Reconnecting to live updates…

ThreatFox IOCs for 2025-10-07

Severity: mediumType: malware

AI Analysis

Technical Summary

The ThreatFox IOCs for 2025-10-07 consist of a set of open-source intelligence indicators related to malware activities, specifically focusing on payload delivery and network activity. These indicators are disseminated through the ThreatFox MISP feed, a platform designed for sharing threat intelligence data. The dataset does not specify particular affected software versions or products, indicating that it is a broad intelligence collection rather than a targeted vulnerability report. No known exploits are reported in the wild, and no patches are available, suggesting that the information is primarily for detection and monitoring purposes. The threat level is rated medium, reflecting moderate concern based on the nature of the indicators and their potential use in identifying malicious activity. The technical details include a threat level of 2 and a distribution rating of 3, which implies a moderate spread or relevance of these indicators. The absence of specific CWEs or detailed attack vectors limits the ability to assess direct exploitation risks. Overall, this intelligence serves as a valuable resource for cybersecurity teams to enhance situational awareness and improve detection of potential malware-related activities within their networks.

Potential Impact

For European organizations, the impact of these ThreatFox IOCs lies mainly in their utility for early detection and threat hunting rather than direct compromise. Since no active exploits or vulnerabilities are reported, the immediate risk of system compromise is low. However, failure to incorporate these indicators into security monitoring could result in missed detection opportunities for malware payload delivery or suspicious network activity. This could indirectly lead to delayed response to emerging threats, increasing the risk of data breaches or operational disruption. Organizations with critical infrastructure or high-value data may face increased risk if adversaries leverage similar indicators for reconnaissance or initial access. The medium severity reflects the potential for these indicators to aid in identifying threats before they escalate, emphasizing the importance of proactive threat intelligence integration.

Mitigation Recommendations

European organizations should integrate the provided ThreatFox IOCs into their Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating these indicators with internal logs can improve early warning and incident response. Conducting threat hunting exercises focused on payload delivery mechanisms and anomalous network activity patterns related to these IOCs is recommended. Organizations should also ensure robust network segmentation and monitoring of outbound traffic to detect potential data exfiltration attempts. Training security analysts to interpret OSINT-based indicators and incorporate them into operational workflows will improve overall resilience. Since no patches are available, emphasis should be on detection, monitoring, and rapid response rather than remediation of a specific vulnerability.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

url: http://144.31.221.127:5555/code777
file: 157.250.195.74
hash: 80
url: http://31.14.40.12
url: http://31.14.41.25
url: http://190.2.146.4
url: http://185.165.240.207
url: http://89.39.149.230
url: http://185.180.221.98
url: http://89.39.149.228
url: http://185.180.223.142
url: http://185.100.235.88
url: http://31.14.40.45
url: http://190.2.144.165
url: http://89.39.149.227
url: http://190.2.148.205
url: http://185.165.241.205
url: http://190.2.143.28
url: http://31.14.41.26
url: http://185.165.240.213
url: http://185.100.235.22
url: http://89.39.149.231
url: http://185.180.221.123
url: http://190.2.146.97
url: http://190.2.144.87
url: http://190.2.148.93
url: http://honibest.in
domain: desk.miamionly.com
file: 212.95.55.121
hash: 888
file: 108.174.56.177
hash: 2404
file: 47.236.166.45
hash: 8888
file: 45.141.215.108
hash: 4444
file: 64.227.126.87
hash: 7443
file: 16.62.83.162
hash: 16992
file: 40.172.67.160
hash: 443
file: 47.79.95.100
hash: 3333
file: 161.35.155.3
hash: 443
domain: cm.qoruva.ru
domain: if.xzb6i.ru
domain: t1.x-7daf.ru
file: 114.132.248.120
hash: 443
file: 143.92.43.153
hash: 8011
file: 143.92.43.231
hash: 8011
file: 35.89.197.190
hash: 443
file: 91.92.202.203
hash: 443
file: 125.45.96.149
hash: 5873
domain: sushinoking.ddnsking.com
domain: mythic.r.stf.printf.store
file: 185.95.156.22
hash: 8089
file: 27.78.41.100
hash: 5000
file: 38.60.218.60
hash: 443
file: 45.91.169.166
hash: 1234
file: 139.59.84.190
hash: 60002
file: 185.95.13.7
hash: 8443
file: 202.10.44.235
hash: 3333
file: 20.124.90.36
hash: 3333
file: 213.165.60.128
hash: 80
file: 161.97.165.41
hash: 443
file: 161.97.165.41
hash: 3333
file: 116.169.116.66
hash: 9205
file: 84.200.87.68
hash: 9000
file: 216.9.227.203
hash: 80
file: 185.241.206.54
hash: 80
file: 196.75.100.62
hash: 2222
file: 37.114.46.78
hash: 5000
domain: k.m4d8q9.ru
domain: hm.x-7daf.ru
domain: z2.m4d8q9.ru
domain: pt.m4d8q9.ru
domain: d.n-4cas.ru
domain: x.m4d8q9.ru
domain: q9.m4d8q9.ru
domain: w4.n-4cas.ru
domain: h.m4d8q9.ru
domain: pz8.n-4cas.ru
domain: glassgovernment.info
domain: boundarycaption.info
domain: tablesuggestion.info
domain: w1n.m4d8q9.ru
domain: h1.n-4cas.ru
domain: four-radiation.gl.at.ply.gg
file: 167.88.164.171
hash: 3310
domain: fourt2949aslumes9.duckdns.org
file: 94.156.67.247
hash: 2401
file: 141.11.136.47
hash: 4782
domain: s.p3t9b3.ru
domain: aa.n-4cas.ru
domain: m8.p3t9b3.ru
domain: l.j-9fuw.ru
domain: vk.p3t9b3.ru
domain: c5.j-9fuw.ru
domain: x.p3t9b3.ru
domain: is.frl0i.ru
domain: xq0.j-9fuw.ru
domain: r7.p3t9b3.ru
domain: aa9.j-9fuw.ru
domain: b.p3t9b3.ru
domain: m2.j-9fuw.ru
domain: q1n.p3t9b3.ru
file: 196.251.86.247
hash: 2404
file: 45.133.180.162
hash: 2404
file: 192.227.144.42
hash: 2404
file: 46.246.4.19
hash: 7049
file: 196.251.85.251
hash: 9443
file: 185.132.176.4
hash: 443
file: 196.251.117.199
hash: 6009
file: 47.83.194.220
hash: 20140
file: 168.245.201.253
hash: 3790
domain: a.x7f4g2.ru
domain: g.q-5ket.ru
url: http://pdfs.ba5eq.ru/effc16a562b273f0bb5c3e1e41a06a77
domain: pdfs.ba5eq.ru
domain: n3.x7f4g2.ru
domain: v2.q-5ket.ru
domain: zc.x7f4g2.ru
domain: aa9.q-5ket.ru
file: 156.234.37.240
hash: 2480
file: 156.234.37.246
hash: 2480
file: 156.234.22.240
hash: 2480
file: 156.234.239.241
hash: 2480
file: 156.234.249.236
hash: 2480
file: 114.96.89.69
hash: 11111
file: 20.51.193.170
hash: 443
file: 47.121.25.102
hash: 50050
file: 118.122.8.155
hash: 11701
file: 151.241.100.66
hash: 12521
file: 52.90.107.9
hash: 3156
file: 15.236.146.191
hash: 502
file: 18.144.62.107
hash: 45666
file: 54.67.84.26
hash: 5999
file: 54.215.212.198
hash: 10554
file: 91.92.241.143
hash: 443
file: 91.108.246.239
hash: 31337
file: 107.173.135.109
hash: 31337
file: 95.158.10.249
hash: 31337
file: 222.112.24.168
hash: 31337
file: 91.99.167.172
hash: 31337
file: 108.28.87.140
hash: 31337
domain: tpi.api-microsoftcom.com
file: 185.68.11.29
hash: 443
file: 35.219.6.104
hash: 3333
file: 165.227.26.215
hash: 7443
file: 203.209.173.163
hash: 1962
file: 54.210.171.92
hash: 80
file: 84.131.63.167
hash: 80
file: 23.94.199.115
hash: 443
file: 23.94.199.115
hash: 80
url: http://77.90.153.241/2810e254f679458d.php
url: http://176.46.152.21/72024bc494bfc6ba.php
domain: securityhealthservice.ydns.eu
file: 125.65.180.188
hash: 8848
file: 182.133.22.168
hash: 8848
domain: path.p7s9.com
domain: accessdennied.uk
domain: void.proxywall.p-e.kr
domain: www.flywing.online
domain: www.wingofffly.store
file: 107.175.88.106
hash: 1991
file: 45.133.174.146
hash: 31423
file: 5.181.157.176
hash: 44444
file: 5.181.157.176
hash: 487
file: 5.181.157.176
hash: 4899
file: 84.38.132.39
hash: 7535
domain: t1.x7f4g2.ru
domain: x.x7f4g2.ru
domain: k7.q-5ket.ru
domain: h7m.x7f4g2.ru
domain: p9.x7f4g2.ru
domain: r3.q-5ket.ru
file: 154.36.158.94
hash: 801
file: 34.203.197.60
hash: 443
domain: g.w9v5r4.ru
domain: q4.w9v5r4.ru
file: 139.180.180.240
hash: 4785
domain: bd.w9v5r4.ru
domain: r.n-4daw.ru
domain: z1.w9v5r4.ru
domain: tq.w9v5r4.ru
domain: u5.n-4daw.ru
domain: h9.w9v5r4.ru
domain: x8n.w9v5r4.ru
domain: qk2.n-4daw.ru
domain: s.v9r3g1.ru
domain: me.frl0i.ru
domain: refrech.duckdns.org
file: 45.88.9.209
hash: 5063
domain: taxlogs.linkpc.net
domain: premiemclient-4570.work.gd
file: 65.188.66.196
hash: 6000
file: 23.249.28.155
hash: 8080
file: 181.235.5.153
hash: 5060
domain: scooptownscarwash.com
file: 107.172.132.44
hash: 14644
file: 173.214.167.206
hash: 1040
domain: dckis9.duckdns.org
file: 197.246.186.7
hash: 8888
file: 198.23.227.175
hash: 5505
file: 198.23.227.175
hash: 6262
file: 93.232.103.222
hash: 81
url: http://185.177.239.247
domain: times-initially.gl.at.ply.gg
file: 26.190.196.227
hash: 5552
domain: offer-relationships.gl.at.ply.gg
domain: h3.v9r3g1.ru
domain: e1.n-4daw.ru
domain: my.frl0i.ru
url: https://amgi1.com/6h8n.js
domain: amgi1.com
url: https://amgi1.com/js.php
domain: pl.v9r3g1.ru
domain: x.v9r3g1.ru
domain: no.frl0i.ru
domain: x.n-7sol.ru
domain: netsupportsoftware.org
file: 91.92.242.139
hash: 443
domain: m2.v9r3g1.ru
domain: b2.n-7sol.ru
domain: qb.v9r3g1.ru
file: 185.241.208.248
hash: 7000
file: 198.46.178.137
hash: 8103
domain: z9m.v9r3g1.ru
domain: tq1.n-7sol.ru
domain: e.b5k6f4.ru
domain: app.orlandodiscounts.com
domain: n3.b5k6f4.ru
domain: n0.n-4daw.ru
domain: zt.b5k6f4.ru
domain: m7.n-7sol.ru
file: 41.141.16.187
hash: 85
domain: a1.b5k6f4.ru
domain: pv.b5k6f4.ru
domain: k9.n-7sol.ru
domain: h7.b5k6f4.ru
url: https://cfb8.ba5eq.ru/effc16a562b273f0bb5c3e1e41a06a77
domain: cfb8.ba5eq.ru
file: 196.251.88.83
hash: 5103
domain: xq9.b5k6f4.ru
domain: n.z-0xug.ru
domain: g.s4m7v4.ru
hash: 838ef0c67d52e6b2eb22b4d80f9b960e1a7a05f78b138ce725088017c0b5832e
domain: q7.s4m7v4.ru
domain: c7.z-0xug.ru
domain: on.vzj1o.ru
domain: wq9.z-0xug.ru
domain: bd.s4m7v4.ru
domain: z1.s4m7v4.ru
domain: r2.z-0xug.ru
domain: tq.s4m7v4.ru
domain: h9m.s4m7v4.ru
domain: zd.z-0xug.ru
file: 107.174.142.123
hash: 3344
file: 62.164.177.48
hash: 443
file: 144.172.116.242
hash: 80
file: 103.86.44.170
hash: 80
file: 202.78.167.14
hash: 58162
file: 45.88.186.244
hash: 6006
file: 193.27.90.51
hash: 9000
file: 144.172.116.242
hash: 7443
file: 82.197.95.16
hash: 443
file: 16.16.193.34
hash: 80
file: 13.51.84.181
hash: 443
file: 141.11.167.243
hash: 80
file: 23.227.199.49
hash: 4000
file: 81.10.33.47
hash: 8000
file: 174.138.75.201
hash: 4443
file: 38.129.139.12
hash: 3790
domain: x.s4m7v4.ru
domain: b.c2x0b1.ru
domain: n5.c2x0b1.ru
domain: bookings.escapesdollars.com
domain: images.inversionflorida.com
domain: panel.futurainternationalrealty.com
domain: files.cellustrong.com
file: 147.185.221.211
hash: 60267
file: 192.169.69.26
hash: 6065
domain: h.c-3dax.ru
url: http://central.pk/corporate/enter/joe/gate.php
url: https://or.vzj1o.ru/xelyju46kd.md5
url: http://112.248.81.8:43432/i
domain: xt.c2x0b1.ru
domain: u1.c-3dax.ru
file: 156.247.41.70
hash: 6666
url: https://u1.c-3dax.ru/uhmg18e6le.sh
url: http://94.154.35.238/sweetwhore/five/fre.php
url: http://182.127.64.113:46143/bin.sh
url: http://42.225.201.178:48805/i
file: 154.61.76.233
hash: 7000
domain: hitrol-60505.portmap.host
file: 216.250.253.99
hash: 2478
file: 185.117.3.63
hash: 6000
file: 91.92.242.20
hash: 6000
domain: executive-bath.gl.at.ply.gg
domain: career-sm.gl.at.ply.gg
file: 63.177.248.46
hash: 1338
domain: dramendralux.shop
file: 139.180.180.240
hash: 4788
file: 178.202.191.48
hash: 4782
file: 185.117.3.63
hash: 8080
url: http://123.4.45.56:36685/bin.sh
url: http://115.55.25.131:41932/i
domain: concept.mexicanstays.com
domain: cpanel.experiencejiujitsu.com
domain: q.c2x0b1.ru
url: http://178.16.55.189/files/7782139129/0xkmcfk.exe
url: https://github.com/asmroyal/cd4/releases/download/cd4/cd4.exe
url: http://176.46.152.62:5858/8088da70c9d74b18aaa9c25e7334b986_crypted_build.exe
url: http://178.16.55.189/files/5089917904/fc7zg1f.exe
url: http://182.119.163.8:50642/bin.sh
url: http://222.142.39.170:42392/i
url: https://to.vzj1o.ru/x8absz9v31.md5
url: http://222.127.49.90:59770/bin.sh
domain: qm9.c-3dax.ru
file: 192.109.138.65
hash: 58585
domain: townnoise.xyz
domain: religionjudge.info
url: https://qm9.c-3dax.ru/0cbq19wrw4.sh
hash: b3cc7abd90237c1e01a0b427935bcdd0821c40694671a88f2d766e3e9ef79b69
hash: 2ad9ff96aca438bfeb8a54fcb6e53f30efa5faa389e52372b4ca2306e7f2cccb
hash: 2018690845d5615fb84858ee635342e0cf9e0a359df352f89c02a11e4d6ff2e9
hash: 69a39343b65a15e7a7f07c0a123f4336d47d7d3277f177369321fbe348312ffc
hash: c23029f315f2d0063ffaef0cb651cfcf8e39bd4f9d77aefb6a5866d73bf096db
hash: beaf4d8cab4d8bb64a2a950880e435ec040cc844a1cacc573e613073f55c3606
hash: a02f741d30e33d72c6fdecf0ae1fafa2c44bfd40987a9480c2a11d8f5cd058d4
hash: fc885e8a0a0c726561110aa6f887b377dd43243e3a911b7e1787f641f7c1b90c
hash: 03288d08eb6c30a205d8947c0ee0e055a864383b043090280840b0c822e3446f
hash: 64f099327947fe21c770ada4c870a1d25304cda4f028973d7098b3f831771ceb
hash: 5f3b057153e88c2b413f8e0159b3e4d3dfe4c33bbe074efefaf41b2c6b6d0081
hash: 1829411d2d7c11ebdcdd890c4e6e55adbed17fd5b2bc404d2baf70045599a65d
hash: 3c2e13094101d13831624d58f46287d6b8aaefc344499320c2f14b44d0ad4496
hash: 6683b2af32c897b3ce9e36a0f4ff164df5c6c8e14583e255c7e84ec1da2e102c
hash: 8fbf9817d413c4e6300dde76fe793d299c82ff94edc5581ff9a3c4d9e3292944
hash: 22c963d89b106a8c675519889e60d45e9ecfbfebc2cf414fda8bb55dfaa9df32
hash: 121a8901094eb205730a3a7f3e176335bf000600c2af96e75c887d61b5e1fbe3
hash: 241110434ceb37d5028a0c035e7dabf7bd316c045a677eb2dc720b7080425e92
hash: f6df5a4c5b35f88a6b0e3b174e9a3402967a938d0b5d5946c59756f9016330c4
hash: 6fe268c72f7d53648084ed0b45c67971bc6a1417cab241ab1215fde95e56e8b0
hash: ecb8d0babc46b0729f3fcfeefed813297feed102197429ddee465b0605421d5c
file: 185.100.157.247
hash: 443
url: http://182.119.163.8:50642/i
url: http://78.153.140.92/b1n/edu.mpsl
url: http://78.153.140.92/b1n/edu.mips
file: 23.27.168.222
hash: 443
file: 146.70.51.74
hash: 4000
file: 191.112.0.170
hash: 443
file: 196.120.15.44
hash: 443
file: 207.166.166.21
hash: 443
file: 223.215.161.41
hash: 10250
domain: h2.c2x0b1.ru
file: 45.74.48.68
hash: 5671
file: 58.144.242.216
hash: 10250
file: 68.183.183.150
hash: 40056
domain: z3.c-3dax.ru
url: http://94.154.35.238/sweetwhore/five/pvqdq929bsx_a_d_m1n_a.php
file: 185.221.196.185
hash: 4848
domain: wz.c2x0b1.ru
domain: a.w9k6m9.ru
domain: so.cpc8u.ru
file: 185.107.74.126
hash: 443
domain: m8.w9k6m9.ru
domain: hi.cpc8u.ru
file: 38.255.43.72
hash: 53666
domain: k4.c-3dax.ru
domain: dccomicrat81.duckdns.org
domain: dc9887.duckdns.org
domain: dc9977.duckdns.org
domain: dcnewton5552.duckdns.org
file: 99.247.232.74
hash: 1337
file: 99.247.232.74
hash: 1616
file: 147.185.221.20
hash: 43071
domain: ok.cpc8u.ru
file: 213.111.148.128
hash: 8080
file: 157.245.229.147
hash: 80
file: 178.16.53.45
hash: 443
file: 186.169.76.187
hash: 2024
file: 141.98.11.227
hash: 2404
file: 188.69.185.249
hash: 8808
file: 38.54.84.79
hash: 888
file: 104.200.73.167
hash: 443
file: 139.59.241.175
hash: 80
file: 45.138.16.162
hash: 4321
domain: ah.cpc8u.ru
file: 147.185.221.211
hash: 53386
file: 147.185.221.17
hash: 19227
domain: y.x-6kox.ru
domain: oh.cpc8u.ru
file: 176.124.203.76
hash: 443
domain: am.xkx0o.ru
domain: k4.x-6kox.ru
domain: pm7.x-6kox.ru
file: 193.161.193.99
hash: 64593
domain: ax.xkx0o.ru
domain: g4.x-6kox.ru
domain: aw.xkx0o.ru
domain: b1.x-6kox.ru
domain: k.b-9lyb.ru
domain: ay.xkx0o.ru

ThreatFox IOCs for 2025-10-07

Severity: medium

Type: malware

ThreatFox IOCs for 2025-10-07

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain

Indicators of Compromise

url: http://144.31.221.127:5555/code777
file: 157.250.195.74
hash: 80
url: http://31.14.40.12
url: http://31.14.41.25
url: http://190.2.146.4
url: http://185.165.240.207
url: http://89.39.149.230
url: http://185.180.221.98
url: http://89.39.149.228
url: http://185.180.223.142
url: http://185.100.235.88
url: http://31.14.40.45
url: http://190.2.144.165
url: http://89.39.149.227
url: http://190.2.148.205
url: http://185.165.241.205
url: http://190.2.143.28
url: http://31.14.41.26
url: http://185.165.240.213
url: http://185.100.235.22
url: http://89.39.149.231
url: http://185.180.221.123
url: http://190.2.146.97
url: http://190.2.144.87
url: http://190.2.148.93
url: http://honibest.in
domain: desk.miamionly.com
file: 212.95.55.121
hash: 888
file: 108.174.56.177
hash: 2404
file: 47.236.166.45
hash: 8888
file: 45.141.215.108
hash: 4444
file: 64.227.126.87
hash: 7443
file: 16.62.83.162
hash: 16992
file: 40.172.67.160
hash: 443
file: 47.79.95.100
hash: 3333
file: 161.35.155.3
hash: 443
domain: cm.qoruva.ru
domain: if.xzb6i.ru
domain: t1.x-7daf.ru
file: 114.132.248.120
hash: 443
file: 143.92.43.153
hash: 8011
file: 143.92.43.231
hash: 8011
file: 35.89.197.190
hash: 443
file: 91.92.202.203
hash: 443
file: 125.45.96.149
hash: 5873
domain: sushinoking.ddnsking.com
domain: mythic.r.stf.printf.store
file: 185.95.156.22
hash: 8089
file: 27.78.41.100
hash: 5000
file: 38.60.218.60
hash: 443
file: 45.91.169.166
hash: 1234
file: 139.59.84.190
hash: 60002
file: 185.95.13.7
hash: 8443
file: 202.10.44.235
hash: 3333
file: 20.124.90.36
hash: 3333
file: 213.165.60.128
hash: 80
file: 161.97.165.41
hash: 443
file: 161.97.165.41
hash: 3333
file: 116.169.116.66
hash: 9205
file: 84.200.87.68
hash: 9000
file: 216.9.227.203
hash: 80
file: 185.241.206.54
hash: 80
file: 196.75.100.62
hash: 2222
file: 37.114.46.78
hash: 5000
domain: k.m4d8q9.ru
domain: hm.x-7daf.ru
domain: z2.m4d8q9.ru
domain: pt.m4d8q9.ru
domain: d.n-4cas.ru
domain: x.m4d8q9.ru
domain: q9.m4d8q9.ru
domain: w4.n-4cas.ru
domain: h.m4d8q9.ru
domain: pz8.n-4cas.ru
domain: glassgovernment.info
domain: boundarycaption.info
domain: tablesuggestion.info
domain: w1n.m4d8q9.ru
domain: h1.n-4cas.ru
domain: four-radiation.gl.at.ply.gg
file: 167.88.164.171
hash: 3310
domain: fourt2949aslumes9.duckdns.org
file: 94.156.67.247
hash: 2401
file: 141.11.136.47
hash: 4782
domain: s.p3t9b3.ru
domain: aa.n-4cas.ru
domain: m8.p3t9b3.ru
domain: l.j-9fuw.ru
domain: vk.p3t9b3.ru
domain: c5.j-9fuw.ru
domain: x.p3t9b3.ru
domain: is.frl0i.ru
domain: xq0.j-9fuw.ru
domain: r7.p3t9b3.ru
domain: aa9.j-9fuw.ru
domain: b.p3t9b3.ru
domain: m2.j-9fuw.ru
domain: q1n.p3t9b3.ru
file: 196.251.86.247
hash: 2404
file: 45.133.180.162
hash: 2404
file: 192.227.144.42
hash: 2404
file: 46.246.4.19
hash: 7049
file: 196.251.85.251
hash: 9443
file: 185.132.176.4
hash: 443
file: 196.251.117.199
hash: 6009
file: 47.83.194.220
hash: 20140
file: 168.245.201.253
hash: 3790
domain: a.x7f4g2.ru
domain: g.q-5ket.ru
url: http://pdfs.ba5eq.ru/effc16a562b273f0bb5c3e1e41a06a77
domain: pdfs.ba5eq.ru
domain: n3.x7f4g2.ru
domain: v2.q-5ket.ru
domain: zc.x7f4g2.ru
domain: aa9.q-5ket.ru
file: 156.234.37.240
hash: 2480
file: 156.234.37.246
hash: 2480
file: 156.234.22.240
hash: 2480
file: 156.234.239.241
hash: 2480
file: 156.234.249.236
hash: 2480
file: 114.96.89.69
hash: 11111
file: 20.51.193.170
hash: 443
file: 47.121.25.102
hash: 50050
file: 118.122.8.155
hash: 11701
file: 151.241.100.66
hash: 12521
file: 52.90.107.9
hash: 3156
file: 15.236.146.191
hash: 502
file: 18.144.62.107
hash: 45666
file: 54.67.84.26
hash: 5999
file: 54.215.212.198
hash: 10554
file: 91.92.241.143
hash: 443
file: 91.108.246.239
hash: 31337
file: 107.173.135.109
hash: 31337
file: 95.158.10.249
hash: 31337
file: 222.112.24.168
hash: 31337
file: 91.99.167.172
hash: 31337
file: 108.28.87.140
hash: 31337
domain: tpi.api-microsoftcom.com
file: 185.68.11.29
hash: 443
file: 35.219.6.104
hash: 3333
file: 165.227.26.215
hash: 7443
file: 203.209.173.163
hash: 1962
file: 54.210.171.92
hash: 80
file: 84.131.63.167
hash: 80
file: 23.94.199.115
hash: 443
file: 23.94.199.115
hash: 80
url: http://77.90.153.241/2810e254f679458d.php
url: http://176.46.152.21/72024bc494bfc6ba.php
domain: securityhealthservice.ydns.eu
file: 125.65.180.188
hash: 8848
file: 182.133.22.168
hash: 8848
domain: path.p7s9.com
domain: accessdennied.uk
domain: void.proxywall.p-e.kr
domain: www.flywing.online
domain: www.wingofffly.store
file: 107.175.88.106
hash: 1991
file: 45.133.174.146
hash: 31423
file: 5.181.157.176
hash: 44444
file: 5.181.157.176
hash: 487
file: 5.181.157.176
hash: 4899
file: 84.38.132.39
hash: 7535
domain: t1.x7f4g2.ru
domain: x.x7f4g2.ru
domain: k7.q-5ket.ru
domain: h7m.x7f4g2.ru
domain: p9.x7f4g2.ru
domain: r3.q-5ket.ru
file: 154.36.158.94
hash: 801
file: 34.203.197.60
hash: 443
domain: g.w9v5r4.ru
domain: q4.w9v5r4.ru
file: 139.180.180.240
hash: 4785
domain: bd.w9v5r4.ru
domain: r.n-4daw.ru
domain: z1.w9v5r4.ru
domain: tq.w9v5r4.ru
domain: u5.n-4daw.ru
domain: h9.w9v5r4.ru
domain: x8n.w9v5r4.ru
domain: qk2.n-4daw.ru
domain: s.v9r3g1.ru
domain: me.frl0i.ru
domain: refrech.duckdns.org
file: 45.88.9.209
hash: 5063
domain: taxlogs.linkpc.net
domain: premiemclient-4570.work.gd
file: 65.188.66.196
hash: 6000
file: 23.249.28.155
hash: 8080
file: 181.235.5.153
hash: 5060
domain: scooptownscarwash.com
file: 107.172.132.44
hash: 14644
file: 173.214.167.206
hash: 1040
domain: dckis9.duckdns.org
file: 197.246.186.7
hash: 8888
file: 198.23.227.175
hash: 5505
file: 198.23.227.175
hash: 6262
file: 93.232.103.222
hash: 81
url: http://185.177.239.247
domain: times-initially.gl.at.ply.gg
file: 26.190.196.227
hash: 5552
domain: offer-relationships.gl.at.ply.gg
domain: h3.v9r3g1.ru
domain: e1.n-4daw.ru
domain: my.frl0i.ru
url: https://amgi1.com/6h8n.js
domain: amgi1.com
url: https://amgi1.com/js.php
domain: pl.v9r3g1.ru
domain: x.v9r3g1.ru
domain: no.frl0i.ru
domain: x.n-7sol.ru
domain: netsupportsoftware.org
file: 91.92.242.139
hash: 443
domain: m2.v9r3g1.ru
domain: b2.n-7sol.ru
domain: qb.v9r3g1.ru
file: 185.241.208.248
hash: 7000
file: 198.46.178.137
hash: 8103
domain: z9m.v9r3g1.ru
domain: tq1.n-7sol.ru
domain: e.b5k6f4.ru
domain: app.orlandodiscounts.com
domain: n3.b5k6f4.ru
domain: n0.n-4daw.ru
domain: zt.b5k6f4.ru
domain: m7.n-7sol.ru
file: 41.141.16.187
hash: 85
domain: a1.b5k6f4.ru
domain: pv.b5k6f4.ru
domain: k9.n-7sol.ru
domain: h7.b5k6f4.ru
url: https://cfb8.ba5eq.ru/effc16a562b273f0bb5c3e1e41a06a77
domain: cfb8.ba5eq.ru
file: 196.251.88.83
hash: 5103
domain: xq9.b5k6f4.ru
domain: n.z-0xug.ru
domain: g.s4m7v4.ru
hash: 838ef0c67d52e6b2eb22b4d80f9b960e1a7a05f78b138ce725088017c0b5832e
domain: q7.s4m7v4.ru
domain: c7.z-0xug.ru
domain: on.vzj1o.ru
domain: wq9.z-0xug.ru
domain: bd.s4m7v4.ru
domain: z1.s4m7v4.ru
domain: r2.z-0xug.ru
domain: tq.s4m7v4.ru
domain: h9m.s4m7v4.ru
domain: zd.z-0xug.ru
file: 107.174.142.123
hash: 3344
file: 62.164.177.48
hash: 443
file: 144.172.116.242
hash: 80
file: 103.86.44.170
hash: 80
file: 202.78.167.14
hash: 58162
file: 45.88.186.244
hash: 6006
file: 193.27.90.51
hash: 9000
file: 144.172.116.242
hash: 7443
file: 82.197.95.16
hash: 443
file: 16.16.193.34
hash: 80
file: 13.51.84.181
hash: 443
file: 141.11.167.243
hash: 80
file: 23.227.199.49
hash: 4000
file: 81.10.33.47
hash: 8000
file: 174.138.75.201
hash: 4443
file: 38.129.139.12
hash: 3790
domain: x.s4m7v4.ru
domain: b.c2x0b1.ru
domain: n5.c2x0b1.ru
domain: bookings.escapesdollars.com
domain: images.inversionflorida.com
domain: panel.futurainternationalrealty.com
domain: files.cellustrong.com
file: 147.185.221.211
hash: 60267
file: 192.169.69.26
hash: 6065
domain: h.c-3dax.ru
url: http://central.pk/corporate/enter/joe/gate.php
url: https://or.vzj1o.ru/xelyju46kd.md5
url: http://112.248.81.8:43432/i
domain: xt.c2x0b1.ru
domain: u1.c-3dax.ru
file: 156.247.41.70
hash: 6666
url: https://u1.c-3dax.ru/uhmg18e6le.sh
url: http://94.154.35.238/sweetwhore/five/fre.php
url: http://182.127.64.113:46143/bin.sh
url: http://42.225.201.178:48805/i
file: 154.61.76.233
hash: 7000
domain: hitrol-60505.portmap.host
file: 216.250.253.99
hash: 2478
file: 185.117.3.63
hash: 6000
file: 91.92.242.20
hash: 6000
domain: executive-bath.gl.at.ply.gg
domain: career-sm.gl.at.ply.gg
file: 63.177.248.46
hash: 1338
domain: dramendralux.shop
file: 139.180.180.240
hash: 4788
file: 178.202.191.48
hash: 4782
file: 185.117.3.63
hash: 8080
url: http://123.4.45.56:36685/bin.sh
url: http://115.55.25.131:41932/i
domain: concept.mexicanstays.com
domain: cpanel.experiencejiujitsu.com
domain: q.c2x0b1.ru
url: http://178.16.55.189/files/7782139129/0xkmcfk.exe
url: https://github.com/asmroyal/cd4/releases/download/cd4/cd4.exe
url: http://176.46.152.62:5858/8088da70c9d74b18aaa9c25e7334b986_crypted_build.exe
url: http://178.16.55.189/files/5089917904/fc7zg1f.exe
url: http://182.119.163.8:50642/bin.sh
url: http://222.142.39.170:42392/i
url: https://to.vzj1o.ru/x8absz9v31.md5
url: http://222.127.49.90:59770/bin.sh
domain: qm9.c-3dax.ru
file: 192.109.138.65
hash: 58585
domain: townnoise.xyz
domain: religionjudge.info
url: https://qm9.c-3dax.ru/0cbq19wrw4.sh
hash: b3cc7abd90237c1e01a0b427935bcdd0821c40694671a88f2d766e3e9ef79b69
hash: 2ad9ff96aca438bfeb8a54fcb6e53f30efa5faa389e52372b4ca2306e7f2cccb
hash: 2018690845d5615fb84858ee635342e0cf9e0a359df352f89c02a11e4d6ff2e9
hash: 69a39343b65a15e7a7f07c0a123f4336d47d7d3277f177369321fbe348312ffc
hash: c23029f315f2d0063ffaef0cb651cfcf8e39bd4f9d77aefb6a5866d73bf096db
hash: beaf4d8cab4d8bb64a2a950880e435ec040cc844a1cacc573e613073f55c3606
hash: a02f741d30e33d72c6fdecf0ae1fafa2c44bfd40987a9480c2a11d8f5cd058d4
hash: fc885e8a0a0c726561110aa6f887b377dd43243e3a911b7e1787f641f7c1b90c
hash: 03288d08eb6c30a205d8947c0ee0e055a864383b043090280840b0c822e3446f
hash: 64f099327947fe21c770ada4c870a1d25304cda4f028973d7098b3f831771ceb
hash: 5f3b057153e88c2b413f8e0159b3e4d3dfe4c33bbe074efefaf41b2c6b6d0081
hash: 1829411d2d7c11ebdcdd890c4e6e55adbed17fd5b2bc404d2baf70045599a65d
hash: 3c2e13094101d13831624d58f46287d6b8aaefc344499320c2f14b44d0ad4496
hash: 6683b2af32c897b3ce9e36a0f4ff164df5c6c8e14583e255c7e84ec1da2e102c
hash: 8fbf9817d413c4e6300dde76fe793d299c82ff94edc5581ff9a3c4d9e3292944
hash: 22c963d89b106a8c675519889e60d45e9ecfbfebc2cf414fda8bb55dfaa9df32
hash: 121a8901094eb205730a3a7f3e176335bf000600c2af96e75c887d61b5e1fbe3
hash: 241110434ceb37d5028a0c035e7dabf7bd316c045a677eb2dc720b7080425e92
hash: f6df5a4c5b35f88a6b0e3b174e9a3402967a938d0b5d5946c59756f9016330c4
hash: 6fe268c72f7d53648084ed0b45c67971bc6a1417cab241ab1215fde95e56e8b0
hash: ecb8d0babc46b0729f3fcfeefed813297feed102197429ddee465b0605421d5c
file: 185.100.157.247
hash: 443
url: http://182.119.163.8:50642/i
url: http://78.153.140.92/b1n/edu.mpsl
url: http://78.153.140.92/b1n/edu.mips
file: 23.27.168.222
hash: 443
file: 146.70.51.74
hash: 4000
file: 191.112.0.170
hash: 443
file: 196.120.15.44
hash: 443
file: 207.166.166.21
hash: 443
file: 223.215.161.41
hash: 10250
domain: h2.c2x0b1.ru
file: 45.74.48.68
hash: 5671
file: 58.144.242.216
hash: 10250
file: 68.183.183.150
hash: 40056
domain: z3.c-3dax.ru
url: http://94.154.35.238/sweetwhore/five/pvqdq929bsx_a_d_m1n_a.php
file: 185.221.196.185
hash: 4848
domain: wz.c2x0b1.ru
domain: a.w9k6m9.ru
domain: so.cpc8u.ru
file: 185.107.74.126
hash: 443
domain: m8.w9k6m9.ru
domain: hi.cpc8u.ru
file: 38.255.43.72
hash: 53666
domain: k4.c-3dax.ru
domain: dccomicrat81.duckdns.org
domain: dc9887.duckdns.org
domain: dc9977.duckdns.org
domain: dcnewton5552.duckdns.org
file: 99.247.232.74
hash: 1337
file: 99.247.232.74
hash: 1616
file: 147.185.221.20
hash: 43071
domain: ok.cpc8u.ru
file: 213.111.148.128
hash: 8080
file: 157.245.229.147
hash: 80
file: 178.16.53.45
hash: 443
file: 186.169.76.187
hash: 2024
file: 141.98.11.227
hash: 2404
file: 188.69.185.249
hash: 8808
file: 38.54.84.79
hash: 888
file: 104.200.73.167
hash: 443
file: 139.59.241.175
hash: 80
file: 45.138.16.162
hash: 4321
domain: ah.cpc8u.ru
file: 147.185.221.211
hash: 53386
file: 147.185.221.17
hash: 19227
domain: y.x-6kox.ru
domain: oh.cpc8u.ru
file: 176.124.203.76
hash: 443
domain: am.xkx0o.ru
domain: k4.x-6kox.ru
domain: pm7.x-6kox.ru
file: 193.161.193.99
hash: 64593
domain: ax.xkx0o.ru
domain: g4.x-6kox.ru
domain: aw.xkx0o.ru
domain: b1.x-6kox.ru
domain: k.b-9lyb.ru
domain: ay.xkx0o.ru

Source: ThreatFox MISP Feed

Published: Tue Oct 07 2025

ThreatFox IOCs for 2025-10-07

Medium

Malwaretype:osint tlp:white

Published: Tue Oct 07 2025 (10/07/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-10-07

AI-Powered Analysis

AILast updated: 10/08/2025, 00:30:28 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: febedbda-d6ab-4ba2-881d-66ead125d9d8
Original Timestamp: 1759881786

Indicators of Compromise

Url

Value	Description	Copy
urlhttp://144.31.221.127:5555/code777	KongTuke payload delivery URL (confidence level: 100%)
urlhttp://31.14.40.12	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://31.14.41.25	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.146.4	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.165.240.207	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://89.39.149.230	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.180.221.98	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://89.39.149.228	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.180.223.142	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.100.235.88	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://31.14.40.45	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.144.165	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://89.39.149.227	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.148.205	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.165.241.205	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.143.28	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://31.14.41.26	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.165.240.213	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.100.235.22	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://89.39.149.231	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.180.221.123	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.146.97	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.144.87	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://190.2.148.93	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://honibest.in	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://pdfs.ba5eq.ru/effc16a562b273f0bb5c3e1e41a06a77	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://77.90.153.241/2810e254f679458d.php	Stealc botnet C2 (confidence level: 50%)
urlhttp://176.46.152.21/72024bc494bfc6ba.php	Stealc botnet C2 (confidence level: 50%)
urlhttp://185.177.239.247	Stealc botnet C2 (confidence level: 100%)
urlhttps://amgi1.com/6h8n.js	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://amgi1.com/js.php	KongTuke payload delivery URL (confidence level: 100%)
urlhttps://cfb8.ba5eq.ru/effc16a562b273f0bb5c3e1e41a06a77	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://central.pk/corporate/enter/joe/gate.php	Pony botnet C2 (confidence level: 100%)
urlhttps://or.vzj1o.ru/xelyju46kd.md5	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://112.248.81.8:43432/i	Mozi payload delivery URL (confidence level: 80%)
urlhttps://u1.c-3dax.ru/uhmg18e6le.sh	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://94.154.35.238/sweetwhore/five/fre.php	Loki Password Stealer (PWS) botnet C2 (confidence level: 100%)
urlhttp://182.127.64.113:46143/bin.sh	Mozi payload delivery URL (confidence level: 80%)
urlhttp://42.225.201.178:48805/i	Mozi payload delivery URL (confidence level: 80%)
urlhttp://123.4.45.56:36685/bin.sh	Mozi payload delivery URL (confidence level: 80%)
urlhttp://115.55.25.131:41932/i	Mozi payload delivery URL (confidence level: 80%)
urlhttp://178.16.55.189/files/7782139129/0xkmcfk.exe	Unknown malware payload delivery URL (confidence level: 80%)
urlhttps://github.com/asmroyal/cd4/releases/download/cd4/cd4.exe	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://176.46.152.62:5858/8088da70c9d74b18aaa9c25e7334b986_crypted_build.exe	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://178.16.55.189/files/5089917904/fc7zg1f.exe	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://182.119.163.8:50642/bin.sh	Mozi payload delivery URL (confidence level: 80%)
urlhttp://222.142.39.170:42392/i	Mozi payload delivery URL (confidence level: 80%)
urlhttps://to.vzj1o.ru/x8absz9v31.md5	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://222.127.49.90:59770/bin.sh	Mozi payload delivery URL (confidence level: 80%)
urlhttps://qm9.c-3dax.ru/0cbq19wrw4.sh	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://182.119.163.8:50642/i	Mozi payload delivery URL (confidence level: 80%)
urlhttp://78.153.140.92/b1n/edu.mpsl	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://78.153.140.92/b1n/edu.mips	Unknown malware payload delivery URL (confidence level: 80%)
urlhttp://94.154.35.238/sweetwhore/five/pvqdq929bsx_a_d_m1n_a.php	LokiBot botnet C2 (confidence level: 100%)

File

Value	Description	Copy
file157.250.195.74	Unknown malware botnet C2 server (confidence level: 100%)
file212.95.55.121	Remcos botnet C2 server (confidence level: 100%)
file108.174.56.177	Remcos botnet C2 server (confidence level: 100%)
file47.236.166.45	Unknown malware botnet C2 server (confidence level: 100%)
file45.141.215.108	AsyncRAT botnet C2 server (confidence level: 100%)
file64.227.126.87	Unknown malware botnet C2 server (confidence level: 100%)
file16.62.83.162	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file40.172.67.160	DeimosC2 botnet C2 server (confidence level: 100%)
file47.79.95.100	Unknown malware botnet C2 server (confidence level: 100%)
file161.35.155.3	Empire Downloader botnet C2 server (confidence level: 100%)
file114.132.248.120	Cobalt Strike botnet C2 server (confidence level: 75%)
file143.92.43.153	Cobalt Strike botnet C2 server (confidence level: 75%)
file143.92.43.231	Cobalt Strike botnet C2 server (confidence level: 75%)
file35.89.197.190	Sliver botnet C2 server (confidence level: 90%)
file91.92.202.203	Sliver botnet C2 server (confidence level: 90%)
file125.45.96.149	Unknown malware botnet C2 server (confidence level: 100%)
file185.95.156.22	Hook botnet C2 server (confidence level: 100%)
file27.78.41.100	Venom RAT botnet C2 server (confidence level: 100%)
file38.60.218.60	GobRAT botnet C2 server (confidence level: 100%)
file45.91.169.166	Unknown malware botnet C2 server (confidence level: 100%)
file139.59.84.190	Unknown malware botnet C2 server (confidence level: 100%)
file185.95.13.7	Unknown malware botnet C2 server (confidence level: 100%)
file202.10.44.235	Unknown malware botnet C2 server (confidence level: 100%)
file20.124.90.36	Unknown malware botnet C2 server (confidence level: 100%)
file213.165.60.128	Unknown malware botnet C2 server (confidence level: 100%)
file161.97.165.41	Unknown malware botnet C2 server (confidence level: 100%)
file161.97.165.41	Unknown malware botnet C2 server (confidence level: 100%)
file116.169.116.66	Unknown malware botnet C2 server (confidence level: 100%)
file84.200.87.68	SectopRAT botnet C2 server (confidence level: 100%)
file216.9.227.203	Bashlite botnet C2 server (confidence level: 100%)
file185.241.206.54	Bashlite botnet C2 server (confidence level: 100%)
file196.75.100.62	Meterpreter botnet C2 server (confidence level: 100%)
file37.114.46.78	XWorm botnet C2 server (confidence level: 75%)
file167.88.164.171	Remcos botnet C2 server (confidence level: 100%)
file94.156.67.247	Remcos botnet C2 server (confidence level: 100%)
file141.11.136.47	Quasar RAT botnet C2 server (confidence level: 100%)
file196.251.86.247	Remcos botnet C2 server (confidence level: 100%)
file45.133.180.162	Remcos botnet C2 server (confidence level: 100%)
file192.227.144.42	Remcos botnet C2 server (confidence level: 100%)
file46.246.4.19	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.85.251	Unknown malware botnet C2 server (confidence level: 100%)
file185.132.176.4	Havoc botnet C2 server (confidence level: 100%)
file196.251.117.199	Venom RAT botnet C2 server (confidence level: 100%)
file47.83.194.220	DeimosC2 botnet C2 server (confidence level: 100%)
file168.245.201.253	Meterpreter botnet C2 server (confidence level: 100%)
file156.234.37.240	Cobalt Strike botnet C2 server (confidence level: 50%)
file156.234.37.246	Cobalt Strike botnet C2 server (confidence level: 50%)
file156.234.22.240	Cobalt Strike botnet C2 server (confidence level: 50%)
file156.234.239.241	Cobalt Strike botnet C2 server (confidence level: 50%)
file156.234.249.236	Cobalt Strike botnet C2 server (confidence level: 50%)
file114.96.89.69	Cobalt Strike botnet C2 server (confidence level: 50%)
file20.51.193.170	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.121.25.102	Cobalt Strike botnet C2 server (confidence level: 50%)
file118.122.8.155	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file151.241.100.66	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file52.90.107.9	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file15.236.146.191	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file18.144.62.107	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.67.84.26	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file54.215.212.198	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file91.92.241.143	Eye Pyramid botnet C2 server (confidence level: 75%)
file91.108.246.239	Sliver botnet C2 server (confidence level: 50%)
file107.173.135.109	Sliver botnet C2 server (confidence level: 50%)
file95.158.10.249	Sliver botnet C2 server (confidence level: 50%)
file222.112.24.168	Sliver botnet C2 server (confidence level: 50%)
file91.99.167.172	Sliver botnet C2 server (confidence level: 50%)
file108.28.87.140	Sliver botnet C2 server (confidence level: 50%)
file185.68.11.29	Unknown malware botnet C2 server (confidence level: 50%)
file35.219.6.104	Unknown malware botnet C2 server (confidence level: 50%)
file165.227.26.215	Unknown malware botnet C2 server (confidence level: 50%)
file203.209.173.163	Unknown malware botnet C2 server (confidence level: 50%)
file54.210.171.92	Nimplant botnet C2 server (confidence level: 50%)
file84.131.63.167	Ghost RAT botnet C2 server (confidence level: 50%)
file23.94.199.115	Cobalt Strike botnet C2 server (confidence level: 75%)
file23.94.199.115	Cobalt Strike botnet C2 server (confidence level: 75%)
file125.65.180.188	DCRat botnet C2 server (confidence level: 50%)
file182.133.22.168	DCRat botnet C2 server (confidence level: 50%)
file107.175.88.106	Remcos botnet C2 server (confidence level: 50%)
file45.133.174.146	Remcos botnet C2 server (confidence level: 50%)
file5.181.157.176	Remcos botnet C2 server (confidence level: 50%)
file5.181.157.176	Remcos botnet C2 server (confidence level: 50%)
file5.181.157.176	Remcos botnet C2 server (confidence level: 50%)
file84.38.132.39	Remcos botnet C2 server (confidence level: 50%)
file154.36.158.94	Cobalt Strike botnet C2 server (confidence level: 100%)
file34.203.197.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file139.180.180.240	XenoRAT botnet C2 server (confidence level: 100%)
file45.88.9.209	XWorm botnet C2 server (confidence level: 100%)
file65.188.66.196	XWorm botnet C2 server (confidence level: 100%)
file23.249.28.155	Ghost RAT botnet C2 server (confidence level: 100%)
file181.235.5.153	Remcos botnet C2 server (confidence level: 100%)
file107.172.132.44	Remcos botnet C2 server (confidence level: 100%)
file173.214.167.206	Remcos botnet C2 server (confidence level: 100%)
file197.246.186.7	AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.227.175	AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.227.175	AsyncRAT botnet C2 server (confidence level: 100%)
file93.232.103.222	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file26.190.196.227	NjRAT botnet C2 server (confidence level: 100%)
file91.92.242.139	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file185.241.208.248	XWorm botnet C2 server (confidence level: 100%)
file198.46.178.137	PureLogs Stealer botnet C2 server (confidence level: 100%)
file41.141.16.187	NjRAT botnet C2 server (confidence level: 100%)
file196.251.88.83	XWorm botnet C2 server (confidence level: 75%)
file107.174.142.123	XWorm botnet C2 server (confidence level: 100%)
file62.164.177.48	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file144.172.116.242	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.86.44.170	Ghost RAT botnet C2 server (confidence level: 100%)
file202.78.167.14	GobRAT botnet C2 server (confidence level: 100%)
file45.88.186.244	AsyncRAT botnet C2 server (confidence level: 100%)
file193.27.90.51	SectopRAT botnet C2 server (confidence level: 100%)
file144.172.116.242	Unknown malware botnet C2 server (confidence level: 100%)
file82.197.95.16	Unknown malware botnet C2 server (confidence level: 100%)
file16.16.193.34	Hook botnet C2 server (confidence level: 100%)
file13.51.84.181	Havoc botnet C2 server (confidence level: 100%)
file141.11.167.243	MooBot botnet C2 server (confidence level: 100%)
file23.227.199.49	Unknown malware botnet C2 server (confidence level: 100%)
file81.10.33.47	MimiKatz botnet C2 server (confidence level: 100%)
file174.138.75.201	Meterpreter botnet C2 server (confidence level: 100%)
file38.129.139.12	Meterpreter botnet C2 server (confidence level: 100%)
file147.185.221.211	XWorm botnet C2 server (confidence level: 100%)
file192.169.69.26	XWorm botnet C2 server (confidence level: 100%)
file156.247.41.70	ValleyRAT botnet C2 server (confidence level: 100%)
file154.61.76.233	XWorm botnet C2 server (confidence level: 100%)
file216.250.253.99	XWorm botnet C2 server (confidence level: 100%)
file185.117.3.63	XWorm botnet C2 server (confidence level: 100%)
file91.92.242.20	XWorm botnet C2 server (confidence level: 100%)
file63.177.248.46	XWorm botnet C2 server (confidence level: 100%)
file139.180.180.240	AsyncRAT botnet C2 server (confidence level: 100%)
file178.202.191.48	Quasar RAT botnet C2 server (confidence level: 100%)
file185.117.3.63	Quasar RAT botnet C2 server (confidence level: 100%)
file192.109.138.65	Rhadamanthys botnet C2 server (confidence level: 100%)
file185.100.157.247	Rhadamanthys botnet C2 server (confidence level: 100%)
file23.27.168.222	Rhadamanthys botnet C2 server (confidence level: 100%)
file146.70.51.74	DCRat botnet C2 server (confidence level: 75%)
file191.112.0.170	QakBot botnet C2 server (confidence level: 75%)
file196.120.15.44	NetSupportManager RAT botnet C2 server (confidence level: 75%)
file207.166.166.21	Unknown malware botnet C2 server (confidence level: 75%)
file223.215.161.41	DeimosC2 botnet C2 server (confidence level: 75%)
file45.74.48.68	Remcos botnet C2 server (confidence level: 75%)
file58.144.242.216	DeimosC2 botnet C2 server (confidence level: 75%)
file68.183.183.150	Havoc botnet C2 server (confidence level: 75%)
file185.221.196.185	Rhadamanthys botnet C2 server (confidence level: 100%)
file185.107.74.126	Rhadamanthys botnet C2 server (confidence level: 100%)
file38.255.43.72	RedLine Stealer botnet C2 server (confidence level: 100%)
file99.247.232.74	AsyncRAT botnet C2 server (confidence level: 100%)
file99.247.232.74	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.20	XWorm botnet C2 server (confidence level: 100%)
file213.111.148.128	Cobalt Strike botnet C2 server (confidence level: 100%)
file157.245.229.147	Cobalt Strike botnet C2 server (confidence level: 100%)
file178.16.53.45	Latrodectus botnet C2 server (confidence level: 100%)
file186.169.76.187	Remcos botnet C2 server (confidence level: 100%)
file141.98.11.227	Remcos botnet C2 server (confidence level: 100%)
file188.69.185.249	AsyncRAT botnet C2 server (confidence level: 100%)
file38.54.84.79	AsyncRAT botnet C2 server (confidence level: 100%)
file104.200.73.167	Havoc botnet C2 server (confidence level: 100%)
file139.59.241.175	Bashlite botnet C2 server (confidence level: 100%)
file45.138.16.162	AdaptixC2 botnet C2 server (confidence level: 100%)
file147.185.221.211	XWorm botnet C2 server (confidence level: 100%)
file147.185.221.17	XWorm botnet C2 server (confidence level: 100%)
file176.124.203.76	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash888	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash4444	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash16992	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash443	DeimosC2 botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Empire Downloader botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8011	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8011	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash443	Sliver botnet C2 server (confidence level: 90%)
hash5873	Unknown malware botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash5000	Venom RAT botnet C2 server (confidence level: 100%)
hash443	GobRAT botnet C2 server (confidence level: 100%)
hash1234	Unknown malware botnet C2 server (confidence level: 100%)
hash60002	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash9205	Unknown malware botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash5000	XWorm botnet C2 server (confidence level: 75%)
hash3310	Remcos botnet C2 server (confidence level: 100%)
hash2401	Remcos botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash7049	AsyncRAT botnet C2 server (confidence level: 100%)
hash9443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash6009	Venom RAT botnet C2 server (confidence level: 100%)
hash20140	DeimosC2 botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash2480	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2480	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2480	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2480	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2480	Cobalt Strike botnet C2 server (confidence level: 50%)
hash11111	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash11701	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash12521	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3156	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash502	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash45666	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash5999	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash10554	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash7443	Unknown malware botnet C2 server (confidence level: 50%)
hash1962	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Nimplant botnet C2 server (confidence level: 50%)
hash80	Ghost RAT botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8848	DCRat botnet C2 server (confidence level: 50%)
hash8848	DCRat botnet C2 server (confidence level: 50%)
hash1991	Remcos botnet C2 server (confidence level: 50%)
hash31423	Remcos botnet C2 server (confidence level: 50%)
hash44444	Remcos botnet C2 server (confidence level: 50%)
hash487	Remcos botnet C2 server (confidence level: 50%)
hash4899	Remcos botnet C2 server (confidence level: 50%)
hash7535	Remcos botnet C2 server (confidence level: 50%)
hash801	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4785	XenoRAT botnet C2 server (confidence level: 100%)
hash5063	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash8080	Ghost RAT botnet C2 server (confidence level: 100%)
hash5060	Remcos botnet C2 server (confidence level: 100%)
hash14644	Remcos botnet C2 server (confidence level: 100%)
hash1040	Remcos botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash5505	AsyncRAT botnet C2 server (confidence level: 100%)
hash6262	AsyncRAT botnet C2 server (confidence level: 100%)
hash81	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash5552	NjRAT botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash8103	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash85	NjRAT botnet C2 server (confidence level: 100%)
hash5103	XWorm botnet C2 server (confidence level: 75%)
hash838ef0c67d52e6b2eb22b4d80f9b960e1a7a05f78b138ce725088017c0b5832e	Unknown Stealer payload (confidence level: 100%)
hash3344	XWorm botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Ghost RAT botnet C2 server (confidence level: 100%)
hash58162	GobRAT botnet C2 server (confidence level: 100%)
hash6006	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash4000	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	MimiKatz botnet C2 server (confidence level: 100%)
hash4443	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash60267	XWorm botnet C2 server (confidence level: 100%)
hash6065	XWorm botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash7000	XWorm botnet C2 server (confidence level: 100%)
hash2478	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash1338	XWorm botnet C2 server (confidence level: 100%)
hash4788	AsyncRAT botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash58585	Rhadamanthys botnet C2 server (confidence level: 100%)
hashb3cc7abd90237c1e01a0b427935bcdd0821c40694671a88f2d766e3e9ef79b69	Unknown malware payload (confidence level: 90%)
hash2ad9ff96aca438bfeb8a54fcb6e53f30efa5faa389e52372b4ca2306e7f2cccb	Unknown malware payload (confidence level: 90%)
hash2018690845d5615fb84858ee635342e0cf9e0a359df352f89c02a11e4d6ff2e9	Unknown malware payload (confidence level: 90%)
hash69a39343b65a15e7a7f07c0a123f4336d47d7d3277f177369321fbe348312ffc	Unknown malware payload (confidence level: 90%)
hashc23029f315f2d0063ffaef0cb651cfcf8e39bd4f9d77aefb6a5866d73bf096db	Unknown malware payload (confidence level: 90%)
hashbeaf4d8cab4d8bb64a2a950880e435ec040cc844a1cacc573e613073f55c3606	Unknown malware payload (confidence level: 90%)
hasha02f741d30e33d72c6fdecf0ae1fafa2c44bfd40987a9480c2a11d8f5cd058d4	Unknown malware payload (confidence level: 90%)
hashfc885e8a0a0c726561110aa6f887b377dd43243e3a911b7e1787f641f7c1b90c	Unknown malware payload (confidence level: 90%)
hash03288d08eb6c30a205d8947c0ee0e055a864383b043090280840b0c822e3446f	Unknown malware payload (confidence level: 90%)
hash64f099327947fe21c770ada4c870a1d25304cda4f028973d7098b3f831771ceb	Unknown malware payload (confidence level: 90%)
hash5f3b057153e88c2b413f8e0159b3e4d3dfe4c33bbe074efefaf41b2c6b6d0081	Unknown malware payload (confidence level: 90%)
hash1829411d2d7c11ebdcdd890c4e6e55adbed17fd5b2bc404d2baf70045599a65d	Unknown malware payload (confidence level: 90%)
hash3c2e13094101d13831624d58f46287d6b8aaefc344499320c2f14b44d0ad4496	Unknown malware payload (confidence level: 90%)
hash6683b2af32c897b3ce9e36a0f4ff164df5c6c8e14583e255c7e84ec1da2e102c	Unknown malware payload (confidence level: 90%)
hash8fbf9817d413c4e6300dde76fe793d299c82ff94edc5581ff9a3c4d9e3292944	Unknown malware payload (confidence level: 90%)
hash22c963d89b106a8c675519889e60d45e9ecfbfebc2cf414fda8bb55dfaa9df32	Unknown malware payload (confidence level: 90%)
hash121a8901094eb205730a3a7f3e176335bf000600c2af96e75c887d61b5e1fbe3	Unknown malware payload (confidence level: 90%)
hash241110434ceb37d5028a0c035e7dabf7bd316c045a677eb2dc720b7080425e92	Unknown malware payload (confidence level: 90%)
hashf6df5a4c5b35f88a6b0e3b174e9a3402967a938d0b5d5946c59756f9016330c4	Unknown malware payload (confidence level: 90%)
hash6fe268c72f7d53648084ed0b45c67971bc6a1417cab241ab1215fde95e56e8b0	Unknown malware payload (confidence level: 90%)
hashecb8d0babc46b0729f3fcfeefed813297feed102197429ddee465b0605421d5c	Rhadamanthys payload (confidence level: 90%)
hash443	Rhadamanthys botnet C2 server (confidence level: 100%)
hash443	Rhadamanthys botnet C2 server (confidence level: 100%)
hash4000	DCRat botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 75%)
hash443	Unknown malware botnet C2 server (confidence level: 75%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash5671	Remcos botnet C2 server (confidence level: 75%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash40056	Havoc botnet C2 server (confidence level: 75%)
hash4848	Rhadamanthys botnet C2 server (confidence level: 100%)
hash443	Rhadamanthys botnet C2 server (confidence level: 100%)
hash53666	RedLine Stealer botnet C2 server (confidence level: 100%)
hash1337	AsyncRAT botnet C2 server (confidence level: 100%)
hash1616	XWorm botnet C2 server (confidence level: 100%)
hash43071	XWorm botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 100%)
hash2024	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash888	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 100%)
hash53386	XWorm botnet C2 server (confidence level: 100%)
hash19227	XWorm botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash64593	XWorm botnet C2 server (confidence level: 100%)

Domain

Value	Description	Copy
domaindesk.miamionly.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincm.qoruva.ru	ClearFake payload delivery domain (confidence level: 100%)
domainif.xzb6i.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint1.x-7daf.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsushinoking.ddnsking.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainmythic.r.stf.printf.store	Unknown malware botnet C2 domain (confidence level: 100%)
domaink.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhm.x-7daf.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz2.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpt.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domaind.n-4cas.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq9.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainw4.n-4cas.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpz8.n-4cas.ru	ClearFake payload delivery domain (confidence level: 100%)
domainglassgovernment.info	Unknown Loader botnet C2 domain (confidence level: 100%)
domainboundarycaption.info	Unknown Loader botnet C2 domain (confidence level: 100%)
domaintablesuggestion.info	Unknown Loader botnet C2 domain (confidence level: 100%)
domainw1n.m4d8q9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh1.n-4cas.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfour-radiation.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainfourt2949aslumes9.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domains.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaa.n-4cas.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm8.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl.j-9fuw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvk.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc5.j-9fuw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainis.frl0i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxq0.j-9fuw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr7.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaa9.j-9fuw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm2.j-9fuw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq1n.p3t9b3.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing.q-5ket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpdfs.ba5eq.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn3.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv2.q-5ket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzc.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaa9.q-5ket.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintpi.api-microsoftcom.com	Cobalt Strike botnet C2 domain (confidence level: 75%)
domainsecurityhealthservice.ydns.eu	DCRat botnet C2 domain (confidence level: 50%)
domainpath.p7s9.com	Unknown malware botnet C2 domain (confidence level: 50%)
domainaccessdennied.uk	Mirai botnet C2 domain (confidence level: 50%)
domainvoid.proxywall.p-e.kr	Mirai botnet C2 domain (confidence level: 50%)
domainwww.flywing.online	Remcos botnet C2 domain (confidence level: 50%)
domainwww.wingofffly.store	Remcos botnet C2 domain (confidence level: 50%)
domaint1.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink7.q-5ket.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh7m.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainp9.x7f4g2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr3.q-5ket.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq4.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbd.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr.n-4daw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz1.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintq.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu5.n-4daw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh9.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx8n.w9v5r4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqk2.n-4daw.ru	ClearFake payload delivery domain (confidence level: 100%)
domains.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainme.frl0i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrefrech.duckdns.org	XWorm botnet C2 domain (confidence level: 100%)
domaintaxlogs.linkpc.net	XWorm botnet C2 domain (confidence level: 100%)
domainpremiemclient-4570.work.gd	XWorm botnet C2 domain (confidence level: 100%)
domainscooptownscarwash.com	Remcos botnet C2 domain (confidence level: 100%)
domaindckis9.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domaintimes-initially.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainoffer-relationships.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainh3.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domaine1.n-4daw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmy.frl0i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainamgi1.com	KongTuke payload delivery domain (confidence level: 100%)
domainpl.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainno.frl0i.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.n-7sol.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnetsupportsoftware.org	NetSupportManager RAT botnet C2 domain (confidence level: 100%)
domainm2.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb2.n-7sol.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqb.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz9m.v9r3g1.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintq1.n-7sol.ru	ClearFake payload delivery domain (confidence level: 100%)
domaine.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainapp.orlandodiscounts.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainn3.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn0.n-4daw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzt.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm7.n-7sol.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina1.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpv.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink9.n-7sol.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh7.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincfb8.ba5eq.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxq9.b5k6f4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn.z-0xug.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq7.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc7.z-0xug.ru	ClearFake payload delivery domain (confidence level: 100%)
domainon.vzj1o.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwq9.z-0xug.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbd.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz1.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr2.z-0xug.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintq.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh9m.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainzd.z-0xug.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.s4m7v4.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb.c2x0b1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn5.c2x0b1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbookings.escapesdollars.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainimages.inversionflorida.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainpanel.futurainternationalrealty.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainfiles.cellustrong.com	FAKEUPDATES botnet C2 domain (confidence level: 50%)
domainh.c-3dax.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxt.c2x0b1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu1.c-3dax.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhitrol-60505.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainexecutive-bath.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaincareer-sm.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaindramendralux.shop	Remcos botnet C2 domain (confidence level: 100%)
domainconcept.mexicanstays.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domaincpanel.experiencejiujitsu.com	FAKEUPDATES botnet C2 domain (confidence level: 100%)
domainq.c2x0b1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqm9.c-3dax.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintownnoise.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainreligionjudge.info	Unknown Loader botnet C2 domain (confidence level: 100%)
domainh2.c2x0b1.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz3.c-3dax.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwz.c2x0b1.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina.w9k6m9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainso.cpc8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm8.w9k6m9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhi.cpc8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink4.c-3dax.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindccomicrat81.duckdns.org	DCRat botnet C2 domain (confidence level: 100%)
domaindc9887.duckdns.org	DCRat botnet C2 domain (confidence level: 100%)
domaindc9977.duckdns.org	DCRat botnet C2 domain (confidence level: 100%)
domaindcnewton5552.duckdns.org	DCRat botnet C2 domain (confidence level: 100%)
domainok.cpc8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainah.cpc8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainy.x-6kox.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoh.cpc8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainam.xkx0o.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink4.x-6kox.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpm7.x-6kox.ru	ClearFake payload delivery domain (confidence level: 100%)
domainax.xkx0o.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing4.x-6kox.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaw.xkx0o.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb1.x-6kox.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink.b-9lyb.ru	ClearFake payload delivery domain (confidence level: 100%)
domainay.xkx0o.ru	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 68e5ad0ba677756fc9a6b000

Added to database: 10/8/2025, 12:15:07 AM

Last enriched: 10/8/2025, 12:30:28 AM

Last updated: 10/8/2025, 4:28:25 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-10-07

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-10-07

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Url

File

Hash

Domain

Community Reviews

Related Threats

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

Nimbus Manticore Deploys New Malware Targeting Europe

Iranian State Hackers Use SSL.com Certificates to Sign Malware

China Exploited New VMware Bug for Nearly a Year

'Klopatra' Trojan Makes Bank Transfers While You Sleep

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility