Reconnecting to live updates…
ThreatFox IOCs for 2025-12-12
Severity: mediumType: malware
ThreatFox IOCs for 2025-12-12
AI Analysis
Technical Summary
This threat report from the ThreatFox MISP feed provides a collection of Indicators of Compromise (IOCs) related to malware activities observed or predicted for the date 2025-12-12. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the monitoring of network traffic and potentially malicious payload transmissions. However, the report lacks specific details such as affected software versions, concrete technical indicators, or exploit mechanisms. No patches or mitigations are currently available, and there are no known active exploits in the wild. The threat level is assessed as medium, reflecting a moderate risk based on the available intelligence. The absence of CWEs and detailed technical indicators suggests this is an intelligence feed update rather than a new vulnerability or exploit. The data is tagged with TLP:WHITE, indicating it is intended for broad distribution and use in defensive measures. Overall, this information serves as a situational awareness tool for security teams to enhance detection capabilities and prepare for potential malware-related network threats.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of active exploits and specific affected products or versions. However, the presence of IOCs related to network activity and payload delivery means that organizations could face risks from malware infections if these indicators correspond to emerging or ongoing campaigns. The medium severity suggests a moderate potential for disruption, data compromise, or network intrusion if the threat evolves. Organizations relying heavily on OSINT tools or those with extensive network exposure might be more susceptible to related attacks. Since no patches or direct mitigations are available, the impact is primarily on detection and response capabilities. Failure to incorporate these IOCs into monitoring systems could delay identification of malicious activity, increasing the risk of successful intrusions or data breaches.
Mitigation Recommendations
European organizations should integrate the provided IOCs into their existing security monitoring and threat intelligence platforms to enhance detection of related malware activity. Network traffic should be closely monitored for anomalies matching the threat indicators, and endpoint detection and response (EDR) tools should be updated with the latest intelligence feeds. Organizations should conduct regular threat hunting exercises focusing on payload delivery mechanisms and suspicious network behaviors. Since no patches are available, emphasis should be placed on proactive detection, segmentation of critical networks, and strict access controls to limit lateral movement in case of compromise. Collaboration with national and European cybersecurity centers to share and receive updated intelligence is recommended. Additionally, organizations should review and update incident response plans to address potential malware infections indicated by these IOCs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- domain: gov.hanel.work
- file: 157.180.22.193
- hash: 443
- file: 158.94.210.44
- hash: 1312
- hash: 22804099ed114502613561e19c39b08d85532366de6aa7dc7b648da51d4a7515
- hash: ca49f69a007de870c0ae4c9cabaa4707ad73c9735d643c7bfcdc2a4cf2ba9765
- hash: de5fcb3128ab96a7c5e45d93ed01498102aacde90552b9bffc581fa94d5c8e6a
- url: https://lingering-my-verify-clouds-1.pages.dev/
- file: 95.182.101.109
- hash: 80
- file: 213.176.16.165
- hash: 443
- file: 94.183.183.52
- hash: 443
- domain: microservice-update-s1-bucket.cc
- url: https://microservice-update-s1-bucket.cc/hollypriest.docx
- domain: microservice-update-s2-bucket.cc
- domain: api-w11c.onrender.com
- url: https://api-w11c.onrender.com/api/send
- file: 206.206.127.137
- hash: 8041
- file: 172.111.150.202
- hash: 3872
- file: 23.17.234.198
- hash: 3000
- file: 80.69.88.61
- hash: 80
- domain: qwg6.orbshackle.ru
- file: 193.233.87.70
- hash: 8443
- file: 142.252.220.135
- hash: 8443
- domain: shackle.twig-mantle.ru
- domain: dlnd.twig-mantle.ru
- domain: bf1.twig-mantle.ru
- domain: i4o3.twig-mantle.ru
- domain: qmolq.saffrondent.ru
- domain: pq.saffrondent.ru
- domain: sn7.saffrondent.ru
- domain: d8iw.saffrondent.ru
- domain: 2njv.saffron-dent.ru
- domain: cobble.saffron-dent.ru
- domain: jitter.saffron-dent.ru
- domain: ukd0.saffron-dent.ru
- domain: qk8q.cloudpeak.ru
- domain: bright.cloudpeak.ru
- domain: 7iwp.cloudpeak.ru
- domain: 4b.cloudpeak.ru
- domain: snow.br1ghtstorm.ru
- domain: c2.tiktok-js.top
- domain: up.mcprotocol.cn
- file: 156.234.216.187
- hash: 43131
- file: 47.97.113.42
- hash: 8443
- file: 67.219.102.244
- hash: 53
- file: 84.200.17.174
- hash: 6000
- domain: a72o.br1ghtstorm.ru
- domain: nkpoor.sa.com
- domain: download.nkpoor.sa.com
- url: http://47.243.211.91:8888/supershell/login/
- file: 198.251.84.61
- hash: 80
- domain: k1v5q.br1ghtstorm.ru
- domain: breeze.br1ghtstorm.ru
- domain: tur.stonec0re.ru
- domain: ocean.stonec0re.ru
- domain: 69z.stonec0re.ru
- domain: cwscj.stonec0re.ru
- file: 23.226.48.206
- hash: 43131
- file: 23.248.214.10
- hash: 43131
- file: 156.234.145.37
- hash: 43131
- file: 43.138.159.121
- hash: 88
- file: 119.45.250.8
- hash: 443
- file: 80.78.30.76
- hash: 443
- file: 34.239.178.12
- hash: 8080
- file: 107.172.31.102
- hash: 80
- file: 62.164.177.31
- hash: 9000
- file: 62.164.177.31
- hash: 15647
- file: 102.117.170.95
- hash: 7443
- domain: testcuncr.testingweblink.com
- file: 91.204.74.131
- hash: 443
- file: 103.245.231.83
- hash: 4321
- file: 107.149.142.169
- hash: 4444
- file: 168.245.200.34
- hash: 3790
- file: 13.238.96.31
- hash: 88
- file: 37.77.107.49
- hash: 80
- domain: hill.s0ftcrest.ru
- domain: dh28.s0ftcrest.ru
- domain: storm.s0ftcrest.ru
- domain: sun.s0ftcrest.ru
- domain: p1fb9.l1ghtshore.ru
- url: http://154.61.77.105:8082/
- domain: cr.l1ghtshore.ru
- domain: omega.l1ghtshore.ru
- domain: r8x.l1ghtshore.ru
- domain: beta.skyf1eld.ru
- domain: 6rpmj.skyf1eld.ru
- domain: x93.skyf1eld.ru
- domain: wave.skyf1eld.ru
- domain: xew2z.dr1ftshade.ru
- domain: halahtyb-45632.portmap.host
- domain: halahtyb-41206.portmap.host
- file: 91.202.233.215
- hash: 2404
- domain: mariajose12.duckdns.org
- domain: medcom.it.com
- domain: malware.medcom.it.com
- domain: quality.it.com
- domain: malware.quality.it.com
- domain: range.dr1ftshade.ru
- domain: ebsk.dr1ftshade.ru
- domain: eia.dr1ftshade.ru
- url: http://damysa10.top/download.php?file=lv.exe
- url: http://sarefy07.top/download.php?file=lv.exe
- url: http://sarjeb09.top/download.php?file=lv.exe
- url: http://knumfl68.top/index.php
- url: http://knuywu58.top/index.php
- url: http://lysuht78.top/index.php
- url: http://morisc07.top/index.php
- url: http://morjeo05.top/index.php
- url: http://morwye06.top/index.php
- domain: damysa10.top
- domain: sarefy07.top
- domain: sarjeb09.top
- domain: google.motchilltv.red
- file: 195.85.207.132
- hash: 1337
- domain: gugugulol.kenkejai.com
- url: http://telegatt.top/oh12manymarty
- url: http://telegin.top/oh12manymarty
- url: http://telegka.top/oh12manymarty
- url: https://t.me/borderxra
- url: https://t.me/jredmankun
- url: https://t.me/masseffectus2
- url: https://t.me/oh12manymarty
- url: https://t.me/takecareandkeepitup
- domain: country-tex.gl.at.ply.gg
- url: https://raw.githubusercontent.com/locsucc/cac/refs/heads/master/c
- file: 116.103.90.20
- hash: 4411
- domain: wwexp.com
- domain: totalservices.info
- domain: broughservice.info
- domain: theoyservices.info
- domain: excesswintex.info
- domain: brityservice.info
- domain: bijoyshare.buzz
- domain: sharetobijoy.buzz
- domain: api.htscefh.com
- domain: app.enzirt.com
- domain: api.qtss.cc
- domain: vps-zap812595-1.zap-srv.com
- domain: help.093214.xyz
- domain: keep.camdvr.org
- domain: brands.khaitara.com
- domain: bridge.cleardawn.ru
- domain: 60sek.cleardawn.ru
- file: 193.27.90.80
- hash: 5010
- domain: e5w.cleardawn.ru
- domain: bamboopaw2021.sbs
- url: http://bamboopaw2021.sbs/b5a52ebb310b65f06dd10cfe69f72363/
- domain: nova.cleardawn.ru
- file: 213.209.143.34
- hash: 59666
- file: 144.202.27.199
- hash: 31337
- file: 15.204.59.20
- hash: 80
- file: 45.207.208.83
- hash: 443
- file: 8.148.211.47
- hash: 9999
- file: 36.253.9.57
- hash: 8081
- file: 216.126.239.157
- hash: 8888
- file: 45.192.248.45
- hash: 8088
- domain: sky.frostbranch.ru
- file: 195.177.94.107
- hash: 56238
- domain: ffmg.frostbranch.ru
- domain: d5.frostbranch.ru
- domain: 0s.frostbranch.ru
- domain: yljy.m1stleaf.ru
- url: https://roku.jnishop.com/
- url: https://rummagewi.com/
- url: https://sageproductions.tv/
- url: https://schluesselringe.de/
- url: https://red-eyesecurity.com/
- url: https://rummagewi.drcs-solutions.com/
- url: https://qka.poy.temporary.site/
- url: https://roumanie.sandierrot.fr/
- url: https://portaldesigngrafico.com.br.agenciadelivearte.com.br/
- url: https://psicologowil.com.br/
- url: https://quabala-quabala.com/
- url: https://shop.net-gazet.ru/
- url: https://singlevendor.ninetysix.in/
- url: https://sebastiancafe.kbral.com.br/
- url: https://teresina.oligoflora.com.br/
- url: https://syuchan.com/
- url: https://tanakazu1977.com/
- url: https://supvitalfree.verslo.io/
- url: https://stazio54.com/
- url: https://staging.trytebox.com/
- url: https://suzuya-basketball-dog-house.com/
- url: https://stavby.sk/
- url: https://vendamaiscomthiago.ads360imob.com.br/
- url: https://webmail.mega77b.com/
- url: https://webmail.giracoin.io/
- url: https://urbiagua.pt/
- url: https://teenpattijawaan.com/
- url: https://tes-totaleng.com/
- url: https://study.bisabarengoby.id/
- url: https://vegasvalleycommercial.com/
- url: https://wordt-ontwikkeldbe.site.tb-hosting.com/
- url: https://vitaricca-1.com/
- url: https://yellowbird.siulyn.fr/
- url: https://webdisk.kasatnews.com/
- url: https://whm.tamiltotamil.com/
- url: https://whm.umeedshiksharath.org/
- url: https://ysetechnologies.com.appniacs.com/
- url: https://watabaran.se/
- file: 192.210.215.210
- hash: 443
- file: 121.43.230.164
- hash: 8080
- file: 38.54.88.89
- hash: 80
- file: 178.16.53.165
- hash: 443
- file: 178.16.53.175
- hash: 443
- file: 44.200.209.5
- hash: 443
- file: 137.131.241.10
- hash: 443
- file: 44.200.209.5
- hash: 8080
- file: 178.16.53.119
- hash: 4444
- file: 89.125.209.173
- hash: 7443
- file: 45.156.27.23
- hash: 443
- file: 3.85.126.181
- hash: 1913
- file: 3.85.126.181
- hash: 1963
- file: 89.111.149.164
- hash: 80
- domain: qo1u.m1stleaf.ru
- file: 77.83.240.196
- hash: 8001
- file: 45.92.218.126
- hash: 8001
- file: 77.83.240.194
- hash: 8001
- file: 77.83.240.193
- hash: 8001
- domain: cwt.m1stleaf.ru
- domain: crest.m1stleaf.ru
- url: https://tlcmaui.com/
- url: https://quamecheng.co.zm/
- domain: 8l8gr.clearh0st.ru
- domain: river.clearh0st.ru
- file: 137.131.241.10
- hash: 8443
- file: 64.111.92.248
- hash: 8888
- domain: mint.clearh0st.ru
- domain: forest.clearh0st.ru
- url: http://123.56.48.58:8888/supershell/login/
- file: 208.87.205.54
- hash: 81
- domain: kp3uw.f0xwave.ru
- domain: 554r5.f0xwave.ru
- domain: mist.f0xwave.ru
- domain: jjt.f0xwave.ru
- domain: 3gky.forestcl0ud.ru
- domain: host.forestcl0ud.ru
- domain: e08z3.forestcl0ud.ru
- domain: zgeg.forestcl0ud.ru
- url: https://wooddecor.com.br.kbral.com.br/
- domain: drift.clears0ft.ru
- domain: 3e.clears0ft.ru
- domain: jt77.clears0ft.ru
- domain: fox.clears0ft.ru
- domain: shore.mistyshore.ru
- domain: ue.mistyshore.ru
- domain: baritale.com
- file: 47.92.196.59
- hash: 443
- file: 117.72.99.21
- hash: 9999
- file: 208.69.78.184
- hash: 31337
- file: 167.71.90.208
- hash: 8888
- file: 45.130.166.85
- hash: 443
- file: 144.172.114.13
- hash: 443
- file: 202.189.12.194
- hash: 5566
- file: 125.168.249.139
- hash: 8443
- file: 75.133.120.54
- hash: 8443
- file: 75.66.72.160
- hash: 8443
- file: 24.235.137.164
- hash: 8443
- file: 91.158.199.43
- hash: 8443
- file: 67.254.169.34
- hash: 8443
- file: 78.27.85.26
- hash: 8443
- file: 107.179.200.87
- hash: 8443
- file: 46.162.105.194
- hash: 8443
- file: 136.24.74.5
- hash: 8443
- file: 175.182.177.198
- hash: 8443
- file: 24.47.51.37
- hash: 8443
- file: 125.224.153.221
- hash: 8443
- file: 220.246.204.92
- hash: 8443
- file: 66.190.34.226
- hash: 8443
- file: 47.239.201.21
- hash: 60000
- file: 206.189.160.102
- hash: 443
- file: 195.88.24.103
- hash: 8033
- file: 165.227.48.115
- hash: 3333
- file: 82.156.210.64
- hash: 10813
- file: 167.99.26.105
- hash: 3333
- file: 3.148.221.7
- hash: 8085
- file: 111.230.103.245
- hash: 3333
- domain: q71t.mistyshore.ru
- domain: z24rf.mistyshore.ru
- domain: field.deepbreez3.ru
- domain: stone.deepbreez3.ru
- domain: 8wp1.deepbreez3.ru
- domain: k38.deepbreez3.ru
- url: https://evanderupdate.com/
- file: 156.234.216.182
- hash: 8712
- domain: register.spc.jp.net
- file: 89.149.243.170
- hash: 8080
- file: 81.92.219.143
- hash: 60000
- file: 190.255.86.132
- hash: 5060
- file: 45.156.87.240
- hash: 777
- file: 213.176.79.226
- hash: 9000
- file: 217.60.249.161
- hash: 9000
- file: 185.208.156.159
- hash: 5555
- file: 34.227.242.206
- hash: 33070
- file: 213.35.114.163
- hash: 8888
- file: 162.215.130.152
- hash: 80
- domain: s9i01.mounta1npath.ru
- domain: core.mounta1npath.ru
- domain: neurolattice.com
- domain: asirojointofucks.com
- domain: nh60c.mounta1npath.ru
- url: https://code.hybclient.com/
- domain: wind.mounta1npath.ru
- file: 45.141.26.243
- hash: 6000
- file: 162.251.123.238
- hash: 5353
- file: 166.88.185.88
- hash: 8000
- file: 177.136.203.81
- hash: 7050
- file: 208.91.189.160
- hash: 6922
- domain: night.snowcrest.ru
- file: 151.241.100.116
- hash: 2700
- url: http://178.17.59.88/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw=
- domain: raisinc.cyou
- domain: genustt.cyou
- domain: servilg.click
- domain: fixedwr.click
- domain: dhulhxu.click
- domain: cacodsq.click
- domain: vz.snowcrest.ru
- file: 138.226.236.29
- hash: 443
- url: https://138.226.236.29/
- domain: zwo.snowcrest.ru
- domain: kevincheat.com
- file: 38.49.210.241
- hash: 22100
- domain: 7yyu6.snowcrest.ru
- domain: gamma.oceandrift.ru
- domain: buradakimvar.xyz
- domain: gsv54.oceandrift.ru
- domain: ic7y.oceandrift.ru
- domain: cwci.oceandrift.ru
- domain: tp.cloudreach.ru
- domain: s9ps.cloudreach.ru
- url: https://zoomteammeeting.im/windows/invite.php
- url: https://teaminvitemeeting.im/windows/invite.php
- url: https://2z1alloom2.click/zoom/windows/invite.php
- url: https://zoommeetingsetup.vip/webzu0sju/windows/invite.php
- url: https://chandhandicrafts.com/microsoftteam/teamsfinal/teams/windows/invite.php
- url: https://institutoalfrednobel.edu.mx/meet/567/windows/invite.php
- url: https://ucd.ru.com/msteamss/teams/windows/invite.php
- url: https://blvas.online/zoooom/windows/invite.php
- url: https://prominencecleaners.com/excell/windows/invite.php
- url: https://com-a2gamepromotwo-eg--112a2-com---ad.pages.dev/
- url: https://mart.delipack.shop/
- url: https://18plus.tiktok.market.google.cuocsong.store/
- url: https://poidx.777md.xyz/
- url: https://18plus.tiktok.market.google.2049uu.top/
- url: https://18plus.tiktok.market.google.totti911-aakk04.store/
- url: https://18plus.tiktok.market.google.976uu9.top/
- url: https://googleplaycr.pages.dev/
- url: https://play-app.huami123.online/
- url: https://18plus.tiktok.market.google.luxelockssalon.shop/
- url: https://18plus.tiktok.market.google.b44brha.top/
- url: https://18plus.tiktok.market.google.101uu6.top/
- url: https://18plus.tiktok.market.google.pinklotusfoundation.online/
- url: http://91.92.243.254/kelly/five/fre.php
- domain: gastroikoliojauiol.com
- domain: jiontrusdergaseol.com
- domain: aniradodokloiure.com
- domain: ihokolkasdiemh.com
- domain: hcg.cloudreach.ru
- file: 165.22.117.74
- hash: 8001
- file: 68.183.155.83
- hash: 8001
- file: 161.35.152.74
- hash: 8001
- file: 165.227.65.246
- hash: 8001
- file: 143.110.132.186
- hash: 8001
- file: 165.227.28.253
- hash: 8001
- file: 157.245.123.120
- hash: 8001
- file: 134.209.91.203
- hash: 8001
- file: 178.62.204.148
- hash: 8001
- file: 134.209.204.135
- hash: 8001
- domain: oput.brightgate.ru
- file: 165.22.47.134
- hash: 8001
- file: 167.172.60.110
- hash: 8001
- file: 104.131.168.18
- hash: 8001
- file: 147.182.216.151
- hash: 8001
- file: 188.166.23.66
- hash: 8001
- file: 159.65.85.62
- hash: 8001
- file: 64.227.93.213
- hash: 8001
- domain: i3o.brightgate.ru
- file: 206.189.5.192
- hash: 8001
- file: 142.93.254.14
- hash: 8001
- file: 174.138.7.252
- hash: 8001
- domain: t84g.brightgate.ru
- domain: intercttp.xyz
- domain: clear.brightgate.ru
- domain: uqdz.nightl1ne.ru
- file: 45.141.215.133
- hash: 4444
- domain: italy-divine.gl.at.ply.gg
- domain: branch.nightl1ne.ru
- file: 147.185.221.31
- hash: 63171
- file: 185.91.127.175
- hash: 1330
- file: 157.245.180.129
- hash: 8001
- file: 134.209.27.68
- hash: 8001
- file: 167.172.205.144
- hash: 8001
- file: 68.183.6.51
- hash: 8001
- file: 159.65.205.44
- hash: 8001
- file: 142.93.135.82
- hash: 8001
- file: 206.189.198.144
- hash: 8001
- domain: zj3m0.nightl1ne.ru
- file: 165.22.136.66
- hash: 8001
- file: 178.128.2.44
- hash: 8001
- file: 134.209.89.14
- hash: 8001
- domain: content-v2-verisoiu.icu
- domain: joyeriatauro.com
- domain: peak.nightl1ne.ru
- url: http://77.105.161.133
- file: 8.134.55.194
- hash: 443
- file: 204.77.130.20
- hash: 80
- file: 212.64.215.198
- hash: 4444
- file: 62.60.135.119
- hash: 9000
- file: 199.101.111.96
- hash: 3790
- file: 52.91.221.78
- hash: 21
- file: 52.91.221.78
- hash: 771
- file: 100.31.160.236
- hash: 53695
- file: 98.93.225.126
- hash: 20547
- file: 144.22.251.16
- hash: 443
- file: 18.140.146.3
- hash: 80
- domain: z9s.starl1tewave.ru
- domain: alpha.starl1tewave.ru
- file: 208.123.119.198
- hash: 8443
- file: 208.123.119.236
- hash: 8443
- file: 216.189.145.14
- hash: 8443
- file: 208.123.119.235
- hash: 8443
- domain: mouc.starl1tewave.ru
- file: 68.183.176.122
- hash: 8001
- file: 206.189.127.228
- hash: 8001
- file: 139.59.39.130
- hash: 8001
- file: 157.245.146.209
- hash: 8001
- file: 143.110.188.80
- hash: 8001
- file: 139.59.125.228
- hash: 8001
- file: 209.97.182.186
- hash: 8001
- file: 139.59.78.96
- hash: 8001
- file: 188.166.181.135
- hash: 8001
- file: 164.90.203.98
- hash: 8001
- file: 91.92.243.254
- hash: 80
- domain: 1tza.starl1tewave.ru
- file: 138.68.136.84
- hash: 8001
- domain: i6.co0perport5.ru
- domain: 9vq0tzgx64793.cfc-execute.bj.baidubce.com
- file: 124.220.231.155
- hash: 443
- domain: 8cu.co0perport5.ru
- domain: leqdger.click
- domain: wind.co0perport5.ru
- domain: inter.co0perport5.ru
- domain: 2vv6.adm1rep1ay.ru
- domain: sdsu.adm1rep1ay.ru
- domain: hdbg.adm1rep1ay.ru
- domain: xk8.adm1rep1ay.ru
- domain: entire-so.gl.at.ply.gg
- domain: dad9idois-44752.portmap.host
- file: 2.56.165.27
- hash: 9111
- domain: 8.tcp.clar.top
- domain: 1.tcp.clar.io
- domain: sodendick-39162.portmap.host
- domain: au.1nju5tred.ru
- domain: river.1nju5tred.ru
- domain: 6t5.1nju5tred.ru
- file: 80.211.137.34
- hash: 3413
- domain: omega.1nju5tred.ru
- file: 165.227.234.4
- hash: 8001
- file: 109.145.252.9
- hash: 2222
- file: 136.0.157.158
- hash: 7707
- file: 184.174.32.240
- hash: 7443
- domain: k5i.pr2ctsu7v.ru
- file: 31.220.89.71
- hash: 8080
- domain: beta.pr2ctsu7v.ru
- file: 64.227.55.187
- hash: 8001
- file: 206.189.66.166
- hash: 8001
- file: 147.182.138.189
- hash: 8001
- file: 192.241.141.249
- hash: 8001
- file: 143.110.168.110
- hash: 8001
- file: 165.22.156.232
- hash: 8001
- file: 167.99.207.16
- hash: 8001
- file: 157.230.131.89
- hash: 8001
- file: 167.172.56.254
- hash: 8001
- domain: flame.pr2ctsu7v.ru
- domain: dur71.pr2ctsu7v.ru
- domain: hill.n0uvpu7itan.ru
- domain: fdvfr.n0uvpu7itan.ru
- domain: 6xy2.n0uvpu7itan.ru
- domain: short.n0uvpu7itan.ru
- file: 195.177.94.233
- hash: 443
- file: 156.234.145.45
- hash: 8712
- file: 156.234.145.35
- hash: 8712
- file: 156.234.252.66
- hash: 8712
- file: 156.234.101.173
- hash: 8712
- file: 156.234.145.34
- hash: 8712
- file: 119.91.141.52
- hash: 31303
- file: 156.234.216.171
- hash: 8712
- file: 156.234.252.86
- hash: 8712
- file: 39.104.81.39
- hash: 8080
- file: 47.92.196.59
- hash: 80
- file: 43.255.30.4
- hash: 443
- file: 38.246.245.82
- hash: 80
- file: 31.97.76.25
- hash: 30303
- file: 186.169.56.216
- hash: 2404
- file: 158.94.210.63
- hash: 9090
- file: 83.136.254.247
- hash: 443
- file: 1.52.28.182
- hash: 443
- domain: arabsea.testingweblink.com
- domain: adfs.abdullah-sharif.com
- domain: fpt.dfp.abdullah-sharif.com
- file: 89.58.41.159
- hash: 80
- file: 89.58.41.159
- hash: 443
- file: 199.101.111.205
- hash: 3790
- file: 34.238.116.93
- hash: 1317
- file: 199.101.111.188
- hash: 3790
- file: 54.82.226.86
- hash: 80
- file: 54.82.226.86
- hash: 2380
- file: 54.82.226.86
- hash: 8880
- file: 72.62.60.228
- hash: 443
- file: 162.215.130.152
- hash: 443
- domain: yl90o.sh0rtwe5ter.ru
- domain: lq.sh0rtwe5ter.ru
- domain: z4l.sh0rtwe5ter.ru
- domain: 3w.sh0rtwe5ter.ru
- domain: core.interk2ts2v.ru
- domain: vdf.interk2ts2v.ru
- domain: dndhub.xyz
- domain: bbpa.interk2ts2v.ru
- file: 80.211.137.34
- hash: 4230
- domain: q1.interk2ts2v.ru
- domain: m9dbmhskb.localto.net
- domain: field.b1o0dmanneq.ru
- url: http://towerbingobongoboom.com:8080/updater?for=81d1b730207b50bc16231686b723b33f
- domain: p8.b1o0dmanneq.ru
- domain: epfe.b1o0dmanneq.ru
- domain: sabr6.b1o0dmanneq.ru
- domain: mint.b0okca7niv.ru
- domain: zeq3.b0okca7niv.ru
- domain: byte.b0okca7niv.ru
- domain: neuro.b0okca7niv.ru
- domain: 2ic.f1fthudde7.ru
- domain: ember.f1fthudde7.ru
- domain: jtp4r.f1fthudde7.ru
- domain: spark.f1fthudde7.ru
- domain: trace.c0nju8maraf.ru
- domain: guard.c0nju8maraf.ru
- domain: wild.c0nju8maraf.ru
- domain: storm.c0nju8maraf.ru
- domain: yzmbi.neur0l5uptn.ru
ThreatFox IOCs for 2025-12-12
0
MediumPublished: Fri Dec 12 2025 (12/12/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-12-12
AI-Powered Analysis
AILast updated: 12/13/2025, 00:04:19 UTC
Technical Analysis
This threat report from the ThreatFox MISP feed provides a collection of Indicators of Compromise (IOCs) related to malware activities observed or predicted for the date 2025-12-12. The threat is categorized under OSINT (Open Source Intelligence), network activity, and payload delivery, indicating that it involves the monitoring of network traffic and potentially malicious payload transmissions. However, the report lacks specific details such as affected software versions, concrete technical indicators, or exploit mechanisms. No patches or mitigations are currently available, and there are no known active exploits in the wild. The threat level is assessed as medium, reflecting a moderate risk based on the available intelligence. The absence of CWEs and detailed technical indicators suggests this is an intelligence feed update rather than a new vulnerability or exploit. The data is tagged with TLP:WHITE, indicating it is intended for broad distribution and use in defensive measures. Overall, this information serves as a situational awareness tool for security teams to enhance detection capabilities and prepare for potential malware-related network threats.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the lack of active exploits and specific affected products or versions. However, the presence of IOCs related to network activity and payload delivery means that organizations could face risks from malware infections if these indicators correspond to emerging or ongoing campaigns. The medium severity suggests a moderate potential for disruption, data compromise, or network intrusion if the threat evolves. Organizations relying heavily on OSINT tools or those with extensive network exposure might be more susceptible to related attacks. Since no patches or direct mitigations are available, the impact is primarily on detection and response capabilities. Failure to incorporate these IOCs into monitoring systems could delay identification of malicious activity, increasing the risk of successful intrusions or data breaches.
Mitigation Recommendations
European organizations should integrate the provided IOCs into their existing security monitoring and threat intelligence platforms to enhance detection of related malware activity. Network traffic should be closely monitored for anomalies matching the threat indicators, and endpoint detection and response (EDR) tools should be updated with the latest intelligence feeds. Organizations should conduct regular threat hunting exercises focusing on payload delivery mechanisms and suspicious network behaviors. Since no patches are available, emphasis should be placed on proactive detection, segmentation of critical networks, and strict access controls to limit lateral movement in case of compromise. Collaboration with national and European cybersecurity centers to share and receive updated intelligence is recommended. Additionally, organizations should review and update incident response plans to address potential malware infections indicated by these IOCs.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 86ad6f8d-d434-4c84-a991-498f692890df
- Original Timestamp
- 1765584186
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaingov.hanel.work | Vidar botnet C2 domain (confidence level: 100%) | |
domainmicroservice-update-s1-bucket.cc | Amatera payload delivery domain (confidence level: 100%) | |
domainmicroservice-update-s2-bucket.cc | Amatera payload delivery domain (confidence level: 100%) | |
domainapi-w11c.onrender.com | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainqwg6.orbshackle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshackle.twig-mantle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindlnd.twig-mantle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbf1.twig-mantle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini4o3.twig-mantle.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqmolq.saffrondent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpq.saffrondent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsn7.saffrondent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind8iw.saffrondent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2njv.saffron-dent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincobble.saffron-dent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjitter.saffron-dent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainukd0.saffron-dent.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqk8q.cloudpeak.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbright.cloudpeak.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7iwp.cloudpeak.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4b.cloudpeak.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsnow.br1ghtstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc2.tiktok-js.top | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainup.mcprotocol.cn | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domaina72o.br1ghtstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnkpoor.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaindownload.nkpoor.sa.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domaink1v5q.br1ghtstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbreeze.br1ghtstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintur.stonec0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainocean.stonec0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain69z.stonec0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincwscj.stonec0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintestcuncr.testingweblink.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainhill.s0ftcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindh28.s0ftcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstorm.s0ftcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsun.s0ftcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp1fb9.l1ghtshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincr.l1ghtshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainomega.l1ghtshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr8x.l1ghtshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeta.skyf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6rpmj.skyf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx93.skyf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwave.skyf1eld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxew2z.dr1ftshade.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhalahtyb-45632.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainhalahtyb-41206.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domainmariajose12.duckdns.org | Remcos botnet C2 domain (confidence level: 100%) | |
domainmedcom.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.medcom.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainquality.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainmalware.quality.it.com | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainrange.dr1ftshade.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainebsk.dr1ftshade.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineia.dr1ftshade.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindamysa10.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domainsarefy07.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domainsarjeb09.top | CryptBot botnet C2 domain (confidence level: 50%) | |
domaingoogle.motchilltv.red | DCRat botnet C2 domain (confidence level: 50%) | |
domaingugugulol.kenkejai.com | Mirai botnet C2 domain (confidence level: 50%) | |
domaincountry-tex.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainwwexp.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domaintotalservices.info | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainbroughservice.info | Unknown malware botnet C2 domain (confidence level: 50%) | |
domaintheoyservices.info | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainexcesswintex.info | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainbrityservice.info | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainbijoyshare.buzz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainsharetobijoy.buzz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainapi.htscefh.com | Unknown Loader botnet C2 domain (confidence level: 50%) | |
domainapp.enzirt.com | Unknown Loader botnet C2 domain (confidence level: 50%) | |
domainapi.qtss.cc | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainvps-zap812595-1.zap-srv.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainhelp.093214.xyz | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainkeep.camdvr.org | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainbrands.khaitara.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainbridge.cleardawn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain60sek.cleardawn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine5w.cleardawn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbamboopaw2021.sbs | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainnova.cleardawn.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsky.frostbranch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainffmg.frostbranch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind5.frostbranch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0s.frostbranch.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyljy.m1stleaf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqo1u.m1stleaf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincwt.m1stleaf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincrest.m1stleaf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8l8gr.clearh0st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainriver.clearh0st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmint.clearh0st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainforest.clearh0st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkp3uw.f0xwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain554r5.f0xwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmist.f0xwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjjt.f0xwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3gky.forestcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhost.forestcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine08z3.forestcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzgeg.forestcl0ud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindrift.clears0ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3e.clears0ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjt77.clears0ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfox.clears0ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshore.mistyshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainue.mistyshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbaritale.com | Matanbuchus botnet C2 domain (confidence level: 75%) | |
domainq71t.mistyshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz24rf.mistyshore.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfield.deepbreez3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstone.deepbreez3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8wp1.deepbreez3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink38.deepbreez3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainregister.spc.jp.net | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domains9i01.mounta1npath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincore.mounta1npath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainneurolattice.com | Matanbuchus botnet C2 domain (confidence level: 100%) | |
domainasirojointofucks.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainnh60c.mounta1npath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind.mounta1npath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnight.snowcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainraisinc.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaingenustt.cyou | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainservilg.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainfixedwr.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaindhulhxu.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincacodsq.click | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainvz.snowcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzwo.snowcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkevincheat.com | Unknown Stealer payload delivery domain (confidence level: 100%) | |
domain7yyu6.snowcrest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingamma.oceandrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainburadakimvar.xyz | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaingsv54.oceandrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainic7y.oceandrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincwci.oceandrift.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintp.cloudreach.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains9ps.cloudreach.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingastroikoliojauiol.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainjiontrusdergaseol.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainaniradodokloiure.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainihokolkasdiemh.com | Latrodectus botnet C2 domain (confidence level: 100%) | |
domainhcg.cloudreach.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoput.brightgate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini3o.brightgate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint84g.brightgate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainintercttp.xyz | Unknown malware botnet C2 domain (confidence level: 100%) | |
domainclear.brightgate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainuqdz.nightl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainitaly-divine.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainbranch.nightl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzj3m0.nightl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincontent-v2-verisoiu.icu | Stealc botnet C2 domain (confidence level: 100%) | |
domainjoyeriatauro.com | Stealc botnet C2 domain (confidence level: 100%) | |
domainpeak.nightl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz9s.starl1tewave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainalpha.starl1tewave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmouc.starl1tewave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1tza.starl1tewave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini6.co0perport5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9vq0tzgx64793.cfc-execute.bj.baidubce.com | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domain8cu.co0perport5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainleqdger.click | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind.co0perport5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaininter.co0perport5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2vv6.adm1rep1ay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsdsu.adm1rep1ay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhdbg.adm1rep1ay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxk8.adm1rep1ay.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainentire-so.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domaindad9idois-44752.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domain8.tcp.clar.top | XWorm botnet C2 domain (confidence level: 100%) | |
domain1.tcp.clar.io | XWorm botnet C2 domain (confidence level: 100%) | |
domainsodendick-39162.portmap.host | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainau.1nju5tred.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainriver.1nju5tred.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6t5.1nju5tred.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainomega.1nju5tred.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink5i.pr2ctsu7v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbeta.pr2ctsu7v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflame.pr2ctsu7v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindur71.pr2ctsu7v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhill.n0uvpu7itan.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfdvfr.n0uvpu7itan.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6xy2.n0uvpu7itan.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshort.n0uvpu7itan.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarabsea.testingweblink.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainadfs.abdullah-sharif.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainfpt.dfp.abdullah-sharif.com | Havoc botnet C2 domain (confidence level: 100%) | |
domainyl90o.sh0rtwe5ter.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlq.sh0rtwe5ter.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz4l.sh0rtwe5ter.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3w.sh0rtwe5ter.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincore.interk2ts2v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvdf.interk2ts2v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindndhub.xyz | ClearFake payload delivery domain (confidence level: 100%) | |
domainbbpa.interk2ts2v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq1.interk2ts2v.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm9dbmhskb.localto.net | XWorm botnet C2 domain (confidence level: 75%) | |
domainfield.b1o0dmanneq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp8.b1o0dmanneq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainepfe.b1o0dmanneq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsabr6.b1o0dmanneq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmint.b0okca7niv.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzeq3.b0okca7niv.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbyte.b0okca7niv.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainneuro.b0okca7niv.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2ic.f1fthudde7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainember.f1fthudde7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjtp4r.f1fthudde7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspark.f1fthudde7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrace.c0nju8maraf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainguard.c0nju8maraf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwild.c0nju8maraf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstorm.c0nju8maraf.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyzmbi.neur0l5uptn.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file157.180.22.193 | Vidar botnet C2 server (confidence level: 100%) | |
file158.94.210.44 | Mirai botnet C2 server (confidence level: 80%) | |
file95.182.101.109 | Stealc botnet C2 server (confidence level: 100%) | |
file213.176.16.165 | Amatera botnet C2 server (confidence level: 100%) | |
file94.183.183.52 | Amatera botnet C2 server (confidence level: 100%) | |
file206.206.127.137 | Unknown RAT botnet C2 server (confidence level: 100%) | |
file172.111.150.202 | Remcos botnet C2 server (confidence level: 100%) | |
file23.17.234.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.69.88.61 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.233.87.70 | Mirai botnet C2 server (confidence level: 75%) | |
file142.252.220.135 | Mirai botnet C2 server (confidence level: 75%) | |
file156.234.216.187 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.97.113.42 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file67.219.102.244 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file84.200.17.174 | XWorm botnet C2 server (confidence level: 75%) | |
file198.251.84.61 | Stealc botnet C2 server (confidence level: 100%) | |
file23.226.48.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file23.248.214.10 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.145.37 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.138.159.121 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.45.250.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.78.30.76 | Sliver botnet C2 server (confidence level: 100%) | |
file34.239.178.12 | Sliver botnet C2 server (confidence level: 100%) | |
file107.172.31.102 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file62.164.177.31 | SectopRAT botnet C2 server (confidence level: 100%) | |
file62.164.177.31 | SectopRAT botnet C2 server (confidence level: 100%) | |
file102.117.170.95 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.204.74.131 | Havoc botnet C2 server (confidence level: 100%) | |
file103.245.231.83 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file107.149.142.169 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file168.245.200.34 | Meterpreter botnet C2 server (confidence level: 100%) | |
file13.238.96.31 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file37.77.107.49 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.202.233.215 | Remcos botnet C2 server (confidence level: 100%) | |
file195.85.207.132 | DCRat botnet C2 server (confidence level: 50%) | |
file116.103.90.20 | XWorm botnet C2 server (confidence level: 50%) | |
file193.27.90.80 | Unknown malware botnet C2 server (confidence level: 75%) | |
file213.209.143.34 | Mirai botnet C2 server (confidence level: 80%) | |
file144.202.27.199 | Sliver botnet C2 server (confidence level: 50%) | |
file15.204.59.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.207.208.83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.211.47 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.253.9.57 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file216.126.239.157 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.192.248.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file195.177.94.107 | Unknown malware botnet C2 server (confidence level: 75%) | |
file192.210.215.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.43.230.164 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.54.88.89 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file178.16.53.165 | Latrodectus botnet C2 server (confidence level: 100%) | |
file178.16.53.175 | Latrodectus botnet C2 server (confidence level: 100%) | |
file44.200.209.5 | Sliver botnet C2 server (confidence level: 100%) | |
file137.131.241.10 | Sliver botnet C2 server (confidence level: 100%) | |
file44.200.209.5 | Sliver botnet C2 server (confidence level: 100%) | |
file178.16.53.119 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file89.125.209.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.156.27.23 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.85.126.181 | Meterpreter botnet C2 server (confidence level: 100%) | |
file3.85.126.181 | Meterpreter botnet C2 server (confidence level: 100%) | |
file89.111.149.164 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.83.240.196 | Aisuru botnet C2 server (confidence level: 75%) | |
file45.92.218.126 | Aisuru botnet C2 server (confidence level: 75%) | |
file77.83.240.194 | Aisuru botnet C2 server (confidence level: 75%) | |
file77.83.240.193 | Aisuru botnet C2 server (confidence level: 75%) | |
file137.131.241.10 | Sliver botnet C2 server (confidence level: 75%) | |
file64.111.92.248 | Sliver botnet C2 server (confidence level: 75%) | |
file208.87.205.54 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file47.92.196.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file117.72.99.21 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file208.69.78.184 | Sliver botnet C2 server (confidence level: 90%) | |
file167.71.90.208 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.130.166.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file144.172.114.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file202.189.12.194 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file125.168.249.139 | Unknown malware botnet C2 server (confidence level: 100%) | |
file75.133.120.54 | Unknown malware botnet C2 server (confidence level: 100%) | |
file75.66.72.160 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.235.137.164 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.158.199.43 | Unknown malware botnet C2 server (confidence level: 100%) | |
file67.254.169.34 | Unknown malware botnet C2 server (confidence level: 100%) | |
file78.27.85.26 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.179.200.87 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.162.105.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file136.24.74.5 | Unknown malware botnet C2 server (confidence level: 100%) | |
file175.182.177.198 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.47.51.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file125.224.153.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file220.246.204.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file66.190.34.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file47.239.201.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file206.189.160.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file195.88.24.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file165.227.48.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file82.156.210.64 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.99.26.105 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.148.221.7 | Unknown malware botnet C2 server (confidence level: 100%) | |
file111.230.103.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file156.234.216.182 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file89.149.243.170 | Remcos botnet C2 server (confidence level: 100%) | |
file81.92.219.143 | Remcos botnet C2 server (confidence level: 100%) | |
file190.255.86.132 | Remcos botnet C2 server (confidence level: 100%) | |
file45.156.87.240 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file213.176.79.226 | SectopRAT botnet C2 server (confidence level: 100%) | |
file217.60.249.161 | SectopRAT botnet C2 server (confidence level: 100%) | |
file185.208.156.159 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.227.242.206 | Meterpreter botnet C2 server (confidence level: 100%) | |
file213.35.114.163 | Meterpreter botnet C2 server (confidence level: 100%) | |
file162.215.130.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.141.26.243 | XWorm botnet C2 server (confidence level: 100%) | |
file162.251.123.238 | XWorm botnet C2 server (confidence level: 100%) | |
file166.88.185.88 | XWorm botnet C2 server (confidence level: 100%) | |
file177.136.203.81 | XWorm botnet C2 server (confidence level: 100%) | |
file208.91.189.160 | XWorm botnet C2 server (confidence level: 100%) | |
file151.241.100.116 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file138.226.236.29 | Vidar botnet C2 server (confidence level: 100%) | |
file38.49.210.241 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
file165.22.117.74 | Aisuru botnet C2 server (confidence level: 75%) | |
file68.183.155.83 | Aisuru botnet C2 server (confidence level: 75%) | |
file161.35.152.74 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.227.65.246 | Aisuru botnet C2 server (confidence level: 75%) | |
file143.110.132.186 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.227.28.253 | Aisuru botnet C2 server (confidence level: 75%) | |
file157.245.123.120 | Aisuru botnet C2 server (confidence level: 75%) | |
file134.209.91.203 | Aisuru botnet C2 server (confidence level: 75%) | |
file178.62.204.148 | Aisuru botnet C2 server (confidence level: 75%) | |
file134.209.204.135 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.22.47.134 | Aisuru botnet C2 server (confidence level: 75%) | |
file167.172.60.110 | Aisuru botnet C2 server (confidence level: 75%) | |
file104.131.168.18 | Aisuru botnet C2 server (confidence level: 75%) | |
file147.182.216.151 | Aisuru botnet C2 server (confidence level: 75%) | |
file188.166.23.66 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.65.85.62 | Aisuru botnet C2 server (confidence level: 75%) | |
file64.227.93.213 | Aisuru botnet C2 server (confidence level: 75%) | |
file206.189.5.192 | Aisuru botnet C2 server (confidence level: 75%) | |
file142.93.254.14 | Aisuru botnet C2 server (confidence level: 75%) | |
file174.138.7.252 | Aisuru botnet C2 server (confidence level: 75%) | |
file45.141.215.133 | XenoRAT botnet C2 server (confidence level: 100%) | |
file147.185.221.31 | XWorm botnet C2 server (confidence level: 100%) | |
file185.91.127.175 | XWorm botnet C2 server (confidence level: 100%) | |
file157.245.180.129 | Aisuru botnet C2 server (confidence level: 75%) | |
file134.209.27.68 | Aisuru botnet C2 server (confidence level: 75%) | |
file167.172.205.144 | Aisuru botnet C2 server (confidence level: 75%) | |
file68.183.6.51 | Aisuru botnet C2 server (confidence level: 75%) | |
file159.65.205.44 | Aisuru botnet C2 server (confidence level: 75%) | |
file142.93.135.82 | Aisuru botnet C2 server (confidence level: 75%) | |
file206.189.198.144 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.22.136.66 | Aisuru botnet C2 server (confidence level: 75%) | |
file178.128.2.44 | Aisuru botnet C2 server (confidence level: 75%) | |
file134.209.89.14 | Aisuru botnet C2 server (confidence level: 75%) | |
file8.134.55.194 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file204.77.130.20 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file212.64.215.198 | DarkComet botnet C2 server (confidence level: 100%) | |
file62.60.135.119 | SectopRAT botnet C2 server (confidence level: 100%) | |
file199.101.111.96 | Meterpreter botnet C2 server (confidence level: 100%) | |
file52.91.221.78 | Meterpreter botnet C2 server (confidence level: 100%) | |
file52.91.221.78 | Meterpreter botnet C2 server (confidence level: 100%) | |
file100.31.160.236 | Meterpreter botnet C2 server (confidence level: 100%) | |
file98.93.225.126 | Meterpreter botnet C2 server (confidence level: 100%) | |
file144.22.251.16 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.140.146.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file208.123.119.198 | Mirai botnet C2 server (confidence level: 75%) | |
file208.123.119.236 | Mirai botnet C2 server (confidence level: 75%) | |
file216.189.145.14 | Mirai botnet C2 server (confidence level: 75%) | |
file208.123.119.235 | Mirai botnet C2 server (confidence level: 75%) | |
file68.183.176.122 | Aisuru botnet C2 server (confidence level: 75%) | |
file206.189.127.228 | Aisuru botnet C2 server (confidence level: 75%) | |
file139.59.39.130 | Aisuru botnet C2 server (confidence level: 75%) | |
file157.245.146.209 | Aisuru botnet C2 server (confidence level: 75%) | |
file143.110.188.80 | Aisuru botnet C2 server (confidence level: 75%) | |
file139.59.125.228 | Aisuru botnet C2 server (confidence level: 75%) | |
file209.97.182.186 | Aisuru botnet C2 server (confidence level: 75%) | |
file139.59.78.96 | Aisuru botnet C2 server (confidence level: 75%) | |
file188.166.181.135 | Aisuru botnet C2 server (confidence level: 75%) | |
file164.90.203.98 | Aisuru botnet C2 server (confidence level: 75%) | |
file91.92.243.254 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 50%) | |
file138.68.136.84 | Aisuru botnet C2 server (confidence level: 75%) | |
file124.220.231.155 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file2.56.165.27 | XWorm botnet C2 server (confidence level: 100%) | |
file80.211.137.34 | XWorm botnet C2 server (confidence level: 100%) | |
file165.227.234.4 | Aisuru botnet C2 server (confidence level: 75%) | |
file109.145.252.9 | QakBot botnet C2 server (confidence level: 75%) | |
file136.0.157.158 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file184.174.32.240 | Unknown malware botnet C2 server (confidence level: 75%) | |
file31.220.89.71 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file64.227.55.187 | Aisuru botnet C2 server (confidence level: 75%) | |
file206.189.66.166 | Aisuru botnet C2 server (confidence level: 75%) | |
file147.182.138.189 | Aisuru botnet C2 server (confidence level: 75%) | |
file192.241.141.249 | Aisuru botnet C2 server (confidence level: 75%) | |
file143.110.168.110 | Aisuru botnet C2 server (confidence level: 75%) | |
file165.22.156.232 | Aisuru botnet C2 server (confidence level: 75%) | |
file167.99.207.16 | Aisuru botnet C2 server (confidence level: 75%) | |
file157.230.131.89 | Aisuru botnet C2 server (confidence level: 75%) | |
file167.172.56.254 | Aisuru botnet C2 server (confidence level: 75%) | |
file195.177.94.233 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.145.45 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.145.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.252.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.101.173 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.145.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.91.141.52 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.216.171 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.252.86 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file39.104.81.39 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.92.196.59 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file43.255.30.4 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file38.246.245.82 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file31.97.76.25 | Remcos botnet C2 server (confidence level: 100%) | |
file186.169.56.216 | Remcos botnet C2 server (confidence level: 100%) | |
file158.94.210.63 | Remcos botnet C2 server (confidence level: 100%) | |
file83.136.254.247 | Sliver botnet C2 server (confidence level: 100%) | |
file1.52.28.182 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file89.58.41.159 | MimiKatz botnet C2 server (confidence level: 100%) | |
file89.58.41.159 | MimiKatz botnet C2 server (confidence level: 100%) | |
file199.101.111.205 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.238.116.93 | Meterpreter botnet C2 server (confidence level: 100%) | |
file199.101.111.188 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.82.226.86 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.82.226.86 | Meterpreter botnet C2 server (confidence level: 100%) | |
file54.82.226.86 | Meterpreter botnet C2 server (confidence level: 100%) | |
file72.62.60.228 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file162.215.130.152 | Unknown malware botnet C2 server (confidence level: 100%) | |
file80.211.137.34 | XWorm botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash1312 | Mirai botnet C2 server (confidence level: 80%) | |
hash22804099ed114502613561e19c39b08d85532366de6aa7dc7b648da51d4a7515 | Quasar RAT payload (confidence level: 100%) | |
hashca49f69a007de870c0ae4c9cabaa4707ad73c9735d643c7bfcdc2a4cf2ba9765 | Quasar RAT payload (confidence level: 100%) | |
hashde5fcb3128ab96a7c5e45d93ed01498102aacde90552b9bffc581fa94d5c8e6a | Coinminer payload (confidence level: 100%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash443 | Amatera botnet C2 server (confidence level: 100%) | |
hash443 | Amatera botnet C2 server (confidence level: 100%) | |
hash8041 | Unknown RAT botnet C2 server (confidence level: 100%) | |
hash3872 | Remcos botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash43131 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash53 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash6000 | XWorm botnet C2 server (confidence level: 75%) | |
hash80 | Stealc botnet C2 server (confidence level: 100%) | |
hash43131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash43131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash43131 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash88 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4444 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash88 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash1337 | DCRat botnet C2 server (confidence level: 50%) | |
hash4411 | XWorm botnet C2 server (confidence level: 50%) | |
hash5010 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash59666 | Mirai botnet C2 server (confidence level: 80%) | |
hash31337 | Sliver botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash56238 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash443 | Latrodectus botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8080 | Sliver botnet C2 server (confidence level: 100%) | |
hash4444 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash1913 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1963 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8443 | Sliver botnet C2 server (confidence level: 75%) | |
hash8888 | Sliver botnet C2 server (confidence level: 75%) | |
hash81 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9999 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5566 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash60000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8033 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash10813 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8085 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Remcos botnet C2 server (confidence level: 100%) | |
hash60000 | Remcos botnet C2 server (confidence level: 100%) | |
hash5060 | Remcos botnet C2 server (confidence level: 100%) | |
hash777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash5555 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash33070 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8888 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash5353 | XWorm botnet C2 server (confidence level: 100%) | |
hash8000 | XWorm botnet C2 server (confidence level: 100%) | |
hash7050 | XWorm botnet C2 server (confidence level: 100%) | |
hash6922 | XWorm botnet C2 server (confidence level: 100%) | |
hash2700 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash22100 | PureLogs Stealer botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash4444 | XenoRAT botnet C2 server (confidence level: 100%) | |
hash63171 | XWorm botnet C2 server (confidence level: 100%) | |
hash1330 | XWorm botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4444 | DarkComet botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash21 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash771 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash53695 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash20547 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8443 | Mirai botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash80 | Loki Password Stealer (PWS) botnet C2 server (confidence level: 50%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash9111 | XWorm botnet C2 server (confidence level: 100%) | |
hash3413 | XWorm botnet C2 server (confidence level: 100%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash2222 | QakBot botnet C2 server (confidence level: 75%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash8001 | Aisuru botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash31303 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8712 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash30303 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash9090 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash443 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1317 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash2380 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8880 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash443 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4230 | XWorm botnet C2 server (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://lingering-my-verify-clouds-1.pages.dev/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://microservice-update-s1-bucket.cc/hollypriest.docx | Amatera payload delivery URL (confidence level: 100%) | |
urlhttps://api-w11c.onrender.com/api/send | Unknown Stealer botnet C2 (confidence level: 50%) | |
urlhttp://47.243.211.91:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://154.61.77.105:8082/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://damysa10.top/download.php?file=lv.exe | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://sarefy07.top/download.php?file=lv.exe | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://sarjeb09.top/download.php?file=lv.exe | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://knumfl68.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://knuywu58.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://lysuht78.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://morisc07.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://morjeo05.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://morwye06.top/index.php | CryptBot botnet C2 (confidence level: 50%) | |
urlhttp://telegatt.top/oh12manymarty | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegin.top/oh12manymarty | Raccoon botnet C2 (confidence level: 50%) | |
urlhttp://telegka.top/oh12manymarty | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/borderxra | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/jredmankun | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/masseffectus2 | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/oh12manymarty | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://t.me/takecareandkeepitup | Raccoon botnet C2 (confidence level: 50%) | |
urlhttps://raw.githubusercontent.com/locsucc/cac/refs/heads/master/c | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://bamboopaw2021.sbs/b5a52ebb310b65f06dd10cfe69f72363/ | Unknown Stealer botnet C2 (confidence level: 100%) | |
urlhttps://roku.jnishop.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://rummagewi.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sageproductions.tv/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://schluesselringe.de/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://red-eyesecurity.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://rummagewi.drcs-solutions.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://qka.poy.temporary.site/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://roumanie.sandierrot.fr/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://portaldesigngrafico.com.br.agenciadelivearte.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://psicologowil.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://quabala-quabala.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://shop.net-gazet.ru/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://singlevendor.ninetysix.in/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://sebastiancafe.kbral.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://teresina.oligoflora.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://syuchan.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://tanakazu1977.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://supvitalfree.verslo.io/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://stazio54.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://staging.trytebox.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://suzuya-basketball-dog-house.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://stavby.sk/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://vendamaiscomthiago.ads360imob.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webmail.mega77b.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webmail.giracoin.io/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://urbiagua.pt/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://teenpattijawaan.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://tes-totaleng.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://study.bisabarengoby.id/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://vegasvalleycommercial.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://wordt-ontwikkeldbe.site.tb-hosting.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://vitaricca-1.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://yellowbird.siulyn.fr/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://webdisk.kasatnews.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://whm.tamiltotamil.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://whm.umeedshiksharath.org/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://ysetechnologies.com.appniacs.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://watabaran.se/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://tlcmaui.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://quamecheng.co.zm/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://123.56.48.58:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://wooddecor.com.br.kbral.com.br/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://evanderupdate.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://code.hybclient.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://178.17.59.88/api/ntesn2qsn2usntgsnwisnjasnjisnjcsyyw3osw= | SmartLoader botnet C2 (confidence level: 75%) | |
urlhttps://138.226.236.29/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://zoomteammeeting.im/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://teaminvitemeeting.im/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://2z1alloom2.click/zoom/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://zoommeetingsetup.vip/webzu0sju/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://chandhandicrafts.com/microsoftteam/teamsfinal/teams/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://institutoalfrednobel.edu.mx/meet/567/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://ucd.ru.com/msteamss/teams/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://blvas.online/zoooom/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://prominencecleaners.com/excell/windows/invite.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://com-a2gamepromotwo-eg--112a2-com---ad.pages.dev/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://mart.delipack.shop/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.cuocsong.store/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://poidx.777md.xyz/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.2049uu.top/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.totti911-aakk04.store/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.976uu9.top/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://googleplaycr.pages.dev/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://play-app.huami123.online/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.luxelockssalon.shop/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.b44brha.top/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.101uu6.top/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://18plus.tiktok.market.google.pinklotusfoundation.online/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://91.92.243.254/kelly/five/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttp://77.105.161.133 | Stealc botnet C2 (confidence level: 100%) | |
urlhttp://towerbingobongoboom.com:8080/updater?for=81d1b730207b50bc16231686b723b33f | Unknown malware botnet C2 (confidence level: 100%) |
Threat ID: 693cad76b3e344112f4b8ac0
Added to database: 12/13/2025, 12:04:06 AM
Last enriched: 12/13/2025, 12:04:19 AM
Last updated: 12/14/2025, 6:57:01 PM
Views: 26
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-12-13
MediumMalwareSun Dec 14 2025
BRICKSTORM Backdoor - MAR-251165.c1.v1
MediumUnknownSat Dec 13 2025
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
MediumMalwareSat Dec 13 2025
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
MediumMalwareFri Dec 12 2025
New PyStoreRAT Malware Targets OSINT Researchers Through GitHub Repos
MediumMalwareFri Dec 12 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.