Reconnecting to live updates…
ThreatFox IOCs for 2025-11-24
Severity: mediumType: malware
ThreatFox IOCs for 2025-11-24
AI Analysis
Technical Summary
This threat report from the ThreatFox MISP feed dated November 24, 2025, provides a set of Indicators of Compromise (IOCs) related to malware activities primarily focused on OSINT (Open Source Intelligence), network activity, and payload delivery. The report does not specify any particular affected software versions or products, indicating that it may be a general intelligence update rather than a vulnerability targeting a specific system. The threat is assigned a medium severity level, reflecting moderate risk based on the threat level (2), analysis (1), and distribution (3) metrics provided. No patches or known exploits are currently available, which suggests that this is either a newly identified threat or one that has not yet been weaponized in the wild. The absence of detailed technical indicators or payload specifics limits the ability to conduct a deep technical analysis or to identify precise attack vectors. The classification under OSINT and network activity implies that the threat may involve reconnaissance or information gathering phases, potentially leading to payload delivery in later stages. The lack of CWE identifiers and the absence of authentication or user interaction requirements further suggest that this is an intelligence feed update rather than an active exploit. Organizations should treat this information as part of their broader threat intelligence efforts, integrating the IOCs into their detection and monitoring systems to enhance situational awareness and early warning capabilities.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known exploits and specific affected products. However, the presence of malware-related IOCs associated with OSINT and network activity indicates potential reconnaissance or preparatory stages of an attack, which could precede more targeted payload delivery attempts. If leveraged effectively by threat actors, these activities could lead to unauthorized access, data exfiltration, or disruption of services. The medium severity rating suggests moderate risk, with potential impacts on confidentiality and availability if subsequent exploitation occurs. Organizations heavily reliant on networked infrastructure and those engaged in sensitive or critical operations may face increased risk if these IOCs correlate with active threat campaigns. Continuous monitoring and integration of these IOCs into security operations can help mitigate potential impacts by enabling early detection and response. The lack of patches or mitigations means that defensive measures must focus on detection and prevention rather than remediation of a known vulnerability.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance detection capabilities. 2. Increase network monitoring for unusual or suspicious OSINT-related activities and payload delivery attempts, focusing on anomalous traffic patterns. 3. Conduct regular threat hunting exercises using updated intelligence feeds, including ThreatFox, to identify potential early indicators of compromise. 4. Ensure that endpoint detection and response (EDR) solutions are configured to detect behaviors associated with reconnaissance and payload delivery phases. 5. Maintain strict network segmentation and access controls to limit lateral movement should an initial compromise occur. 6. Train security teams to recognize and respond to OSINT-based reconnaissance tactics and payload delivery mechanisms. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive updates on evolving threats. 8. Since no patches are available, prioritize proactive detection and incident response readiness over reactive patch management for this threat. 9. Regularly update and test incident response plans to incorporate scenarios involving OSINT-driven malware campaigns. 10. Employ deception technologies or honeypots to detect and analyze reconnaissance activities related to this threat.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
Indicators of Compromise
- file: 8.152.5.66
- hash: 443
- file: 5.133.102.229
- hash: 1604
- file: 200.124.43.56
- hash: 2077
- file: 34.163.71.222
- hash: 3333
- file: 196.2.67.6
- hash: 3333
- file: 45.8.226.140
- hash: 3333
- file: 91.199.209.113
- hash: 3333
- file: 13.127.23.22
- hash: 3333
- file: 45.143.167.33
- hash: 8081
- file: 167.86.89.37
- hash: 3384
- file: 144.124.255.154
- hash: 9000
- file: 137.220.145.58
- hash: 443
- file: 137.220.145.34
- hash: 443
- file: 62.60.232.203
- hash: 1337
- file: 160.179.173.237
- hash: 2222
- domain: fluss.snowl1ne.ru
- domain: tau.snowl1ne.ru
- domain: dorn4.snowl1ne.ru
- url: http://dobriykaba.temp.swtest.ru/432b62ce.php
- domain: wald.snowl1ne.ru
- domain: ufer.oceanbyte.ru
- domain: stern.oceanbyte.ru
- domain: gleis3.oceanbyte.ru
- domain: rauch.darkspark.ru
- domain: bach2.darkspark.ru
- domain: wolke.darkspark.ru
- file: 103.86.44.170
- hash: 45
- domain: tal.darkspark.ru
- domain: grat.w1ndstorm.ru
- domain: kamm.w1ndstorm.ru
- domain: moor3.w1ndstorm.ru
- domain: weald.nightspark.ru
- domain: licht.nightspark.ru
- domain: ufer1.nightspark.ru
- domain: rill.nightspark.ru
- domain: korn.rapidmint.ru
- domain: wolke.rapidmint.ru
- domain: pfad2.rapidmint.ru
- domain: gleam.mintdrive.ru
- domain: hafen.mintdrive.ru
- file: 194.156.79.153
- hash: 55615
- domain: eiche4.mintdrive.ru
- url: http://43.138.38.26:8888/supershell/login/
- url: http://129.28.177.133:8888/supershell/login/
- file: 107.175.242.93
- hash: 443
- file: 64.111.92.198
- hash: 443
- file: 91.214.78.108
- hash: 443
- file: 176.117.107.17
- hash: 2404
- file: 181.162.182.203
- hash: 8080
- file: 37.114.63.53
- hash: 8010
- file: 143.92.171.138
- hash: 443
- file: 168.245.200.40
- hash: 3790
- file: 168.245.201.162
- hash: 3790
- file: 168.245.200.45
- hash: 3790
- file: 44.222.207.95
- hash: 1147
- file: 44.222.207.95
- hash: 20547
- file: 44.222.207.95
- hash: 36147
- file: 168.245.200.41
- hash: 3790
- file: 168.245.200.50
- hash: 3790
- domain: tau.mintdrive.ru
- domain: weiss.mintdrive.ru
- domain: birch.shad0wline.ru
- domain: wind.shad0wline.ru
- domain: dune2.shad0wline.ru
- domain: wolke.l1necloud.ru
- domain: bach.l1necloud.ru
- domain: tal1.l1necloud.ru
- url: http://workingboss3.ydns.eu:7076/is-ready
- domain: glanz.l1necloud.ru
- file: 46.246.80.18
- hash: 7076
- url: http://211.252.152.47/js/lw.txt
- domain: wolke.br1ghtstone.ru
- url: https://www.phuketia.com/
- domain: kamm2.br1ghtstone.ru
- domain: birch.br1ghtstone.ru
- url: http://198.23.177.219/siu/pin.php
- domain: glade.br1ghtstone.ru
- domain: tau.storml1ne.ru
- url: https://www.jyoushin-solar.com/
- url: http://212.11.64.228
- domain: f77.f3322.net
- file: 202.95.8.6
- hash: 80
- file: 103.86.44.170
- hash: 268
- file: 103.86.44.170
- hash: 389
- domain: dune3.storml1ne.ru
- domain: weald.storml1ne.ru
- domain: adler.clearbyte.ru
- domain: pfad.clearbyte.ru
- domain: mujjs.com
- domain: zurumaks.hopto.org
- domain: wolfe2.clearbyte.ru
- domain: moos.clearbyte.ru
- domain: gleis.clearbyte.ru
- domain: zorn.nightf0x.ru
- domain: rill1.nightf0x.ru
- url: https://prsuerinkicon.today
- domain: prsuerinkicon.today
- domain: kraut.nightf0x.ru
- domain: tal.nightf0x.ru
- domain: hafen.med1aflow.ru
- domain: craftmasters.co.uk
- url: https://craftmasters.co.uk
- domain: m8ke.agency
- url: https://m8ke.agency
- domain: solidarityinsaya.com
- url: https://solidarityinsaya.com
- domain: panplanning.com
- url: https://panplanning.com
- domain: sri-lanka-traumurlaub.com
- url: https://sri-lanka-traumurlaub.com
- domain: r-lien.com
- url: https://r-lien.com
- domain: teambuildingtunisie.com
- url: https://teambuildingtunisie.com
- url: https://46.29.238.160/
- domain: omaxtrans.com
- url: https://omaxtrans.com
- domain: estacaopequenaalemanha.com.br
- url: https://estacaopequenaalemanha.com.br
- domain: camersoftware.com
- url: https://camersoftware.com
- domain: bl555.gratis
- url: https://bl555.gratis
- domain: castra.site
- url: https://castra.site
- domain: lreindia.com
- url: https://lreindia.com
- domain: sagarpatil.bhsupportgt8.com
- url: https://sagarpatil.bhsupportgt8.com
- domain: rachelsvineyardkc.org
- url: https://rachelsvineyardkc.org
- domain: haachan.net
- url: https://haachan.net
- domain: cittadellese.sitonuovo.eu
- url: https://cittadellese.sitonuovo.eu
- url: https://renwebdesign.xsrv.jp
- domain: renwebdesign.xsrv.jp
- domain: subasanat.ir
- url: https://subasanat.ir
- file: 156.234.94.220
- hash: 3406
- file: 106.14.76.222
- hash: 83
- file: 106.14.76.222
- hash: 8888
- file: 45.121.50.136
- hash: 80
- domain: msgtrcrane.com
- url: https://msgtrcrane.com
- file: 123.4.34.22
- hash: 5873
- file: 167.88.165.131
- hash: 9000
- file: 157.245.148.3
- hash: 1111
- file: 102.98.71.53
- hash: 443
- file: 46.151.182.196
- hash: 80
- file: 106.14.76.222
- hash: 443
- file: 83.147.241.206
- hash: 80
- domain: asobi-plus.jp
- url: https://asobi-plus.jp
- domain: estate-recipe.com
- url: https://estate-recipe.com
- domain: evy2023website.nohasslebusiness.com
- url: https://evy2023website.nohasslebusiness.com
- domain: houstoncomputerrepairgeeks.com
- url: https://houstoncomputerrepairgeeks.com
- domain: ehcsils-id.ch
- url: https://ehcsils-id.ch
- domain: oehme-partner.de
- url: https://oehme-partner.de
- domain: totalsecllc.com
- file: 156.247.40.136
- hash: 1080
- url: https://totalsecllc.com
- domain: stern.med1aflow.ru
- url: https://xps.wallyapp.xyz/
- url: https://xps.pigeonforgetnrestaurant.com/
- url: https://49.13.36.31/
- url: https://46.62.252.220/
- url: https://49.13.39.215/
- url: https://49.13.37.254/
- url: https://78.47.61.36/
- url: https://91.244.71.173/
- url: https://116.203.164.0/
- url: https://46.62.223.126/
- file: 5.75.222.93
- hash: 443
- file: 49.13.36.31
- hash: 443
- file: 46.62.252.220
- hash: 443
- file: 49.13.39.215
- hash: 443
- file: 49.13.37.254
- hash: 443
- file: 78.47.61.36
- hash: 443
- file: 91.244.71.173
- hash: 443
- file: 116.203.164.0
- hash: 443
- file: 46.62.223.126
- hash: 443
- domain: bach2.med1aflow.ru
- url: https://gog.nigeriaafricatime.com/
- url: https://tgk.clashofmaps.vip/
- url: https://ugg.nigeriaafricatime.com/
- file: 172.65.200.167
- hash: 443
- domain: weald.bright0wl.ru
- domain: dune4.bright0wl.ru
- file: 35.180.181.197
- hash: 443
- url: https://www.mav-hf-kita-kk.de/
- domain: falke.bright0wl.ru
- file: 107.172.135.10
- hash: 9843
- domain: licht.bright0wl.ru
- domain: wolke1.bright0wl.ru
- domain: grat.cl0udnest.ru
- domain: ufer2.cl0udnest.ru
- domain: glanz.cl0udnest.ru
- domain: sturm.dustycode.ru
- domain: pfote.dustycode.ru
- domain: wind3.dustycode.ru
- domain: eiche.dustycode.ru
- domain: topstarwor.loseyourip.com
- domain: wolke.st0nepath.ru
- domain: bach.st0nepath.ru
- file: 154.201.74.112
- hash: 1433
- domain: tal1.st0nepath.ru
- file: 123.249.100.226
- hash: 2001
- file: 156.234.252.78
- hash: 7841
- file: 36.139.202.127
- hash: 8081
- file: 159.75.221.127
- hash: 9080
- file: 80.253.251.34
- hash: 44155
- file: 82.157.10.22
- hash: 7443
- file: 77.0.24.44
- hash: 7443
- file: 5.23.52.131
- hash: 7777
- file: 59.153.164.135
- hash: 808
- file: 135.181.61.243
- hash: 3333
- file: 87.106.163.158
- hash: 443
- file: 3.72.56.157
- hash: 80
- file: 134.199.206.206
- hash: 3333
- file: 185.125.216.144
- hash: 4344
- file: 34.224.246.253
- hash: 5000
- file: 35.225.216.255
- hash: 3333
- file: 107.174.35.101
- hash: 3333
- domain: gleam.mystic0rb.ru
- domain: weiss.mystic0rb.ru
- file: 114.66.38.114
- hash: 85
- file: 8.148.238.210
- hash: 5555
- domain: ufer5.mystic0rb.ru
- file: 20.2.233.253
- hash: 443
- domain: dune.mystic0rb.ru
- domain: birch.mystic0rb.ru
- domain: haze.gl0wmist.ru
- file: 150.158.120.73
- hash: 8008
- file: 198.46.173.26
- hash: 4498
- url: http://178.17.59.55
- domain: ak2.xingxings3.org
- file: 168.245.200.76
- hash: 3790
- file: 100.27.209.98
- hash: 6610
- file: 168.245.200.81
- hash: 3790
- domain: fern2.gl0wmist.ru
- domain: rime.gl0wmist.ru
- domain: brook.gl0wmist.ru
- domain: wolke.bluecr4ft.ru
- domain: fjord.bluecr4ft.ru
- file: 149.28.78.189
- hash: 42306
- file: 163.61.102.245
- hash: 443
- domain: glade2.bluecr4ft.ru
- file: 47.97.123.113
- hash: 8443
- domain: tau.bluecr4ft.ru
- domain: rune.silentwave.ru
- domain: weald.silentwave.ru
- domain: dune.silentwave.ru
- domain: klee.r1vermint.ru
- domain: ufer1.r1vermint.ru
- url: https://fer.wallyapp.xyz/
- url: https://fer.pigeonforgetnrestaurant.com/
- domain: fer.wallyapp.xyz
- domain: fer.pigeonforgetnrestaurant.com
- domain: stern.r1vermint.ru
- domain: rauch.r1vermint.ru
- domain: gleam.r1vermint.ru
- domain: viedorta.com
- domain: birch.darkfeather.ru
- url: https://viedorta.com/hall/shoe.js
- url: https://viedorta.com/hall/zara.php
- url: https://viedorta.com/hall/sock.js
- url: https://modernrecent.com/play
- url: https://modernrecent.com/tgb.zip
- domain: modernrecent.com
- file: 5.252.177.15
- hash: 443
- domain: moor.darkfeather.ru
- domain: pfad.darkfeather.ru
- domain: glanz.safebl0ck.ru
- domain: nest.safebl0ck.ru
- domain: tal2.safebl0ck.ru
- domain: korn.safebl0ck.ru
- domain: wolke.shadowc0re.ru
- domain: grat.shadowc0re.ru
- domain: licht.shadowc0re.ru
- domain: falke1.shadowc0re.ru
- file: 43.134.9.82
- hash: 9000
- domain: hain.shadowc0re.ru
- file: 103.130.215.101
- hash: 1024
- file: 66.154.127.129
- hash: 8880
- file: 172.94.13.235
- hash: 8808
- file: 164.68.120.30
- hash: 3004
- file: 167.88.165.153
- hash: 9000
- file: 78.47.226.37
- hash: 8089
- domain: d.hansang.top
- file: 102.98.111.82
- hash: 443
- domain: wald.m1stwood.ru
- file: 138.197.198.111
- hash: 23
- file: 54.196.195.102
- hash: 771
- domain: hafen.m1stwood.ru
- domain: kamm3.m1stwood.ru
- domain: adler.stargl0w.ru
- domain: glow.stargl0w.ru
- domain: tsfs.com.my
- url: https://tsfs.com.my
- domain: vair.xcreative.cz
- url: https://vair.xcreative.cz
- domain: cockpit.hartsimagineering.com
- url: https://cockpit.hartsimagineering.com
- file: 34.41.139.193
- hash: 8081
- domain: utazznapolyba.hu
- url: https://utazznapolyba.hu
- domain: weiss.stargl0w.ru
- domain: miserugrayhair.com
- url: https://miserugrayhair.com
- domain: printlife.vn
- url: https://printlife.vn
- domain: missdulcet.com
- url: https://missdulcet.com
- domain: nathanhowe.nathanhowemusic.com
- url: https://nathanhowe.nathanhowemusic.com
- domain: yaoisexgames.com
- url: https://yaoisexgames.com
- domain: dorn2.stargl0w.ru
- domain: hitonowa-salon.com
- url: https://hitonowa-salon.com
- file: 155.102.180.138
- hash: 443
- file: 155.102.180.141
- hash: 443
- file: 155.102.180.142
- hash: 443
- file: 155.102.181.146
- hash: 443
- domain: fjord.oceantrail.ru
- domain: tau.oceantrail.ru
- domain: wolke2.oceantrail.ru
- domain: pfote.crystalf0x.ru
- domain: klee.crystalf0x.ru
- domain: wind3.crystalf0x.ru
- domain: licht.crystalf0x.ru
- domain: goodmoneyi.net
- domain: nexlunix.com
- domain: policy.ydns.eu
- domain: policybk.ydns.eu
- domain: iniiivan.ydns.eu
- domain: iniiivanbk.ydns.eu
- domain: exportsales.gkngroups.ydns.eu
- domain: exportsales.gkngroupsbk.ydns.eu
- domain: zorn.crystalf0x.ru
- domain: glade.c0dehawk.ru
- file: 154.23.185.147
- hash: 8081
- domain: stern.c0dehawk.ru
- domain: ufer4.c0dehawk.ru
- file: 208.180.246.44
- hash: 631
- domain: moor.c0dehawk.ru
- file: 98.83.248.134
- hash: 443
- url: https://iiailog.mydns.bz/
- domain: trail.cliffwave.ru
- url: https://a.renewmedaz.com/quantum.php
- domain: v98.cliffwave.ru
- domain: rx6cd.cliffwave.ru
- domain: yg3jg.cliffwave.ru
- domain: run.shadowsun.ru
- file: 198.23.177.218
- hash: 2404
- domain: cliff4.shadowsun.ru
- domain: spark3.shadowsun.ru
- file: 45.134.39.112
- hash: 80
- domain: yr4y5.shadowsun.ru
- domain: dsc.firetrail.ru
- domain: run1.firetrail.ru
- domain: sun.firetrail.ru
- domain: upux.firetrail.ru
- file: 77.110.112.57
- hash: 443
- file: 144.31.201.20
- hash: 443
- domain: pulse5.mintflash.ru
- domain: b7.mintflash.ru
- domain: lhf6.mintflash.ru
- domain: jdiw5.mintflash.ru
- domain: wind9.silverrun.ru
- domain: 2dzr0.silverrun.ru
- domain: hqk4.silverrun.ru
- domain: m2m8.silverrun.ru
- domain: peak0.rockwind.ru
- domain: soft2.rockwind.ru
- domain: o7oz.rockwind.ru
- domain: om17w.rockwind.ru
- domain: 8a.s0ftmint.ru
- domain: 2dhk1.s0ftmint.ru
- domain: vale.s0ftmint.ru
- domain: wolke.wildcr3st.ru
- domain: ridge.wildcr3st.ru
- domain: fern2.wildcr3st.ru
- domain: trail.wildcr3st.ru
- domain: ol.wildcr3st.ru
ThreatFox IOCs for 2025-11-24
0
MediumPublished: Mon Nov 24 2025 (11/24/2025, 00:00:00 UTC)
Source: ThreatFox MISP Feed
Vendor/Project: type
Product: osint
Description
ThreatFox IOCs for 2025-11-24
AI-Powered Analysis
AILast updated: 11/25/2025, 00:15:53 UTC
Technical Analysis
This threat report from the ThreatFox MISP feed dated November 24, 2025, provides a set of Indicators of Compromise (IOCs) related to malware activities primarily focused on OSINT (Open Source Intelligence), network activity, and payload delivery. The report does not specify any particular affected software versions or products, indicating that it may be a general intelligence update rather than a vulnerability targeting a specific system. The threat is assigned a medium severity level, reflecting moderate risk based on the threat level (2), analysis (1), and distribution (3) metrics provided. No patches or known exploits are currently available, which suggests that this is either a newly identified threat or one that has not yet been weaponized in the wild. The absence of detailed technical indicators or payload specifics limits the ability to conduct a deep technical analysis or to identify precise attack vectors. The classification under OSINT and network activity implies that the threat may involve reconnaissance or information gathering phases, potentially leading to payload delivery in later stages. The lack of CWE identifiers and the absence of authentication or user interaction requirements further suggest that this is an intelligence feed update rather than an active exploit. Organizations should treat this information as part of their broader threat intelligence efforts, integrating the IOCs into their detection and monitoring systems to enhance situational awareness and early warning capabilities.
Potential Impact
For European organizations, the impact of this threat is currently limited due to the absence of known exploits and specific affected products. However, the presence of malware-related IOCs associated with OSINT and network activity indicates potential reconnaissance or preparatory stages of an attack, which could precede more targeted payload delivery attempts. If leveraged effectively by threat actors, these activities could lead to unauthorized access, data exfiltration, or disruption of services. The medium severity rating suggests moderate risk, with potential impacts on confidentiality and availability if subsequent exploitation occurs. Organizations heavily reliant on networked infrastructure and those engaged in sensitive or critical operations may face increased risk if these IOCs correlate with active threat campaigns. Continuous monitoring and integration of these IOCs into security operations can help mitigate potential impacts by enabling early detection and response. The lack of patches or mitigations means that defensive measures must focus on detection and prevention rather than remediation of a known vulnerability.
Mitigation Recommendations
1. Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and threat intelligence platforms to enhance detection capabilities. 2. Increase network monitoring for unusual or suspicious OSINT-related activities and payload delivery attempts, focusing on anomalous traffic patterns. 3. Conduct regular threat hunting exercises using updated intelligence feeds, including ThreatFox, to identify potential early indicators of compromise. 4. Ensure that endpoint detection and response (EDR) solutions are configured to detect behaviors associated with reconnaissance and payload delivery phases. 5. Maintain strict network segmentation and access controls to limit lateral movement should an initial compromise occur. 6. Train security teams to recognize and respond to OSINT-based reconnaissance tactics and payload delivery mechanisms. 7. Collaborate with national and European cybersecurity centers to share intelligence and receive updates on evolving threats. 8. Since no patches are available, prioritize proactive detection and incident response readiness over reactive patch management for this threat. 9. Regularly update and test incident response plans to incorporate scenarios involving OSINT-driven malware campaigns. 10. Employ deception technologies or honeypots to detect and analyze reconnaissance activities related to this threat.
Affected Countries
Need more detailed analysis?Get Pro
Pro Feature
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 1
- Distribution
- 3
- Uuid
- c3794d99-dc18-4df0-9dc9-91fe36045fd6
- Original Timestamp
- 1764028987
Indicators of Compromise
File
| Value | Description | Copy |
|---|---|---|
file8.152.5.66 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file5.133.102.229 | DarkComet botnet C2 server (confidence level: 100%) | |
file200.124.43.56 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file34.163.71.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file196.2.67.6 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.8.226.140 | Unknown malware botnet C2 server (confidence level: 100%) | |
file91.199.209.113 | Unknown malware botnet C2 server (confidence level: 100%) | |
file13.127.23.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file45.143.167.33 | Remcos botnet C2 server (confidence level: 100%) | |
file167.86.89.37 | Remcos botnet C2 server (confidence level: 100%) | |
file144.124.255.154 | SectopRAT botnet C2 server (confidence level: 100%) | |
file137.220.145.58 | Venom RAT botnet C2 server (confidence level: 100%) | |
file137.220.145.34 | Venom RAT botnet C2 server (confidence level: 100%) | |
file62.60.232.203 | Orcus RAT botnet C2 server (confidence level: 100%) | |
file160.179.173.237 | Meterpreter botnet C2 server (confidence level: 100%) | |
file103.86.44.170 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file194.156.79.153 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
file107.175.242.93 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file64.111.92.198 | Remcos botnet C2 server (confidence level: 100%) | |
file91.214.78.108 | Remcos botnet C2 server (confidence level: 100%) | |
file176.117.107.17 | Remcos botnet C2 server (confidence level: 100%) | |
file181.162.182.203 | Quasar RAT botnet C2 server (confidence level: 100%) | |
file37.114.63.53 | Venom RAT botnet C2 server (confidence level: 100%) | |
file143.92.171.138 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file168.245.200.40 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.201.162 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.45 | Meterpreter botnet C2 server (confidence level: 100%) | |
file44.222.207.95 | Meterpreter botnet C2 server (confidence level: 100%) | |
file44.222.207.95 | Meterpreter botnet C2 server (confidence level: 100%) | |
file44.222.207.95 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.41 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.50 | Meterpreter botnet C2 server (confidence level: 100%) | |
file46.246.80.18 | Vjw0rm botnet C2 server (confidence level: 100%) | |
file202.95.8.6 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.86.44.170 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.86.44.170 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file156.234.94.220 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.76.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file106.14.76.222 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file45.121.50.136 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file123.4.34.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file167.88.165.131 | SectopRAT botnet C2 server (confidence level: 100%) | |
file157.245.148.3 | Venom RAT botnet C2 server (confidence level: 100%) | |
file102.98.71.53 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file46.151.182.196 | MooBot botnet C2 server (confidence level: 100%) | |
file106.14.76.222 | Unknown malware botnet C2 server (confidence level: 100%) | |
file83.147.241.206 | MimiKatz botnet C2 server (confidence level: 100%) | |
file156.247.40.136 | FatalRat botnet C2 server (confidence level: 100%) | |
file5.75.222.93 | Vidar botnet C2 server (confidence level: 100%) | |
file49.13.36.31 | Vidar botnet C2 server (confidence level: 100%) | |
file46.62.252.220 | Vidar botnet C2 server (confidence level: 100%) | |
file49.13.39.215 | Vidar botnet C2 server (confidence level: 100%) | |
file49.13.37.254 | Vidar botnet C2 server (confidence level: 100%) | |
file78.47.61.36 | Vidar botnet C2 server (confidence level: 100%) | |
file91.244.71.173 | Vidar botnet C2 server (confidence level: 100%) | |
file116.203.164.0 | Vidar botnet C2 server (confidence level: 100%) | |
file46.62.223.126 | Vidar botnet C2 server (confidence level: 100%) | |
file172.65.200.167 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file35.180.181.197 | Havoc botnet C2 server (confidence level: 75%) | |
file107.172.135.10 | XWorm botnet C2 server (confidence level: 75%) | |
file154.201.74.112 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file123.249.100.226 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file156.234.252.78 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file36.139.202.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file159.75.221.127 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file80.253.251.34 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file82.157.10.22 | Unknown malware botnet C2 server (confidence level: 100%) | |
file77.0.24.44 | Unknown malware botnet C2 server (confidence level: 100%) | |
file5.23.52.131 | DCRat botnet C2 server (confidence level: 100%) | |
file59.153.164.135 | Kaiji botnet C2 server (confidence level: 100%) | |
file135.181.61.243 | Unknown malware botnet C2 server (confidence level: 100%) | |
file87.106.163.158 | Unknown malware botnet C2 server (confidence level: 100%) | |
file3.72.56.157 | Unknown malware botnet C2 server (confidence level: 100%) | |
file134.199.206.206 | Unknown malware botnet C2 server (confidence level: 100%) | |
file185.125.216.144 | Unknown malware botnet C2 server (confidence level: 100%) | |
file34.224.246.253 | Unknown malware botnet C2 server (confidence level: 100%) | |
file35.225.216.255 | Unknown malware botnet C2 server (confidence level: 100%) | |
file107.174.35.101 | Unknown malware botnet C2 server (confidence level: 100%) | |
file114.66.38.114 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file8.148.238.210 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file20.2.233.253 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file150.158.120.73 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file198.46.173.26 | Remcos botnet C2 server (confidence level: 100%) | |
file168.245.200.76 | Meterpreter botnet C2 server (confidence level: 100%) | |
file100.27.209.98 | Meterpreter botnet C2 server (confidence level: 100%) | |
file168.245.200.81 | Meterpreter botnet C2 server (confidence level: 100%) | |
file149.28.78.189 | ShadowPad payload delivery server (confidence level: 50%) | |
file163.61.102.245 | ShadowPad botnet C2 server (confidence level: 50%) | |
file47.97.123.113 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file5.252.177.15 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file43.134.9.82 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file103.130.215.101 | Mirai botnet C2 server (confidence level: 100%) | |
file66.154.127.129 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
file172.94.13.235 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file164.68.120.30 | AsyncRAT botnet C2 server (confidence level: 100%) | |
file167.88.165.153 | SectopRAT botnet C2 server (confidence level: 100%) | |
file78.47.226.37 | Hook botnet C2 server (confidence level: 100%) | |
file102.98.111.82 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
file138.197.198.111 | Bashlite botnet C2 server (confidence level: 100%) | |
file54.196.195.102 | Meterpreter botnet C2 server (confidence level: 100%) | |
file34.41.139.193 | NetWire RC botnet C2 server (confidence level: 100%) | |
file155.102.180.138 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file155.102.180.141 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file155.102.180.142 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file155.102.181.146 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
file154.23.185.147 | ValleyRAT botnet C2 server (confidence level: 100%) | |
file208.180.246.44 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file98.83.248.134 | DeimosC2 botnet C2 server (confidence level: 75%) | |
file198.23.177.218 | Remcos botnet C2 server (confidence level: 100%) | |
file45.134.39.112 | MooBot botnet C2 server (confidence level: 100%) | |
file77.110.112.57 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
file144.31.201.20 | FAKEUPDATES payload delivery server (confidence level: 100%) |
Hash
| Value | Description | Copy |
|---|---|---|
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash1604 | DarkComet botnet C2 server (confidence level: 100%) | |
hash2077 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash8081 | Remcos botnet C2 server (confidence level: 100%) | |
hash3384 | Remcos botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash1337 | Orcus RAT botnet C2 server (confidence level: 100%) | |
hash2222 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash45 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash55615 | RedLine Stealer botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash443 | Remcos botnet C2 server (confidence level: 100%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash8080 | Quasar RAT botnet C2 server (confidence level: 100%) | |
hash8010 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash1147 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash20547 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash36147 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash7076 | Vjw0rm botnet C2 server (confidence level: 100%) | |
hash80 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash268 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash389 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash3406 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash83 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8888 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash80 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5873 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash1111 | Venom RAT botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | MimiKatz botnet C2 server (confidence level: 100%) | |
hash1080 | FatalRat botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | Vidar botnet C2 server (confidence level: 100%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | Havoc botnet C2 server (confidence level: 75%) | |
hash9843 | XWorm botnet C2 server (confidence level: 75%) | |
hash1433 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash2001 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7841 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8081 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash9080 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash44155 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash7777 | DCRat botnet C2 server (confidence level: 100%) | |
hash808 | Kaiji botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash443 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash80 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash4344 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash5000 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash3333 | Unknown malware botnet C2 server (confidence level: 100%) | |
hash85 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash5555 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash443 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash8008 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash4498 | Remcos botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash6610 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash3790 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash42306 | ShadowPad payload delivery server (confidence level: 50%) | |
hash443 | ShadowPad botnet C2 server (confidence level: 50%) | |
hash8443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash9000 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash1024 | Mirai botnet C2 server (confidence level: 100%) | |
hash8880 | Cobalt Strike botnet C2 server (confidence level: 100%) | |
hash8808 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash3004 | AsyncRAT botnet C2 server (confidence level: 100%) | |
hash9000 | SectopRAT botnet C2 server (confidence level: 100%) | |
hash8089 | Hook botnet C2 server (confidence level: 100%) | |
hash443 | NetSupportManager RAT botnet C2 server (confidence level: 100%) | |
hash23 | Bashlite botnet C2 server (confidence level: 100%) | |
hash771 | Meterpreter botnet C2 server (confidence level: 100%) | |
hash8081 | NetWire RC botnet C2 server (confidence level: 100%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash443 | Cobalt Strike botnet C2 server (confidence level: 75%) | |
hash8081 | ValleyRAT botnet C2 server (confidence level: 100%) | |
hash631 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash443 | DeimosC2 botnet C2 server (confidence level: 75%) | |
hash2404 | Remcos botnet C2 server (confidence level: 100%) | |
hash80 | MooBot botnet C2 server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) | |
hash443 | FAKEUPDATES payload delivery server (confidence level: 100%) |
Domain
| Value | Description | Copy |
|---|---|---|
domainfluss.snowl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.snowl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindorn4.snowl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwald.snowl1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer.oceanbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern.oceanbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleis3.oceanbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrauch.darkspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach2.darkspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.darkspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal.darkspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrat.w1ndstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm.w1ndstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor3.w1ndstorm.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweald.nightspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht.nightspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer1.nightspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrill.nightspark.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkorn.rapidmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.rapidmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad2.rapidmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleam.mintdrive.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhafen.mintdrive.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineiche4.mintdrive.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.mintdrive.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweiss.mintdrive.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.shad0wline.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind.shad0wline.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune2.shad0wline.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.l1necloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach.l1necloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal1.l1necloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglanz.l1necloud.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.br1ghtstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm2.br1ghtstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.br1ghtstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.br1ghtstone.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.storml1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainf77.f3322.net | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domaindune3.storml1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweald.storml1ne.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainadler.clearbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad.clearbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmujjs.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainzurumaks.hopto.org | DarkComet botnet C2 domain (confidence level: 50%) | |
domainwolfe2.clearbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoos.clearbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleis.clearbyte.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainzorn.nightf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrill1.nightf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainprsuerinkicon.today | Unknown malware payload delivery domain (confidence level: 100%) | |
domainkraut.nightf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal.nightf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhafen.med1aflow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincraftmasters.co.uk | Unknown malware payload delivery domain (confidence level: 100%) | |
domainm8ke.agency | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsolidarityinsaya.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainpanplanning.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsri-lanka-traumurlaub.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainr-lien.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainteambuildingtunisie.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainomaxtrans.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainestacaopequenaalemanha.com.br | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincamersoftware.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainbl555.gratis | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincastra.site | Unknown malware payload delivery domain (confidence level: 100%) | |
domainlreindia.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsagarpatil.bhsupportgt8.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainrachelsvineyardkc.org | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhaachan.net | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincittadellese.sitonuovo.eu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainrenwebdesign.xsrv.jp | Unknown malware payload delivery domain (confidence level: 100%) | |
domainsubasanat.ir | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmsgtrcrane.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainasobi-plus.jp | Unknown malware payload delivery domain (confidence level: 100%) | |
domainestate-recipe.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainevy2023website.nohasslebusiness.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainhoustoncomputerrepairgeeks.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainehcsils-id.ch | Unknown malware payload delivery domain (confidence level: 100%) | |
domainoehme-partner.de | Unknown malware payload delivery domain (confidence level: 100%) | |
domaintotalsecllc.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainstern.med1aflow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach2.med1aflow.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweald.bright0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune4.bright0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfalke.bright0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht.bright0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke1.bright0wl.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrat.cl0udnest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer2.cl0udnest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglanz.cl0udnest.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsturm.dustycode.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfote.dustycode.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind3.dustycode.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaineiche.dustycode.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintopstarwor.loseyourip.com | Quasar RAT botnet C2 domain (confidence level: 75%) | |
domainwolke.st0nepath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbach.st0nepath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal1.st0nepath.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleam.mystic0rb.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweiss.mystic0rb.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer5.mystic0rb.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune.mystic0rb.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbirch.mystic0rb.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhaze.gl0wmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainak2.xingxings3.org | ValleyRAT botnet C2 domain (confidence level: 100%) | |
domainfern2.gl0wmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrime.gl0wmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainbrook.gl0wmist.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.bluecr4ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfjord.bluecr4ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade2.bluecr4ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.bluecr4ft.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrune.silentwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainweald.silentwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindune.silentwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainklee.r1vermint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer1.r1vermint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfer.wallyapp.xyz | Vidar botnet C2 domain (confidence level: 100%) | |
domainfer.pigeonforgetnrestaurant.com | Vidar botnet C2 domain (confidence level: 100%) | |
domainstern.r1vermint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrauch.r1vermint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingleam.r1vermint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainviedorta.com | FAKEUPDATES payload delivery domain (confidence level: 100%) | |
domainbirch.darkfeather.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmodernrecent.com | NetSupportManager RAT payload delivery domain (confidence level: 100%) | |
domainmoor.darkfeather.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfad.darkfeather.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglanz.safebl0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainnest.safebl0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintal2.safebl0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkorn.safebl0ck.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.shadowc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingrat.shadowc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht.shadowc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfalke1.shadowc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhain.shadowc0re.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaind.hansang.top | Quasar RAT botnet C2 domain (confidence level: 100%) | |
domainwald.m1stwood.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhafen.m1stwood.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainkamm3.m1stwood.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainadler.stargl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglow.stargl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintsfs.com.my | Unknown malware payload delivery domain (confidence level: 100%) | |
domainvair.xcreative.cz | Unknown malware payload delivery domain (confidence level: 100%) | |
domaincockpit.hartsimagineering.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainutazznapolyba.hu | Unknown malware payload delivery domain (confidence level: 100%) | |
domainweiss.stargl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmiserugrayhair.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainprintlife.vn | Unknown malware payload delivery domain (confidence level: 100%) | |
domainmissdulcet.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainnathanhowe.nathanhowemusic.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainyaoisexgames.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domaindorn2.stargl0w.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhitonowa-salon.com | Unknown malware payload delivery domain (confidence level: 100%) | |
domainfjord.oceantrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintau.oceantrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke2.oceantrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpfote.crystalf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainklee.crystalf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind3.crystalf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlicht.crystalf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaingoodmoneyi.net | Remcos botnet C2 domain (confidence level: 100%) | |
domainnexlunix.com | Remcos botnet C2 domain (confidence level: 100%) | |
domainpolicy.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainpolicybk.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaininiiivan.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domaininiiivanbk.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainexportsales.gkngroups.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainexportsales.gkngroupsbk.ydns.eu | Remcos botnet C2 domain (confidence level: 100%) | |
domainzorn.crystalf0x.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainglade.c0dehawk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainstern.c0dehawk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainufer4.c0dehawk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainmoor.c0dehawk.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrail.cliffwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainv98.cliffwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrx6cd.cliffwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyg3jg.cliffwave.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrun.shadowsun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaincliff4.shadowsun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainspark3.shadowsun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainyr4y5.shadowsun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaindsc.firetrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainrun1.firetrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsun.firetrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainupux.firetrail.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpulse5.mintflash.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainb7.mintflash.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainlhf6.mintflash.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainjdiw5.mintflash.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwind9.silverrun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2dzr0.silverrun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainhqk4.silverrun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainm2m8.silverrun.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainpeak0.rockwind.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainsoft2.rockwind.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaino7oz.rockwind.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainom17w.rockwind.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain8a.s0ftmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domain2dhk1.s0ftmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainvale.s0ftmint.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainwolke.wildcr3st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainridge.wildcr3st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainfern2.wildcr3st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domaintrail.wildcr3st.ru | ClearFake payload delivery domain (confidence level: 100%) | |
domainol.wildcr3st.ru | ClearFake payload delivery domain (confidence level: 100%) |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://dobriykaba.temp.swtest.ru/432b62ce.php | DCRat botnet C2 (confidence level: 100%) | |
urlhttp://43.138.38.26:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://129.28.177.133:8888/supershell/login/ | Unknown malware botnet C2 (confidence level: 100%) | |
urlhttp://workingboss3.ydns.eu:7076/is-ready | Houdini botnet C2 (confidence level: 100%) | |
urlhttp://211.252.152.47/js/lw.txt | Xbash payload delivery URL (confidence level: 100%) | |
urlhttps://www.phuketia.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://198.23.177.219/siu/pin.php | Loki Password Stealer (PWS) botnet C2 (confidence level: 100%) | |
urlhttps://www.jyoushin-solar.com/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://212.11.64.228 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://prsuerinkicon.today | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://craftmasters.co.uk | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://m8ke.agency | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://solidarityinsaya.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://panplanning.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://sri-lanka-traumurlaub.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://r-lien.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://teambuildingtunisie.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://46.29.238.160/ | DragonForce botnet C2 (confidence level: 50%) | |
urlhttps://omaxtrans.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://estacaopequenaalemanha.com.br | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://camersoftware.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://bl555.gratis | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://castra.site | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://lreindia.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://sagarpatil.bhsupportgt8.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://rachelsvineyardkc.org | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://haachan.net | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cittadellese.sitonuovo.eu | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://renwebdesign.xsrv.jp | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://subasanat.ir | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://msgtrcrane.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://asobi-plus.jp | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://estate-recipe.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://evy2023website.nohasslebusiness.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://houstoncomputerrepairgeeks.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://ehcsils-id.ch | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://oehme-partner.de | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://totalsecllc.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://xps.wallyapp.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://xps.pigeonforgetnrestaurant.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://49.13.36.31/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.62.252.220/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://49.13.39.215/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://49.13.37.254/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://78.47.61.36/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://91.244.71.173/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://116.203.164.0/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://46.62.223.126/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://gog.nigeriaafricatime.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://tgk.clashofmaps.vip/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://ugg.nigeriaafricatime.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://www.mav-hf-kita-kk.de/ | Unknown malware payload delivery URL (confidence level: 90%) | |
urlhttp://178.17.59.55 | Stealc botnet C2 (confidence level: 100%) | |
urlhttps://fer.wallyapp.xyz/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://fer.pigeonforgetnrestaurant.com/ | Vidar botnet C2 (confidence level: 100%) | |
urlhttps://viedorta.com/hall/shoe.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://viedorta.com/hall/zara.php | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://viedorta.com/hall/sock.js | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://modernrecent.com/play | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://modernrecent.com/tgb.zip | NetSupportManager RAT payload delivery URL (confidence level: 100%) | |
urlhttps://tsfs.com.my | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://vair.xcreative.cz | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://cockpit.hartsimagineering.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://utazznapolyba.hu | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://miserugrayhair.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://printlife.vn | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://missdulcet.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://nathanhowe.nathanhowemusic.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://yaoisexgames.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://hitonowa-salon.com | Unknown malware payload delivery URL (confidence level: 100%) | |
urlhttps://iiailog.mydns.bz/ | Kimsuky botnet C2 (confidence level: 50%) | |
urlhttps://a.renewmedaz.com/quantum.php | Unknown malware botnet C2 (confidence level: 50%) |
Threat ID: 6924f356c5f5f1e21b61f348
Added to database: 11/25/2025, 12:07:50 AM
Last enriched: 11/25/2025, 12:15:53 AM
Last updated: 11/25/2025, 9:36:22 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Sort by
Loading community insights…
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ClickFix Gets Creative: Malware Buried in Images
MediumMalwareTue Nov 25 2025
Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack Including Zapier, ENS and Postman
MediumMalwareMon Nov 24 2025
Shai Hulud npm Worm Infects 19,000 Packages in Major Supply Chain Attack
MediumMalwareMon Nov 24 2025
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
MediumMalwareMon Nov 24 2025
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
MediumMalwareMon Nov 24 2025
Actions
PRO
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.