ThreatFox IOCs for 2025-07-24

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided information pertains to a security threat categorized as malware, specifically related to ThreatFox Indicators of Compromise (IOCs) dated 2025-07-24. ThreatFox is a threat intelligence sharing platform that aggregates and disseminates IOCs related to various malware campaigns and threat actors. The threat is classified under OSINT (Open Source Intelligence), payload delivery, and network activity categories, indicating that it involves the distribution or delivery of malicious payloads and associated network behaviors. However, the details are sparse, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium, with a threatLevel metric of 2 (on an unspecified scale), analysis level 1, and distribution level 3, suggesting moderate dissemination or detection frequency. The absence of concrete technical indicators or CWEs (Common Weakness Enumerations) limits the ability to pinpoint exact attack vectors or vulnerabilities exploited. The threat appears to be primarily intelligence related, focusing on the identification and sharing of IOCs rather than describing a novel or active exploit. The TLP (Traffic Light Protocol) classification is white, meaning the information is publicly shareable without restriction. Overall, this threat represents a medium-level malware-related risk involving payload delivery mechanisms and network activity, but lacks detailed technical specifics or evidence of active exploitation at this time.

Potential Impact

For European organizations, the impact of this threat is currently moderate due to the medium severity rating and the lack of known active exploits. However, the presence of malware-related IOCs in ThreatFox suggests that organizations should remain vigilant, as these indicators could be used to detect or prevent potential infections. The threat’s focus on payload delivery and network activity implies risks to confidentiality and availability if the malware successfully infiltrates systems, potentially leading to data exfiltration, service disruption, or lateral movement within networks. European entities with significant internet-facing infrastructure or those in critical sectors such as finance, energy, and government could be more susceptible if the malware payloads target these industries. The absence of patches or specific affected versions means that mitigation will rely heavily on detection and response capabilities rather than software updates. Given the public availability of the IOCs, attackers might adapt or evolve their tactics, increasing the risk over time. Therefore, European organizations should consider this threat as a moderate ongoing risk that requires proactive monitoring and incident response preparedness.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities for related malware activity. 2. Conduct regular network traffic analysis to identify anomalous payload delivery attempts or suspicious network behaviors consistent with the threat’s profile. 3. Employ advanced threat hunting techniques focusing on the indicators of compromise shared by ThreatFox, even if no specific indicators are currently listed, by monitoring for unusual payload delivery patterns. 4. Maintain up-to-date threat intelligence feeds and collaborate with information sharing groups to receive timely updates on any evolution of this threat. 5. Implement strict network segmentation and least privilege access controls to limit the potential spread of malware if an infection occurs. 6. Conduct regular employee awareness training emphasizing the risks of payload delivery mechanisms such as phishing or malicious downloads. 7. Ensure robust backup and recovery procedures are in place to mitigate potential availability impacts from malware-induced disruptions. 8. Since no patches are available, focus on hardening network defenses and endpoint protections, including application whitelisting and behavioral analytics.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://45.131.64.210/1.sh
domain: kefel.tech
domain: kefel.io
domain: s1.kefel.tech
domain: s2.kefel.tech
domain: s3.kefel.tech
domain: s4.kefel.tech
domain: app.kefel.tech
domain: 428d09ca103d2593e3555304a2862f873c70ca7d
domain: delfxus.today
domain: jambnwz.top
domain: sparklfm.xyz
domain: security.flaversegaurd.com
domain: kacivoped.com
domain: wndlogon.hopto.org
domain: wndlogon.itemdb.com
file: 43.138.22.149
hash: 9999
file: 43.138.22.149
hash: 8082
file: 85.102.13.26
hash: 9999
file: 45.32.187.145
hash: 9000
domain: accounts.secure-verifications.es
file: 54.242.171.49
hash: 443
file: 13.232.71.100
hash: 5222
file: 34.229.188.97
hash: 80
file: 207.180.246.14
hash: 80
file: 52.205.143.192
hash: 443
file: 91.92.120.113
hash: 62520
file: 103.77.241.176
hash: 12121
url: https://jambnwz.top/gakh
url: https://sparklfm.xyz/xoit
url: https://steamcommunity.com/profiles/76561199880530249
url: https://t.me/dz25gz
url: https://195.201.251.183
url: https://main.db.review.digital
domain: main.db.review.digital
url: http://kurama.network/login
domain: bxmv1taxbxr8p.cfc-execute.bj.baidubce.com
file: 113.45.134.83
hash: 80
file: 47.110.229.125
hash: 80
file: 65.99.193.152
hash: 8088
file: 104.243.254.98
hash: 4862
domain: fast.mirzazizo.https443.net
file: 185.174.135.71
hash: 80
file: 185.93.89.55
hash: 9000
file: 85.208.84.56
hash: 45051
file: 130.164.181.230
hash: 443
file: 45.192.209.47
hash: 8888
file: 45.192.209.54
hash: 8888
file: 60.204.208.172
hash: 8088
file: 103.253.27.116
hash: 10001
domain: ec2-34-219-119-143.us-west-2.compute.amazonaws.com
file: 47.96.40.33
hash: 60000
file: 89.221.214.18
hash: 51115
file: 46.101.208.87
hash: 3333
file: 18.142.9.64
hash: 3333
file: 167.234.226.89
hash: 443
file: 103.235.75.107
hash: 443
file: 31.97.248.145
hash: 443
file: 129.211.211.145
hash: 3333
file: 4.198.121.42
hash: 4433
file: 185.209.162.101
hash: 445
file: 159.65.128.224
hash: 3333
file: 3.89.93.231
hash: 443
file: 185.47.174.137
hash: 8080
file: 98.70.42.229
hash: 8080
file: 183.82.122.12
hash: 3333
file: 51.20.113.187
hash: 3333
file: 35.180.25.119
hash: 443
file: 47.254.85.24
hash: 443
file: 107.150.0.62
hash: 443
file: 206.238.179.200
hash: 31795
url: http://43.160.252.15:8888/supershell/login/
file: 92.222.100.197
hash: 7777
domain: l-integrate.gl.at.ply.gg
domain: ansy2307.duckdns.org
file: 88.247.16.132
hash: 1604
domain: video-trinity.gl.at.ply.gg
url: http://wranglerjeans.shop
file: 147.45.219.9
hash: 5552
file: 206.238.179.200
hash: 31796
domain: board-promotes.gl.at.ply.gg
file: 185.11.145.125
hash: 8080
file: 47.122.158.70
hash: 8888
file: 113.45.243.41
hash: 801
file: 8.148.79.177
hash: 80
file: 43.143.114.43
hash: 8090
file: 47.109.88.26
hash: 7777
file: 8.148.20.98
hash: 8888
file: 38.54.30.22
hash: 8081
file: 47.122.121.212
hash: 80
file: 8.148.31.196
hash: 8888
file: 47.122.51.211
hash: 8888
file: 47.122.63.142
hash: 8888
file: 49.235.177.231
hash: 9999
hash: b6ee03c1fd8aa335c0b888617594058fa83650a7
url: https://viadeo.best/stream.pdf
file: 47.110.33.225
hash: 4848
file: 47.242.129.79
hash: 9443
file: 198.7.124.59
hash: 31337
file: 87.228.114.68
hash: 7443
file: 84.46.243.167
hash: 10443
file: 101.200.221.43
hash: 3306
file: 35.177.208.100
hash: 3101
file: 167.160.161.43
hash: 1888
domain: narrowfemboy.ddns.net
file: 77.96.238.78
hash: 8686
domain: know-damages.gl.at.ply.gg
domain: machine-resume.gl.at.ply.gg
domain: pallvlxl.lat
domain: wppanel.icu
domain: expressapiwizard.com
file: 107.158.145.206
hash: 5610
file: 101.200.193.211
hash: 8090
file: 47.237.86.35
hash: 52901
file: 47.105.51.165
hash: 2000
file: 124.198.132.250
hash: 6606
file: 124.198.132.250
hash: 7707
file: 34.219.119.143
hash: 443
file: 111.90.151.59
hash: 7443
file: 176.46.158.40
hash: 1911
url: http://196.251.81.176/df30hn4m/index.php
file: 2.50.53.227
hash: 443
file: 14.225.198.50
hash: 443
domain: royaltbn.xyz
domain: columnez.shop
domain: mixp.digital
domain: woodenso.top
domain: foundrr.bet
domain: nanoceus.run
domain: eliminhd.lol
domain: sheddeuh.lol
domain: blegekei.lol
domain: newyorwr.lol
domain: agrevpud.shop
domain: carptrvo.shop
domain: conaarl.top
domain: religxp.top
domain: frowjyx.top
domain: hobbcxez.top
domain: grateb.lat
domain: charuhd.lat
domain: eintek.lat
domain: raincazn.lat
domain: hardexbo.lat
domain: siluriyt.lat
domain: genuygpa.lol
domain: idioigsa.lol
domain: exponxb.lol
domain: profityd.lol
domain: tefere.lol
domain: mesovti.lol
domain: trainaj.lol
domain: oesopt.lol
domain: superuu.lol
domain: unswqik.shop
domain: cosopwx.shop
domain: ellexb.lol
domain: dogtrgc.lat
domain: podhxwf.lat
domain: potppfu.lat
domain: tranfex.lat
domain: linejjer.lat
domain: porzxgnw.lat
domain: lysandjkd.lol
domain: bumpegq.lol
url: http://ce12403.tw1.ru/b17cb5bf.php
domain: siltapl.fun
domain: potosuz.fun
domain: wagnvp.fun
file: 82.29.54.36
hash: 6789
file: 147.185.221.30
hash: 4545
url: http://206.82.6.166/supershell/login/
file: 118.89.178.101
hash: 80
file: 47.111.8.116
hash: 80
domain: biotec-imc.xyz
domain: kreon.one
file: 79.110.50.8
hash: 14306
file: 79.110.50.8
hash: 14305
file: 2.58.56.75
hash: 9321
file: 79.110.49.140
hash: 4900
file: 47.229.177.58
hash: 8808
file: 45.74.10.38
hash: 5444
file: 186.190.211.108
hash: 446
file: 34.23.44.248
hash: 8808
file: 69.160.242.105
hash: 4782
file: 69.160.242.105
hash: 11066
file: 69.232.48.67
hash: 4782
domain: spain-posters.gl.at.ply.gg
file: 16.51.166.161
hash: 8636
file: 213.44.255.64
hash: 80
file: 188.124.51.141
hash: 4443
file: 49.51.195.225
hash: 10001
file: 107.150.0.67
hash: 443
file: 149.30.242.248
hash: 8888
file: 213.209.143.43
hash: 58008
domain: files.businessmondo.com
file: 172.245.152.196
hash: 32000
url: https://files.businessmondo.com/viewdashboard
file: 104.207.140.146
hash: 443
domain: charigelly.com
domain: ff-exchange.art
domain: ff-exchange.biz
domain: ff-exchange.help
domain: ff-exchange.vip
domain: simpleswap.name
domain: slmpleswap.com
domain: cosmochanger.net
domain: simpieswap.net
domain: charigelly.org
domain: simpieswap.org
domain: changenovv.xyz
domain: charigelly.xyz
domain: my-exodus.co.uk
domain: chn-gnow.com
domain: tr0n.link
domain: simpleswapweb.com
domain: hop-exchange.co
domain: supereform.xyz
domain: aml-checknow.net
domain: sushiswap-v2.com
domain: zh-imtoken.cn
domain: wallet-syncing.top
file: 79.110.49.14
hash: 1977
url: http://85.208.84.41/f7ehhfaddsk/index.php
domain: arewa.ydns.eu
file: 85.208.84.41
hash: 80
file: 35.174.54.0
hash: 443
file: 176.82.235.98
hash: 6001
file: 193.29.104.178
hash: 3001
url: http://85.208.84.41/f7ehhfaddsk/login.php
url: https://ucoxqdemo.fedor-turin.ru
url: https://176.46.157.50/tu3d2rom/index.php
url: https://176.46.157.50/tu3d2rom/login.php
url: https://185.208.158.96/mzmtrpwoe113eelxn/login.php
url: https://aafastservice.top
url: https://ucqire.com/
url: https://62.60.248.110/pages/login.php
url: https://147.45.42.161/pages/login.php
url: https://203.245.0.121/blog/img/help.php
url: https://cyberdarkduck.live/webpanel/
url: https://t.me/r24ecover
domain: www.alfapetroluems.com
domain: www.asttoria-trade.com
file: 107.172.255.60
hash: 7705
url: https://bestproductreviews.xyz/tagger/evatag.js
domain: bestproductreviews.xyz
url: https://bestproductreviews.xyz/tagger/buffer.js
url: https://curemile.com/hip.php
domain: curemile.com
url: https://curemile.com/cleanertext.zip
file: 185.163.45.130
hash: 443
url: https://columnez.shop/xlak
file: 45.78.225.208
hash: 7443
file: 51.57.61.52
hash: 443
file: 109.196.100.217
hash: 7443
url: https://foundrr.bet/zuqy
file: 89.117.123.250
hash: 8443
file: 47.117.12.211
hash: 443
file: 102.209.118.14
hash: 443
file: 3.96.189.206
hash: 1224
url: https://mixp.digital/amnt
domain: derppyderpponline.win
file: 8.139.5.71
hash: 47486
url: https://nanoceus.run/agkr
file: 5.161.61.25
hash: 3001
url: https://potosuz.fun/xiir
file: 167.160.89.156
hash: 10001
url: https://royaltbn.xyz/xaoi
url: https://siltapl.fun/xiru
url: https://wagnvp.fun/akjf
url: https://woodenso.top/xaoi
domain: test.livepanel.pw
file: 64.188.76.192
hash: 57077
url: https://xx.fu.review.digital
domain: xx.fu.review.digital
url: https://glidzgs.top/xnar
url: https://placlzh.pics/xiqw
url: https://t.me/gfdsgdrt3
url: https://t.me/gfdsgrts4
domain: released-domain.gl.at.ply.gg
domain: anasofia.duckdns.org
file: 84.113.108.110
hash: 4199
url: https://crucrev.lol/xqio/api
url: https://breabm.pics/pxkr
domain: fadingannk.xyz
file: 80.64.19.132
hash: 7712
file: 80.64.19.226
hash: 7712
file: 193.161.193.99
hash: 32961
file: 147.185.221.29
hash: 58500
file: 206.123.145.116
hash: 2404
file: 121.199.52.25
hash: 80
file: 36.133.13.147
hash: 60000
file: 3.21.206.81
hash: 2405
file: 181.131.217.24
hash: 8808
file: 45.74.8.89
hash: 80
file: 45.74.8.89
hash: 82
file: 49.207.177.87
hash: 443
file: 187.143.100.23
hash: 790
file: 187.143.100.23
hash: 1913
file: 157.175.188.83
hash: 1201
file: 3.96.189.206
hash: 1024
file: 85.9.206.100
hash: 8000
file: 193.161.193.99
hash: 33300
file: 195.177.94.117
hash: 3252
file: 85.208.84.32
hash: 2326
domain: choice.ydns.eu
file: 15.200.139.55
hash: 443
file: 18.252.140.23
hash: 443
file: 207.174.3.213
hash: 58888
file: 3.72.32.252
hash: 443
file: 54.184.56.60
hash: 443
file: 34.23.44.248
hash: 1177
file: 89.78.109.244
hash: 8848

ThreatFox IOCs for 2025-07-24

Severity: medium

Type: malware

ThreatFox IOCs for 2025-07-24

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland

Indicators of Compromise

url: http://45.131.64.210/1.sh
domain: kefel.tech
domain: kefel.io
domain: s1.kefel.tech
domain: s2.kefel.tech
domain: s3.kefel.tech
domain: s4.kefel.tech
domain: app.kefel.tech
domain: 428d09ca103d2593e3555304a2862f873c70ca7d
domain: delfxus.today
domain: jambnwz.top
domain: sparklfm.xyz
domain: security.flaversegaurd.com
domain: kacivoped.com
domain: wndlogon.hopto.org
domain: wndlogon.itemdb.com
file: 43.138.22.149
hash: 9999
file: 43.138.22.149
hash: 8082
file: 85.102.13.26
hash: 9999
file: 45.32.187.145
hash: 9000
domain: accounts.secure-verifications.es
file: 54.242.171.49
hash: 443
file: 13.232.71.100
hash: 5222
file: 34.229.188.97
hash: 80
file: 207.180.246.14
hash: 80
file: 52.205.143.192
hash: 443
file: 91.92.120.113
hash: 62520
file: 103.77.241.176
hash: 12121
url: https://jambnwz.top/gakh
url: https://sparklfm.xyz/xoit
url: https://steamcommunity.com/profiles/76561199880530249
url: https://t.me/dz25gz
url: https://195.201.251.183
url: https://main.db.review.digital
domain: main.db.review.digital
url: http://kurama.network/login
domain: bxmv1taxbxr8p.cfc-execute.bj.baidubce.com
file: 113.45.134.83
hash: 80
file: 47.110.229.125
hash: 80
file: 65.99.193.152
hash: 8088
file: 104.243.254.98
hash: 4862
domain: fast.mirzazizo.https443.net
file: 185.174.135.71
hash: 80
file: 185.93.89.55
hash: 9000
file: 85.208.84.56
hash: 45051
file: 130.164.181.230
hash: 443
file: 45.192.209.47
hash: 8888
file: 45.192.209.54
hash: 8888
file: 60.204.208.172
hash: 8088
file: 103.253.27.116
hash: 10001
domain: ec2-34-219-119-143.us-west-2.compute.amazonaws.com
file: 47.96.40.33
hash: 60000
file: 89.221.214.18
hash: 51115
file: 46.101.208.87
hash: 3333
file: 18.142.9.64
hash: 3333
file: 167.234.226.89
hash: 443
file: 103.235.75.107
hash: 443
file: 31.97.248.145
hash: 443
file: 129.211.211.145
hash: 3333
file: 4.198.121.42
hash: 4433
file: 185.209.162.101
hash: 445
file: 159.65.128.224
hash: 3333
file: 3.89.93.231
hash: 443
file: 185.47.174.137
hash: 8080
file: 98.70.42.229
hash: 8080
file: 183.82.122.12
hash: 3333
file: 51.20.113.187
hash: 3333
file: 35.180.25.119
hash: 443
file: 47.254.85.24
hash: 443
file: 107.150.0.62
hash: 443
file: 206.238.179.200
hash: 31795
url: http://43.160.252.15:8888/supershell/login/
file: 92.222.100.197
hash: 7777
domain: l-integrate.gl.at.ply.gg
domain: ansy2307.duckdns.org
file: 88.247.16.132
hash: 1604
domain: video-trinity.gl.at.ply.gg
url: http://wranglerjeans.shop
file: 147.45.219.9
hash: 5552
file: 206.238.179.200
hash: 31796
domain: board-promotes.gl.at.ply.gg
file: 185.11.145.125
hash: 8080
file: 47.122.158.70
hash: 8888
file: 113.45.243.41
hash: 801
file: 8.148.79.177
hash: 80
file: 43.143.114.43
hash: 8090
file: 47.109.88.26
hash: 7777
file: 8.148.20.98
hash: 8888
file: 38.54.30.22
hash: 8081
file: 47.122.121.212
hash: 80
file: 8.148.31.196
hash: 8888
file: 47.122.51.211
hash: 8888
file: 47.122.63.142
hash: 8888
file: 49.235.177.231
hash: 9999
hash: b6ee03c1fd8aa335c0b888617594058fa83650a7
url: https://viadeo.best/stream.pdf
file: 47.110.33.225
hash: 4848
file: 47.242.129.79
hash: 9443
file: 198.7.124.59
hash: 31337
file: 87.228.114.68
hash: 7443
file: 84.46.243.167
hash: 10443
file: 101.200.221.43
hash: 3306
file: 35.177.208.100
hash: 3101
file: 167.160.161.43
hash: 1888
domain: narrowfemboy.ddns.net
file: 77.96.238.78
hash: 8686
domain: know-damages.gl.at.ply.gg
domain: machine-resume.gl.at.ply.gg
domain: pallvlxl.lat
domain: wppanel.icu
domain: expressapiwizard.com
file: 107.158.145.206
hash: 5610
file: 101.200.193.211
hash: 8090
file: 47.237.86.35
hash: 52901
file: 47.105.51.165
hash: 2000
file: 124.198.132.250
hash: 6606
file: 124.198.132.250
hash: 7707
file: 34.219.119.143
hash: 443
file: 111.90.151.59
hash: 7443
file: 176.46.158.40
hash: 1911
url: http://196.251.81.176/df30hn4m/index.php
file: 2.50.53.227
hash: 443
file: 14.225.198.50
hash: 443
domain: royaltbn.xyz
domain: columnez.shop
domain: mixp.digital
domain: woodenso.top
domain: foundrr.bet
domain: nanoceus.run
domain: eliminhd.lol
domain: sheddeuh.lol
domain: blegekei.lol
domain: newyorwr.lol
domain: agrevpud.shop
domain: carptrvo.shop
domain: conaarl.top
domain: religxp.top
domain: frowjyx.top
domain: hobbcxez.top
domain: grateb.lat
domain: charuhd.lat
domain: eintek.lat
domain: raincazn.lat
domain: hardexbo.lat
domain: siluriyt.lat
domain: genuygpa.lol
domain: idioigsa.lol
domain: exponxb.lol
domain: profityd.lol
domain: tefere.lol
domain: mesovti.lol
domain: trainaj.lol
domain: oesopt.lol
domain: superuu.lol
domain: unswqik.shop
domain: cosopwx.shop
domain: ellexb.lol
domain: dogtrgc.lat
domain: podhxwf.lat
domain: potppfu.lat
domain: tranfex.lat
domain: linejjer.lat
domain: porzxgnw.lat
domain: lysandjkd.lol
domain: bumpegq.lol
url: http://ce12403.tw1.ru/b17cb5bf.php
domain: siltapl.fun
domain: potosuz.fun
domain: wagnvp.fun
file: 82.29.54.36
hash: 6789
file: 147.185.221.30
hash: 4545
url: http://206.82.6.166/supershell/login/
file: 118.89.178.101
hash: 80
file: 47.111.8.116
hash: 80
domain: biotec-imc.xyz
domain: kreon.one
file: 79.110.50.8
hash: 14306
file: 79.110.50.8
hash: 14305
file: 2.58.56.75
hash: 9321
file: 79.110.49.140
hash: 4900
file: 47.229.177.58
hash: 8808
file: 45.74.10.38
hash: 5444
file: 186.190.211.108
hash: 446
file: 34.23.44.248
hash: 8808
file: 69.160.242.105
hash: 4782
file: 69.160.242.105
hash: 11066
file: 69.232.48.67
hash: 4782
domain: spain-posters.gl.at.ply.gg
file: 16.51.166.161
hash: 8636
file: 213.44.255.64
hash: 80
file: 188.124.51.141
hash: 4443
file: 49.51.195.225
hash: 10001
file: 107.150.0.67
hash: 443
file: 149.30.242.248
hash: 8888
file: 213.209.143.43
hash: 58008
domain: files.businessmondo.com
file: 172.245.152.196
hash: 32000
url: https://files.businessmondo.com/viewdashboard
file: 104.207.140.146
hash: 443
domain: charigelly.com
domain: ff-exchange.art
domain: ff-exchange.biz
domain: ff-exchange.help
domain: ff-exchange.vip
domain: simpleswap.name
domain: slmpleswap.com
domain: cosmochanger.net
domain: simpieswap.net
domain: charigelly.org
domain: simpieswap.org
domain: changenovv.xyz
domain: charigelly.xyz
domain: my-exodus.co.uk
domain: chn-gnow.com
domain: tr0n.link
domain: simpleswapweb.com
domain: hop-exchange.co
domain: supereform.xyz
domain: aml-checknow.net
domain: sushiswap-v2.com
domain: zh-imtoken.cn
domain: wallet-syncing.top
file: 79.110.49.14
hash: 1977
url: http://85.208.84.41/f7ehhfaddsk/index.php
domain: arewa.ydns.eu
file: 85.208.84.41
hash: 80
file: 35.174.54.0
hash: 443
file: 176.82.235.98
hash: 6001
file: 193.29.104.178
hash: 3001
url: http://85.208.84.41/f7ehhfaddsk/login.php
url: https://ucoxqdemo.fedor-turin.ru
url: https://176.46.157.50/tu3d2rom/index.php
url: https://176.46.157.50/tu3d2rom/login.php
url: https://185.208.158.96/mzmtrpwoe113eelxn/login.php
url: https://aafastservice.top
url: https://ucqire.com/
url: https://62.60.248.110/pages/login.php
url: https://147.45.42.161/pages/login.php
url: https://203.245.0.121/blog/img/help.php
url: https://cyberdarkduck.live/webpanel/
url: https://t.me/r24ecover
domain: www.alfapetroluems.com
domain: www.asttoria-trade.com
file: 107.172.255.60
hash: 7705
url: https://bestproductreviews.xyz/tagger/evatag.js
domain: bestproductreviews.xyz
url: https://bestproductreviews.xyz/tagger/buffer.js
url: https://curemile.com/hip.php
domain: curemile.com
url: https://curemile.com/cleanertext.zip
file: 185.163.45.130
hash: 443
url: https://columnez.shop/xlak
file: 45.78.225.208
hash: 7443
file: 51.57.61.52
hash: 443
file: 109.196.100.217
hash: 7443
url: https://foundrr.bet/zuqy
file: 89.117.123.250
hash: 8443
file: 47.117.12.211
hash: 443
file: 102.209.118.14
hash: 443
file: 3.96.189.206
hash: 1224
url: https://mixp.digital/amnt
domain: derppyderpponline.win
file: 8.139.5.71
hash: 47486
url: https://nanoceus.run/agkr
file: 5.161.61.25
hash: 3001
url: https://potosuz.fun/xiir
file: 167.160.89.156
hash: 10001
url: https://royaltbn.xyz/xaoi
url: https://siltapl.fun/xiru
url: https://wagnvp.fun/akjf
url: https://woodenso.top/xaoi
domain: test.livepanel.pw
file: 64.188.76.192
hash: 57077
url: https://xx.fu.review.digital
domain: xx.fu.review.digital
url: https://glidzgs.top/xnar
url: https://placlzh.pics/xiqw
url: https://t.me/gfdsgdrt3
url: https://t.me/gfdsgrts4
domain: released-domain.gl.at.ply.gg
domain: anasofia.duckdns.org
file: 84.113.108.110
hash: 4199
url: https://crucrev.lol/xqio/api
url: https://breabm.pics/pxkr
domain: fadingannk.xyz
file: 80.64.19.132
hash: 7712
file: 80.64.19.226
hash: 7712
file: 193.161.193.99
hash: 32961
file: 147.185.221.29
hash: 58500
file: 206.123.145.116
hash: 2404
file: 121.199.52.25
hash: 80
file: 36.133.13.147
hash: 60000
file: 3.21.206.81
hash: 2405
file: 181.131.217.24
hash: 8808
file: 45.74.8.89
hash: 80
file: 45.74.8.89
hash: 82
file: 49.207.177.87
hash: 443
file: 187.143.100.23
hash: 790
file: 187.143.100.23
hash: 1913
file: 157.175.188.83
hash: 1201
file: 3.96.189.206
hash: 1024
file: 85.9.206.100
hash: 8000
file: 193.161.193.99
hash: 33300
file: 195.177.94.117
hash: 3252
file: 85.208.84.32
hash: 2326
domain: choice.ydns.eu
file: 15.200.139.55
hash: 443
file: 18.252.140.23
hash: 443
file: 207.174.3.213
hash: 58888
file: 3.72.32.252
hash: 443
file: 54.184.56.60
hash: 443
file: 34.23.44.248
hash: 1177
file: 89.78.109.244
hash: 8848

Source: ThreatFox MISP Feed

Published: Thu Jul 24 2025

ThreatFox IOCs for 2025-07-24

Medium

Malwaretype:osint tlp:white

Published: Thu Jul 24 2025 (07/24/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-07-24

AI-Powered Analysis

AILast updated: 07/25/2025, 00:32:49 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 4d81c84d-4a49-4052-8e24-655a447f95ab
Original Timestamp: 1753401785

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://45.131.64.210/1.sh	Unknown malware payload delivery URL (confidence level: 75%)
urlhttps://jambnwz.top/gakh	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sparklfm.xyz/xoit	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://steamcommunity.com/profiles/76561199880530249	Vidar botnet C2 (confidence level: 75%)
urlhttps://t.me/dz25gz	Vidar botnet C2 (confidence level: 75%)
urlhttps://195.201.251.183	Vidar botnet C2 (confidence level: 75%)
urlhttps://main.db.review.digital	Vidar botnet C2 (confidence level: 75%)
urlhttp://kurama.network/login	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://43.160.252.15:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://wranglerjeans.shop	Stealc botnet C2 (confidence level: 100%)
urlhttps://viadeo.best/stream.pdf	Lumma Stealer payload delivery URL (confidence level: 100%)
urlhttp://196.251.81.176/df30hn4m/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://ce12403.tw1.ru/b17cb5bf.php	DCRat botnet C2 (confidence level: 100%)
urlhttp://206.82.6.166/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://files.businessmondo.com/viewdashboard	FAKEUPDATES botnet C2 (confidence level: 100%)
urlhttp://85.208.84.41/f7ehhfaddsk/index.php	Amadey botnet C2 (confidence level: 100%)
urlhttp://85.208.84.41/f7ehhfaddsk/login.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://ucoxqdemo.fedor-turin.ru	Lumma Stealer botnet C2 (confidence level: 50%)
urlhttps://176.46.157.50/tu3d2rom/index.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://176.46.157.50/tu3d2rom/login.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://185.208.158.96/mzmtrpwoe113eelxn/login.php	Amadey botnet C2 (confidence level: 50%)
urlhttps://aafastservice.top	Hook botnet C2 (confidence level: 50%)
urlhttps://ucqire.com/	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://62.60.248.110/pages/login.php	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://147.45.42.161/pages/login.php	Unknown malware botnet C2 (confidence level: 50%)
urlhttps://203.245.0.121/blog/img/help.php	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://cyberdarkduck.live/webpanel/	Unknown Stealer botnet C2 (confidence level: 50%)
urlhttps://t.me/r24ecover	LockBit botnet C2 (confidence level: 50%)
urlhttps://bestproductreviews.xyz/tagger/evatag.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://bestproductreviews.xyz/tagger/buffer.js	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://curemile.com/hip.php	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://curemile.com/cleanertext.zip	NetSupportManager RAT payload delivery URL (confidence level: 100%)
urlhttps://columnez.shop/xlak	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://foundrr.bet/zuqy	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mixp.digital/amnt	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://nanoceus.run/agkr	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://potosuz.fun/xiir	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://royaltbn.xyz/xaoi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://siltapl.fun/xiru	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://wagnvp.fun/akjf	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://woodenso.top/xaoi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xx.fu.review.digital	Vidar botnet C2 (confidence level: 75%)
urlhttps://glidzgs.top/xnar	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://placlzh.pics/xiqw	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/gfdsgdrt3	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://t.me/gfdsgrts4	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://crucrev.lol/xqio/api	Lumma Stealer botnet C2 (confidence level: 100%)
urlhttps://breabm.pics/pxkr	Lumma Stealer botnet C2 (confidence level: 100%)

Domain

Value	Description	Copy
domainkefel.tech	SPICA botnet C2 domain (confidence level: 50%)
domainkefel.io	SPICA botnet C2 domain (confidence level: 50%)
domains1.kefel.tech	SPICA botnet C2 domain (confidence level: 50%)
domains2.kefel.tech	SPICA botnet C2 domain (confidence level: 50%)
domains3.kefel.tech	SPICA botnet C2 domain (confidence level: 50%)
domains4.kefel.tech	SPICA botnet C2 domain (confidence level: 50%)
domainapp.kefel.tech	SPICA botnet C2 domain (confidence level: 50%)
domain428d09ca103d2593e3555304a2862f873c70ca7d	SPICA botnet C2 domain (confidence level: 50%)
domaindelfxus.today	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainjambnwz.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsparklfm.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainsecurity.flaversegaurd.com	Unknown malware payload delivery domain (confidence level: 100%)
domainkacivoped.com	Unknown malware payload delivery domain (confidence level: 100%)
domainwndlogon.hopto.org	Unknown RAT botnet C2 domain (confidence level: 100%)
domainwndlogon.itemdb.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainaccounts.secure-verifications.es	Havoc botnet C2 domain (confidence level: 100%)
domainmain.db.review.digital	Vidar botnet C2 domain (confidence level: 75%)
domainbxmv1taxbxr8p.cfc-execute.bj.baidubce.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainfast.mirzazizo.https443.net	Unknown RAT botnet C2 domain (confidence level: 100%)
domainec2-34-219-119-143.us-west-2.compute.amazonaws.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainl-integrate.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainansy2307.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainvideo-trinity.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainboard-promotes.gl.at.ply.gg	Unknown RAT botnet C2 domain (confidence level: 100%)
domainnarrowfemboy.ddns.net	NjRAT botnet C2 domain (confidence level: 50%)
domainknow-damages.gl.at.ply.gg	Remcos botnet C2 domain (confidence level: 50%)
domainmachine-resume.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainpallvlxl.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainwppanel.icu	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainexpressapiwizard.com	FAKEUPDATES payload delivery domain (confidence level: 100%)
domainroyaltbn.xyz	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincolumnez.shop	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainmixp.digital	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwoodenso.top	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainfoundrr.bet	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainnanoceus.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaineliminhd.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsheddeuh.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainblegekei.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainnewyorwr.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainagrevpud.shop	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincarptrvo.shop	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainconaarl.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainreligxp.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfrowjyx.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhobbcxez.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingrateb.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincharuhd.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaineintek.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainraincazn.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainhardexbo.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsiluriyt.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaingenuygpa.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainidioigsa.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainexponxb.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainprofityd.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintefere.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainmesovti.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintrainaj.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainoesopt.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsuperuu.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainunswqik.shop	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincosopwx.shop	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainellexb.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaindogtrgc.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpodhxwf.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainpotppfu.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaintranfex.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlinejjer.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainporzxgnw.lat	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainlysandjkd.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainbumpegq.lol	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsiltapl.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainpotosuz.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainwagnvp.fun	Lumma Stealer botnet C2 domain (confidence level: 100%)
domainbiotec-imc.xyz	Remcos botnet C2 domain (confidence level: 100%)
domainkreon.one	Remcos botnet C2 domain (confidence level: 100%)
domainspain-posters.gl.at.ply.gg	Quasar RAT botnet C2 domain (confidence level: 100%)
domainfiles.businessmondo.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincharigelly.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainff-exchange.art	Unknown malware botnet C2 domain (confidence level: 100%)
domainff-exchange.biz	Unknown malware botnet C2 domain (confidence level: 100%)
domainff-exchange.help	Unknown malware botnet C2 domain (confidence level: 100%)
domainff-exchange.vip	Unknown malware botnet C2 domain (confidence level: 100%)
domainsimpleswap.name	Unknown malware botnet C2 domain (confidence level: 100%)
domainslmpleswap.com	Unknown malware botnet C2 domain (confidence level: 100%)
domaincosmochanger.net	Unknown malware botnet C2 domain (confidence level: 100%)
domainsimpieswap.net	Unknown malware botnet C2 domain (confidence level: 100%)
domaincharigelly.org	Unknown malware botnet C2 domain (confidence level: 100%)
domainsimpieswap.org	Unknown malware botnet C2 domain (confidence level: 100%)
domainchangenovv.xyz	Unknown malware botnet C2 domain (confidence level: 100%)
domaincharigelly.xyz	Unknown malware botnet C2 domain (confidence level: 100%)
domainmy-exodus.co.uk	Unknown malware botnet C2 domain (confidence level: 100%)
domainchn-gnow.com	Unknown malware botnet C2 domain (confidence level: 100%)
domaintr0n.link	Unknown malware botnet C2 domain (confidence level: 100%)
domainsimpleswapweb.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainhop-exchange.co	Unknown malware botnet C2 domain (confidence level: 100%)
domainsupereform.xyz	Unknown malware botnet C2 domain (confidence level: 100%)
domainaml-checknow.net	Unknown malware botnet C2 domain (confidence level: 100%)
domainsushiswap-v2.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainzh-imtoken.cn	Unknown malware botnet C2 domain (confidence level: 100%)
domainwallet-syncing.top	Unknown malware botnet C2 domain (confidence level: 100%)
domainarewa.ydns.eu	Quasar RAT botnet C2 domain (confidence level: 75%)
domainwww.alfapetroluems.com	Remcos botnet C2 domain (confidence level: 50%)
domainwww.asttoria-trade.com	Remcos botnet C2 domain (confidence level: 50%)
domainbestproductreviews.xyz	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domaincuremile.com	NetSupportManager RAT payload delivery domain (confidence level: 100%)
domainderppyderpponline.win	Unknown malware botnet C2 domain (confidence level: 100%)
domaintest.livepanel.pw	Unknown Loader payload delivery domain (confidence level: 90%)
domainxx.fu.review.digital	Vidar botnet C2 domain (confidence level: 75%)
domainreleased-domain.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainanasofia.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainfadingannk.xyz	RedLine Stealer botnet C2 domain (confidence level: 100%)
domainchoice.ydns.eu	Quasar RAT botnet C2 domain (confidence level: 75%)

File

Value	Description	Copy
file43.138.22.149	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.138.22.149	Cobalt Strike botnet C2 server (confidence level: 100%)
file85.102.13.26	AsyncRAT botnet C2 server (confidence level: 100%)
file45.32.187.145	SectopRAT botnet C2 server (confidence level: 100%)
file54.242.171.49	Havoc botnet C2 server (confidence level: 100%)
file13.232.71.100	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file34.229.188.97	Empire Downloader botnet C2 server (confidence level: 100%)
file207.180.246.14	Empire Downloader botnet C2 server (confidence level: 100%)
file52.205.143.192	Empire Downloader botnet C2 server (confidence level: 100%)
file91.92.120.113	PureLogs Stealer botnet C2 server (confidence level: 100%)
file103.77.241.176	Mirai botnet C2 server (confidence level: 100%)
file113.45.134.83	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.110.229.125	Cobalt Strike botnet C2 server (confidence level: 100%)
file65.99.193.152	Cobalt Strike botnet C2 server (confidence level: 100%)
file104.243.254.98	Remcos botnet C2 server (confidence level: 100%)
file185.174.135.71	Unknown RAT botnet C2 server (confidence level: 100%)
file185.93.89.55	SectopRAT botnet C2 server (confidence level: 100%)
file85.208.84.56	Hook botnet C2 server (confidence level: 100%)
file130.164.181.230	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.192.209.47	Kaiji botnet C2 server (confidence level: 100%)
file45.192.209.54	Kaiji botnet C2 server (confidence level: 100%)
file60.204.208.172	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.253.27.116	Xtreme RAT botnet C2 server (confidence level: 100%)
file47.96.40.33	Unknown malware botnet C2 server (confidence level: 100%)
file89.221.214.18	Unknown malware botnet C2 server (confidence level: 100%)
file46.101.208.87	Unknown malware botnet C2 server (confidence level: 100%)
file18.142.9.64	Unknown malware botnet C2 server (confidence level: 100%)
file167.234.226.89	Unknown malware botnet C2 server (confidence level: 100%)
file103.235.75.107	Unknown malware botnet C2 server (confidence level: 100%)
file31.97.248.145	Unknown malware botnet C2 server (confidence level: 100%)
file129.211.211.145	Unknown malware botnet C2 server (confidence level: 100%)
file4.198.121.42	Unknown malware botnet C2 server (confidence level: 100%)
file185.209.162.101	Unknown malware botnet C2 server (confidence level: 100%)
file159.65.128.224	Unknown malware botnet C2 server (confidence level: 100%)
file3.89.93.231	Unknown malware botnet C2 server (confidence level: 100%)
file185.47.174.137	Unknown malware botnet C2 server (confidence level: 100%)
file98.70.42.229	Unknown malware botnet C2 server (confidence level: 100%)
file183.82.122.12	Unknown malware botnet C2 server (confidence level: 100%)
file51.20.113.187	Unknown malware botnet C2 server (confidence level: 100%)
file35.180.25.119	Unknown malware botnet C2 server (confidence level: 100%)
file47.254.85.24	Unknown malware botnet C2 server (confidence level: 100%)
file107.150.0.62	Latrodectus botnet C2 server (confidence level: 90%)
file206.238.179.200	ValleyRAT botnet C2 server (confidence level: 100%)
file92.222.100.197	XWorm botnet C2 server (confidence level: 100%)
file88.247.16.132	AsyncRAT botnet C2 server (confidence level: 100%)
file147.45.219.9	NjRAT botnet C2 server (confidence level: 100%)
file206.238.179.200	ValleyRAT botnet C2 server (confidence level: 100%)
file185.11.145.125	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.158.70	Cobalt Strike botnet C2 server (confidence level: 100%)
file113.45.243.41	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.148.79.177	Cobalt Strike botnet C2 server (confidence level: 100%)
file43.143.114.43	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.109.88.26	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.148.20.98	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.54.30.22	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.121.212	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.148.31.196	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.51.211	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.122.63.142	Cobalt Strike botnet C2 server (confidence level: 100%)
file49.235.177.231	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.110.33.225	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.242.129.79	Cobalt Strike botnet C2 server (confidence level: 50%)
file198.7.124.59	Sliver botnet C2 server (confidence level: 50%)
file87.228.114.68	Unknown malware botnet C2 server (confidence level: 50%)
file84.46.243.167	AdaptixC2 botnet C2 server (confidence level: 50%)
file101.200.221.43	Xtreme RAT botnet C2 server (confidence level: 50%)
file35.177.208.100	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file167.160.161.43	DCRat botnet C2 server (confidence level: 50%)
file77.96.238.78	Orcus RAT botnet C2 server (confidence level: 50%)
file107.158.145.206	STRRAT botnet C2 server (confidence level: 100%)
file101.200.193.211	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.237.86.35	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.105.51.165	Sliver botnet C2 server (confidence level: 100%)
file124.198.132.250	AsyncRAT botnet C2 server (confidence level: 100%)
file124.198.132.250	AsyncRAT botnet C2 server (confidence level: 100%)
file34.219.119.143	Unknown malware botnet C2 server (confidence level: 100%)
file111.90.151.59	Unknown malware botnet C2 server (confidence level: 100%)
file176.46.158.40	RedLine Stealer botnet C2 server (confidence level: 100%)
file2.50.53.227	QakBot botnet C2 server (confidence level: 75%)
file14.225.198.50	Havoc botnet C2 server (confidence level: 75%)
file82.29.54.36	ValleyRAT botnet C2 server (confidence level: 100%)
file147.185.221.30	XWorm botnet C2 server (confidence level: 100%)
file118.89.178.101	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.111.8.116	Cobalt Strike botnet C2 server (confidence level: 100%)
file79.110.50.8	Remcos botnet C2 server (confidence level: 100%)
file79.110.50.8	Remcos botnet C2 server (confidence level: 100%)
file2.58.56.75	Remcos botnet C2 server (confidence level: 100%)
file79.110.49.140	Remcos botnet C2 server (confidence level: 100%)
file47.229.177.58	AsyncRAT botnet C2 server (confidence level: 100%)
file45.74.10.38	AsyncRAT botnet C2 server (confidence level: 100%)
file186.190.211.108	AsyncRAT botnet C2 server (confidence level: 100%)
file34.23.44.248	AsyncRAT botnet C2 server (confidence level: 100%)
file69.160.242.105	Quasar RAT botnet C2 server (confidence level: 100%)
file69.160.242.105	Quasar RAT botnet C2 server (confidence level: 100%)
file69.232.48.67	Quasar RAT botnet C2 server (confidence level: 100%)
file16.51.166.161	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file213.44.255.64	MooBot botnet C2 server (confidence level: 100%)
file188.124.51.141	AdaptixC2 botnet C2 server (confidence level: 100%)
file49.51.195.225	Xtreme RAT botnet C2 server (confidence level: 100%)
file107.150.0.67	Latrodectus botnet C2 server (confidence level: 90%)
file149.30.242.248	ValleyRAT botnet C2 server (confidence level: 100%)
file213.209.143.43	N-W0rm botnet C2 server (confidence level: 100%)
file172.245.152.196	Remcos botnet C2 server (confidence level: 75%)
file104.207.140.146	FAKEUPDATES botnet C2 server (confidence level: 100%)
file79.110.49.14	Quasar RAT botnet C2 server (confidence level: 100%)
file85.208.84.41	Amadey botnet C2 server (confidence level: 50%)
file35.174.54.0	Cobalt Strike botnet C2 server (confidence level: 50%)
file176.82.235.98	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file193.29.104.178	Unknown malware botnet C2 server (confidence level: 50%)
file107.172.255.60	PureLogs Stealer botnet C2 server (confidence level: 100%)
file185.163.45.130	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file45.78.225.208	Unknown malware botnet C2 server (confidence level: 100%)
file51.57.61.52	Unknown malware botnet C2 server (confidence level: 100%)
file109.196.100.217	Unknown malware botnet C2 server (confidence level: 100%)
file89.117.123.250	Havoc botnet C2 server (confidence level: 100%)
file47.117.12.211	Havoc botnet C2 server (confidence level: 100%)
file102.209.118.14	Havoc botnet C2 server (confidence level: 100%)
file3.96.189.206	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file8.139.5.71	Chaos botnet C2 server (confidence level: 100%)
file5.161.61.25	Bashlite botnet C2 server (confidence level: 100%)
file167.160.89.156	Xtreme RAT botnet C2 server (confidence level: 100%)
file64.188.76.192	Quasar RAT botnet C2 server (confidence level: 75%)
file84.113.108.110	Quasar RAT botnet C2 server (confidence level: 100%)
file80.64.19.132	Aurotun Stealer botnet C2 server (confidence level: 100%)
file80.64.19.226	Aurotun Stealer botnet C2 server (confidence level: 100%)
file193.161.193.99	Quasar RAT botnet C2 server (confidence level: 100%)
file147.185.221.29	XWorm botnet C2 server (confidence level: 100%)
file206.123.145.116	Remcos botnet C2 server (confidence level: 100%)
file121.199.52.25	Cobalt Strike botnet C2 server (confidence level: 100%)
file36.133.13.147	Cobalt Strike botnet C2 server (confidence level: 100%)
file3.21.206.81	Remcos botnet C2 server (confidence level: 100%)
file181.131.217.24	AsyncRAT botnet C2 server (confidence level: 100%)
file45.74.8.89	AsyncRAT botnet C2 server (confidence level: 100%)
file45.74.8.89	AsyncRAT botnet C2 server (confidence level: 100%)
file49.207.177.87	Unknown malware botnet C2 server (confidence level: 100%)
file187.143.100.23	Quasar RAT botnet C2 server (confidence level: 100%)
file187.143.100.23	Quasar RAT botnet C2 server (confidence level: 100%)
file157.175.188.83	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file3.96.189.206	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file85.9.206.100	MimiKatz botnet C2 server (confidence level: 100%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 100%)
file195.177.94.117	Quasar RAT botnet C2 server (confidence level: 100%)
file85.208.84.32	Aurotun Stealer botnet C2 server (confidence level: 100%)
file15.200.139.55	DeimosC2 botnet C2 server (confidence level: 75%)
file18.252.140.23	DeimosC2 botnet C2 server (confidence level: 75%)
file207.174.3.213	Sliver botnet C2 server (confidence level: 75%)
file3.72.32.252	DeimosC2 botnet C2 server (confidence level: 75%)
file54.184.56.60	DeimosC2 botnet C2 server (confidence level: 75%)
file34.23.44.248	NjRAT botnet C2 server (confidence level: 100%)
file89.78.109.244	AsyncRAT botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8082	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash5222	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Empire Downloader botnet C2 server (confidence level: 100%)
hash80	Empire Downloader botnet C2 server (confidence level: 100%)
hash443	Empire Downloader botnet C2 server (confidence level: 100%)
hash62520	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash12121	Mirai botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4862	Remcos botnet C2 server (confidence level: 100%)
hash80	Unknown RAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash45051	Hook botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8888	Kaiji botnet C2 server (confidence level: 100%)
hash8888	Kaiji botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash51115	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash4433	Unknown malware botnet C2 server (confidence level: 100%)
hash445	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash8080	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash31795	ValleyRAT botnet C2 server (confidence level: 100%)
hash7777	XWorm botnet C2 server (confidence level: 100%)
hash1604	AsyncRAT botnet C2 server (confidence level: 100%)
hash5552	NjRAT botnet C2 server (confidence level: 100%)
hash31796	ValleyRAT botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash801	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8081	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9999	Cobalt Strike botnet C2 server (confidence level: 100%)
hashb6ee03c1fd8aa335c0b888617594058fa83650a7	Lumma Stealer payload (confidence level: 100%)
hash4848	Cobalt Strike botnet C2 server (confidence level: 50%)
hash9443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash10443	AdaptixC2 botnet C2 server (confidence level: 50%)
hash3306	Xtreme RAT botnet C2 server (confidence level: 50%)
hash3101	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash1888	DCRat botnet C2 server (confidence level: 50%)
hash8686	Orcus RAT botnet C2 server (confidence level: 50%)
hash5610	STRRAT botnet C2 server (confidence level: 100%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash52901	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2000	Sliver botnet C2 server (confidence level: 100%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash1911	RedLine Stealer botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash6789	ValleyRAT botnet C2 server (confidence level: 100%)
hash4545	XWorm botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash14306	Remcos botnet C2 server (confidence level: 100%)
hash14305	Remcos botnet C2 server (confidence level: 100%)
hash9321	Remcos botnet C2 server (confidence level: 100%)
hash4900	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash5444	AsyncRAT botnet C2 server (confidence level: 100%)
hash446	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash11066	Quasar RAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash8636	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash4443	AdaptixC2 botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 90%)
hash8888	ValleyRAT botnet C2 server (confidence level: 100%)
hash58008	N-W0rm botnet C2 server (confidence level: 100%)
hash32000	Remcos botnet C2 server (confidence level: 75%)
hash443	FAKEUPDATES botnet C2 server (confidence level: 100%)
hash1977	Quasar RAT botnet C2 server (confidence level: 100%)
hash80	Amadey botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash6001	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3001	Unknown malware botnet C2 server (confidence level: 50%)
hash7705	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash1224	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash47486	Chaos botnet C2 server (confidence level: 100%)
hash3001	Bashlite botnet C2 server (confidence level: 100%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 100%)
hash57077	Quasar RAT botnet C2 server (confidence level: 75%)
hash4199	Quasar RAT botnet C2 server (confidence level: 100%)
hash7712	Aurotun Stealer botnet C2 server (confidence level: 100%)
hash7712	Aurotun Stealer botnet C2 server (confidence level: 100%)
hash32961	Quasar RAT botnet C2 server (confidence level: 100%)
hash58500	XWorm botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash60000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2405	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash82	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash790	Quasar RAT botnet C2 server (confidence level: 100%)
hash1913	Quasar RAT botnet C2 server (confidence level: 100%)
hash1201	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash1024	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash33300	XWorm botnet C2 server (confidence level: 100%)
hash3252	Quasar RAT botnet C2 server (confidence level: 100%)
hash2326	Aurotun Stealer botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash58888	Sliver botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	DeimosC2 botnet C2 server (confidence level: 75%)
hash1177	NjRAT botnet C2 server (confidence level: 100%)
hash8848	AsyncRAT botnet C2 server (confidence level: 75%)

Threat ID: 6882cd1cad5a09ad004b5a23

Added to database: 7/25/2025, 12:17:32 AM

Last enriched: 7/25/2025, 12:32:49 AM

Last updated: 7/25/2025, 7:17:32 PM

Related Threats

New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers

Medium

MalwareFri Jul 25 2025

Threat Actors Lure Victims Into Downloading .HTA Files Using ClickFix To Spread Epsilon Red Ransomware

Medium

MalwareFri Jul 25 2025

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-07-24

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-07-24

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

Domain

File

Hash

Related Threats

New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers

Threat Actors Lure Victims Into Downloading .HTA Files Using ClickFix To Spread Epsilon Red Ransomware

Koske, a new AI-Generated Linux malware appears in the threat landscape

Coyote malware is first-ever malware abusing Windows UI Automation

Scavenger Trojan Targets Crypto Wallets via Game Mods and Browser Flaws

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility