Infrastructure of Interest: Medium Confidence Command And Control

Aug. 8, 2025, 7:46 a.m.

Description

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with command and control (C2) infrastructure, facilitating malware communication, data exfiltration, and persistent threat actor operations. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations.

External References

https://otx.alienvault.com/pulse/689455e11e25236fe810364b
Tags
2025-08-07

Date

  • Created: Aug. 7, 2025, 7:29 a.m.
  • Published: Aug. 7, 2025, 7:29 a.m.
  • Modified: Aug. 8, 2025, 7:46 a.m.

Indicators

  • www.rhadamanthys.de
  • www.vividsense.org
  • www.fastcloud17.sbs
  • www.farorsps.com
  • www.ex9.cc
  • www.diskrifinder.de
  • www.crm.tifim.com.br
  • www.bunkeranlagen.de
  • www.xcb.one
  • www.kkguu.com
  • www.hetrxio.online
  • www.dfhuw.cn
  • www.bg.parts
  • ysqwsa7a5bd9474c.top
  • your-bigprofit.top
  • xrrxbb3601042986.top
  • wsmtv.xyz
  • webcoderscdn.eu
  • websitedown.xyz
  • worlopollox.top
  • uuqwac911437455c.top
  • vipxgo.xyz
  • vindalexw.xyz
  • tplmv9fc788ed799.top
  • top5.work
  • topkee.top
  • tapcoins.xyz
  • streammain.top
  • sterndrive.cc
  • simplifi.work
  • sigmacontrol.eu
  • showrunner.xyz
  • scouts.nz
  • schallers.xyz
  • readyevents.eu
  • re-captha-version-3-25.top
  • re-captha-version-3-275.buzz
  • quintinquartermaster.work
  • qusoc.click
  • quix.work
  • qualityservice.top
  • qaxno1.ml
  • pxoit5a1da562f02.top
  • pxoit5a1da562f02.net
  • przedszkolestrzelce.eu
  • preview-web.xyz
  • pohutukawagallery.nz
  • picoapps.xyz
  • pctel.biz
  • os1515.work
  • nxouz9de87780a5d.top
  • ncquickpassmx.top
  • newso2.xyz
  • mxdm.xyz
  • msqiv3ad02794605.top
  • misspompadour.xyz
  • manga18.xyz
  • m3ulist.xyz
  • luckyblock.top
  • ljdki897cc184833.top
  • ljsex7a7a878dfc4.top
  • lennyngetich.xyz
  • leads.work
  • kclfve16378fbe09.top
  • krfastbox704.top
  • int3ew.xyz
  • irpass.cc
  • jabus.xyz
  • imbeaf798f024fd9.top
  • icjai7080f7b5238.top
  • i2pd.xyz
  • getmusic.cc
  • hbkjc1b8fdc04e64.top
  • givemeredditstream.cc
  • ftcia06bb2600555.top
  • gagtac2d844c0eec.top
  • freshpanels.xyz
  • fradlb0bcaf8040c.top
  • fhapp.xyz
  • fbawk8099b9f4e3b.top
  • fastht.ml
  • fbcqrbaa07bc0fee.top
  • fastlink.xyz
  • f4fcdn.eu
  • coloring.top
  • ellearcher.nz
  • ddfet0eeb5a6b934.top
  • duniyakibaru.ml
  • cooawbi.top
  • consciencewer.xyz
  • commonsupport.xyz
  • captchawizard.top
  • capturethebug.xyz
  • 476666.xyz
  • 52iiansi.xyz
  • bestcache.top
  • booksc.xyz
  • 100peaks.nz
  • 909-services.xyz
  • 187187.xyz
  • 30duzhes.top
  • 94-130-203-181.top
  • 94-130-167-220.top
  • asportsplus.xyz
  • asstr.xyz
  • 5bqyp.top
  • arslanrocky.xyz
  • apartbin.top
  • 158-69-126-44.xyz
  • 4funbox.xyz
  • 94-130-130-242.top
  • 142-132-200-46.top
  • birdseeds.xyz
  • 144-76-107-211.top
  • 148-251-75-109.top
  • blackfriday.cam
  • bhom.xyz
  • 2303.xyz
  • 138-201-193-61.top
  • 2bot.top
  • zhaofenghotel.net
  • youdaopllvow.icu
  • x-xx-x.ydns.eu
  • wormoni.lms-austria.com
  • wss.as.vip
  • wsip-98-184-14-107.mc.at.cox.net
  • ws.kelimator.app
  • win2325.webredirect.org
  • web.moodculture.com
  • web.signingflow.com
  • web-center.org
  • wealthytradesbanks.duckdns.org
  • ward-16-b2-v4wan-166537-cust928.vm18.cable.virginm.net
  • wealthyblessed.minhaempresa.tv
  • wap.linuxdownloadrpm.com
  • vwpjzo4zy.localto.net
  • vps.tuxy.lol
  • vps.nextfilms.net
  • vmi2687021.contaboserver.net
  • vmi2322439.contaboserver.net
  • vmi1505556.contaboserver.net
  • vibrant-wozniak.176-123-1-62.plesk.page
  • vigorous-napier.45-80-158-242.plesk.page
  • vibrant-almeida.196-251-70-227.plesk.page
  • v2202504174830327536.megasrv.de
  • vbjhb.linkpc.net
  • uvzbhscuy.lat
  • uut.de
  • update.read-books.org
  • update.exitprojectmanagement.com
  • unsung.cc
  • ukrpossea.top
  • ty.softlinko.com
  • tryfancify.com
  • tristan-aldebert.com
  • traefik.skytechmotorsport.co.uk
  • transitx.in
  • track.postal.timiki.org
  • tong123.top
  • telo2158.duckdns.org
  • tefalhizla.it.com
  • td.ldxwpedf.cn
  • syss.offsys.nl
  • suezax50.ddns.net
  • subastasgalileo.es
  • state.archarabia.com
  • spidra.diverto.hr
  • sophiahouston.com
  • ssn24.ink
  • sooassa.sells-it.net
  • sk.vgpt.eu
  • shuzigfxz.com
  • shogun-dark.duckdns.org
  • sharefiles.webredirect.org
  • shareaz.allianz-courtage.co
  • seller.telegram-market.ru
  • sdpms.com
  • sctr1.localtonet.com
  • sazwebapiprod.allianz-courtage.co
  • saratrufefufel.com
  • s.p6.fit
  • rsmtp-004.fmcity.com
  • rsmtp-003.fmcity.com
  • rootsel.com
  • romofashion.com
  • riderbit.com
  • reverent-jepsen.213-209-143-43.plesk.page
  • resoglobalx.com
  • qwerty1223.ddns.net
  • qaazjz06a73rdkempzdjw7cce8e.useushippinginc.com
  • px.drwps.com
  • private.cechire.com
  • prakashjadhav74738.ddns.net
  • postcardnews.com
  • pqtejl5dd.localto.net
  • porten.top
  • pingservice.is-a-teacher.com
  • pokupi.com
  • parfenov.rtu-tc.ru
  • pepinaza.duckdns.org
  • panel2.ssagnryvento.com
  • ovancorpdev.123websitedev.com
  • outlook.secureboxdoc.org
  • oqjdvcieh.linkpc.net
  • office.verifiedaccesssecure.icu
  • nyreon.net
  • ns3.powwwerworkgroup.com
  • ns3.cafei.com
  • ns2.uptimesinstitute.com
  • ns2.pl-profil.com
  • ns2.novatronica.com
  • ns2.metorlogs.com
  • ns2.agorab2b.com
  • ns1.localtonet.com
  • ns1.downunderbidets.com
  • ns1.ddnss.de
  • ns1.boulevards.com
  • nott-21-b2-v4wan-161959-cust144.vm15.cable.virginm.net
  • noon1.nqbaccessible.de.com
  • nominanuevo.duckdns.org
  • nid.linkdeposits.o-r.kr
  • ngumbitertiary0012.duckdns.org
  • ngaddis2.publish.ngaddis2.antares-test.windows-int.net
  • nexsa111.sells-it.net
  • next2.xftth.com
  • netflix-abonnement.help
  • nbr.elbracht.net
  • myebooker.eu5.org
  • mx2.psbcltd.cn
  • movies.floatymonkys.org
  • mis47.de
  • migs.localto.net
  • mis36.de
  • miner888.cfd
  • microsoft84.casacam.net
  • metavm.mysynology.net
  • mayankservers.eu.org
  • manoooo101.ddns.net
  • mail.vestcast.co
  • mail.useushippinginc.com
  • mail.uptimesinstitute.com
  • mail.orcashipping.ro
  • mail.mailware.org
  • mail.h123.xyz
  • mail.dgteoes-sede.cfd
  • magellan.krdumvd.ru
  • ma5d2jf.localto.net
  • m26943.contaboserver.net
  • m179.creativeworldsmedia.com
  • m.geyian.com
  • khalil3131.ddns.net
  • lkitp0fjosazdfcir8zvmgdr7d.ohyeahh.cc
  • lk7799.duckdns.org
  • lishiming07.top
  • laohupojie.com
  • landownerdozenguard.com
  • lamaite17.warkloom31.coastview-luxury.com
  • kvservervpn.duckdns.org
  • kr100m012v1.imadministrator.com
  • knoeyyrt.com
  • kltapp1.petusound.com
  • keyauth.ddns.net
  • kalel1234.ddnsgeek.com
  • jsodi.pallldnx.jjkksjdncm.club
  • jsjfhdj.bzjckvk.mnxbcbxbx.club
  • job3.yjctllgcq.cn
  • invoice.myonlinedoc.kro.kr
  • intelligent-galois.45-138-16-131.plesk.page
  • immersiverealms.us
  • images.seansolovev.ru
  • i0834.cn
  • hopeful-aryabhata.194-105-5-249.plesk.page
  • homecookupmagic.site
  • hj8917.top
  • hj7796.top
  • helpmicrosoft.ddnsfree.com
  • hcpanel.hackcrack.io
  • gtahub.club
  • graf-pre-prod.shestakovyachtsales.com
  • googeapicdn.online
  • goldenclear.top
  • glgkorea.com
  • git.antharris.top
  • g633.com
  • g.iambatman.top
  • furbodo.xyz
  • fttuvgt.ddnsfree.com
  • frosted-family.xyz
  • fp6fd98d46.ap.nuro.jp
  • forum.azmatel.org
  • francaisabarcelone.com
  • fishwoapi.chat.xsnight.cn
  • file1-h1.filedo.net
  • fikom.esaunggul.ac.id.stbvip.vipop.biz.id
  • fdaasdfklnsahaszzzxfseraa.pro
  • fa.alokn.cn
  • evarosa.vn
  • evoquantumwave.xyz
  • euland.freevar.com
  • emv1.zrc-rubber.com
  • esteesnuevo2025.duckdns.org
  • emv1.vestcast.co
  • emv1.uptimesinstitute.com
  • emv1.novatronica.com
  • emv1.nglocalhost.com
  • emv1.dfhuw.cn
  • eloquent-kalam.198-251-84-224.plesk.page
  • elastic-ptolemy.137-184-46-150.plesk.page
  • edifice.direct.quickconnect.to
  • edge-chat.allianz-courtage.co
  • ecosistema.ivaras.cl
  • ec2-3-122-235-189.eu-central-1.compute.amazonaws.com
  • ec2-157-175-176-40.me-south-1.compute.amazonaws.com
  • ec2-54-233-24-103.sa-east-1.compute.amazonaws.com
  • e-commerce666.com
  • ec2-15-157-72-7.ca-central-1.compute.amazonaws.com
  • e-commerce555.com
  • dwqmwrfqlf.click
  • dragones2.dynuddns.com
  • doshstreamingar.bazaito.com
  • download.vasgard.rocks
  • dollarman101.hopto.org
  • docaccesshub.top
  • dl.gewangcn.cn
  • dia6969.duckdns.org
  • dgtsees-sede.cfd
  • dev.adenz.top
  • demo.etlworks.com
  • deguo1.silkhers.com
  • deepseadon.dad
  • darko-met.duckdns.org
  • d.0vs.org
  • cwma-10-b2-v4wan-167603-cust250.vm2.cable.virginm.net
  • cuzwedid.xyz
  • cs.h123.xyz
  • crazy-colden.212-224-86-146.plesk.page
  • coxverification.con-ip.com
  • connectionsunlimited.tempurl.host
  • confy9.mywire.org
  • confident-shockley.176-123-1-62.plesk.page
  • condescending-engelbart.176-123-1-62.plesk.page
  • cmprecisiontech.tempurl.host
  • cloud.antharris.top
  • client.cryptoveche.xyz
  • cipqa.com
  • chevtchenko.com
  • chernuha.vps.webdock.cloud
  • cheng-hong.asia
  • cdn.tqb.app
  • cdl-lb-1356093980.us-east-1.elb.amazonaws.com
  • cctvfilsham.bht.org.uk
  • cbevil.merseine.com
  • catevil.com
  • caisleans.com
  • bunkeranlagen.de
  • braendli.vpbx.iway.ch
  • br.securetunnels.net
  • boty.theworkpc.com
  • bpzxjty7k.localto.net
  • botnetszx.duckdns.org
  • bnaalkher.etpcon.net
  • bmwrus.com
  • blogdosartistas.org
  • bkp.payoopoint.net
  • bine.newpowergroup.com
  • bilheteriaonline.org
  • beta.payoopoint.net
  • bebelokomozoomix.xyz
  • bc0c40.ddnsking.com
  • beautiful-shaw.45-144-214-106.plesk.page
  • bakrie.ac.id.stbvip.vipop.biz.id
  • autoconfig.steel-opora.ru
  • b3kylyu7z.localto.net
  • backup001.webredirect.org
  • autodiscover.proteinrg.com
  • autodiscover.caef11.top
  • autodiscover.oboron-komplekt.ru
  • auth.byluoyulin.com
  • austin.xozv.top
  • app.yizu.tv
  • aka.alokn.cn
  • 1b2ef735fd691beeb6b5bda93f5fc142.org
  • 1.www.richinimpianti.cloud
  • 103-172-26-247.cprapid.com
  • 164-92-127-11.cprapid.com
  • 167-172-79-24.cprapid.com
  • a.zyzh.space
  • 196-251-88-248.cprapid.com
  • 3osch20.duckdns.org
  • adoring-clarke.92-205-165-168.plesk.page
  • 208-85-19-80.cprapid.com
  • 8wsy.com
  • 7yamy.com
  • 8320.cn
  • 123wa.com
  • xtudy.xyz
  • propertyinstitute.nz
  • zilcore.giize.com
  • xvic8.publicvm.com
  • x.ojbk.zip
  • wqo9.firewall-gateway.de
  • windows10-11.ddnsfree.com
  • wa64-029.cafe24.com
  • v2202502253868315544.hotsrv.de
  • uqvn1ek6t.localto.net
  • ttttppplllbk.duckdns.org
  • travel.bumbleshrimp.com
  • sybyqpj.com
  • surcultural.info
  • shadow.steelpanman.com
  • scbr2.localtonet.com
  • salan1.webredirect.org
  • reverent-northcutt.149-102-147-106.plesk.page
  • rar.ydns.eu
  • putaoshu.top
  • netframework.ydns.eu
  • mywinsupdate64.com
  • market-lumma.ru
  • m.66qo.cn
  • longlife.theworkpc.com
  • lishiming02.top
  • hj6686.top
  • gkfcr.fun
  • git.adventurelife-rp.de
  • gasworld.duckdns.org
  • frankohacker.strangled.net
  • etcs.ydzh.ltd
  • data01.asadal.com
  • dapaoj.xyz
  • dailycookupmagic.site
  • d-y21.com
  • corina2contractebk.duckdns.org
  • cloedjw.duckdns.org
  • brutico2025aprende.kozow.com
  • ambassador-boost.ru
  • annadirovichblogs.com
  • allianz-courtage.co
  • bcgdd.cfd
  • bolotadoida.duckdns.org
  • kyleeandco.nz
  • sys.offsys.nl
  • hcm-foxconn.com
  • youdaopllvot.icu
  • newlegendrpg.com
  • france.bloodvpns.online
  • gaoqiqiang.xyz
  • usulbuyukisyan.xyz
  • echojoy.xyz
Download all indicators here!

Attack Patterns

Additional Informations

  • rpc-p1.bajun.network
  • books.xn--7ov.co
  • test-pages.digital