Reconnecting to live updates…
ThreatFox IOCs for 2025-11-02
Severity: mediumType: malware
ThreatFox IOCs for 2025-11-02
AI Analysis
Technical Summary
The threat information corresponds to a set of Indicators of Compromise (IOCs) published by ThreatFox on November 2, 2025, categorized under malware with a focus on OSINT, network activity, and payload delivery. The data lacks specific affected software versions and does not include detailed technical indicators or exploit mechanisms. The absence of patches or known exploits in the wild indicates that this is an intelligence feed update rather than a description of an active or emerging exploit. The threat level is rated medium, reflecting moderate concern primarily due to the potential for payload delivery and network activity associated with malware campaigns. The technical details provided are minimal, with a threat level of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting limited but notable distribution. The lack of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to perform a deep technical analysis or attribute the threat to specific malware families or attack vectors. Overall, this entry appears to be a general OSINT-based malware threat intelligence update, useful for situational awareness but not indicative of an immediate, exploitable vulnerability or active campaign.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known exploits or specific affected systems. However, the presence of malware-related IOCs focusing on network activity and payload delivery suggests potential risks if such malware campaigns were to materialize or evolve. Organizations relying heavily on OSINT tools or those with complex network infrastructures could face risks related to malware infiltration or lateral movement if these IOCs correspond to emerging threats. The medium severity rating implies that while immediate disruption or data compromise is unlikely, there is a moderate risk that could escalate if the threat actors develop active exploits. The lack of patches or mitigation details means organizations must rely on proactive detection and response capabilities. In the European context, sectors such as finance, critical infrastructure, and government agencies, which are frequent targets of malware campaigns, should maintain heightened awareness and integrate these IOCs into their threat detection frameworks to preempt potential attacks.
Mitigation Recommendations
Given the nature of this threat as an OSINT-based malware IOC update without specific exploits or patches, mitigation should focus on enhancing detection and response capabilities. Organizations should integrate the ThreatFox IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to improve visibility of potential malicious network activity and payload delivery attempts. Network segmentation and strict access controls can limit the impact of any malware that attempts lateral movement. Regular threat intelligence sharing and collaboration with industry peers and national cybersecurity centers will help contextualize these IOCs and identify emerging threats early. Additionally, organizations should conduct regular network traffic analysis to detect anomalies and employ behavioral analytics to identify suspicious payload delivery patterns. Employee training on recognizing phishing and social engineering attempts remains critical to prevent initial infection vectors. Finally, maintaining up-to-date backups and incident response plans ensures readiness in case of malware incidents.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- file: 107.149.142.35
- hash: 8888
- file: 196.251.88.188
- hash: 7707
- domain: login.relatec.it.com
- file: 197.5.192.204
- hash: 443
- file: 168.231.116.237
- hash: 80
- domain: ccpwnews.com
- file: 116.49.85.177
- hash: 8443
- file: 172.245.253.163
- hash: 3333
- file: 45.77.246.213
- hash: 8080
- file: 196.251.116.2
- hash: 2404
- file: 93.113.98.22
- hash: 80
- file: 181.162.147.189
- hash: 8080
- file: 86.54.42.245
- hash: 11371
- file: 79.241.96.82
- hash: 81
- file: 196.74.207.31
- hash: 2222
- file: 154.19.37.38
- hash: 4444
- file: 41.38.104.163
- hash: 8081
- domain: w1.7n28r.ru
- domain: r1n8k.mjg1.online
- domain: s.zms-u.ru
- domain: p3zy.y8-8.online
- domain: h1.zms-u.ru
- domain: v3.zms-u.ru
- domain: p.595-1.ru
- domain: j8q2.mjg1.online
- domain: c8.595-1.ru
- domain: 1m.595-1.ru
- domain: u0v4t.mjg1.online
- domain: q8m2.y8-8.online
- domain: d.wlh84.ru
- domain: q2.wlh84.ru
- domain: n0aq.y8-8.online
- domain: x.wlh84.ru
- domain: h5c7.mjg1.online
- domain: rr.33b2.ru
- domain: b2y6.8786.online
- domain: 8a.u-v9.ru
- domain: se3.t4mo.ru
- domain: cqi.ki8n.ru
- domain: d4m9q.8786.online
- file: 89.35.130.116
- hash: 35769
- domain: check-here.duckdns.org
- domain: t2kc.1yjp.online
- domain: 6c.e-dx.ru
- domain: g6u.m2la.ru
- domain: k1s7.8786.online
- domain: zny.wi7e.ru
- domain: 3r7.77-6.ru
- domain: w8j3.8786.online
- domain: q8x.q3lo.ru
- domain: v1q0.1yjp.online
- domain: 0h.ru7x.ru
- file: 182.16.98.83
- hash: 8011
- domain: s11.3-5y.ru
- domain: x0t5n.8786.online
- domain: v2l.be3q.ru
- domain: ih.fe9v.ru
- domain: k7yb.1yjp.online
- domain: z3h1.op-76.online
- domain: 0k.18yk.ru
- domain: u5.ve1p.ru
- file: 149.104.26.16
- hash: 443
- file: 108.174.199.100
- hash: 2404
- file: 129.212.186.153
- hash: 8088
- file: 68.218.67.213
- hash: 7443
- domain: a5w9t.op-76.online
- file: 3.135.204.155
- hash: 443
- file: 103.236.72.41
- hash: 88
- file: 18.212.228.47
- hash: 1098
- file: 2.57.241.239
- hash: 993
- domain: 0w.da5y.ru
- domain: q2.5-rt.ru
- domain: m2q8.op-76.online
- domain: v2q.y8-8.ru
- domain: e9n4k.op-76.online
- domain: qh.crju.ru
- domain: ttz.op76.ru
- domain: t0y6.op-76.online
- domain: ak.1yjp.ru
- domain: 8ls.1z57.ru
- domain: uq.zo6r.ru
- domain: hosting-concepts.gl.at.ply.gg
- domain: park-cayman.gl.at.ply.gg
- file: 176.65.148.254
- hash: 7000
- domain: based-ratios.gl.at.ply.gg
- domain: q7m3a.p0k61h.ru
- domain: 1kl.xa9t.ru
- domain: dn.33b2.ru
- domain: v2k9.p0k61h.ru
- domain: 3ch.u-v9.ru
- domain: h2k.4-4gy.ru
- domain: v7.t4mo.ru
- domain: z8r1d.p0k61h.ru
- domain: p6.89atr.ru
- domain: v0s.ki8n.ru
- domain: t5bx0.p0k61h.ru
- domain: hi.e-dx.ru
- domain: t0.m2la.ru
- domain: m4ny.p0k61h.ru
- domain: zq1.89atr.ru
- domain: m5n.wi7e.ru
- domain: c1pze.98g-bj.ru
- domain: m4n.89atr.ru
- domain: jjl.77-6.ru
- domain: b3m.q3lo.ru
- domain: b0.ru7x.ru
- domain: y9t3.98g-bj.ru
- domain: 6n.3-5y.ru
- file: 101.99.76.21
- hash: 7000
- file: 13.201.46.83
- hash: 2761
- file: 168.245.201.68
- hash: 3790
- domain: v0g.be3q.ru
- domain: 88.fe9v.ru
- domain: sh.18yk.ru
- domain: n5rqa.98g-bj.ru
- domain: mde.ve1p.ru
- domain: a3z.tgmop.ru
- file: 182.30.30.154
- hash: 443
- domain: bo.da5y.ru
- domain: g2x7m.98g-bj.ru
- domain: k2w0.tgmop.ru
- domain: 2fr.5-rt.ru
- domain: dl.y8-8.ru
- domain: h0w4.98g-bj.ru
- domain: 60.crju.ru
- domain: q.tgmop.ru
- domain: tp.op76.ru
- domain: m5we2.v4-z.online
- domain: 8s.1yjp.ru
- domain: c9la.v4-z.online
- domain: 7c7.1z57.ru
- domain: gle.zo6r.ru
- domain: s1.k-8ip.ru
- domain: sw.xa9t.ru
- file: 193.111.248.202
- hash: 3778
- domain: h4qpn.v4-z.online
- domain: wy.33b2.ru
- domain: 8v.u-v9.ru
- domain: c0z7.k-8ip.ru
- domain: 7t.t4mo.ru
- domain: n.k-8ip.ru
- domain: xc.ki8n.ru
- domain: pzk6.139z.online
- domain: u1.e-dx.ru
- domain: a3vnt.139z.online
- file: 41.143.6.3
- hash: 81
- file: 45.42.141.135
- hash: 25565
- file: 5.129.26.33
- hash: 8443
- file: 93.127.200.245
- hash: 3333
- file: 113.45.252.127
- hash: 3333
- file: 72.61.145.143
- hash: 8080
- domain: 9yg.m2la.ru
- domain: y9bm.139z.online
- domain: 4p2.wi7e.ru
- domain: g4m.6x-3z.ru
- domain: pf4.77-6.ru
- domain: u0b9.6x-3z.ru
- domain: 2x7.q3lo.ru
- domain: k7v1.6x-3z.ru
- domain: c0.ru7x.ru
- domain: 20.3-5y.ru
- file: 43.139.231.249
- hash: 443
- domain: administration-montreal.gl.at.ply.gg
- file: 102.96.149.50
- hash: 443
- file: 13.53.40.179
- hash: 80
- file: 137.175.73.149
- hash: 3878
- domain: p3q.6x-3z.ru
- domain: 42.be3q.ru
- domain: lz.fe9v.ru
- domain: f2x8m.yw9a.online
- domain: eo.18yk.ru
- domain: s1l.ve1p.ru
- domain: p9kr.yw9a.online
- domain: ygz.da5y.ru
- domain: amo.5-rt.ru
- domain: v3d7.yw9a.online
- domain: nn.y8-8.ru
- domain: q1me4.yw9a.online
- domain: 0n.crju.ru
- domain: u0.op76.ru
- domain: mm.1yjp.ru
- domain: 17.1z57.ru
- domain: g0sqa.139z.online
- url: https://penstjn.lat/api
- domain: cadujb.lat
- domain: extermz.lat
- domain: newmadp.mom
- domain: mexicaq.lat
- domain: lethali.mom
- domain: penstjn.lat
- domain: scapev.mom
- domain: genusal.lat
- domain: grownuc.lat
- domain: secondp.lat
- domain: backchv.lat
- domain: manualc.lat
- domain: feathej.lat
- domain: genuslu.lat
- domain: pozsonz.lat
- domain: loadupm.lat
- file: 31.40.204.127
- hash: 1671
- file: 84.38.129.67
- hash: 6976
- file: 5.78.65.60
- hash: 6000
- file: 27.124.9.40
- hash: 5000
- file: 31.57.147.229
- hash: 63000
- file: 45.141.215.68
- hash: 6000
- file: 45.149.153.218
- hash: 100
- file: 62.72.45.68
- hash: 7000
- file: 103.42.30.157
- hash: 8899
- file: 103.75.183.233
- hash: 1177
- domain: 2iw.zo6r.ru
- file: 112.213.110.204
- hash: 1586
- file: 160.30.45.246
- hash: 7000
- file: 185.254.99.174
- hash: 6000
- file: 217.154.249.35
- hash: 2323
- domain: n6tr.139z.online
- file: 23.26.237.237
- hash: 443
- domain: qb.xa9t.ru
- file: 217.156.67.140
- hash: 5888
- file: 64.188.91.232
- hash: 443
- domain: r4yq.9r3s.online
- file: 91.92.241.235
- hash: 443
- domain: k4m8.h-3t.online
- domain: py.33b2.ru
- domain: s2q1n.h-3t.online
- domain: n0fp.9r3s.online
- file: 139.9.66.46
- hash: 7777
- domain: tc.u-v9.ru
- domain: y1.t4mo.ru
- domain: 2on.ki8n.ru
- domain: h3l8.9r3s.online
- domain: w7r0.h-3t.online
- domain: ng.e-dx.ru
- domain: j5aw9.9r3s.online
- domain: 6a.m2la.ru
- domain: e9tva.h-3t.online
- domain: m9p.wi7e.ru
- domain: fs.77-6.ru
- domain: b3x9.h-3t.online
- file: 191.101.130.68
- hash: 8808
- domain: www.srv1061577.hstgr.cloud
- file: 51.85.32.254
- hash: 4444
- file: 196.75.164.238
- hash: 2222
- file: 98.84.133.213
- hash: 37146
- domain: rw.q3lo.ru
- file: 212.68.34.175
- hash: 3778
- file: 103.163.118.111
- hash: 3778
- domain: j1p7q.b6je.online
- domain: dqb.ru7x.ru
- domain: d6qa.j935.online
- domain: gg6.3-5y.ru
- domain: z6n4.b6je.online
- domain: cjq.be3q.ru
- domain: t0k3.b6je.online
- domain: ki.fe9v.ru
- file: 91.92.242.81
- hash: 43658
- file: 194.156.79.79
- hash: 55615
- file: 178.22.24.175
- hash: 4449
- file: 194.163.136.13
- hash: 1912
- domain: iq.18yk.ru
- domain: b4tr.j935.online
- domain: j68.ve1p.ru
- domain: m9qla.b6je.online
- domain: d4.da5y.ru
- file: 144.31.72.240
- hash: 1543
- domain: bz.5-rt.ru
- domain: r5yd.b6je.online
- domain: xo.y8-8.ru
- domain: w1v9.j935.online
- domain: comtedo.lat
- domain: pressot.lat
- domain: affairu.lat
- domain: anunnbj.lat
- domain: a0.crju.ru
- domain: c8v2.q3lo.online
- domain: 8b.op76.ru
- domain: y3kx.j935.online
- file: 147.185.221.212
- hash: 4770
- domain: cash-clearly.gl.at.ply.gg
- domain: virtual-conjunction.gl.at.ply.gg
- domain: cash-mae.gl.at.ply.gg
- domain: pop-experimental.gl.at.ply.gg
- file: 170.205.31.236
- hash: 4222
- domain: hair-gale.gl.at.ply.gg
- domain: 99898nffa.duckdns.org
- url: http://mi.huffproofs.com
- file: 87.106.28.161
- hash: 7777
- domain: below-artificial.gl.at.ply.gg
- domain: nf.1yjp.ru
- domain: arkanix.pw
- domain: u7.1z57.ru
- domain: g5zx.9-88.online
- domain: x1zpn.q3lo.online
- domain: dd.zo6r.ru
- url: http://64.188.98.71/api/ytasodasodasytisytasodmsogqsotysnjusodis
- domain: 2ro.xa9t.ru
- file: 129.21.38.217
- hash: 10250
- domain: 1n.33b2.ru
- domain: d7m0.q3lo.online
- file: 52.86.100.145
- hash: 443
- domain: mcb.u-v9.ru
- domain: a9.t4mo.ru
- domain: u4r9.q3lo.online
- domain: gd.ki8n.ru
- domain: p3kqa.q3lo.online
- domain: 80n.e-dx.ru
- domain: h2w8.no4s.online
- domain: oz.m2la.ru
- file: 157.20.182.18
- hash: 1990
- file: 157.20.182.18
- hash: 2002
- domain: k2hf.9-88.online
- domain: obi.wi7e.ru
- domain: a7ny.9-88.online
- domain: y0s3n.no4s.online
- domain: 10f.77-6.ru
- domain: u4j9.9-88.online
- domain: rl1.q3lo.ru
- file: 43.138.15.154
- hash: 443
- file: 47.104.158.207
- hash: 80
- file: 38.89.139.179
- hash: 2404
- domain: g5t9.no4s.online
- domain: 91u.ru7x.ru
- url: http://939870cm.nyash.es/packetgeoprocessuploads.php
- domain: a3.3-5y.ru
- domain: n3qla.no4s.online
- domain: kzg.be3q.ru
- domain: de7.fe9v.ru
- domain: e9rm2.9-88.online
- domain: ph.18yk.ru
- domain: a8vd.no4s.online
- domain: rd7.ve1p.ru
- domain: ivs.da5y.ru
- domain: t3xq.m2la.online
- domain: vc.5-rt.ru
- domain: z1wb.m2la.online
- domain: 53.y8-8.ru
- domain: ew3.crju.ru
- domain: x7m.op76.ru
- domain: p6dv.m2la.online
- domain: uvu.1yjp.ru
- domain: o9.1z57.ru
- domain: lj.zo6r.ru
- domain: v2k7.ha0m.online
- domain: c5n3.m2la.online
- domain: 9ht.xa9t.ru
- domain: r1m8q.ha0m.online
- domain: ent.33b2.ru
- url: http://aaaaakkkkkii.life/providervideosecuregeneratoruniversal.php
- domain: q7je.ve1p.online
- domain: jq.u-v9.ru
- domain: z0tb.ha0m.online
- domain: xb.t4mo.ru
- domain: wzu.ki8n.ru
- domain: t6y3.ha0m.online
- domain: iso.e-dx.ru
- domain: k9pwa.ha0m.online
- domain: f9r2.ve1p.online
- domain: 94f.m2la.ru
- domain: jqp.wi7e.ru
- domain: b3x8.ve1p.online
- domain: jk.77-6.ru
- domain: e3h7n.si9a.online
ThreatFox IOCs for 2025-11-02
0
MediumPublished: Sun Nov 02 2025 (11/02/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-11-02
AI-Powered Analysis
AILast updated: 11/03/2025, 00:14:17 UTC
Technical Analysis
The threat information corresponds to a set of Indicators of Compromise (IOCs) published by ThreatFox on November 2, 2025, categorized under malware with a focus on OSINT, network activity, and payload delivery. The data lacks specific affected software versions and does not include detailed technical indicators or exploit mechanisms. The absence of patches or known exploits in the wild indicates that this is an intelligence feed update rather than a description of an active or emerging exploit. The threat level is rated medium, reflecting moderate concern primarily due to the potential for payload delivery and network activity associated with malware campaigns. The technical details provided are minimal, with a threat level of 2 (on an unspecified scale), analysis score of 1, and distribution score of 3, suggesting limited but notable distribution. The lack of concrete indicators or CWEs (Common Weakness Enumerations) limits the ability to perform a deep technical analysis or attribute the threat to specific malware families or attack vectors. Overall, this entry appears to be a general OSINT-based malware threat intelligence update, useful for situational awareness but not indicative of an immediate, exploitable vulnerability or active campaign.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known exploits or specific affected systems. However, the presence of malware-related IOCs focusing on network activity and payload delivery suggests potential risks if such malware campaigns were to materialize or evolve. Organizations relying heavily on OSINT tools or those with complex network infrastructures could face risks related to malware infiltration or lateral movement if these IOCs correspond to emerging threats. The medium severity rating implies that while immediate disruption or data compromise is unlikely, there is a moderate risk that could escalate if the threat actors develop active exploits. The lack of patches or mitigation details means organizations must rely on proactive detection and response capabilities. In the European context, sectors such as finance, critical infrastructure, and government agencies, which are frequent targets of malware campaigns, should maintain heightened awareness and integrate these IOCs into their threat detection frameworks to preempt potential attacks.
Mitigation Recommendations
Given the nature of this threat as an OSINT-based malware IOC update without specific exploits or patches, mitigation should focus on enhancing detection and response capabilities. Organizations should integrate the ThreatFox IOCs into their security information and event management (SIEM) systems and endpoint detection and response (EDR) tools to improve visibility of potential malicious network activity and payload delivery attempts. Network segmentation and strict access controls can limit the impact of any malware that attempts lateral movement. Regular threat intelligence sharing and collaboration with industry peers and national cybersecurity centers will help contextualize these IOCs and identify emerging threats early. Additionally, organizations should conduct regular network traffic analysis to detect anomalies and employ behavioral analytics to identify suspicious payload delivery patterns. Employee training on recognizing phishing and social engineering attempts remains critical to prevent initial infection vectors. Finally, maintaining up-to-date backups and incident response plans ensures readiness in case of malware incidents.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 819e166b-15f3-4e80-b0fd-a55f2d0b587e
- Original Timestamp
- 1762128186
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file107.149.142.35 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.88.188 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file197.5.192.204 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.231.116.237 | Hook botnet C2 server (confidence level: 100%) | |
file116.49.85.177 | Unknown malware botnet C2 server (confidence level: 100%) | |
file172.245.253.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.77.246.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.116.2 | Remcos botnet C2 server (confidence level: 100%) | |
file93.113.98.22 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file181.162.147.189 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file86.54.42.245 | DCRat botnet C2 server (confidence level: 100%) | |
file79.241.96.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.74.207.31 | Meterpreter botnet C2 server (confidence level: 100%) | |
file154.19.37.38 | Meterpreter botnet C2 server (confidence level: 100%) | |
file41.38.104.163 | Meterpreter botnet C2 server (confidence level: 100%) | |
file89.35.130.116 | MooBot botnet C2 server (confidence level: 100%) | |
file182.16.98.83 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file149.104.26.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file108.174.199.100 | Remcos botnet C2 server (confidence level: 100%) | |
file129.212.186.153 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file68.218.67.213 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.135.204.155 | Havoc botnet C2 server (confidence level: 100%) | |
file103.236.72.41 | Kaiji botnet C2 server (confidence level: 100%) | |
file18.212.228.47 | Meterpreter botnet C2 server (confidence level: 100%) | |
file2.57.241.239 | BianLian botnet C2 server (confidence level: 100%) | |
file176.65.148.254 | XWorm botnet C2 server (confidence level: 100%) | |
file101.99.76.21 | Remcos botnet C2 server (confidence level: 100%) | |
file13.201.46.83 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file168.245.201.68 | Meterpreter botnet C2 server (confidence level: 100%) | |
file182.30.30.154 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file193.111.248.202 | Mirai botnet C2 server (confidence level: 80%) | |
file41.143.6.3 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file45.42.141.135 | DCRat botnet C2 server (confidence level: 100%) | |
file5.129.26.33 | Unknown malware botnet C2 server (confidence level: 100%) | |
file93.127.200.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file113.45.252.127 | Unknown malware botnet C2 server (confidence level: 100%) | |
file72.61.145.143 | Unknown malware botnet C2 server (confidence level: 100%) | |
file43.139.231.249 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file102.96.149.50 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file13.53.40.179 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file137.175.73.149 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file31.40.204.127 | Remcos botnet C2 server (confidence level: 100%) | |
file84.38.129.67 | Remcos botnet C2 server (confidence level: 100%) | |
file5.78.65.60 | XWorm botnet C2 server (confidence level: 100%) | |
file27.124.9.40 | XWorm botnet C2 server (confidence level: 100%) | |
file31.57.147.229 | XWorm botnet C2 server (confidence level: 100%) | |
file45.141.215.68 | XWorm botnet C2 server (confidence level: 100%) | |
file45.149.153.218 | XWorm botnet C2 server (confidence level: 100%) | |
file62.72.45.68 | XWorm botnet C2 server (confidence level: 100%) | |
file103.42.30.157 | XWorm botnet C2 server (confidence level: 100%) | |
file103.75.183.233 | XWorm botnet C2 server (confidence level: 100%) | |
file112.213.110.204 | XWorm botnet C2 server (confidence level: 100%) | |
file160.30.45.246 | XWorm botnet C2 server (confidence level: 100%) | |
file185.254.99.174 | XWorm botnet C2 server (confidence level: 100%) | |
file217.154.249.35 | XWorm botnet C2 server (confidence level: 100%) | |
file23.26.237.237 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file217.156.67.140 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file64.188.91.232 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file91.92.241.235 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file139.9.66.46 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file191.101.130.68 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file51.85.32.254 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file196.75.164.238 | Meterpreter botnet C2 server (confidence level: 100%) | |
file98.84.133.213 | Meterpreter botnet C2 server (confidence level: 100%) | |
file212.68.34.175 | Mirai botnet C2 server (confidence level: 80%) | |
file103.163.118.111 | Mirai botnet C2 server (confidence level: 80%) | |
file91.92.242.81 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.156.79.79 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file178.22.24.175 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file194.163.136.13 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file144.31.72.240 | Mirai botnet C2 server (confidence level: 100%) | |
file147.185.221.212 | NjRAT botnet C2 server (confidence level: 100%) | |
file170.205.31.236 | XWorm botnet C2 server (confidence level: 100%) | |
file87.106.28.161 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file129.21.38.217 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file52.86.100.145 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file157.20.182.18 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.18 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file43.138.15.154 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.104.158.207 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.89.139.179 | Remcos botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Hook botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash11371 | DCRat botnet C2 server (confidence level: 100%) | |
hash81 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8081 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash35769 | MooBot botnet C2 server (confidence level: 100%) | |
hash8011 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8088 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash88 | Kaiji botnet C2 server (confidence level: 100%) | |
hash1098 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash993 | BianLian botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | Remcos botnet C2 server (confidence level: 100%) | |
hash2761 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash81 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash25565 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash3878 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1671 | Remcos botnet C2 server (confidence level: 100%) | |
hash6976 | Remcos botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5000 | XWorm botnet C2 server (confidence level: 100%) | |
hash63000 | XWorm botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash100 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash8899 | XWorm botnet C2 server (confidence level: 100%) | |
hash1177 | XWorm botnet C2 server (confidence level: 100%) | |
hash1586 | XWorm botnet C2 server (confidence level: 100%) | |
hash7000 | XWorm botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash2323 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash5888 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash7777 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4444 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash37146 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash3778 | Mirai botnet C2 server (confidence level: 80%) | |
hash43658 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash4449 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1912 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash1543 | Mirai botnet C2 server (confidence level: 100%) | |
hash4770 | NjRAT botnet C2 server (confidence level: 100%) | |
hash4222 | XWorm botnet C2 server (confidence level: 100%) | |
hash7777 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash1990 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2002 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainlogin.relatec.it.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainccpwnews.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainw1.7n28r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr1n8k.mjg1.online | ClearFake payload delivery domain (confidence level: 100%) | |
domains.zms-u.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp3zy.y8-8.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.zms-u.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv3.zms-u.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp.595-1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj8q2.mjg1.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainc8.595-1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1m.595-1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu0v4t.mjg1.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainq8m2.y8-8.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaind.wlh84.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq2.wlh84.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn0aq.y8-8.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainx.wlh84.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh5c7.mjg1.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainrr.33b2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb2y6.8786.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8a.u-v9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainse3.t4mo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincqi.ki8n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind4m9q.8786.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincheck-here.duckdns.org | MooBot botnet C2 domain (confidence level: 100%) | |
domaint2kc.1yjp.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain6c.e-dx.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing6u.m2la.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink1s7.8786.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainzny.wi7e.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3r7.77-6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw8j3.8786.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainq8x.q3lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv1q0.1yjp.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain0h.ru7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains11.3-5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx0t5n.8786.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2l.be3q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainih.fe9v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink7yb.1yjp.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainz3h1.op-76.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain0k.18yk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu5.ve1p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina5w9t.op-76.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain0w.da5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq2.5-rt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm2q8.op-76.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2q.y8-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine9n4k.op-76.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainqh.crju.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainttz.op76.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint0y6.op-76.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainak.1yjp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8ls.1z57.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuq.zo6r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhosting-concepts.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpark-cayman.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbased-ratios.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainq7m3a.p0k61h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1kl.xa9t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindn.33b2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2k9.p0k61h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3ch.u-v9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh2k.4-4gy.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv7.t4mo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz8r1d.p0k61h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp6.89atr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv0s.ki8n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint5bx0.p0k61h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhi.e-dx.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint0.m2la.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm4ny.p0k61h.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzq1.89atr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm5n.wi7e.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc1pze.98g-bj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm4n.89atr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjjl.77-6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb3m.q3lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb0.ru7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy9t3.98g-bj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6n.3-5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv0g.be3q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain88.fe9v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsh.18yk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn5rqa.98g-bj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmde.ve1p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina3z.tgmop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbo.da5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing2x7m.98g-bj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink2w0.tgmop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2fr.5-rt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindl.y8-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh0w4.98g-bj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain60.crju.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq.tgmop.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintp.op76.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm5we2.v4-z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8s.1yjp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc9la.v4-z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain7c7.1z57.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingle.zo6r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains1.k-8ip.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsw.xa9t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh4qpn.v4-z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainwy.33b2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8v.u-v9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0z7.k-8ip.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7t.t4mo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn.k-8ip.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxc.ki8n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpzk6.139z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1.e-dx.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina3vnt.139z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain9yg.m2la.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy9bm.139z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain4p2.wi7e.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing4m.6x-3z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpf4.77-6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu0b9.6x-3z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2x7.q3lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink7v1.6x-3z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0.ru7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain20.3-5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainadministration-montreal.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainp3q.6x-3z.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain42.be3q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlz.fe9v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf2x8m.yw9a.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaineo.18yk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains1l.ve1p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp9kr.yw9a.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainygz.da5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainamo.5-rt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv3d7.yw9a.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainnn.y8-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq1me4.yw9a.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain0n.crju.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu0.op76.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmm.1yjp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain17.1z57.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing0sqa.139z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincadujb.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainextermz.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainnewmadp.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmexicaq.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainlethali.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpenstjn.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainscapev.mom | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingenusal.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingrownuc.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainsecondp.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainbackchv.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmanualc.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfeathej.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingenuslu.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpozsonz.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainloadupm.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domain2iw.zo6r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn6tr.139z.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainqb.xa9t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr4yq.9r3s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaink4m8.h-3t.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainpy.33b2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains2q1n.h-3t.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainn0fp.9r3s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaintc.u-v9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy1.t4mo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2on.ki8n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh3l8.9r3s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainw7r0.h-3t.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainng.e-dx.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj5aw9.9r3s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain6a.m2la.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine9tva.h-3t.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainm9p.wi7e.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfs.77-6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb3x9.h-3t.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.srv1061577.hstgr.cloud | Hook botnet C2 domain (confidence level: 100%) | |
domainrw.q3lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj1p7q.b6je.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaindqb.ru7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind6qa.j935.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaingg6.3-5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz6n4.b6je.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincjq.be3q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint0k3.b6je.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainki.fe9v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainiq.18yk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb4tr.j935.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainj68.ve1p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm9qla.b6je.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaind4.da5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbz.5-rt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr5yd.b6je.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainxo.y8-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw1v9.j935.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincomtedo.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainpressot.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainaffairu.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainanunnbj.lat | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaina0.crju.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc8v2.q3lo.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8b.op76.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy3kx.j935.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincash-clearly.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainvirtual-conjunction.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaincash-mae.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpop-experimental.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainhair-gale.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domain99898nffa.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainbelow-artificial.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 100%) | |
domainnf.1yjp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarkanix.pw | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainu7.1z57.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing5zx.9-88.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainx1zpn.q3lo.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaindd.zo6r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2ro.xa9t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1n.33b2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind7m0.q3lo.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainmcb.u-v9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina9.t4mo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu4r9.q3lo.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaingd.ki8n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp3kqa.q3lo.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain80n.e-dx.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh2w8.no4s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainoz.m2la.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink2hf.9-88.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainobi.wi7e.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina7ny.9-88.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainy0s3n.no4s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain10f.77-6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu4j9.9-88.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainrl1.q3lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing5t9.no4s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain91u.ru7x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina3.3-5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn3qla.no4s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainkzg.be3q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainde7.fe9v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine9rm2.9-88.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainph.18yk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina8vd.no4s.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainrd7.ve1p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainivs.da5y.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint3xq.m2la.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainvc.5-rt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz1wb.m2la.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain53.y8-8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainew3.crju.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx7m.op76.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp6dv.m2la.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainuvu.1yjp.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino9.1z57.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlj.zo6r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv2k7.ha0m.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainc5n3.m2la.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain9ht.xa9t.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr1m8q.ha0m.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainent.33b2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq7je.ve1p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainjq.u-v9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz0tb.ha0m.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainxb.t4mo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwzu.ki8n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint6y3.ha0m.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainiso.e-dx.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink9pwa.ha0m.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainf9r2.ve1p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain94f.m2la.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjqp.wi7e.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb3x8.ve1p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainjk.77-6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine3h7n.si9a.online | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://penstjn.lat/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://mi.huffproofs.com | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://64.188.98.71/api/ytasodasodasytisytasodmsogqsotysnjusodis | SmartLoader botnet C2 (confidence level: 100%) | |
urlhttp://939870cm.nyash.es/packetgeoprocessuploads.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://aaaaakkkkkii.life/providervideosecuregeneratoruniversal.php | DCRat botnet C2 (confidence level: 100%) |
Threat ID: 6907f3c97f25edc77b73844f
Added to database: 11/3/2025, 12:14:01 AM
Last enriched: 11/3/2025, 12:14:17 AM
Last updated: 11/3/2025, 11:29:26 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
MediumMalwareMon Nov 03 2025
DPRK's Playbook: HttpTroy and New BLINDINGCAN Variant
MediumMalwareMon Nov 03 2025
Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificates
MediumMalwareMon Nov 03 2025
Cloud Abuse at Scale
MediumMalwareMon Nov 03 2025
Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks
MediumMalwareMon Nov 03 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.