Reconnecting to live updates…
ThreatFox IOCs for 2025-10-18
Severity: mediumType: malware
ThreatFox IOCs for 2025-10-18
AI Analysis
Technical Summary
This threat report from the ThreatFox MISP feed dated October 18, 2025, provides a collection of Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT, payload delivery, and network activity. The report does not specify any particular affected software versions or products, indicating that the IOCs are likely generic or broad-based rather than targeting a specific vulnerability. No known exploits in the wild have been reported, and no patches or remediation links are available, suggesting that this intelligence is primarily for detection and monitoring purposes rather than immediate threat mitigation. The threat level is rated as 2 on an unspecified scale, with a medium severity classification, reflecting moderate risk. The technical details indicate moderate distribution and analysis levels but do not provide concrete exploit mechanisms or payload descriptions. The absence of CWEs and detailed technical indicators limits the ability to assess the exact attack vectors or payload behaviors. Overall, this intelligence serves as a resource for security teams to update their detection signatures and network monitoring tools to identify potential malicious activity associated with these IOCs.
Potential Impact
For European organizations, the impact of this threat is primarily in the domain of enhanced situational awareness and improved detection capabilities. Since no active exploitation or specific vulnerabilities are identified, the direct risk to confidentiality, integrity, or availability is low at this time. However, failure to incorporate these IOCs into security monitoring could result in missed detection of malware payload delivery attempts or network-based reconnaissance activities. Organizations heavily reliant on network security and threat intelligence, such as financial institutions, critical infrastructure, and government agencies, may benefit from early identification of related malicious activity. The medium severity rating indicates that while the threat is not immediately critical, it warrants attention to prevent potential escalation or exploitation in the future.
Mitigation Recommendations
European organizations should integrate the provided IOCs into their existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related malware activities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can improve early warning capabilities. Network segmentation and strict monitoring of outbound traffic can help contain potential payload delivery attempts. Conducting threat hunting exercises using these IOCs may uncover latent infections or reconnaissance activities. Additionally, organizations should maintain robust incident response plans that incorporate OSINT-derived intelligence to quickly analyze and respond to suspicious network activity. Since no patches are available, emphasis should be placed on detection and containment rather than remediation of a specific vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- url: https://lh24h7tp-5500.euw.devtunnels.ms/checker/1.pdb
- file: 102.117.169.163
- hash: 7443
- file: 149.88.74.72
- hash: 4782
- file: 185.72.199.97
- hash: 1717
- file: 196.251.86.107
- hash: 443
- file: 213.209.143.167
- hash: 80
- file: 196.75.218.11
- hash: 2222
- domain: 06342.99y401874.ru
- domain: 740.08u073852.ru
- domain: 2215.08u073852.ru
- domain: 60012.08u073852.ru
- domain: 918274.08u073852.ru
- domain: 3007812.08u073852.ru
- domain: 05a9.08u073852.ru
- domain: 889.08u073852.ru
- domain: 431.11u812580.ru
- domain: 9023.11u812580.ru
- domain: 100587.11u812580.ru
- domain: 7652190.11u812580.ru
- domain: 028.11u812580.ru
- domain: 34972.11u812580.ru
- domain: 581004.11u812580.ru
- domain: 777.60e533569.ru
- domain: 1205.60e533569.ru
- domain: 45019.60e533569.ru
- domain: 620714.60e533569.ru
- domain: 5002201.60e533569.ru
- domain: 984.60e533569.ru
- file: 193.161.193.99
- hash: 37356
- domain: 04137.60e533569.ru
- domain: 324.54o477354.ru
- domain: 8321.54o477354.ru
- domain: tubifly.com
- file: 188.137.180.79
- hash: 443
- file: 114.67.98.107
- hash: 80
- file: 47.108.21.186
- hash: 8080
- file: 8.134.255.60
- hash: 443
- file: 185.112.144.245
- hash: 443
- file: 87.121.79.106
- hash: 31337
- file: 172.94.111.55
- hash: 8808
- file: 137.220.145.250
- hash: 443
- file: 218.212.157.249
- hash: 8443
- file: 71.79.103.3
- hash: 8443
- file: 89.23.240.21
- hash: 8443
- file: 42.98.205.186
- hash: 8443
- file: 116.49.241.4
- hash: 8443
- file: 69.14.17.104
- hash: 8443
- file: 202.128.23.121
- hash: 8443
- file: 61.76.128.209
- hash: 8443
- file: 138.19.136.60
- hash: 8443
- file: 110.35.142.86
- hash: 8443
- file: 119.197.86.48
- hash: 8443
- file: 114.29.89.96
- hash: 8443
- file: 14.39.94.118
- hash: 8443
- file: 121.131.45.82
- hash: 443
- file: 212.251.145.230
- hash: 8443
- file: 41.205.51.242
- hash: 8443
- file: 119.199.107.160
- hash: 8443
- file: 222.104.130.91
- hash: 8443
- file: 70.94.36.247
- hash: 8443
- file: 211.193.130.88
- hash: 8443
- file: 220.92.72.82
- hash: 8443
- file: 118.91.36.181
- hash: 8443
- file: 61.77.145.112
- hash: 8443
- file: 39.109.145.78
- hash: 8443
- domain: homeoffice.dmg-tech.com
- file: 40.84.43.13
- hash: 443
- file: 44.216.161.8
- hash: 3333
- file: 16.171.17.38
- hash: 3333
- file: 52.204.61.251
- hash: 443
- file: 37.59.112.102
- hash: 443
- file: 18.135.6.22
- hash: 2222
- file: 109.73.201.245
- hash: 3333
- file: 193.70.42.0
- hash: 443
- file: 192.248.161.226
- hash: 3000
- file: 34.105.192.157
- hash: 3389
- file: 198.46.143.115
- hash: 3333
- file: 168.138.228.68
- hash: 443
- file: 119.28.6.250
- hash: 443
- file: 41.141.124.55
- hash: 443
- domain: 55027.54o477354.ru
- domain: 7001845.54o477354.ru
- domain: 169.54o477354.ru
- domain: 0482.54o477354.ru
- domain: 913560.54o477354.ru
- domain: 201.30u241207.ru
- domain: 6003.30u241207.ru
- domain: 77950.30u241207.ru
- domain: 180264.30u241207.ru
- domain: 7123001.30u241207.ru
- domain: 05b8.30u241207.ru
- domain: 964.30u241207.ru
- file: 45.155.54.62
- hash: 8080
- domain: 333.37i658094.ru
- domain: 4920.37i658094.ru
- domain: 57411.37i658094.ru
- domain: 610294.37i658094.ru
- domain: 3998107.37i658094.ru
- domain: 080.37i658094.ru
- domain: fox.wib8.ru
- domain: 72563.37i658094.ru
- domain: 925.31e854642.ru
- domain: plum.wib8.ru
- domain: 3135.31e854642.ru
- domain: 41002.31e854642.ru
- domain: 706391.31e854642.ru
- domain: mint.wib8.ru
- file: 85.208.84.208
- hash: 4411
- domain: 8451203.31e854642.ru
- url: https://xmg102.wxlmail.com/
- url: https://ustr.nouz.cn/
- url: https://sea0123.malaysiatiktok.top/
- url: https://doudouni01.top/
- url: https://doudouni12.top/
- url: https://doudouni13.top/
- url: https://doudouni15.top/
- url: https://doudouni18.top/
- url: http://106.52.154.100:8888/supershell/login
- url: http://107.174.64.180:8888/supershell/login
- url: http://47.236.166.45:8888/supershell/login
- domain: 07c9.31e854642.ru
- url: https://191.96.225.126/appstore/index.php
- url: https://185.208.156.252/u9dvjmfd/index.php
- url: http://91.92.242.27/kawt2qxfppuenm/header.php
- url: http://45.134.26.131/kawt2qxfppuenm/login.php
- url: http://79.137.196.144/
- url: http://196.251.114.38/pages/login.php
- url: https://sec0de.cc/user.php?page=login
- url: https://106.52.154.100:8888/supershell/login/
- domain: asy8808.duckdns.org
- domain: autodater.ddns.net
- domain: youth-better.gl.at.ply.gg
- domain: mirailoversddos.duckdns.org
- domain: www.montanaivest.online
- domain: www.montanaivest.space
- domain: www.montanaivest.store
- domain: forceadvance.com
- domain: 581.31e854642.ru
- file: 107.173.152.144
- hash: 8888
- file: 181.161.10.162
- hash: 8080
- file: 3.26.67.220
- hash: 554
- domain: ray.wib8.ru
- domain: 501.49o103159.ru
- domain: 8427.49o103159.ru
- domain: 30951.49o103159.ru
- domain: sail.wib8.ru
- domain: 777012.49o103159.ru
- file: 135.125.107.53
- hash: 443
- domain: 6901420.49o103159.ru
- domain: dew.wib8.ru
- domain: 118.49o103159.ru
- domain: 03452.49o103159.ru
- url: http://196.251.114.38/pages/login.php
- domain: 219.93i197934.ru
- file: 194.33.61.103
- hash: 443
- domain: pine.luv6.ru
- domain: 4084.93i197934.ru
- domain: 93055.93i197934.ru
- file: 43.225.47.23
- hash: 443
- domain: 160287.93i197934.ru
- domain: 7436901.93i197934.ru
- domain: 06d1.93i197934.ru
- domain: glow.luv6.ru
- domain: 851.93i197934.ru
- domain: cat.khoc9.ru
- file: 185.208.158.78
- hash: 4782
- domain: nest.luv6.ru
- domain: bed.sjyj1.ru
- domain: ski.jsuv0.ru
- domain: pet.rqyp1.ru
- domain: 51rteswqa.online
- file: 114.67.243.235
- hash: 8089
- domain: rim.luv6.ru
- domain: pun.wkej2.ru
- domain: its.npoj2.ru
- domain: inn.jrih5.ru
- domain: clay.luv6.ru
- domain: era.mzas7.ru
- domain: has.cqom9.ru
- domain: fern.luv6.ru
- domain: bog.qvik5.ru
- domain: jet.khoc9.ru
- domain: dusk.gyj0.ru
- domain: nod.qvik5.ru
- domain: can.jsuv0.ru
- domain: late-operates.gl.at.ply.gg
- domain: pepes18921.webredirect.org
- domain: fin.gyj0.ru
- file: 81.214.22.14
- hash: 4782
- file: 148.251.67.144
- hash: 50000
- file: 138.68.177.82
- hash: 7443
- file: 91.92.242.76
- hash: 8089
- file: 194.5.97.227
- hash: 1604
- file: 13.36.178.155
- hash: 41795
- file: 125.227.185.100
- hash: 22053
- file: 123.123.151.50
- hash: 7777
- file: 123.123.151.50
- hash: 9999
- file: 168.245.200.176
- hash: 3790
- domain: cup.mzas7.ru
- domain: ran.sjyj1.ru
- domain: pat.wkej2.ru
- domain: bark.gyj0.ru
- domain: tag.cqom9.ru
- file: 91.92.241.145
- hash: 59013
- url: https://pastebin.com/raw/fxzr3jet
- domain: ban.jrih5.ru
- file: 114.132.235.230
- hash: 443
- file: 143.92.43.246
- hash: 8011
- domain: er.npoj2.ru
- domain: muse.gyj0.ru
- domain: nap.rqyp1.ru
- domain: tray.gyj0.ru
- domain: try.sjyj1.ru
- domain: few.cqom9.ru
- domain: air.wkej2.ru
- domain: jet.gyj0.ru
- domain: lot.rqyp1.ru
- domain: art.mzas7.ru
- domain: ape.qvik5.ru
- domain: bold.jix3.ru
- domain: ow.khoc9.ru
- domain: fig.jix3.ru
- domain: fab.jsuv0.ru
- domain: yap.npoj2.ru
- domain: mist.jix3.ru
- domain: due.jrih5.ru
- domain: hay.cqom9.ru
- domain: age.jrih5.ru
- domain: hag.rqyp1.ru
- domain: wok.wkej2.ru
- url: http://103.77.241.42/1.sh
- domain: hid.mzas7.ru
- file: 119.94.50.160
- hash: 5555
- file: 47.108.117.100
- hash: 80
- file: 192.229.116.99
- hash: 8888
- file: 45.58.56.34
- hash: 8880
- domain: w1656569g.sjyj1.ru
- domain: gag.khoc9.ru
- domain: www.mona-ads.com
- file: 161.35.224.107
- hash: 7443
- file: 45.45.218.216
- hash: 8082
- file: 56.228.6.106
- hash: 27957
- file: 119.167.245.20
- hash: 10250
- file: 89.116.44.137
- hash: 443
- domain: id.qvik5.ru
- file: 31.223.81.157
- hash: 1337
- domain: tic.jsuv0.ru
- domain: rid.npoj2.ru
- domain: fur.jrih5.ru
- file: 5.175.234.16
- hash: 7010
- domain: he.qvik5.ru
- domain: out.npoj2.ru
- domain: wet.khoc9.ru
- domain: coy.rqyp1.ru
- domain: wed.wkej2.ru
- domain: example-kit.gl.at.ply.gg
- domain: throughout-groundwater.gl.at.ply.gg
- domain: maxem228666-55949.portmap.host
- file: 64.225.69.61
- hash: 7895
- domain: editor-formula.gl.at.ply.gg
- file: 38.47.221.20
- hash: 6666
- file: 154.23.184.79
- hash: 3301
- file: 154.23.184.79
- hash: 3302
- file: 154.23.184.79
- hash: 3303
- file: 103.236.70.38
- hash: 6666
- file: 103.236.70.38
- hash: 8888
- file: 103.236.70.38
- hash: 80
- domain: red.sjyj1.ru
- file: 193.233.164.21
- hash: 6000
- domain: gin.mzas7.ru
- domain: zed.jsuv0.ru
- domain: gap.rqyp1.ru
- file: 135.125.107.53
- hash: 9443
- domain: ice.jsuv0.ru
- domain: gi.khoc9.ru
- domain: gab.qvik5.ru
- domain: too.sjyj1.ru
- domain: six.jrih5.ru
- domain: hi.wkej2.ru
- file: 154.91.84.96
- hash: 9865
- domain: far.npoj2.ru
- domain: him.mzas7.ru
- file: 5.199.139.36
- hash: 80
- file: 198.55.109.241
- hash: 80
- file: 206.119.178.33
- hash: 2043
- file: 16.171.175.22
- hash: 443
- file: 195.246.231.248
- hash: 8443
- file: 193.124.205.52
- hash: 8808
- file: 157.20.182.18
- hash: 2026
- file: 79.137.196.144
- hash: 8089
- file: 15.160.191.234
- hash: 44817
- file: 176.65.148.166
- hash: 80
- file: 176.46.152.89
- hash: 80
- file: 213.176.19.66
- hash: 443
- domain: pan.cqom9.ru
- domain: yo.mzas7.ru
- domain: eh.jsuv0.ru
- domain: ai.sjyj1.ru
- domain: sap.cqom9.ru
- domain: fit.wkej2.ru
- domain: gig.jrih5.ru
- domain: gas.khoc9.ru
- domain: vet.npoj2.ru
- domain: rye.rqyp1.ru
- domain: arm.qvik5.ru
- domain: s.5e8y8.ru
- domain: h1.5e8y8.ru
- domain: v3.5e8y8.ru
- domain: 0zq.5e8y8.ru
- domain: p0.5e8y8.ru
- domain: c8.5e8y8.ru
- file: 101.200.124.250
- hash: 7890
- domain: 1m.5e8y8.ru
- domain: 384.i733643.ru
- domain: 1207.i733643.ru
- domain: 56039.i733643.ru
- file: 196.119.182.167
- hash: 10000
- domain: 740182.i733643.ru
- domain: 9031542.i733643.ru
- domain: 0615.i733643.ru
ThreatFox IOCs for 2025-10-18
0
MediumPublished: Sat Oct 18 2025 (10/18/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-10-18
AI-Powered Analysis
AILast updated: 10/19/2025, 00:10:05 UTC
Technical Analysis
This threat report from the ThreatFox MISP feed dated October 18, 2025, provides a collection of Indicators of Compromise (IOCs) related to malware activities, specifically focusing on OSINT, payload delivery, and network activity. The report does not specify any particular affected software versions or products, indicating that the IOCs are likely generic or broad-based rather than targeting a specific vulnerability. No known exploits in the wild have been reported, and no patches or remediation links are available, suggesting that this intelligence is primarily for detection and monitoring purposes rather than immediate threat mitigation. The threat level is rated as 2 on an unspecified scale, with a medium severity classification, reflecting moderate risk. The technical details indicate moderate distribution and analysis levels but do not provide concrete exploit mechanisms or payload descriptions. The absence of CWEs and detailed technical indicators limits the ability to assess the exact attack vectors or payload behaviors. Overall, this intelligence serves as a resource for security teams to update their detection signatures and network monitoring tools to identify potential malicious activity associated with these IOCs.
Potential Impact
For European organizations, the impact of this threat is primarily in the domain of enhanced situational awareness and improved detection capabilities. Since no active exploitation or specific vulnerabilities are identified, the direct risk to confidentiality, integrity, or availability is low at this time. However, failure to incorporate these IOCs into security monitoring could result in missed detection of malware payload delivery attempts or network-based reconnaissance activities. Organizations heavily reliant on network security and threat intelligence, such as financial institutions, critical infrastructure, and government agencies, may benefit from early identification of related malicious activity. The medium severity rating indicates that while the threat is not immediately critical, it warrants attention to prevent potential escalation or exploitation in the future.
Mitigation Recommendations
European organizations should integrate the provided IOCs into their existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection of related malware activities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can improve early warning capabilities. Network segmentation and strict monitoring of outbound traffic can help contain potential payload delivery attempts. Conducting threat hunting exercises using these IOCs may uncover latent infections or reconnaissance activities. Additionally, organizations should maintain robust incident response plans that incorporate OSINT-derived intelligence to quickly analyze and respond to suspicious network activity. Since no patches are available, emphasis should be placed on detection and containment rather than remediation of a specific vulnerability.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- e98d40b6-7e0b-4a07-9313-fe7240fef659
- Original Timestamp
- 1760832186
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://lh24h7tp-5500.euw.devtunnels.ms/checker/1.pdb | DCRat payload delivery URL (confidence level: 100%) | |
urlhttps://xmg102.wxlmail.com/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://ustr.nouz.cn/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://sea0123.malaysiatiktok.top/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://doudouni01.top/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://doudouni12.top/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://doudouni13.top/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://doudouni15.top/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttps://doudouni18.top/ | SpyNote payload delivery URL (confidence level: 50%) | |
urlhttp://106.52.154.100:8888/supershell/login | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://107.174.64.180:8888/supershell/login | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://47.236.166.45:8888/supershell/login | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://191.96.225.126/appstore/index.php | Amadey payload delivery URL (confidence level: 50%) | |
urlhttps://185.208.156.252/u9dvjmfd/index.php | Amadey payload delivery URL (confidence level: 50%) | |
urlhttp://91.92.242.27/kawt2qxfppuenm/header.php | Amadey payload delivery URL (confidence level: 50%) | |
urlhttp://45.134.26.131/kawt2qxfppuenm/login.php | Amadey payload delivery URL (confidence level: 50%) | |
urlhttp://79.137.196.144/ | Hook payload delivery URL (confidence level: 50%) | |
urlhttp://196.251.114.38/pages/login.php | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://sec0de.cc/user.php?page=login | Unknown Stealer botnet C2 (confidence level: 50%) | |
urlhttps://106.52.154.100:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttp://196.251.114.38/pages/login.php | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://pastebin.com/raw/fxzr3jet | XWorm botnet C2 (confidence level: 50%) | |
urlhttp://103.77.241.42/1.sh | Unknown malware payload delivery URL (confidence level: 75%) |
File
| Value | Description | Copy |
|---|---|---|
file102.117.169.163 | Unknown malware botnet C2 server (confidence level: 100%) | |
file149.88.74.72 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.72.199.97 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file196.251.86.107 | Havoc botnet C2 server (confidence level: 100%) | |
file213.209.143.167 | Bashlite botnet C2 server (confidence level: 100%) | |
file196.75.218.11 | Meterpreter botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | XWorm botnet C2 server (confidence level: 100%) | |
file188.137.180.79 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file114.67.98.107 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.21.186 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.134.255.60 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file185.112.144.245 | Sliver botnet C2 server (confidence level: 90%) | |
file87.121.79.106 | Sliver botnet C2 server (confidence level: 90%) | |
file172.94.111.55 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file137.220.145.250 | DCRat botnet C2 server (confidence level: 100%) | |
file218.212.157.249 | Unknown malware botnet C2 server (confidence level: 100%) | |
file71.79.103.3 | Unknown malware botnet C2 server (confidence level: 100%) | |
file89.23.240.21 | Unknown malware botnet C2 server (confidence level: 100%) | |
file42.98.205.186 | Unknown malware botnet C2 server (confidence level: 100%) | |
file116.49.241.4 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.14.17.104 | Unknown malware botnet C2 server (confidence level: 100%) | |
file202.128.23.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.76.128.209 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.19.136.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file110.35.142.86 | Unknown malware botnet C2 server (confidence level: 100%) | |
file119.197.86.48 | Unknown malware botnet C2 server (confidence level: 100%) | |
file114.29.89.96 | Unknown malware botnet C2 server (confidence level: 100%) | |
file14.39.94.118 | Unknown malware botnet C2 server (confidence level: 100%) | |
file121.131.45.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file212.251.145.230 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.205.51.242 | Unknown malware botnet C2 server (confidence level: 100%) | |
file119.199.107.160 | Unknown malware botnet C2 server (confidence level: 100%) | |
file222.104.130.91 | Unknown malware botnet C2 server (confidence level: 100%) | |
file70.94.36.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.193.130.88 | Unknown malware botnet C2 server (confidence level: 100%) | |
file220.92.72.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file118.91.36.181 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.77.145.112 | Unknown malware botnet C2 server (confidence level: 100%) | |
file39.109.145.78 | Unknown malware botnet C2 server (confidence level: 100%) | |
file40.84.43.13 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.216.161.8 | Unknown malware botnet C2 server (confidence level: 100%) | |
file16.171.17.38 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.204.61.251 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.59.112.102 | Unknown malware botnet C2 server (confidence level: 100%) | |
file18.135.6.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file109.73.201.245 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.70.42.0 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.248.161.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.105.192.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file198.46.143.115 | Unknown malware botnet C2 server (confidence level: 100%) | |
file168.138.228.68 | Unknown malware botnet C2 server (confidence level: 100%) | |
file119.28.6.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file41.141.124.55 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file45.155.54.62 | Unknown malware botnet C2 server (confidence level: 75%) | |
file85.208.84.208 | XWorm botnet C2 server (confidence level: 100%) | |
file107.173.152.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file181.161.10.162 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file3.26.67.220 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file135.125.107.53 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file194.33.61.103 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file43.225.47.23 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file185.208.158.78 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file114.67.243.235 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file81.214.22.14 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file148.251.67.144 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file138.68.177.82 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.92.242.76 | Hook botnet C2 server (confidence level: 100%) | |
file194.5.97.227 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file13.36.178.155 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file125.227.185.100 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file123.123.151.50 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file123.123.151.50 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file168.245.200.176 | Meterpreter botnet C2 server (confidence level: 100%) | |
file91.92.241.145 | XWorm botnet C2 server (confidence level: 50%) | |
file114.132.235.230 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file143.92.43.246 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file119.94.50.160 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file47.108.117.100 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file192.229.116.99 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.58.56.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file161.35.224.107 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.45.218.216 | Hook botnet C2 server (confidence level: 100%) | |
file56.228.6.106 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file119.167.245.20 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file89.116.44.137 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file31.223.81.157 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file5.175.234.16 | XWorm botnet C2 server (confidence level: 100%) | |
file64.225.69.61 | Remcos botnet C2 server (confidence level: 100%) | |
file38.47.221.20 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.23.184.79 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.23.184.79 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.23.184.79 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.236.70.38 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.236.70.38 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.236.70.38 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file193.233.164.21 | XWorm botnet C2 server (confidence level: 100%) | |
file135.125.107.53 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file154.91.84.96 | XWorm botnet C2 server (confidence level: 100%) | |
file5.199.139.36 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.55.109.241 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file206.119.178.33 | GobRAT botnet C2 server (confidence level: 100%) | |
file16.171.175.22 | Sliver botnet C2 server (confidence level: 100%) | |
file195.246.231.248 | Sliver botnet C2 server (confidence level: 100%) | |
file193.124.205.52 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.18 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file79.137.196.144 | Hook botnet C2 server (confidence level: 100%) | |
file15.160.191.234 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file176.65.148.166 | MooBot botnet C2 server (confidence level: 100%) | |
file176.46.152.89 | MooBot botnet C2 server (confidence level: 100%) | |
file213.176.19.66 | BianLian botnet C2 server (confidence level: 100%) | |
file101.200.124.250 | Meterpreter botnet C2 server (confidence level: 100%) | |
file196.119.182.167 | NjRAT botnet C2 server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash1717 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash80 | Bashlite botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash37356 | XWorm botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 90%) | |
hash31337 | Sliver botnet C2 server (confidence level: 90%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash443 | DCRat botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2222 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3389 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 75%) | |
hash4411 | XWorm botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash554 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8089 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash50000 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash1604 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash41795 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash22053 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash7777 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash9999 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash59013 | XWorm botnet C2 server (confidence level: 50%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8011 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8082 | Hook botnet C2 server (confidence level: 100%) | |
hash27957 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash1337 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash7010 | XWorm botnet C2 server (confidence level: 100%) | |
hash7895 | Remcos botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3301 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3302 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3303 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6000 | XWorm botnet C2 server (confidence level: 100%) | |
hash9443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash9865 | XWorm botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2043 | GobRAT botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2026 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash44817 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | BianLian botnet C2 server (confidence level: 100%) | |
hash7890 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash10000 | NjRAT botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domain06342.99y401874.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain740.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2215.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain60012.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain918274.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3007812.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain05a9.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain889.08u073852.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain431.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9023.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain100587.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7652190.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain028.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain34972.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain581004.11u812580.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain777.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1205.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain45019.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain620714.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5002201.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain984.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain04137.60e533569.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain324.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8321.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintubifly.com | Cobalt Strike botnet C2 domain (confidence level: 100%) | |
domainhomeoffice.dmg-tech.com | Unknown malware botnet C2 domain (confidence level: 100%) | |
domain55027.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7001845.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain169.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0482.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain913560.54o477354.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain201.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6003.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain77950.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain180264.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7123001.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain05b8.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain964.30u241207.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain333.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4920.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain57411.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain610294.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3998107.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain080.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfox.wib8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain72563.37i658094.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain925.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainplum.wib8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3135.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain41002.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain706391.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmint.wib8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8451203.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain07c9.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainasy8808.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainautodater.ddns.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainyouth-better.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainmirailoversddos.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domainwww.montanaivest.online | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.montanaivest.space | Remcos botnet C2 domain (confidence level: 50%) | |
domainwww.montanaivest.store | Remcos botnet C2 domain (confidence level: 50%) | |
domainforceadvance.com | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domain581.31e854642.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainray.wib8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain501.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8427.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain30951.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsail.wib8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain777012.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6901420.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindew.wib8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain118.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain03452.49o103159.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain219.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpine.luv6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4084.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain93055.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain160287.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7436901.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain06d1.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglow.luv6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain851.93i197934.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincat.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnest.luv6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbed.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainski.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpet.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain51rteswqa.online | Cobalt Strike botnet C2 domain (confidence level: 75%) | |
domainrim.luv6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpun.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainits.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaininn.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclay.luv6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainera.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhas.cqom9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfern.luv6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbog.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjet.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindusk.gyj0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnod.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincan.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlate-operates.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainpepes18921.webredirect.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainfin.gyj0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincup.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainran.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpat.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbark.gyj0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintag.cqom9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainban.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainer.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmuse.gyj0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnap.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintray.gyj0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintry.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfew.cqom9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainair.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjet.gyj0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlot.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainart.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainape.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbold.jix3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainow.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfig.jix3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfab.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyap.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmist.jix3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindue.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhay.cqom9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainage.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhag.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwok.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhid.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw1656569g.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingag.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.mona-ads.com | Unknown RAT botnet C2 domain (confidence level: 100%) | |
domainid.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintic.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrid.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfur.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhe.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainout.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwet.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincoy.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwed.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainexample-kit.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainthroughout-groundwater.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainmaxem228666-55949.portmap.host | XWorm botnet C2 domain (confidence level: 100%) | |
domaineditor-formula.gl.at.ply.gg | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainred.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingin.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzed.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingap.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainice.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingi.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingab.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintoo.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsix.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhi.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfar.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhim.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpan.cqom9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyo.mzas7.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineh.jsuv0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainai.sjyj1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsap.cqom9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfit.wkej2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingig.jrih5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingas.khoc9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvet.npoj2.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrye.rqyp1.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainarm.qvik5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv3.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0zq.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp0.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc8.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1m.5e8y8.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain384.i733643.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1207.i733643.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain56039.i733643.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain740182.i733643.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9031542.i733643.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0615.i733643.ru | ClearFake payload delivery domain (confidence level: 100%) |
Threat ID: 68f42bc1512992bed08622fc
Added to database: 10/19/2025, 12:07:29 AM
Last enriched: 10/19/2025, 12:10:05 AM
Last updated: 10/19/2025, 10:09:11 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
MediumMalwareSun Oct 19 2025
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
MediumMalwareSun Oct 19 2025
Winos 4.0 hackers expand to Japan and Malaysia with new malware
MediumMalwareSat Oct 18 2025
ThreatFox IOCs for 2025-10-17
MediumMalwareSat Oct 18 2025
Malicious package with AdaptixC2 framework agent found in npm registry
MediumMalwareFri Oct 17 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.