ThreatFox IOCs for 2025-09-14
Severity: mediumType: malware
ThreatFox IOCs for 2025-09-14
AI Analysis
Technical Summary
The provided information refers to a set of Indicators of Compromise (IOCs) published on 2025-09-14 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or exploit. No affected product versions are listed, and no patches or known exploits in the wild are reported. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis (analysis: 1). The absence of concrete technical details such as attack vectors, payload specifics, or exploitation methods limits the ability to provide a detailed technical breakdown. The nature of the data suggests it is intended for use in threat detection and incident response, providing actionable intelligence to identify malicious activity related to payload delivery and network behavior. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing. Overall, this entry represents a general OSINT-based malware threat intelligence update rather than a direct vulnerability or exploit targeting specific software or hardware.
Potential Impact
For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities against malware-related network activity and payload delivery attempts. Since no specific exploit or vulnerability is described, the direct risk to confidentiality, integrity, or availability is not immediately quantifiable. However, organizations that fail to integrate such threat intelligence into their security monitoring may miss early warning signs of malware campaigns or network intrusions. The medium severity rating suggests a moderate risk level, implying that while the threat is not currently critical, it could facilitate or indicate ongoing or emerging malicious activities. European entities with mature security operations centers (SOCs) and threat intelligence teams can leverage these IOCs to strengthen defenses, whereas less-prepared organizations might face increased exposure to malware infections or data breaches if they do not act on this intelligence.
Mitigation Recommendations
To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enable automated detection and alerting on related malicious activity. 2) Conduct regular network traffic analysis focusing on payload delivery mechanisms and anomalous network behaviors that align with the indicators. 3) Enhance endpoint detection and response (EDR) capabilities to identify and contain malware infections early. 4) Maintain updated threat intelligence feeds and ensure timely dissemination of relevant IOCs to all security teams. 5) Conduct targeted user awareness training emphasizing phishing and social engineering tactics that often serve as initial infection vectors for malware payload delivery. 6) Perform periodic threat hunting exercises using the IOCs to proactively identify potential compromises. These steps go beyond generic advice by emphasizing operational integration of threat intelligence and proactive detection strategies tailored to the nature of the provided data.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- domain: good.tatyziu58.ru
- domain: wow.kuvuboa29.ru
- domain: left.kuvuboa29.ru
- domain: pit.kuvuboa29.ru
- domain: wear.kuvuboa29.ru
- domain: 1-password.pro
- domain: adspower.pro
- domain: clickstime.pro
- domain: ssn-verify.pro
- domain: make.nugawye78.ru
- domain: he.nugawye78.ru
- domain: club.nugawye78.ru
- domain: m.nugawye78.ru
- domain: l.zowyzyi62.ru
- domain: ll.zowyzyi62.ru
- domain: o.zowyzyi62.ru
- domain: sew.zowyzyi62.ru
- domain: y.zowyzyi62.ru
- domain: made.gofumoo29.ru
- domain: ring.gofumoo29.ru
- file: 154.205.9.53
- hash: 8080
- file: 114.132.245.97
- hash: 7001
- file: 108.187.6.165
- hash: 14994
- file: 206.123.152.34
- hash: 33862
- domain: ec2-3-123-17-149.eu-central-1.compute.amazonaws.com
- file: 108.129.219.36
- hash: 4443
- file: 194.87.238.216
- hash: 4444
- file: 157.175.166.224
- hash: 8965
- file: 38.146.28.85
- hash: 4000
- file: 154.36.175.172
- hash: 43211
- url: https://wbm.amajed.com
- domain: wbm.amajed.com
- url: https://wbm.schermgebroken.nl
- domain: wbm.schermgebroken.nl
- domain: o.s7z7r.ru
- domain: c.v6z1q.ru
- file: 147.93.177.187
- hash: 33899
- domain: ba.d3g7t.ru
- domain: av.x8q0h.ru
- domain: aw.s7z7r.ru
- domain: hand.gofumoo29.ru
- file: 107.148.73.198
- hash: 54510
- file: 38.173.17.129
- hash: 54510
- file: 38.173.18.136
- hash: 54510
- file: 38.173.18.138
- hash: 54510
- file: 38.173.18.139
- hash: 54510
- file: 38.173.18.142
- hash: 54510
- file: 38.173.18.146
- hash: 54510
- file: 38.173.18.147
- hash: 54510
- file: 38.173.18.148
- hash: 54510
- file: 38.173.18.151
- hash: 54510
- file: 38.177.169.162
- hash: 54510
- file: 38.177.169.163
- hash: 54510
- file: 38.177.169.165
- hash: 54510
- file: 38.177.169.166
- hash: 54510
- file: 38.177.169.167
- hash: 54510
- file: 38.177.169.169
- hash: 54510
- file: 38.177.169.171
- hash: 54510
- file: 38.177.169.174
- hash: 54510
- file: 38.177.169.175
- hash: 54510
- file: 38.177.169.177
- hash: 54510
- file: 38.177.169.182
- hash: 54510
- file: 38.177.169.184
- hash: 54510
- file: 38.177.169.186
- hash: 54510
- file: 38.177.169.187
- hash: 54510
- file: 38.177.169.188
- hash: 54510
- file: 91.239.78.168
- hash: 8443
- domain: farm.gofumoo29.ru
- file: 82.156.147.52
- hash: 60200
- file: 23.249.28.124
- hash: 14994
- file: 154.205.138.38
- hash: 59999
- file: 91.92.241.142
- hash: 8808
- file: 103.214.112.9
- hash: 7443
- file: 109.73.194.194
- hash: 80
- file: 196.251.116.103
- hash: 443
- domain: static.72.214.69.159.clients.your-server.de
- domain: whonixgateway.online
- file: 211.221.22.165
- hash: 8443
- file: 121.129.79.209
- hash: 8443
- file: 75.97.130.155
- hash: 8443
- file: 36.230.67.188
- hash: 8443
- file: 218.244.138.53
- hash: 80
- file: 123.60.98.77
- hash: 3333
- file: 113.45.226.73
- hash: 3333
- file: 188.68.42.49
- hash: 3333
- file: 128.199.181.172
- hash: 443
- file: 165.227.208.95
- hash: 3333
- file: 124.29.197.223
- hash: 3333
- file: 110.41.37.96
- hash: 8333
- file: 82.180.137.56
- hash: 2083
- file: 34.229.168.99
- hash: 80
- file: 182.253.46.29
- hash: 3333
- file: 157.230.6.44
- hash: 3333
- file: 196.249.195.47
- hash: 443
- file: 16.171.40.219
- hash: 3333
- file: 31.97.57.231
- hash: 2083
- file: 201.192.179.18
- hash: 443
- domain: shy.vudujiu33.ru
- url: https://hoobow.asia/aooz
- url: https://t.me/kalinkaopalsqewe
- domain: but.vudujiu33.ru
- domain: mix.cofidyu58.ru
- file: 73.164.61.28
- hash: 4444
- domain: cover-drove.gl.at.ply.gg
- file: 142.114.132.169
- hash: 5000
- domain: star.cofidyu58.ru
- url: http://114.132.169.168:80/faog
- domain: full.cofidyu58.ru
- file: 91.219.239.56
- hash: 38493
- file: 23.94.255.183
- hash: 7443
- file: 102.117.161.34
- hash: 7443
- file: 104.194.154.39
- hash: 7000
- file: 213.209.157.4
- hash: 1911
- domain: rat.vudujiu33.ru
- url: https://jackaw.asia/xjao
- domain: pancred.qpon
- file: 104.140.154.11
- hash: 30176
- file: 104.140.154.11
- hash: 30221
- file: 104.140.154.110
- hash: 30035
- file: 104.140.154.123
- hash: 30139
- file: 104.140.154.124
- hash: 30035
- file: 104.140.154.124
- hash: 30239
- file: 104.140.154.128
- hash: 30139
- file: 104.140.154.134
- hash: 30123
- file: 104.140.154.138
- hash: 30188
- file: 104.140.154.139
- hash: 30176
- file: 104.140.154.143
- hash: 30158
- file: 104.140.154.148
- hash: 30082
- file: 104.140.154.148
- hash: 30084
- file: 104.140.154.151
- hash: 30112
- file: 104.140.154.154
- hash: 30188
- file: 104.140.154.16
- hash: 30102
- file: 104.140.154.160
- hash: 30082
- file: 104.140.154.165
- hash: 30102
- file: 104.140.154.168
- hash: 30021
- file: 104.140.154.168
- hash: 30102
- file: 104.140.154.171
- hash: 30239
- file: 104.140.154.186
- hash: 30134
- file: 104.140.154.189
- hash: 30035
- file: 104.140.154.195
- hash: 30158
- file: 104.140.154.20
- hash: 30131
- file: 104.140.154.213
- hash: 30081
- file: 104.140.154.214
- hash: 30188
- file: 104.140.154.216
- hash: 30123
- file: 104.140.154.219
- hash: 30139
- file: 104.140.154.220
- hash: 30239
- file: 104.140.154.226
- hash: 30082
- file: 104.140.154.230
- hash: 30176
- file: 104.140.154.231
- hash: 30221
- file: 104.140.154.233
- hash: 30123
- file: 104.140.154.235
- hash: 30239
- file: 104.140.154.235
- hash: 30248
- file: 104.140.154.238
- hash: 30082
- file: 104.140.154.241
- hash: 30081
- file: 104.140.154.242
- hash: 30081
- file: 104.140.154.249
- hash: 30058
- file: 104.140.154.251
- hash: 30102
- file: 104.140.154.26
- hash: 30239
- file: 104.140.154.27
- hash: 30239
- file: 104.140.154.3
- hash: 30058
- file: 104.140.154.3
- hash: 30140
- file: 104.140.154.32
- hash: 30131
- file: 104.140.154.34
- hash: 30139
- file: 104.140.154.36
- hash: 30058
- file: 104.140.154.38
- hash: 30248
- file: 104.140.154.47
- hash: 30021
- file: 104.140.154.47
- hash: 30081
- file: 104.140.154.48
- hash: 30188
- file: 104.140.154.5
- hash: 30239
- file: 104.140.154.61
- hash: 30139
- file: 104.140.154.66
- hash: 30123
- file: 104.140.154.67
- hash: 30139
- file: 104.140.154.68
- hash: 30139
- file: 104.140.154.75
- hash: 30082
- file: 104.140.154.79
- hash: 30112
- file: 104.140.154.8
- hash: 30058
- file: 104.140.154.81
- hash: 30081
- file: 104.140.154.85
- hash: 30239
- file: 104.140.154.90
- hash: 30035
- file: 104.140.154.92
- hash: 30239
- file: 104.140.154.93
- hash: 30058
- file: 104.140.154.99
- hash: 30139
- file: 154.91.231.68
- hash: 8097
- file: 37.107.24.78
- hash: 443
- file: 43.137.165.146
- hash: 10250
- domain: gold.vudujiu33.ru
- domain: genpyb.asia
- url: https://genpyb.asia/qweo
- file: 69.67.172.36
- hash: 4430
- domain: openai-diversifies-with-ai.com
- url: https://openai-diversifies-with-ai.com:6343/gateway/8k9xlxs5.vtcl8
- domain: lot.cofidyu58.ru
- file: 2.58.56.225
- hash: 6343
- file: 178.16.53.236
- hash: 6343
- url: http://178.16.53.243:6343/gateway/3mh6oe84.n0756
- domain: pool.qilaliy87.ru
- url: http://178.128.219.58:8888/supershell/login/
- domain: root.qilaliy87.ru
- domain: let.qilaliy87.ru
- domain: us.qilaliy87.ru
- file: 202.95.16.38
- hash: 808
- file: 202.95.16.54
- hash: 808
- file: 124.71.106.116
- hash: 8111
- domain: past.qilaliy87.ru
- domain: hope.cewyzui61.ru
- url: https://xbm.amajed.com
- domain: xbm.amajed.com
- url: https://xbm.schermgebroken.nl
- domain: xbm.schermgebroken.nl
- url: http://ghetto5f.beget.tech/4ca6eb60.php
- domain: pick.cewyzui61.ru
- file: 147.185.221.223
- hash: 22628
- file: 118.193.45.238
- hash: 80
- file: 23.226.54.63
- hash: 7001
- domain: 223.ip.gl.ply.gg
- domain: killkill.myftp.biz
- domain: cnn9001.duckdns.org
- file: 160.250.133.235
- hash: 2404
- file: 51.222.16.166
- hash: 2405
- file: 167.86.89.37
- hash: 3190
- file: 195.10.205.181
- hash: 8082
- file: 147.45.219.51
- hash: 4449
- file: 137.220.154.104
- hash: 8081
- file: 103.176.197.104
- hash: 53
- file: 103.176.197.104
- hash: 90
- file: 103.176.197.104
- hash: 80
- domain: year.cewyzui61.ru
- domain: pin.cewyzui61.ru
- domain: an.k5b2q.ru
- domain: u.r0z8r.ru
- domain: aa.q1s6c.ru
- domain: au.d3g7t.ru
- domain: madibase.tech
- file: 104.21.70.94
- hash: 8880
- file: 111.230.93.148
- hash: 9001
- file: 159.75.37.212
- hash: 9001
- file: 172.67.222.121
- hash: 8880
- file: 193.112.233.57
- hash: 443
- file: 64.227.126.123
- hash: 8443
- file: 70.51.217.95
- hash: 4444
- domain: p.t4c5d.ru
- url: https://193.233.126.43/gateway/iug4o6dc.wsxon
- url: https://sngrlglpthi.mw/gateway/iug4o6dc.wsxon
- url: https://yletqltdnra.zp/gateway/iug4o6dc.wsxon
- domain: ae.g7r7s.ru
- domain: bd.r3l1x.ru
- file: 104.243.46.66
- hash: 1003
- domain: k.r3l1x.ru
- domain: bg.t4c5d.ru
- url: https://193.233.126.43/gateway/iesm4j25.s4pj7
- url: https://193.23.216.48/gateway/iesm4j25.s4pj7
- url: https://dkqnkaqwyrf.ar/gateway/iesm4j25.s4pj7
- file: 23.226.54.31
- hash: 7001
- file: 69.67.172.242
- hash: 2404
- file: 95.113.133.105
- hash: 7443
- domain: jeu60.dedyn.io
- file: 91.200.220.136
- hash: 8080
- file: 154.83.211.77
- hash: 65503
- file: 137.220.154.120
- hash: 8081
- url: http://eyota.com.sg/a2z/panelnew/gate.php
- url: https://tra.amajed.com
- domain: tra.amajed.com
- url: https://tra.schermgebroken.nl
- domain: tra.schermgebroken.nl
- file: 185.34.101.217
- hash: 6000
- file: 101.32.182.151
- hash: 3266
- file: 150.241.116.6
- hash: 42873
- file: 91.200.220.136
- hash: 8081
- domain: wso-50081.portmap.host
- file: 218.50.136.74
- hash: 30
- file: 218.50.136.74
- hash: 9999
- domain: costs-na.gl.at.ply.gg
- domain: gta5.servegame.com
- url: https://rhusdniw.shop/teyg
- file: 101.32.182.151
- hash: 3277
- file: 101.32.182.151
- hash: 3288
- domain: incocrrm.shop
- domain: constkj.shop
- domain: mannewd.shop
- domain: vitambio.shop
- domain: bazttlew.shop
- domain: rhusdniw.shop
- domain: flnsyfb.qpon
- domain: blackrz.shop
- domain: fissiklo.shop
- domain: scombxu.shop
- file: 45.196.234.130
- hash: 443
- file: 128.199.248.213
- hash: 8081
- file: 43.139.146.100
- hash: 80
- file: 23.226.54.38
- hash: 7001
- file: 23.254.250.11
- hash: 2707
- file: 196.251.116.98
- hash: 2404
- file: 146.70.67.58
- hash: 6513
- file: 108.61.217.205
- hash: 53
- file: 45.59.122.64
- hash: 443
- file: 149.104.28.64
- hash: 8888
- file: 185.231.227.245
- hash: 8808
- file: 38.54.13.61
- hash: 8808
- file: 185.196.11.223
- hash: 111
- file: 102.117.164.172
- hash: 7443
- file: 194.12.8.26
- hash: 7443
- file: 213.111.157.235
- hash: 7443
- domain: webmail.146-190-137-132.cprapid.com
- file: 74.48.140.110
- hash: 8082
- file: 2.58.84.249
- hash: 8080
- file: 147.185.221.31
- hash: 48580
- file: 37.60.241.145
- hash: 80
- file: 38.45.123.74
- hash: 9000
- file: 104.140.154.108
- hash: 30158
- file: 113.240.86.32
- hash: 10250
- file: 38.211.230.5
- hash: 443
- file: 38.211.230.5
- hash: 5985
- file: 75.2.11.125
- hash: 8129
- url: https://dpi.amajed.com
- domain: dpi.amajed.com
- url: https://dpi.schermgebroken.nl
- domain: dpi.schermgebroken.nl
- file: 91.238.123.36
- hash: 6000
- file: 42.51.34.56
- hash: 8011
ThreatFox IOCs for 2025-09-14
Medium
Published: Sun Sep 14 2025 (09/14/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-09-14
AI-Powered Analysis
AILast updated: 09/15/2025, 00:32:24 UTC
Technical Analysis
The provided information refers to a set of Indicators of Compromise (IOCs) published on 2025-09-14 by the ThreatFox MISP Feed, categorized under malware with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. The data appears to be a collection of threat intelligence indicators rather than a description of a specific malware variant or exploit. No affected product versions are listed, and no patches or known exploits in the wild are reported. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (distribution: 3) and minimal analysis (analysis: 1). The absence of concrete technical details such as attack vectors, payload specifics, or exploitation methods limits the ability to provide a detailed technical breakdown. The nature of the data suggests it is intended for use in threat detection and incident response, providing actionable intelligence to identify malicious activity related to payload delivery and network behavior. The TLP (Traffic Light Protocol) white tag indicates that the information is intended for unrestricted sharing. Overall, this entry represents a general OSINT-based malware threat intelligence update rather than a direct vulnerability or exploit targeting specific software or hardware.
Potential Impact
For European organizations, the impact of this threat intelligence update is primarily in enhancing situational awareness and improving detection capabilities against malware-related network activity and payload delivery attempts. Since no specific exploit or vulnerability is described, the direct risk to confidentiality, integrity, or availability is not immediately quantifiable. However, organizations that fail to integrate such threat intelligence into their security monitoring may miss early warning signs of malware campaigns or network intrusions. The medium severity rating suggests a moderate risk level, implying that while the threat is not currently critical, it could facilitate or indicate ongoing or emerging malicious activities. European entities with mature security operations centers (SOCs) and threat intelligence teams can leverage these IOCs to strengthen defenses, whereas less-prepared organizations might face increased exposure to malware infections or data breaches if they do not act on this intelligence.
Mitigation Recommendations
To effectively mitigate risks associated with this threat intelligence, European organizations should: 1) Integrate the provided IOCs into existing security information and event management (SIEM) systems and intrusion detection/prevention systems (IDS/IPS) to enable automated detection and alerting on related malicious activity. 2) Conduct regular network traffic analysis focusing on payload delivery mechanisms and anomalous network behaviors that align with the indicators. 3) Enhance endpoint detection and response (EDR) capabilities to identify and contain malware infections early. 4) Maintain updated threat intelligence feeds and ensure timely dissemination of relevant IOCs to all security teams. 5) Conduct targeted user awareness training emphasizing phishing and social engineering tactics that often serve as initial infection vectors for malware payload delivery. 6) Perform periodic threat hunting exercises using the IOCs to proactively identify potential compromises. These steps go beyond generic advice by emphasizing operational integration of threat intelligence and proactive detection strategies tailored to the nature of the provided data.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 16af8b93-c6b2-4c08-8918-dda92fc48b25
- Original Timestamp
- 1757894586
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaingood.tatyziu58.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwow.kuvuboa29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainleft.kuvuboa29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpit.kuvuboa29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwear.kuvuboa29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1-password.pro | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainadspower.pro | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainclickstime.pro | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainssn-verify.pro | Unknown Loader payload delivery domain (confidence level: 90%) | |
domainmake.nugawye78.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhe.nugawye78.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclub.nugawye78.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm.nugawye78.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl.zowyzyi62.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainll.zowyzyi62.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino.zowyzyi62.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsew.zowyzyi62.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy.zowyzyi62.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmade.gofumoo29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainring.gofumoo29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainec2-3-123-17-149.eu-central-1.compute.amazonaws.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainwbm.amajed.com | Vidar botnet C2 domain (confidence level: 75%) | |
domainwbm.schermgebroken.nl | Vidar botnet C2 domain (confidence level: 75%) | |
domaino.s7z7r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc.v6z1q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainba.d3g7t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainav.x8q0h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaw.s7z7r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhand.gofumoo29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfarm.gofumoo29.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstatic.72.214.69.159.clients.your-server.de | Nimplant botnet C2 domain (confidence level: 100%) | |
domainwhonixgateway.online | Nimplant botnet C2 domain (confidence level: 100%) | |
domainshy.vudujiu33.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbut.vudujiu33.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmix.cofidyu58.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincover-drove.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainstar.cofidyu58.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfull.cofidyu58.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrat.vudujiu33.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpancred.qpon | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingold.vudujiu33.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingenpyb.asia | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainopenai-diversifies-with-ai.com | Rhadamanthys botnet C2 domain (confidence level: 100%) | |
domainlot.cofidyu58.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpool.qilaliy87.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainroot.qilaliy87.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlet.qilaliy87.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainus.qilaliy87.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpast.qilaliy87.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhope.cewyzui61.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxbm.amajed.com | Vidar botnet C2 domain (confidence level: 75%) | |
domainxbm.schermgebroken.nl | Vidar botnet C2 domain (confidence level: 75%) | |
domainpick.cewyzui61.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain223.ip.gl.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainkillkill.myftp.biz | XWorm botnet C2 domain (confidence level: 100%) | |
domaincnn9001.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainyear.cewyzui61.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpin.cewyzui61.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainan.k5b2q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu.r0z8r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaa.q1s6c.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainau.d3g7t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmadibase.tech | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainp.t4c5d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainae.g7r7s.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbd.r3l1x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink.r3l1x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbg.t4c5d.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjeu60.dedyn.io | Havoc botnet C2 domain (confidence level: 100%) | |
domaintra.amajed.com | Vidar botnet C2 domain (confidence level: 75%) | |
domaintra.schermgebroken.nl | Vidar botnet C2 domain (confidence level: 75%) | |
domainwso-50081.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaincosts-na.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domaingta5.servegame.com | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainincocrrm.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainconstkj.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmannewd.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvitambio.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbazttlew.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainrhusdniw.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainflnsyfb.qpon | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainblackrz.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfissiklo.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscombxu.shop | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainwebmail.146-190-137-132.cprapid.com | Hook botnet C2 domain (confidence level: 100%) | |
domaindpi.amajed.com | Vidar botnet C2 domain (confidence level: 75%) | |
domaindpi.schermgebroken.nl | Vidar botnet C2 domain (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file154.205.9.53 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.132.245.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.187.6.165 | Ghost RAT botnet C2 server (confidence level: 100%) | |
file206.123.152.34 | Remcos botnet C2 server (confidence level: 100%) | |
file108.129.219.36 | Havoc botnet C2 server (confidence level: 100%) | |
file194.87.238.216 | DCRat botnet C2 server (confidence level: 100%) | |
file157.175.166.224 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file38.146.28.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file154.36.175.172 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file147.93.177.187 | XWorm botnet C2 server (confidence level: 100%) | |
file107.148.73.198 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.17.129 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.136 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.138 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.139 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.142 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.147 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.148 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.173.18.151 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.162 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.163 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.165 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.166 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.167 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.169 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.171 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.174 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.175 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.177 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.182 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.184 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.186 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.187 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file38.177.169.188 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file91.239.78.168 | Meterpreter botnet C2 server (confidence level: 75%) | |
file82.156.147.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.249.28.124 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file154.205.138.38 | Sliver botnet C2 server (confidence level: 90%) | |
file91.92.241.142 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file103.214.112.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.73.194.194 | Hook botnet C2 server (confidence level: 100%) | |
file196.251.116.103 | Venom RAT botnet C2 server (confidence level: 100%) | |
file211.221.22.165 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.129.79.209 | Unknown malware botnet C2 server (confidence level: 100%) | |
file75.97.130.155 | Unknown malware botnet C2 server (confidence level: 100%) | |
file36.230.67.188 | Unknown malware botnet C2 server (confidence level: 100%) | |
file218.244.138.53 | Unknown malware botnet C2 server (confidence level: 100%) | |
file123.60.98.77 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.45.226.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file188.68.42.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.199.181.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.227.208.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file124.29.197.223 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.41.37.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.180.137.56 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.229.168.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file182.253.46.29 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.230.6.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.249.195.47 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.40.219 | Unknown malware botnet C2 server (confidence level: 100%) | |
file31.97.57.231 | Unknown malware botnet C2 server (confidence level: 100%) | |
file201.192.179.18 | QakBot botnet C2 server (confidence level: 100%) | |
file73.164.61.28 | XWorm botnet C2 server (confidence level: 100%) | |
file142.114.132.169 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file91.219.239.56 | XWorm botnet C2 server (confidence level: 100%) | |
file23.94.255.183 | Unknown malware botnet C2 server (confidence level: 100%) | |
file102.117.161.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file104.194.154.39 | DCRat botnet C2 server (confidence level: 100%) | |
file213.209.157.4 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file104.140.154.11 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.11 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.110 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.124 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.124 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.128 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.134 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.138 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.143 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.148 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.148 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.151 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.154 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.16 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.160 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.165 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.168 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.168 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.171 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.186 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.189 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.195 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.20 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.213 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.214 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.216 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.219 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.220 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.226 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.230 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.231 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.233 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.235 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.235 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.238 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.241 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.242 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.249 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.251 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.26 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.27 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.3 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.3 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.32 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.34 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.36 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.38 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.47 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.47 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.48 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.5 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.61 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.66 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.67 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.68 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.75 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.79 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.8 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.81 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.85 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.90 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.92 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.93 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.154.99 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file154.91.231.68 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file37.107.24.78 | QakBot botnet C2 server (confidence level: 75%) | |
file43.137.165.146 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file69.67.172.36 | Unknown malware botnet C2 server (confidence level: 75%) | |
file2.58.56.225 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file178.16.53.236 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file202.95.16.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file202.95.16.54 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file124.71.106.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file147.185.221.223 | XWorm botnet C2 server (confidence level: 100%) | |
file118.193.45.238 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.54.63 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file160.250.133.235 | Remcos botnet C2 server (confidence level: 100%) | |
file51.222.16.166 | Remcos botnet C2 server (confidence level: 100%) | |
file167.86.89.37 | Remcos botnet C2 server (confidence level: 100%) | |
file195.10.205.181 | Hook botnet C2 server (confidence level: 100%) | |
file147.45.219.51 | Venom RAT botnet C2 server (confidence level: 100%) | |
file137.220.154.104 | DCRat botnet C2 server (confidence level: 100%) | |
file103.176.197.104 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.176.197.104 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.176.197.104 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file104.21.70.94 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file111.230.93.148 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file159.75.37.212 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file172.67.222.121 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file193.112.233.57 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file64.227.126.123 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file70.51.217.95 | Meterpreter botnet C2 server (confidence level: 75%) | |
file104.243.46.66 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file23.226.54.31 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file69.67.172.242 | Remcos botnet C2 server (confidence level: 100%) | |
file95.113.133.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.200.220.136 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file154.83.211.77 | DCRat botnet C2 server (confidence level: 100%) | |
file137.220.154.120 | DCRat botnet C2 server (confidence level: 100%) | |
file185.34.101.217 | XWorm botnet C2 server (confidence level: 75%) | |
file101.32.182.151 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file150.241.116.6 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file91.200.220.136 | XWorm botnet C2 server (confidence level: 100%) | |
file218.50.136.74 | XWorm botnet C2 server (confidence level: 100%) | |
file218.50.136.74 | XWorm botnet C2 server (confidence level: 100%) | |
file101.32.182.151 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file101.32.182.151 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file45.196.234.130 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file128.199.248.213 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.139.146.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.226.54.38 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.254.250.11 | Remcos botnet C2 server (confidence level: 100%) | |
file196.251.116.98 | Remcos botnet C2 server (confidence level: 100%) | |
file146.70.67.58 | Remcos botnet C2 server (confidence level: 100%) | |
file108.61.217.205 | pupy botnet C2 server (confidence level: 100%) | |
file45.59.122.64 | Sliver botnet C2 server (confidence level: 100%) | |
file149.104.28.64 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.231.227.245 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file38.54.13.61 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.196.11.223 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file102.117.164.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file194.12.8.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file213.111.157.235 | Unknown malware botnet C2 server (confidence level: 100%) | |
file74.48.140.110 | Hook botnet C2 server (confidence level: 100%) | |
file2.58.84.249 | Venom RAT botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | Venom RAT botnet C2 server (confidence level: 100%) | |
file37.60.241.145 | MooBot botnet C2 server (confidence level: 100%) | |
file38.45.123.74 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file104.140.154.108 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file113.240.86.32 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file38.211.230.5 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file38.211.230.5 | DOPLUGS botnet C2 server (confidence level: 100%) | |
file75.2.11.125 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file91.238.123.36 | XWorm botnet C2 server (confidence level: 100%) | |
file42.51.34.56 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 100%) | |
hash33862 | Remcos botnet C2 server (confidence level: 100%) | |
hash4443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4444 | DCRat botnet C2 server (confidence level: 100%) | |
hash8965 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash43211 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash33899 | XWorm botnet C2 server (confidence level: 100%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash54510 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash60200 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash14994 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash59999 | Sliver botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2083 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | QakBot botnet C2 server (confidence level: 100%) | |
hash4444 | XWorm botnet C2 server (confidence level: 100%) | |
hash5000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash38493 | XWorm botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7000 | DCRat botnet C2 server (confidence level: 100%) | |
hash1911 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash30176 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30221 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30035 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30035 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30176 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30158 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30082 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30084 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30112 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30082 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30021 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30134 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30035 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30158 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30131 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30081 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30082 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30176 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30221 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30248 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30082 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30081 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30081 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30058 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30058 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30140 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30131 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30058 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30248 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30021 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30081 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30188 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30123 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30082 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30112 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30058 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30081 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30035 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30239 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30058 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30139 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8097 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4430 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash6343 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash6343 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash808 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash808 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8111 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash22628 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2405 | Remcos botnet C2 server (confidence level: 100%) | |
hash3190 | Remcos botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash8081 | DCRat botnet C2 server (confidence level: 100%) | |
hash53 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash90 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash9001 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash9001 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash1003 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash65503 | DCRat botnet C2 server (confidence level: 100%) | |
hash8081 | DCRat botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 75%) | |
hash3266 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash42873 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash8081 | XWorm botnet C2 server (confidence level: 100%) | |
hash30 | XWorm botnet C2 server (confidence level: 100%) | |
hash9999 | XWorm botnet C2 server (confidence level: 100%) | |
hash3277 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3288 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2707 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash6513 | Remcos botnet C2 server (confidence level: 100%) | |
hash53 | pupy botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash111 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash8080 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash48580 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash9000 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash30158 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash5985 | DOPLUGS botnet C2 server (confidence level: 100%) | |
hash8129 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8011 | Cobalt Strike botnet C2 server (confidence level: 75%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://wbm.amajed.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://wbm.schermgebroken.nl | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://hoobow.asia/aooz | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://t.me/kalinkaopalsqewe | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://114.132.169.168:80/faog | Cobalt Strike botnet C2 (confidence level: 75%) | |
urlhttps://jackaw.asia/xjao | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://genpyb.asia/qweo | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://openai-diversifies-with-ai.com:6343/gateway/8k9xlxs5.vtcl8 | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttp://178.16.53.243:6343/gateway/3mh6oe84.n0756 | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttp://178.128.219.58:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://xbm.amajed.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://xbm.schermgebroken.nl | Vidar botnet C2 (confidence level: 75%) | |
urlhttp://ghetto5f.beget.tech/4ca6eb60.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttps://193.233.126.43/gateway/iug4o6dc.wsxon | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://sngrlglpthi.mw/gateway/iug4o6dc.wsxon | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://yletqltdnra.zp/gateway/iug4o6dc.wsxon | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://193.233.126.43/gateway/iesm4j25.s4pj7 | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://193.23.216.48/gateway/iesm4j25.s4pj7 | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttps://dkqnkaqwyrf.ar/gateway/iesm4j25.s4pj7 | Rhadamanthys botnet C2 (confidence level: 100%) | |
urlhttp://eyota.com.sg/a2z/panelnew/gate.php | Pony botnet C2 (confidence level: 100%) | |
urlhttps://tra.amajed.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://tra.schermgebroken.nl | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://rhusdniw.shop/teyg | Lumma Stealer botnet C2 (confidence level: 100%) | |
urlhttps://dpi.amajed.com | Vidar botnet C2 (confidence level: 75%) | |
urlhttps://dpi.schermgebroken.nl | Vidar botnet C2 (confidence level: 75%) |
Threat ID: 68c75b0539776bc2a146757f
Added to database: 9/15/2025, 12:17:09 AM
Last enriched: 9/15/2025, 12:32:24 AM
Last updated: 9/15/2025, 12:35:20 PM
Views: 6
Related Threats
ThreatFox IOCs for 2025-09-13
MediumMalwareSun Sep 14 2025
ThreatFox IOCs for 2025-09-12
MediumMalwareSat Sep 13 2025
Yurei the New Ransomware Group on the Scene
MediumMalwareFri Sep 12 2025
Deconstructing a Cyber Deception: An Analysis of the Clickfix HijackLoader Phishing Campaign
MediumMalwareFri Sep 12 2025
SEO Poisoning Attack Hits Windows Users With Hiddengh0st and Winos Malware
MediumMalwareFri Sep 12 2025
Actions
PRO
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.