ThreatFox IOCs for 2025-07-22
Severity: mediumType: malware
ThreatFox IOCs for 2025-07-22
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-07-22 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit targeting a particular product or version. No affected software versions are listed, no patches are available, and no known exploits in the wild have been reported. The threat level is indicated as medium (threatLevel 2), with moderate distribution (3) and minimal analysis (1), suggesting that the information is preliminary or part of ongoing intelligence gathering. The absence of concrete technical details, such as specific malware families, attack vectors, or payload characteristics, limits the ability to provide a detailed technical breakdown. However, the emphasis on OSINT and network activity implies that these IOCs could be related to reconnaissance or early-stage intrusion activities, potentially used to identify vulnerable targets or deliver malicious payloads. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, which is typical for OSINT data. Overall, this threat intelligence feed serves as an early warning or situational awareness tool rather than describing an active, exploitable vulnerability or malware campaign.
Potential Impact
For European organizations, the impact of these IOCs depends largely on their ability to detect and respond to network reconnaissance and payload delivery attempts. Since no specific exploit or malware strain is identified, the direct impact is uncertain but could include increased risk of targeted attacks if these IOCs are leveraged by threat actors to identify vulnerable systems or deliver malicious payloads. Organizations that do not integrate such OSINT feeds into their security monitoring may miss early signs of intrusion attempts, potentially leading to data breaches, service disruptions, or lateral movement within networks. The medium severity suggests a moderate risk level, implying that while immediate damage is unlikely, the threat could facilitate more serious attacks if not addressed. European entities with critical infrastructure, government networks, or industries with high-value data could be more sensitive to such reconnaissance and payload delivery activities, as they are common precursors to more damaging cyberattacks.
Mitigation Recommendations
To mitigate risks associated with these IOCs, European organizations should: 1) Integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) and intrusion detection/prevention systems (IDS/IPS) to enable real-time detection of known malicious indicators. 2) Conduct regular network traffic analysis to identify unusual patterns or connections matching the IOCs, focusing on early detection of reconnaissance or payload delivery attempts. 3) Harden network perimeters by implementing strict firewall rules, network segmentation, and zero-trust principles to limit the impact of any successful payload delivery. 4) Maintain up-to-date endpoint protection and conduct regular vulnerability assessments to reduce the attack surface that threat actors might exploit after reconnaissance. 5) Train security teams to interpret OSINT data effectively and correlate it with internal telemetry to prioritize response actions. 6) Establish incident response playbooks that include procedures for handling detections related to these IOCs, ensuring swift containment and remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: worlejrc.xyz
- domain: corronxu.xyz
- file: 65.108.24.103
- hash: 62050
- domain: security.floesrgayrd.com
- domain: pelrinsz.com
- domain: akacostanyaszarvas.hu
- domain: wlldberries.pro
- file: 31.31.197.4
- hash: 443
- domain: calioons.top
- domain: glossmagazine.shop
- file: 144.172.101.89
- hash: 80
- file: 60.205.165.173
- hash: 443
- file: 193.112.175.148
- hash: 80
- file: 103.125.248.109
- hash: 8091
- file: 167.172.188.68
- hash: 443
- file: 196.251.69.242
- hash: 7777
- file: 65.109.169.219
- hash: 7443
- file: 34.86.63.179
- hash: 143
- file: 80.149.60.140
- hash: 443
- file: 39.99.244.83
- hash: 443
- file: 13.208.32.85
- hash: 19518
- file: 23.227.203.228
- hash: 43211
- file: 60.205.3.34
- hash: 8443
- file: 74.50.66.203
- hash: 80
- file: 139.162.124.153
- hash: 10001
- file: 216.238.83.34
- hash: 80
- file: 135.181.175.26
- hash: 443
- file: 135.181.175.26
- hash: 8888
- file: 38.240.61.187
- hash: 1111
- file: 216.250.249.182
- hash: 4040
- file: 212.162.149.164
- hash: 443
- domain: caq71hz7x2ccj.cfc-execute.bj.baidubce.com
- url: https://s2.mx.mottogrotto.com
- domain: s2.mx.mottogrotto.com
- file: 47.239.83.181
- hash: 7777
- file: 166.108.232.68
- hash: 43335
- domain: static.13.162.4.46.clients.your-server.de
- file: 185.73.114.229
- hash: 3389
- file: 51.91.248.230
- hash: 7443
- file: 45.150.108.175
- hash: 7443
- domain: login.teamss.de
- file: 115.79.233.124
- hash: 9999
- file: 47.122.76.161
- hash: 60000
- file: 185.126.64.27
- hash: 9000
- file: 89.169.190.248
- hash: 3333
- file: 193.227.178.152
- hash: 3333
- file: 207.180.215.48
- hash: 443
- file: 59.110.55.214
- hash: 3333
- file: 18.195.126.122
- hash: 80
- file: 13.51.176.77
- hash: 5903
- file: 206.189.138.110
- hash: 3333
- file: 18.159.4.171
- hash: 80
- file: 40.76.248.152
- hash: 443
- file: 13.204.58.136
- hash: 443
- file: 46.246.212.103
- hash: 995
- file: 185.62.57.80
- hash: 80
- file: 23.227.203.178
- hash: 43211
- file: 23.227.199.82
- hash: 43211
- file: 216.244.78.82
- hash: 10001
- file: 123.60.20.125
- hash: 10001
- url: http://45.153.34.237/ohshit.sh
- file: 147.185.221.30
- hash: 18491
- file: 167.160.161.247
- hash: 6666
- file: 66.63.187.164
- hash: 6666
- file: 103.214.142.60
- hash: 635
- file: 137.175.113.220
- hash: 80
- file: 154.201.91.224
- hash: 80
- file: 107.149.192.54
- hash: 8080
- file: 154.64.245.15
- hash: 7777
- domain: particular-beds.gl.at.ply.gg
- file: 196.251.86.104
- hash: 7000
- domain: usa-objectives.gl.at.ply.gg
- domain: bwute.ddns.net
- domain: than-removed.gl.at.ply.gg
- domain: chaubolitas.ddnsking.com
- domain: job2.qaozrzszc.cn
- file: 8.212.172.252
- hash: 1230
- file: 8.212.172.252
- hash: 1231
- file: 8.212.172.252
- hash: 1232
- file: 47.239.197.97
- hash: 52117
- domain: gw62.com
- domain: helloworid.org
- domain: pw778.com
- file: 45.192.210.50
- hash: 6667
- file: 190.111.98.100
- hash: 3000
- url: http://cm76089.tw1.ru/beaf3983.php
- file: 66.179.10.197
- hash: 3608
- file: 47.109.176.248
- hash: 443
- file: 160.202.253.169
- hash: 81
- file: 169.239.130.96
- hash: 31337
- file: 207.174.3.213
- hash: 31337
- file: 35.199.30.104
- hash: 31337
- file: 144.126.198.202
- hash: 31337
- file: 104.248.229.157
- hash: 31337
- file: 185.241.208.170
- hash: 31337
- file: 95.131.202.38
- hash: 4433
- file: 189.150.99.252
- hash: 1604
- file: 162.55.38.136
- hash: 443
- url: https://amaprox.shop/
- url: https://amaprox.shop/sign-in
- domain: bot.chanbaba.online
- domain: comprovantt.ddns.net
- domain: girls-projection.gl.at.ply.gg
- domain: msn-announce.gl.at.ply.gg
- domain: quick-corner.gl.at.ply.gg
- file: 147.185.221.16
- hash: 65157
- domain: mnemvlk.top
- domain: resqtk.top
- domain: swalocf.lat
- file: 39.104.22.29
- hash: 8088
- file: 47.236.65.15
- hash: 80
- file: 194.182.86.110
- hash: 7443
- file: 4.204.40.166
- hash: 80
- file: 115.79.233.124
- hash: 8000
- file: 45.153.34.233
- hash: 443
- file: 196.251.73.115
- hash: 80
- file: 192.228.143.187
- hash: 789
- file: 192.228.143.187
- hash: 40213
- file: 192.228.143.187
- hash: 5222
- file: 192.228.143.187
- hash: 17777
- file: 192.228.143.187
- hash: 40000
- file: 192.228.143.187
- hash: 427
- file: 192.228.143.187
- hash: 1521
- file: 192.228.143.187
- hash: 5938
- file: 192.228.143.187
- hash: 119
- file: 192.228.143.187
- hash: 2403
- file: 192.228.143.187
- hash: 1224
- file: 192.228.143.187
- hash: 6379
- file: 192.228.143.187
- hash: 9599
- file: 192.228.143.187
- hash: 4840
- file: 192.228.143.187
- hash: 6881
- file: 23.227.199.60
- hash: 43211
- file: 193.181.41.17
- hash: 66
- file: 107.173.9.50
- hash: 443
- file: 18.254.255.99
- hash: 443
- file: 2.50.54.1
- hash: 443
- file: 213.111.148.83
- hash: 8888
- file: 81.70.158.144
- hash: 8080
- file: 51.48.49.75
- hash: 79
- file: 84.8.115.221
- hash: 10001
- file: 59.93.106.55
- hash: 45677
- domain: eskom.cc
- domain: www.split2econd.com
- domain: mysticaltrekking.com
- domain: www.airdriediamondcabs.ca
- file: 3.127.59.75
- hash: 10992
- domain: genusuvk.xyz
- domain: mosaicia.top
- domain: keepnody.top
- domain: familkqo.xyz
- file: 18.198.77.177
- hash: 10992
- url: https://headtechnologies.xyz/sourcetag/enroll.js
- domain: headtechnologies.xyz
- url: https://headtechnologies.xyz/sourcetag/buffer.js
- url: https://clientes.sangrecreativa.com/lal1.php
- domain: clientes.sangrecreativa.com
- url: http://www.austinroofs.net/wrbe.zip
- file: 176.65.128.104
- hash: 5888
- file: 38.14.254.133
- hash: 2096
- file: 8.148.31.69
- hash: 80
- file: 8.148.23.98
- hash: 80
- file: 120.26.218.41
- hash: 8088
- domain: republic-ins.gl.at.ply.gg
- domain: photography-tools.gl.at.ply.gg
- file: 8.148.69.182
- hash: 80
- domain: procesos2025.duckdns.org
- file: 217.156.123.93
- hash: 2404
- domain: mar-vietnamese.gl.at.ply.gg
- file: 123.253.111.23
- hash: 8888
- file: 186.190.211.108
- hash: 8080
- url: https://civimd.top/tito
- url: https://getupb.lat/atkk
- url: https://ummact.top/aktr
- file: 15.188.146.16
- hash: 833
- file: 16.51.151.204
- hash: 1080
- file: 192.228.143.187
- hash: 1336
- file: 192.228.143.187
- hash: 5903
- file: 192.228.143.187
- hash: 58603
- file: 192.228.143.187
- hash: 35953
- file: 192.228.143.187
- hash: 5672
- file: 192.228.143.187
- hash: 26018
- file: 192.228.143.187
- hash: 25
- file: 202.182.124.254
- hash: 5555
- domain: phephelipinho.no-ip.org
- domain: kinky82.zapto.org
- url: https://bkp.mail.organica.tv
- domain: bkp.mail.organica.tv
- url: https://vartaslowblogisfera.com/work/
- url: https://narvadriftbide.com/work/
- domain: download.microsoftwindows.biz
- domain: calc.diversifieddebtsolutions.com
- url: https://calc.diversifieddebtsolutions.com/viewdashboard
- file: 104.194.222.88
- hash: 443
- domain: rubidin.top
- url: https://familkqo.xyz/xlak
- url: https://keepnody.top/tiow
- url: https://mosaicia.top/zlap
- url: https://nageiaju.pics/vkah
- url: https://porzxgnw.lat/twoi
- url: https://t.me/asgfdgha4
- url: https://t.me/gafagd4
- domain: world-safest.asia
- domain: teplinks.co.ke
- file: 176.46.157.32
- hash: 80
- file: 195.133.88.180
- hash: 80
- domain: genuschs.top
- domain: throseu.shop
- domain: djibbg.shop
- domain: arb-swap.net
- domain: brainbotfilebeatsave.com
- domain: vericlyd.com
- url: https://genusuvk.xyz/mngs
- url: https://mordpdv.xyz/rgfx
- url: https://adviykk.top/bmnd
- url: https://imphybg.top/djur
- url: https://comstmo.digital/pal
- url: https://t.me/asdasdasdsds12
- url: https://myozyi.lat/aplx
- url: https://fradpf.top/taiw
- url: https://astrotg.world/loaksj
- url: https://pinepx.pics/xplh
- url: https://t.me/yrtysfg
- url: https://t.me/my_flowers_my
- url: https://t.me/sdkfkkflls
- file: 8.130.161.225
- hash: 80
- file: 8.140.22.103
- hash: 80
- file: 8.148.104.223
- hash: 80
- file: 111.229.80.204
- hash: 20001
- file: 47.111.8.116
- hash: 8081
- file: 34.1.135.57
- hash: 7443
- file: 46.101.246.74
- hash: 7443
- file: 93.95.231.28
- hash: 443
- file: 4.213.161.104
- hash: 80
- file: 78.163.49.248
- hash: 81
- file: 34.254.158.94
- hash: 4730
- file: 16.63.137.205
- hash: 3550
- file: 16.63.137.205
- hash: 20000
- file: 124.220.51.88
- hash: 8000
- file: 212.193.2.162
- hash: 50001
- file: 185.194.175.132
- hash: 5000
- file: 8.211.5.170
- hash: 1337
- file: 119.167.205.150
- hash: 10001
- file: 208.72.155.9
- hash: 7712
- file: 45.192.218.158
- hash: 443
- file: 216.9.225.51
- hash: 7000
- file: 103.59.160.219
- hash: 1912
- url: https://test.www.organica.tv
- domain: test.www.organica.tv
- file: 43.250.173.179
- hash: 8080
- file: 106.14.1.192
- hash: 9999
- domain: reservamarina0011.duckdns.org
- domain: ygfbasync.duckdns.org
- domain: tvsanarch.duckdns.org
- domain: venomfhd.duckdns.org
- domain: selection-links.gl.at.ply.gg
- url: https://restauun.top/algk
- url: https://pennkavs.top/toox
- file: 104.238.191.68
- hash: 80
- domain: heo.ddns.net
- file: 206.123.145.172
- hash: 7676
- domain: ns1.vmupdate.org
- domain: ns2.vmupdate.org
- file: 23.95.61.136
- hash: 53
- file: 121.40.76.3
- hash: 80
- file: 185.38.142.214
- hash: 80
- file: 121.43.152.104
- hash: 8080
- file: 154.12.22.142
- hash: 4444
- file: 111.229.80.204
- hash: 7001
- file: 111.229.80.204
- hash: 7000
- file: 178.209.246.120
- hash: 2222
- file: 85.239.55.40
- hash: 80
- file: 65.20.82.213
- hash: 443
- file: 170.64.232.216
- hash: 443
- file: 45.94.47.104
- hash: 9000
- file: 165.227.143.23
- hash: 7443
- file: 139.162.190.174
- hash: 7443
- file: 207.180.232.158
- hash: 3000
- file: 102.219.210.202
- hash: 8090
- file: 185.250.207.163
- hash: 443
- file: 145.223.69.2
- hash: 80
- file: 145.223.69.2
- hash: 443
- domain: s798860.foxcdn.net
- file: 172.94.96.95
- hash: 80
- file: 13.250.125.176
- hash: 80
- file: 155.94.155.173
- hash: 443
- file: 155.94.155.226
- hash: 443
- file: 47.239.1.95
- hash: 26868
- file: 103.141.50.146
- hash: 995
- file: 158.255.213.22
- hash: 443
- file: 158.255.213.22
- hash: 63421
- file: 86.126.224.214
- hash: 443
- domain: www.goodle.cyou
- file: 161.97.149.235
- hash: 587
- file: 47.120.48.100
- hash: 8443
- file: 129.28.85.210
- hash: 55112
- file: 147.185.221.30
- hash: 26979
- file: 152.89.218.72
- hash: 7705
ThreatFox IOCs for 2025-07-22
Medium
Published: Tue Jul 22 2025 (07/22/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-07-22
AI-Powered Analysis
AILast updated: 07/23/2025, 00:21:29 UTC
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-07-22 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), network activity, and payload delivery. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit targeting a particular product or version. No affected software versions are listed, no patches are available, and no known exploits in the wild have been reported. The threat level is indicated as medium (threatLevel 2), with moderate distribution (3) and minimal analysis (1), suggesting that the information is preliminary or part of ongoing intelligence gathering. The absence of concrete technical details, such as specific malware families, attack vectors, or payload characteristics, limits the ability to provide a detailed technical breakdown. However, the emphasis on OSINT and network activity implies that these IOCs could be related to reconnaissance or early-stage intrusion activities, potentially used to identify vulnerable targets or deliver malicious payloads. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing, which is typical for OSINT data. Overall, this threat intelligence feed serves as an early warning or situational awareness tool rather than describing an active, exploitable vulnerability or malware campaign.
Potential Impact
For European organizations, the impact of these IOCs depends largely on their ability to detect and respond to network reconnaissance and payload delivery attempts. Since no specific exploit or malware strain is identified, the direct impact is uncertain but could include increased risk of targeted attacks if these IOCs are leveraged by threat actors to identify vulnerable systems or deliver malicious payloads. Organizations that do not integrate such OSINT feeds into their security monitoring may miss early signs of intrusion attempts, potentially leading to data breaches, service disruptions, or lateral movement within networks. The medium severity suggests a moderate risk level, implying that while immediate damage is unlikely, the threat could facilitate more serious attacks if not addressed. European entities with critical infrastructure, government networks, or industries with high-value data could be more sensitive to such reconnaissance and payload delivery activities, as they are common precursors to more damaging cyberattacks.
Mitigation Recommendations
To mitigate risks associated with these IOCs, European organizations should: 1) Integrate ThreatFox and similar OSINT feeds into their Security Information and Event Management (SIEM) and intrusion detection/prevention systems (IDS/IPS) to enable real-time detection of known malicious indicators. 2) Conduct regular network traffic analysis to identify unusual patterns or connections matching the IOCs, focusing on early detection of reconnaissance or payload delivery attempts. 3) Harden network perimeters by implementing strict firewall rules, network segmentation, and zero-trust principles to limit the impact of any successful payload delivery. 4) Maintain up-to-date endpoint protection and conduct regular vulnerability assessments to reduce the attack surface that threat actors might exploit after reconnaissance. 5) Train security teams to interpret OSINT data effectively and correlate it with internal telemetry to prioritize response actions. 6) Establish incident response playbooks that include procedures for handling detections related to these IOCs, ensuring swift containment and remediation.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 3e85a7eb-80af-42d6-a67a-70f6bc5dfa17
- Original Timestamp
- 1753228985
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainworlejrc.xyz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincorronxu.xyz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsecurity.floesrgayrd.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpelrinsz.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainakacostanyaszarvas.hu | Amadey botnet C2 domain (confidence level: 50%) | |
domainwlldberries.pro | Amadey botnet C2 domain (confidence level: 50%) | |
domaincalioons.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainglossmagazine.shop | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincaq71hz7x2ccj.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domains2.mx.mottogrotto.com | Vidar botnet C2 domain (confidence level: 75%) | |
domainstatic.13.162.4.46.clients.your-server.de | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainlogin.teamss.de | Havoc botnet C2 domain (confidence level: 100%) | |
domainparticular-beds.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainusa-objectives.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbwute.ddns.net | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainthan-removed.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainchaubolitas.ddnsking.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainjob2.qaozrzszc.cn | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domaingw62.com | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainhelloworid.org | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainpw778.com | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainbot.chanbaba.online | Mirai botnet C2 domain (confidence level: 50%) | |
domaincomprovantt.ddns.net | XWorm botnet C2 domain (confidence level: 50%) | |
domaingirls-projection.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmsn-announce.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainquick-corner.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmnemvlk.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainresqtk.top | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainswalocf.lat | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domaineskom.cc | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.split2econd.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainmysticaltrekking.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainwww.airdriediamondcabs.ca | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaingenusuvk.xyz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmosaicia.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainkeepnody.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfamilkqo.xyz | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainheadtechnologies.xyz | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainclientes.sangrecreativa.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainrepublic-ins.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainphotography-tools.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainprocesos2025.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainmar-vietnamese.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainphephelipinho.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainkinky82.zapto.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainbkp.mail.organica.tv | Vidar botnet C2 domain (confidence level: 75%) | |
domaindownload.microsoftwindows.biz | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaincalc.diversifieddebtsolutions.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainrubidin.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainworld-safest.asia | Amadey botnet C2 domain (confidence level: 25%) | |
domainteplinks.co.ke | Amadey botnet C2 domain (confidence level: 25%) | |
domaingenuschs.top | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainthroseu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindjibbg.shop | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainarb-swap.net | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainbrainbotfilebeatsave.com | ClearFake payload delivery domain (confidence level: 100%) | |
domainvericlyd.com | ClearFake payload delivery domain (confidence level: 100%) | |
domaintest.www.organica.tv | Vidar botnet C2 domain (confidence level: 75%) | |
domainreservamarina0011.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainygfbasync.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaintvsanarch.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainvenomfhd.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainselection-links.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainheo.ddns.net | NjRAT botnet C2 domain (confidence level: 100%) | |
domainns1.vmupdate.org | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainns2.vmupdate.org | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domains798860.foxcdn.net | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainwww.goodle.cyou | Cobalt Strike botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file65.108.24.103 | PureLogs Stealer botnet C2 server (confidence level: 66%) | |
file31.31.197.4 | Amadey botnet C2 server (confidence level: 25%) | |
file144.172.101.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file60.205.165.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.112.175.148 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.125.248.109 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file167.172.188.68 | Sliver botnet C2 server (confidence level: 100%) | |
file196.251.69.242 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file65.109.169.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.86.63.179 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file80.149.60.140 | Havoc botnet C2 server (confidence level: 100%) | |
file39.99.244.83 | Havoc botnet C2 server (confidence level: 100%) | |
file13.208.32.85 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file23.227.203.228 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file60.205.3.34 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file74.50.66.203 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file139.162.124.153 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file216.238.83.34 | BianLian botnet C2 server (confidence level: 100%) | |
file135.181.175.26 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file135.181.175.26 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file38.240.61.187 | XWorm botnet C2 server (confidence level: 100%) | |
file216.250.249.182 | XWorm botnet C2 server (confidence level: 100%) | |
file212.162.149.164 | Remcos botnet C2 server (confidence level: 75%) | |
file47.239.83.181 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file166.108.232.68 | Sliver botnet C2 server (confidence level: 90%) | |
file185.73.114.229 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.91.248.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.150.108.175 | Unknown malware botnet C2 server (confidence level: 100%) | |
file115.79.233.124 | Venom RAT botnet C2 server (confidence level: 100%) | |
file47.122.76.161 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.126.64.27 | SectopRAT botnet C2 server (confidence level: 100%) | |
file89.169.190.248 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.227.178.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.180.215.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file59.110.55.214 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.195.126.122 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.51.176.77 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file206.189.138.110 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.159.4.171 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.76.248.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.204.58.136 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.246.212.103 | QakBot botnet C2 server (confidence level: 100%) | |
file185.62.57.80 | MimiKatz botnet C2 server (confidence level: 100%) | |
file23.227.203.178 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file23.227.199.82 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file216.244.78.82 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file123.60.20.125 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file167.160.161.247 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file66.63.187.164 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file103.214.142.60 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file137.175.113.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.201.91.224 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.149.192.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.64.245.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.86.104 | XWorm botnet C2 server (confidence level: 100%) | |
file8.212.172.252 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.212.172.252 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file8.212.172.252 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.239.197.97 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.192.210.50 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file190.111.98.100 | XWorm botnet C2 server (confidence level: 100%) | |
file66.179.10.197 | STRRAT botnet C2 server (confidence level: 100%) | |
file47.109.176.248 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file160.202.253.169 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file169.239.130.96 | Sliver botnet C2 server (confidence level: 50%) | |
file207.174.3.213 | Sliver botnet C2 server (confidence level: 50%) | |
file35.199.30.104 | Sliver botnet C2 server (confidence level: 50%) | |
file144.126.198.202 | Sliver botnet C2 server (confidence level: 50%) | |
file104.248.229.157 | Sliver botnet C2 server (confidence level: 50%) | |
file185.241.208.170 | Sliver botnet C2 server (confidence level: 50%) | |
file95.131.202.38 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
file189.150.99.252 | DarkComet botnet C2 server (confidence level: 50%) | |
file162.55.38.136 | Unknown malware botnet C2 server (confidence level: 50%) | |
file147.185.221.16 | XWorm botnet C2 server (confidence level: 50%) | |
file39.104.22.29 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.236.65.15 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file194.182.86.110 | Unknown malware botnet C2 server (confidence level: 100%) | |
file4.204.40.166 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file115.79.233.124 | Venom RAT botnet C2 server (confidence level: 100%) | |
file45.153.34.233 | Venom RAT botnet C2 server (confidence level: 100%) | |
file196.251.73.115 | MooBot botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file23.227.199.60 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file193.181.41.17 | XWorm botnet C2 server (confidence level: 100%) | |
file107.173.9.50 | Havoc botnet C2 server (confidence level: 75%) | |
file18.254.255.99 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file2.50.54.1 | QakBot botnet C2 server (confidence level: 75%) | |
file213.111.148.83 | Sliver botnet C2 server (confidence level: 75%) | |
file81.70.158.144 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
file51.48.49.75 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
file84.8.115.221 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
file59.93.106.55 | Mozi botnet C2 server (confidence level: 50%) | |
file3.127.59.75 | XWorm botnet C2 server (confidence level: 100%) | |
file18.198.77.177 | XWorm botnet C2 server (confidence level: 100%) | |
file176.65.128.104 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file38.14.254.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.31.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.23.98 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file120.26.218.41 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.69.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file217.156.123.93 | Remcos botnet C2 server (confidence level: 100%) | |
file123.253.111.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file186.190.211.108 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file15.188.146.16 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file16.51.151.204 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file192.228.143.187 | MimiKatz botnet C2 server (confidence level: 100%) | |
file202.182.124.254 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file104.194.222.88 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file176.46.157.32 | Amadey botnet C2 server (confidence level: 25%) | |
file195.133.88.180 | Amadey botnet C2 server (confidence level: 25%) | |
file8.130.161.225 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.140.22.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.104.223 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.229.80.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.111.8.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file34.1.135.57 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.101.246.74 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.95.231.28 | Havoc botnet C2 server (confidence level: 100%) | |
file4.213.161.104 | Havoc botnet C2 server (confidence level: 100%) | |
file78.163.49.248 | Venom RAT botnet C2 server (confidence level: 100%) | |
file34.254.158.94 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file16.63.137.205 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file16.63.137.205 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file124.220.51.88 | MimiKatz botnet C2 server (confidence level: 100%) | |
file212.193.2.162 | MimiKatz botnet C2 server (confidence level: 100%) | |
file185.194.175.132 | XWorm botnet C2 server (confidence level: 100%) | |
file8.211.5.170 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file119.167.205.150 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file208.72.155.9 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file45.192.218.158 | XWorm botnet C2 server (confidence level: 100%) | |
file216.9.225.51 | XWorm botnet C2 server (confidence level: 100%) | |
file103.59.160.219 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file43.250.173.179 | FatalRat botnet C2 server (confidence level: 100%) | |
file106.14.1.192 | Meterpreter botnet C2 server (confidence level: 100%) | |
file104.238.191.68 | NjRAT botnet C2 server (confidence level: 100%) | |
file206.123.145.172 | XWorm botnet C2 server (confidence level: 100%) | |
file23.95.61.136 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file121.40.76.3 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.38.142.214 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.43.152.104 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file154.12.22.142 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.229.80.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.229.80.204 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.209.246.120 | DarkComet botnet C2 server (confidence level: 100%) | |
file85.239.55.40 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file65.20.82.213 | pupy botnet C2 server (confidence level: 100%) | |
file170.64.232.216 | Sliver botnet C2 server (confidence level: 100%) | |
file45.94.47.104 | SectopRAT botnet C2 server (confidence level: 100%) | |
file165.227.143.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file139.162.190.174 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.180.232.158 | Hook botnet C2 server (confidence level: 100%) | |
file102.219.210.202 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.250.207.163 | Havoc botnet C2 server (confidence level: 100%) | |
file145.223.69.2 | Havoc botnet C2 server (confidence level: 100%) | |
file145.223.69.2 | Havoc botnet C2 server (confidence level: 100%) | |
file172.94.96.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.250.125.176 | MimiKatz botnet C2 server (confidence level: 100%) | |
file155.94.155.173 | Latrodectus botnet C2 server (confidence level: 90%) | |
file155.94.155.226 | Latrodectus botnet C2 server (confidence level: 90%) | |
file47.239.1.95 | XWorm botnet C2 server (confidence level: 100%) | |
file103.141.50.146 | QakBot botnet C2 server (confidence level: 75%) | |
file158.255.213.22 | RansomHub botnet C2 server (confidence level: 75%) | |
file158.255.213.22 | RansomHub botnet C2 server (confidence level: 75%) | |
file86.126.224.214 | QakBot botnet C2 server (confidence level: 75%) | |
file161.97.149.235 | Meterpreter botnet C2 server (confidence level: 75%) | |
file47.120.48.100 | Meterpreter botnet C2 server (confidence level: 75%) | |
file129.28.85.210 | Meterpreter botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file152.89.218.72 | PureLogs Stealer botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash62050 | PureLogs Stealer botnet C2 server (confidence level: 66%) | |
hash443 | Amadey botnet C2 server (confidence level: 25%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8091 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash143 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash19518 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash8443 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash80 | BianLian botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8888 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash1111 | XWorm botnet C2 server (confidence level: 100%) | |
hash4040 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 75%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash43335 | Sliver botnet C2 server (confidence level: 90%) | |
hash3389 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9999 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5903 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash18491 | XWorm botnet C2 server (confidence level: 100%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash6666 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash635 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1230 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1231 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1232 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash52117 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6667 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3000 | XWorm botnet C2 server (confidence level: 100%) | |
hash3608 | STRRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash4433 | Brute Ratel C4 botnet C2 server (confidence level: 50%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 50%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 50%) | |
hash65157 | XWorm botnet C2 server (confidence level: 50%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash789 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash40213 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5222 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash17777 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash40000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash427 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1521 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5938 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash119 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash2403 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1224 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash6379 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash9599 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash4840 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash6881 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash66 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 50%) | |
hash79 | NetSupportManager RAT botnet C2 server (confidence level: 50%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 50%) | |
hash45677 | Mozi botnet C2 server (confidence level: 50%) | |
hash10992 | XWorm botnet C2 server (confidence level: 100%) | |
hash10992 | XWorm botnet C2 server (confidence level: 100%) | |
hash5888 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash2096 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash833 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1080 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash1336 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5903 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash58603 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash35953 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5672 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash26018 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash25 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5555 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash80 | Amadey botnet C2 server (confidence level: 25%) | |
hash80 | Amadey botnet C2 server (confidence level: 25%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash20001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash81 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash4730 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3550 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash20000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8000 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash50001 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash5000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1337 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash7712 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash443 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash8080 | FatalRat botnet C2 server (confidence level: 100%) | |
hash9999 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | NjRAT botnet C2 server (confidence level: 100%) | |
hash7676 | XWorm botnet C2 server (confidence level: 100%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2222 | DarkComet botnet C2 server (confidence level: 100%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Hook botnet C2 server (confidence level: 100%) | |
hash8090 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Havoc botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 90%) | |
hash26868 | XWorm botnet C2 server (confidence level: 100%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | RansomHub botnet C2 server (confidence level: 75%) | |
hash63421 | RansomHub botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash587 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash55112 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash26979 | XWorm botnet C2 server (confidence level: 100%) | |
hash7705 | PureLogs Stealer botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://s2.mx.mottogrotto.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://45.153.34.237/ohshit.sh | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttp://cm76089.tw1.ru/beaf3983.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://amaprox.shop/ | Amatera botnet C2 (confidence level: 50%) | |
urlhttps://amaprox.shop/sign-in | Amatera botnet C2 (confidence level: 50%) | |
urlhttps://headtechnologies.xyz/sourcetag/enroll.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://headtechnologies.xyz/sourcetag/buffer.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://clientes.sangrecreativa.com/lal1.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttp://www.austinroofs.net/wrbe.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://civimd.top/tito | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://getupb.lat/atkk | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://ummact.top/aktr | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://bkp.mail.organica.tv | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://vartaslowblogisfera.com/work/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttps://narvadriftbide.com/work/ | Latrodectus botnet C2 (confidence level: 100%) | |
urlhttps://calc.diversifieddebtsolutions.com/viewdashboard | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://familkqo.xyz/xlak | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://keepnody.top/tiow | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mosaicia.top/zlap | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://nageiaju.pics/vkah | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://porzxgnw.lat/twoi | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/asgfdgha4 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/gafagd4 | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://genusuvk.xyz/mngs | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://mordpdv.xyz/rgfx | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://adviykk.top/bmnd | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://imphybg.top/djur | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://comstmo.digital/pal | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/asdasdasdsds12 | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://myozyi.lat/aplx | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://fradpf.top/taiw | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://astrotg.world/loaksj | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pinepx.pics/xplh | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/yrtysfg | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/my_flowers_my | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://t.me/sdkfkkflls | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://test.www.organica.tv | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://restauun.top/algk | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://pennkavs.top/toox | Lumma Stealer botnet C2 (confidence level: 100%) |
Threat ID: 68802773a915ff00f7fcdb84
Added to database: 7/23/2025, 12:06:11 AM
Last enriched: 7/23/2025, 12:21:29 AM
Last updated: 7/23/2025, 10:47:32 AM
Views: 5
Related Threats
Back to Business: Lumma Stealer Returns with Stealthier Methods
MediumMalwareWed Jul 23 2025
OSINT - Disrupting active exploitation of on-premises SharePoint vulnerabilities
HighVulnerabilityWed Jul 23 2025
Coyote in the Wild: First-Ever Malware That Abuses UI Automation
MediumMalwareWed Jul 23 2025
ThreatFox IOCs for 2025-07-21
MediumMalwareTue Jul 22 2025
Fake npm Website Used to Push Malware via Stolen Token, Multiple Packages Impacted
MediumMalwareMon Jul 21 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.