dev
domain: sugarpotfun.fly.storage.tigris.dev
domain: vendictio.com
domain: manwithedhelp.top
url: https://manwithedhelp.top/files/loop.js
url: https://manwithedhelp.top/files/index.php
domain: jiezishijie.top
url: https://jiezishijie.top/files/index.php
url: https://jiezishijie.top/files/vi.php
url: https://jiezishijie.top/files/loop.js
domain: security.gwardfilaer.com
domain: hopeldo.com
url: https://hopeldo.com/flare.msi
domain: security.flmesecgaurd.com
domain: fermigz.com
domain: security.falagyrarde.com
domain: oldinax.com
domain: security.folagaiurd.com
domain: nenilac.com
domain: analyticacnodec.com
domain: security.flwcereguaard.com
domain: tepolix.com
domain: security.fleapecguadr.com
domain: repoloik.com
domain: security.gvaerdflarle.com
domain: kapoleq.com
url: https://abtsi.com/4r2e.js
domain: security.fanlareguward.com
domain: holandeso.com
domain: security.fhaugaaurd.com
domain: nenopizo.com
domain: lebensversicherungvergleich.top
domain: javiergomezmontero.eu
domain: gtl.ci
domain: madeinci.ci
domain: retcap.eu
domain: bleulab.ci
domain: ardiellifornasa.ge
domain: clasoftmedia.ci
domain: centroecoformativosanmartin.eu
domain: gomezmontero.eu
domain: rafelink.life
domain: cloudflare.blazing-cloud.com
url: http://94.156.114.219/8usa.sh
url: https://buildingjobs.xyz/tag/buffer.js
domain: buildingjobs.xyz
url: http://ignifugacionsarguix.com:80/lal.ps1
domain: ignifugacionsarguix.com
url: https://ignifugacionsarguix.com/momo.zip
domain: security.fjarlegiuard.com
domain: noswexa.com
file: 159.203.30.200
hash: 80
file: 137.220.232.142
hash: 25364
file: 1.13.187.97
hash: 8089
file: 176.65.149.160
hash: 443
file: 89.110.96.140
hash: 443
file: 95.216.78.61
hash: 8808
file: 172.94.9.85
hash: 8808
file: 45.81.23.42
hash: 1888
file: 172.105.121.80
hash: 443
file: 188.226.220.215
hash: 80
file: 23.92.20.65
hash: 443
file: 178.159.43.123
hash: 443
file: 18.100.143.170
hash: 5900
file: 102.96.149.206
hash: 443
file: 104.167.16.88
hash: 4321
file: 40.113.165.132
hash: 443
file: 155.94.155.151
hash: 443
domain: inventscience.st
file: 93.88.203.171
hash: 443
file: 47.83.197.12
hash: 7777
url: https://t.me/partisanclan
file: 82.156.150.140
hash: 80
file: 101.42.187.157
hash: 80
domain: www.haoxueaibang.com
file: 154.204.178.13
hash: 80
file: 154.204.178.13
hash: 80
file: 87.106.235.201
hash: 8808
file: 137.220.54.244
hash: 7443
file: 14.241.163.8
hash: 7443
url: https://cichau.lat/agbn
file: 217.12.204.47
hash: 9000
file: 103.249.132.235
hash: 9000
url: https://thoqp.lat/zidw
file: 117.50.175.19
hash: 60000
file: 47.112.137.119
hash: 60000
file: 172.174.235.232
hash: 60000
file: 41.216.189.133
hash: 33334
file: 3.17.37.14
hash: 443
file: 91.107.212.226
hash: 3333
file: 24.11.76.114
hash: 3333
file: 91.99.167.240
hash: 3333
file: 3.144.157.69
hash: 443
file: 217.154.211.73
hash: 80
file: 13.37.213.95
hash: 3333
file: 20.57.103.111
hash: 3333
file: 135.181.154.102
hash: 3333
file: 4.234.185.53
hash: 8080
file: 185.170.112.144
hash: 3333
file: 185.113.249.72
hash: 3333
file: 147.135.252.120
hash: 3333
file: 3.231.72.153
hash: 443
file: 212.59.240.179
hash: 3333
file: 139.59.138.129
hash: 4444
file: 67.217.228.190
hash: 10443
file: 1.94.56.245
hash: 10001
hash: 08269846bf389efe2f5a58d4fc2cd48538aab5e0fa868ff1205524bcfa7e6d64
hash: badbf65775ddf265a3dd2eeb5dae28d29b13158a0a5f153bc6b80320eaae9766
hash: 8d6b78d770af35d4622a72ad847121ec531042ae5642df9ac4fbd8b85199a581
hash: 166c79e0d3ea6319d4b1c4d12154e271c6d9bb87e174ff7fbc5a4d6faccd1e30
hash: 8702f84bdf875fa7f1bfcbcdf11c2c4097dc2c93aecf9a12008a2fd3c8b53fde
hash: 9478d10fb87adcced07561c8aa4ee8bb6ae857f65d0c1a630c1afa1abce37e86
hash: e60414d67ff81e1f95a3bf0b416471371c8a461e9d3e017c0a0850d0ad2b5852
hash: d6a421eb706f7b3318475541756fbb4254cc0831d795c3fb76807139f3991e06
hash: a4654cbbf7f64af65a452dc70a05dbd32359406d4e9b0195826e9615715c999a
hash: 9099761b716865dbca9b3973c68b904df16372e12cbdcd75d15a48749478ae9e
hash: 59229303015430109b451aeb1fcce3b98349f470d5e6cf3169cd62606b619b2d
hash: bc7bf26711d0bad8a51f903f75b59015a3c7d0662f1f096b0d4775af3d2bd965
hash: 8640864679750681acde4a1831ce48692f0b93e47b2ee39fdb448413859fbe64
hash: b22a2c371d52753d255106381d2cb6739e5efd183d737d65071db26ae3da7601
hash: 6ba5f1dc0e088a8552e4d074701b15a54ffe8d431195b64db81d1a29dc11540e
hash: c7edea59866d59231136bf764c7fb5aba2059fcd1cbac5c449571c32ede43614
hash: ae234a293a1a8f1e4b8e2fd573006c638326883d4c75f6295448d577bf10daa4
hash: c6843cc74e5a99e42564523420b5f7ed21c3ffc3fb8254d56dedceb24cc8a43c
hash: 08d1bd15aa93c61a881b5fe78a58a36a1550299d166644b616ee05dc68161b88
hash: 9252554a1b23a6176d96112dc681cbcc770ca5f145997400cdece5c1857fbcd2
hash: e10dfec034a6b02f742d6ad433eb8093dcae1146c4a6770de6d6d2d5b72e2098
hash: 64d6d6f8d4b8911e0f4ba9030382ca1664d7eba8775d00544d56e2dc336208da
hash: 6920efd832e31f0ff94436c4242f00443dc3d3df4511a6fbaa8b899767bdb001
hash: 33635d2e6d00ec50497def4568a33bf742a396e322498997b9524d9f2e0f38e1
hash: 6d75b4922025d7859a1a5722b621b2f24de54a1a5329d0c8781839bf6255a717
hash: 51c317b6902b8eba36bfe0d3fd37ea678db221c01dfe9fa449ed2c901e82ae29
hash: 21be34122cdc4d173da4d143dd3d1930307086feabd72f6285f453d33e564337
hash: 5f7b59096b1a70db5188a4fb4ca373242c034eade5cdd8bfe6cfe99ea2ac04d2
hash: c9af11b7e32d2a3891c842e5e547427ddd3f682eb3a55c1f0a2aa98b225615e5
file: 148.66.7.234
hash: 441
url: http://982361cm.nyash.es/imagelinelongpolldefaultdbuploads.php
file: 5.181.187.10
hash: 1337
domain: anonuevovidanueva20212021.duckdns.org
domain: guardameplata.kozow.com
domain: karenmuir.hopto.org
file: 45.80.158.242
hash: 2024
domain: yessir12.duckdns.org
domain: fnahaga-41990.portmap.io
url: https://bluepxd.shop/xait
file: 148.66.7.234
hash: 442
file: 148.66.7.234
hash: 443
domain: alekzhero.no-ip.org
file: 90.184.86.99
hash: 6200
file: 85.208.84.21
hash: 23675
file: 120.25.209.147
hash: 8888
file: 47.116.181.81
hash: 8081
file: 103.125.248.109
hash: 8090
file: 123.56.87.43
hash: 9999
url: http://ct51064.tw1.ru/l1nc0in.php
domain: hblive.help
domain: eplive.help
domain: mdycare.help
file: 172.245.152.196
hash: 31000
url: https://shoesmom.xyz/bin.php
file: 38.190.224.58
hash: 443
file: 143.92.49.47
hash: 8089
file: 8.137.36.127
hash: 443
file: 23.94.171.142
hash: 8580
file: 47.113.229.193
hash: 8080
file: 139.64.5.15
hash: 443
file: 13.247.190.233
hash: 8013
file: 183.66.27.28
hash: 58476
file: 220.133.105.146
hash: 10001
file: 123.60.130.140
hash: 10001
file: 38.146.25.54
hash: 9100
file: 45.76.155.161
hash: 443
file: 54.157.151.187
hash: 443
file: 76.68.146.89
hash: 2222
domain: rhiuit.shop
domain: srlemnhg.top
domain: rootino.top
domain: zxoms.top
domain: anxtaun.fit
domain: dumv.online
domain: dampg.shop
domain: permwgp.xyz
domain: recopcwr.top
domain: seruneqy.live
domain: siniavzv.life
domain: strujqwn.xyz
domain: net.botwork.africa
file: 122.51.22.201
hash: 40001
file: 8.148.30.197
hash: 4433
file: 157.90.209.107
hash: 7000
file: 77.48.28.216
hash: 137
file: 118.195.158.212
hash: 8888
file: 124.198.132.230
hash: 6606
url: https://fedrodj.top/xkdw
url: https://castdyt.pics/zajg
file: 45.74.10.14
hash: 80
file: 157.175.55.36
hash: 52057
file: 144.172.122.219
hash: 4323
file: 115.231.171.251
hash: 10001
file: 67.217.228.190
hash: 1433
file: 178.255.245.115
hash: 1233
file: 178.255.245.115
hash: 1234
file: 178.255.245.115
hash: 1235
url: http://bapican.com/bin/javascript/panel/five/fre.php
file: 41.103.185.6
hash: 999
domain: security.microsoftwindows.biz
domain: update.microsoftwindows.biz
domain: www.ag3battery.com
domain: www.cannabispatientcare.com
domain: www.crownmagnetics.com
domain: www.mediawick.com
domain: www.queirozdesign.com
domain: www.smallcartrailer.com
file: 103.125.248.109
hash: 2053
file: 103.125.248.109
hash: 443
file: 103.125.248.109
hash: 50469
file: 159.75.177.25
hash: 443
file: 213.209.150.214
hash: 8443
file: 8.137.36.127
hash: 80
url: https://tr.optionchain.dpdns.org
domain: tr.optionchain.dpdns.org
url: http://a1148213.xsph.ru/bb3998a1.php
file: 191.96.39.232
hash: 7000
file: 147.185.221.30
hash: 15149
file: 106.12.215.229
hash: 8099
file: 154.217.244.133
hash: 80
file: 115.126.49.18
hash: 2002
file: 45.144.137.60
hash: 8457
file: 180.76.55.45
hash: 443
file: 110.40.167.191
hash: 9888
file: 139.159.186.177
hash: 8099
file: 101.42.157.172
hash: 8087
file: 123.56.203.56
hash: 443
file: 8.130.123.140
hash: 8081
file: 47.117.94.240
hash: 443
file: 162.220.14.247
hash: 31337
file: 31.220.103.227
hash: 31337
file: 45.137.99.133
hash: 31337
file: 45.141.215.14
hash: 31337
file: 104.131.2.26
hash: 31337
file: 107.175.233.90
hash: 31337
file: 213.111.148.83
hash: 31337
file: 64.176.61.71
hash: 31337
file: 91.99.188.181
hash: 31337
file: 162.215.8.193
hash: 31337
file: 149.202.49.209
hash: 31337
file: 142.93.62.88
hash: 31337
file: 206.206.77.245
hash: 31337
file: 43.143.97.240
hash: 31337
file: 152.110.70.52
hash: 31337
file: 104.168.101.27
hash: 31337
file: 54.79.180.169
hash: 7634
file: 50.19.21.132
hash: 4063
file: 15.160.187.93
hash: 6667
file: 118.122.8.155
hash: 12423
file: 34.249.53.29
hash: 179
file: 43.218.42.17
hash: 32303
file: 18.212.190.49
hash: 4444
file: 81.47.107.246
hash: 6001
file: 3.15.2.69
hash: 11
file: 120.26.207.29
hash: 5433
file: 92.205.25.240
hash: 5172
file: 52.23.205.181
hash: 32764
file: 86.178.156.211
hash: 12345
file: 16.24.81.57
hash: 15
file: 37.45.26.188
hash: 47990
file: 37.45.26.188
hash: 4001
file: 95.8.9.136
hash: 1604
file: 185.75.240.211
hash: 4433
file: 185.75.240.211
hash: 6443
file: 51.15.240.114
hash: 9999
file: 167.160.161.158
hash: 3000
file: 207.246.115.233
hash: 80
file: 45.81.23.42
hash: 444
file: 105.111.225.70
hash: 1177
file: 91.4.34.242
hash: 80
url: http://35.199.30.104:8080/
url: https://94.156.177.41/mrt/five/pvqdq929bsx_a_d_m1n_a.php
url: http://45.74.10.14/
url: http://logrecovery.com/hmfd8ejds/login.php
url: https://13.124.220.164/phpmyadmin/index.php
url: https://www.b.sasha-solzhenicyn.ru/login
url: https://www.ucoxqdemo.fedor-turin.ru/login
url: https://banati.sasha-solzhenicyn.ru/login
url: https://pastebin.com/raw/w0sac0j9
domain: synoacoustic-32033.portmap.host
domain: testserver444.zapto.org
url: https://pastebin.com/raw/syq7ubnn
file: 23.94.232.5
hash: 3232
domain: mz.auth-cn.cn
url: http://www.085097.com/hx287/
url: http://www.2067lindavista.info/hx287/
url: http://www.artmaior.com/hx287/
url: http://www.bitcoinwalletco.com/hx287/
url: http://www.boardwnel.net/hx287/
url: http://www.c27be5aon.online/hx287/
url: http://www.cashusa-support.com/hx287/
url: http://www.chiru-atelier.com/hx287/
url: http://www.covpsychiz.com/hx287/
url: http://www.cpab-marbeuf.com/hx287/
url: http://www.creation--site--internet.com/hx287/
url: http://www.creditreportdr.com/hx287/
url: http://www.csmtasima.com/hx287/
url: http://www.despacho360.com/hx287/
url: http://www.divasofdesignboutique.com/hx287/
url: http://www.dtoo.ltd/hx287/
url: http://www.dyzns.com/hx287/
url: http://www.eiwqcorp.com/hx287/
url: http://www.garanthemedical.com/hx287/
url: http://www.globale-finance48.com/hx287/
url: http://www.globe-fish-test.net/hx287/
url: http://www.go2tips.com/hx287/
url: http://www.hbcyzmdj.com/hx287/
url: http://www.hibtp.com/hx287/
url: http://www.imagic-inc.net/hx287/
url: http://www.iphonex.city/hx287/
url: http://www.itaucard-descontos.net/hx287/
url: http://www.jbatherholt.net/hx287/
url: http://www.jinkou-sh.com/hx287/
url: http://www.karmes.net/hx287/
url: http://www.keepcrueltyhistory.com/hx287/
url: http://www.llong678.com/hx287/
url: http://www.lumiereinvestments.net/hx287/
url: http://www.m2glutenfree.com/hx287/
url: http://www.missionssummit.com/hx287/
url: http://www.mohecao.com/hx287/
url: http://www.neteducation4you.com/hx287/
url: http://www.news3039.gripe/hx287/
url: http://www.nhacaiw88.info/hx287/
url: http://www.novite-mebeli.info/hx287/
url: http://www.panama123456.com/hx287/
url: http://www.ponyblood.com/hx287/
url: http://www.qova.ltd/hx287/
url: http://www.seedsoffashion.com/hx287/
url: http://www.shop-kuyou.com/hx287/
url: http://www.sntzag.info/hx287/
url: http://www.solucionservihogar.com/hx287/
url: http://www.souzan-haddad.com/hx287/
url: http://www.styleswithrobin.com/hx287/
url: http://www.sunsetserenadenc.com/hx287/
url: http://www.talk2ipsos.com/hx287/
url: http://www.thebucktowntaproom.com/hx287/
url: http://www.tztauto.com/hx287/
url: http://www.unitedfinancesavings.com/hx287/
url: http://www.watchbracket.com/hx287/
url: http://www.whdebang.com/hx287/
url: http://www.whqrsj.com/hx287/
url: http://www.winchesuk.co.uk/hx287/
url: http://www.xiaoxiaoqi.net/hx287/
url: http://www.xn--0tr47cry2eihq.net/hx287/
url: http://www.yget.ltd/hx287/
url: http://www.yiyangguoji.com/hx287/
url: http://www.yizhiting.kim/hx287/
url: http://www.yourdiscountrealtor.com/hx287/
url: http://www.zixuetiandi.com/hx287/
domain: www.085097.com
domain: www.2067lindavista.info
domain: www.artmaior.com
domain: www.bitcoinwalletco.com
domain: www.boardwnel.net
domain: www.c27be5aon.online
domain: www.cashusa-support.com
domain: www.chiru-atelier.com
domain: www.covpsychiz.com
domain: www.cpab-marbeuf.com
domain: www.creation--site--internet.com
domain: www.creditreportdr.com
domain: www.csmtasima.com
domain: www.despacho360.com
domain: www.divasofdesignboutique.com
domain: www.dtoo.ltd
domain: www.dyzns.com
domain: www.eiwqcorp.com
domain: www.garanthemedical.com
domain: www.globale-finance48.com
domain: www.globe-fish-test.net
domain: www.go2tips.com
domain: www.hbcyzmdj.com
domain: www.hibtp.com
domain: www.imagic-inc.net
domain: www.iphonex.city
domain: www.itaucard-descontos.net
domain: www.jbatherholt.net
domain: www.jinkou-sh.com
domain: www.karmes.net
domain: www.keepcrueltyhistory.com
domain: www.llong678.com
domain: www.lumiereinvestments.net
domain: www.m2glutenfree.com
domain: www.missionssummit.com
domain: www.mohecao.com
domain: www.neteducation4you.com
domain: www.news3039.gripe
domain: www.nhacaiw88.info
domain: www.novite-mebeli.info
domain: www.panama123456.com
domain: www.ponyblood.com
domain: www.qova.ltd
domain: www.seedsoffashion.com
domain: www.shop-kuyou.com
domain: www.sntzag.info
domain: www.solucionservihogar.com
domain: www.souzan-haddad.com
domain: www.styleswithrobin.com
domain: www.sunsetserenadenc.com
domain: www.talk2ipsos.com
domain: www.thebucktowntaproom.com
domain: www.tztauto.com
domain: www.unitedfinancesavings.com
domain: www.watchbracket.com
domain: www.whdebang.com
domain: www.whqrsj.com
domain: www.winchesuk.co.uk
domain: www.xiaoxiaoqi.net
domain: www.xn--0tr47cry2eihq.net
domain: www.yget.ltd
domain: www.yiyangguoji.com
domain: www.yizhiting.kim
domain: www.yourdiscountrealtor.com
domain: www.zixuetiandi.com
url: https://drive.google.com/uc?export=download&id=1enlscbjf-fbsb-g8ee6b2wdwhqnjxklo
url: https://drive.google.com/uc?export=download&id=1ubpp222k8jvyf9t7-zpq3k6hj4uyvj6u
url: https://onedrive.live.com/download?cid=74f1199a49c3215b&resid=74f1199a49c3215b%21121&authkey=aoonymyk6cqk4tuy
url: https://temperoalternativo.com.br/xcx/newjan_wdarplcdz54.bin
domain: bot.exayte.xyz
domain: camelboat.n-e.kr
domain: cnc.cinquento.publicvm.com
domain: cnc.netjssaytcp.lat
domain: artist-presentations.gl.at.ply.gg
url: http://hurampronand.com/mlu/forum.php
url: http://probominku.ru/mlu/forum.php
url: http://theintrughe.ru/mlu/forum.php
domain: studies-integrated.gl.at.ply.gg
file: 172.245.152.196
hash: 29000
url: https://system6-mxe-ups3.com/gon9z2in7myqmn92dzx11cql.php
url: https://system6-mxe-ups3.com/p5pss34gvx21pxo0bz25vlqu.php
domain: crvmi-60976.portmap.io
domain: alternative-corporate.gl.at.ply.gg
domain: exploreativethinking.top
domain: geymej.top
domain: libdm.top
file: 117.50.175.19
hash: 80
file: 43.138.212.100
hash: 8011
file: 118.178.141.55
hash: 8888
file: 86.54.25.83
hash: 9000
file: 38.54.104.51
hash: 8082
domain: ec2-18-163-127-62.ap-east-1.compute.amazonaws.com
file: 63.179.1.26
hash: 789
file: 51.17.21.189
hash: 3306
domain: sso.office.safelogins.su
url: https://rubeuiq.pics/tkka
url: https://karapvc.pics/gkld
url: https://posteqz.top/aoot
url: https://t.me/lylajuipo
url: https://t.me/tdfydfv
url: https://cometopa.top/xlda
url: https://t.me/fdsydfghb4545
url: http://cs61835.tw1.ru/213068e3.php
domain: jptech202.ddnsking.com
url: https://wrfygsi.lat/xxaz
domain: mail-eco.gl.at.ply.gg
domain: startitit2-23969.portmap.host
file: 154.9.27.26
hash: 80
file: 89.110.96.140
hash: 5000
file: 34.96.165.237
hash: 443
file: 83.222.191.98
hash: 15647
file: 83.222.191.195
hash: 15647
file: 181.162.189.191
hash: 8080
file: 65.38.120.67
hash: 8921
file: 148.251.157.116
hash: 443
file: 54.78.57.178
hash: 10810
file: 13.245.111.102
hash: 81
file: 13.245.111.102
hash: 831
file: 35.163.114.205
hash: 44818
file: 209.141.47.199
hash: 7443
url: https://permwgp.xyz/xlak
url: https://recopcwr.top/atki
url: https://seruneqy.live/akiz
url: https://siniavzv.life/xajz
url: https://strujqwn.xyz/xkkd
url: https://rhiuit.shop/agpr
url: https://rootino.top/tqoi
file: 2.50.15.192
hash: 443
url: https://srlemnhg.top/adxd
file: 94.99.6.15
hash: 443
file: 103.125.248.109
hash: 8443

ThreatFox IOCs for 2025-07-19

Severity: medium

Type: malware

ThreatFox IOCs for 2025-07-19

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: https://eventpiggy.com/work/downloader.php
url: https://clickgotheshears.com/work/downloader.php
url: https://synergeahealthcentre.com/work/downloader.php
url: https://royallinefrenchies.com/work/downloader.php
url: https://kortojura.com/work/downloader.php
url: https://kevinleeart.com/work/downloader.php
url: https://digitaj.com/work/downloader.php
url: https://coursecomrade.com/work/downloader.php
url: https://cliniquemedicalerichelieu.com/work/downloader.php
url: https://bellevillepaddlingclub.com/work/downloader.php
url: https://augustinianabbey.com/work/downloader.php
url: https://almondtreehill.com/work/downloader.php
url: https://uasdivision.com/work/downloader.php
url: https://explodingfishamerica.com/work/downloader.php
url: https://sexologoconsulta.com/work/downloader.php
url: https://myoptimalbest.com/work/downloader.php
url: https://lesoiseauxivres.com/work/downloader.php
url: https://windsorcancerresearch.ca/work/downloader.php
url: http://devtools.bond/work/original.js
domain: rose-pole-chip.pages.dev
domain: sugarpotfun.fly.storage.tigris.dev
domain: vendictio.com
domain: manwithedhelp.top
url: https://manwithedhelp.top/files/loop.js
url: https://manwithedhelp.top/files/index.php
domain: jiezishijie.top
url: https://jiezishijie.top/files/index.php
url: https://jiezishijie.top/files/vi.php
url: https://jiezishijie.top/files/loop.js
domain: security.gwardfilaer.com
domain: hopeldo.com
url: https://hopeldo.com/flare.msi
domain: security.flmesecgaurd.com
domain: fermigz.com
domain: security.falagyrarde.com
domain: oldinax.com
domain: security.folagaiurd.com
domain: nenilac.com
domain: analyticacnodec.com
domain: security.flwcereguaard.com
domain: tepolix.com
domain: security.fleapecguadr.com
domain: repoloik.com
domain: security.gvaerdflarle.com
domain: kapoleq.com
url: https://abtsi.com/4r2e.js
domain: security.fanlareguward.com
domain: holandeso.com
domain: security.fhaugaaurd.com
domain: nenopizo.com
domain: lebensversicherungvergleich.top
domain: javiergomezmontero.eu
domain: gtl.ci
domain: madeinci.ci
domain: retcap.eu
domain: bleulab.ci
domain: ardiellifornasa.ge
domain: clasoftmedia.ci
domain: centroecoformativosanmartin.eu
domain: gomezmontero.eu
domain: rafelink.life
domain: cloudflare.blazing-cloud.com
url: http://94.156.114.219/8usa.sh
url: https://buildingjobs.xyz/tag/buffer.js
domain: buildingjobs.xyz
url: http://ignifugacionsarguix.com:80/lal.ps1
domain: ignifugacionsarguix.com
url: https://ignifugacionsarguix.com/momo.zip
domain: security.fjarlegiuard.com
domain: noswexa.com
file: 159.203.30.200
hash: 80
file: 137.220.232.142
hash: 25364
file: 1.13.187.97
hash: 8089
file: 176.65.149.160
hash: 443
file: 89.110.96.140
hash: 443
file: 95.216.78.61
hash: 8808
file: 172.94.9.85
hash: 8808
file: 45.81.23.42
hash: 1888
file: 172.105.121.80
hash: 443
file: 188.226.220.215
hash: 80
file: 23.92.20.65
hash: 443
file: 178.159.43.123
hash: 443
file: 18.100.143.170
hash: 5900
file: 102.96.149.206
hash: 443
file: 104.167.16.88
hash: 4321
file: 40.113.165.132
hash: 443
file: 155.94.155.151
hash: 443
domain: inventscience.st
file: 93.88.203.171
hash: 443
file: 47.83.197.12
hash: 7777
url: https://t.me/partisanclan
file: 82.156.150.140
hash: 80
file: 101.42.187.157
hash: 80
domain: www.haoxueaibang.com
file: 154.204.178.13
hash: 80
file: 154.204.178.13
hash: 80
file: 87.106.235.201
hash: 8808
file: 137.220.54.244
hash: 7443
file: 14.241.163.8
hash: 7443
url: https://cichau.lat/agbn
file: 217.12.204.47
hash: 9000
file: 103.249.132.235
hash: 9000
url: https://thoqp.lat/zidw
file: 117.50.175.19
hash: 60000
file: 47.112.137.119
hash: 60000
file: 172.174.235.232
hash: 60000
file: 41.216.189.133
hash: 33334
file: 3.17.37.14
hash: 443
file: 91.107.212.226
hash: 3333
file: 24.11.76.114
hash: 3333
file: 91.99.167.240
hash: 3333
file: 3.144.157.69
hash: 443
file: 217.154.211.73
hash: 80
file: 13.37.213.95
hash: 3333
file: 20.57.103.111
hash: 3333
file: 135.181.154.102
hash: 3333
file: 4.234.185.53
hash: 8080
file: 185.170.112.144
hash: 3333
file: 185.113.249.72
hash: 3333
file: 147.135.252.120
hash: 3333
file: 3.231.72.153
hash: 443
file: 212.59.240.179
hash: 3333
file: 139.59.138.129
hash: 4444
file: 67.217.228.190
hash: 10443
file: 1.94.56.245
hash: 10001
hash: 08269846bf389efe2f5a58d4fc2cd48538aab5e0fa868ff1205524bcfa7e6d64
hash: badbf65775ddf265a3dd2eeb5dae28d29b13158a0a5f153bc6b80320eaae9766
hash: 8d6b78d770af35d4622a72ad847121ec531042ae5642df9ac4fbd8b85199a581
hash: 166c79e0d3ea6319d4b1c4d12154e271c6d9bb87e174ff7fbc5a4d6faccd1e30
hash: 8702f84bdf875fa7f1bfcbcdf11c2c4097dc2c93aecf9a12008a2fd3c8b53fde
hash: 9478d10fb87adcced07561c8aa4ee8bb6ae857f65d0c1a630c1afa1abce37e86
hash: e60414d67ff81e1f95a3bf0b416471371c8a461e9d3e017c0a0850d0ad2b5852
hash: d6a421eb706f7b3318475541756fbb4254cc0831d795c3fb76807139f3991e06
hash: a4654cbbf7f64af65a452dc70a05dbd32359406d4e9b0195826e9615715c999a
hash: 9099761b716865dbca9b3973c68b904df16372e12cbdcd75d15a48749478ae9e
hash: 59229303015430109b451aeb1fcce3b98349f470d5e6cf3169cd62606b619b2d
hash: bc7bf26711d0bad8a51f903f75b59015a3c7d0662f1f096b0d4775af3d2bd965
hash: 8640864679750681acde4a1831ce48692f0b93e47b2ee39fdb448413859fbe64
hash: b22a2c371d52753d255106381d2cb6739e5efd183d737d65071db26ae3da7601
hash: 6ba5f1dc0e088a8552e4d074701b15a54ffe8d431195b64db81d1a29dc11540e
hash: c7edea59866d59231136bf764c7fb5aba2059fcd1cbac5c449571c32ede43614
hash: ae234a293a1a8f1e4b8e2fd573006c638326883d4c75f6295448d577bf10daa4
hash: c6843cc74e5a99e42564523420b5f7ed21c3ffc3fb8254d56dedceb24cc8a43c
hash: 08d1bd15aa93c61a881b5fe78a58a36a1550299d166644b616ee05dc68161b88
hash: 9252554a1b23a6176d96112dc681cbcc770ca5f145997400cdece5c1857fbcd2
hash: e10dfec034a6b02f742d6ad433eb8093dcae1146c4a6770de6d6d2d5b72e2098
hash: 64d6d6f8d4b8911e0f4ba9030382ca1664d7eba8775d00544d56e2dc336208da
hash: 6920efd832e31f0ff94436c4242f00443dc3d3df4511a6fbaa8b899767bdb001
hash: 33635d2e6d00ec50497def4568a33bf742a396e322498997b9524d9f2e0f38e1
hash: 6d75b4922025d7859a1a5722b621b2f24de54a1a5329d0c8781839bf6255a717
hash: 51c317b6902b8eba36bfe0d3fd37ea678db221c01dfe9fa449ed2c901e82ae29
hash: 21be34122cdc4d173da4d143dd3d1930307086feabd72f6285f453d33e564337
hash: 5f7b59096b1a70db5188a4fb4ca373242c034eade5cdd8bfe6cfe99ea2ac04d2
hash: c9af11b7e32d2a3891c842e5e547427ddd3f682eb3a55c1f0a2aa98b225615e5
file: 148.66.7.234
hash: 441
url: http://982361cm.nyash.es/imagelinelongpolldefaultdbuploads.php
file: 5.181.187.10
hash: 1337
domain: anonuevovidanueva20212021.duckdns.org
domain: guardameplata.kozow.com
domain: karenmuir.hopto.org
file: 45.80.158.242
hash: 2024
domain: yessir12.duckdns.org
domain: fnahaga-41990.portmap.io
url: https://bluepxd.shop/xait
file: 148.66.7.234
hash: 442
file: 148.66.7.234
hash: 443
domain: alekzhero.no-ip.org
file: 90.184.86.99
hash: 6200
file: 85.208.84.21
hash: 23675
file: 120.25.209.147
hash: 8888
file: 47.116.181.81
hash: 8081
file: 103.125.248.109
hash: 8090
file: 123.56.87.43
hash: 9999
url: http://ct51064.tw1.ru/l1nc0in.php
domain: hblive.help
domain: eplive.help
domain: mdycare.help
file: 172.245.152.196
hash: 31000
url: https://shoesmom.xyz/bin.php
file: 38.190.224.58
hash: 443
file: 143.92.49.47
hash: 8089
file: 8.137.36.127
hash: 443
file: 23.94.171.142
hash: 8580
file: 47.113.229.193
hash: 8080
file: 139.64.5.15
hash: 443
file: 13.247.190.233
hash: 8013
file: 183.66.27.28
hash: 58476
file: 220.133.105.146
hash: 10001
file: 123.60.130.140
hash: 10001
file: 38.146.25.54
hash: 9100
file: 45.76.155.161
hash: 443
file: 54.157.151.187
hash: 443
file: 76.68.146.89
hash: 2222
domain: rhiuit.shop
domain: srlemnhg.top
domain: rootino.top
domain: zxoms.top
domain: anxtaun.fit
domain: dumv.online
domain: dampg.shop
domain: permwgp.xyz
domain: recopcwr.top
domain: seruneqy.live
domain: siniavzv.life
domain: strujqwn.xyz
domain: net.botwork.africa
file: 122.51.22.201
hash: 40001
file: 8.148.30.197
hash: 4433
file: 157.90.209.107
hash: 7000
file: 77.48.28.216
hash: 137
file: 118.195.158.212
hash: 8888
file: 124.198.132.230
hash: 6606
url: https://fedrodj.top/xkdw
url: https://castdyt.pics/zajg
file: 45.74.10.14
hash: 80
file: 157.175.55.36
hash: 52057
file: 144.172.122.219
hash: 4323
file: 115.231.171.251
hash: 10001
file: 67.217.228.190
hash: 1433
file: 178.255.245.115
hash: 1233
file: 178.255.245.115
hash: 1234
file: 178.255.245.115
hash: 1235
url: http://bapican.com/bin/javascript/panel/five/fre.php
file: 41.103.185.6
hash: 999
domain: security.microsoftwindows.biz
domain: update.microsoftwindows.biz
domain: www.ag3battery.com
domain: www.cannabispatientcare.com
domain: www.crownmagnetics.com
domain: www.mediawick.com
domain: www.queirozdesign.com
domain: www.smallcartrailer.com
file: 103.125.248.109
hash: 2053
file: 103.125.248.109
hash: 443
file: 103.125.248.109
hash: 50469
file: 159.75.177.25
hash: 443
file: 213.209.150.214
hash: 8443
file: 8.137.36.127
hash: 80
url: https://tr.optionchain.dpdns.org
domain: tr.optionchain.dpdns.org
url: http://a1148213.xsph.ru/bb3998a1.php
file: 191.96.39.232
hash: 7000
file: 147.185.221.30
hash: 15149
file: 106.12.215.229
hash: 8099
file: 154.217.244.133
hash: 80
file: 115.126.49.18
hash: 2002
file: 45.144.137.60
hash: 8457
file: 180.76.55.45
hash: 443
file: 110.40.167.191
hash: 9888
file: 139.159.186.177
hash: 8099
file: 101.42.157.172
hash: 8087
file: 123.56.203.56
hash: 443
file: 8.130.123.140
hash: 8081
file: 47.117.94.240
hash: 443
file: 162.220.14.247
hash: 31337
file: 31.220.103.227
hash: 31337
file: 45.137.99.133
hash: 31337
file: 45.141.215.14
hash: 31337
file: 104.131.2.26
hash: 31337
file: 107.175.233.90
hash: 31337
file: 213.111.148.83
hash: 31337
file: 64.176.61.71
hash: 31337
file: 91.99.188.181
hash: 31337
file: 162.215.8.193
hash: 31337
file: 149.202.49.209
hash: 31337
file: 142.93.62.88
hash: 31337
file: 206.206.77.245
hash: 31337
file: 43.143.97.240
hash: 31337
file: 152.110.70.52
hash: 31337
file: 104.168.101.27
hash: 31337
file: 54.79.180.169
hash: 7634
file: 50.19.21.132
hash: 4063
file: 15.160.187.93
hash: 6667
file: 118.122.8.155
hash: 12423
file: 34.249.53.29
hash: 179
file: 43.218.42.17
hash: 32303
file: 18.212.190.49
hash: 4444
file: 81.47.107.246
hash: 6001
file: 3.15.2.69
hash: 11
file: 120.26.207.29
hash: 5433
file: 92.205.25.240
hash: 5172
file: 52.23.205.181
hash: 32764
file: 86.178.156.211
hash: 12345
file: 16.24.81.57
hash: 15
file: 37.45.26.188
hash: 47990
file: 37.45.26.188
hash: 4001
file: 95.8.9.136
hash: 1604
file: 185.75.240.211
hash: 4433
file: 185.75.240.211
hash: 6443
file: 51.15.240.114
hash: 9999
file: 167.160.161.158
hash: 3000
file: 207.246.115.233
hash: 80
file: 45.81.23.42
hash: 444
file: 105.111.225.70
hash: 1177
file: 91.4.34.242
hash: 80
url: http://35.199.30.104:8080/
url: https://94.156.177.41/mrt/five/pvqdq929bsx_a_d_m1n_a.php
url: http://45.74.10.14/
url: http://logrecovery.com/hmfd8ejds/login.php
url: https://13.124.220.164/phpmyadmin/index.php
url: https://www.b.sasha-solzhenicyn.ru/login
url: https://www.ucoxqdemo.fedor-turin.ru/login
url: https://banati.sasha-solzhenicyn.ru/login
url: https://pastebin.com/raw/w0sac0j9
domain: synoacoustic-32033.portmap.host
domain: testserver444.zapto.org
url: https://pastebin.com/raw/syq7ubnn
file: 23.94.232.5
hash: 3232
domain: mz.auth-cn.cn
url: http://www.085097.com/hx287/
url: http://www.2067lindavista.info/hx287/
url: http://www.artmaior.com/hx287/
url: http://www.bitcoinwalletco.com/hx287/
url: http://www.boardwnel.net/hx287/
url: http://www.c27be5aon.online/hx287/
url: http://www.cashusa-support.com/hx287/
url: http://www.chiru-atelier.com/hx287/
url: http://www.covpsychiz.com/hx287/
url: http://www.cpab-marbeuf.com/hx287/
url: http://www.creation--site--internet.com/hx287/
url: http://www.creditreportdr.com/hx287/
url: http://www.csmtasima.com/hx287/
url: http://www.despacho360.com/hx287/
url: http://www.divasofdesignboutique.com/hx287/
url: http://www.dtoo.ltd/hx287/
url: http://www.dyzns.com/hx287/
url: http://www.eiwqcorp.com/hx287/
url: http://www.garanthemedical.com/hx287/
url: http://www.globale-finance48.com/hx287/
url: http://www.globe-fish-test.net/hx287/
url: http://www.go2tips.com/hx287/
url: http://www.hbcyzmdj.com/hx287/
url: http://www.hibtp.com/hx287/
url: http://www.imagic-inc.net/hx287/
url: http://www.iphonex.city/hx287/
url: http://www.itaucard-descontos.net/hx287/
url: http://www.jbatherholt.net/hx287/
url: http://www.jinkou-sh.com/hx287/
url: http://www.karmes.net/hx287/
url: http://www.keepcrueltyhistory.com/hx287/
url: http://www.llong678.com/hx287/
url: http://www.lumiereinvestments.net/hx287/
url: http://www.m2glutenfree.com/hx287/
url: http://www.missionssummit.com/hx287/
url: http://www.mohecao.com/hx287/
url: http://www.neteducation4you.com/hx287/
url: http://www.news3039.gripe/hx287/
url: http://www.nhacaiw88.info/hx287/
url: http://www.novite-mebeli.info/hx287/
url: http://www.panama123456.com/hx287/
url: http://www.ponyblood.com/hx287/
url: http://www.qova.ltd/hx287/
url: http://www.seedsoffashion.com/hx287/
url: http://www.shop-kuyou.com/hx287/
url: http://www.sntzag.info/hx287/
url: http://www.solucionservihogar.com/hx287/
url: http://www.souzan-haddad.com/hx287/
url: http://www.styleswithrobin.com/hx287/
url: http://www.sunsetserenadenc.com/hx287/
url: http://www.talk2ipsos.com/hx287/
url: http://www.thebucktowntaproom.com/hx287/
url: http://www.tztauto.com/hx287/
url: http://www.unitedfinancesavings.com/hx287/
url: http://www.watchbracket.com/hx287/
url: http://www.whdebang.com/hx287/
url: http://www.whqrsj.com/hx287/
url: http://www.winchesuk.co.uk/hx287/
url: http://www.xiaoxiaoqi.net/hx287/
url: http://www.xn--0tr47cry2eihq.net/hx287/
url: http://www.yget.ltd/hx287/
url: http://www.yiyangguoji.com/hx287/
url: http://www.yizhiting.kim/hx287/
url: http://www.yourdiscountrealtor.com/hx287/
url: http://www.zixuetiandi.com/hx287/
domain: www.085097.com
domain: www.2067lindavista.info
domain: www.artmaior.com
domain: www.bitcoinwalletco.com
domain: www.boardwnel.net
domain: www.c27be5aon.online
domain: www.cashusa-support.com
domain: www.chiru-atelier.com
domain: www.covpsychiz.com
domain: www.cpab-marbeuf.com
domain: www.creation--site--internet.com
domain: www.creditreportdr.com
domain: www.csmtasima.com
domain: www.despacho360.com
domain: www.divasofdesignboutique.com
domain: www.dtoo.ltd
domain: www.dyzns.com
domain: www.eiwqcorp.com
domain: www.garanthemedical.com
domain: www.globale-finance48.com
domain: www.globe-fish-test.net
domain: www.go2tips.com
domain: www.hbcyzmdj.com
domain: www.hibtp.com
domain: www.imagic-inc.net
domain: www.iphonex.city
domain: www.itaucard-descontos.net
domain: www.jbatherholt.net
domain: www.jinkou-sh.com
domain: www.karmes.net
domain: www.keepcrueltyhistory.com
domain: www.llong678.com
domain: www.lumiereinvestments.net
domain: www.m2glutenfree.com
domain: www.missionssummit.com
domain: www.mohecao.com
domain: www.neteducation4you.com
domain: www.news3039.gripe
domain: www.nhacaiw88.info
domain: www.novite-mebeli.info
domain: www.panama123456.com
domain: www.ponyblood.com
domain: www.qova.ltd
domain: www.seedsoffashion.com
domain: www.shop-kuyou.com
domain: www.sntzag.info
domain: www.solucionservihogar.com
domain: www.souzan-haddad.com
domain: www.styleswithrobin.com
domain: www.sunsetserenadenc.com
domain: www.talk2ipsos.com
domain: www.thebucktowntaproom.com
domain: www.tztauto.com
domain: www.unitedfinancesavings.com
domain: www.watchbracket.com
domain: www.whdebang.com
domain: www.whqrsj.com
domain: www.winchesuk.co.uk
domain: www.xiaoxiaoqi.net
domain: www.xn--0tr47cry2eihq.net
domain: www.yget.ltd
domain: www.yiyangguoji.com
domain: www.yizhiting.kim
domain: www.yourdiscountrealtor.com
domain: www.zixuetiandi.com
url: https://drive.google.com/uc?export=download&id=1enlscbjf-fbsb-g8ee6b2wdwhqnjxklo
url: https://drive.google.com/uc?export=download&id=1ubpp222k8jvyf9t7-zpq3k6hj4uyvj6u
url: https://onedrive.live.com/download?cid=74f1199a49c3215b&resid=74f1199a49c3215b%21121&authkey=aoonymyk6cqk4tuy
url: https://temperoalternativo.com.br/xcx/newjan_wdarplcdz54.bin
domain: bot.exayte.xyz
domain: camelboat.n-e.kr
domain: cnc.cinquento.publicvm.com
domain: cnc.netjssaytcp.lat
domain: artist-presentations.gl.at.ply.gg
url: http://hurampronand.com/mlu/forum.php
url: http://probominku.ru/mlu/forum.php
url: http://theintrughe.ru/mlu/forum.php
domain: studies-integrated.gl.at.ply.gg
file: 172.245.152.196
hash: 29000
url: https://system6-mxe-ups3.com/gon9z2in7myqmn92dzx11cql.php
url: https://system6-mxe-ups3.com/p5pss34gvx21pxo0bz25vlqu.php
domain: crvmi-60976.portmap.io
domain: alternative-corporate.gl.at.ply.gg
domain: exploreativethinking.top
domain: geymej.top
domain: libdm.top
file: 117.50.175.19
hash: 80
file: 43.138.212.100
hash: 8011
file: 118.178.141.55
hash: 8888
file: 86.54.25.83
hash: 9000
file: 38.54.104.51
hash: 8082
domain: ec2-18-163-127-62.ap-east-1.compute.amazonaws.com
file: 63.179.1.26
hash: 789
file: 51.17.21.189
hash: 3306
domain: sso.office.safelogins.su
url: https://rubeuiq.pics/tkka
url: https://karapvc.pics/gkld
url: https://posteqz.top/aoot
url: https://t.me/lylajuipo
url: https://t.me/tdfydfv
url: https://cometopa.top/xlda
url: https://t.me/fdsydfghb4545
url: http://cs61835.tw1.ru/213068e3.php
domain: jptech202.ddnsking.com
url: https://wrfygsi.lat/xxaz
domain: mail-eco.gl.at.ply.gg
domain: startitit2-23969.portmap.host
file: 154.9.27.26
hash: 80
file: 89.110.96.140
hash: 5000
file: 34.96.165.237
hash: 443
file: 83.222.191.98
hash: 15647
file: 83.222.191.195
hash: 15647
file: 181.162.189.191
hash: 8080
file: 65.38.120.67
hash: 8921
file: 148.251.157.116
hash: 443
file: 54.78.57.178
hash: 10810
file: 13.245.111.102
hash: 81
file: 13.245.111.102
hash: 831
file: 35.163.114.205
hash: 44818
file: 209.141.47.199
hash: 7443
url: https://permwgp.xyz/xlak
url: https://recopcwr.top/atki
url: https://seruneqy.live/akiz
url: https://siniavzv.life/xajz
url: https://strujqwn.xyz/xkkd
url: https://rhiuit.shop/agpr
url: https://rootino.top/tqoi
file: 2.50.15.192
hash: 443
url: https://srlemnhg.top/adxd
file: 94.99.6.15
hash: 443
file: 103.125.248.109
hash: 8443

Source: ThreatFox MISP Feed

Published: Sat Jul 19 2025

ThreatFox IOCs for 2025-07-19

Medium

Malwaretype:osint tlp:white

Published: Sat Jul 19 2025 (07/19/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-07-19

AI-Powered Analysis

AILast updated: 07/20/2025, 00:31:12 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: a5e5d229-cab9-4696-a89d-6ba1c945274d
Original Timestamp: 1752969785

Indicators of Compromise

Url

Value	Description	Copy
urlhttps://eventpiggy.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://clickgotheshears.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://synergeahealthcentre.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://royallinefrenchies.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://kortojura.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://kevinleeart.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://digitaj.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://coursecomrade.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://cliniquemedicalerichelieu.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://bellevillepaddlingclub.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://augustinianabbey.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://almondtreehill.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://uasdivision.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://explodingfishamerica.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://sexologoconsulta.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://myoptimalbest.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://lesoiseauxivres.com/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://windsorcancerresearch.ca/work/downloader.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttp://devtools.bond/work/original.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://manwithedhelp.top/files/loop.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://manwithedhelp.top/files/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jiezishijie.top/files/index.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jiezishijie.top/files/vi.php	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://jiezishijie.top/files/loop.js	FAKEUPDATES payload delivery URL (confidence level: 100%)
urlhttps://hopeldo.com/flare.msi	Unknown malware payload delivery URL (confidence level: 100%)
urlhttps://abtsi.com/4r2e.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttp://94.156.114.219/8usa.sh	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://buildingjobs.xyz/tag/buffer.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttp://ignifugacionsarguix.com:80/lal.ps1	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://ignifugacionsarguix.com/momo.zip	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://t.me/partisanclan	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://cichau.lat/agbn	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://thoqp.lat/zidw	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://982361cm.nyash.es/imagelinelongpolldefaultdbuploads.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://bluepxd.shop/xait	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://ct51064.tw1.ru/l1nc0in.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://shoesmom.xyz/bin.php	Unknown Loader botnet C2 (confidence level: 100%)
urlhttps://fedrodj.top/xkdw	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://castdyt.pics/zajg	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttp://bapican.com/bin/javascript/panel/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttps://tr.optionchain.dpdns.org	Vidar botnet C2 (confidence level: 75%)
urlhttp://a1148213.xsph.ru/bb3998a1.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://35.199.30.104:8080/	Chaos botnet C2 (confidence level: 50%)
urlhttps://94.156.177.41/mrt/five/pvqdq929bsx_a_d_m1n_a.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 50%)
urlhttp://45.74.10.14/	Hook botnet C2 (confidence level: 50%)
urlhttp://logrecovery.com/hmfd8ejds/login.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://13.124.220.164/phpmyadmin/index.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://www.b.sasha-solzhenicyn.ru/login	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://www.ucoxqdemo.fedor-turin.ru/login	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://banati.sasha-solzhenicyn.ru/login	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/w0sac0j9	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/syq7ubnn	DCRat botnet C2 (confidence level: 50%)
urlhttp://www.085097.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.2067lindavista.info/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.artmaior.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.bitcoinwalletco.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.boardwnel.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.c27be5aon.online/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cashusa-support.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.chiru-atelier.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.covpsychiz.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.cpab-marbeuf.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.creation--site--internet.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.creditreportdr.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.csmtasima.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.despacho360.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.divasofdesignboutique.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dtoo.ltd/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dyzns.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eiwqcorp.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.garanthemedical.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.globale-finance48.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.globe-fish-test.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.go2tips.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hbcyzmdj.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hibtp.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.imagic-inc.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iphonex.city/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itaucard-descontos.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.jbatherholt.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.jinkou-sh.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.karmes.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.keepcrueltyhistory.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.llong678.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lumiereinvestments.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.m2glutenfree.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.missionssummit.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mohecao.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.neteducation4you.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.news3039.gripe/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.nhacaiw88.info/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.novite-mebeli.info/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.panama123456.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ponyblood.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.qova.ltd/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.seedsoffashion.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.shop-kuyou.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sntzag.info/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.solucionservihogar.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.souzan-haddad.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.styleswithrobin.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sunsetserenadenc.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.talk2ipsos.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.thebucktowntaproom.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.tztauto.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.unitedfinancesavings.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.watchbracket.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.whdebang.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.whqrsj.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.winchesuk.co.uk/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xiaoxiaoqi.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.xn--0tr47cry2eihq.net/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yget.ltd/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yiyangguoji.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yizhiting.kim/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yourdiscountrealtor.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zixuetiandi.com/hx287/	Formbook botnet C2 (confidence level: 50%)
urlhttps://drive.google.com/uc?export=download&id=1enlscbjf-fbsb-g8ee6b2wdwhqnjxklo	Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://drive.google.com/uc?export=download&id=1ubpp222k8jvyf9t7-zpq3k6hj4uyvj6u	Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://onedrive.live.com/download?cid=74f1199a49c3215b&resid=74f1199a49c3215b%21121&authkey=aoonymyk6cqk4tuy	Unknown Loader payload delivery URL (confidence level: 50%)
urlhttps://temperoalternativo.com.br/xcx/newjan_wdarplcdz54.bin	Unknown Loader payload delivery URL (confidence level: 50%)
urlhttp://hurampronand.com/mlu/forum.php	Pony botnet C2 (confidence level: 50%)
urlhttp://probominku.ru/mlu/forum.php	Pony botnet C2 (confidence level: 50%)
urlhttp://theintrughe.ru/mlu/forum.php	Pony botnet C2 (confidence level: 50%)
urlhttps://system6-mxe-ups3.com/gon9z2in7myqmn92dzx11cql.php	StrongPity botnet C2 (confidence level: 50%)
urlhttps://system6-mxe-ups3.com/p5pss34gvx21pxo0bz25vlqu.php	StrongPity botnet C2 (confidence level: 50%)
urlhttps://rubeuiq.pics/tkka	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://karapvc.pics/gkld	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://posteqz.top/aoot	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/lylajuipo	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/tdfydfv	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cometopa.top/xlda	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/fdsydfghb4545	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://cs61835.tw1.ru/213068e3.php	DCRat botnet C2 (confidence level: 100%)
urlhttps://wrfygsi.lat/xxaz	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://permwgp.xyz/xlak	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://recopcwr.top/atki	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://seruneqy.live/akiz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://siniavzv.life/xajz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://strujqwn.xyz/xkkd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rhiuit.shop/agpr	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://rootino.top/tqoi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://srlemnhg.top/adxd	Lumma Stealer botnet C2 (confidence level: 75%)

Domain

Value	Description	Copy
domainrose-pole-chip.pages.dev	Unknown malware payload delivery domain (confidence level: 100%)
domainsugarpotfun.fly.storage.tigris.dev	Unknown malware payload delivery domain (confidence level: 100%)
domainvendictio.com	Unknown malware payload delivery domain (confidence level: 50%)
domainmanwithedhelp.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainjiezishijie.top	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainsecurity.gwardfilaer.com	Unknown malware payload delivery domain (confidence level: 100%)
domainhopeldo.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.flmesecgaurd.com	Unknown malware payload delivery domain (confidence level: 100%)
domainfermigz.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.falagyrarde.com	Unknown malware payload delivery domain (confidence level: 100%)
domainoldinax.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.folagaiurd.com	Unknown malware payload delivery domain (confidence level: 100%)
domainnenilac.com	Unknown malware payload delivery domain (confidence level: 100%)
domainanalyticacnodec.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.flwcereguaard.com	Unknown malware payload delivery domain (confidence level: 100%)
domaintepolix.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.fleapecguadr.com	Unknown malware payload delivery domain (confidence level: 100%)
domainrepoloik.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.gvaerdflarle.com	Unknown malware payload delivery domain (confidence level: 100%)
domainkapoleq.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.fanlareguward.com	Unknown malware payload delivery domain (confidence level: 100%)
domainholandeso.com	Unknown malware payload delivery domain (confidence level: 100%)
domainsecurity.fhaugaaurd.com	Unknown malware payload delivery domain (confidence level: 100%)
domainnenopizo.com	Unknown malware payload delivery domain (confidence level: 100%)
domainlebensversicherungvergleich.top	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainjaviergomezmontero.eu	Unknown malware payload delivery domain (confidence level: 100%)
domaingtl.ci	Unknown malware payload delivery domain (confidence level: 100%)
domainmadeinci.ci	Unknown malware payload delivery domain (confidence level: 100%)
domainretcap.eu	Unknown malware payload delivery domain (confidence level: 100%)
domainbleulab.ci	Unknown malware payload delivery domain (confidence level: 100%)
domainardiellifornasa.ge	Unknown malware payload delivery domain (confidence level: 100%)
domainclasoftmedia.ci	Unknown malware payload delivery domain (confidence level: 100%)
domaincentroecoformativosanmartin.eu	Unknown malware payload delivery domain (confidence level: 100%)
domaingomezmontero.eu	Unknown malware payload delivery domain (confidence level: 100%)
domainrafelink.life	Unknown malware payload delivery domain (confidence level: 100%)
domaincloudflare.blazing-cloud.com	Unknown malware payload delivery domain (confidence level: 100%)
domainbuildingjobs.xyz	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainignifugacionsarguix.com	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainsecurity.fjarlegiuard.com	Unknown malware payload delivery domain (confidence level: 100%)
domainnoswexa.com	Unknown malware payload delivery domain (confidence level: 100%)
domaininventscience.st	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.haoxueaibang.com	Cobalt Strike botnet C2 domain (confidence level: 100%)
domainanonuevovidanueva20212021.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainguardameplata.kozow.com	Remcos botnet C2 domain (confidence level: 100%)
domainkarenmuir.hopto.org	Remcos botnet C2 domain (confidence level: 100%)
domainyessir12.duckdns.org	Quasar RAT botnet C2 domain (confidence level: 100%)
domainfnahaga-41990.portmap.io	Quasar RAT botnet C2 domain (confidence level: 100%)
domainalekzhero.no-ip.org	CyberGate botnet C2 domain (confidence level: 100%)
domainhblive.help	Unknown RAT botnet C2 domain (confidence level: 100%)
domaineplive.help	Unknown RAT botnet C2 domain (confidence level: 100%)
domainmdycare.help	Unknown RAT botnet C2 domain (confidence level: 100%)
domainrhiuit.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsrlemnhg.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrootino.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainzxoms.top	Joker payload delivery domain (confidence level: 100%)
domainanxtaun.fit	Joker payload delivery domain (confidence level: 100%)
domaindumv.online	Joker payload delivery domain (confidence level: 100%)
domaindampg.shop	Joker payload delivery domain (confidence level: 100%)
domainpermwgp.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainrecopcwr.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainseruneqy.live	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsiniavzv.life	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainstrujqwn.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnet.botwork.africa	MooBot botnet C2 domain (confidence level: 100%)
domainsecurity.microsoftwindows.biz	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainupdate.microsoftwindows.biz	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.ag3battery.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.cannabispatientcare.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.crownmagnetics.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.mediawick.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.queirozdesign.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainwww.smallcartrailer.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaintr.optionchain.dpdns.org	Vidar botnet C2 domain (confidence level: 75%)
domainsynoacoustic-32033.portmap.host	DarkComet botnet C2 domain (confidence level: 50%)
domaintestserver444.zapto.org	DarkComet botnet C2 domain (confidence level: 50%)
domainmz.auth-cn.cn	Unknown malware botnet C2 domain (confidence level: 50%)
domainwww.085097.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.2067lindavista.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.artmaior.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.bitcoinwalletco.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.boardwnel.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.c27be5aon.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cashusa-support.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.chiru-atelier.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.covpsychiz.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.cpab-marbeuf.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.creation--site--internet.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.creditreportdr.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.csmtasima.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.despacho360.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.divasofdesignboutique.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dtoo.ltd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dyzns.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eiwqcorp.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.garanthemedical.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.globale-finance48.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.globe-fish-test.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.go2tips.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hbcyzmdj.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hibtp.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.imagic-inc.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iphonex.city	Formbook botnet C2 domain (confidence level: 50%)
domainwww.itaucard-descontos.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.jbatherholt.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.jinkou-sh.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.karmes.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.keepcrueltyhistory.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.llong678.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lumiereinvestments.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.m2glutenfree.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.missionssummit.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mohecao.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.neteducation4you.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.news3039.gripe	Formbook botnet C2 domain (confidence level: 50%)
domainwww.nhacaiw88.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.novite-mebeli.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.panama123456.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ponyblood.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.qova.ltd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.seedsoffashion.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.shop-kuyou.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sntzag.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.solucionservihogar.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.souzan-haddad.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.styleswithrobin.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sunsetserenadenc.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.talk2ipsos.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.thebucktowntaproom.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.tztauto.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.unitedfinancesavings.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.watchbracket.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.whdebang.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.whqrsj.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.winchesuk.co.uk	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xiaoxiaoqi.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.xn--0tr47cry2eihq.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yget.ltd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yiyangguoji.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yizhiting.kim	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yourdiscountrealtor.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.zixuetiandi.com	Formbook botnet C2 domain (confidence level: 50%)
domainbot.exayte.xyz	Mirai botnet C2 domain (confidence level: 50%)
domaincamelboat.n-e.kr	Mirai botnet C2 domain (confidence level: 50%)
domaincnc.cinquento.publicvm.com	Mirai botnet C2 domain (confidence level: 50%)
domaincnc.netjssaytcp.lat	Mirai botnet C2 domain (confidence level: 50%)
domainartist-presentations.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 50%)
domainstudies-integrated.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 50%)
domaincrvmi-60976.portmap.io	XenoRAT botnet C2 domain (confidence level: 50%)
domainalternative-corporate.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainexploreativethinking.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingeymej.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlibdm.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainec2-18-163-127-62.ap-east-1.compute.amazonaws.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainsso.office.safelogins.su	Unknown malware botnet C2 domain (confidence level: 100%)
domainjptech202.ddnsking.com	XWorm botnet C2 domain (confidence level: 100%)
domainmail-eco.gl.at.ply.gg	RedLine Stealer botnet C2 domain (confidence level: 100%)
domainstartitit2-23969.portmap.host	NjRAT botnet C2 domain (confidence level: 100%)

File

Value	Description	Copy
file159.203.30.200	Cobalt Strike botnet C2 server (confidence level: 100%)
file137.220.232.142	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.13.187.97	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.65.149.160	Sliver botnet C2 server (confidence level: 100%)
file89.110.96.140	Sliver botnet C2 server (confidence level: 100%)
file95.216.78.61	AsyncRAT botnet C2 server (confidence level: 100%)
file172.94.9.85	AsyncRAT botnet C2 server (confidence level: 100%)
file45.81.23.42	AsyncRAT botnet C2 server (confidence level: 100%)
file172.105.121.80	Unknown malware botnet C2 server (confidence level: 100%)
file188.226.220.215	Havoc botnet C2 server (confidence level: 100%)
file23.92.20.65	Havoc botnet C2 server (confidence level: 100%)
file178.159.43.123	Havoc botnet C2 server (confidence level: 100%)
file18.100.143.170	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file102.96.149.206	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file104.167.16.88	AdaptixC2 botnet C2 server (confidence level: 100%)
file40.113.165.132	Empire Downloader botnet C2 server (confidence level: 100%)
file155.94.155.151	Latrodectus botnet C2 server (confidence level: 90%)
file93.88.203.171	Cobalt Strike botnet C2 server (confidence level: 75%)
file47.83.197.12	ValleyRAT botnet C2 server (confidence level: 100%)
file82.156.150.140	Cobalt Strike botnet C2 server (confidence level: 100%)
file101.42.187.157	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.178.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.204.178.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file87.106.235.201	AsyncRAT botnet C2 server (confidence level: 100%)
file137.220.54.244	Unknown malware botnet C2 server (confidence level: 100%)
file14.241.163.8	Unknown malware botnet C2 server (confidence level: 100%)
file217.12.204.47	SectopRAT botnet C2 server (confidence level: 100%)
file103.249.132.235	SectopRAT botnet C2 server (confidence level: 100%)
file117.50.175.19	Unknown malware botnet C2 server (confidence level: 100%)
file47.112.137.119	Unknown malware botnet C2 server (confidence level: 100%)
file172.174.235.232	Unknown malware botnet C2 server (confidence level: 100%)
file41.216.189.133	Unknown malware botnet C2 server (confidence level: 100%)
file3.17.37.14	Unknown malware botnet C2 server (confidence level: 100%)
file91.107.212.226	Unknown malware botnet C2 server (confidence level: 100%)
file24.11.76.114	Unknown malware botnet C2 server (confidence level: 100%)
file91.99.167.240	Unknown malware botnet C2 server (confidence level: 100%)
file3.144.157.69	Unknown malware botnet C2 server (confidence level: 100%)
file217.154.211.73	Unknown malware botnet C2 server (confidence level: 100%)
file13.37.213.95	Unknown malware botnet C2 server (confidence level: 100%)
file20.57.103.111	Unknown malware botnet C2 server (confidence level: 100%)
file135.181.154.102	Unknown malware botnet C2 server (confidence level: 100%)
file4.234.185.53	Unknown malware botnet C2 server (confidence level: 100%)
file185.170.112.144	Unknown malware botnet C2 server (confidence level: 100%)
file185.113.249.72	Unknown malware botnet C2 server (confidence level: 100%)
file147.135.252.120	Unknown malware botnet C2 server (confidence level: 100%)
file3.231.72.153	Unknown malware botnet C2 server (confidence level: 100%)
file212.59.240.179	Unknown malware botnet C2 server (confidence level: 100%)
file139.59.138.129	Unknown malware botnet C2 server (confidence level: 100%)
file67.217.228.190	BianLian botnet C2 server (confidence level: 100%)
file1.94.56.245	Xtreme RAT botnet C2 server (confidence level: 100%)
file148.66.7.234	ValleyRAT botnet C2 server (confidence level: 100%)
file5.181.187.10	XWorm botnet C2 server (confidence level: 100%)
file45.80.158.242	Remcos botnet C2 server (confidence level: 100%)
file148.66.7.234	ValleyRAT botnet C2 server (confidence level: 100%)
file148.66.7.234	ValleyRAT botnet C2 server (confidence level: 100%)
file90.184.86.99	CyberGate botnet C2 server (confidence level: 100%)
file85.208.84.21	Aurotun Stealer botnet C2 server (confidence level: 100%)
file120.25.209.147	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.116.181.81	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.125.248.109	Cobalt Strike botnet C2 server (confidence level: 100%)
file123.56.87.43	Cobalt Strike botnet C2 server (confidence level: 100%)
file172.245.152.196	Remcos botnet C2 server (confidence level: 75%)
file38.190.224.58	Cobalt Strike botnet C2 server (confidence level: 100%)
file143.92.49.47	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.137.36.127	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.94.171.142	AsyncRAT botnet C2 server (confidence level: 100%)
file47.113.229.193	DCRat botnet C2 server (confidence level: 100%)
file139.64.5.15	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.247.190.233	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file183.66.27.28	AdaptixC2 botnet C2 server (confidence level: 100%)
file220.133.105.146	Xtreme RAT botnet C2 server (confidence level: 100%)
file123.60.130.140	Xtreme RAT botnet C2 server (confidence level: 100%)
file38.146.25.54	Rhadamanthys botnet C2 server (confidence level: 100%)
file45.76.155.161	Havoc botnet C2 server (confidence level: 75%)
file54.157.151.187	DeimosC2 botnet C2 server (confidence level: 75%)
file76.68.146.89	QakBot botnet C2 server (confidence level: 75%)
file122.51.22.201	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.148.30.197	Cobalt Strike botnet C2 server (confidence level: 100%)
file157.90.209.107	XWorm botnet C2 server (confidence level: 100%)
file77.48.28.216	Remcos botnet C2 server (confidence level: 100%)
file118.195.158.212	Unknown malware botnet C2 server (confidence level: 100%)
file124.198.132.230	AsyncRAT botnet C2 server (confidence level: 100%)
file45.74.10.14	Hook botnet C2 server (confidence level: 100%)
file157.175.55.36	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file144.172.122.219	AdaptixC2 botnet C2 server (confidence level: 100%)
file115.231.171.251	Xtreme RAT botnet C2 server (confidence level: 100%)
file67.217.228.190	BianLian botnet C2 server (confidence level: 100%)
file178.255.245.115	ValleyRAT botnet C2 server (confidence level: 100%)
file178.255.245.115	ValleyRAT botnet C2 server (confidence level: 100%)
file178.255.245.115	ValleyRAT botnet C2 server (confidence level: 100%)
file41.103.185.6	NjRAT botnet C2 server (confidence level: 100%)
file103.125.248.109	Cobalt Strike botnet C2 server (confidence level: 75%)
file103.125.248.109	Cobalt Strike botnet C2 server (confidence level: 75%)
file103.125.248.109	Cobalt Strike botnet C2 server (confidence level: 75%)
file159.75.177.25	Cobalt Strike botnet C2 server (confidence level: 75%)
file213.209.150.214	Cobalt Strike botnet C2 server (confidence level: 75%)
file8.137.36.127	Cobalt Strike botnet C2 server (confidence level: 75%)
file191.96.39.232	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.30	RedLine Stealer botnet C2 server (confidence level: 100%)
file106.12.215.229	Cobalt Strike botnet C2 server (confidence level: 50%)
file154.217.244.133	Cobalt Strike botnet C2 server (confidence level: 50%)
file115.126.49.18	Cobalt Strike botnet C2 server (confidence level: 50%)
file45.144.137.60	Cobalt Strike botnet C2 server (confidence level: 50%)
file180.76.55.45	Cobalt Strike botnet C2 server (confidence level: 50%)
file110.40.167.191	Cobalt Strike botnet C2 server (confidence level: 50%)
file139.159.186.177	Cobalt Strike botnet C2 server (confidence level: 50%)
file101.42.157.172	Cobalt Strike botnet C2 server (confidence level: 50%)
file123.56.203.56	Cobalt Strike botnet C2 server (confidence level: 50%)
file8.130.123.140	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.117.94.240	Cobalt Strike botnet C2 server (confidence level: 50%)
file162.220.14.247	Sliver botnet C2 server (confidence level: 50%)
file31.220.103.227	Sliver botnet C2 server (confidence level: 50%)
file45.137.99.133	Sliver botnet C2 server (confidence level: 50%)
file45.141.215.14	Sliver botnet C2 server (confidence level: 50%)
file104.131.2.26	Sliver botnet C2 server (confidence level: 50%)
file107.175.233.90	Sliver botnet C2 server (confidence level: 50%)
file213.111.148.83	Sliver botnet C2 server (confidence level: 50%)
file64.176.61.71	Sliver botnet C2 server (confidence level: 50%)
file91.99.188.181	Sliver botnet C2 server (confidence level: 50%)
file162.215.8.193	Sliver botnet C2 server (confidence level: 50%)
file149.202.49.209	Sliver botnet C2 server (confidence level: 50%)
file142.93.62.88	Sliver botnet C2 server (confidence level: 50%)
file206.206.77.245	Sliver botnet C2 server (confidence level: 50%)
file43.143.97.240	Sliver botnet C2 server (confidence level: 50%)
file152.110.70.52	Sliver botnet C2 server (confidence level: 50%)
file104.168.101.27	Sliver botnet C2 server (confidence level: 50%)
file54.79.180.169	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file50.19.21.132	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file15.160.187.93	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file118.122.8.155	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file34.249.53.29	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file43.218.42.17	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file18.212.190.49	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file81.47.107.246	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file3.15.2.69	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file120.26.207.29	Unknown malware botnet C2 server (confidence level: 50%)
file92.205.25.240	Unknown malware botnet C2 server (confidence level: 50%)
file52.23.205.181	Unknown malware botnet C2 server (confidence level: 50%)
file86.178.156.211	Unknown malware botnet C2 server (confidence level: 50%)
file16.24.81.57	Unknown malware botnet C2 server (confidence level: 50%)
file37.45.26.188	DarkComet botnet C2 server (confidence level: 50%)
file37.45.26.188	DarkComet botnet C2 server (confidence level: 50%)
file95.8.9.136	DarkComet botnet C2 server (confidence level: 50%)
file185.75.240.211	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file185.75.240.211	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file51.15.240.114	Unknown malware botnet C2 server (confidence level: 50%)
file167.160.161.158	Unknown malware botnet C2 server (confidence level: 50%)
file207.246.115.233	Unknown Stealer botnet C2 server (confidence level: 50%)
file45.81.23.42	AsyncRAT botnet C2 server (confidence level: 50%)
file105.111.225.70	NjRAT botnet C2 server (confidence level: 50%)
file91.4.34.242	Ghost RAT botnet C2 server (confidence level: 50%)
file23.94.232.5	DCRat botnet C2 server (confidence level: 50%)
file172.245.152.196	Remcos botnet C2 server (confidence level: 50%)
file117.50.175.19	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.212.100	Ghost RAT botnet C2 server (confidence level: 100%)
file118.178.141.55	Sliver botnet C2 server (confidence level: 100%)
file86.54.25.83	SectopRAT botnet C2 server (confidence level: 100%)
file38.54.104.51	Hook botnet C2 server (confidence level: 100%)
file63.179.1.26	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file51.17.21.189	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file154.9.27.26	Cobalt Strike botnet C2 server (confidence level: 100%)
file89.110.96.140	Sliver botnet C2 server (confidence level: 100%)
file34.96.165.237	Sliver botnet C2 server (confidence level: 100%)
file83.222.191.98	SectopRAT botnet C2 server (confidence level: 100%)
file83.222.191.195	SectopRAT botnet C2 server (confidence level: 100%)
file181.162.189.191	Quasar RAT botnet C2 server (confidence level: 100%)
file65.38.120.67	Quasar RAT botnet C2 server (confidence level: 100%)
file148.251.157.116	Havoc botnet C2 server (confidence level: 100%)
file54.78.57.178	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.245.111.102	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file13.245.111.102	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file35.163.114.205	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file209.141.47.199	Unknown malware botnet C2 server (confidence level: 100%)
file2.50.15.192	QakBot botnet C2 server (confidence level: 75%)
file94.99.6.15	QakBot botnet C2 server (confidence level: 75%)
file103.125.248.109	Cobalt Strike botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash25364	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1888	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash5900	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 100%)
hash443	Empire Downloader botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash7777	ValleyRAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash33334	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash4444	Unknown malware botnet C2 server (confidence level: 100%)
hash10443	BianLian botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash08269846bf389efe2f5a58d4fc2cd48538aab5e0fa868ff1205524bcfa7e6d64	Lumma Stealer payload (confidence level: 100%)
hashbadbf65775ddf265a3dd2eeb5dae28d29b13158a0a5f153bc6b80320eaae9766	Lumma Stealer payload (confidence level: 100%)
hash8d6b78d770af35d4622a72ad847121ec531042ae5642df9ac4fbd8b85199a581	Lumma Stealer payload (confidence level: 100%)
hash166c79e0d3ea6319d4b1c4d12154e271c6d9bb87e174ff7fbc5a4d6faccd1e30	Lumma Stealer payload (confidence level: 100%)
hash8702f84bdf875fa7f1bfcbcdf11c2c4097dc2c93aecf9a12008a2fd3c8b53fde	Lumma Stealer payload (confidence level: 100%)
hash9478d10fb87adcced07561c8aa4ee8bb6ae857f65d0c1a630c1afa1abce37e86	Lumma Stealer payload (confidence level: 100%)
hashe60414d67ff81e1f95a3bf0b416471371c8a461e9d3e017c0a0850d0ad2b5852	Lumma Stealer payload (confidence level: 100%)
hashd6a421eb706f7b3318475541756fbb4254cc0831d795c3fb76807139f3991e06	Lumma Stealer payload (confidence level: 100%)
hasha4654cbbf7f64af65a452dc70a05dbd32359406d4e9b0195826e9615715c999a	Lumma Stealer payload (confidence level: 100%)
hash9099761b716865dbca9b3973c68b904df16372e12cbdcd75d15a48749478ae9e	Lumma Stealer payload (confidence level: 100%)
hash59229303015430109b451aeb1fcce3b98349f470d5e6cf3169cd62606b619b2d	Lumma Stealer payload (confidence level: 100%)
hashbc7bf26711d0bad8a51f903f75b59015a3c7d0662f1f096b0d4775af3d2bd965	Lumma Stealer payload (confidence level: 100%)
hash8640864679750681acde4a1831ce48692f0b93e47b2ee39fdb448413859fbe64	Lumma Stealer payload (confidence level: 100%)
hashb22a2c371d52753d255106381d2cb6739e5efd183d737d65071db26ae3da7601	Lumma Stealer payload (confidence level: 100%)
hash6ba5f1dc0e088a8552e4d074701b15a54ffe8d431195b64db81d1a29dc11540e	Lumma Stealer payload (confidence level: 100%)
hashc7edea59866d59231136bf764c7fb5aba2059fcd1cbac5c449571c32ede43614	Lumma Stealer payload (confidence level: 100%)
hashae234a293a1a8f1e4b8e2fd573006c638326883d4c75f6295448d577bf10daa4	Lumma Stealer payload (confidence level: 100%)
hashc6843cc74e5a99e42564523420b5f7ed21c3ffc3fb8254d56dedceb24cc8a43c	Lumma Stealer payload (confidence level: 100%)
hash08d1bd15aa93c61a881b5fe78a58a36a1550299d166644b616ee05dc68161b88	Lumma Stealer payload (confidence level: 100%)
hash9252554a1b23a6176d96112dc681cbcc770ca5f145997400cdece5c1857fbcd2	Lumma Stealer payload (confidence level: 100%)
hashe10dfec034a6b02f742d6ad433eb8093dcae1146c4a6770de6d6d2d5b72e2098	Lumma Stealer payload (confidence level: 100%)
hash64d6d6f8d4b8911e0f4ba9030382ca1664d7eba8775d00544d56e2dc336208da	Lumma Stealer payload (confidence level: 100%)
hash6920efd832e31f0ff94436c4242f00443dc3d3df4511a6fbaa8b899767bdb001	Lumma Stealer payload (confidence level: 100%)
hash33635d2e6d00ec50497def4568a33bf742a396e322498997b9524d9f2e0f38e1	Lumma Stealer payload (confidence level: 100%)
hash6d75b4922025d7859a1a5722b621b2f24de54a1a5329d0c8781839bf6255a717	Lumma Stealer payload (confidence level: 100%)
hash51c317b6902b8eba36bfe0d3fd37ea678db221c01dfe9fa449ed2c901e82ae29	Lumma Stealer payload (confidence level: 100%)
hash21be34122cdc4d173da4d143dd3d1930307086feabd72f6285f453d33e564337	Lumma Stealer payload (confidence level: 100%)
hash5f7b59096b1a70db5188a4fb4ca373242c034eade5cdd8bfe6cfe99ea2ac04d2	Lumma Stealer payload (confidence level: 100%)
hashc9af11b7e32d2a3891c842e5e547427ddd3f682eb3a55c1f0a2aa98b225615e5	Lumma Stealer payload (confidence level: 100%)
hash441	ValleyRAT botnet C2 server (confidence level: 100%)
hash1337	XWorm botnet C2 server (confidence level: 100%)
hash2024	Remcos botnet C2 server (confidence level: 100%)
hash442	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	ValleyRAT botnet C2 server (confidence level: 100%)
hash6200	CyberGate botnet C2 server (confidence level: 100%)
hash23675	Aurotun Stealer botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash31000	Remcos botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8089	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8580	AsyncRAT botnet C2 server (confidence level: 100%)
hash8080	DCRat botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8013	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash58476	AdaptixC2 botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash9100	Rhadamanthys botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash40001	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4433	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash137	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash52057	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash4323	AdaptixC2 botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash1433	BianLian botnet C2 server (confidence level: 100%)
hash1233	ValleyRAT botnet C2 server (confidence level: 100%)
hash1234	ValleyRAT botnet C2 server (confidence level: 100%)
hash1235	ValleyRAT botnet C2 server (confidence level: 100%)
hash999	NjRAT botnet C2 server (confidence level: 100%)
hash2053	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash50469	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash15149	RedLine Stealer botnet C2 server (confidence level: 100%)
hash8099	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2002	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8457	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash9888	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8099	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8087	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash7634	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4063	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6667	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash12423	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash179	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash32303	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash4444	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash11	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5433	Unknown malware botnet C2 server (confidence level: 50%)
hash5172	Unknown malware botnet C2 server (confidence level: 50%)
hash32764	Unknown malware botnet C2 server (confidence level: 50%)
hash12345	Unknown malware botnet C2 server (confidence level: 50%)
hash15	Unknown malware botnet C2 server (confidence level: 50%)
hash47990	DarkComet botnet C2 server (confidence level: 50%)
hash4001	DarkComet botnet C2 server (confidence level: 50%)
hash1604	DarkComet botnet C2 server (confidence level: 50%)
hash4433	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash6443	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash9999	Unknown malware botnet C2 server (confidence level: 50%)
hash3000	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown Stealer botnet C2 server (confidence level: 50%)
hash444	AsyncRAT botnet C2 server (confidence level: 50%)
hash1177	NjRAT botnet C2 server (confidence level: 50%)
hash80	Ghost RAT botnet C2 server (confidence level: 50%)
hash3232	DCRat botnet C2 server (confidence level: 50%)
hash29000	Remcos botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8011	Ghost RAT botnet C2 server (confidence level: 100%)
hash8888	Sliver botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash789	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3306	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5000	Sliver botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash15647	SectopRAT botnet C2 server (confidence level: 100%)
hash15647	SectopRAT botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash8921	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash10810	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash81	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash831	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash44818	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 75%)

Threat ID: 687c353da83201eaacfff7f6

Added to database: 7/20/2025, 12:15:57 AM

Last enriched: 7/20/2025, 12:31:12 AM

Last updated: 7/20/2025, 1:45:57 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-07-19

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-07-19

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Related Threats

Authorities released free decryptor for Phobos and 8base ransomware

ThreatFox IOCs for 2025-07-18

LameHug: first AI-Powered malware linked to Russia’s APT28

Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility