Reconnecting to live updates…
ThreatFox IOCs for 2025-10-25
Severity: mediumType: malware
ThreatFox IOCs for 2025-10-25
AI Analysis
Technical Summary
The provided data describes a ThreatFox IOC update dated October 25, 2025, categorized under malware with emphasis on OSINT, payload delivery, and network activity. ThreatFox is a platform that aggregates and shares Indicators of Compromise to assist cybersecurity professionals in identifying and mitigating threats. This entry does not specify particular malware families, affected software versions, or detailed technical indicators such as hashes, IP addresses, or domains. The threat level is rated as medium with a threatLevel score of 2, analysis score of 1, and distribution score of 3, indicating moderate concern and distribution but limited analysis depth. No known exploits are currently active in the wild, and no patches or mitigations are linked, suggesting this is primarily an intelligence update rather than a new vulnerability or active attack vector. The tags and categories indicate the focus is on OSINT-driven detection of payload delivery mechanisms and network activity patterns. The absence of CWEs or specific vulnerabilities further supports that this is an intelligence feed entry rather than a direct security flaw. The UUID and timestamps provide traceability within the ThreatFox system but do not add technical exploit details. Overall, this entry serves as a resource to improve detection and response capabilities rather than signaling an immediate threat requiring urgent remediation.
Potential Impact
The impact of this IOC update on European organizations is indirect and primarily related to enhancing threat detection and situational awareness. Since no active exploits or vulnerabilities are detailed, there is no immediate risk of compromise, data loss, or service disruption. However, organizations that integrate ThreatFox IOCs into their security monitoring tools can improve their ability to detect payload delivery attempts and suspicious network activity associated with malware campaigns. This can reduce dwell time and improve incident response effectiveness. The medium severity rating reflects the potential value of these IOCs in identifying emerging threats but also the absence of direct exploitation. European sectors with high-value targets, such as finance, critical infrastructure, and government, may benefit from incorporating these IOCs to preemptively detect adversary activity. The lack of patch availability means organizations must rely on detection and response rather than vulnerability remediation. Overall, the impact is positive in terms of threat intelligence enrichment but does not represent an immediate operational threat.
Mitigation Recommendations
To effectively leverage this IOC update, European organizations should integrate the provided ThreatFox IOCs into their existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can enhance early detection of payload delivery attempts and suspicious network activity. Organizations should conduct threat hunting exercises using these IOCs to identify potential compromises proactively. Since no patches are available, emphasis should be placed on network segmentation, strict egress filtering, and anomaly detection to limit the impact of any detected payload delivery. Security teams should also share relevant findings with national and European cybersecurity information sharing organizations such as ENISA to improve collective defense. Training and awareness programs should highlight the importance of OSINT-based threat intelligence in detecting emerging threats. Finally, organizations should maintain robust incident response plans to quickly contain and remediate any detected malicious activity.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
Indicators of Compromise
- hash: 9ffc66cfdbe4780957925370962a69757cb000b30e7dfa5788f160670364a326
- hash: 3930988ec97fe425cf4441f22dc4dca0aa086b3c7100ee2f67e13fe80b804151
- hash: 6bffe01c34b9ec6e91e6392b305ae7398918f7f996ae9858ea6c6d9b4499c6f0
- file: 45.94.31.42
- hash: 7777
- file: 220.121.11.221
- hash: 8443
- file: 145.40.252.206
- hash: 8443
- file: 221.163.215.226
- hash: 8443
- file: 138.75.120.161
- hash: 8443
- file: 152.42.197.32
- hash: 80
- file: 116.62.151.244
- hash: 3333
- file: 44.217.119.131
- hash: 443
- file: 159.203.70.73
- hash: 443
- file: 178.254.12.89
- hash: 3333
- file: 91.98.114.154
- hash: 443
- file: 128.140.12.121
- hash: 3333
- file: 157.90.231.173
- hash: 443
- file: 135.181.101.129
- hash: 3333
- domain: cpanel.sayyesmovement.ca
- file: 151.245.54.181
- hash: 31337
- file: 144.172.98.81
- hash: 911
- file: 79.133.46.74
- hash: 65432
- file: 128.0.118.72
- hash: 8090
- domain: ik.yjor.ru
- domain: rz.zi-qa.ru
- domain: rz3.1e2u2a0.ru
- domain: w5en.cdn-6-38.ru
- domain: v8.ziqa.ru
- domain: d9.4a7vci9.ru
- domain: aa.b2-ra.ru
- file: 8.210.134.138
- hash: 5858
- domain: c4hz.cdn-6-38.ru
- domain: mi.g-lim.ru
- domain: p0la.cdn-6-38.ru
- domain: mc.jeqr.ru
- domain: kl.ko-lu.ru
- domain: q3x.4a7vci9.ru
- domain: ke.loxr.ru
- domain: n7xs.cdn-6-38.ru
- domain: 0p.m7lo.ru
- domain: m0k4.4a7vci9.ru
- domain: 7p.meqt.ru
- domain: 6b.n-jur.ru
- domain: sw.njur.ru
- domain: r8gk.fv0-93.ru
- domain: oz.plx-5.ru
- domain: a1.4a7vci9.ru
- domain: w3ta.fv0-93.ru
- domain: 07.plx5.ru
- domain: y7p2.4a7vci9.ru
- domain: ue.r8li.ru
- domain: jd5.fv0-93.ru
- domain: b7.rvox.ru
- domain: 90.slaq.ru
- domain: 5qzn.fv0-93.ru
- domain: oe.su-4n.ru
- domain: vz8.4a7vci9.ru
- domain: 03.su4n.ru
- domain: ck4v.fv0-93.ru
- domain: 11.t4mox.ru
- domain: 2p.twy-0.ru
- domain: u1jd.fv0-93.ru
- domain: t2.9i3mpa6.ru
- domain: we.twy0.ru
- domain: yf.vuln5.ru
- domain: pz7h.xb1-60.ru
- domain: 5q.x-vo4.ru
- domain: s4.xer-o.ru
- domain: kz1.9i3mpa6.ru
- file: 47.121.135.201
- hash: 443
- file: 186.169.57.143
- hash: 5061
- file: 143.198.158.122
- hash: 443
- file: 46.224.19.128
- hash: 443
- file: 35.220.199.172
- hash: 8443
- domain: n4wq.xb1-60.ru
- file: 178.16.54.184
- hash: 9090
- file: 196.251.116.232
- hash: 7443
- file: 37.72.168.176
- hash: 443
- file: 182.16.11.155
- hash: 8088
- file: 182.16.11.157
- hash: 8088
- file: 182.16.11.156
- hash: 8088
- file: 173.212.216.226
- hash: 8080
- file: 178.16.53.135
- hash: 4321
- file: 196.75.76.28
- hash: 2222
- file: 23.22.39.162
- hash: 80
- domain: d8.xvo4.ru
- domain: w9.yjor.ru
- domain: kj.zi-qa.ru
- domain: x7m.9i3mpa6.ru
- domain: fm.ziqa.ru
- domain: t8kc.xb1-60.ru
- domain: 1c.b2-ra.ru
- domain: p0.9i3mpa6.ru
- domain: ry.g-lim.ru
- domain: j2yr.xb1-60.ru
- domain: 6d.jeqr.ru
- domain: c6.ko-lu.ru
- domain: h3v9.9i3mpa6.ru
- domain: m6dx.xb1-60.ru
- domain: 20.loxr.ru
- domain: bf.m7lo.ru
- domain: qv5a.xb1-60.ru
- domain: c4w.9i3mpa6.ru
- file: 23.160.168.167
- hash: 4122
- file: 188.215.31.4
- hash: 5552
- domain: leetaka1337.no-ip.org
- domain: fogueteiro.webhop.biz
- file: 103.86.44.18
- hash: 69
- domain: 40.n-jur.ru
- domain: n4.5u5vbu6.ru
- domain: g1tb.xf7-27.ru
- domain: 9y.njur.ru
- domain: s9lp.xf7-27.ru
- domain: b8q.5u5vbu6.ru
- domain: fx.plx5.ru
- domain: r0z1.5u5vbu6.ru
- url: http://154.36.184.35/
- url: https://reddesignandprint.co.uk/huc/?id=isaqt4rg5oquuggm
- url: https://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/?id=isaqt4rg5oquuggm
- domain: 0wr.xf7-27.ru
- url: https://5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server4.nisdably.com/
- url: https://ww25.5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server2.ninhaine.com/
- url: https://pastebin.com/raw/qphtbsru
- domain: assettocorsamain.duckdns.org
- file: 73.125.85.148
- hash: 4782
- domain: cards-latin.gl.at.ply.gg
- domain: customers-commander.gl.at.ply.gg
- domain: law-necklace.gl.at.ply.gg
- domain: message-their.gl.at.ply.gg
- domain: perfect-shut.gl.at.ply.gg
- domain: qiuehwefu-62319.portmap.host
- file: 188.64.133.147
- hash: 24419
- file: 188.64.133.147
- hash: 8828
- file: 213.176.79.35
- hash: 3232
- url: http://doupfate.ml/panel/fre.php
- domain: mirainetvbot.duckdns.org
- domain: cofof37797-42209.portmap.host
- domain: final-highlight.gl.at.ply.gg
- file: 147.185.221.212
- hash: 45283
- domain: joiner.best
- domain: yn.r8li.ru
- domain: w.5u5vbu6.ru
- domain: k3um.xf7-27.ru
- domain: modgovindia.com
- domain: newforsomething.rest
- domain: segy.zip
- domain: segy.shop
- domain: segy.cc
- domain: segy2.cc
- domain: aw.rvox.ru
- domain: y8ce.xf7-27.ru
- domain: rg.slaq.ru
- file: 1.94.53.8
- hash: 80
- file: 196.251.115.229
- hash: 2404
- file: 185.29.10.122
- hash: 2404
- file: 195.246.230.161
- hash: 8443
- file: 182.255.46.151
- hash: 443
- file: 145.241.249.54
- hash: 8443
- file: 31.57.97.136
- hash: 8808
- file: 95.9.236.210
- hash: 9999
- file: 34.29.218.146
- hash: 7443
- file: 54.179.178.191
- hash: 443
- file: 69.197.183.159
- hash: 8000
- file: 185.91.127.173
- hash: 6000
- file: 159.223.50.225
- hash: 80
- file: 43.229.150.111
- hash: 4321
- file: 54.205.208.230
- hash: 22322
- file: 45.14.246.128
- hash: 5555
- file: 62.60.131.249
- hash: 80
- domain: g6k2.5u5vbu6.ru
- domain: o4.su-4n.ru
- domain: b4nz.xf7-27.ru
- domain: ba.su4n.ru
- domain: ak.t4mox.ru
- domain: amber.fenod.online
- domain: m3t.5u5vbu6.ru
- domain: 9f.twy-0.ru
- url: http://196.251.81.93/hmfd8ejds/login.php
- url: http://mail.logrecovery.com/hmfd8ejds/login.php
- url: http://www.logrecovery.com/hmfd8ejds/login.php
- url: http://ns2.logrecovery.com/hmfd8ejds/login.php
- file: 207.180.216.244
- hash: 443
- domain: rn.twy0.ru
- file: 60.163.142.133
- hash: 10250
- file: 70.183.54.124
- hash: 8080
- file: 77.110.100.54
- hash: 443
- domain: iyr1c.fenod.online
- domain: a1.vuln5.ru
- domain: fern.sne4p.online
- file: 184.82.96.153
- hash: 444
- domain: 6y.x-vo4.ru
- domain: 8h.xer-o.ru
- domain: prism.fenod.online
- domain: bark.sne4p.online
- domain: 9o.xvo4.ru
- file: 147.185.221.229
- hash: 50473
- domain: ln.yjor.ru
- domain: flint.fenod.online
- file: 158.94.208.93
- hash: 443
- domain: m1nt.sne4p.online
- domain: 3u.zi-qa.ru
- file: 158.94.208.98
- hash: 443
- domain: alumibro.asia
- domain: meeukdt.locker
- domain: cedar.fenod.online
- domain: lf.ziqa.ru
- url: http://196.251.81.93/hmfd8ejds/index.php
- file: 196.251.88.188
- hash: 8808
- file: 139.199.157.125
- hash: 8443
- file: 81.94.94.99
- hash: 8443
- file: 135.23.161.85
- hash: 8443
- file: 24.10.126.194
- hash: 8443
- file: 207.38.227.101
- hash: 8443
- file: 211.114.133.103
- hash: 8443
- file: 108.168.8.135
- hash: 8443
- file: 61.76.175.46
- hash: 8443
- file: 210.222.156.151
- hash: 8443
- file: 222.112.130.92
- hash: 8443
- file: 37.203.250.52
- hash: 8443
- file: 220.121.206.37
- hash: 8443
- file: 14.44.67.60
- hash: 8443
- file: 166.88.142.69
- hash: 3333
- file: 148.230.99.234
- hash: 3333
- file: 192.210.235.240
- hash: 80
- domain: y2.b2-ra.ru
- domain: zebra.fenod.online
- domain: 5w.g-lim.ru
- domain: r0se.sne4p.online
- domain: 4f.jeqr.ru
- url: https://68gamewin7.shop/
- url: https://freelawchat.ai/captcha/?pop
- url: https://urlz.fr/urco
- url: https://whitebarsunlight.top/wwww/daily/top
- url: https://willowabbyoptimization-dot-elite-magpie-462511-c4.uc.r.appspot.com/?c=1iidkbycruqugh1xeflymky8o8xbzz_govxczm4l7agu&q=0&r=19a0ca4afc628ad9&z=1761148710684&o=https://maccablog.com/how-to-safely-update-the-electrical-systems-in-your-home/
- url: https://5w.g-lim.ru/9xfc0noz
- url: https://zebra.fenod.online/8ozkn69k3n.sh
- url: https://up.freeandlast.com/app.bin
- url: https://4f.jeqr.ru/ql3qfvot
- url: https://www.npa-eportal.digital-service.elster-de.status-drive.top/eportal/
- url: https://package2879-core-maht-improved.s3.ap-northeast-2.amazonaws.com/yw87ybm77yrtva
- domain: www.npa-eportal.digital-service.elster-de.status-drive.top
- domain: package2879-core-maht-improved.s3.ap-northeast-2.amazonaws.com
- url: https://avsomi.co/categories/
- domain: lm.ko-lu.ru
- url: http://178.16.55.189/sky/clinet.exe
- domain: tide.sne4p.online
- domain: maple.q0spi.online
- domain: lb.loxr.ru
- domain: gamedb.shop
- domain: cloudupdate.cfd
- domain: cybertecha.shop
- domain: browsertools.shop
- domain: raven.q0spi.online
- domain: 8t.m7lo.ru
- domain: i3.meqt.ru
- domain: azure.q0spi.online
- domain: 2t.n-jur.ru
- domain: v0id.sne4p.online
- domain: grain.q0spi.online
- domain: 9i.njur.ru
- hash: 9ffc1446b20f86295bd48ea59037bc48a2258884a7ae9df27cb21ec49671bca5
- hash: 805f6c57b3ae3337c585c473536f4e2a6e876bbe786f04cc61fb14cba1074ee3
- hash: 654a646061bebc74ef1f6d293b361c56f6606b97c10d868c49be32644bd27826
- hash: 9cc4bcedcd9de532ff0d785ff0b37e8b55791d823f638f0edc39f836d7ff4c91
- hash: b54311c6ccdd664babdc1c0a009d3432d4da71fbef4b72f4380e10e90409fe3d
- hash: c232a955b38134091bef955bb14f428113cd93ad5e217e675a286a4356378c05
- hash: 7301372b7078f8c757d024af36816c34d1808d4413b26664b4f06dd7faacd887
- hash: 7f5fc9cc2053f60376e386576380e6e682c4b9211bc4c0db70f72a3d91ad5e32
- hash: 754e0f1f6787af5032234b1d729f76339e4ddc9ef3ac6c1dc927f8f91b5b2fb2
- hash: 59b2255d1b16d4018fc5e548401d3da0edef578b687396f164615ba8e5c4dd05
- hash: 61bd90820d5adbddba2dd56a5d91426062ce400b7825f65d553dc47347a1a01a
- hash: 7ecbe3ff34cdb817793dedf8c55aef4d14088498420ddd2d767d1b53c5688130
- hash: e9d5972bcbbd7ccd746fb036437387275b7991386abf877b2558bab891137428
- hash: c97d04cf473f9e70d953c64b4dc0adc9a9d7ca8cd91cdac4110372ba71b72008
- hash: eb1804e0f2590159bcf3276b2b2f9252cc7051b4a5107bf49d99eec126a81248
- hash: dae374886069d53a18030df9941dd51caf3edfa4ab3543a1b2351676441ffa17
- hash: 1508afeeabdab62325c58f207c472a1eb2ffcdc09e678f72aa1658fcd1de3d5b
- hash: 7437b69717892a0dcaf9c1c9b9d03b151a8a425a3bb3c6d34eb8997a29dc8b22
- hash: 9d8f7028b8353aadb03d8f1eb44b826609d986f9eca2f050904912b028907e71
- hash: e8e317afe87eabd1f0569bda7b25b554897e7d155b2c330ad5b644ead75c47ea
- hash: b7d8722aa4349ac47c5d7d38f3dcede52b217c2f85aeb1ab8fa51157eeab5906
- hash: ff1ec9414064df1bffc804b44affc66b11ba3d6c167eba9fd9eb0cb6a2262ec3
- hash: 607f9c734b6fcc98809442d12d8c024e297c89765f46f5cfc591051d8666e1a0
- hash: 2da7fffdeac33515edf7d8dde242f8dbebc780021bce33829f45ed5ec603a381
- hash: b704adf6c260719c6edf2dd3ab66649f0fd9f0e0be4d2ff245dd463595cc2f41
- hash: 804f90f325f7ffc113aea0a4f417964b2e8a727d642d751a4290453b18164bf3
- hash: 3ea399617401b1ba8421b7df0aadae4e2130644ef19b752ed255dcabbd2b5e42
- hash: 5055e9222ea659c2d8b6b143ffffc7b9dbbf07b144ed9e85996bf3aaa75f328c
- hash: 02167fa4c026eb3b4ea925e833e91ca9d76d6605a3c641a990af8d6464c86a2c
- hash: 6c3984139cc4b6a62d0c82c1c911c67cd053b8a0f8d12d9891d4332bbfabf6d0
- hash: 74e19628c9f8e24cec30eca2adf2836905dd0102cb519102b4c8fe29034f7d7e
- hash: 5d8eeb0b2774be5d88735f6f4e7097865cf6862e07279d1fc680f6b4bdff8d5e
- hash: 454ebdcdaa6870923e34c005bb7ba12decb09c5531e8e2cb4efdf79cbe7e3eaf
- hash: d3d6c64ed37ae0fa3a40847903075607c2e94a3f4e9b058b52adf73859fad19c
- hash: e20adf46bf820dee6541604630b99ddd1ff6466a80c929c9b5cd1ac4df2faf41
- hash: 4b4edd4547f22b7e32b57ce27f750a3671609b838c30d5b7478fd4fc6491e223
- hash: 5f3769ec16f8aec7da00d245ec9bf42193e910b9daad4694fb7b74a76c3e5515
- hash: aa90218dacfc96ddaf18d486f3418bfbfa49bf828e77b8e191727b93b7b98d90
- hash: eac0dfd47d920923cc375027178bd0c2e1e02f9c6188262079e2f2da55d0e7ff
- hash: c7d670a42beb908111dfe044c679c83aeaea01441111b1f81364c5a1bca64e3d
- hash: bafb54182ae53e41a305fa1f2772a5fbd06a10b7b80264414029b64250d3eccf
- domain: 28.plx-5.ru
- file: 196.251.72.69
- hash: 1948
- domain: qu1rk.q0spi.online
- domain: 8q.r8li.ru
- domain: pearl.q0spi.online
- domain: kh.rvox.ru
- domain: tlgrm-redirect.icu
- domain: w7.slaq.ru
- url: https://tlgrm-redirect.icu/1.txt
- file: 159.203.100.206
- hash: 25565
- domain: links-rwanda.gl.at.ply.gg
- domain: single-finally.gl.at.ply.gg
- file: 139.180.131.34
- hash: 10001
- domain: wanfeng168.top
- file: 165.154.5.76
- hash: 7443
- file: 125.25.110.70
- hash: 7443
- url: https://www.bn.cail1teve.mydns.bz/
- file: 103.86.44.18
- hash: 73
- file: 103.86.44.18
- hash: 288
- domain: clay.uht3o.online
- domain: cybergate.myvnc.com
- domain: mahmoudzoroo.myftp.biz
- url: https://de78.toptubereviews.top/
- domain: 0g.su-4n.ru
- url: http://www.szonlane.net/lertyui9/gerty56/fre.php
- domain: peak.uht3o.online
- domain: 0xide.lizqa.online
- domain: xd.su4n.ru
- domain: gale.uht3o.online
- domain: 81.t4mox.ru
- domain: plush.lizqa.online
- domain: d2.twy-0.ru
- domain: charm.lizqa.online
- domain: au.twy0.ru
- file: 187.10.174.10
- hash: 443
- domain: zl.vuln5.ru
- domain: candy.lizqa.online
- domain: cd.x-vo4.ru
- domain: wm.xer-o.ru
- domain: tidal.lizqa.online
- domain: yu.xvo4.ru
- domain: ve1l.uht3o.online
- domain: nexu5.lizqa.online
- domain: y5.yjor.ru
- domain: p1.zi-qa.ru
- domain: l00m.uht3o.online
- domain: qh.ziqa.ru
- domain: fern.sne-4-p.online
- domain: x2.b2-ra.ru
- domain: mist.sne-4-p.online
- domain: 5b.g-lim.ru
- domain: j5.jeqr.ru
- file: 196.251.81.93
- hash: 80
- domain: z1.ko-lu.ru
- domain: sk.loxr.ru
- domain: gl0w.sne-4-p.online
- domain: 9z.m7lo.ru
- file: 124.66.208.108
- hash: 69
- domain: m0ss.uht3o.online
- url: https://unembel.locker/api
- domain: nobles.locker
- domain: unembel.locker
- file: 196.251.115.117
- hash: 2404
- file: 182.182.165.151
- hash: 31337
- file: 5.231.70.68
- hash: 808
- file: 125.32.67.136
- hash: 10001
- file: 179.43.126.100
- hash: 4444
- file: 178.172.227.128
- hash: 80
- domain: tk.n-jur.ru
- domain: bark.sne-4-p.online
- domain: 8v.njur.ru
- domain: e8.plx-5.ru
- domain: 1o.r8li.ru
- domain: tide.sne-4-p.online
- domain: el.rvox.ru
- domain: mist.jg-7-ra.online
- domain: 0y.slaq.ru
- domain: co.su-4n.ru
- domain: c0al.sne-4-p.online
- domain: s0il.jg-7-ra.online
- domain: 21.su4n.ru
- domain: 5e.t4mox.ru
- domain: v7mx.y-p-19.ru
- domain: fd.twy-0.ru
- domain: c2hf.y-p-19.ru
- domain: os.twy0.ru
- domain: 3ql.y-p-19.ru
- domain: s7.vuln5.ru
- domain: 212.ip.gl.ply.gg
- file: 136.0.157.34
- hash: 6606
- file: 136.0.157.34
- hash: 7707
- file: 136.0.157.34
- hash: 8808
- url: http://mi.overlapsnowbound.com
- domain: know-studied.gl.at.ply.gg
- file: 124.66.208.108
- hash: 73
- file: 124.66.208.108
- hash: 288
- file: 122.10.24.243
- hash: 6666
- file: 122.10.24.243
- hash: 8888
- file: 122.10.24.243
- hash: 80
- domain: ui.x-vo4.ru
- domain: z5kr.y-p-19.ru
- domain: sp.xer-o.ru
- domain: dawn.jg-7-ra.online
- domain: l4.xvo4.ru
- domain: q3.yjor.ru
- domain: u9tw.y-p-19.ru
- file: 117.169.5.67
- hash: 10250
- file: 196.251.114.32
- hash: 2404
- file: 37.221.67.185
- hash: 31337
- domain: wf.zi-qa.ru
- file: 54.215.110.48
- hash: 55615
- file: 62.106.66.157
- hash: 8080
- file: 95.9.236.210
- hash: 888
- domain: bd.ziqa.ru
- domain: h1gd.y-p-19.ru
- domain: v0.b2-ra.ru
- domain: a7px.i-d-96.ru
- domain: bw.g-lim.ru
- domain: 6t.jeqr.ru
- domain: r1se.jg-7-ra.online
- domain: 8d.ko-lu.ru
- domain: r0ce.i-d-96.ru
- domain: kf.loxr.ru
- domain: v1.0ouuky0.ru
- domain: r3.m7lo.ru
- file: 47.92.220.70
- hash: 8443
- file: 81.91.177.192
- hash: 9000
- file: 16.79.127.166
- hash: 60000
- domain: ms.meqt.ru
- domain: cr.n-jur.ru
- domain: w6jl.i-d-96.ru
- domain: 33.njur.ru
- domain: x7.plx-5.ru
- domain: d3yk.i-d-96.ru
- domain: w4.r8li.ru
- domain: 7w.rvox.ru
- domain: t4ub.i-d-96.ru
- domain: l0.slaq.ru
- domain: q0h3.0ouuky0.ru
- domain: m9sn.i-d-96.ru
- domain: yb.su-4n.ru
- domain: s.0ouuky0.ru
- domain: ru.su4n.ru
- domain: 52.t4mox.ru
- domain: k1zw.i-c-81.ru
- domain: y5n.0ouuky0.ru
- domain: nn.twy-0.ru
- domain: y3pq.i-c-81.ru
- domain: sq.twy0.ru
- domain: f8rn.i-c-81.ru
- domain: jg.vuln5.ru
- file: 194.107.126.124
- hash: 6379
- domain: 2lh.i-c-81.ru
- domain: wj.x-vo4.ru
- domain: ma.xer-o.ru
- domain: n5vx.i-c-81.ru
- domain: 0q.xvo4.ru
- domain: s0ga.i-c-81.ru
- domain: iv.yjor.ru
- file: 175.178.98.112
- hash: 443
- domain: q6yt.o-b-79.ru
- domain: e1mk.o-b-79.ru
- domain: 7d.ziqa.ru
- url: https://nobles.locker/api
- domain: 4wj.o-b-79.ru
- url: https://pitchz.locker/api
- domain: ge1.xa5r.ru
- domain: x2z.7aoasu3.ru
- file: 64.188.64.59
- hash: 3333
- domain: x9pa.o-b-79.ru
- domain: did.vex0.ru
- domain: 7rcl.o-b-79.ru
- domain: raw.ju5q.ru
- domain: p0sb.o-b-79.ru
- domain: mob.m4rj.ru
- domain: z3mp.4-l8u.ru
- domain: dip.qen9.ru
- domain: m7y1.7aoasu3.ru
ThreatFox IOCs for 2025-10-25
0
MediumPublished: Sat Oct 25 2025 (10/25/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-10-25
AI-Powered Analysis
AILast updated: 10/26/2025, 00:26:24 UTC
Technical Analysis
The provided data describes a ThreatFox IOC update dated October 25, 2025, categorized under malware with emphasis on OSINT, payload delivery, and network activity. ThreatFox is a platform that aggregates and shares Indicators of Compromise to assist cybersecurity professionals in identifying and mitigating threats. This entry does not specify particular malware families, affected software versions, or detailed technical indicators such as hashes, IP addresses, or domains. The threat level is rated as medium with a threatLevel score of 2, analysis score of 1, and distribution score of 3, indicating moderate concern and distribution but limited analysis depth. No known exploits are currently active in the wild, and no patches or mitigations are linked, suggesting this is primarily an intelligence update rather than a new vulnerability or active attack vector. The tags and categories indicate the focus is on OSINT-driven detection of payload delivery mechanisms and network activity patterns. The absence of CWEs or specific vulnerabilities further supports that this is an intelligence feed entry rather than a direct security flaw. The UUID and timestamps provide traceability within the ThreatFox system but do not add technical exploit details. Overall, this entry serves as a resource to improve detection and response capabilities rather than signaling an immediate threat requiring urgent remediation.
Potential Impact
The impact of this IOC update on European organizations is indirect and primarily related to enhancing threat detection and situational awareness. Since no active exploits or vulnerabilities are detailed, there is no immediate risk of compromise, data loss, or service disruption. However, organizations that integrate ThreatFox IOCs into their security monitoring tools can improve their ability to detect payload delivery attempts and suspicious network activity associated with malware campaigns. This can reduce dwell time and improve incident response effectiveness. The medium severity rating reflects the potential value of these IOCs in identifying emerging threats but also the absence of direct exploitation. European sectors with high-value targets, such as finance, critical infrastructure, and government, may benefit from incorporating these IOCs to preemptively detect adversary activity. The lack of patch availability means organizations must rely on detection and response rather than vulnerability remediation. Overall, the impact is positive in terms of threat intelligence enrichment but does not represent an immediate operational threat.
Mitigation Recommendations
To effectively leverage this IOC update, European organizations should integrate the provided ThreatFox IOCs into their existing security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs can enhance early detection of payload delivery attempts and suspicious network activity. Organizations should conduct threat hunting exercises using these IOCs to identify potential compromises proactively. Since no patches are available, emphasis should be placed on network segmentation, strict egress filtering, and anomaly detection to limit the impact of any detected payload delivery. Security teams should also share relevant findings with national and European cybersecurity information sharing organizations such as ENISA to improve collective defense. Training and awareness programs should highlight the importance of OSINT-based threat intelligence in detecting emerging threats. Finally, organizations should maintain robust incident response plans to quickly contain and remediate any detected malicious activity.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 8bb49f2d-fe29-4056-942c-d4b93112e18f
- Original Timestamp
- 1761436986
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash9ffc66cfdbe4780957925370962a69757cb000b30e7dfa5788f160670364a326 | Unknown Stealer payload (confidence level: 100%) | |
hash3930988ec97fe425cf4441f22dc4dca0aa086b3c7100ee2f67e13fe80b804151 | Unknown Stealer payload (confidence level: 100%) | |
hash6bffe01c34b9ec6e91e6392b305ae7398918f7f996ae9858ea6c6d9b4499c6f0 | Unknown Stealer payload (confidence level: 100%) | |
hash7777 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash911 | Crimson RAT botnet C2 server (confidence level: 100%) | |
hash65432 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash8090 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5858 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5061 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9090 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Havoc botnet C2 server (confidence level: 100%) | |
hash8088 | DCRat botnet C2 server (confidence level: 100%) | |
hash8088 | DCRat botnet C2 server (confidence level: 100%) | |
hash8088 | DCRat botnet C2 server (confidence level: 100%) | |
hash8080 | Chaos botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | Empire Downloader botnet C2 server (confidence level: 100%) | |
hash4122 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash5552 | NjRAT botnet C2 server (confidence level: 100%) | |
hash69 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash4782 | AsyncRAT botnet C2 server (confidence level: 50%) | |
hash24419 | DCRat botnet C2 server (confidence level: 50%) | |
hash8828 | DCRat botnet C2 server (confidence level: 50%) | |
hash3232 | DCRat botnet C2 server (confidence level: 50%) | |
hash45283 | XWorm botnet C2 server (confidence level: 50%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9999 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8000 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash6000 | DCRat botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash4321 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash22322 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash5555 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | AMOS botnet C2 server (confidence level: 100%) | |
hash443 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash444 | Havoc botnet C2 server (confidence level: 75%) | |
hash50473 | NjRAT botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash443 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8443 | DeimosC2 botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9ffc1446b20f86295bd48ea59037bc48a2258884a7ae9df27cb21ec49671bca5 | Unknown malware payload (confidence level: 50%) | |
hash805f6c57b3ae3337c585c473536f4e2a6e876bbe786f04cc61fb14cba1074ee3 | Unknown malware payload (confidence level: 50%) | |
hash654a646061bebc74ef1f6d293b361c56f6606b97c10d868c49be32644bd27826 | Unknown malware payload (confidence level: 50%) | |
hash9cc4bcedcd9de532ff0d785ff0b37e8b55791d823f638f0edc39f836d7ff4c91 | Unknown malware payload (confidence level: 50%) | |
hashb54311c6ccdd664babdc1c0a009d3432d4da71fbef4b72f4380e10e90409fe3d | Unknown malware payload (confidence level: 50%) | |
hashc232a955b38134091bef955bb14f428113cd93ad5e217e675a286a4356378c05 | Unknown malware payload (confidence level: 50%) | |
hash7301372b7078f8c757d024af36816c34d1808d4413b26664b4f06dd7faacd887 | Unknown malware payload (confidence level: 50%) | |
hash7f5fc9cc2053f60376e386576380e6e682c4b9211bc4c0db70f72a3d91ad5e32 | Unknown malware payload (confidence level: 50%) | |
hash754e0f1f6787af5032234b1d729f76339e4ddc9ef3ac6c1dc927f8f91b5b2fb2 | Unknown malware payload (confidence level: 50%) | |
hash59b2255d1b16d4018fc5e548401d3da0edef578b687396f164615ba8e5c4dd05 | Unknown malware payload (confidence level: 50%) | |
hash61bd90820d5adbddba2dd56a5d91426062ce400b7825f65d553dc47347a1a01a | Unknown malware payload (confidence level: 50%) | |
hash7ecbe3ff34cdb817793dedf8c55aef4d14088498420ddd2d767d1b53c5688130 | Unknown malware payload (confidence level: 50%) | |
hashe9d5972bcbbd7ccd746fb036437387275b7991386abf877b2558bab891137428 | Unknown malware payload (confidence level: 50%) | |
hashc97d04cf473f9e70d953c64b4dc0adc9a9d7ca8cd91cdac4110372ba71b72008 | Unknown malware payload (confidence level: 50%) | |
hasheb1804e0f2590159bcf3276b2b2f9252cc7051b4a5107bf49d99eec126a81248 | Unknown malware payload (confidence level: 50%) | |
hashdae374886069d53a18030df9941dd51caf3edfa4ab3543a1b2351676441ffa17 | Unknown malware payload (confidence level: 50%) | |
hash1508afeeabdab62325c58f207c472a1eb2ffcdc09e678f72aa1658fcd1de3d5b | Unknown malware payload (confidence level: 50%) | |
hash7437b69717892a0dcaf9c1c9b9d03b151a8a425a3bb3c6d34eb8997a29dc8b22 | Unknown malware payload (confidence level: 50%) | |
hash9d8f7028b8353aadb03d8f1eb44b826609d986f9eca2f050904912b028907e71 | Unknown malware payload (confidence level: 50%) | |
hashe8e317afe87eabd1f0569bda7b25b554897e7d155b2c330ad5b644ead75c47ea | Unknown malware payload (confidence level: 50%) | |
hashb7d8722aa4349ac47c5d7d38f3dcede52b217c2f85aeb1ab8fa51157eeab5906 | Unknown malware payload (confidence level: 50%) | |
hashff1ec9414064df1bffc804b44affc66b11ba3d6c167eba9fd9eb0cb6a2262ec3 | Unknown malware payload (confidence level: 50%) | |
hash607f9c734b6fcc98809442d12d8c024e297c89765f46f5cfc591051d8666e1a0 | Unknown malware payload (confidence level: 50%) | |
hash2da7fffdeac33515edf7d8dde242f8dbebc780021bce33829f45ed5ec603a381 | Unknown malware payload (confidence level: 50%) | |
hashb704adf6c260719c6edf2dd3ab66649f0fd9f0e0be4d2ff245dd463595cc2f41 | Unknown malware payload (confidence level: 50%) | |
hash804f90f325f7ffc113aea0a4f417964b2e8a727d642d751a4290453b18164bf3 | Unknown malware payload (confidence level: 50%) | |
hash3ea399617401b1ba8421b7df0aadae4e2130644ef19b752ed255dcabbd2b5e42 | Unknown malware payload (confidence level: 50%) | |
hash5055e9222ea659c2d8b6b143ffffc7b9dbbf07b144ed9e85996bf3aaa75f328c | Unknown malware payload (confidence level: 50%) | |
hash02167fa4c026eb3b4ea925e833e91ca9d76d6605a3c641a990af8d6464c86a2c | Unknown malware payload (confidence level: 50%) | |
hash6c3984139cc4b6a62d0c82c1c911c67cd053b8a0f8d12d9891d4332bbfabf6d0 | Unknown malware payload (confidence level: 50%) | |
hash74e19628c9f8e24cec30eca2adf2836905dd0102cb519102b4c8fe29034f7d7e | Unknown malware payload (confidence level: 50%) | |
hash5d8eeb0b2774be5d88735f6f4e7097865cf6862e07279d1fc680f6b4bdff8d5e | Unknown malware payload (confidence level: 50%) | |
hash454ebdcdaa6870923e34c005bb7ba12decb09c5531e8e2cb4efdf79cbe7e3eaf | Unknown malware payload (confidence level: 50%) | |
hashd3d6c64ed37ae0fa3a40847903075607c2e94a3f4e9b058b52adf73859fad19c | Unknown malware payload (confidence level: 50%) | |
hashe20adf46bf820dee6541604630b99ddd1ff6466a80c929c9b5cd1ac4df2faf41 | Unknown malware payload (confidence level: 50%) | |
hash4b4edd4547f22b7e32b57ce27f750a3671609b838c30d5b7478fd4fc6491e223 | Unknown malware payload (confidence level: 50%) | |
hash5f3769ec16f8aec7da00d245ec9bf42193e910b9daad4694fb7b74a76c3e5515 | Unknown malware payload (confidence level: 50%) | |
hashaa90218dacfc96ddaf18d486f3418bfbfa49bf828e77b8e191727b93b7b98d90 | Unknown malware payload (confidence level: 50%) | |
hasheac0dfd47d920923cc375027178bd0c2e1e02f9c6188262079e2f2da55d0e7ff | Unknown malware payload (confidence level: 50%) | |
hashc7d670a42beb908111dfe044c679c83aeaea01441111b1f81364c5a1bca64e3d | Unknown malware payload (confidence level: 50%) | |
hashbafb54182ae53e41a305fa1f2772a5fbd06a10b7b80264414029b64250d3eccf | Unknown malware payload (confidence level: 50%) | |
hash1948 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash25565 | XWorm botnet C2 server (confidence level: 100%) | |
hash10001 | Remcos botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash73 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash288 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash80 | Amadey botnet C2 server (confidence level: 50%) | |
hash69 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash31337 | Sliver botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash10001 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash4444 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash80 | BianLian botnet C2 server (confidence level: 100%) | |
hash6606 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7707 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash73 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash288 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash31337 | Sliver botnet C2 server (confidence level: 75%) | |
hash55615 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
hash8080 | Sliver botnet C2 server (confidence level: 75%) | |
hash888 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash60000 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash6379 | Quasar RAT botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash3333 | N-W0rm botnet C2 server (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file45.94.31.42 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file220.121.11.221 | Unknown malware botnet C2 server (confidence level: 100%) | |
file145.40.252.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file221.163.215.226 | Unknown malware botnet C2 server (confidence level: 100%) | |
file138.75.120.161 | Unknown malware botnet C2 server (confidence level: 100%) | |
file152.42.197.32 | MooBot botnet C2 server (confidence level: 100%) | |
file116.62.151.244 | Unknown malware botnet C2 server (confidence level: 100%) | |
file44.217.119.131 | Unknown malware botnet C2 server (confidence level: 100%) | |
file159.203.70.73 | Unknown malware botnet C2 server (confidence level: 100%) | |
file178.254.12.89 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.98.114.154 | Unknown malware botnet C2 server (confidence level: 100%) | |
file128.140.12.121 | Unknown malware botnet C2 server (confidence level: 100%) | |
file157.90.231.173 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.181.101.129 | Unknown malware botnet C2 server (confidence level: 100%) | |
file151.245.54.181 | Sliver botnet C2 server (confidence level: 100%) | |
file144.172.98.81 | Crimson RAT botnet C2 server (confidence level: 100%) | |
file79.133.46.74 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file128.0.118.72 | Unknown malware botnet C2 server (confidence level: 100%) | |
file8.210.134.138 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file47.121.135.201 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file186.169.57.143 | Remcos botnet C2 server (confidence level: 100%) | |
file143.198.158.122 | Sliver botnet C2 server (confidence level: 100%) | |
file46.224.19.128 | Sliver botnet C2 server (confidence level: 100%) | |
file35.220.199.172 | Sliver botnet C2 server (confidence level: 100%) | |
file178.16.54.184 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file196.251.116.232 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.72.168.176 | Havoc botnet C2 server (confidence level: 100%) | |
file182.16.11.155 | DCRat botnet C2 server (confidence level: 100%) | |
file182.16.11.157 | DCRat botnet C2 server (confidence level: 100%) | |
file182.16.11.156 | DCRat botnet C2 server (confidence level: 100%) | |
file173.212.216.226 | Chaos botnet C2 server (confidence level: 100%) | |
file178.16.53.135 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file196.75.76.28 | Meterpreter botnet C2 server (confidence level: 100%) | |
file23.22.39.162 | Empire Downloader botnet C2 server (confidence level: 100%) | |
file23.160.168.167 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file188.215.31.4 | NjRAT botnet C2 server (confidence level: 100%) | |
file103.86.44.18 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file73.125.85.148 | AsyncRAT botnet C2 server (confidence level: 50%) | |
file188.64.133.147 | DCRat botnet C2 server (confidence level: 50%) | |
file188.64.133.147 | DCRat botnet C2 server (confidence level: 50%) | |
file213.176.79.35 | DCRat botnet C2 server (confidence level: 50%) | |
file147.185.221.212 | XWorm botnet C2 server (confidence level: 50%) | |
file1.94.53.8 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file196.251.115.229 | Remcos botnet C2 server (confidence level: 100%) | |
file185.29.10.122 | Remcos botnet C2 server (confidence level: 100%) | |
file195.246.230.161 | Sliver botnet C2 server (confidence level: 100%) | |
file182.255.46.151 | Sliver botnet C2 server (confidence level: 100%) | |
file145.241.249.54 | Sliver botnet C2 server (confidence level: 100%) | |
file31.57.97.136 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file95.9.236.210 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.29.218.146 | Unknown malware botnet C2 server (confidence level: 100%) | |
file54.179.178.191 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file69.197.183.159 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.91.127.173 | DCRat botnet C2 server (confidence level: 100%) | |
file159.223.50.225 | MooBot botnet C2 server (confidence level: 100%) | |
file43.229.150.111 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file54.205.208.230 | Meterpreter botnet C2 server (confidence level: 100%) | |
file45.14.246.128 | Meterpreter botnet C2 server (confidence level: 100%) | |
file62.60.131.249 | AMOS botnet C2 server (confidence level: 100%) | |
file207.180.216.244 | Brute Ratel C4 botnet C2 server (confidence level: 75%) | |
file60.163.142.133 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file70.183.54.124 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file77.110.100.54 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file184.82.96.153 | Havoc botnet C2 server (confidence level: 75%) | |
file147.185.221.229 | NjRAT botnet C2 server (confidence level: 100%) | |
file158.94.208.93 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file158.94.208.98 | Rhadamanthys botnet C2 server (confidence level: 100%) | |
file196.251.88.188 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file139.199.157.125 | DeimosC2 botnet C2 server (confidence level: 100%) | |
file81.94.94.99 | Unknown malware botnet C2 server (confidence level: 100%) | |
file135.23.161.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file24.10.126.194 | Unknown malware botnet C2 server (confidence level: 100%) | |
file207.38.227.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file211.114.133.103 | Unknown malware botnet C2 server (confidence level: 100%) | |
file108.168.8.135 | Unknown malware botnet C2 server (confidence level: 100%) | |
file61.76.175.46 | Unknown malware botnet C2 server (confidence level: 100%) | |
file210.222.156.151 | Unknown malware botnet C2 server (confidence level: 100%) | |
file222.112.130.92 | Unknown malware botnet C2 server (confidence level: 100%) | |
file37.203.250.52 | Unknown malware botnet C2 server (confidence level: 100%) | |
file220.121.206.37 | Unknown malware botnet C2 server (confidence level: 100%) | |
file14.44.67.60 | Unknown malware botnet C2 server (confidence level: 100%) | |
file166.88.142.69 | Unknown malware botnet C2 server (confidence level: 100%) | |
file148.230.99.234 | Unknown malware botnet C2 server (confidence level: 100%) | |
file192.210.235.240 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.251.72.69 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file159.203.100.206 | XWorm botnet C2 server (confidence level: 100%) | |
file139.180.131.34 | Remcos botnet C2 server (confidence level: 100%) | |
file165.154.5.76 | Unknown malware botnet C2 server (confidence level: 100%) | |
file125.25.110.70 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file103.86.44.18 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.86.44.18 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file187.10.174.10 | Meterpreter botnet C2 server (confidence level: 75%) | |
file196.251.81.93 | Amadey botnet C2 server (confidence level: 50%) | |
file124.66.208.108 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file196.251.115.117 | Remcos botnet C2 server (confidence level: 100%) | |
file182.182.165.151 | Sliver botnet C2 server (confidence level: 100%) | |
file5.231.70.68 | Kaiji botnet C2 server (confidence level: 100%) | |
file125.32.67.136 | Meterpreter botnet C2 server (confidence level: 100%) | |
file179.43.126.100 | Meterpreter botnet C2 server (confidence level: 100%) | |
file178.172.227.128 | BianLian botnet C2 server (confidence level: 100%) | |
file136.0.157.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file136.0.157.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file136.0.157.34 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file124.66.208.108 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file124.66.208.108 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file122.10.24.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file122.10.24.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file122.10.24.243 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file117.169.5.67 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file196.251.114.32 | Remcos botnet C2 server (confidence level: 75%) | |
file37.221.67.185 | Sliver botnet C2 server (confidence level: 75%) | |
file54.215.110.48 | NetSupportManager RAT botnet C2 server (confidence level: 75%) | |
file62.106.66.157 | Sliver botnet C2 server (confidence level: 75%) | |
file95.9.236.210 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file47.92.220.70 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file81.91.177.192 | SectopRAT botnet C2 server (confidence level: 100%) | |
file16.79.127.166 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file194.107.126.124 | Quasar RAT botnet C2 server (confidence level: 75%) | |
file175.178.98.112 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file64.188.64.59 | N-W0rm botnet C2 server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domaincpanel.sayyesmovement.ca | FAKEUPDATES botnet C2 domain (confidence level: 100%) | |
domainik.yjor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrz.zi-qa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrz3.1e2u2a0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw5en.cdn-6-38.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv8.ziqa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind9.4a7vci9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaa.b2-ra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc4hz.cdn-6-38.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmi.g-lim.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp0la.cdn-6-38.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmc.jeqr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkl.ko-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq3x.4a7vci9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainke.loxr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn7xs.cdn-6-38.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0p.m7lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0k4.4a7vci9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7p.meqt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6b.n-jur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsw.njur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr8gk.fv0-93.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoz.plx-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina1.4a7vci9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw3ta.fv0-93.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain07.plx5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy7p2.4a7vci9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainue.r8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjd5.fv0-93.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb7.rvox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain90.slaq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5qzn.fv0-93.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainoe.su-4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvz8.4a7vci9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain03.su4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainck4v.fv0-93.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain11.t4mox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2p.twy-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu1jd.fv0-93.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint2.9i3mpa6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwe.twy0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyf.vuln5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpz7h.xb1-60.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5q.x-vo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains4.xer-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkz1.9i3mpa6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn4wq.xb1-60.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind8.xvo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw9.yjor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkj.zi-qa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx7m.9i3mpa6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfm.ziqa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint8kc.xb1-60.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1c.b2-ra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp0.9i3mpa6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainry.g-lim.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj2yr.xb1-60.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6d.jeqr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc6.ko-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh3v9.9i3mpa6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm6dx.xb1-60.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain20.loxr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbf.m7lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqv5a.xb1-60.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc4w.9i3mpa6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainleetaka1337.no-ip.org | CyberGate botnet C2 domain (confidence level: 100%) | |
domainfogueteiro.webhop.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domain40.n-jur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn4.5u5vbu6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing1tb.xf7-27.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9y.njur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains9lp.xf7-27.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb8q.5u5vbu6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfx.plx5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr0z1.5u5vbu6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0wr.xf7-27.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainassettocorsamain.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincards-latin.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domaincustomers-commander.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainlaw-necklace.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainmessage-their.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainperfect-shut.gl.at.ply.gg | DCRat botnet C2 domain (confidence level: 50%) | |
domainqiuehwefu-62319.portmap.host | DCRat botnet C2 domain (confidence level: 50%) | |
domainmirainetvbot.duckdns.org | Mirai botnet C2 domain (confidence level: 50%) | |
domaincofof37797-42209.portmap.host | Quasar RAT botnet C2 domain (confidence level: 50%) | |
domainfinal-highlight.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainjoiner.best | FAKEUPDATES payload delivery domain (confidence level: 50%) | |
domainyn.r8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw.5u5vbu6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink3um.xf7-27.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmodgovindia.com | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainnewforsomething.rest | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainsegy.zip | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainsegy.shop | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainsegy.cc | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainsegy2.cc | Unknown malware botnet C2 domain (confidence level: 50%) | |
domainaw.rvox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy8ce.xf7-27.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrg.slaq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaing6k2.5u5vbu6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino4.su-4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb4nz.xf7-27.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainba.su4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainak.t4mox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainamber.fenod.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainm3t.5u5vbu6.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain9f.twy-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrn.twy0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainiyr1c.fenod.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaina1.vuln5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfern.sne4p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain6y.x-vo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8h.xer-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainprism.fenod.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainbark.sne4p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain9o.xvo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainln.yjor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainflint.fenod.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainm1nt.sne4p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain3u.zi-qa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainalumibro.asia | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainmeeukdt.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaincedar.fenod.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainlf.ziqa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy2.b2-ra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzebra.fenod.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain5w.g-lim.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr0se.sne4p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain4f.jeqr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwww.npa-eportal.digital-service.elster-de.status-drive.top | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpackage2879-core-maht-improved.s3.ap-northeast-2.amazonaws.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlm.ko-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintide.sne4p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainmaple.q0spi.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainlb.loxr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingamedb.shop | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincloudupdate.cfd | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domaincybertecha.shop | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainbrowsertools.shop | Unknown Stealer botnet C2 domain (confidence level: 100%) | |
domainraven.q0spi.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8t.m7lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaini3.meqt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainazure.q0spi.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain2t.n-jur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv0id.sne4p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrain.q0spi.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain9i.njur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain28.plx-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqu1rk.q0spi.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8q.r8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpearl.q0spi.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainkh.rvox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintlgrm-redirect.icu | Lumma Stealer botnet C2 domain (confidence level: 50%) | |
domainw7.slaq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlinks-rwanda.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainsingle-finally.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainwanfeng168.top | Mirai botnet C2 domain (confidence level: 50%) | |
domainclay.uht3o.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincybergate.myvnc.com | CyberGate botnet C2 domain (confidence level: 100%) | |
domainmahmoudzoroo.myftp.biz | CyberGate botnet C2 domain (confidence level: 100%) | |
domain0g.su-4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeak.uht3o.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain0xide.lizqa.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainxd.su4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingale.uht3o.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain81.t4mox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainplush.lizqa.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaind2.twy-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincharm.lizqa.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainau.twy0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzl.vuln5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincandy.lizqa.online | ClearFake payload delivery domain (confidence level: 100%) | |
domaincd.x-vo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwm.xer-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintidal.lizqa.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainyu.xvo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainve1l.uht3o.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainnexu5.lizqa.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainy5.yjor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp1.zi-qa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl00m.uht3o.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainqh.ziqa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfern.sne-4-p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainx2.b2-ra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmist.sne-4-p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain5b.g-lim.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainj5.jeqr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz1.ko-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsk.loxr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingl0w.sne-4-p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain9z.m7lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm0ss.uht3o.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainnobles.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domainunembel.locker | Lumma Stealer botnet C2 domain (confidence level: 100%) | |
domaintk.n-jur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbark.sne-4-p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8v.njur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine8.plx-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1o.r8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintide.sne-4-p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainel.rvox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmist.jg-7-ra.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain0y.slaq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainco.su-4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc0al.sne-4-p.online | ClearFake payload delivery domain (confidence level: 100%) | |
domains0il.jg-7-ra.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain21.su4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain5e.t4mox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv7mx.y-p-19.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfd.twy-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainc2hf.y-p-19.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainos.twy0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain3ql.y-p-19.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains7.vuln5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain212.ip.gl.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainknow-studied.gl.at.ply.gg | NjRAT botnet C2 domain (confidence level: 100%) | |
domainui.x-vo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz5kr.y-p-19.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsp.xer-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindawn.jg-7-ra.online | ClearFake payload delivery domain (confidence level: 100%) | |
domainl4.xvo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq3.yjor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu9tw.y-p-19.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwf.zi-qa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbd.ziqa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh1gd.y-p-19.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv0.b2-ra.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina7px.i-d-96.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbw.g-lim.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6t.jeqr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr1se.jg-7-ra.online | ClearFake payload delivery domain (confidence level: 100%) | |
domain8d.ko-lu.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr0ce.i-d-96.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkf.loxr.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv1.0ouuky0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainr3.m7lo.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainms.meqt.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincr.n-jur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw6jl.i-d-96.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain33.njur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx7.plx-5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind3yk.i-d-96.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainw4.r8li.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7w.rvox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaint4ub.i-d-96.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainl0.slaq.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq0h3.0ouuky0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm9sn.i-d-96.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyb.su-4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains.0ouuky0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainru.su4n.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain52.t4mox.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink1zw.i-c-81.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy5n.0ouuky0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnn.twy-0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy3pq.i-c-81.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsq.twy0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf8rn.i-c-81.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjg.vuln5.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2lh.i-c-81.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwj.x-vo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainma.xer-o.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainn5vx.i-c-81.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain0q.xvo4.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domains0ga.i-c-81.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainiv.yjor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainq6yt.o-b-79.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaine1mk.o-b-79.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7d.ziqa.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain4wj.o-b-79.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainge1.xa5r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx2z.7aoasu3.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainx9pa.o-b-79.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindid.vex0.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7rcl.o-b-79.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainraw.ju5q.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainp0sb.o-b-79.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmob.m4rj.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainz3mp.4-l8u.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindip.qen9.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm7y1.7aoasu3.ru | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://154.36.184.35/ | Hook botnet C2 (confidence level: 50%) | |
urlhttps://reddesignandprint.co.uk/huc/?id=isaqt4rg5oquuggm | XWorm payload delivery URL (confidence level: 50%) | |
urlhttps://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/?id=isaqt4rg5oquuggm | XWorm payload delivery URL (confidence level: 50%) | |
urlhttps://5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server4.nisdably.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://ww25.5d8fd57c-62b0-48f1-b595-796cb6b6e7f4.server2.ninhaine.com/ | Glupteba botnet C2 (confidence level: 50%) | |
urlhttps://pastebin.com/raw/qphtbsru | AsyncRAT botnet C2 (confidence level: 50%) | |
urlhttp://doupfate.ml/panel/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 50%) | |
urlhttp://196.251.81.93/hmfd8ejds/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://mail.logrecovery.com/hmfd8ejds/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://www.logrecovery.com/hmfd8ejds/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://ns2.logrecovery.com/hmfd8ejds/login.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttp://196.251.81.93/hmfd8ejds/index.php | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://68gamewin7.shop/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://freelawchat.ai/captcha/?pop | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://urlz.fr/urco | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://whitebarsunlight.top/wwww/daily/top | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://willowabbyoptimization-dot-elite-magpie-462511-c4.uc.r.appspot.com/?c=1iidkbycruqugh1xeflymky8o8xbzz_govxczm4l7agu&q=0&r=19a0ca4afc628ad9&z=1761148710684&o=https://maccablog.com/how-to-safely-update-the-electrical-systems-in-your-home/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://5w.g-lim.ru/9xfc0noz | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://zebra.fenod.online/8ozkn69k3n.sh | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://up.freeandlast.com/app.bin | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://4f.jeqr.ru/ql3qfvot | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.npa-eportal.digital-service.elster-de.status-drive.top/eportal/ | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://package2879-core-maht-improved.s3.ap-northeast-2.amazonaws.com/yw87ybm77yrtva | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://avsomi.co/categories/ | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttp://178.16.55.189/sky/clinet.exe | AsyncRAT payload delivery URL (confidence level: 100%) | |
urlhttps://tlgrm-redirect.icu/1.txt | Unknown malware payload delivery URL (confidence level: 50%) | |
urlhttps://www.bn.cail1teve.mydns.bz/ | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://de78.toptubereviews.top/ | SpyNote botnet C2 (confidence level: 50%) | |
urlhttp://www.szonlane.net/lertyui9/gerty56/fre.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://unembel.locker/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttp://mi.overlapsnowbound.com | Amadey botnet C2 (confidence level: 100%) | |
urlhttps://nobles.locker/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://pitchz.locker/api | Lumma Stealer botnet C2 (confidence level: 75%) |
Threat ID: 68fd6728bfa5fb493c4932b7
Added to database: 10/26/2025, 12:11:20 AM
Last enriched: 10/26/2025, 12:26:24 AM
Last updated: 10/26/2025, 8:26:42 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Everest Ransomware Says It Stole 1.5 Million Dublin Airport Passenger Records and 18,000 Air Arabia Employee Data
MediumMalwareSun Oct 26 2025
ThreatFox IOCs for 2025-10-24
MediumMalwareSat Oct 25 2025
Dissecting YouTube's Malware Distribution Network
MediumMalwareFri Oct 24 2025
Newly Spotted Baohuo Android Backdoor Is Hijacking Telegram Accounts Through Fake Telegram X App
MediumMalwareFri Oct 24 2025
Gotta fly: Lazarus targets the UAV sector
MediumMalwareFri Oct 24 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.