ThreatFox IOCs for 2025-08-11
ThreatFox IOCs for 2025-08-11
AI Analysis
Technical Summary
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-08-11 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit. No affected software versions or patches are listed, and there are no known exploits in the wild associated with these IOCs. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (3) and minimal analysis (1), suggesting that these IOCs are newly released or not yet widely analyzed. The absence of concrete technical details such as specific malware families, attack vectors, or payload characteristics limits the ability to provide a detailed technical breakdown. However, the categorization implies that these IOCs are intended to assist in identifying malicious payload delivery attempts and network-based malicious activities through OSINT methods. The TLP:white tag indicates that the information is intended for wide sharing, supporting open collaboration in threat detection and response. Overall, this entry represents a threat intelligence update rather than a direct, exploitable vulnerability or active threat campaign.
Potential Impact
For European organizations, the impact of these IOCs depends largely on their integration into security monitoring and incident response workflows. Since these are OSINT-based indicators related to malware payload delivery and network activity, they can enhance detection capabilities against emerging threats. Without specific exploit details or active campaigns, the immediate risk is limited. However, failure to incorporate such intelligence could delay identification of malicious network traffic or payload delivery attempts, potentially allowing malware infections or data exfiltration. Organizations with mature security operations centers (SOCs) and threat intelligence teams can leverage these IOCs to improve situational awareness and preemptively block or investigate suspicious activities. Conversely, organizations lacking such capabilities may not benefit directly, potentially increasing their exposure to undetected threats. Given the medium severity and lack of known exploits, the threat is more relevant as a proactive detection measure than an immediate operational risk.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related malicious activities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of OSINT indicators to maintain up-to-date defenses. 3. Conduct network traffic analysis focusing on anomalies that match the characteristics of the payload delivery and network activity described. 4. Train SOC analysts to recognize patterns associated with these IOCs and to escalate suspicious findings promptly. 5. Implement network segmentation and strict egress filtering to limit the impact of potential payload delivery and lateral movement. 6. Maintain robust incident response plans that incorporate threat intelligence updates for timely containment and remediation. 7. Collaborate with information sharing organizations and national cybersecurity centers to contextualize these IOCs within broader threat landscapes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- url: http://37.60.245.154:8000/app_amd64
- url: https://googletagamnager.com/js/timer.jquery.js
- url: https://hope2bounce.com/archives/dentdevilonthemoon.epub
- hash: deeb880b5c038f5560ba1080ddc2b46824a32f5b8f55b2328bd31a1f1a123b50
- url: https://cocacola-brandy.net/js/timer.jquery.js
- url: https://hope2bounce.com/reading/onlyelite.kfx
- url: https://bialball.com/js/timer.jquery.js
- url: https://water-termale.com/books/sunincrease.epub
- url: https://water-termale.com/books/programproject.epub
- url: https://paramountoffice-today.com/library/ritualraven.aspx
- url: https://paramountoffice-today.com/library/successblame.aspx
- domain: security.flheregurend.com
- domain: abersuin.com
- file: 18.209.31.252
- hash: 80
- file: 209.38.214.215
- hash: 80
- file: 193.233.165.232
- hash: 443
- file: 129.211.31.181
- hash: 4433
- file: 143.92.37.198
- hash: 443
- file: 143.92.37.204
- hash: 443
- file: 61.182.51.118
- hash: 8000
- file: 162.55.195.59
- hash: 8888
- file: 16.171.5.39
- hash: 443
- file: 138.2.16.164
- hash: 8060
- file: 45.149.172.66
- hash: 8060
- file: 193.187.91.217
- hash: 60875
- file: 195.177.94.248
- hash: 4096
- file: 45.137.22.240
- hash: 55615
- file: 46.246.14.2
- hash: 7045
- url: http://odbconnect.work.gd:5067/is-ready
- file: 46.246.14.2
- hash: 5067
- file: 107.172.232.83
- hash: 5466
- file: 103.127.125.137
- hash: 668
- file: 147.185.221.19
- hash: 18563
- file: 38.55.178.234
- hash: 80
- file: 101.201.175.92
- hash: 80
- file: 122.51.156.131
- hash: 3333
- file: 134.199.218.157
- hash: 443
- file: 49.40.54.48
- hash: 443
- file: 124.71.181.145
- hash: 3333
- file: 154.219.115.58
- hash: 55533
- file: 3.79.200.148
- hash: 80
- file: 3.79.200.148
- hash: 443
- file: 185.125.50.119
- hash: 9000
- file: 13.55.37.74
- hash: 8159
- file: 192.99.4.226
- hash: 10001
- file: 60.204.228.237
- hash: 10001
- domain: booking-en.com
- file: 100.28.201.155
- hash: 8654
- file: 147.185.221.30
- hash: 54661
- file: 39.99.155.47
- hash: 8888
- file: 210.16.166.119
- hash: 8088
- file: 101.44.69.134
- hash: 8888
- url: http://cf46796.tw1.ru/ad56e59c.php
- file: 147.185.221.30
- hash: 62714
- file: 45.204.216.24
- hash: 443
- file: 39.105.47.83
- hash: 80
- file: 59.110.18.85
- hash: 80
- file: 101.99.75.37
- hash: 2405
- file: 45.142.115.8
- hash: 1001
- file: 138.197.48.134
- hash: 443
- file: 45.61.137.89
- hash: 443
- file: 101.108.108.68
- hash: 7443
- file: 18.171.149.220
- hash: 18080
- file: 38.132.122.180
- hash: 43212
- file: 34.22.85.55
- hash: 4444
- file: 119.167.234.74
- hash: 10001
- url: https://dub.polarissonic.biz.id
- domain: dub.polarissonic.biz.id
- file: 139.99.83.25
- hash: 56001
- url: https://streamcache.site/balc.jpg
- file: 45.74.10.38
- hash: 56001
- file: 139.84.153.31
- hash: 443
- file: 139.84.219.109
- hash: 443
- file: 184.162.20.200
- hash: 443
- file: 147.185.221.30
- hash: 62724
- file: 86.98.219.11
- hash: 443
- file: 92.59.62.40
- hash: 2222
- file: 95.164.87.88
- hash: 443
- domain: pnraku.top
- file: 5.180.30.148
- hash: 4782
- file: 95.214.54.172
- hash: 7609
- file: 198.7.59.110
- hash: 5874
- file: 147.185.221.30
- hash: 60258
- file: 47.105.65.103
- hash: 80
- file: 101.201.29.59
- hash: 80
- file: 62.164.177.21
- hash: 9000
- file: 129.212.189.231
- hash: 7443
- file: 194.147.140.165
- hash: 1604
- domain: data.utfoundation.net
- file: 206.189.32.112
- hash: 43996
- file: 52.10.110.75
- hash: 25314
- file: 77.83.207.152
- hash: 51144
- file: 147.185.221.30
- hash: 61225
- domain: ferrariworldabudhabl.com
- file: 43.135.78.62
- hash: 962
- file: 147.185.221.30
- hash: 58103
- domain: cdnli.com
- file: 100.103.49.40
- hash: 443
- file: 100.103.49.40
- hash: 80
- file: 188.37.160.41
- hash: 7706
- file: 8.210.126.164
- hash: 7777
- file: 196.119.69.99
- hash: 10000
- url: https://hr.lexnational.com/shopcartview
- domain: hr.lexnational.com
- file: 209.141.51.11
- hash: 443
- file: 108.187.0.52
- hash: 442
- file: 43.248.172.5
- hash: 42284
- file: 108.187.0.52
- hash: 443
- file: 147.185.221.30
- hash: 63285
- file: 38.38.250.99
- hash: 5800
- file: 23.95.103.199
- hash: 1515
- file: 5.188.86.2
- hash: 9000
- file: 181.162.134.175
- hash: 8080
- file: 23.27.169.64
- hash: 8848
- file: 35.87.176.246
- hash: 2376
- url: https://ghogqcav.xyz/mngt
- file: 147.185.221.30
- hash: 53227
- domain: roaj1om6hh5dchv0xjudgxtt0fcucdjh.scvhost.click
- file: 45.134.140.68
- hash: 53569
- url: https://116.202.187.1
- url: https://sec.death-angel.shop
- domain: sec.death-angel.shop
- url: https://epidebg.top/tiza
- url: https://t.me/nfodlooe
- file: 196.251.114.106
- hash: 1894
- url: http://cd53575.tw1.ru/2e622819.php
- file: 119.45.120.228
- hash: 443
- file: 43.134.83.183
- hash: 80
- file: 103.146.124.198
- hash: 443
- file: 47.92.95.16
- hash: 80
- file: 69.5.189.69
- hash: 80
- file: 118.31.173.19
- hash: 443
- file: 103.86.44.149
- hash: 80
- file: 154.194.35.243
- hash: 5000
- file: 128.90.106.179
- hash: 2404
- file: 209.250.227.127
- hash: 443
- file: 43.164.132.15
- hash: 7443
- file: 46.8.122.179
- hash: 443
- file: 103.238.235.157
- hash: 80
- file: 157.230.48.181
- hash: 80
- file: 18.169.47.41
- hash: 443
- file: 5.163.120.247
- hash: 995
- file: 54.83.65.155
- hash: 443
- file: 88.232.102.158
- hash: 443
- file: 172.245.112.200
- hash: 9810
- domain: awtitipies.fasters.fun
- domain: hibmarket.help
- file: 120.46.128.236
- hash: 9696
- file: 150.158.119.242
- hash: 8443
- file: 185.243.41.252
- hash: 443
- file: 147.185.221.30
- hash: 63912
ThreatFox IOCs for 2025-08-11
Description
ThreatFox IOCs for 2025-08-11
AI-Powered Analysis
Technical Analysis
The provided information pertains to a set of Indicators of Compromise (IOCs) published on 2025-08-11 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a specific vulnerability or exploit. No affected software versions or patches are listed, and there are no known exploits in the wild associated with these IOCs. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (3) and minimal analysis (1), suggesting that these IOCs are newly released or not yet widely analyzed. The absence of concrete technical details such as specific malware families, attack vectors, or payload characteristics limits the ability to provide a detailed technical breakdown. However, the categorization implies that these IOCs are intended to assist in identifying malicious payload delivery attempts and network-based malicious activities through OSINT methods. The TLP:white tag indicates that the information is intended for wide sharing, supporting open collaboration in threat detection and response. Overall, this entry represents a threat intelligence update rather than a direct, exploitable vulnerability or active threat campaign.
Potential Impact
For European organizations, the impact of these IOCs depends largely on their integration into security monitoring and incident response workflows. Since these are OSINT-based indicators related to malware payload delivery and network activity, they can enhance detection capabilities against emerging threats. Without specific exploit details or active campaigns, the immediate risk is limited. However, failure to incorporate such intelligence could delay identification of malicious network traffic or payload delivery attempts, potentially allowing malware infections or data exfiltration. Organizations with mature security operations centers (SOCs) and threat intelligence teams can leverage these IOCs to improve situational awareness and preemptively block or investigate suspicious activities. Conversely, organizations lacking such capabilities may not benefit directly, potentially increasing their exposure to undetected threats. Given the medium severity and lack of known exploits, the threat is more relevant as a proactive detection measure than an immediate operational risk.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related malicious activities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of OSINT indicators to maintain up-to-date defenses. 3. Conduct network traffic analysis focusing on anomalies that match the characteristics of the payload delivery and network activity described. 4. Train SOC analysts to recognize patterns associated with these IOCs and to escalate suspicious findings promptly. 5. Implement network segmentation and strict egress filtering to limit the impact of potential payload delivery and lateral movement. 6. Maintain robust incident response plans that incorporate threat intelligence updates for timely containment and remediation. 7. Collaborate with information sharing organizations and national cybersecurity centers to contextualize these IOCs within broader threat landscapes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- cd1bbf36-6631-4e91-86ba-cdda09382e21
- Original Timestamp
- 1754956986
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://37.60.245.154:8000/app_amd64 | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttps://googletagamnager.com/js/timer.jquery.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hope2bounce.com/archives/dentdevilonthemoon.epub | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cocacola-brandy.net/js/timer.jquery.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hope2bounce.com/reading/onlyelite.kfx | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://bialball.com/js/timer.jquery.js | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://water-termale.com/books/sunincrease.epub | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://water-termale.com/books/programproject.epub | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://paramountoffice-today.com/library/ritualraven.aspx | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://paramountoffice-today.com/library/successblame.aspx | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://odbconnect.work.gd:5067/is-ready | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://cf46796.tw1.ru/ad56e59c.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://dub.polarissonic.biz.id | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://streamcache.site/balc.jpg | Lumma Stealer payload delivery URL (confidence level: 100%) | |
urlhttps://hr.lexnational.com/shopcartview | FAKEUPDATES botnet C2 (confidence level: 100%) | |
urlhttps://ghogqcav.xyz/mngt | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://116.202.187.1 | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://sec.death-angel.shop | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://epidebg.top/tiza | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/nfodlooe | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://cd53575.tw1.ru/2e622819.php | DCRat botnet C2 (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hashdeeb880b5c038f5560ba1080ddc2b46824a32f5b8f55b2328bd31a1f1a123b50 | Unknown malware payload (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4433 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash443 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8060 | DCRat botnet C2 server (confidence level: 100%) | |
hash8060 | DCRat botnet C2 server (confidence level: 100%) | |
hash60875 | XWorm botnet C2 server (confidence level: 100%) | |
hash4096 | XWorm botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash7045 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash5067 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash5466 | Remcos botnet C2 server (confidence level: 100%) | |
hash668 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash18563 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash55533 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8159 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash8654 | XWorm botnet C2 server (confidence level: 75%) | |
hash54661 | XenoRAT botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash62714 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash1001 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash18080 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash43212 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash10001 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
hash56001 | ResolverRAT botnet C2 server (confidence level: 66%) | |
hash56001 | ResolverRAT botnet C2 server (confidence level: 66%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 75%) | |
hash62724 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash7609 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash5874 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash60258 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash43996 | Havoc botnet C2 server (confidence level: 100%) | |
hash25314 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash51144 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash61225 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash962 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash58103 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash7706 | PureLogs Stealer botnet C2 server (confidence level: 66%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
hash442 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash42284 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash63285 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5800 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1515 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8848 | DCRat botnet C2 server (confidence level: 100%) | |
hash2376 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash53227 | XWorm botnet C2 server (confidence level: 100%) | |
hash53569 | XWorm botnet C2 server (confidence level: 100%) | |
hash1894 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash5000 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | pupy botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash995 | QakBot botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash9810 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash9696 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash63912 | Quasar RAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainsecurity.flheregurend.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainabersuin.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbooking-en.com | Unknown Loader payload delivery domain (confidence level: 90%) | |
domaindub.polarissonic.biz.id | Vidar botnet C2 domain (confidence level: 75%) | |
domainpnraku.top | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domaindata.utfoundation.net | Havoc botnet C2 domain (confidence level: 100%) | |
domainferrariworldabudhabl.com | Unknown Loader payload delivery domain (confidence level: 90%) | |
domaincdnli.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainhr.lexnational.com | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainroaj1om6hh5dchv0xjudgxtt0fcucdjh.scvhost.click | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainsec.death-angel.shop | Vidar botnet C2 domain (confidence level: 75%) | |
domainawtitipies.fasters.fun | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainhibmarket.help | Cobalt Strike botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file18.209.31.252 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file209.38.214.215 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file193.233.165.232 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file129.211.31.181 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file143.92.37.198 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file143.92.37.204 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file61.182.51.118 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file162.55.195.59 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.5.39 | Havoc botnet C2 server (confidence level: 100%) | |
file138.2.16.164 | DCRat botnet C2 server (confidence level: 100%) | |
file45.149.172.66 | DCRat botnet C2 server (confidence level: 100%) | |
file193.187.91.217 | XWorm botnet C2 server (confidence level: 100%) | |
file195.177.94.248 | XWorm botnet C2 server (confidence level: 100%) | |
file45.137.22.240 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file46.246.14.2 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file46.246.14.2 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file107.172.232.83 | Remcos botnet C2 server (confidence level: 100%) | |
file103.127.125.137 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.19 | XWorm botnet C2 server (confidence level: 100%) | |
file38.55.178.234 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.201.175.92 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file122.51.156.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.218.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file49.40.54.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.71.181.145 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.219.115.58 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.79.200.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.79.200.148 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.125.50.119 | SectopRAT botnet C2 server (confidence level: 100%) | |
file13.55.37.74 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file192.99.4.226 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file60.204.228.237 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file100.28.201.155 | XWorm botnet C2 server (confidence level: 75%) | |
file147.185.221.30 | XenoRAT botnet C2 server (confidence level: 100%) | |
file39.99.155.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file210.16.166.119 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.44.69.134 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file45.204.216.24 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.105.47.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file59.110.18.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.99.75.37 | Remcos botnet C2 server (confidence level: 100%) | |
file45.142.115.8 | Remcos botnet C2 server (confidence level: 100%) | |
file138.197.48.134 | Sliver botnet C2 server (confidence level: 100%) | |
file45.61.137.89 | Sliver botnet C2 server (confidence level: 100%) | |
file101.108.108.68 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file18.171.149.220 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file38.132.122.180 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file34.22.85.55 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file119.167.234.74 | Xtreme RAT botnet C2 server (confidence level: 100%) | |
file139.99.83.25 | ResolverRAT botnet C2 server (confidence level: 66%) | |
file45.74.10.38 | ResolverRAT botnet C2 server (confidence level: 66%) | |
file139.84.153.31 | Havoc botnet C2 server (confidence level: 75%) | |
file139.84.219.109 | Havoc botnet C2 server (confidence level: 75%) | |
file184.162.20.200 | FAKEUPDATES botnet C2 server (confidence level: 75%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file86.98.219.11 | QakBot botnet C2 server (confidence level: 75%) | |
file92.59.62.40 | QakBot botnet C2 server (confidence level: 75%) | |
file95.164.87.88 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file5.180.30.148 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file95.214.54.172 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file198.7.59.110 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file47.105.65.103 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.201.29.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file62.164.177.21 | SectopRAT botnet C2 server (confidence level: 100%) | |
file129.212.189.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.147.140.165 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file206.189.32.112 | Havoc botnet C2 server (confidence level: 100%) | |
file52.10.110.75 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file77.83.207.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file43.135.78.62 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file100.103.49.40 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file100.103.49.40 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file188.37.160.41 | PureLogs Stealer botnet C2 server (confidence level: 66%) | |
file8.210.126.164 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file196.119.69.99 | NjRAT botnet C2 server (confidence level: 100%) | |
file209.141.51.11 | FAKEUPDATES botnet C2 server (confidence level: 100%) | |
file108.187.0.52 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file43.248.172.5 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file108.187.0.52 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file38.38.250.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.95.103.199 | Remcos botnet C2 server (confidence level: 100%) | |
file5.188.86.2 | SectopRAT botnet C2 server (confidence level: 100%) | |
file181.162.134.175 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file23.27.169.64 | DCRat botnet C2 server (confidence level: 100%) | |
file35.87.176.246 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.30 | XWorm botnet C2 server (confidence level: 100%) | |
file45.134.140.68 | XWorm botnet C2 server (confidence level: 100%) | |
file196.251.114.106 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file119.45.120.228 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.134.83.183 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.146.124.198 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.95.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file69.5.189.69 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file118.31.173.19 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.86.44.149 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file154.194.35.243 | DarkComet botnet C2 server (confidence level: 100%) | |
file128.90.106.179 | Remcos botnet C2 server (confidence level: 100%) | |
file209.250.227.127 | pupy botnet C2 server (confidence level: 100%) | |
file43.164.132.15 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.8.122.179 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file103.238.235.157 | MooBot botnet C2 server (confidence level: 100%) | |
file157.230.48.181 | Meterpreter botnet C2 server (confidence level: 100%) | |
file18.169.47.41 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file5.163.120.247 | QakBot botnet C2 server (confidence level: 75%) | |
file54.83.65.155 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file88.232.102.158 | QakBot botnet C2 server (confidence level: 75%) | |
file172.245.112.200 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file120.46.128.236 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file150.158.119.242 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file185.243.41.252 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file147.185.221.30 | Quasar RAT botnet C2 server (confidence level: 100%) |
Threat ID: 689a881dad5a09ad002a6f03
Added to database: 8/12/2025, 12:17:34 AM
Last enriched: 8/12/2025, 12:32:48 AM
Last updated: 8/12/2025, 11:32:33 AM
Views: 5
Related Threats
From ClickFix to Command: A Full PowerShell Attack Chain
MediumNorth Korean Group ScarCruft Expands From Spying to Ransomware Attacks
MediumMedusaLocker ransomware group is looking for pentesters
MediumThreatFox IOCs for 2025-08-10
MediumThreatFox IOCs for 2025-08-09
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.