Reconnecting to live updates…

ThreatFox IOCs for 2025-10-26

Severity: mediumType: malware

AI Analysis

Technical Summary

The entry titled 'ThreatFox IOCs for 2025-10-26' represents a collection of Indicators of Compromise (IOCs) disseminated via the ThreatFox MISP feed, a platform used for sharing threat intelligence. The threat is classified as malware-related, with emphasis on OSINT (open-source intelligence), network activity, and payload delivery categories. However, the report lacks specific affected software versions or products, indicating that it is not tied to a particular vulnerability or exploit but rather serves as intelligence data for potential malicious activity. The technical details show a low threat level (2 out of an unspecified scale), minimal analysis (1), and moderate distribution (3), suggesting that while the IOCs are shared for awareness, they do not currently represent a widespread or highly dangerous threat. No patches or known exploits are associated, and no Common Weakness Enumerations (CWEs) are listed, reinforcing the notion that this is intelligence rather than a direct vulnerability. The absence of indicators in the provided data limits actionable insights but implies that organizations should consider this as part of their broader threat detection and response strategy. The medium severity rating reflects the potential for these IOCs to be part of emerging threats but without immediate critical impact.

Potential Impact

For European organizations, the impact of this threat is currently limited due to the absence of specific exploits or targeted vulnerabilities. The primary value lies in the intelligence provided by the IOCs, which can enhance detection capabilities for malware-related network activity and payload delivery attempts. Organizations that rely heavily on OSINT and threat intelligence feeds can use this information to update their detection rules and improve situational awareness. However, without concrete exploit details or affected products, the direct risk to confidentiality, integrity, or availability remains low to medium. The threat could potentially serve as an early warning for emerging malware campaigns, so failure to incorporate such intelligence might delay detection of future attacks. Overall, the impact is more strategic and preparatory rather than immediate operational disruption.

Mitigation Recommendations

European organizations should integrate the ThreatFox IOCs into their existing Security Information and Event Management (SIEM) systems and threat intelligence platforms to enhance detection of related network activity and payload delivery attempts. Regularly updating and tuning intrusion detection/prevention systems (IDS/IPS) with these IOCs can improve early warning capabilities. Organizations should maintain rigorous network monitoring and anomaly detection to identify suspicious activities that align with the shared indicators. Collaboration with national and European cybersecurity centers (e.g., ENISA) to share and receive updated intelligence will strengthen collective defense. Since no patches or direct fixes are available, emphasis should be on proactive detection, incident response readiness, and user awareness training to recognize potential malware delivery vectors. Additionally, organizations should validate and enrich these IOCs with other threat intelligence sources to improve context and relevance.

Affected Countries

Germany, France, United Kingdom, Netherlands, Sweden

Indicators of Compromise

domain: banjuyj.asia
domain: blasttw.asia
domain: brothdy.asia
domain: cutke.asia
domain: cracka.asia
domain: illuyxka.asia
domain: pseuyms.asia
domain: senegmx.asia
domain: swepois.asia
domain: tangebg.asia
domain: vacuuex.asia
domain: walruhj.asia
domain: chalkc.asia
domain: trannlh.asia
domain: ineffqa.asia
file: 91.151.95.13
hash: 3778
file: 94.156.152.237
hash: 1999
file: 81.88.18.108
hash: 9506
domain: vps-2624.onecom-cloud.one
file: 160.238.13.201
hash: 3778
file: 195.74.93.158
hash: 8984
file: 139.159.149.202
hash: 8088
file: 196.251.83.89
hash: 443
file: 65.21.115.33
hash: 31337
file: 220.246.201.233
hash: 8443
file: 129.151.240.2
hash: 3333
file: 157.230.19.127
hash: 3333
file: 115.120.216.100
hash: 3333
file: 51.20.65.22
hash: 3333
file: 13.49.74.34
hash: 80
file: 162.141.117.200
hash: 3333
file: 117.72.118.120
hash: 5555
file: 104.248.0.9
hash: 3333
file: 103.242.180.82
hash: 3333
hash: c0ccd705314d4c791edfee20ef9f99e056dc82775a42edd8653668a492b72a11
domain: cureprjajaa.shop
file: 196.251.114.12
hash: 5000
file: 168.119.105.156
hash: 7443
file: 89.32.41.31
hash: 80
domain: rut.n4ke.ru
domain: hop.me2v.ru
domain: hq7b.4-l8u.ru
domain: vow.pl8a.ru
domain: jar.fa0n.ru
domain: t1kd.4-l8u.ru
domain: mat.b9ku.ru
domain: rub.xa5r.ru
domain: v9rx.4-l8u.ru
domain: gum.vex0.ru
domain: pun.ju5q.ru
file: 144.31.2.51
hash: 56812
domain: c2jn.4-l8u.ru
domain: ice.m4rj.ru
domain: dug.qen9.ru
domain: cab.n4ke.ru
domain: y5fw.4-l8u.ru
domain: sod.me2v.ru
domain: spy.pl8a.ru
domain: t4q.7aoasu3.ru
domain: bar.fa0n.ru
domain: k8zr.3-s0u.ru
domain: top.b9ku.ru
domain: bud.xa5r.ru
file: 178.16.54.112
hash: 2053
file: 178.16.54.118
hash: 2053
file: 38.181.219.93
hash: 81
domain: n1qh.3-s0u.ru
domain: wet.vex0.ru
domain: p5w0.7aoasu3.ru
domain: k3.1lt22.ru
domain: bit.ju5q.ru
domain: w4ty.3-s0u.ru
domain: pan.m4rj.ru
domain: z8q.1lt22.ru
domain: p7vx.3-s0u.ru
domain: cap.qen9.ru
domain: tea.n4ke.ru
domain: m0k2.1lt22.ru
domain: jam.me2v.ru
file: 113.47.4.233
hash: 82
file: 118.195.236.210
hash: 18080
file: 23.95.117.248
hash: 2404
file: 119.29.4.226
hash: 8888
file: 107.155.68.162
hash: 8808
file: 95.9.236.210
hash: 9997
file: 162.244.210.132
hash: 8808
file: 95.164.10.114
hash: 5037
file: 185.217.199.146
hash: 8888
domain: a7.1lt22.ru
domain: m0sa.3-s0u.ru
domain: bid.pl8a.ru
domain: far.fa0n.ru
domain: war.b9ku.ru
domain: r4n9.1lt22.ru
domain: rap.xa5r.ru
domain: b6dc.3-s0u.ru
domain: her.vex0.ru
domain: orb.ju5q.ru
domain: t2w.1lt22.ru
domain: oft.m4rj.ru
domain: r2uk.6-w0y.ru
domain: pry.qen9.ru
domain: v1.5bq18.ru
domain: aim.n4ke.ru
domain: j5qn.6-w0y.ru
domain: x8lb.6-w0y.ru
domain: set.me2v.ru
domain: q7m.5bq18.ru
domain: day.pl8a.ru
domain: nako-33498.portmap.host
domain: server145454-55503.portmap.host
domain: center-para.gl.at.ply.gg
file: 23.133.4.99
hash: 5555
file: 23.133.4.99
hash: 6666
file: 178.16.54.217
hash: 3778
domain: rib.fa0n.ru
domain: ken.b9ku.ru
domain: x0p4.5bq18.ru
domain: d3yv.6-w0y.ru
domain: his.xa5r.ru
domain: dry.ju5q.ru
domain: q7hp.6-w0y.ru
domain: b9.5bq18.ru
file: 8.145.48.4
hash: 8088
file: 8.145.48.4
hash: 20000
file: 1.94.136.234
hash: 80
file: 38.55.132.225
hash: 80
file: 115.190.178.249
hash: 7777
domain: thy.m4rj.ru
domain: f1ct.6-w0y.ru
domain: bog.qen9.ru
domain: jag.n4ke.ru
domain: s0we.8r-4u.ru
domain: h2k3.5bq18.ru
file: 144.172.100.4
hash: 80
domain: vat.me2v.ru
domain: l1e.pl8a.ru
domain: g9tl.8r-4u.ru
file: 154.12.51.132
hash: 443
file: 112.124.97.171
hash: 8080
file: 74.208.167.121
hash: 80
file: 104.243.37.233
hash: 6066
file: 95.9.236.210
hash: 9996
file: 144.172.109.53
hash: 443
file: 191.8.234.185
hash: 6653
file: 168.245.201.8
hash: 3790
file: 24.168.206.186
hash: 80
file: 3.84.111.100
hash: 53685
domain: gad.fa0n.ru
domain: a2mx.8r-4u.ru
domain: mz6.5bq18.ru
file: 56.125.162.63
hash: 443
url: https://webrat.top/panel/
url: https://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/medicare-plans/?id=ufbs4nyxhcjzuuvj
url: https://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/medicare-plans/?id=awn4fdshadhwbsit
url: https://reddesignandprint.co.uk/huc/?id=dutp02wdyqhvrinv
url: https://server11.nisdably.com/
domain: you.b9ku.ru
url: https://dn.logllilssyou.mydns.bz/
url: https://pastebin.com/raw/jijqj12g
domain: x.hinderalawfirm.org
domain: yww68h3pz.localto.net
file: 31.57.188.76
hash: 14256
domain: cloudflare.alegria-productions.com
domain: cloudflare.avicforging.com
domain: cloudflare.cooltheburn.com
domain: cloudflare.fentonph.com
domain: comando555.duckdns.org
domain: dcdgloss.duckdns.org
domain: go-fairy.gl.at.ply.gg
domain: less-drives.gl.at.ply.gg
domain: miodzaki.bit
url: https://stackoverflow.com/q/2152978/23354
domain: technical-adsl.gl.at.ply.gg
domain: u4qh.8r-4u.ru
domain: yap.xa5r.ru
domain: f6.7ph88.ru
domain: jug.vex0.ru
domain: e7pk.8r-4u.ru
domain: aid.ju5q.ru
domain: l5vd.8r-4u.ru
domain: odd.m4rj.ru
domain: t3yg.9h-5y.ru
domain: ate.qen9.ru
url: https://k9toothsolutions.com/
url: https://ate.qen9.ru/wfe0ddqn
domain: few.n4ke.ru
domain: z6qa.9h-5y.ru
domain: a3z.7ph88.ru
file: 106.52.62.253
hash: 443
file: 122.152.233.119
hash: 443
file: 178.16.54.117
hash: 2053
file: 47.101.40.177
hash: 443
file: 85.239.35.156
hash: 443
domain: fad.me2v.ru
file: 176.124.198.208
hash: 7777
file: 101.34.205.46
hash: 7000
file: 79.132.170.91
hash: 8443
file: 196.251.83.89
hash: 60000
file: 165.227.208.203
hash: 443
file: 165.227.208.203
hash: 3333
file: 190.16.203.44
hash: 3333
file: 35.158.26.2
hash: 80
file: 20.199.89.232
hash: 3333
file: 47.121.179.212
hash: 5443
file: 34.252.217.241
hash: 443
file: 89.23.113.73
hash: 2083
file: 165.22.237.80
hash: 80
domain: p9y1.7ph88.ru
domain: wee.pl8a.ru
domain: c1wn.9h-5y.ru
domain: h8rf.9h-5y.ru
domain: boy.fa0n.ru
domain: hue.b9ku.ru
domain: v0jp.9h-5y.ru
domain: k4sm.9h-5y.ru
domain: bln.vex0.ru
file: 26.14.127.201
hash: 6000
file: 185.47.174.199
hash: 6000
file: 185.227.108.110
hash: 6000
file: 185.227.108.1
hash: 6000
file: 185.47.174.1
hash: 6000
file: 18.162.232.144
hash: 58603
file: 14.103.149.177
hash: 6000
file: 196.75.230.238
hash: 2222
url: http://88.214.50.113
domain: thread-faq.gl.at.ply.gg
domain: norot15.ddns.net
file: 167.17.40.139
hash: 443
domain: par.m4rj.ru
domain: u0b.7ph88.ru
domain: able.xa-5-r.ru
file: 94.103.1.70
hash: 443
domain: yam.qen9.ru
domain: k9r2.7ph88.ru
domain: acid.xa-5-r.ru
domain: our.n4ke.ru
domain: c3.6aiiwi2.ru
domain: one.me2v.ru
domain: wed.pl8a.ru
domain: area.xa-5-r.ru
url: http://107.173.152.144:8888/supershell/login/
domain: fry.fa0n.ru
domain: jab.b9ku.ru
domain: boat.xa-5-r.ru
domain: u0b.6aiiwi2.ru
domain: oh.re-t0.ru
url: http://185.236.203.114:3176/pages/login.php
file: 185.236.203.114
hash: 3176
domain: oy.r1v-x.ru
domain: l9q7.6aiiwi2.ru
domain: c0de.xa-5-r.ru
domain: h0me.xa-5-r.ru
domain: da.qen-9.ru
domain: bhware.store
domain: root.bhware.store
domain: ho.do-k3.ru
domain: f.6aiiwi2.ru
domain: calm.me-2-v.ru
domain: em.pl-8a.ru
domain: data.me-2-v.ru
domain: r2n.6aiiwi2.ru
domain: er.n4-ke.ru
domain: ut.tr-8n.ru
domain: re.wi-7e.ru
domain: xh5.6aiiwi2.ru
domain: edit.me-2-v.ru
file: 123.60.168.129
hash: 443
file: 43.246.210.148
hash: 3350
file: 23.94.190.51
hash: 4449
file: 95.223.252.235
hash: 4444
domain: j1.4aeaco0.ru
domain: pe.vex-0.ru
domain: farm.me-2-v.ru
domain: ka.ky-4x.ru
file: 170.130.55.38
hash: 80
url: http://170.130.55.38/ad23d4a47cfd4c13.php
file: 45.155.69.25
hash: 80
url: http://45.155.69.25/b8380e89dabaee4a.php
file: 193.151.108.232
hash: 80
domain: ka.ze-lu.ru
domain: utps.live
domain: systemsupport.top
domain: nwrstghbwrtjynrsfghberth.com
domain: classic-dave.gl.at.ply.gg
domain: rfvlive.help
domain: ka.s2-ly.ru
domain: s1te.me-2-v.ru
file: 178.16.54.119
hash: 2053
url: https://ails06.top/
url: https://server9.cdneurops.buzz/
url: https://120.25.163.165:8080/mimikatz_trunk/win32/mimikatz.exe
url: https://cbsrs89.cc/
url: https://202.55.132.254/x86_64.1
url: https://42.232.50.193:55117/i
url: https://87.121.79.179/arm5
url: https://176.65.148.204/powerpc
url: https://42.53.30.229:49861/i
domain: write-event.gl.at.ply.gg
file: 38.134.148.74
hash: 443
domain: my.to-qa.ru
file: 147.185.221.212
hash: 58261
file: 185.238.191.35
hash: 3000
url: https://lusakamarathon.com
url: https://my.to-qa.ru/7p28w7bn
domain: needleexperience.xyz
domain: am.x3-ri.ru
domain: ma.r1v-x.ru
domain: pa55.me-2-v.ru
domain: q8yr.4aeaco0.ru
domain: we.vex-0.ru
domain: gear.pl-8-a.ru
domain: em.n4-ke.ru
domain: gift.pl-8-a.ru
domain: county-secret.gl.at.ply.gg
domain: job-citizenship.gl.at.ply.gg
domain: articles-dividend.gl.at.ply.gg
domain: dedumanno.duckdns.org
domain: ka.do-k3.ru
domain: growth-turtle.gl.at.ply.gg
file: 151.243.95.164
hash: 80
domain: b00t.no-ip.info
domain: ex.to-qa.ru
domain: m.4aeaco0.ru
domain: host.pl-8-a.ru
domain: uh.qen-9.ru
domain: idea.pl-8-a.ru
hash: 4e7660325701673b85065776b896c2cbbccc5d012022529956e127985726768b
hash: 105e8235a126ab0558e3979eda8bf9fd39f05f347b5470fe023b7338d1ad243f
hash: 46ee3acfa3837c39eabf397df4f382cf9937492d3cb00373c1428100d3858d33
hash: c1f4aa25f2e5d579f17a3ed7e2157c4514dc2979a6faef5343390e0851fa8df1
hash: 0469a101d4ecca37f34552f4bf68266675838bef4f052fbe46818635ddd966c0
hash: 45480fa93f1590db7bff99cf223abba8adae6715c3089c5814a826fe1fe0f5a0
hash: 7fee87f4a7c83c63208c554cd3ff9b8bae5f94a76c8be8507dcf016834c73544
hash: f190ac6d127ce4a8b6d4703b7979425149bee7c0a705fa532a44f9c1b7c04054
domain: b7gs.4aeaco0.ru
url: http://cmqsqomiwwksmcsw.xyz:443/avast_update
url: http://cmqsqomiwwksmcsw.xyz:443/api/client_hello
url: http://cmqsqomiwwksmcsw.xyz:443/tasks/collect
url: http://cmqsqomiwwksmcsw.xyz:443/tasks/get_worker
url: http://cmqsqomiwwksmcsw.xyz:443/api/client/new
url: https://anydesck.net/download/fhst.pdf
file: 1.161.104.168
hash: 443
domain: kenges-rakishev-investigation.is
file: 157.250.195.21
hash: 80
file: 58.216.62.178
hash: 10250
domain: dorimeinserino.shop
domain: www.aieov.com
hash: 0a8cb617196f4aa7ae49fadc1edd86b4c71cf21307bc959a47040fdf2db705c9
hash: 6b4079e4156fb21b38accd0dd13c9d034126b70cb07ccf8c0edc9de59e7896e9
hash: 6b4767ef97e8ed595f08cb8f3c9a8979c62a8aea8b2f430a0b7ee22ccd27e843
hash: 748ae90e9d1fb69c6a403d549adf5ffb91c79653969b2eec0095526888d4701d
hash: 85a0a133adb78fb7c509728158ea7c319482b1b4eb17611d22bd95c74d8653ba
hash: cb0ddcf614c735fbcf9763b32ab38b5ffac90531f7211693391c3911f7639193
hash: de98bb618413e6d9d209314ae437c3d846d21461e3c11f2bdb721991da896f4e
file: 178.16.55.189
hash: 90
hash: de7013337ad2e5084c1a67977ff7082ef2deb92ff8f64152a28d22b61294aad6
hash: fafb6c5e12dfeefaba5ac8982d5bb13dd206cfcd328b9d36aa87257f762ee24a
hash: e99ffdec095b39c458ce5fb3f200ed290e0b78460130086cc574c094f73e987c
hash: 5e0e26fb7dc90f39def0fd79805143a77d69c3b6376432d5a0b7aedb637e0349
hash: 068415ce8f9a0e490131170a98c363d7d5055987dda58ae2168f71a8b600cd84
hash: d270e151fdcfab55ddbba8198881aaac6bd9f44a3113b8b2cb2ed64581720296
hash: cda9211049a6d6965dc93ba876d1569bff9c6d61e6201aac95fe422be87df01d
hash: 69c8d607554e50efea2112b0f06cbb3e1c168e911a986c7f1d84fee3aa39f02c
hash: 33a45b63ebba91dd2ec224dafcad8a9c7ebde99d1abb9c4d1d93686f7644c24d
hash: 880aabea05f494d3af64b01f4435e9ec29a1c996b8cb9270b2d60ee42e4a1333
hash: 2dc5bca8bf65be4df60f8d58184a63617d03f86f4caa4eef0780263f2ebc9e5c
domain: auth.snickers.lol
file: 213.209.143.41
hash: 41323
file: 94.154.35.153
hash: 6969
domain: hi.ky-4x.ru
domain: f1le.pl-8-a.ru
domain: cog.vex0.ru
file: 158.94.209.58
hash: 443
file: 158.94.209.50
hash: 443
file: 199.217.99.148
hash: 443
file: 105.97.132.171
hash: 8808
file: 185.72.199.92
hash: 1717
file: 208.85.16.193
hash: 443
file: 31.14.17.141
hash: 8090
file: 125.24.164.96
hash: 7443
file: 92.112.125.132
hash: 80
domain: fern.n-4-ke.ru
domain: fa.x3-ri.ru
domain: c0ve.n-4-ke.ru
domain: t00l.pl-8-a.ru
domain: my.s2-ly.ru
domain: ol.wi-7e.ru
domain: p1.re-t0.ru
domain: join.re-t-0.ru
url: http://mi.overlapsnowbound.com/kawt2qxfppuenm/index.php
domain: jump.re-t-0.ru
domain: go.tr-8n.ru
domain: mint.n-4-ke.ru
domain: end.xa5r.ru
domain: tab.ju5q.ru
domain: ah.to-qa.ru
domain: lake.re-t-0.ru
domain: icebergtbilisi.ge
domain: ablelifepurelife.ydns.eu
domain: ablelifepurelifebk.ydns.eu
domain: l0re.n-4-ke.ru
domain: eh.tr-8n.ru
domain: ye.ze-lu.ru
domain: 5o.do-k3.ru
domain: mail.re-t-0.ru
domain: s1lk.n-4-ke.ru
domain: l0gs.re-t-0.ru
file: 199.127.61.237
hash: 9019
domain: b00k.re-t-0.ru
domain: dune.n-4-ke.ru
domain: el.qen-9.ru
domain: gale.tr-8-n.ru
domain: node.ky-4-x.ru
domain: bark.tr-8-n.ru
domain: go.r1v-x.ru
domain: if.re-t0.ru
domain: s0l0.tr-8-n.ru
domain: b0.vex-0.ru

ThreatFox IOCs for 2025-10-26

Severity: medium

Type: malware

ThreatFox IOCs for 2025-10-26

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Sweden

Indicators of Compromise

domain: banjuyj.asia
domain: blasttw.asia
domain: brothdy.asia
domain: cutke.asia
domain: cracka.asia
domain: illuyxka.asia
domain: pseuyms.asia
domain: senegmx.asia
domain: swepois.asia
domain: tangebg.asia
domain: vacuuex.asia
domain: walruhj.asia
domain: chalkc.asia
domain: trannlh.asia
domain: ineffqa.asia
file: 91.151.95.13
hash: 3778
file: 94.156.152.237
hash: 1999
file: 81.88.18.108
hash: 9506
domain: vps-2624.onecom-cloud.one
file: 160.238.13.201
hash: 3778
file: 195.74.93.158
hash: 8984
file: 139.159.149.202
hash: 8088
file: 196.251.83.89
hash: 443
file: 65.21.115.33
hash: 31337
file: 220.246.201.233
hash: 8443
file: 129.151.240.2
hash: 3333
file: 157.230.19.127
hash: 3333
file: 115.120.216.100
hash: 3333
file: 51.20.65.22
hash: 3333
file: 13.49.74.34
hash: 80
file: 162.141.117.200
hash: 3333
file: 117.72.118.120
hash: 5555
file: 104.248.0.9
hash: 3333
file: 103.242.180.82
hash: 3333
hash: c0ccd705314d4c791edfee20ef9f99e056dc82775a42edd8653668a492b72a11
domain: cureprjajaa.shop
file: 196.251.114.12
hash: 5000
file: 168.119.105.156
hash: 7443
file: 89.32.41.31
hash: 80
domain: rut.n4ke.ru
domain: hop.me2v.ru
domain: hq7b.4-l8u.ru
domain: vow.pl8a.ru
domain: jar.fa0n.ru
domain: t1kd.4-l8u.ru
domain: mat.b9ku.ru
domain: rub.xa5r.ru
domain: v9rx.4-l8u.ru
domain: gum.vex0.ru
domain: pun.ju5q.ru
file: 144.31.2.51
hash: 56812
domain: c2jn.4-l8u.ru
domain: ice.m4rj.ru
domain: dug.qen9.ru
domain: cab.n4ke.ru
domain: y5fw.4-l8u.ru
domain: sod.me2v.ru
domain: spy.pl8a.ru
domain: t4q.7aoasu3.ru
domain: bar.fa0n.ru
domain: k8zr.3-s0u.ru
domain: top.b9ku.ru
domain: bud.xa5r.ru
file: 178.16.54.112
hash: 2053
file: 178.16.54.118
hash: 2053
file: 38.181.219.93
hash: 81
domain: n1qh.3-s0u.ru
domain: wet.vex0.ru
domain: p5w0.7aoasu3.ru
domain: k3.1lt22.ru
domain: bit.ju5q.ru
domain: w4ty.3-s0u.ru
domain: pan.m4rj.ru
domain: z8q.1lt22.ru
domain: p7vx.3-s0u.ru
domain: cap.qen9.ru
domain: tea.n4ke.ru
domain: m0k2.1lt22.ru
domain: jam.me2v.ru
file: 113.47.4.233
hash: 82
file: 118.195.236.210
hash: 18080
file: 23.95.117.248
hash: 2404
file: 119.29.4.226
hash: 8888
file: 107.155.68.162
hash: 8808
file: 95.9.236.210
hash: 9997
file: 162.244.210.132
hash: 8808
file: 95.164.10.114
hash: 5037
file: 185.217.199.146
hash: 8888
domain: a7.1lt22.ru
domain: m0sa.3-s0u.ru
domain: bid.pl8a.ru
domain: far.fa0n.ru
domain: war.b9ku.ru
domain: r4n9.1lt22.ru
domain: rap.xa5r.ru
domain: b6dc.3-s0u.ru
domain: her.vex0.ru
domain: orb.ju5q.ru
domain: t2w.1lt22.ru
domain: oft.m4rj.ru
domain: r2uk.6-w0y.ru
domain: pry.qen9.ru
domain: v1.5bq18.ru
domain: aim.n4ke.ru
domain: j5qn.6-w0y.ru
domain: x8lb.6-w0y.ru
domain: set.me2v.ru
domain: q7m.5bq18.ru
domain: day.pl8a.ru
domain: nako-33498.portmap.host
domain: server145454-55503.portmap.host
domain: center-para.gl.at.ply.gg
file: 23.133.4.99
hash: 5555
file: 23.133.4.99
hash: 6666
file: 178.16.54.217
hash: 3778
domain: rib.fa0n.ru
domain: ken.b9ku.ru
domain: x0p4.5bq18.ru
domain: d3yv.6-w0y.ru
domain: his.xa5r.ru
domain: dry.ju5q.ru
domain: q7hp.6-w0y.ru
domain: b9.5bq18.ru
file: 8.145.48.4
hash: 8088
file: 8.145.48.4
hash: 20000
file: 1.94.136.234
hash: 80
file: 38.55.132.225
hash: 80
file: 115.190.178.249
hash: 7777
domain: thy.m4rj.ru
domain: f1ct.6-w0y.ru
domain: bog.qen9.ru
domain: jag.n4ke.ru
domain: s0we.8r-4u.ru
domain: h2k3.5bq18.ru
file: 144.172.100.4
hash: 80
domain: vat.me2v.ru
domain: l1e.pl8a.ru
domain: g9tl.8r-4u.ru
file: 154.12.51.132
hash: 443
file: 112.124.97.171
hash: 8080
file: 74.208.167.121
hash: 80
file: 104.243.37.233
hash: 6066
file: 95.9.236.210
hash: 9996
file: 144.172.109.53
hash: 443
file: 191.8.234.185
hash: 6653
file: 168.245.201.8
hash: 3790
file: 24.168.206.186
hash: 80
file: 3.84.111.100
hash: 53685
domain: gad.fa0n.ru
domain: a2mx.8r-4u.ru
domain: mz6.5bq18.ru
file: 56.125.162.63
hash: 443
url: https://webrat.top/panel/
url: https://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/medicare-plans/?id=ufbs4nyxhcjzuuvj
url: https://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/medicare-plans/?id=awn4fdshadhwbsit
url: https://reddesignandprint.co.uk/huc/?id=dutp02wdyqhvrinv
url: https://server11.nisdably.com/
domain: you.b9ku.ru
url: https://dn.logllilssyou.mydns.bz/
url: https://pastebin.com/raw/jijqj12g
domain: x.hinderalawfirm.org
domain: yww68h3pz.localto.net
file: 31.57.188.76
hash: 14256
domain: cloudflare.alegria-productions.com
domain: cloudflare.avicforging.com
domain: cloudflare.cooltheburn.com
domain: cloudflare.fentonph.com
domain: comando555.duckdns.org
domain: dcdgloss.duckdns.org
domain: go-fairy.gl.at.ply.gg
domain: less-drives.gl.at.ply.gg
domain: miodzaki.bit
url: https://stackoverflow.com/q/2152978/23354
domain: technical-adsl.gl.at.ply.gg
domain: u4qh.8r-4u.ru
domain: yap.xa5r.ru
domain: f6.7ph88.ru
domain: jug.vex0.ru
domain: e7pk.8r-4u.ru
domain: aid.ju5q.ru
domain: l5vd.8r-4u.ru
domain: odd.m4rj.ru
domain: t3yg.9h-5y.ru
domain: ate.qen9.ru
url: https://k9toothsolutions.com/
url: https://ate.qen9.ru/wfe0ddqn
domain: few.n4ke.ru
domain: z6qa.9h-5y.ru
domain: a3z.7ph88.ru
file: 106.52.62.253
hash: 443
file: 122.152.233.119
hash: 443
file: 178.16.54.117
hash: 2053
file: 47.101.40.177
hash: 443
file: 85.239.35.156
hash: 443
domain: fad.me2v.ru
file: 176.124.198.208
hash: 7777
file: 101.34.205.46
hash: 7000
file: 79.132.170.91
hash: 8443
file: 196.251.83.89
hash: 60000
file: 165.227.208.203
hash: 443
file: 165.227.208.203
hash: 3333
file: 190.16.203.44
hash: 3333
file: 35.158.26.2
hash: 80
file: 20.199.89.232
hash: 3333
file: 47.121.179.212
hash: 5443
file: 34.252.217.241
hash: 443
file: 89.23.113.73
hash: 2083
file: 165.22.237.80
hash: 80
domain: p9y1.7ph88.ru
domain: wee.pl8a.ru
domain: c1wn.9h-5y.ru
domain: h8rf.9h-5y.ru
domain: boy.fa0n.ru
domain: hue.b9ku.ru
domain: v0jp.9h-5y.ru
domain: k4sm.9h-5y.ru
domain: bln.vex0.ru
file: 26.14.127.201
hash: 6000
file: 185.47.174.199
hash: 6000
file: 185.227.108.110
hash: 6000
file: 185.227.108.1
hash: 6000
file: 185.47.174.1
hash: 6000
file: 18.162.232.144
hash: 58603
file: 14.103.149.177
hash: 6000
file: 196.75.230.238
hash: 2222
url: http://88.214.50.113
domain: thread-faq.gl.at.ply.gg
domain: norot15.ddns.net
file: 167.17.40.139
hash: 443
domain: par.m4rj.ru
domain: u0b.7ph88.ru
domain: able.xa-5-r.ru
file: 94.103.1.70
hash: 443
domain: yam.qen9.ru
domain: k9r2.7ph88.ru
domain: acid.xa-5-r.ru
domain: our.n4ke.ru
domain: c3.6aiiwi2.ru
domain: one.me2v.ru
domain: wed.pl8a.ru
domain: area.xa-5-r.ru
url: http://107.173.152.144:8888/supershell/login/
domain: fry.fa0n.ru
domain: jab.b9ku.ru
domain: boat.xa-5-r.ru
domain: u0b.6aiiwi2.ru
domain: oh.re-t0.ru
url: http://185.236.203.114:3176/pages/login.php
file: 185.236.203.114
hash: 3176
domain: oy.r1v-x.ru
domain: l9q7.6aiiwi2.ru
domain: c0de.xa-5-r.ru
domain: h0me.xa-5-r.ru
domain: da.qen-9.ru
domain: bhware.store
domain: root.bhware.store
domain: ho.do-k3.ru
domain: f.6aiiwi2.ru
domain: calm.me-2-v.ru
domain: em.pl-8a.ru
domain: data.me-2-v.ru
domain: r2n.6aiiwi2.ru
domain: er.n4-ke.ru
domain: ut.tr-8n.ru
domain: re.wi-7e.ru
domain: xh5.6aiiwi2.ru
domain: edit.me-2-v.ru
file: 123.60.168.129
hash: 443
file: 43.246.210.148
hash: 3350
file: 23.94.190.51
hash: 4449
file: 95.223.252.235
hash: 4444
domain: j1.4aeaco0.ru
domain: pe.vex-0.ru
domain: farm.me-2-v.ru
domain: ka.ky-4x.ru
file: 170.130.55.38
hash: 80
url: http://170.130.55.38/ad23d4a47cfd4c13.php
file: 45.155.69.25
hash: 80
url: http://45.155.69.25/b8380e89dabaee4a.php
file: 193.151.108.232
hash: 80
domain: ka.ze-lu.ru
domain: utps.live
domain: systemsupport.top
domain: nwrstghbwrtjynrsfghberth.com
domain: classic-dave.gl.at.ply.gg
domain: rfvlive.help
domain: ka.s2-ly.ru
domain: s1te.me-2-v.ru
file: 178.16.54.119
hash: 2053
url: https://ails06.top/
url: https://server9.cdneurops.buzz/
url: https://120.25.163.165:8080/mimikatz_trunk/win32/mimikatz.exe
url: https://cbsrs89.cc/
url: https://202.55.132.254/x86_64.1
url: https://42.232.50.193:55117/i
url: https://87.121.79.179/arm5
url: https://176.65.148.204/powerpc
url: https://42.53.30.229:49861/i
domain: write-event.gl.at.ply.gg
file: 38.134.148.74
hash: 443
domain: my.to-qa.ru
file: 147.185.221.212
hash: 58261
file: 185.238.191.35
hash: 3000
url: https://lusakamarathon.com
url: https://my.to-qa.ru/7p28w7bn
domain: needleexperience.xyz
domain: am.x3-ri.ru
domain: ma.r1v-x.ru
domain: pa55.me-2-v.ru
domain: q8yr.4aeaco0.ru
domain: we.vex-0.ru
domain: gear.pl-8-a.ru
domain: em.n4-ke.ru
domain: gift.pl-8-a.ru
domain: county-secret.gl.at.ply.gg
domain: job-citizenship.gl.at.ply.gg
domain: articles-dividend.gl.at.ply.gg
domain: dedumanno.duckdns.org
domain: ka.do-k3.ru
domain: growth-turtle.gl.at.ply.gg
file: 151.243.95.164
hash: 80
domain: b00t.no-ip.info
domain: ex.to-qa.ru
domain: m.4aeaco0.ru
domain: host.pl-8-a.ru
domain: uh.qen-9.ru
domain: idea.pl-8-a.ru
hash: 4e7660325701673b85065776b896c2cbbccc5d012022529956e127985726768b
hash: 105e8235a126ab0558e3979eda8bf9fd39f05f347b5470fe023b7338d1ad243f
hash: 46ee3acfa3837c39eabf397df4f382cf9937492d3cb00373c1428100d3858d33
hash: c1f4aa25f2e5d579f17a3ed7e2157c4514dc2979a6faef5343390e0851fa8df1
hash: 0469a101d4ecca37f34552f4bf68266675838bef4f052fbe46818635ddd966c0
hash: 45480fa93f1590db7bff99cf223abba8adae6715c3089c5814a826fe1fe0f5a0
hash: 7fee87f4a7c83c63208c554cd3ff9b8bae5f94a76c8be8507dcf016834c73544
hash: f190ac6d127ce4a8b6d4703b7979425149bee7c0a705fa532a44f9c1b7c04054
domain: b7gs.4aeaco0.ru
url: http://cmqsqomiwwksmcsw.xyz:443/avast_update
url: http://cmqsqomiwwksmcsw.xyz:443/api/client_hello
url: http://cmqsqomiwwksmcsw.xyz:443/tasks/collect
url: http://cmqsqomiwwksmcsw.xyz:443/tasks/get_worker
url: http://cmqsqomiwwksmcsw.xyz:443/api/client/new
url: https://anydesck.net/download/fhst.pdf
file: 1.161.104.168
hash: 443
domain: kenges-rakishev-investigation.is
file: 157.250.195.21
hash: 80
file: 58.216.62.178
hash: 10250
domain: dorimeinserino.shop
domain: www.aieov.com
hash: 0a8cb617196f4aa7ae49fadc1edd86b4c71cf21307bc959a47040fdf2db705c9
hash: 6b4079e4156fb21b38accd0dd13c9d034126b70cb07ccf8c0edc9de59e7896e9
hash: 6b4767ef97e8ed595f08cb8f3c9a8979c62a8aea8b2f430a0b7ee22ccd27e843
hash: 748ae90e9d1fb69c6a403d549adf5ffb91c79653969b2eec0095526888d4701d
hash: 85a0a133adb78fb7c509728158ea7c319482b1b4eb17611d22bd95c74d8653ba
hash: cb0ddcf614c735fbcf9763b32ab38b5ffac90531f7211693391c3911f7639193
hash: de98bb618413e6d9d209314ae437c3d846d21461e3c11f2bdb721991da896f4e
file: 178.16.55.189
hash: 90
hash: de7013337ad2e5084c1a67977ff7082ef2deb92ff8f64152a28d22b61294aad6
hash: fafb6c5e12dfeefaba5ac8982d5bb13dd206cfcd328b9d36aa87257f762ee24a
hash: e99ffdec095b39c458ce5fb3f200ed290e0b78460130086cc574c094f73e987c
hash: 5e0e26fb7dc90f39def0fd79805143a77d69c3b6376432d5a0b7aedb637e0349
hash: 068415ce8f9a0e490131170a98c363d7d5055987dda58ae2168f71a8b600cd84
hash: d270e151fdcfab55ddbba8198881aaac6bd9f44a3113b8b2cb2ed64581720296
hash: cda9211049a6d6965dc93ba876d1569bff9c6d61e6201aac95fe422be87df01d
hash: 69c8d607554e50efea2112b0f06cbb3e1c168e911a986c7f1d84fee3aa39f02c
hash: 33a45b63ebba91dd2ec224dafcad8a9c7ebde99d1abb9c4d1d93686f7644c24d
hash: 880aabea05f494d3af64b01f4435e9ec29a1c996b8cb9270b2d60ee42e4a1333
hash: 2dc5bca8bf65be4df60f8d58184a63617d03f86f4caa4eef0780263f2ebc9e5c
domain: auth.snickers.lol
file: 213.209.143.41
hash: 41323
file: 94.154.35.153
hash: 6969
domain: hi.ky-4x.ru
domain: f1le.pl-8-a.ru
domain: cog.vex0.ru
file: 158.94.209.58
hash: 443
file: 158.94.209.50
hash: 443
file: 199.217.99.148
hash: 443
file: 105.97.132.171
hash: 8808
file: 185.72.199.92
hash: 1717
file: 208.85.16.193
hash: 443
file: 31.14.17.141
hash: 8090
file: 125.24.164.96
hash: 7443
file: 92.112.125.132
hash: 80
domain: fern.n-4-ke.ru
domain: fa.x3-ri.ru
domain: c0ve.n-4-ke.ru
domain: t00l.pl-8-a.ru
domain: my.s2-ly.ru
domain: ol.wi-7e.ru
domain: p1.re-t0.ru
domain: join.re-t-0.ru
url: http://mi.overlapsnowbound.com/kawt2qxfppuenm/index.php
domain: jump.re-t-0.ru
domain: go.tr-8n.ru
domain: mint.n-4-ke.ru
domain: end.xa5r.ru
domain: tab.ju5q.ru
domain: ah.to-qa.ru
domain: lake.re-t-0.ru
domain: icebergtbilisi.ge
domain: ablelifepurelife.ydns.eu
domain: ablelifepurelifebk.ydns.eu
domain: l0re.n-4-ke.ru
domain: eh.tr-8n.ru
domain: ye.ze-lu.ru
domain: 5o.do-k3.ru
domain: mail.re-t-0.ru
domain: s1lk.n-4-ke.ru
domain: l0gs.re-t-0.ru
file: 199.127.61.237
hash: 9019
domain: b00k.re-t-0.ru
domain: dune.n-4-ke.ru
domain: el.qen-9.ru
domain: gale.tr-8-n.ru
domain: node.ky-4-x.ru
domain: bark.tr-8-n.ru
domain: go.r1v-x.ru
domain: if.re-t0.ru
domain: s0l0.tr-8-n.ru
domain: b0.vex-0.ru

Source: ThreatFox MISP Feed

Published: Sun Oct 26 2025

ThreatFox IOCs for 2025-10-26

Medium

Malwaretype:osint tlp:white

Published: Sun Oct 26 2025 (10/26/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-10-26

AI-Powered Analysis

AILast updated: 10/27/2025, 00:15:07 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 12d73cd3-4f04-423f-ba35-0861533b8b55
Original Timestamp: 1761523386

Indicators of Compromise

Domain

Value	Description	Copy
domainbanjuyj.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainblasttw.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainbrothdy.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincutke.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincracka.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainilluyxka.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainpseuyms.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainsenegmx.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainswepois.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintangebg.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainvacuuex.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainwalruhj.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainchalkc.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaintrannlh.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainineffqa.asia	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainvps-2624.onecom-cloud.one	Mirai botnet C2 domain (confidence level: 80%)
domaincureprjajaa.shop	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainrut.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhop.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhq7b.4-l8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvow.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjar.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint1kd.4-l8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmat.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrub.xa5r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv9rx.4-l8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingum.vex0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpun.ju5q.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc2jn.4-l8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainice.m4rj.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindug.qen9.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincab.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainy5fw.4-l8u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsod.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainspy.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint4q.7aoasu3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbar.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink8zr.3-s0u.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintop.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbud.xa5r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainn1qh.3-s0u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwet.vex0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainp5w0.7aoasu3.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink3.1lt22.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbit.ju5q.ru	ClearFake payload delivery domain (confidence level: 100%)
domainw4ty.3-s0u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpan.m4rj.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz8q.1lt22.ru	ClearFake payload delivery domain (confidence level: 100%)
domainp7vx.3-s0u.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincap.qen9.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintea.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm0k2.1lt22.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjam.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina7.1lt22.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm0sa.3-s0u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbid.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfar.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwar.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr4n9.1lt22.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrap.xa5r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb6dc.3-s0u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainher.vex0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainorb.ju5q.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint2w.1lt22.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoft.m4rj.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr2uk.6-w0y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpry.qen9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv1.5bq18.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaim.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainj5qn.6-w0y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx8lb.6-w0y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainset.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq7m.5bq18.ru	ClearFake payload delivery domain (confidence level: 100%)
domainday.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnako-33498.portmap.host	XWorm botnet C2 domain (confidence level: 100%)
domainserver145454-55503.portmap.host	AsyncRAT botnet C2 domain (confidence level: 100%)
domaincenter-para.gl.at.ply.gg	AsyncRAT botnet C2 domain (confidence level: 100%)
domainrib.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainken.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx0p4.5bq18.ru	ClearFake payload delivery domain (confidence level: 100%)
domaind3yv.6-w0y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhis.xa5r.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindry.ju5q.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq7hp.6-w0y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb9.5bq18.ru	ClearFake payload delivery domain (confidence level: 100%)
domainthy.m4rj.ru	ClearFake payload delivery domain (confidence level: 100%)
domainf1ct.6-w0y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbog.qen9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjag.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domains0we.8r-4u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh2k3.5bq18.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvat.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl1e.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domaing9tl.8r-4u.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingad.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina2mx.8r-4u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmz6.5bq18.ru	ClearFake payload delivery domain (confidence level: 100%)
domainyou.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainx.hinderalawfirm.org	AsyncRAT botnet C2 domain (confidence level: 50%)
domainyww68h3pz.localto.net	AsyncRAT botnet C2 domain (confidence level: 50%)
domaincloudflare.alegria-productions.com	Cobalt Strike botnet C2 domain (confidence level: 50%)
domaincloudflare.avicforging.com	Cobalt Strike botnet C2 domain (confidence level: 50%)
domaincloudflare.cooltheburn.com	Cobalt Strike botnet C2 domain (confidence level: 50%)
domaincloudflare.fentonph.com	Cobalt Strike botnet C2 domain (confidence level: 50%)
domaincomando555.duckdns.org	DCRat botnet C2 domain (confidence level: 50%)
domaindcdgloss.duckdns.org	DCRat botnet C2 domain (confidence level: 50%)
domaingo-fairy.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainless-drives.gl.at.ply.gg	DCRat botnet C2 domain (confidence level: 50%)
domainmiodzaki.bit	Necurs botnet C2 domain (confidence level: 50%)
domaintechnical-adsl.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainu4qh.8r-4u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainyap.xa5r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainf6.7ph88.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjug.vex0.ru	ClearFake payload delivery domain (confidence level: 100%)
domaine7pk.8r-4u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaid.ju5q.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl5vd.8r-4u.ru	ClearFake payload delivery domain (confidence level: 100%)
domainodd.m4rj.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint3yg.9h-5y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainate.qen9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfew.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainz6qa.9h-5y.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina3z.7ph88.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfad.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainp9y1.7ph88.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwee.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc1wn.9h-5y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh8rf.9h-5y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainboy.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhue.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv0jp.9h-5y.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink4sm.9h-5y.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbln.vex0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainthread-faq.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainnorot15.ddns.net	NjRAT botnet C2 domain (confidence level: 100%)
domainpar.m4rj.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu0b.7ph88.ru	ClearFake payload delivery domain (confidence level: 100%)
domainable.xa-5-r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainyam.qen9.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink9r2.7ph88.ru	ClearFake payload delivery domain (confidence level: 100%)
domainacid.xa-5-r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainour.n4ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc3.6aiiwi2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainone.me2v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwed.pl8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainarea.xa-5-r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfry.fa0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjab.b9ku.ru	ClearFake payload delivery domain (confidence level: 100%)
domainboat.xa-5-r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu0b.6aiiwi2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoh.re-t0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoy.r1v-x.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl9q7.6aiiwi2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc0de.xa-5-r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainh0me.xa-5-r.ru	ClearFake payload delivery domain (confidence level: 100%)
domainda.qen-9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbhware.store	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainroot.bhware.store	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainho.do-k3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainf.6aiiwi2.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincalm.me-2-v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainem.pl-8a.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindata.me-2-v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr2n.6aiiwi2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainer.n4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainut.tr-8n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainre.wi-7e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxh5.6aiiwi2.ru	ClearFake payload delivery domain (confidence level: 100%)
domainedit.me-2-v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainj1.4aeaco0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpe.vex-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfarm.me-2-v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainka.ky-4x.ru	ClearFake payload delivery domain (confidence level: 100%)
domainka.ze-lu.ru	ClearFake payload delivery domain (confidence level: 100%)
domainutps.live	Unknown RAT botnet C2 domain (confidence level: 100%)
domainsystemsupport.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainnwrstghbwrtjynrsfghberth.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainclassic-dave.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainrfvlive.help	Unknown RAT botnet C2 domain (confidence level: 100%)
domainka.s2-ly.ru	ClearFake payload delivery domain (confidence level: 100%)
domains1te.me-2-v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwrite-event.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainmy.to-qa.ru	ClearFake payload delivery domain (confidence level: 100%)
domainneedleexperience.xyz	Unknown Loader botnet C2 domain (confidence level: 100%)
domainam.x3-ri.ru	ClearFake payload delivery domain (confidence level: 100%)
domainma.r1v-x.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpa55.me-2-v.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq8yr.4aeaco0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwe.vex-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingear.pl-8-a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainem.n4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingift.pl-8-a.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincounty-secret.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainjob-citizenship.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domainarticles-dividend.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 100%)
domaindedumanno.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainka.do-k3.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingrowth-turtle.gl.at.ply.gg	NjRAT botnet C2 domain (confidence level: 100%)
domainb00t.no-ip.info	CyberGate botnet C2 domain (confidence level: 100%)
domainex.to-qa.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm.4aeaco0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhost.pl-8-a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainuh.qen-9.ru	ClearFake payload delivery domain (confidence level: 100%)
domainidea.pl-8-a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb7gs.4aeaco0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkenges-rakishev-investigation.is	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaindorimeinserino.shop	Rhadamanthys botnet C2 domain (confidence level: 100%)
domainwww.aieov.com	Floxif botnet C2 domain (confidence level: 100%)
domainauth.snickers.lol	Mirai botnet C2 domain (confidence level: 100%)
domainhi.ky-4x.ru	ClearFake payload delivery domain (confidence level: 100%)
domainf1le.pl-8-a.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincog.vex0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfern.n-4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfa.x3-ri.ru	ClearFake payload delivery domain (confidence level: 100%)
domainc0ve.n-4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint00l.pl-8-a.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmy.s2-ly.ru	ClearFake payload delivery domain (confidence level: 100%)
domainol.wi-7e.ru	ClearFake payload delivery domain (confidence level: 100%)
domainp1.re-t0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjoin.re-t-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjump.re-t-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingo.tr-8n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmint.n-4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainend.xa5r.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintab.ju5q.ru	ClearFake payload delivery domain (confidence level: 100%)
domainah.to-qa.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlake.re-t-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainicebergtbilisi.ge	Remcos botnet C2 domain (confidence level: 50%)
domainablelifepurelife.ydns.eu	Remcos botnet C2 domain (confidence level: 50%)
domainablelifepurelifebk.ydns.eu	Remcos botnet C2 domain (confidence level: 50%)
domainl0re.n-4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domaineh.tr-8n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainye.ze-lu.ru	ClearFake payload delivery domain (confidence level: 100%)
domain5o.do-k3.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmail.re-t-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domains1lk.n-4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl0gs.re-t-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb00k.re-t-0.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindune.n-4-ke.ru	ClearFake payload delivery domain (confidence level: 100%)
domainel.qen-9.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingale.tr-8-n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnode.ky-4-x.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbark.tr-8-n.ru	ClearFake payload delivery domain (confidence level: 100%)
domaingo.r1v-x.ru	ClearFake payload delivery domain (confidence level: 100%)
domainif.re-t0.ru	ClearFake payload delivery domain (confidence level: 100%)
domains0l0.tr-8-n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb0.vex-0.ru	ClearFake payload delivery domain (confidence level: 100%)

File

Value	Description	Copy
file91.151.95.13	Mirai botnet C2 server (confidence level: 80%)
file94.156.152.237	Mirai botnet C2 server (confidence level: 80%)
file81.88.18.108	Mirai botnet C2 server (confidence level: 80%)
file160.238.13.201	Mirai botnet C2 server (confidence level: 80%)
file195.74.93.158	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
file139.159.149.202	Cobalt Strike botnet C2 server (confidence level: 100%)
file196.251.83.89	Cobalt Strike botnet C2 server (confidence level: 100%)
file65.21.115.33	Sliver botnet C2 server (confidence level: 90%)
file220.246.201.233	Unknown malware botnet C2 server (confidence level: 100%)
file129.151.240.2	Unknown malware botnet C2 server (confidence level: 100%)
file157.230.19.127	Unknown malware botnet C2 server (confidence level: 100%)
file115.120.216.100	Unknown malware botnet C2 server (confidence level: 100%)
file51.20.65.22	Unknown malware botnet C2 server (confidence level: 100%)
file13.49.74.34	Unknown malware botnet C2 server (confidence level: 100%)
file162.141.117.200	Unknown malware botnet C2 server (confidence level: 100%)
file117.72.118.120	Unknown malware botnet C2 server (confidence level: 100%)
file104.248.0.9	Unknown malware botnet C2 server (confidence level: 100%)
file103.242.180.82	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.114.12	Remcos botnet C2 server (confidence level: 100%)
file168.119.105.156	Unknown malware botnet C2 server (confidence level: 100%)
file89.32.41.31	MooBot botnet C2 server (confidence level: 100%)
file144.31.2.51	N-W0rm botnet C2 server (confidence level: 100%)
file178.16.54.112	Cobalt Strike botnet C2 server (confidence level: 75%)
file178.16.54.118	Cobalt Strike botnet C2 server (confidence level: 75%)
file38.181.219.93	Cobalt Strike botnet C2 server (confidence level: 75%)
file113.47.4.233	Cobalt Strike botnet C2 server (confidence level: 100%)
file118.195.236.210	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.95.117.248	Remcos botnet C2 server (confidence level: 100%)
file119.29.4.226	Unknown malware botnet C2 server (confidence level: 100%)
file107.155.68.162	AsyncRAT botnet C2 server (confidence level: 100%)
file95.9.236.210	AsyncRAT botnet C2 server (confidence level: 100%)
file162.244.210.132	AsyncRAT botnet C2 server (confidence level: 100%)
file95.164.10.114	DCRat botnet C2 server (confidence level: 100%)
file185.217.199.146	DCRat botnet C2 server (confidence level: 100%)
file23.133.4.99	ValleyRAT botnet C2 server (confidence level: 100%)
file23.133.4.99	ValleyRAT botnet C2 server (confidence level: 100%)
file178.16.54.217	Mirai botnet C2 server (confidence level: 80%)
file8.145.48.4	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.145.48.4	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.94.136.234	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.132.225	Cobalt Strike botnet C2 server (confidence level: 100%)
file115.190.178.249	Cobalt Strike botnet C2 server (confidence level: 100%)
file144.172.100.4	Cobalt Strike botnet C2 server (confidence level: 100%)
file154.12.51.132	Cobalt Strike botnet C2 server (confidence level: 100%)
file112.124.97.171	Ghost RAT botnet C2 server (confidence level: 100%)
file74.208.167.121	AsyncRAT botnet C2 server (confidence level: 100%)
file104.243.37.233	AsyncRAT botnet C2 server (confidence level: 100%)
file95.9.236.210	AsyncRAT botnet C2 server (confidence level: 100%)
file144.172.109.53	Unknown malware botnet C2 server (confidence level: 100%)
file191.8.234.185	Quasar RAT botnet C2 server (confidence level: 100%)
file168.245.201.8	Meterpreter botnet C2 server (confidence level: 100%)
file24.168.206.186	Meterpreter botnet C2 server (confidence level: 100%)
file3.84.111.100	Meterpreter botnet C2 server (confidence level: 100%)
file56.125.162.63	Havoc botnet C2 server (confidence level: 75%)
file31.57.188.76	AsyncRAT botnet C2 server (confidence level: 50%)
file106.52.62.253	Cobalt Strike botnet C2 server (confidence level: 75%)
file122.152.233.119	Cobalt Strike botnet C2 server (confidence level: 75%)
file178.16.54.117	Cobalt Strike botnet C2 server (confidence level: 75%)
file47.101.40.177	Cobalt Strike botnet C2 server (confidence level: 75%)
file85.239.35.156	Cobalt Strike botnet C2 server (confidence level: 75%)
file176.124.198.208	BitRAT botnet C2 server (confidence level: 100%)
file101.34.205.46	Unknown malware botnet C2 server (confidence level: 100%)
file79.132.170.91	Unknown malware botnet C2 server (confidence level: 100%)
file196.251.83.89	Unknown malware botnet C2 server (confidence level: 100%)
file165.227.208.203	Unknown malware botnet C2 server (confidence level: 100%)
file165.227.208.203	Unknown malware botnet C2 server (confidence level: 100%)
file190.16.203.44	Unknown malware botnet C2 server (confidence level: 100%)
file35.158.26.2	Unknown malware botnet C2 server (confidence level: 100%)
file20.199.89.232	Unknown malware botnet C2 server (confidence level: 100%)
file47.121.179.212	Unknown malware botnet C2 server (confidence level: 100%)
file34.252.217.241	Unknown malware botnet C2 server (confidence level: 100%)
file89.23.113.73	Unknown malware botnet C2 server (confidence level: 100%)
file165.22.237.80	Unknown malware botnet C2 server (confidence level: 100%)
file26.14.127.201	XWorm botnet C2 server (confidence level: 100%)
file185.47.174.199	XWorm botnet C2 server (confidence level: 100%)
file185.227.108.110	XWorm botnet C2 server (confidence level: 100%)
file185.227.108.1	XWorm botnet C2 server (confidence level: 100%)
file185.47.174.1	XWorm botnet C2 server (confidence level: 100%)
file18.162.232.144	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file14.103.149.177	Meterpreter botnet C2 server (confidence level: 100%)
file196.75.230.238	Meterpreter botnet C2 server (confidence level: 100%)
file167.17.40.139	Rhadamanthys botnet C2 server (confidence level: 100%)
file94.103.1.70	Rhadamanthys botnet C2 server (confidence level: 100%)
file185.236.203.114	Unknown malware botnet C2 server (confidence level: 100%)
file123.60.168.129	Remcos botnet C2 server (confidence level: 100%)
file43.246.210.148	Unknown malware botnet C2 server (confidence level: 100%)
file23.94.190.51	Venom RAT botnet C2 server (confidence level: 100%)
file95.223.252.235	Meterpreter botnet C2 server (confidence level: 100%)
file170.130.55.38	Stealc botnet C2 server (confidence level: 100%)
file45.155.69.25	Stealc botnet C2 server (confidence level: 100%)
file193.151.108.232	Stealc botnet C2 server (confidence level: 100%)
file178.16.54.119	Cobalt Strike botnet C2 server (confidence level: 75%)
file38.134.148.74	MetaStealer botnet C2 server (confidence level: 75%)
file147.185.221.212	NjRAT botnet C2 server (confidence level: 100%)
file185.238.191.35	Unknown Stealer botnet C2 server (confidence level: 75%)
file151.243.95.164	ValleyRAT botnet C2 server (confidence level: 100%)
file1.161.104.168	QakBot botnet C2 server (confidence level: 75%)
file157.250.195.21	Hook botnet C2 server (confidence level: 75%)
file58.216.62.178	DeimosC2 botnet C2 server (confidence level: 75%)
file178.16.55.189	SalatStealer payload delivery server (confidence level: 75%)
file213.209.143.41	Mirai botnet C2 server (confidence level: 75%)
file94.154.35.153	Mirai botnet C2 server (confidence level: 75%)
file158.94.209.58	Latrodectus botnet C2 server (confidence level: 100%)
file158.94.209.50	Latrodectus botnet C2 server (confidence level: 100%)
file199.217.99.148	Sliver botnet C2 server (confidence level: 100%)
file105.97.132.171	AsyncRAT botnet C2 server (confidence level: 100%)
file185.72.199.92	Quasar RAT botnet C2 server (confidence level: 100%)
file208.85.16.193	Havoc botnet C2 server (confidence level: 100%)
file31.14.17.141	DCRat botnet C2 server (confidence level: 100%)
file125.24.164.96	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file92.112.125.132	MooBot botnet C2 server (confidence level: 100%)
file199.127.61.237	AsyncRAT botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash3778	Mirai botnet C2 server (confidence level: 80%)
hash1999	Mirai botnet C2 server (confidence level: 80%)
hash9506	Mirai botnet C2 server (confidence level: 80%)
hash3778	Mirai botnet C2 server (confidence level: 80%)
hash8984	Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 90%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash5555	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hashc0ccd705314d4c791edfee20ef9f99e056dc82775a42edd8653668a492b72a11	Unknown Stealer payload (confidence level: 50%)
hash5000	Remcos botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash56812	N-W0rm botnet C2 server (confidence level: 100%)
hash2053	Cobalt Strike botnet C2 server (confidence level: 75%)
hash2053	Cobalt Strike botnet C2 server (confidence level: 75%)
hash81	Cobalt Strike botnet C2 server (confidence level: 75%)
hash82	Cobalt Strike botnet C2 server (confidence level: 100%)
hash18080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash9997	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash5037	DCRat botnet C2 server (confidence level: 100%)
hash8888	DCRat botnet C2 server (confidence level: 100%)
hash5555	ValleyRAT botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 80%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash20000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Ghost RAT botnet C2 server (confidence level: 100%)
hash80	AsyncRAT botnet C2 server (confidence level: 100%)
hash6066	AsyncRAT botnet C2 server (confidence level: 100%)
hash9996	AsyncRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash6653	Quasar RAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Meterpreter botnet C2 server (confidence level: 100%)
hash53685	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 75%)
hash14256	AsyncRAT botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash2053	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash7777	BitRAT botnet C2 server (confidence level: 100%)
hash7000	Unknown malware botnet C2 server (confidence level: 100%)
hash8443	Unknown malware botnet C2 server (confidence level: 100%)
hash60000	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash5443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash2083	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash6000	XWorm botnet C2 server (confidence level: 100%)
hash58603	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash6000	Meterpreter botnet C2 server (confidence level: 100%)
hash2222	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Rhadamanthys botnet C2 server (confidence level: 100%)
hash443	Rhadamanthys botnet C2 server (confidence level: 100%)
hash3176	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Remcos botnet C2 server (confidence level: 100%)
hash3350	Unknown malware botnet C2 server (confidence level: 100%)
hash4449	Venom RAT botnet C2 server (confidence level: 100%)
hash4444	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash2053	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	MetaStealer botnet C2 server (confidence level: 75%)
hash58261	NjRAT botnet C2 server (confidence level: 100%)
hash3000	Unknown Stealer botnet C2 server (confidence level: 75%)
hash80	ValleyRAT botnet C2 server (confidence level: 100%)
hash4e7660325701673b85065776b896c2cbbccc5d012022529956e127985726768b	ValleyRAT payload (confidence level: 100%)
hash105e8235a126ab0558e3979eda8bf9fd39f05f347b5470fe023b7338d1ad243f	ValleyRAT payload (confidence level: 100%)
hash46ee3acfa3837c39eabf397df4f382cf9937492d3cb00373c1428100d3858d33	ValleyRAT payload (confidence level: 100%)
hashc1f4aa25f2e5d579f17a3ed7e2157c4514dc2979a6faef5343390e0851fa8df1	ValleyRAT payload (confidence level: 100%)
hash0469a101d4ecca37f34552f4bf68266675838bef4f052fbe46818635ddd966c0	ValleyRAT payload (confidence level: 100%)
hash45480fa93f1590db7bff99cf223abba8adae6715c3089c5814a826fe1fe0f5a0	ValleyRAT payload (confidence level: 100%)
hash7fee87f4a7c83c63208c554cd3ff9b8bae5f94a76c8be8507dcf016834c73544	ValleyRAT payload (confidence level: 100%)
hashf190ac6d127ce4a8b6d4703b7979425149bee7c0a705fa532a44f9c1b7c04054	ValleyRAT payload (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash80	Hook botnet C2 server (confidence level: 75%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash0a8cb617196f4aa7ae49fadc1edd86b4c71cf21307bc959a47040fdf2db705c9	Unknown Stealer payload (confidence level: 75%)
hash6b4079e4156fb21b38accd0dd13c9d034126b70cb07ccf8c0edc9de59e7896e9	Unknown Stealer payload (confidence level: 75%)
hash6b4767ef97e8ed595f08cb8f3c9a8979c62a8aea8b2f430a0b7ee22ccd27e843	Unknown Stealer payload (confidence level: 75%)
hash748ae90e9d1fb69c6a403d549adf5ffb91c79653969b2eec0095526888d4701d	Unknown Stealer payload (confidence level: 75%)
hash85a0a133adb78fb7c509728158ea7c319482b1b4eb17611d22bd95c74d8653ba	Unknown Stealer payload (confidence level: 75%)
hashcb0ddcf614c735fbcf9763b32ab38b5ffac90531f7211693391c3911f7639193	Unknown Stealer payload (confidence level: 75%)
hashde98bb618413e6d9d209314ae437c3d846d21461e3c11f2bdb721991da896f4e	Unknown Stealer payload (confidence level: 75%)
hash90	SalatStealer payload delivery server (confidence level: 75%)
hashde7013337ad2e5084c1a67977ff7082ef2deb92ff8f64152a28d22b61294aad6	SalatStealer payload (confidence level: 75%)
hashfafb6c5e12dfeefaba5ac8982d5bb13dd206cfcd328b9d36aa87257f762ee24a	SalatStealer payload (confidence level: 75%)
hashe99ffdec095b39c458ce5fb3f200ed290e0b78460130086cc574c094f73e987c	SalatStealer payload (confidence level: 75%)
hash5e0e26fb7dc90f39def0fd79805143a77d69c3b6376432d5a0b7aedb637e0349	SalatStealer payload (confidence level: 75%)
hash068415ce8f9a0e490131170a98c363d7d5055987dda58ae2168f71a8b600cd84	SalatStealer payload (confidence level: 75%)
hashd270e151fdcfab55ddbba8198881aaac6bd9f44a3113b8b2cb2ed64581720296	SalatStealer payload (confidence level: 75%)
hashcda9211049a6d6965dc93ba876d1569bff9c6d61e6201aac95fe422be87df01d	SalatStealer payload (confidence level: 75%)
hash69c8d607554e50efea2112b0f06cbb3e1c168e911a986c7f1d84fee3aa39f02c	SalatStealer payload (confidence level: 75%)
hash33a45b63ebba91dd2ec224dafcad8a9c7ebde99d1abb9c4d1d93686f7644c24d	SalatStealer payload (confidence level: 75%)
hash880aabea05f494d3af64b01f4435e9ec29a1c996b8cb9270b2d60ee42e4a1333	SalatStealer payload (confidence level: 75%)
hash2dc5bca8bf65be4df60f8d58184a63617d03f86f4caa4eef0780263f2ebc9e5c	SalatStealer payload (confidence level: 75%)
hash41323	Mirai botnet C2 server (confidence level: 75%)
hash6969	Mirai botnet C2 server (confidence level: 75%)
hash443	Latrodectus botnet C2 server (confidence level: 100%)
hash443	Latrodectus botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash1717	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8090	DCRat botnet C2 server (confidence level: 100%)
hash7443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash9019	AsyncRAT botnet C2 server (confidence level: 75%)

Url

Value	Description	Copy
urlhttps://webrat.top/panel/	SalatStealer botnet C2 (confidence level: 50%)
urlhttps://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/medicare-plans/?id=ufbs4nyxhcjzuuvj	XWorm payload delivery URL (confidence level: 50%)
urlhttps://www.browse-health-insurance-plans.unitedhealthcare-group.uhc-com.vision-solution.top/medicare-plans/?id=awn4fdshadhwbsit	XWorm payload delivery URL (confidence level: 50%)
urlhttps://reddesignandprint.co.uk/huc/?id=dutp02wdyqhvrinv	XWorm payload delivery URL (confidence level: 50%)
urlhttps://server11.nisdably.com/	Glupteba botnet C2 (confidence level: 50%)
urlhttps://dn.logllilssyou.mydns.bz/	Kimsuky botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/jijqj12g	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://stackoverflow.com/q/2152978/23354	Unknown Loader botnet C2 (confidence level: 50%)
urlhttps://k9toothsolutions.com/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://ate.qen9.ru/wfe0ddqn	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://88.214.50.113	Stealc botnet C2 (confidence level: 100%)
urlhttp://107.173.152.144:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://185.236.203.114:3176/pages/login.php	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://170.130.55.38/ad23d4a47cfd4c13.php	Stealc botnet C2 (confidence level: 100%)
urlhttp://45.155.69.25/b8380e89dabaee4a.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://ails06.top/	SpyNote botnet C2 (confidence level: 50%)
urlhttps://server9.cdneurops.buzz/	Glupteba botnet C2 (confidence level: 50%)
urlhttps://120.25.163.165:8080/mimikatz_trunk/win32/mimikatz.exe	MimiKatz payload delivery URL (confidence level: 50%)
urlhttps://cbsrs89.cc/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://202.55.132.254/x86_64.1	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://42.232.50.193:55117/i	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://87.121.79.179/arm5	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://176.65.148.204/powerpc	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://42.53.30.229:49861/i	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://lusakamarathon.com	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://my.to-qa.ru/7p28w7bn	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://cmqsqomiwwksmcsw.xyz:443/avast_update	MetaStealer botnet C2 (confidence level: 100%)
urlhttp://cmqsqomiwwksmcsw.xyz:443/api/client_hello	MetaStealer botnet C2 (confidence level: 100%)
urlhttp://cmqsqomiwwksmcsw.xyz:443/tasks/collect	MetaStealer botnet C2 (confidence level: 100%)
urlhttp://cmqsqomiwwksmcsw.xyz:443/tasks/get_worker	MetaStealer botnet C2 (confidence level: 100%)
urlhttp://cmqsqomiwwksmcsw.xyz:443/api/client/new	MetaStealer botnet C2 (confidence level: 100%)
urlhttps://anydesck.net/download/fhst.pdf	MetaStealer payload delivery URL (confidence level: 100%)
urlhttp://mi.overlapsnowbound.com/kawt2qxfppuenm/index.php	Amadey botnet C2 (confidence level: 100%)

Threat ID: 68feb97f1b250a83dcfad996

Added to database: 10/27/2025, 12:14:55 AM

Last enriched: 10/27/2025, 12:15:07 AM

Last updated: 10/27/2025, 1:16:04 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

Medium

MalwareSun Oct 26 2025

Everest Ransomware Says It Stole 1.5 Million Dublin Airport Passenger Records and 18,000 Air Arabia Employee Data

Medium

MalwareSun Oct 26 2025

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-10-26

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-10-26

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Domain

File

Hash

Url

Community Reviews

Related Threats

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

Everest Ransomware Says It Stole 1.5 Million Dublin Airport Passenger Records and 18,000 Air Arabia Employee Data

ThreatFox IOCs for 2025-10-25

ThreatFox IOCs for 2025-10-24

Dissecting YouTube's Malware Distribution Network

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility