Reconnecting to live updates…
ThreatFox IOCs for 2025-11-22
Severity: mediumType: malware
ThreatFox IOCs for 2025-11-22
AI Analysis
Technical Summary
The ThreatFox IOCs report dated November 22, 2025, outlines a malware-related threat primarily categorized under OSINT (Open Source Intelligence), payload delivery, and network activity. This threat intelligence entry does not specify affected software versions or detailed technical indicators, indicating it serves as a general alert rather than a report on an active exploit or vulnerability. The threat level is rated at 2 on an unspecified scale, with analysis and distribution scores suggesting moderate concern and dissemination. No known exploits in the wild or patches are available, implying that this threat is either emerging or under observation. The malware's operational focus on payload delivery and network activity suggests it could be used to infiltrate systems, deliver malicious payloads, or facilitate lateral movement within networks. The absence of CWE identifiers and specific technical details limits the granularity of analysis but highlights the importance of monitoring network traffic and OSINT-related activities. The medium severity rating reflects a balanced assessment of potential impact and current threat intelligence status.
Potential Impact
For European organizations, this threat could lead to unauthorized payload delivery within corporate or critical infrastructure networks, potentially compromising confidentiality, integrity, or availability depending on the payload's nature. The lack of known exploits and patches suggests limited immediate risk but underscores the need for vigilance as the threat could evolve. Organizations relying heavily on OSINT tools or those with extensive networked environments may face increased exposure to this malware's delivery and propagation mechanisms. Potential impacts include data exfiltration, disruption of network services, or foothold establishment by threat actors. The medium severity indicates that while the threat is not currently critical, it could escalate if exploitation techniques or payloads become more sophisticated or widespread.
Mitigation Recommendations
European organizations should enhance network monitoring to detect unusual payload delivery and network activity patterns associated with this threat. Integration of updated threat intelligence feeds, including ThreatFox IOCs, into Security Information and Event Management (SIEM) systems can improve detection capabilities. Conduct regular OSINT tool audits to ensure they are securely configured and updated. Implement strict network segmentation to limit lateral movement in case of compromise. Employ behavioral analytics to identify anomalous activities indicative of payload delivery or malware communication. Train security teams to recognize and respond to emerging threats reported in intelligence feeds. Since no patches are available, focus on proactive detection and incident response readiness. Collaborate with national cybersecurity centers to share intelligence and best practices related to this threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
Indicators of Compromise
- url: https://www.mantraservices.co.uk/
- hash: 5902640be1d1e83848e2ba869e5acbf8317470993943c237666b7dc617ed8628
- domain: validate-3748-captcha-2920-8237.click
- url: https://validate-3748-captcha-2920-8237.click
- url: https://arrenegade.com/211101.wav
- domain: arrenegade.com
- url: https://ashaherq.com/approve/otp2.html
- domain: lentdwn.cyou
- domain: polucxs.cyou
- domain: atabriq.qpon
- domain: bivaluz.qpon
- domain: catwzit.qpon
- domain: cornxm.qpon
- domain: lubberf.qpon
- domain: oryzac.qpon
- domain: saucrvo.qpon
- domain: sneaiov.qpon
- domain: sponged.qpon
- domain: wholequz.qpon
- domain: untangj.qpon
- domain: whitegi.qpon
- domain: velvepn.qpon
- file: 186.169.80.57
- hash: 5060
- file: 176.117.107.13
- hash: 2404
- file: 91.231.222.182
- hash: 2404
- file: 147.124.218.193
- hash: 443
- file: 151.243.109.61
- hash: 8443
- file: 103.116.52.231
- hash: 80
- domain: wald3.mintstone.ru
- domain: adler.stormfiare.ru
- domain: tau.stormfiare.ru
- domain: grau5.stormfiare.ru
- domain: mond.stormfiare.ru
- domain: wolke.ciearforge.ru
- domain: moor1.ciearforge.ru
- domain: gleis.ciearforge.ru
- domain: glade.awreti3uette.ru
- domain: wolke3.awreti3uette.ru
- domain: moor.awreti3uette.ru
- domain: kamm.awreti3uette.ru
- domain: stern.hum-2-nk-0-str.ru
- domain: ufer1.hum-2-nk-0-str.ru
- domain: tal.hum-2-nk-0-str.ru
- domain: pfad.ele6tricmul1ed.ru
- domain: licht2.ele6tricmul1ed.ru
- domain: tau.ele6tricmul1ed.ru
- domain: weiss.ele6tricmul1ed.ru
- domain: dune.ele6tricmul1ed.ru
- domain: fjord.co0peratre4er.ru
- domain: glanz.co0peratre4er.ru
- domain: rauch.co0peratre4er.ru
- file: 193.161.193.99
- hash: 50793
- domain: klee5.co0peratre4er.ru
- url: https://title-car.info/
- file: 39.100.71.237
- hash: 443
- file: 199.217.99.47
- hash: 443
- file: 193.134.209.94
- hash: 56665
- file: 116.62.29.237
- hash: 8888
- file: 193.29.13.58
- hash: 15647
- file: 13.37.244.39
- hash: 7443
- file: 69.164.244.90
- hash: 4000
- domain: rune.netit-0-c-0-rec.ru
- domain: hain3.netit-0-c-0-rec.ru
- domain: wolfe.netit-0-c-0-rec.ru
- url: https://nicoras.net/
- domain: bach.netit-0-c-0-rec.ru
- domain: adler.ele-6-tricmul-1-ed.ru
- domain: birch.ele-6-tricmul-1-ed.ru
- domain: tal2.ele-6-tricmul-1-ed.ru
- domain: moor.hum2nk0str.ru
- domain: wald.hum2nk0str.ru
- domain: grat4.hum2nk0str.ru
- domain: korn.hum2nk0str.ru
- domain: wind.awreti-3-uette.ru
- domain: herady.xyz
- file: 103.24.95.135
- hash: 6666
- file: 103.24.95.135
- hash: 8888
- domain: fels2.awreti-3-uette.ru
- domain: birch.awreti-3-uette.ru
- domain: rain.br-0-ad-temp-1-ate.ru
- domain: weald.br-0-ad-temp-1-ate.ru
- domain: wolke3.br-0-ad-temp-1-ate.ru
- domain: fluss.br-0-ad-temp-1-ate.ru
- domain: ufer.co-0-peratre-4-er.ru
- domain: licht.co-0-peratre-4-er.ru
- domain: kraut2.co-0-peratre-4-er.ru
- domain: gleis.co-0-peratre-4-er.ru
- domain: stein.co-0-peratre-4-er.ru
- file: 175.178.149.35
- hash: 2095
- file: 111.228.40.85
- hash: 8088
- file: 101.37.100.133
- hash: 8443
- file: 119.3.159.206
- hash: 8443
- domain: stern1.netit0c0rec.ru
- url: http://52.230.7.104:8888/supershell/login/
- file: 102.117.162.52
- hash: 7443
- file: 52.174.50.2
- hash: 7443
- file: 65.20.108.228
- hash: 7443
- file: 95.119.179.247
- hash: 7443
- file: 46.13.78.11
- hash: 8081
- file: 196.64.120.73
- hash: 2222
- file: 206.119.191.240
- hash: 6666
- domain: moor.netit0c0rec.ru
- domain: tau.netit0c0rec.ru
- domain: kamm.br0adtemp1ate.ru
- domain: tau.br0adtemp1ate.ru
- file: 116.26.10.136
- hash: 36032
- file: 76.75.234.213
- hash: 8080
- domain: wald7.br0adtemp1ate.ru
- domain: glow.br0adtemp1ate.ru
- domain: ay.gr0ssgar.top
- domain: drift.gr0ssgar.top
- domain: snuff.gr0ssgar.top
- url: https://j88r.net/
- domain: loop6.gr0ssgar.top
- domain: vale6.c1earwave.ru
- domain: 1yqf.c1earwave.ru
- url: https://kurama.ltd/
- url: https://salator.es/sa1at/2or/
- domain: 90phuttw.cc
- domain: 91p.livoraz.com
- domain: 91p.plcdn.xyz
- domain: cakhiaat.cc
- domain: ck.livoraz.com
- domain: ck.plcdn.xyz
- domain: gatex.cakhiaok.co
- domain: gatex.womensoundoff.com
- domain: japanthis.com
- domain: socolivezw.cc
- domain: www.thapcamtvz.net
- domain: www.xl365.livoraz.com
- domain: www.xl365.plcdn.xyz
- domain: www.xlvi.livoraz.com
- domain: www.xlvi.plcdn.xyz
- domain: www.xlz.livoraz.com
- domain: www.xlz.plcdn.xyz
- domain: www.xoilac.livoraz.com
- domain: www.xoilac.plcdn.xyz
- domain: www.xoilac365w.cc
- domain: www.xoilac86a.cc
- domain: www.xoilaczzfz.tv
- url: http://cookies.sqlite/download.php
- url: http://formhistory.sqlite/download.php
- url: http://hofpfi01.top/download.php
- url: http://logins.json/download.php
- url: http://signons.sqlite/download.php
- url: http://wymxeb13.top/download.php
- domain: cookies.sqlite
- domain: formhistory.sqlite
- domain: hofpfi01.top
- domain: logins.json
- domain: signons.sqlite
- domain: wymxeb13.top
- domain: auth.nsotone.com
- domain: awbnmnmammmamnre.top
- domain: lennox23111-31851.portmap.host
- domain: lennox23111-46792.portmap.host
- domain: make-zoom.gl.at.ply.gg
- domain: mind-conclusion.gl.at.ply.gg
- domain: process-generous.gl.at.ply.gg
- domain: fox.c1earwave.ru
- domain: cld.hashes.today
- url: https://cld.hashes.today
- domain: ajbkf.c1earwave.ru
- domain: drop.br1ghtmist.ru
- domain: qi.br1ghtmist.ru
- domain: trail.br1ghtmist.ru
- domain: jujg2.br1ghtmist.ru
- file: 111.92.243.97
- hash: 4443
- file: 121.11.212.203
- hash: 8088
- file: 157.20.182.29
- hash: 1931
- file: 157.20.182.28
- hash: 1931
- file: 157.20.182.28
- hash: 2026
- file: 159.198.40.9
- hash: 7443
- file: 77.93.154.151
- hash: 5010
- file: 185.208.156.137
- hash: 4449
- file: 18.195.185.250
- hash: 443
- file: 123.60.153.36
- hash: 3333
- file: 3.64.199.215
- hash: 443
- file: 147.135.248.189
- hash: 3333
- file: 103.167.112.172
- hash: 2053
- domain: dk.mintspr1ng.ru
- domain: shine.mintspr1ng.ru
- domain: zone0.mintspr1ng.ru
- domain: y8mb.mintspr1ng.ru
- domain: xey4.qu1ck.ru
- domain: ffng5.qu1ck.ru
- domain: send-earlier.gl.at.ply.gg
- file: 35.211.163.168
- hash: 8443
- domain: ergwgfbrej.duckdns.org
- file: 46.151.31.187
- hash: 9000
- file: 41.250.73.241
- hash: 443
- file: 206.119.191.240
- hash: 8888
- file: 206.119.191.240
- hash: 80
- file: 154.222.18.83
- hash: 6666
- file: 154.222.18.83
- hash: 8888
- file: 154.222.18.83
- hash: 80
- file: 93.113.180.31
- hash: 2222
- domain: elvis123456.ddns.net
- file: 5.253.30.24
- hash: 80
- file: 194.55.137.65
- hash: 80
- domain: ui.qu1ck.ru
- domain: motor0.qu1ck.ru
- domain: track4.stoner0ck.ru
- domain: 1s.stoner0ck.ru
- domain: gnbe2.stoner0ck.ru
- file: 31.220.80.78
- hash: 8443
- domain: 7sd.stoner0ck.ru
- domain: es5.m0tor.ru
- domain: motor.m0tor.ru
- url: tcp://31.56.27.97/scripts/4thepool_miner.sh
- domain: o4ro.m0tor.ru
- domain: quick.m0tor.ru
- domain: d48e9.shadowf0x.ru
- url: https://gnc.j3b4m3g8.work
- url: https://dverv43.q4w9l6g3w.work/
- domain: wall6.shadowf0x.ru
- domain: frost7.shadowf0x.ru
- domain: wall1.shadowf0x.ru
- domain: cnzh-chrom.com
- url: https://cnzh-chrom.com/chromesetup.exe
- domain: chrome-zhgoogle.com
- url: https://chrome-zhgoogle.com/chromesetup.exe
- domain: chrome-google-ch.com.cn
- url: https://web.eat82.vip/chromesetup.zip
- domain: web.eat82.vip
- domain: cn-google-chrom.com
- domain: oe.s1lver.ru
- url: https://cn-google-chrom.com/chromesetup.exe
- domain: apps-chrom.com
- url: https://apps-chrom.com/chromesetup.exe
- domain: google-chrome-google.com.cn
- url: https://google-chrome-google.com.cn/chromesetup.exe
- domain: apps-chrome.com.cn
- url: https://apps-chrome.com.cn/chromesetup.exe
- domain: cnzh-chrom-google.com
- url: https://cnzh-chrom-google.com/chromesetup.exe
- domain: chrom-app.com
- url: https://chrom-app.com/chromesetup.exe
- domain: guge-chrom.com
- url: https://guge-chrom.com/chromesetup.exe
- domain: g1.s1lver.ru
- domain: app-chrome.com
- domain: chrom-google.org
- domain: chrome-google.org
- url: https://chrome-google.org/chromesetup.exe
- domain: google-chrome-intl.com.cn
- url: https://google-chrome-intl.com.cn/chromesetup.exe
- url: https://realad.bond/api
- domain: chrome-zh-hk.com.cn
- url: https://chrome-zh-hk.com.cn/chromesetup.exe
- domain: wild6.s1lver.ru
- domain: shop.s1lver.ru
- url: https://bfacollege.co.in/projects/verify/cloudflare/humanchallenge/verification/id728722
- domain: bfacollege.co.in
- url: https://svctc.in/themes/cloudflare/verification/cloudflarechallenge/id287292
- domain: trace.5h0p.ru
- domain: sora2-openai.com
- url: https://sora2-openai.com
- url: https://msnfmicros.com/service.exe
- domain: trading-view-app.org
- url: https://trading-view-app.org
- domain: nova.5h0p.ru
- domain: wallet.petrnesterov.com
- url: https://wallet.petrnesterov.com
- domain: msnfmicros.com
- domain: solscan.is
- url: https://solscan.is
- domain: soltrencher.com
- url: https://soltrencher.com
- domain: cryptolaughs.com
- url: http://23.160.168.165:7998/hst/test.bat
- domain: morning.5h0p.ru
- domain: h6.5h0p.ru
- domain: xa.frostmark.ru
- domain: account-extranetpulse.online
- url: https://account-extranetpulse.online
- url: https://mkjjq.com/j.txt
- domain: mkjjq.com
- url: https://www.new.in-cut.com/
- domain: account-captchapulse.online
- domain: tas.frostmark.ru
- url: https://account-captchapulse.online
- domain: 6cfc.frostmark.ru
- domain: sohumbabyproducts.com
- url: https://sohumbabyproducts.com
- domain: persenglish.com
- url: https://persenglish.com
- domain: anupammills.com
- url: https://anupammills.com
- domain: lacasadianto.com
- url: https://lacasadianto.com
- domain: epilepsygolf.com
- domain: 536df.frostmark.ru
- domain: vibortherm.hu
- url: https://vibortherm.hu
- domain: imaziner.com
- url: https://imaziner.com
- domain: hrokvip247.com
- url: https://hrokvip247.com
- domain: themovement.fit
- url: https://themovement.fit
- domain: shine.w1de.ru
- domain: cyberlaws.net
- url: https://cyberlaws.net
- domain: rodacanela.com.br
- url: https://rodacanela.com.br
- domain: hobsmedia.com
- url: https://hobsmedia.com
- domain: kubett.mobi
- url: https://kubett.mobi
- file: 111.119.234.255
- hash: 80
- domain: cp-caren.com
- file: 172.86.89.86
- hash: 50337
- file: 89.116.164.107
- hash: 2004
- url: https://cp-caren.com
- file: 185.208.159.67
- hash: 4322
- domain: inlaser.pro
- url: https://inlaser.pro
- domain: pes.w1de.ru
- domain: pulse7.w1de.ru
- domain: drop.w1de.ru
- domain: 18.f0rce.ru
- domain: hr3lb.f0rce.ru
- domain: 6h.f0rce.ru
- domain: wall8.f0rce.ru
- domain: ring.c0ld.ru
- domain: burst7.c0ld.ru
- domain: gee.c0ld.ru
- domain: un3.c0ld.ru
- domain: kp1.wildsh1ne.ru
- domain: fire2.wildsh1ne.ru
- domain: lw.wildsh1ne.ru
- domain: long.wildsh1ne.ru
- domain: news-reduces.gl.at.ply.gg
- domain: juancaro214.dynuddns.com
- domain: domain-gave.gl.at.ply.gg
- domain: 9aoj.jump3r.ru
- file: 79.110.49.178
- hash: 4782
- domain: nova9.jump3r.ru
- domain: 65pcw.jump3r.ru
- domain: mark.jump3r.ru
- file: 104.140.197.102
- hash: 30191
- file: 104.140.197.111
- hash: 30160
- file: 104.140.197.13
- hash: 30168
- file: 104.140.197.15
- hash: 30178
- file: 104.140.197.2
- hash: 30201
- file: 104.140.197.201
- hash: 30009
- file: 104.140.197.240
- hash: 30168
- file: 104.140.197.61
- hash: 30201
- file: 123.12.235.179
- hash: 10250
- file: 157.20.182.29
- hash: 1337
- file: 157.20.182.29
- hash: 1338
- file: 172.236.242.34
- hash: 8443
- file: 178.87.219.116
- hash: 443
- file: 204.152.222.153
- hash: 9443
- domain: pink3.p1nk.ru
- file: 91.92.243.183
- hash: 2404
- domain: idb.p1nk.ru
- domain: cold6.p1nk.ru
- domain: eltw.p1nk.ru
- domain: pj9.m1stzone.ru
- domain: xzoeg.m1stzone.ru
- domain: u5.m1stzone.ru
- domain: pulse3.m1stzone.ru
- file: 47.96.88.16
- hash: 8888
- file: 149.104.29.66
- hash: 80
- file: 103.43.8.166
- hash: 8000
- file: 125.40.54.116
- hash: 54002
- file: 107.175.246.17
- hash: 3650
- file: 157.20.182.28
- hash: 1338
- file: 157.20.182.28
- hash: 1337
- file: 144.31.221.85
- hash: 8080
- file: 45.138.16.162
- hash: 4455
- domain: silver9.w1ld.ru
- domain: wide.w1ld.ru
- domain: 92x.w1ld.ru
- domain: u81r.w1ld.ru
- file: 213.165.61.39
- hash: 443
- domain: k1.t1ger.ru
- domain: tally.t1ger.ru
- domain: pulse0.t1ger.ru
- domain: 36c48.t1ger.ru
- domain: zlx.5t0p.ru
- domain: mist.5t0p.ru
- domain: wall5.5t0p.ru
- domain: rb2.5t0p.ru
- domain: gdk.f1rewall.ru
- domain: gg.f1rewall.ru
- domain: spark8.f1rewall.ru
- domain: a9jpf.f1rewall.ru
- domain: fq8.r1ver.ru
- domain: clear2.r1ver.ru
- domain: wild7.r1ver.ru
- domain: jump2.r1ver.ru
- domain: spark.y0ur.ru
- domain: rmb.y0ur.ru
- domain: zdvey.y0ur.ru
- domain: burst.y0ur.ru
- domain: csgo7777.hopto.org
- domain: pink8.st0neflash.ru
ThreatFox IOCs for 2025-11-22
0
MediumPublished: Sat Nov 22 2025 (11/22/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-11-22
AI-Powered Analysis
AILast updated: 11/23/2025, 00:14:15 UTC
Technical Analysis
The ThreatFox IOCs report dated November 22, 2025, outlines a malware-related threat primarily categorized under OSINT (Open Source Intelligence), payload delivery, and network activity. This threat intelligence entry does not specify affected software versions or detailed technical indicators, indicating it serves as a general alert rather than a report on an active exploit or vulnerability. The threat level is rated at 2 on an unspecified scale, with analysis and distribution scores suggesting moderate concern and dissemination. No known exploits in the wild or patches are available, implying that this threat is either emerging or under observation. The malware's operational focus on payload delivery and network activity suggests it could be used to infiltrate systems, deliver malicious payloads, or facilitate lateral movement within networks. The absence of CWE identifiers and specific technical details limits the granularity of analysis but highlights the importance of monitoring network traffic and OSINT-related activities. The medium severity rating reflects a balanced assessment of potential impact and current threat intelligence status.
Potential Impact
For European organizations, this threat could lead to unauthorized payload delivery within corporate or critical infrastructure networks, potentially compromising confidentiality, integrity, or availability depending on the payload's nature. The lack of known exploits and patches suggests limited immediate risk but underscores the need for vigilance as the threat could evolve. Organizations relying heavily on OSINT tools or those with extensive networked environments may face increased exposure to this malware's delivery and propagation mechanisms. Potential impacts include data exfiltration, disruption of network services, or foothold establishment by threat actors. The medium severity indicates that while the threat is not currently critical, it could escalate if exploitation techniques or payloads become more sophisticated or widespread.
Mitigation Recommendations
European organizations should enhance network monitoring to detect unusual payload delivery and network activity patterns associated with this threat. Integration of updated threat intelligence feeds, including ThreatFox IOCs, into Security Information and Event Management (SIEM) systems can improve detection capabilities. Conduct regular OSINT tool audits to ensure they are securely configured and updated. Implement strict network segmentation to limit lateral movement in case of compromise. Employ behavioral analytics to identify anomalous activities indicative of payload delivery or malware communication. Train security teams to recognize and respond to emerging threats reported in intelligence feeds. Since no patches are available, focus on proactive detection and incident response readiness. Collaborate with national cybersecurity centers to share intelligence and best practices related to this threat.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- 40e44a4e-5ae4-4682-9608-d0bcd7f85e68
- Original Timestamp
- 1763856186
Indicators of Compromise
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://www.mantraservices.co.uk/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://validate-3748-captcha-2920-8237.click | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://arrenegade.com/211101.wav | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ashaherq.com/approve/otp2.html | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://title-car.info/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://nicoras.net/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://52.230.7.104:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttps://j88r.net/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://kurama.ltd/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://salator.es/sa1at/2or/ | SalatStealer botnet C2 (confidence level: 50%) | |
urlhttp://cookies.sqlite/download.php | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://formhistory.sqlite/download.php | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://hofpfi01.top/download.php | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://logins.json/download.php | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://signons.sqlite/download.php | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttp://wymxeb13.top/download.php | CryptBot payload delivery URL (confidence level: 50%) | |
urlhttps://cld.hashes.today | Unknown malware payload delivery URL (confidence level: 100%) | |
urltcp://31.56.27.97/scripts/4thepool_miner.sh | Unknown malware payload delivery URL (confidence level: 75%) | |
urlhttps://gnc.j3b4m3g8.work | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://dverv43.q4w9l6g3w.work/ | Unknown malware botnet C2 (confidence level: 50%) | |
urlhttps://cnzh-chrom.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://chrome-zhgoogle.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://web.eat82.vip/chromesetup.zip | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cn-google-chrom.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://apps-chrom.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://google-chrome-google.com.cn/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://apps-chrome.com.cn/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cnzh-chrom-google.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://chrom-app.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://guge-chrom.com/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://chrome-google.org/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://google-chrome-intl.com.cn/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://realad.bond/api | Lumma Stealer botnet C2 (confidence level: 75%) | |
urlhttps://chrome-zh-hk.com.cn/chromesetup.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://bfacollege.co.in/projects/verify/cloudflare/humanchallenge/verification/id728722 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://svctc.in/themes/cloudflare/verification/cloudflarechallenge/id287292 | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://sora2-openai.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://msnfmicros.com/service.exe | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://trading-view-app.org | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://wallet.petrnesterov.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://solscan.is | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://soltrencher.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttp://23.160.168.165:7998/hst/test.bat | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://account-extranetpulse.online | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://mkjjq.com/j.txt | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://www.new.in-cut.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttps://account-captchapulse.online | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://sohumbabyproducts.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://persenglish.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://anupammills.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://lacasadianto.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://vibortherm.hu | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://imaziner.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hrokvip247.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://themovement.fit | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cyberlaws.net | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://rodacanela.com.br | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hobsmedia.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://kubett.mobi | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cp-caren.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://inlaser.pro | Unknown malware payload delivery URL (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash5902640be1d1e83848e2ba869e5acbf8317470993943c237666b7dc617ed8628 | Unknown RAT payload (confidence level: 100%) | |
hash5060 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash50793 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash56665 | Sliver botnet C2 server (confidence level: 100%) | |
hash8888 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash15647 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2095 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Chaos botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash36032 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash8080 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash4443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8088 | Ghost RAT botnet C2 server (confidence level: 75%) | |
hash1931 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1931 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash2026 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5010 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash4449 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash2053 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8443 | Sliver botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash6666 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8888 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash2222 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash80 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash80 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
hash8443 | Meterpreter botnet C2 server (confidence level: 75%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash50337 | Sliver botnet C2 server (confidence level: 100%) | |
hash2004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash4322 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash4782 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash30191 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30160 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30168 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30178 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30201 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30009 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30168 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash30201 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash10250 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash1338 | AsyncRAT botnet C2 server (confidence level: 75%) | |
hash8443 | BianLian botnet C2 server (confidence level: 75%) | |
hash443 | QakBot botnet C2 server (confidence level: 75%) | |
hash9443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 75%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8000 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash54002 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash3650 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1338 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash1337 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash8080 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4455 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainvalidate-3748-captcha-2920-8237.click | Unknown malware payload delivery domain (confidence level: 100%) | |
domainarrenegade.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlentdwn.cyou | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainpolucxs.cyou | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainatabriq.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainbivaluz.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincatwzit.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domaincornxm.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainlubberf.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainoryzac.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsaucrvo.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsneaiov.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainsponged.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwholequz.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainuntangj.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwhitegi.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainvelvepn.qpon | Lumma Stealer botnet C2 domain (confidence level: 75%) | |
domainwald3.mintstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainadler.stormfiare.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.stormfiare.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrau5.stormfiare.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmond.stormfiare.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.ciearforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor1.ciearforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleis.ciearforge.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.awreti3uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke3.awreti3uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor.awreti3uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm.awreti3uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern.hum-2-nk-0-str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer1.hum-2-nk-0-str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal.hum-2-nk-0-str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad.ele6tricmul1ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht2.ele6tricmul1ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.ele6tricmul1ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweiss.ele6tricmul1ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune.ele6tricmul1ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfjord.co0peratre4er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglanz.co0peratre4er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrauch.co0peratre4er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainklee5.co0peratre4er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrune.netit-0-c-0-rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhain3.netit-0-c-0-rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolfe.netit-0-c-0-rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach.netit-0-c-0-rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainadler.ele-6-tricmul-1-ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.ele-6-tricmul-1-ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal2.ele-6-tricmul-1-ed.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor.hum2nk0str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwald.hum2nk0str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrat4.hum2nk0str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkorn.hum2nk0str.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind.awreti-3-uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainherady.xyz | Remcos botnet C2 domain (confidence level: 100%) | |
domainfels2.awreti-3-uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.awreti-3-uette.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrain.br-0-ad-temp-1-ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweald.br-0-ad-temp-1-ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke3.br-0-ad-temp-1-ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfluss.br-0-ad-temp-1-ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer.co-0-peratre-4-er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht.co-0-peratre-4-er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkraut2.co-0-peratre-4-er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleis.co-0-peratre-4-er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstein.co-0-peratre-4-er.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern1.netit0c0rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor.netit0c0rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.netit0c0rec.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm.br0adtemp1ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.br0adtemp1ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwald7.br0adtemp1ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglow.br0adtemp1ate.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainay.gr0ssgar.top | ClearFake payload delivery domain (confidence level: 100%) | |
domaindrift.gr0ssgar.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainsnuff.gr0ssgar.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainloop6.gr0ssgar.top | ClearFake payload delivery domain (confidence level: 100%) | |
domainvale6.c1earwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1yqf.c1earwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain90phuttw.cc | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domain91p.livoraz.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domain91p.plcdn.xyz | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincakhiaat.cc | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainck.livoraz.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainck.plcdn.xyz | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.cakhiaok.co | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaingatex.womensoundoff.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainjapanthis.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainsocolivezw.cc | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.thapcamtvz.net | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xl365.livoraz.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xl365.plcdn.xyz | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xlvi.livoraz.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xlvi.plcdn.xyz | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xlz.livoraz.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xlz.plcdn.xyz | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xoilac.livoraz.com | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xoilac.plcdn.xyz | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xoilac365w.cc | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xoilac86a.cc | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domainwww.xoilaczzfz.tv | AsyncRAT botnet C2 domain (confidence level: 50%) | |
domaincookies.sqlite | CryptBot payload delivery domain (confidence level: 50%) | |
domainformhistory.sqlite | CryptBot payload delivery domain (confidence level: 50%) | |
domainhofpfi01.top | CryptBot payload delivery domain (confidence level: 50%) | |
domainlogins.json | CryptBot payload delivery domain (confidence level: 50%) | |
domainsignons.sqlite | CryptBot payload delivery domain (confidence level: 50%) | |
domainwymxeb13.top | CryptBot payload delivery domain (confidence level: 50%) | |
domainauth.nsotone.com | Mirai botnet C2 domain (confidence level: 50%) | |
domainawbnmnmammmamnre.top | Phorpiex botnet C2 domain (confidence level: 50%) | |
domainlennox23111-31851.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainlennox23111-46792.portmap.host | XWorm botnet C2 domain (confidence level: 50%) | |
domainmake-zoom.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainmind-conclusion.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainprocess-generous.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 50%) | |
domainfox.c1earwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincld.hashes.today | Unknown malware payload delivery domain (confidence level: 100%) | |
domainajbkf.c1earwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindrop.br1ghtmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainqi.br1ghtmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrail.br1ghtmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjujg2.br1ghtmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindk.mintspr1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshine.mintspr1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzone0.mintspr1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainy8mb.mintspr1ng.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxey4.qu1ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainffng5.qu1ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsend-earlier.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainergwgfbrej.duckdns.org | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domainelvis123456.ddns.net | Nanocore RAT botnet C2 domain (confidence level: 100%) | |
domainui.qu1ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmotor0.qu1ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrack4.stoner0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain1s.stoner0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingnbe2.stoner0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain7sd.stoner0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaines5.m0tor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmotor.m0tor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino4ro.m0tor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainquick.m0tor.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind48e9.shadowf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwall6.shadowf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfrost7.shadowf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwall1.shadowf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincnzh-chrom.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainchrome-zhgoogle.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainchrome-google-ch.com.cn | Unknown malware payload delivery domain (confidence level: 100%) | |
domainweb.eat82.vip | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincn-google-chrom.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainoe.s1lver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapps-chrom.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingoogle-chrome-google.com.cn | Unknown malware payload delivery domain (confidence level: 100%) | |
domainapps-chrome.com.cn | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincnzh-chrom-google.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainchrom-app.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainguge-chrom.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaing1.s1lver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainapp-chrome.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainchrom-google.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainchrome-google.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domaingoogle-chrome-intl.com.cn | Unknown malware payload delivery domain (confidence level: 100%) | |
domainchrome-zh-hk.com.cn | Unknown malware payload delivery domain (confidence level: 100%) | |
domainwild6.s1lver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainshop.s1lver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbfacollege.co.in | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintrace.5h0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsora2-openai.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintrading-view-app.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnova.5h0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwallet.petrnesterov.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmsnfmicros.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsolscan.is | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsoltrencher.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincryptolaughs.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmorning.5h0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainh6.5h0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxa.frostmark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainaccount-extranetpulse.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmkjjq.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainaccount-captchapulse.online | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintas.frostmark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6cfc.frostmark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsohumbabyproducts.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpersenglish.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainanupammills.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlacasadianto.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainepilepsygolf.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domain536df.frostmark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvibortherm.hu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainimaziner.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhrokvip247.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainthemovement.fit | Unknown malware payload delivery domain (confidence level: 100%) | |
domainshine.w1de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincyberlaws.net | Unknown malware payload delivery domain (confidence level: 100%) | |
domainrodacanela.com.br | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhobsmedia.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkubett.mobi | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincp-caren.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaininlaser.pro | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpes.w1de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpulse7.w1de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindrop.w1de.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain18.f0rce.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhr3lb.f0rce.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain6h.f0rce.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwall8.f0rce.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainring.c0ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainburst7.c0ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingee.c0ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainun3.c0ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkp1.wildsh1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfire2.wildsh1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlw.wildsh1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlong.wildsh1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnews-reduces.gl.at.ply.gg | XWorm botnet C2 domain (confidence level: 100%) | |
domainjuancaro214.dynuddns.com | Remcos botnet C2 domain (confidence level: 100%) | |
domaindomain-gave.gl.at.ply.gg | AsyncRAT botnet C2 domain (confidence level: 100%) | |
domain9aoj.jump3r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnova9.jump3r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain65pcw.jump3r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmark.jump3r.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpink3.p1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainidb.p1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincold6.p1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineltw.p1nk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpj9.m1stzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainxzoeg.m1stzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu5.m1stzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpulse3.m1stzone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsilver9.w1ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwide.w1ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain92x.w1ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainu81r.w1ld.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaink1.t1ger.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintally.t1ger.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpulse0.t1ger.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain36c48.t1ger.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzlx.5t0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmist.5t0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwall5.5t0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrb2.5t0p.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingdk.f1rewall.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingg.f1rewall.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspark8.f1rewall.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaina9jpf.f1rewall.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfq8.r1ver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainclear2.r1ver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwild7.r1ver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjump2.r1ver.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspark.y0ur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrmb.y0ur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzdvey.y0ur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainburst.y0ur.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincsgo7777.hopto.org | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainpink8.st0neflash.ru | ClearFake payload delivery domain (confidence level: 100%) |
File
| Value | Description | Copy |
|---|---|---|
file186.169.80.57 | Remcos botnet C2 server (confidence level: 100%) | |
file176.117.107.13 | Remcos botnet C2 server (confidence level: 100%) | |
file91.231.222.182 | Remcos botnet C2 server (confidence level: 100%) | |
file147.124.218.193 | Remcos botnet C2 server (confidence level: 100%) | |
file151.243.109.61 | Sliver botnet C2 server (confidence level: 100%) | |
file103.116.52.231 | MooBot botnet C2 server (confidence level: 100%) | |
file193.161.193.99 | Nanocore RAT botnet C2 server (confidence level: 100%) | |
file39.100.71.237 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file199.217.99.47 | Remcos botnet C2 server (confidence level: 100%) | |
file193.134.209.94 | Sliver botnet C2 server (confidence level: 100%) | |
file116.62.29.237 | Unknown malware botnet C2 server (confidence level: 100%) | |
file193.29.13.58 | SectopRAT botnet C2 server (confidence level: 100%) | |
file13.37.244.39 | Unknown malware botnet C2 server (confidence level: 100%) | |
file69.164.244.90 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.24.95.135 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.24.95.135 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file175.178.149.35 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file111.228.40.85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file101.37.100.133 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file119.3.159.206 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file102.117.162.52 | Unknown malware botnet C2 server (confidence level: 100%) | |
file52.174.50.2 | Unknown malware botnet C2 server (confidence level: 100%) | |
file65.20.108.228 | Unknown malware botnet C2 server (confidence level: 100%) | |
file95.119.179.247 | Unknown malware botnet C2 server (confidence level: 100%) | |
file46.13.78.11 | Chaos botnet C2 server (confidence level: 100%) | |
file196.64.120.73 | Meterpreter botnet C2 server (confidence level: 100%) | |
file206.119.191.240 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file116.26.10.136 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file76.75.234.213 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file111.92.243.97 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file121.11.212.203 | Ghost RAT botnet C2 server (confidence level: 75%) | |
file157.20.182.29 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file159.198.40.9 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.93.154.151 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file185.208.156.137 | Venom RAT botnet C2 server (confidence level: 100%) | |
file18.195.185.250 | Unknown malware botnet C2 server (confidence level: 100%) | |
file123.60.153.36 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.64.199.215 | Unknown malware botnet C2 server (confidence level: 100%) | |
file147.135.248.189 | Unknown malware botnet C2 server (confidence level: 100%) | |
file103.167.112.172 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.211.163.168 | Sliver botnet C2 server (confidence level: 100%) | |
file46.151.31.187 | SectopRAT botnet C2 server (confidence level: 100%) | |
file41.250.73.241 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file206.119.191.240 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file206.119.191.240 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.222.18.83 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.222.18.83 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file154.222.18.83 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file93.113.180.31 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file5.253.30.24 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file194.55.137.65 | Aurotun Stealer botnet C2 server (confidence level: 100%) | |
file31.220.80.78 | Meterpreter botnet C2 server (confidence level: 75%) | |
file111.119.234.255 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.86.89.86 | Sliver botnet C2 server (confidence level: 100%) | |
file89.116.164.107 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file185.208.159.67 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file79.110.49.178 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file104.140.197.102 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.111 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.13 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.15 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.2 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.201 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.240 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file104.140.197.61 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file123.12.235.179 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file157.20.182.29 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file157.20.182.29 | AsyncRAT botnet C2 server (confidence level: 75%) | |
file172.236.242.34 | BianLian botnet C2 server (confidence level: 75%) | |
file178.87.219.116 | QakBot botnet C2 server (confidence level: 75%) | |
file204.152.222.153 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file91.92.243.183 | Remcos botnet C2 server (confidence level: 75%) | |
file47.96.88.16 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file149.104.29.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file103.43.8.166 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file125.40.54.116 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file107.175.246.17 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file157.20.182.28 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file144.31.221.85 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.138.16.162 | AdaptixC2 botnet C2 server (confidence level: 100%) | |
file213.165.61.39 | FAKEUPDATES payload delivery server (confidence level: 100%) |
Threat ID: 692251b6e19ebcc2d2e1e346
Added to database: 11/23/2025, 12:13:42 AM
Last enriched: 11/23/2025, 12:14:15 AM
Last updated: 11/23/2025, 8:46:21 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ThreatFox IOCs for 2025-11-21
MediumMalwareSat Nov 22 2025
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
MediumMalwareFri Nov 21 2025
Syncro + Lovable: RAT delivery via AI-generated websites | Kaspersky official blog
MediumMalwareFri Nov 21 2025
New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse
MediumMalwareFri Nov 21 2025
Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks
MediumMalwareFri Nov 21 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.