Reconnecting to live updates…

ThreatFox IOCs for 2025-12-16

Severity: mediumType: malware

AI Analysis

Technical Summary

The data describes a set of Indicators of Compromise (IOCs) published via the ThreatFox MISP feed on December 16, 2025. These IOCs are classified under malware-related OSINT, network activity, and payload delivery categories, suggesting they are intelligence artifacts used to detect or analyze malicious activity rather than a standalone vulnerability or exploit. No specific affected software versions or patches are listed, indicating this is not tied to a particular product flaw but rather a collection of threat intelligence data. The absence of known exploits in the wild further supports that these IOCs serve as detection aids rather than active threats. The technical details show a low to moderate threat level (2 out of an unspecified scale), minimal analysis (1), but a higher distribution score (3), implying these indicators are being shared or disseminated across multiple platforms or organizations. The lack of CWEs and patch availability confirms this is not a vulnerability report but an intelligence update. The feed is tagged with TLP:white, meaning it is intended for wide distribution and public sharing, emphasizing its role as an open-source intelligence resource. Overall, this information is valuable for security teams to enhance their detection capabilities but does not represent an immediate exploit or critical vulnerability.

Potential Impact

For European organizations, the impact of this threat intelligence feed is primarily in enhancing situational awareness and improving detection of potential malware-related network activity. Since no active exploits or vulnerabilities are associated, there is no direct risk of compromise from this data alone. However, failure to incorporate these IOCs into security monitoring could result in missed detection opportunities, allowing malware or payload delivery attempts to go unnoticed. Organizations heavily reliant on threat intelligence for proactive defense, such as financial institutions, critical infrastructure, and government agencies, will benefit most. The medium severity suggests a moderate potential impact if these indicators correspond to emerging or evolving threats. The lack of patches or fixes means mitigation relies on detection and response rather than vulnerability remediation. Overall, the impact is indirect but important for maintaining robust defense postures against malware campaigns.

Mitigation Recommendations

European organizations should integrate the ThreatFox IOCs into their existing Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and endpoint detection and response (EDR) tools to enhance detection capabilities. Regularly updating threat intelligence feeds and correlating these IOCs with internal logs will help identify suspicious network activity or payload delivery attempts early. Security teams should conduct threat hunting exercises using these indicators to proactively search for signs of compromise. Additionally, organizations should maintain strong network segmentation and monitoring to limit potential malware spread if detected. Training and awareness programs should emphasize the importance of OSINT and threat intelligence in the security lifecycle. Since no patches are available, emphasis on detection and rapid incident response is critical. Collaboration with national cybersecurity centers and sharing findings with peers can improve collective defense. Finally, validating the authenticity and relevance of IOCs before deployment will reduce false positives and operational overhead.

Affected Countries

Germany, United Kingdom, France, Netherlands, Italy, Spain

Indicators of Compromise

domain: mediatron.eu.com
domain: hazystripe2004.shop
domain: separatto.xyz
file: 144.172.104.178
hash: 80
file: 91.208.184.203
hash: 80
file: 144.172.105.58
hash: 80
file: 94.156.102.130
hash: 1566
file: 95.181.212.171
hash: 1566
url: http://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/ejk52zwt2js16ro
url: http://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/q7cherolivolejk
url: http://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/q38dyv0te345uf4
url: https://www.chess.com/member/slcbz
file: 143.20.185.252
hash: 1999
file: 157.250.205.158
hash: 7777
domain: fttyyu-could.icu
domain: sunwin.moi
file: 176.117.107.202
hash: 5000
file: 181.162.166.187
hash: 8080
file: 45.192.208.126
hash: 443
file: 79.141.171.48
hash: 23
file: 198.144.189.90
hash: 80
file: 93.123.39.215
hash: 4321
file: 54.146.203.147
hash: 33333
file: 54.146.203.147
hash: 44183
file: 54.146.203.147
hash: 19583
file: 34.201.131.95
hash: 14817
file: 51.79.73.237
hash: 1337
file: 178.210.92.124
hash: 80
domain: ltaw.thrumblex.ru
domain: ya.thrumblex.ru
domain: copper.jaxmorrow.ru
domain: uqnp.jaxmorrow.ru
domain: kibu.jaxmorrow.ru
domain: t0w.jaxmorrow.ru
domain: i4nau.quartznibble.ru
domain: beachshades.co.com
domain: vle.in.net
domain: crackle.quartznibble.ru
domain: d3l.quartznibble.ru
domain: delta.quartznibble.ru
domain: awy.sp-1-nterpad.ru
domain: l6vzy.sp-1-nterpad.ru
domain: omega.sp-1-nterpad.ru
domain: xiyp5.sp-1-nterpad.ru
domain: racket.c0pperknit.ru
domain: 9rg.c0pperknit.ru
domain: trace.c0pperknit.ru
domain: bq.c0pperknit.ru
file: 134.175.186.196
hash: 443
file: 175.178.83.231
hash: 443
file: 43.161.245.186
hash: 79
domain: nova.quartz-nibble.ru
file: 5.101.83.50
hash: 80
domain: r1n.quartz-nibble.ru
file: 141.98.10.61
hash: 7777
domain: thrumble.quartz-nibble.ru
domain: loom.quartz-nibble.ru
domain: ikzct.sp1nterpad.ru
domain: fizz.sp1nterpad.ru
domain: 9sct2.sp1nterpad.ru
file: 154.36.158.166
hash: 443
file: 47.76.185.85
hash: 18443
file: 190.255.85.156
hash: 2404
file: 45.61.150.251
hash: 8888
file: 107.172.31.101
hash: 8000
file: 144.172.103.138
hash: 81
file: 185.11.61.225
hash: 9000
file: 151.244.111.46
hash: 7443
file: 89.125.209.24
hash: 443
file: 13.212.29.163
hash: 80
file: 199.101.108.60
hash: 3790
file: 199.101.111.161
hash: 3790
file: 18.234.196.1
hash: 18735
file: 199.101.111.115
hash: 3790
file: 54.84.211.230
hash: 23348
file: 199.101.111.68
hash: 3790
file: 199.101.108.59
hash: 3790
file: 199.101.111.123
hash: 3790
file: 199.101.108.53
hash: 3790
file: 103.177.47.219
hash: 3790
file: 199.101.108.62
hash: 3790
file: 199.101.111.111
hash: 3790
file: 199.101.111.194
hash: 3790
file: 199.101.108.56
hash: 3790
file: 199.101.111.177
hash: 3790
file: 199.101.111.156
hash: 3790
file: 199.101.111.132
hash: 3790
file: 199.101.111.222
hash: 3790
file: 199.101.111.130
hash: 3790
file: 199.101.111.167
hash: 3790
file: 199.101.108.65
hash: 3790
file: 199.101.111.239
hash: 3790
file: 3.89.8.210
hash: 990
file: 98.88.23.144
hash: 14780
file: 98.88.23.144
hash: 50580
file: 64.90.54.59
hash: 80
domain: patch.sp1nterpad.ru
domain: bvki6.fogtangent.ru
domain: squx.fogtangent.ru
domain: v3xv.fogtangent.ru
domain: weird.fogtangent.ru
domain: 4mapc.racketloom.ru
domain: spark.racketloom.ru
domain: lq4f.racketloom.ru
file: 178.62.67.117
hash: 8001
file: 165.22.135.122
hash: 8001
file: 161.35.15.157
hash: 8001
file: 159.65.110.206
hash: 8001
file: 178.62.117.169
hash: 8001
file: 138.68.140.50
hash: 8001
file: 104.131.102.238
hash: 8001
file: 167.172.33.244
hash: 8001
file: 104.131.171.227
hash: 8001
domain: hshvw.racketloom.ru
domain: 9luf.hexapulse.ru
domain: u24b.hexapulse.ru
domain: hexa.hexapulse.ru
domain: cdn.extremepornvideos.com
domain: ellu2222-37691.portmap.hos
domain: respaldo30000.duckdns.org
domain: edge.onthewifi.com
file: 88.75.228.239
hash: 6606
file: 88.75.228.239
hash: 7707
file: 88.75.228.239
hash: 8808
file: 88.75.228.239
hash: 8888
domain: malware.beachshades.co.com
domain: malware.vle.in.net
domain: lowbilding.ydns.eu
domain: ortyfivev.crabdance.com
domain: rootsys.duckdns.org
domain: pulse.hexapulse.ru
domain: ellison.st
domain: alpha.racket-loom.ru
domain: claw.racket-loom.ru
file: 45.156.87.231
hash: 23789
domain: valid.marvisxoxo.st
domain: mh.racket-loom.ru
domain: vibra.racket-loom.ru
file: 119.45.160.160
hash: 8889
file: 91.86.43.83
hash: 55553
file: 39.105.61.160
hash: 2222
file: 50.114.113.106
hash: 8888
file: 47.121.130.60
hash: 50050
file: 209.97.168.63
hash: 1337
file: 120.48.50.33
hash: 50050
file: 49.235.84.148
hash: 50050
file: 34.203.199.106
hash: 443
file: 18.134.228.48
hash: 80
file: 124.221.215.174
hash: 50050
file: 129.170.51.231
hash: 50050
file: 188.121.123.185
hash: 50050
file: 145.223.70.112
hash: 31337
file: 192.253.224.82
hash: 31337
file: 43.163.26.181
hash: 31337
file: 172.232.29.157
hash: 31337
file: 209.97.168.63
hash: 31337
file: 23.227.203.12
hash: 31337
file: 158.94.209.97
hash: 31337
file: 107.172.67.68
hash: 31337
file: 185.237.166.132
hash: 31337
file: 24.144.94.152
hash: 31337
file: 172.93.220.237
hash: 31337
file: 163.47.9.13
hash: 31337
file: 113.30.190.233
hash: 31337
file: 95.85.242.182
hash: 31337
file: 38.150.34.76
hash: 31337
file: 46.183.25.17
hash: 31337
file: 45.76.223.178
hash: 31337
file: 176.65.149.124
hash: 31337
file: 185.239.69.175
hash: 31337
file: 134.112.137.191
hash: 31337
file: 38.242.153.111
hash: 31337
file: 162.33.177.43
hash: 31337
file: 202.60.229.162
hash: 3333
file: 216.126.227.24
hash: 3333
file: 4.201.140.200
hash: 3333
file: 37.148.212.55
hash: 3333
file: 72.11.151.27
hash: 3333
file: 51.38.226.104
hash: 3333
file: 95.70.179.34
hash: 3008
file: 34.67.76.233
hash: 3333
file: 149.202.73.215
hash: 3333
file: 1.32.255.7
hash: 444
file: 206.238.115.137
hash: 444
file: 202.79.169.59
hash: 444
file: 156.252.60.229
hash: 444
file: 202.95.15.148
hash: 444
file: 27.50.59.7
hash: 444
file: 38.91.116.45
hash: 444
file: 112.213.101.103
hash: 444
file: 161.248.14.135
hash: 444
file: 162.254.86.108
hash: 2083
file: 194.79.212.139
hash: 80
file: 40.83.54.56
hash: 443
file: 152.54.4.109
hash: 443
file: 1.7.22.157
hash: 443
file: 119.198.24.240
hash: 6000
file: 210.223.3.19
hash: 6000
file: 81.1.230.242
hash: 3015
file: 185.39.19.176
hash: 9000
file: 45.60.11.228
hash: 9002
file: 103.57.131.226
hash: 54984
file: 213.14.143.251
hash: 4443
file: 43.156.239.71
hash: 80
url: https://api.telegram.org/bot8393528187:aahe-fyrlen4e-tne4sqwpojxcobztmq5me/
domain: rwe3y.v1braclaw.ru
domain: connect.brighttv.in.net
domain: gatex.www.tvserviceparts.com
domain: tv.brighttv.in.net
domain: v2.elijah.ru.com
file: 194.146.36.195
hash: 1604
file: 194.146.36.195
hash: 6000
domain: deskonline.noip.me
domain: app.elijah.ru.com
domain: brynleelxhello.ru.com
domain: bulkcementdesk.in.net
domain: malware.brynleelxhello.ru.com
domain: malware.bulkcementdesk.in.net
domain: microsoft.monginiscake.in.net
url: http://www.052atelier.com/rn10/
url: http://www.1wrzv5r.bond/rn10/
url: http://www.39tka.bond/rn10/
url: http://www.4er.online/rn10/
url: http://www.5vip5.com/rn10/
url: http://www.5x15yrz.bond/rn10/
url: http://www.7xj4xi.bond/rn10/
url: http://www.a2sbn1y.bond/rn10/
url: http://www.ainedcapital.com/rn10/
url: http://www.apwzfssh.com/rn10/
url: http://www.atecards.pro/rn10/
url: http://www.atio.ee/rn10/
url: http://www.dityahd.com/rn10/
url: http://www.eadpoint.xyz/rn10/
url: http://www.ebyarhgo9.info/rn10/
url: http://www.egalsandstone.com/rn10/
url: http://www.enjajackpot168.com/rn10/
url: http://www.eojgm2.bond/rn10/
url: http://www.erkshireriskservices.ai/rn10/
url: http://www.eucaixaapp.com.br/rn10/
url: http://www.ffortlessrules.com/rn10/
url: http://www.fnciu.bond/rn10/
url: http://www.glychic.store/rn10/
url: http://www.hargingstations.be/rn10/
url: http://www.heiliao.wiki/rn10/
url: http://www.heroplu.xyz/rn10/
url: http://www.hillipsakers.com/rn10/
url: http://www.horncast.se/rn10/
url: http://www.hpsvifx.bond/rn10/
url: http://www.i7u6fiq.bond/rn10/
url: http://www.iile.cn/rn10/
url: http://www.indowblindsbd.com/rn10/
url: http://www.infastvnauto.com/rn10/
url: http://www.ioneerindustriesllc.net/rn10/
url: http://www.itoolstown.com/rn10/
url: http://www.kwj9ys.bond/rn10/
url: http://www.lirionis.com/rn10/
url: http://www.mnwp51y.bond/rn10/
url: http://www.n2s37.shop/rn10/
url: http://www.oa6yi73.bond/rn10/
url: http://www.oadsidearmor.com/rn10/
url: http://www.obsonadv.com/rn10/
url: http://www.oodgutbug.com/rn10/
url: http://www.oohook.net/rn10/
url: http://www.ordfilmpyr.lat/rn10/
url: http://www.oreenheintznotary.com/rn10/
url: http://www.otelsnearbrentfordstadium.com/rn10/
url: http://www.otget.net/rn10/
url: http://www.ovisque.com/rn10/
url: http://www.pavk23.bond/rn10/
url: http://www.portmore-iq.com/rn10/
url: http://www.r5boj.bond/rn10/
url: http://www.ritify.info/rn10/
url: http://www.rjvc.cn/rn10/
url: http://www.rternhouse.com/rn10/
url: http://www.sgx60.shop/rn10/
url: http://www.ssessxtratrades.ltd/rn10/
url: http://www.stra.parts/rn10/
url: http://www.t2wjl8x.bond/rn10/
url: http://www.umespot.com/rn10/
url: http://www.yla6phe.bond/rn10/
url: http://www.ytegs.com/rn10/
url: http://www.zlbk7uj.bond/rn10/
url: http://www.zm7.top/rn10/
url: http://www.zmoonshots.com/rn10/
domain: www.052atelier.com
domain: www.1wrzv5r.bond
domain: www.39tka.bond
domain: www.4er.online
domain: www.5vip5.com
domain: www.5x15yrz.bond
domain: www.7xj4xi.bond
domain: www.a2sbn1y.bond
domain: www.ainedcapital.com
domain: www.apwzfssh.com
domain: www.atecards.pro
domain: www.atio.ee
domain: www.dityahd.com
domain: www.eadpoint.xyz
domain: www.ebyarhgo9.info
domain: www.egalsandstone.com
domain: www.enjajackpot168.com
domain: www.eojgm2.bond
domain: www.erkshireriskservices.ai
domain: www.eucaixaapp.com.br
domain: www.ffortlessrules.com
domain: www.fnciu.bond
domain: www.glychic.store
domain: www.hargingstations.be
domain: www.heiliao.wiki
domain: www.heroplu.xyz
domain: www.hillipsakers.com
domain: www.horncast.se
domain: www.hpsvifx.bond
domain: www.i7u6fiq.bond
domain: www.iile.cn
domain: www.indowblindsbd.com
domain: www.infastvnauto.com
domain: www.ioneerindustriesllc.net
domain: www.itoolstown.com
domain: www.kwj9ys.bond
domain: www.lirionis.com
domain: www.mnwp51y.bond
domain: www.n2s37.shop
domain: www.oa6yi73.bond
domain: www.oadsidearmor.com
domain: www.obsonadv.com
domain: www.oodgutbug.com
domain: www.oohook.net
domain: www.ordfilmpyr.lat
domain: www.oreenheintznotary.com
domain: www.otelsnearbrentfordstadium.com
domain: www.otget.net
domain: www.ovisque.com
domain: www.pavk23.bond
domain: www.portmore-iq.com
domain: www.r5boj.bond
domain: www.ritify.info
domain: www.rjvc.cn
domain: www.rternhouse.com
domain: www.sgx60.shop
domain: www.ssessxtratrades.ltd
domain: www.stra.parts
domain: www.t2wjl8x.bond
domain: www.umespot.com
domain: www.yla6phe.bond
domain: www.ytegs.com
domain: www.zlbk7uj.bond
domain: www.zm7.top
domain: www.zmoonshots.com
domain: malware.brighttv.in.net
file: 103.170.255.121
hash: 4504
domain: hazeontop555-51161.portmap.host
domain: relatedsinsportycreiwer.site
domain: soundtu.sb
domain: fsglobe.com
domain: u89.v1braclaw.ru
file: 42.193.243.230
hash: 8899
domain: m9q9.v1braclaw.ru
url: http://42.193.243.230:8899/ysih
domain: pixel.v1braclaw.ru
domain: knit.fog-tangent.ru
domain: tangent.fog-tangent.ru
domain: 1yy.fog-tangent.ru
domain: ocnbn.fog-tangent.ru
file: 110.40.137.221
hash: 30002
file: 23.235.182.120
hash: 26371
file: 113.46.142.191
hash: 80
file: 117.72.197.178
hash: 8888
file: 208.87.128.140
hash: 31337
file: 114.132.217.187
hash: 8888
file: 94.228.168.226
hash: 8089
file: 167.86.168.221
hash: 443
file: 103.177.46.114
hash: 3790
file: 103.177.47.53
hash: 3790
file: 103.177.47.13
hash: 3790
file: 103.177.46.126
hash: 3790
file: 103.177.46.124
hash: 3790
file: 103.177.47.46
hash: 3790
file: 103.177.46.76
hash: 3790
file: 103.177.47.80
hash: 3790
file: 103.177.46.80
hash: 3790
file: 3.89.8.210
hash: 51290
file: 103.177.47.47
hash: 3790
file: 103.177.47.50
hash: 3790
domain: k9.pl0tchisel.ru
url: https://kit.chadamaite.com/
url: https://kit.asrkala.top/
url: https://top.chadamaite.com/
url: https://top.asrkala.top/
url: https://46.224.26.34/
url: https://157.180.113.244/
url: https://185.208.158.230/
domain: top.chadamaite.com
domain: top.asrkala.top
domain: kit.chadamaite.com
domain: kit.asrkala.top
file: 46.224.26.34
hash: 443
file: 157.180.113.244
hash: 443
domain: 1r18.pl0tchisel.ru
file: 213.152.161.201
hash: 6844
domain: loop.pl0tchisel.ru
domain: szpf.pl0tchisel.ru
domain: trace.fumb1eim2ge.ru
domain: bold.fumb1eim2ge.ru
domain: ghost.fumb1eim2ge.ru
file: 69.159.0.133
hash: 2222
domain: q3n.fumb1eim2ge.ru
domain: t0.r2zin5pir.ru
domain: volt.r2zin5pir.ru
domain: wh7.r2zin5pir.ru
domain: 95e.r2zin5pir.ru
domain: oz.qu2rv0lts.ru
domain: 9tkz.qu2rv0lts.ru
url: https://val.chadamaite.com/
url: https://val.asrkala.top/
domain: val.chadamaite.com
domain: val.asrkala.top
domain: alpha.qu2rv0lts.ru
domain: vyrf.qu2rv0lts.ru
domain: qjx5z.jazzm1s8uid.ru
domain: human.jazzm1s8uid.ru
domain: reson.jazzm1s8uid.ru
domain: ys.jazzm1s8uid.ru
file: 92.119.125.134
hash: 8888
file: 107.172.31.102
hash: 8090
domain: endpoint.digitalpointsec.org
file: 54.184.44.5
hash: 7443
file: 135.181.44.25
hash: 1234
file: 85.93.105.189
hash: 33333
file: 106.53.68.200
hash: 8999
file: 3.16.112.15
hash: 443
file: 35.159.131.134
hash: 443
file: 51.161.92.106
hash: 3333
domain: delta.re5onwi1ling.ru
url: http://43.156.137.45:443/jquery-3.3.1.min.js
domain: loop.re5onwi1ling.ru
domain: fcn.re5onwi1ling.ru
file: 189.5.64.234
hash: 7777
domain: hpolokolasolakiprijions.com
domain: giakloirtyuilokasdf.com
domain: bastroiklodasertjuyer.com
domain: 7uy.re5onwi1ling.ru
domain: 6cqyk.idi0tnau8h.ru
domain: 0u.idi0tnau8h.ru
file: 149.56.134.136
hash: 1337
file: 185.214.10.204
hash: 43210
file: 136.61.221.144
hash: 2404
domain: nifty.warzonedns.com
domain: asj77.com
domain: asj88.com
domain: asj99.com
file: 42.192.23.112
hash: 8888
file: 142.171.48.99
hash: 7443
file: 93.232.102.231
hash: 81
file: 94.237.120.246
hash: 9999
file: 54.163.54.217
hash: 46557
file: 18.212.193.39
hash: 16208
file: 199.101.111.170
hash: 3790
file: 3.85.93.43
hash: 771
file: 3.85.93.43
hash: 36321
file: 64.90.54.59
hash: 443
file: 103.231.14.104
hash: 4443
file: 103.23.149.233
hash: 8080
domain: artist.idi0tnau8h.ru
file: 107.151.212.230
hash: 8080
file: 170.64.238.23
hash: 5443
file: 47.121.143.60
hash: 5555
domain: m3a0z.idi0tnau8h.ru
domain: almond.fo0lrati0n.ru
domain: omega.fo0lrati0n.ru
url: https://lumis.lt/
url: https://fastsolution.asia/
domain: odd.fo0lrati0n.ru
domain: jazz.fo0lrati0n.ru
file: 89.106.84.43
hash: 2100
file: 89.106.84.43
hash: 21000
file: 89.106.84.43
hash: 2700
file: 89.106.84.43
hash: 27000
file: 45.59.119.252
hash: 8443
domain: 3tqe7.a1mond0prit.ru
domain: l9.a1mond0prit.ru
domain: pixel.a1mond0prit.ru
domain: 5fvhf.a1mond0prit.ru
url: https://www.seydap.gr/
domain: qdn2a.ko1osunde2d.ru
domain: spark.ko1osunde2d.ru
domain: shift.ko1osunde2d.ru
domain: 72.ko1osunde2d.ru
domain: ripple.fur5hst0the.ru
url: http://45.93.20.34/20e1a9f6de594e28.php
domain: blz.fur5hst0the.ru
domain: i6.fur5hst0the.ru
domain: db9.fur5hst0the.ru
domain: image.duzhk2s1ob.ru
file: 185.163.204.192
hash: 9000
file: 18.232.182.46
hash: 7443
file: 118.107.29.158
hash: 444
file: 38.45.127.148
hash: 444
file: 103.144.29.231
hash: 444
file: 202.79.169.170
hash: 444
file: 137.220.154.106
hash: 444
file: 156.252.60.228
hash: 444
file: 38.91.116.46
hash: 444
file: 38.91.116.43
hash: 444
file: 202.79.169.54
hash: 444
file: 38.45.125.94
hash: 444
file: 202.79.169.72
hash: 444
file: 27.124.17.168
hash: 444
file: 154.197.6.225
hash: 444
file: 154.197.7.176
hash: 444
file: 27.50.59.4
hash: 444
file: 154.197.6.178
hash: 444
file: 27.50.59.3
hash: 444
file: 27.124.17.200
hash: 444
file: 202.79.169.189
hash: 444
file: 38.45.127.147
hash: 444
file: 34.227.28.156
hash: 17778
domain: 8a.duzhk2s1ob.ru
file: 185.11.61.106
hash: 80
url: https://www.dcamargobetoneiras.com.br/
domain: newdc35635.duckdns.org
domain: nexus.duzhk2s1ob.ru
domain: tetrasa.cfd
url: https://jjjgaasda.live/api/config
url: https://jjjgaasda.live/api/client
url: https://steamcommunity.com/profiles/76561199000000002/
domain: 6ehj.duzhk2s1ob.ru
domain: beta.cr2ftedne5s.ru
domain: k1.cr2ftedne5s.ru
url: https://tur.chadamaite.com/
url: https://tur.asrkala.top/
domain: tur.chadamaite.com
domain: tur.asrkala.top
domain: gamma.cr2ftedne5s.ru
domain: tu5l.cr2ftedne5s.ru
domain: nova.de1iainal0s.ru
domain: fizz.de1iainal0s.ru
domain: odgb.de1iainal0s.ru
file: 52.139.176.27
hash: 443
domain: amal.sa.com
domain: 8whb.de1iainal0s.ru
domain: ok2.5hri1luv.ru
domain: ratio.5hri1luv.ru
domain: patch.5hri1luv.ru
domain: 4nj.5hri1luv.ru
domain: a5iz3.sk2tear0und.ru
domain: ds5.sk2tear0und.ru
domain: rgqg.sk2tear0und.ru
domain: warp.sk2tear0und.ru
domain: 9nn.a1tistt0rt.ru
domain: ku.a1tistt0rt.ru
domain: 1y.a1tistt0rt.ru
file: 56.155.141.135
hash: 443
file: 198.23.175.56
hash: 4700
domain: rem1225.duckdns.org
domain: secureconnection.anondns.net
domain: quacksar-31780.portmap.host
file: 121.127.232.30
hash: 6666
file: 27.124.44.169
hash: 6666
file: 27.124.44.169
hash: 8888
file: 107.173.187.149
hash: 61239
file: 176.116.0.96
hash: 8084
url: http://196.251.107.23/7ffc7a279c17c091.php
file: 103.213.244.106
hash: 8084
domain: uysjt.a1tistt0rt.ru
file: 115.190.200.230
hash: 10444
file: 38.55.205.7
hash: 8084
domain: y7.indig5pir1t.ru
file: 173.249.13.204
hash: 12341
file: 115.42.60.57
hash: 8085
file: 107.175.76.208
hash: 20222
domain: 39nb1.indig5pir1t.ru
file: 43.152.234.213
hash: 8084
file: 92.246.87.48
hash: 9084
file: 138.197.201.253
hash: 8001
file: 45.55.164.53
hash: 8001
file: 165.22.13.36
hash: 8001
file: 146.190.73.115
hash: 8001
file: 46.101.44.178
hash: 8001
domain: nsd1.indig5pir1t.ru
file: 111.48.101.123
hash: 10250
file: 124.198.132.185
hash: 8080
file: 13.37.104.112
hash: 8888
file: 185.126.5.113
hash: 443
file: 191.112.24.55
hash: 443
file: 2.241.216.70
hash: 7443
file: 219.246.21.239
hash: 8860
file: 221.204.216.18
hash: 10250
file: 76.29.173.227
hash: 8096
domain: xgclb.indig5pir1t.ru
file: 115.42.60.223
hash: 61236
domain: ml2s.al1ah5natch.ru
file: 159.75.183.3
hash: 7891
file: 206.206.78.33
hash: 8084
domain: o6.al1ah5natch.ru
file: 103.30.78.110
hash: 443
domain: xq.al1ah5natch.ru
file: 45.129.231.10
hash: 8084
file: 124.223.196.227
hash: 8888
domain: fda.al1ah5natch.ru
file: 39.99.41.108
hash: 1236
file: 159.203.139.241
hash: 8001
file: 147.182.208.9
hash: 8001
file: 138.68.175.243
hash: 8001
file: 142.93.43.200
hash: 8001
file: 134.209.191.50
hash: 8001
file: 188.166.84.84
hash: 8001
file: 45.55.34.137
hash: 8001
file: 138.197.15.181
hash: 8001
file: 167.99.171.110
hash: 8001
file: 157.230.152.139
hash: 8001
file: 42.194.168.128
hash: 4552
domain: crackle.a8arichum2n.ru
file: 150.158.22.130
hash: 8084
domain: aj.a8arichum2n.ru
file: 207.180.229.201
hash: 4444
domain: weird.a8arichum2n.ru
domain: 40kr.a8arichum2n.ru
file: 23.235.174.2
hash: 9878
file: 23.235.174.21
hash: 9878
file: 23.235.174.12
hash: 9878
file: 23.235.174.26
hash: 9878
file: 23.235.163.200
hash: 9878
file: 23.235.163.207
hash: 9878
file: 23.235.174.23
hash: 9878
file: 110.40.185.125
hash: 4443
file: 23.235.174.22
hash: 9878
file: 103.41.6.59
hash: 9878
file: 23.235.174.10
hash: 9878
file: 23.235.163.195
hash: 9878
file: 23.235.174.13
hash: 9878
file: 23.235.163.216
hash: 9878
file: 23.235.163.201
hash: 9878
file: 23.235.174.16
hash: 9878
file: 47.92.71.218
hash: 443
file: 14.103.158.185
hash: 443
file: 8.130.74.111
hash: 4444
file: 45.59.114.189
hash: 2404
file: 27.102.127.136
hash: 2406
file: 45.156.248.2
hash: 443
file: 79.141.174.123
hash: 443
file: 95.111.221.42
hash: 8080
file: 82.29.67.221
hash: 8888
file: 45.123.188.140
hash: 8888
file: 111.229.63.20
hash: 8888
file: 117.72.62.70
hash: 8888
file: 193.33.195.32
hash: 9000
file: 157.20.182.45
hash: 443
file: 77.93.154.243
hash: 80
file: 39.46.124.69
hash: 6906
file: 46.246.80.16
hash: 4444
file: 13.127.36.113
hash: 443
file: 13.221.127.147
hash: 6002
file: 13.221.127.147
hash: 49152
file: 158.69.62.153
hash: 443
file: 46.62.249.23
hash: 80
file: 154.84.86.183
hash: 80
file: 133.242.169.121
hash: 443
domain: b9gg.ba1dostr0g.ru
file: 45.119.98.151
hash: 6667
file: 167.99.221.18
hash: 8001
domain: 93q.ba1dostr0g.ru
domain: se9m.ba1dostr0g.ru
domain: atmk.ba1dostr0g.ru
domain: veil.cl0ac2ninth.ru
domain: umbra3.cl0ac2ninth.ru
file: 149.88.81.251
hash: 8443
domain: raven.cl0ac2ninth.ru
domain: misth.cl0ac2ninth.ru
domain: delta.tsi8eikay2k.ru
domain: nacre.tsi8eikay2k.ru
domain: silk1.tsi8eikay2k.ru
domain: quartz.ant1sepgue7.ru
domain: fallow.ant1sepgue7.ru
domain: blume2.ant1sepgue7.ru
domain: arbor.ant1sepgue7.ru
domain: tau.ant1sepgue7.ru
domain: ledger.auth0rtoki1l.ru
domain: noir7.auth0rtoki1l.ru
domain: cipher.auth0rtoki1l.ru
domain: lute.me2nin8harp.ru
domain: cadence.me2nin8harp.ru
domain: murmur1.me2nin8harp.ru
domain: aria.me2nin8harp.ru
domain: ember.enra8evue7k.ru
domain: serra.enra8evue7k.ru
domain: vento4.enra8evue7k.ru
domain: aurora.enra8evue7k.ru
file: 173.225.111.176
hash: 443
domain: clave.enra8evue7k.ru

ThreatFox IOCs for 2025-12-16

Severity: medium

Type: malware

ThreatFox IOCs for 2025-12-16

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, United Kingdom, France, Netherlands, Italy, Spain

Indicators of Compromise

domain: mediatron.eu.com
domain: hazystripe2004.shop
domain: separatto.xyz
file: 144.172.104.178
hash: 80
file: 91.208.184.203
hash: 80
file: 144.172.105.58
hash: 80
file: 94.156.102.130
hash: 1566
file: 95.181.212.171
hash: 1566
url: http://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/ejk52zwt2js16ro
url: http://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/q7cherolivolejk
url: http://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/q38dyv0te345uf4
url: https://www.chess.com/member/slcbz
file: 143.20.185.252
hash: 1999
file: 157.250.205.158
hash: 7777
domain: fttyyu-could.icu
domain: sunwin.moi
file: 176.117.107.202
hash: 5000
file: 181.162.166.187
hash: 8080
file: 45.192.208.126
hash: 443
file: 79.141.171.48
hash: 23
file: 198.144.189.90
hash: 80
file: 93.123.39.215
hash: 4321
file: 54.146.203.147
hash: 33333
file: 54.146.203.147
hash: 44183
file: 54.146.203.147
hash: 19583
file: 34.201.131.95
hash: 14817
file: 51.79.73.237
hash: 1337
file: 178.210.92.124
hash: 80
domain: ltaw.thrumblex.ru
domain: ya.thrumblex.ru
domain: copper.jaxmorrow.ru
domain: uqnp.jaxmorrow.ru
domain: kibu.jaxmorrow.ru
domain: t0w.jaxmorrow.ru
domain: i4nau.quartznibble.ru
domain: beachshades.co.com
domain: vle.in.net
domain: crackle.quartznibble.ru
domain: d3l.quartznibble.ru
domain: delta.quartznibble.ru
domain: awy.sp-1-nterpad.ru
domain: l6vzy.sp-1-nterpad.ru
domain: omega.sp-1-nterpad.ru
domain: xiyp5.sp-1-nterpad.ru
domain: racket.c0pperknit.ru
domain: 9rg.c0pperknit.ru
domain: trace.c0pperknit.ru
domain: bq.c0pperknit.ru
file: 134.175.186.196
hash: 443
file: 175.178.83.231
hash: 443
file: 43.161.245.186
hash: 79
domain: nova.quartz-nibble.ru
file: 5.101.83.50
hash: 80
domain: r1n.quartz-nibble.ru
file: 141.98.10.61
hash: 7777
domain: thrumble.quartz-nibble.ru
domain: loom.quartz-nibble.ru
domain: ikzct.sp1nterpad.ru
domain: fizz.sp1nterpad.ru
domain: 9sct2.sp1nterpad.ru
file: 154.36.158.166
hash: 443
file: 47.76.185.85
hash: 18443
file: 190.255.85.156
hash: 2404
file: 45.61.150.251
hash: 8888
file: 107.172.31.101
hash: 8000
file: 144.172.103.138
hash: 81
file: 185.11.61.225
hash: 9000
file: 151.244.111.46
hash: 7443
file: 89.125.209.24
hash: 443
file: 13.212.29.163
hash: 80
file: 199.101.108.60
hash: 3790
file: 199.101.111.161
hash: 3790
file: 18.234.196.1
hash: 18735
file: 199.101.111.115
hash: 3790
file: 54.84.211.230
hash: 23348
file: 199.101.111.68
hash: 3790
file: 199.101.108.59
hash: 3790
file: 199.101.111.123
hash: 3790
file: 199.101.108.53
hash: 3790
file: 103.177.47.219
hash: 3790
file: 199.101.108.62
hash: 3790
file: 199.101.111.111
hash: 3790
file: 199.101.111.194
hash: 3790
file: 199.101.108.56
hash: 3790
file: 199.101.111.177
hash: 3790
file: 199.101.111.156
hash: 3790
file: 199.101.111.132
hash: 3790
file: 199.101.111.222
hash: 3790
file: 199.101.111.130
hash: 3790
file: 199.101.111.167
hash: 3790
file: 199.101.108.65
hash: 3790
file: 199.101.111.239
hash: 3790
file: 3.89.8.210
hash: 990
file: 98.88.23.144
hash: 14780
file: 98.88.23.144
hash: 50580
file: 64.90.54.59
hash: 80
domain: patch.sp1nterpad.ru
domain: bvki6.fogtangent.ru
domain: squx.fogtangent.ru
domain: v3xv.fogtangent.ru
domain: weird.fogtangent.ru
domain: 4mapc.racketloom.ru
domain: spark.racketloom.ru
domain: lq4f.racketloom.ru
file: 178.62.67.117
hash: 8001
file: 165.22.135.122
hash: 8001
file: 161.35.15.157
hash: 8001
file: 159.65.110.206
hash: 8001
file: 178.62.117.169
hash: 8001
file: 138.68.140.50
hash: 8001
file: 104.131.102.238
hash: 8001
file: 167.172.33.244
hash: 8001
file: 104.131.171.227
hash: 8001
domain: hshvw.racketloom.ru
domain: 9luf.hexapulse.ru
domain: u24b.hexapulse.ru
domain: hexa.hexapulse.ru
domain: cdn.extremepornvideos.com
domain: ellu2222-37691.portmap.hos
domain: respaldo30000.duckdns.org
domain: edge.onthewifi.com
file: 88.75.228.239
hash: 6606
file: 88.75.228.239
hash: 7707
file: 88.75.228.239
hash: 8808
file: 88.75.228.239
hash: 8888
domain: malware.beachshades.co.com
domain: malware.vle.in.net
domain: lowbilding.ydns.eu
domain: ortyfivev.crabdance.com
domain: rootsys.duckdns.org
domain: pulse.hexapulse.ru
domain: ellison.st
domain: alpha.racket-loom.ru
domain: claw.racket-loom.ru
file: 45.156.87.231
hash: 23789
domain: valid.marvisxoxo.st
domain: mh.racket-loom.ru
domain: vibra.racket-loom.ru
file: 119.45.160.160
hash: 8889
file: 91.86.43.83
hash: 55553
file: 39.105.61.160
hash: 2222
file: 50.114.113.106
hash: 8888
file: 47.121.130.60
hash: 50050
file: 209.97.168.63
hash: 1337
file: 120.48.50.33
hash: 50050
file: 49.235.84.148
hash: 50050
file: 34.203.199.106
hash: 443
file: 18.134.228.48
hash: 80
file: 124.221.215.174
hash: 50050
file: 129.170.51.231
hash: 50050
file: 188.121.123.185
hash: 50050
file: 145.223.70.112
hash: 31337
file: 192.253.224.82
hash: 31337
file: 43.163.26.181
hash: 31337
file: 172.232.29.157
hash: 31337
file: 209.97.168.63
hash: 31337
file: 23.227.203.12
hash: 31337
file: 158.94.209.97
hash: 31337
file: 107.172.67.68
hash: 31337
file: 185.237.166.132
hash: 31337
file: 24.144.94.152
hash: 31337
file: 172.93.220.237
hash: 31337
file: 163.47.9.13
hash: 31337
file: 113.30.190.233
hash: 31337
file: 95.85.242.182
hash: 31337
file: 38.150.34.76
hash: 31337
file: 46.183.25.17
hash: 31337
file: 45.76.223.178
hash: 31337
file: 176.65.149.124
hash: 31337
file: 185.239.69.175
hash: 31337
file: 134.112.137.191
hash: 31337
file: 38.242.153.111
hash: 31337
file: 162.33.177.43
hash: 31337
file: 202.60.229.162
hash: 3333
file: 216.126.227.24
hash: 3333
file: 4.201.140.200
hash: 3333
file: 37.148.212.55
hash: 3333
file: 72.11.151.27
hash: 3333
file: 51.38.226.104
hash: 3333
file: 95.70.179.34
hash: 3008
file: 34.67.76.233
hash: 3333
file: 149.202.73.215
hash: 3333
file: 1.32.255.7
hash: 444
file: 206.238.115.137
hash: 444
file: 202.79.169.59
hash: 444
file: 156.252.60.229
hash: 444
file: 202.95.15.148
hash: 444
file: 27.50.59.7
hash: 444
file: 38.91.116.45
hash: 444
file: 112.213.101.103
hash: 444
file: 161.248.14.135
hash: 444
file: 162.254.86.108
hash: 2083
file: 194.79.212.139
hash: 80
file: 40.83.54.56
hash: 443
file: 152.54.4.109
hash: 443
file: 1.7.22.157
hash: 443
file: 119.198.24.240
hash: 6000
file: 210.223.3.19
hash: 6000
file: 81.1.230.242
hash: 3015
file: 185.39.19.176
hash: 9000
file: 45.60.11.228
hash: 9002
file: 103.57.131.226
hash: 54984
file: 213.14.143.251
hash: 4443
file: 43.156.239.71
hash: 80
url: https://api.telegram.org/bot8393528187:aahe-fyrlen4e-tne4sqwpojxcobztmq5me/
domain: rwe3y.v1braclaw.ru
domain: connect.brighttv.in.net
domain: gatex.www.tvserviceparts.com
domain: tv.brighttv.in.net
domain: v2.elijah.ru.com
file: 194.146.36.195
hash: 1604
file: 194.146.36.195
hash: 6000
domain: deskonline.noip.me
domain: app.elijah.ru.com
domain: brynleelxhello.ru.com
domain: bulkcementdesk.in.net
domain: malware.brynleelxhello.ru.com
domain: malware.bulkcementdesk.in.net
domain: microsoft.monginiscake.in.net
url: http://www.052atelier.com/rn10/
url: http://www.1wrzv5r.bond/rn10/
url: http://www.39tka.bond/rn10/
url: http://www.4er.online/rn10/
url: http://www.5vip5.com/rn10/
url: http://www.5x15yrz.bond/rn10/
url: http://www.7xj4xi.bond/rn10/
url: http://www.a2sbn1y.bond/rn10/
url: http://www.ainedcapital.com/rn10/
url: http://www.apwzfssh.com/rn10/
url: http://www.atecards.pro/rn10/
url: http://www.atio.ee/rn10/
url: http://www.dityahd.com/rn10/
url: http://www.eadpoint.xyz/rn10/
url: http://www.ebyarhgo9.info/rn10/
url: http://www.egalsandstone.com/rn10/
url: http://www.enjajackpot168.com/rn10/
url: http://www.eojgm2.bond/rn10/
url: http://www.erkshireriskservices.ai/rn10/
url: http://www.eucaixaapp.com.br/rn10/
url: http://www.ffortlessrules.com/rn10/
url: http://www.fnciu.bond/rn10/
url: http://www.glychic.store/rn10/
url: http://www.hargingstations.be/rn10/
url: http://www.heiliao.wiki/rn10/
url: http://www.heroplu.xyz/rn10/
url: http://www.hillipsakers.com/rn10/
url: http://www.horncast.se/rn10/
url: http://www.hpsvifx.bond/rn10/
url: http://www.i7u6fiq.bond/rn10/
url: http://www.iile.cn/rn10/
url: http://www.indowblindsbd.com/rn10/
url: http://www.infastvnauto.com/rn10/
url: http://www.ioneerindustriesllc.net/rn10/
url: http://www.itoolstown.com/rn10/
url: http://www.kwj9ys.bond/rn10/
url: http://www.lirionis.com/rn10/
url: http://www.mnwp51y.bond/rn10/
url: http://www.n2s37.shop/rn10/
url: http://www.oa6yi73.bond/rn10/
url: http://www.oadsidearmor.com/rn10/
url: http://www.obsonadv.com/rn10/
url: http://www.oodgutbug.com/rn10/
url: http://www.oohook.net/rn10/
url: http://www.ordfilmpyr.lat/rn10/
url: http://www.oreenheintznotary.com/rn10/
url: http://www.otelsnearbrentfordstadium.com/rn10/
url: http://www.otget.net/rn10/
url: http://www.ovisque.com/rn10/
url: http://www.pavk23.bond/rn10/
url: http://www.portmore-iq.com/rn10/
url: http://www.r5boj.bond/rn10/
url: http://www.ritify.info/rn10/
url: http://www.rjvc.cn/rn10/
url: http://www.rternhouse.com/rn10/
url: http://www.sgx60.shop/rn10/
url: http://www.ssessxtratrades.ltd/rn10/
url: http://www.stra.parts/rn10/
url: http://www.t2wjl8x.bond/rn10/
url: http://www.umespot.com/rn10/
url: http://www.yla6phe.bond/rn10/
url: http://www.ytegs.com/rn10/
url: http://www.zlbk7uj.bond/rn10/
url: http://www.zm7.top/rn10/
url: http://www.zmoonshots.com/rn10/
domain: www.052atelier.com
domain: www.1wrzv5r.bond
domain: www.39tka.bond
domain: www.4er.online
domain: www.5vip5.com
domain: www.5x15yrz.bond
domain: www.7xj4xi.bond
domain: www.a2sbn1y.bond
domain: www.ainedcapital.com
domain: www.apwzfssh.com
domain: www.atecards.pro
domain: www.atio.ee
domain: www.dityahd.com
domain: www.eadpoint.xyz
domain: www.ebyarhgo9.info
domain: www.egalsandstone.com
domain: www.enjajackpot168.com
domain: www.eojgm2.bond
domain: www.erkshireriskservices.ai
domain: www.eucaixaapp.com.br
domain: www.ffortlessrules.com
domain: www.fnciu.bond
domain: www.glychic.store
domain: www.hargingstations.be
domain: www.heiliao.wiki
domain: www.heroplu.xyz
domain: www.hillipsakers.com
domain: www.horncast.se
domain: www.hpsvifx.bond
domain: www.i7u6fiq.bond
domain: www.iile.cn
domain: www.indowblindsbd.com
domain: www.infastvnauto.com
domain: www.ioneerindustriesllc.net
domain: www.itoolstown.com
domain: www.kwj9ys.bond
domain: www.lirionis.com
domain: www.mnwp51y.bond
domain: www.n2s37.shop
domain: www.oa6yi73.bond
domain: www.oadsidearmor.com
domain: www.obsonadv.com
domain: www.oodgutbug.com
domain: www.oohook.net
domain: www.ordfilmpyr.lat
domain: www.oreenheintznotary.com
domain: www.otelsnearbrentfordstadium.com
domain: www.otget.net
domain: www.ovisque.com
domain: www.pavk23.bond
domain: www.portmore-iq.com
domain: www.r5boj.bond
domain: www.ritify.info
domain: www.rjvc.cn
domain: www.rternhouse.com
domain: www.sgx60.shop
domain: www.ssessxtratrades.ltd
domain: www.stra.parts
domain: www.t2wjl8x.bond
domain: www.umespot.com
domain: www.yla6phe.bond
domain: www.ytegs.com
domain: www.zlbk7uj.bond
domain: www.zm7.top
domain: www.zmoonshots.com
domain: malware.brighttv.in.net
file: 103.170.255.121
hash: 4504
domain: hazeontop555-51161.portmap.host
domain: relatedsinsportycreiwer.site
domain: soundtu.sb
domain: fsglobe.com
domain: u89.v1braclaw.ru
file: 42.193.243.230
hash: 8899
domain: m9q9.v1braclaw.ru
url: http://42.193.243.230:8899/ysih
domain: pixel.v1braclaw.ru
domain: knit.fog-tangent.ru
domain: tangent.fog-tangent.ru
domain: 1yy.fog-tangent.ru
domain: ocnbn.fog-tangent.ru
file: 110.40.137.221
hash: 30002
file: 23.235.182.120
hash: 26371
file: 113.46.142.191
hash: 80
file: 117.72.197.178
hash: 8888
file: 208.87.128.140
hash: 31337
file: 114.132.217.187
hash: 8888
file: 94.228.168.226
hash: 8089
file: 167.86.168.221
hash: 443
file: 103.177.46.114
hash: 3790
file: 103.177.47.53
hash: 3790
file: 103.177.47.13
hash: 3790
file: 103.177.46.126
hash: 3790
file: 103.177.46.124
hash: 3790
file: 103.177.47.46
hash: 3790
file: 103.177.46.76
hash: 3790
file: 103.177.47.80
hash: 3790
file: 103.177.46.80
hash: 3790
file: 3.89.8.210
hash: 51290
file: 103.177.47.47
hash: 3790
file: 103.177.47.50
hash: 3790
domain: k9.pl0tchisel.ru
url: https://kit.chadamaite.com/
url: https://kit.asrkala.top/
url: https://top.chadamaite.com/
url: https://top.asrkala.top/
url: https://46.224.26.34/
url: https://157.180.113.244/
url: https://185.208.158.230/
domain: top.chadamaite.com
domain: top.asrkala.top
domain: kit.chadamaite.com
domain: kit.asrkala.top
file: 46.224.26.34
hash: 443
file: 157.180.113.244
hash: 443
domain: 1r18.pl0tchisel.ru
file: 213.152.161.201
hash: 6844
domain: loop.pl0tchisel.ru
domain: szpf.pl0tchisel.ru
domain: trace.fumb1eim2ge.ru
domain: bold.fumb1eim2ge.ru
domain: ghost.fumb1eim2ge.ru
file: 69.159.0.133
hash: 2222
domain: q3n.fumb1eim2ge.ru
domain: t0.r2zin5pir.ru
domain: volt.r2zin5pir.ru
domain: wh7.r2zin5pir.ru
domain: 95e.r2zin5pir.ru
domain: oz.qu2rv0lts.ru
domain: 9tkz.qu2rv0lts.ru
url: https://val.chadamaite.com/
url: https://val.asrkala.top/
domain: val.chadamaite.com
domain: val.asrkala.top
domain: alpha.qu2rv0lts.ru
domain: vyrf.qu2rv0lts.ru
domain: qjx5z.jazzm1s8uid.ru
domain: human.jazzm1s8uid.ru
domain: reson.jazzm1s8uid.ru
domain: ys.jazzm1s8uid.ru
file: 92.119.125.134
hash: 8888
file: 107.172.31.102
hash: 8090
domain: endpoint.digitalpointsec.org
file: 54.184.44.5
hash: 7443
file: 135.181.44.25
hash: 1234
file: 85.93.105.189
hash: 33333
file: 106.53.68.200
hash: 8999
file: 3.16.112.15
hash: 443
file: 35.159.131.134
hash: 443
file: 51.161.92.106
hash: 3333
domain: delta.re5onwi1ling.ru
url: http://43.156.137.45:443/jquery-3.3.1.min.js
domain: loop.re5onwi1ling.ru
domain: fcn.re5onwi1ling.ru
file: 189.5.64.234
hash: 7777
domain: hpolokolasolakiprijions.com
domain: giakloirtyuilokasdf.com
domain: bastroiklodasertjuyer.com
domain: 7uy.re5onwi1ling.ru
domain: 6cqyk.idi0tnau8h.ru
domain: 0u.idi0tnau8h.ru
file: 149.56.134.136
hash: 1337
file: 185.214.10.204
hash: 43210
file: 136.61.221.144
hash: 2404
domain: nifty.warzonedns.com
domain: asj77.com
domain: asj88.com
domain: asj99.com
file: 42.192.23.112
hash: 8888
file: 142.171.48.99
hash: 7443
file: 93.232.102.231
hash: 81
file: 94.237.120.246
hash: 9999
file: 54.163.54.217
hash: 46557
file: 18.212.193.39
hash: 16208
file: 199.101.111.170
hash: 3790
file: 3.85.93.43
hash: 771
file: 3.85.93.43
hash: 36321
file: 64.90.54.59
hash: 443
file: 103.231.14.104
hash: 4443
file: 103.23.149.233
hash: 8080
domain: artist.idi0tnau8h.ru
file: 107.151.212.230
hash: 8080
file: 170.64.238.23
hash: 5443
file: 47.121.143.60
hash: 5555
domain: m3a0z.idi0tnau8h.ru
domain: almond.fo0lrati0n.ru
domain: omega.fo0lrati0n.ru
url: https://lumis.lt/
url: https://fastsolution.asia/
domain: odd.fo0lrati0n.ru
domain: jazz.fo0lrati0n.ru
file: 89.106.84.43
hash: 2100
file: 89.106.84.43
hash: 21000
file: 89.106.84.43
hash: 2700
file: 89.106.84.43
hash: 27000
file: 45.59.119.252
hash: 8443
domain: 3tqe7.a1mond0prit.ru
domain: l9.a1mond0prit.ru
domain: pixel.a1mond0prit.ru
domain: 5fvhf.a1mond0prit.ru
url: https://www.seydap.gr/
domain: qdn2a.ko1osunde2d.ru
domain: spark.ko1osunde2d.ru
domain: shift.ko1osunde2d.ru
domain: 72.ko1osunde2d.ru
domain: ripple.fur5hst0the.ru
url: http://45.93.20.34/20e1a9f6de594e28.php
domain: blz.fur5hst0the.ru
domain: i6.fur5hst0the.ru
domain: db9.fur5hst0the.ru
domain: image.duzhk2s1ob.ru
file: 185.163.204.192
hash: 9000
file: 18.232.182.46
hash: 7443
file: 118.107.29.158
hash: 444
file: 38.45.127.148
hash: 444
file: 103.144.29.231
hash: 444
file: 202.79.169.170
hash: 444
file: 137.220.154.106
hash: 444
file: 156.252.60.228
hash: 444
file: 38.91.116.46
hash: 444
file: 38.91.116.43
hash: 444
file: 202.79.169.54
hash: 444
file: 38.45.125.94
hash: 444
file: 202.79.169.72
hash: 444
file: 27.124.17.168
hash: 444
file: 154.197.6.225
hash: 444
file: 154.197.7.176
hash: 444
file: 27.50.59.4
hash: 444
file: 154.197.6.178
hash: 444
file: 27.50.59.3
hash: 444
file: 27.124.17.200
hash: 444
file: 202.79.169.189
hash: 444
file: 38.45.127.147
hash: 444
file: 34.227.28.156
hash: 17778
domain: 8a.duzhk2s1ob.ru
file: 185.11.61.106
hash: 80
url: https://www.dcamargobetoneiras.com.br/
domain: newdc35635.duckdns.org
domain: nexus.duzhk2s1ob.ru
domain: tetrasa.cfd
url: https://jjjgaasda.live/api/config
url: https://jjjgaasda.live/api/client
url: https://steamcommunity.com/profiles/76561199000000002/
domain: 6ehj.duzhk2s1ob.ru
domain: beta.cr2ftedne5s.ru
domain: k1.cr2ftedne5s.ru
url: https://tur.chadamaite.com/
url: https://tur.asrkala.top/
domain: tur.chadamaite.com
domain: tur.asrkala.top
domain: gamma.cr2ftedne5s.ru
domain: tu5l.cr2ftedne5s.ru
domain: nova.de1iainal0s.ru
domain: fizz.de1iainal0s.ru
domain: odgb.de1iainal0s.ru
file: 52.139.176.27
hash: 443
domain: amal.sa.com
domain: 8whb.de1iainal0s.ru
domain: ok2.5hri1luv.ru
domain: ratio.5hri1luv.ru
domain: patch.5hri1luv.ru
domain: 4nj.5hri1luv.ru
domain: a5iz3.sk2tear0und.ru
domain: ds5.sk2tear0und.ru
domain: rgqg.sk2tear0und.ru
domain: warp.sk2tear0und.ru
domain: 9nn.a1tistt0rt.ru
domain: ku.a1tistt0rt.ru
domain: 1y.a1tistt0rt.ru
file: 56.155.141.135
hash: 443
file: 198.23.175.56
hash: 4700
domain: rem1225.duckdns.org
domain: secureconnection.anondns.net
domain: quacksar-31780.portmap.host
file: 121.127.232.30
hash: 6666
file: 27.124.44.169
hash: 6666
file: 27.124.44.169
hash: 8888
file: 107.173.187.149
hash: 61239
file: 176.116.0.96
hash: 8084
url: http://196.251.107.23/7ffc7a279c17c091.php
file: 103.213.244.106
hash: 8084
domain: uysjt.a1tistt0rt.ru
file: 115.190.200.230
hash: 10444
file: 38.55.205.7
hash: 8084
domain: y7.indig5pir1t.ru
file: 173.249.13.204
hash: 12341
file: 115.42.60.57
hash: 8085
file: 107.175.76.208
hash: 20222
domain: 39nb1.indig5pir1t.ru
file: 43.152.234.213
hash: 8084
file: 92.246.87.48
hash: 9084
file: 138.197.201.253
hash: 8001
file: 45.55.164.53
hash: 8001
file: 165.22.13.36
hash: 8001
file: 146.190.73.115
hash: 8001
file: 46.101.44.178
hash: 8001
domain: nsd1.indig5pir1t.ru
file: 111.48.101.123
hash: 10250
file: 124.198.132.185
hash: 8080
file: 13.37.104.112
hash: 8888
file: 185.126.5.113
hash: 443
file: 191.112.24.55
hash: 443
file: 2.241.216.70
hash: 7443
file: 219.246.21.239
hash: 8860
file: 221.204.216.18
hash: 10250
file: 76.29.173.227
hash: 8096
domain: xgclb.indig5pir1t.ru
file: 115.42.60.223
hash: 61236
domain: ml2s.al1ah5natch.ru
file: 159.75.183.3
hash: 7891
file: 206.206.78.33
hash: 8084
domain: o6.al1ah5natch.ru
file: 103.30.78.110
hash: 443
domain: xq.al1ah5natch.ru
file: 45.129.231.10
hash: 8084
file: 124.223.196.227
hash: 8888
domain: fda.al1ah5natch.ru
file: 39.99.41.108
hash: 1236
file: 159.203.139.241
hash: 8001
file: 147.182.208.9
hash: 8001
file: 138.68.175.243
hash: 8001
file: 142.93.43.200
hash: 8001
file: 134.209.191.50
hash: 8001
file: 188.166.84.84
hash: 8001
file: 45.55.34.137
hash: 8001
file: 138.197.15.181
hash: 8001
file: 167.99.171.110
hash: 8001
file: 157.230.152.139
hash: 8001
file: 42.194.168.128
hash: 4552
domain: crackle.a8arichum2n.ru
file: 150.158.22.130
hash: 8084
domain: aj.a8arichum2n.ru
file: 207.180.229.201
hash: 4444
domain: weird.a8arichum2n.ru
domain: 40kr.a8arichum2n.ru
file: 23.235.174.2
hash: 9878
file: 23.235.174.21
hash: 9878
file: 23.235.174.12
hash: 9878
file: 23.235.174.26
hash: 9878
file: 23.235.163.200
hash: 9878
file: 23.235.163.207
hash: 9878
file: 23.235.174.23
hash: 9878
file: 110.40.185.125
hash: 4443
file: 23.235.174.22
hash: 9878
file: 103.41.6.59
hash: 9878
file: 23.235.174.10
hash: 9878
file: 23.235.163.195
hash: 9878
file: 23.235.174.13
hash: 9878
file: 23.235.163.216
hash: 9878
file: 23.235.163.201
hash: 9878
file: 23.235.174.16
hash: 9878
file: 47.92.71.218
hash: 443
file: 14.103.158.185
hash: 443
file: 8.130.74.111
hash: 4444
file: 45.59.114.189
hash: 2404
file: 27.102.127.136
hash: 2406
file: 45.156.248.2
hash: 443
file: 79.141.174.123
hash: 443
file: 95.111.221.42
hash: 8080
file: 82.29.67.221
hash: 8888
file: 45.123.188.140
hash: 8888
file: 111.229.63.20
hash: 8888
file: 117.72.62.70
hash: 8888
file: 193.33.195.32
hash: 9000
file: 157.20.182.45
hash: 443
file: 77.93.154.243
hash: 80
file: 39.46.124.69
hash: 6906
file: 46.246.80.16
hash: 4444
file: 13.127.36.113
hash: 443
file: 13.221.127.147
hash: 6002
file: 13.221.127.147
hash: 49152
file: 158.69.62.153
hash: 443
file: 46.62.249.23
hash: 80
file: 154.84.86.183
hash: 80
file: 133.242.169.121
hash: 443
domain: b9gg.ba1dostr0g.ru
file: 45.119.98.151
hash: 6667
file: 167.99.221.18
hash: 8001
domain: 93q.ba1dostr0g.ru
domain: se9m.ba1dostr0g.ru
domain: atmk.ba1dostr0g.ru
domain: veil.cl0ac2ninth.ru
domain: umbra3.cl0ac2ninth.ru
file: 149.88.81.251
hash: 8443
domain: raven.cl0ac2ninth.ru
domain: misth.cl0ac2ninth.ru
domain: delta.tsi8eikay2k.ru
domain: nacre.tsi8eikay2k.ru
domain: silk1.tsi8eikay2k.ru
domain: quartz.ant1sepgue7.ru
domain: fallow.ant1sepgue7.ru
domain: blume2.ant1sepgue7.ru
domain: arbor.ant1sepgue7.ru
domain: tau.ant1sepgue7.ru
domain: ledger.auth0rtoki1l.ru
domain: noir7.auth0rtoki1l.ru
domain: cipher.auth0rtoki1l.ru
domain: lute.me2nin8harp.ru
domain: cadence.me2nin8harp.ru
domain: murmur1.me2nin8harp.ru
domain: aria.me2nin8harp.ru
domain: ember.enra8evue7k.ru
domain: serra.enra8evue7k.ru
domain: vento4.enra8evue7k.ru
domain: aurora.enra8evue7k.ru
file: 173.225.111.176
hash: 443
domain: clave.enra8evue7k.ru

Source: ThreatFox MISP Feed

Published: Tue Dec 16 2025

ThreatFox IOCs for 2025-12-16

Medium

Malwaretype:osint tlp:white

Published: Tue Dec 16 2025 (12/16/2025, 00:00:00 UTC)

Source: ThreatFox MISP Feed

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-12-16

AI-Powered Analysis

AILast updated: 12/17/2025, 00:15:33 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 88eb1381-c315-428a-ae18-0a7b985475dc
Original Timestamp: 1765929785

Indicators of Compromise

Domain

Value	Description	Copy
domainmediatron.eu.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainhazystripe2004.shop	Unknown RAT botnet C2 domain (confidence level: 100%)
domainseparatto.xyz	Unknown malware payload delivery domain (confidence level: 100%)
domainfttyyu-could.icu	Stealc botnet C2 domain (confidence level: 100%)
domainsunwin.moi	AsyncRAT botnet C2 domain (confidence level: 100%)
domainltaw.thrumblex.ru	ClearFake payload delivery domain (confidence level: 100%)
domainya.thrumblex.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincopper.jaxmorrow.ru	ClearFake payload delivery domain (confidence level: 100%)
domainuqnp.jaxmorrow.ru	ClearFake payload delivery domain (confidence level: 100%)
domainkibu.jaxmorrow.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint0w.jaxmorrow.ru	ClearFake payload delivery domain (confidence level: 100%)
domaini4nau.quartznibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbeachshades.co.com	Quasar RAT botnet C2 domain (confidence level: 75%)
domainvle.in.net	Quasar RAT botnet C2 domain (confidence level: 75%)
domaincrackle.quartznibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domaind3l.quartznibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindelta.quartznibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domainawy.sp-1-nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl6vzy.sp-1-nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainomega.sp-1-nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxiyp5.sp-1-nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainracket.c0pperknit.ru	ClearFake payload delivery domain (confidence level: 100%)
domain9rg.c0pperknit.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintrace.c0pperknit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbq.c0pperknit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnova.quartz-nibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domainr1n.quartz-nibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domainthrumble.quartz-nibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domainloom.quartz-nibble.ru	ClearFake payload delivery domain (confidence level: 100%)
domainikzct.sp1nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfizz.sp1nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domain9sct2.sp1nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpatch.sp1nterpad.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbvki6.fogtangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsqux.fogtangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domainv3xv.fogtangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domainweird.fogtangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domain4mapc.racketloom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainspark.racketloom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlq4f.racketloom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhshvw.racketloom.ru	ClearFake payload delivery domain (confidence level: 100%)
domain9luf.hexapulse.ru	ClearFake payload delivery domain (confidence level: 100%)
domainu24b.hexapulse.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhexa.hexapulse.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincdn.extremepornvideos.com	Unknown malware botnet C2 domain (confidence level: 100%)
domainellu2222-37691.portmap.hos	AsyncRAT botnet C2 domain (confidence level: 100%)
domainrespaldo30000.duckdns.org	AsyncRAT botnet C2 domain (confidence level: 100%)
domainedge.onthewifi.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.beachshades.co.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainmalware.vle.in.net	AsyncRAT botnet C2 domain (confidence level: 100%)
domainlowbilding.ydns.eu	Quasar RAT botnet C2 domain (confidence level: 100%)
domainortyfivev.crabdance.com	Quasar RAT botnet C2 domain (confidence level: 100%)
domainrootsys.duckdns.org	ValleyRAT botnet C2 domain (confidence level: 100%)
domainpulse.hexapulse.ru	ClearFake payload delivery domain (confidence level: 100%)
domainellison.st	Mirai botnet C2 domain (confidence level: 100%)
domainalpha.racket-loom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainclaw.racket-loom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvalid.marvisxoxo.st	Mirai botnet C2 domain (confidence level: 100%)
domainmh.racket-loom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvibra.racket-loom.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrwe3y.v1braclaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainconnect.brighttv.in.net	AsyncRAT botnet C2 domain (confidence level: 50%)
domaingatex.www.tvserviceparts.com	AsyncRAT botnet C2 domain (confidence level: 50%)
domaintv.brighttv.in.net	AsyncRAT botnet C2 domain (confidence level: 50%)
domainv2.elijah.ru.com	AsyncRAT botnet C2 domain (confidence level: 50%)
domaindeskonline.noip.me	DarkComet botnet C2 domain (confidence level: 50%)
domainapp.elijah.ru.com	DCRat botnet C2 domain (confidence level: 50%)
domainbrynleelxhello.ru.com	DCRat botnet C2 domain (confidence level: 50%)
domainbulkcementdesk.in.net	DCRat botnet C2 domain (confidence level: 50%)
domainmalware.brynleelxhello.ru.com	DCRat botnet C2 domain (confidence level: 50%)
domainmalware.bulkcementdesk.in.net	DCRat botnet C2 domain (confidence level: 50%)
domainmicrosoft.monginiscake.in.net	DCRat botnet C2 domain (confidence level: 50%)
domainwww.052atelier.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.1wrzv5r.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.39tka.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.4er.online	Formbook botnet C2 domain (confidence level: 50%)
domainwww.5vip5.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.5x15yrz.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.7xj4xi.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.a2sbn1y.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ainedcapital.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.apwzfssh.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.atecards.pro	Formbook botnet C2 domain (confidence level: 50%)
domainwww.atio.ee	Formbook botnet C2 domain (confidence level: 50%)
domainwww.dityahd.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eadpoint.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ebyarhgo9.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.egalsandstone.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.enjajackpot168.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eojgm2.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.erkshireriskservices.ai	Formbook botnet C2 domain (confidence level: 50%)
domainwww.eucaixaapp.com.br	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ffortlessrules.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.fnciu.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.glychic.store	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hargingstations.be	Formbook botnet C2 domain (confidence level: 50%)
domainwww.heiliao.wiki	Formbook botnet C2 domain (confidence level: 50%)
domainwww.heroplu.xyz	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hillipsakers.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.horncast.se	Formbook botnet C2 domain (confidence level: 50%)
domainwww.hpsvifx.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.i7u6fiq.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.iile.cn	Formbook botnet C2 domain (confidence level: 50%)
domainwww.indowblindsbd.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.infastvnauto.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ioneerindustriesllc.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.itoolstown.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.kwj9ys.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.lirionis.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.mnwp51y.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.n2s37.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oa6yi73.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oadsidearmor.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.obsonadv.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oodgutbug.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oohook.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ordfilmpyr.lat	Formbook botnet C2 domain (confidence level: 50%)
domainwww.oreenheintznotary.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.otelsnearbrentfordstadium.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.otget.net	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ovisque.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.pavk23.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.portmore-iq.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.r5boj.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ritify.info	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rjvc.cn	Formbook botnet C2 domain (confidence level: 50%)
domainwww.rternhouse.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.sgx60.shop	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ssessxtratrades.ltd	Formbook botnet C2 domain (confidence level: 50%)
domainwww.stra.parts	Formbook botnet C2 domain (confidence level: 50%)
domainwww.t2wjl8x.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.umespot.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.yla6phe.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.ytegs.com	Formbook botnet C2 domain (confidence level: 50%)
domainwww.zlbk7uj.bond	Formbook botnet C2 domain (confidence level: 50%)
domainwww.zm7.top	Formbook botnet C2 domain (confidence level: 50%)
domainwww.zmoonshots.com	Formbook botnet C2 domain (confidence level: 50%)
domainmalware.brighttv.in.net	Quasar RAT botnet C2 domain (confidence level: 50%)
domainhazeontop555-51161.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainrelatedsinsportycreiwer.site	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainsoundtu.sb	Lumma Stealer botnet C2 domain (confidence level: 50%)
domainfsglobe.com	FAKEUPDATES payload delivery domain (confidence level: 50%)
domainu89.v1braclaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm9q9.v1braclaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpixel.v1braclaw.ru	ClearFake payload delivery domain (confidence level: 100%)
domainknit.fog-tangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintangent.fog-tangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domain1yy.fog-tangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domainocnbn.fog-tangent.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink9.pl0tchisel.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintop.chadamaite.com	Vidar botnet C2 domain (confidence level: 100%)
domaintop.asrkala.top	Vidar botnet C2 domain (confidence level: 100%)
domainkit.chadamaite.com	Vidar botnet C2 domain (confidence level: 100%)
domainkit.asrkala.top	Vidar botnet C2 domain (confidence level: 100%)
domain1r18.pl0tchisel.ru	ClearFake payload delivery domain (confidence level: 100%)
domainloop.pl0tchisel.ru	ClearFake payload delivery domain (confidence level: 100%)
domainszpf.pl0tchisel.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintrace.fumb1eim2ge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbold.fumb1eim2ge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainghost.fumb1eim2ge.ru	ClearFake payload delivery domain (confidence level: 100%)
domainq3n.fumb1eim2ge.ru	ClearFake payload delivery domain (confidence level: 100%)
domaint0.r2zin5pir.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvolt.r2zin5pir.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwh7.r2zin5pir.ru	ClearFake payload delivery domain (confidence level: 100%)
domain95e.r2zin5pir.ru	ClearFake payload delivery domain (confidence level: 100%)
domainoz.qu2rv0lts.ru	ClearFake payload delivery domain (confidence level: 100%)
domain9tkz.qu2rv0lts.ru	ClearFake payload delivery domain (confidence level: 100%)
domainval.chadamaite.com	Vidar botnet C2 domain (confidence level: 100%)
domainval.asrkala.top	Vidar botnet C2 domain (confidence level: 100%)
domainalpha.qu2rv0lts.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvyrf.qu2rv0lts.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqjx5z.jazzm1s8uid.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhuman.jazzm1s8uid.ru	ClearFake payload delivery domain (confidence level: 100%)
domainreson.jazzm1s8uid.ru	ClearFake payload delivery domain (confidence level: 100%)
domainys.jazzm1s8uid.ru	ClearFake payload delivery domain (confidence level: 100%)
domainendpoint.digitalpointsec.org	Unknown malware botnet C2 domain (confidence level: 100%)
domaindelta.re5onwi1ling.ru	ClearFake payload delivery domain (confidence level: 100%)
domainloop.re5onwi1ling.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfcn.re5onwi1ling.ru	ClearFake payload delivery domain (confidence level: 100%)
domainhpolokolasolakiprijions.com	Latrodectus botnet C2 domain (confidence level: 100%)
domaingiakloirtyuilokasdf.com	Latrodectus botnet C2 domain (confidence level: 100%)
domainbastroiklodasertjuyer.com	Latrodectus botnet C2 domain (confidence level: 100%)
domain7uy.re5onwi1ling.ru	ClearFake payload delivery domain (confidence level: 100%)
domain6cqyk.idi0tnau8h.ru	ClearFake payload delivery domain (confidence level: 100%)
domain0u.idi0tnau8h.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnifty.warzonedns.com	Remcos botnet C2 domain (confidence level: 100%)
domainasj77.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainasj88.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainasj99.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domainartist.idi0tnau8h.ru	ClearFake payload delivery domain (confidence level: 100%)
domainm3a0z.idi0tnau8h.ru	ClearFake payload delivery domain (confidence level: 100%)
domainalmond.fo0lrati0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainomega.fo0lrati0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainodd.fo0lrati0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainjazz.fo0lrati0n.ru	ClearFake payload delivery domain (confidence level: 100%)
domain3tqe7.a1mond0prit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainl9.a1mond0prit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpixel.a1mond0prit.ru	ClearFake payload delivery domain (confidence level: 100%)
domain5fvhf.a1mond0prit.ru	ClearFake payload delivery domain (confidence level: 100%)
domainqdn2a.ko1osunde2d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainspark.ko1osunde2d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainshift.ko1osunde2d.ru	ClearFake payload delivery domain (confidence level: 100%)
domain72.ko1osunde2d.ru	ClearFake payload delivery domain (confidence level: 100%)
domainripple.fur5hst0the.ru	ClearFake payload delivery domain (confidence level: 100%)
domainblz.fur5hst0the.ru	ClearFake payload delivery domain (confidence level: 100%)
domaini6.fur5hst0the.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindb9.fur5hst0the.ru	ClearFake payload delivery domain (confidence level: 100%)
domainimage.duzhk2s1ob.ru	ClearFake payload delivery domain (confidence level: 100%)
domain8a.duzhk2s1ob.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnewdc35635.duckdns.org	Mirai botnet C2 domain (confidence level: 100%)
domainnexus.duzhk2s1ob.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintetrasa.cfd	Lumma Stealer botnet C2 domain (confidence level: 100%)
domain6ehj.duzhk2s1ob.ru	ClearFake payload delivery domain (confidence level: 100%)
domainbeta.cr2ftedne5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domaink1.cr2ftedne5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintur.chadamaite.com	Vidar botnet C2 domain (confidence level: 100%)
domaintur.asrkala.top	Vidar botnet C2 domain (confidence level: 100%)
domaingamma.cr2ftedne5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintu5l.cr2ftedne5s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnova.de1iainal0s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfizz.de1iainal0s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainodgb.de1iainal0s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainamal.sa.com	AsyncRAT botnet C2 domain (confidence level: 100%)
domain8whb.de1iainal0s.ru	ClearFake payload delivery domain (confidence level: 100%)
domainok2.5hri1luv.ru	ClearFake payload delivery domain (confidence level: 100%)
domainratio.5hri1luv.ru	ClearFake payload delivery domain (confidence level: 100%)
domainpatch.5hri1luv.ru	ClearFake payload delivery domain (confidence level: 100%)
domain4nj.5hri1luv.ru	ClearFake payload delivery domain (confidence level: 100%)
domaina5iz3.sk2tear0und.ru	ClearFake payload delivery domain (confidence level: 100%)
domainds5.sk2tear0und.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrgqg.sk2tear0und.ru	ClearFake payload delivery domain (confidence level: 100%)
domainwarp.sk2tear0und.ru	ClearFake payload delivery domain (confidence level: 100%)
domain9nn.a1tistt0rt.ru	ClearFake payload delivery domain (confidence level: 100%)
domainku.a1tistt0rt.ru	ClearFake payload delivery domain (confidence level: 100%)
domain1y.a1tistt0rt.ru	ClearFake payload delivery domain (confidence level: 100%)
domainrem1225.duckdns.org	Remcos botnet C2 domain (confidence level: 100%)
domainsecureconnection.anondns.net	Quasar RAT botnet C2 domain (confidence level: 100%)
domainquacksar-31780.portmap.host	Quasar RAT botnet C2 domain (confidence level: 100%)
domainuysjt.a1tistt0rt.ru	ClearFake payload delivery domain (confidence level: 100%)
domainy7.indig5pir1t.ru	ClearFake payload delivery domain (confidence level: 100%)
domain39nb1.indig5pir1t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnsd1.indig5pir1t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxgclb.indig5pir1t.ru	ClearFake payload delivery domain (confidence level: 100%)
domainml2s.al1ah5natch.ru	ClearFake payload delivery domain (confidence level: 100%)
domaino6.al1ah5natch.ru	ClearFake payload delivery domain (confidence level: 100%)
domainxq.al1ah5natch.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfda.al1ah5natch.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincrackle.a8arichum2n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaj.a8arichum2n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainweird.a8arichum2n.ru	ClearFake payload delivery domain (confidence level: 100%)
domain40kr.a8arichum2n.ru	ClearFake payload delivery domain (confidence level: 100%)
domainb9gg.ba1dostr0g.ru	ClearFake payload delivery domain (confidence level: 100%)
domain93q.ba1dostr0g.ru	ClearFake payload delivery domain (confidence level: 100%)
domainse9m.ba1dostr0g.ru	ClearFake payload delivery domain (confidence level: 100%)
domainatmk.ba1dostr0g.ru	ClearFake payload delivery domain (confidence level: 100%)
domainveil.cl0ac2ninth.ru	ClearFake payload delivery domain (confidence level: 100%)
domainumbra3.cl0ac2ninth.ru	ClearFake payload delivery domain (confidence level: 100%)
domainraven.cl0ac2ninth.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmisth.cl0ac2ninth.ru	ClearFake payload delivery domain (confidence level: 100%)
domaindelta.tsi8eikay2k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnacre.tsi8eikay2k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainsilk1.tsi8eikay2k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainquartz.ant1sepgue7.ru	ClearFake payload delivery domain (confidence level: 100%)
domainfallow.ant1sepgue7.ru	ClearFake payload delivery domain (confidence level: 100%)
domainblume2.ant1sepgue7.ru	ClearFake payload delivery domain (confidence level: 100%)
domainarbor.ant1sepgue7.ru	ClearFake payload delivery domain (confidence level: 100%)
domaintau.ant1sepgue7.ru	ClearFake payload delivery domain (confidence level: 100%)
domainledger.auth0rtoki1l.ru	ClearFake payload delivery domain (confidence level: 100%)
domainnoir7.auth0rtoki1l.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincipher.auth0rtoki1l.ru	ClearFake payload delivery domain (confidence level: 100%)
domainlute.me2nin8harp.ru	ClearFake payload delivery domain (confidence level: 100%)
domaincadence.me2nin8harp.ru	ClearFake payload delivery domain (confidence level: 100%)
domainmurmur1.me2nin8harp.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaria.me2nin8harp.ru	ClearFake payload delivery domain (confidence level: 100%)
domainember.enra8evue7k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainserra.enra8evue7k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainvento4.enra8evue7k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainaurora.enra8evue7k.ru	ClearFake payload delivery domain (confidence level: 100%)
domainclave.enra8evue7k.ru	ClearFake payload delivery domain (confidence level: 100%)

File

Value	Description	Copy
file144.172.104.178	XMRIG botnet C2 server (confidence level: 75%)
file91.208.184.203	XMRIG botnet C2 server (confidence level: 75%)
file144.172.105.58	XMRIG botnet C2 server (confidence level: 75%)
file94.156.102.130	Unknown RAT botnet C2 server (confidence level: 100%)
file95.181.212.171	Unknown RAT botnet C2 server (confidence level: 100%)
file143.20.185.252	Mirai botnet C2 server (confidence level: 80%)
file157.250.205.158	Mirai botnet C2 server (confidence level: 80%)
file176.117.107.202	Remcos botnet C2 server (confidence level: 100%)
file181.162.166.187	Quasar RAT botnet C2 server (confidence level: 100%)
file45.192.208.126	DCRat botnet C2 server (confidence level: 100%)
file79.141.171.48	Bashlite botnet C2 server (confidence level: 100%)
file198.144.189.90	Bashlite botnet C2 server (confidence level: 100%)
file93.123.39.215	AdaptixC2 botnet C2 server (confidence level: 100%)
file54.146.203.147	Meterpreter botnet C2 server (confidence level: 100%)
file54.146.203.147	Meterpreter botnet C2 server (confidence level: 100%)
file54.146.203.147	Meterpreter botnet C2 server (confidence level: 100%)
file34.201.131.95	Meterpreter botnet C2 server (confidence level: 100%)
file51.79.73.237	Empire Downloader botnet C2 server (confidence level: 100%)
file178.210.92.124	Unknown malware botnet C2 server (confidence level: 100%)
file134.175.186.196	Cobalt Strike botnet C2 server (confidence level: 75%)
file175.178.83.231	Cobalt Strike botnet C2 server (confidence level: 75%)
file43.161.245.186	Cobalt Strike botnet C2 server (confidence level: 75%)
file5.101.83.50	Stealc botnet C2 server (confidence level: 100%)
file141.98.10.61	Mirai botnet C2 server (confidence level: 80%)
file154.36.158.166	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.76.185.85	Cobalt Strike botnet C2 server (confidence level: 100%)
file190.255.85.156	Remcos botnet C2 server (confidence level: 100%)
file45.61.150.251	Unknown malware botnet C2 server (confidence level: 100%)
file107.172.31.101	AsyncRAT botnet C2 server (confidence level: 100%)
file144.172.103.138	AsyncRAT botnet C2 server (confidence level: 100%)
file185.11.61.225	SectopRAT botnet C2 server (confidence level: 100%)
file151.244.111.46	Unknown malware botnet C2 server (confidence level: 100%)
file89.125.209.24	Havoc botnet C2 server (confidence level: 100%)
file13.212.29.163	Venom RAT botnet C2 server (confidence level: 100%)
file199.101.108.60	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.161	Meterpreter botnet C2 server (confidence level: 100%)
file18.234.196.1	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.115	Meterpreter botnet C2 server (confidence level: 100%)
file54.84.211.230	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.68	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.108.59	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.123	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.108.53	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.219	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.108.62	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.111	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.194	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.108.56	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.177	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.156	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.132	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.222	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.130	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.167	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.108.65	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.239	Meterpreter botnet C2 server (confidence level: 100%)
file3.89.8.210	Meterpreter botnet C2 server (confidence level: 100%)
file98.88.23.144	Meterpreter botnet C2 server (confidence level: 100%)
file98.88.23.144	Meterpreter botnet C2 server (confidence level: 100%)
file64.90.54.59	Unknown malware botnet C2 server (confidence level: 100%)
file178.62.67.117	Aisuru botnet C2 server (confidence level: 75%)
file165.22.135.122	Aisuru botnet C2 server (confidence level: 75%)
file161.35.15.157	Aisuru botnet C2 server (confidence level: 75%)
file159.65.110.206	Aisuru botnet C2 server (confidence level: 75%)
file178.62.117.169	Aisuru botnet C2 server (confidence level: 75%)
file138.68.140.50	Aisuru botnet C2 server (confidence level: 75%)
file104.131.102.238	Aisuru botnet C2 server (confidence level: 75%)
file167.172.33.244	Aisuru botnet C2 server (confidence level: 75%)
file104.131.171.227	Aisuru botnet C2 server (confidence level: 75%)
file88.75.228.239	AsyncRAT botnet C2 server (confidence level: 100%)
file88.75.228.239	AsyncRAT botnet C2 server (confidence level: 100%)
file88.75.228.239	AsyncRAT botnet C2 server (confidence level: 100%)
file88.75.228.239	AsyncRAT botnet C2 server (confidence level: 100%)
file45.156.87.231	Mirai botnet C2 server (confidence level: 75%)
file119.45.160.160	Cobalt Strike botnet C2 server (confidence level: 50%)
file91.86.43.83	Cobalt Strike botnet C2 server (confidence level: 50%)
file39.105.61.160	Cobalt Strike botnet C2 server (confidence level: 50%)
file50.114.113.106	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.121.130.60	Cobalt Strike botnet C2 server (confidence level: 50%)
file209.97.168.63	Cobalt Strike botnet C2 server (confidence level: 50%)
file120.48.50.33	Cobalt Strike botnet C2 server (confidence level: 50%)
file49.235.84.148	Cobalt Strike botnet C2 server (confidence level: 50%)
file34.203.199.106	Cobalt Strike botnet C2 server (confidence level: 50%)
file18.134.228.48	Cobalt Strike botnet C2 server (confidence level: 50%)
file124.221.215.174	Cobalt Strike botnet C2 server (confidence level: 50%)
file129.170.51.231	Cobalt Strike botnet C2 server (confidence level: 50%)
file188.121.123.185	Cobalt Strike botnet C2 server (confidence level: 50%)
file145.223.70.112	Sliver botnet C2 server (confidence level: 50%)
file192.253.224.82	Sliver botnet C2 server (confidence level: 50%)
file43.163.26.181	Sliver botnet C2 server (confidence level: 50%)
file172.232.29.157	Sliver botnet C2 server (confidence level: 50%)
file209.97.168.63	Sliver botnet C2 server (confidence level: 50%)
file23.227.203.12	Sliver botnet C2 server (confidence level: 50%)
file158.94.209.97	Sliver botnet C2 server (confidence level: 50%)
file107.172.67.68	Sliver botnet C2 server (confidence level: 50%)
file185.237.166.132	Sliver botnet C2 server (confidence level: 50%)
file24.144.94.152	Sliver botnet C2 server (confidence level: 50%)
file172.93.220.237	Sliver botnet C2 server (confidence level: 50%)
file163.47.9.13	Sliver botnet C2 server (confidence level: 50%)
file113.30.190.233	Sliver botnet C2 server (confidence level: 50%)
file95.85.242.182	Sliver botnet C2 server (confidence level: 50%)
file38.150.34.76	Sliver botnet C2 server (confidence level: 50%)
file46.183.25.17	Sliver botnet C2 server (confidence level: 50%)
file45.76.223.178	Sliver botnet C2 server (confidence level: 50%)
file176.65.149.124	Sliver botnet C2 server (confidence level: 50%)
file185.239.69.175	Sliver botnet C2 server (confidence level: 50%)
file134.112.137.191	Sliver botnet C2 server (confidence level: 50%)
file38.242.153.111	Sliver botnet C2 server (confidence level: 50%)
file162.33.177.43	Sliver botnet C2 server (confidence level: 50%)
file202.60.229.162	Unknown malware botnet C2 server (confidence level: 50%)
file216.126.227.24	Unknown malware botnet C2 server (confidence level: 50%)
file4.201.140.200	Unknown malware botnet C2 server (confidence level: 50%)
file37.148.212.55	Unknown malware botnet C2 server (confidence level: 50%)
file72.11.151.27	Unknown malware botnet C2 server (confidence level: 50%)
file51.38.226.104	Unknown malware botnet C2 server (confidence level: 50%)
file95.70.179.34	Unknown malware botnet C2 server (confidence level: 50%)
file34.67.76.233	Unknown malware botnet C2 server (confidence level: 50%)
file149.202.73.215	Unknown malware botnet C2 server (confidence level: 50%)
file1.32.255.7	Unknown RAT botnet C2 server (confidence level: 50%)
file206.238.115.137	Unknown RAT botnet C2 server (confidence level: 50%)
file202.79.169.59	Unknown RAT botnet C2 server (confidence level: 50%)
file156.252.60.229	Unknown RAT botnet C2 server (confidence level: 50%)
file202.95.15.148	Unknown RAT botnet C2 server (confidence level: 50%)
file27.50.59.7	Unknown RAT botnet C2 server (confidence level: 50%)
file38.91.116.45	Unknown RAT botnet C2 server (confidence level: 50%)
file112.213.101.103	Unknown RAT botnet C2 server (confidence level: 50%)
file161.248.14.135	Unknown RAT botnet C2 server (confidence level: 50%)
file162.254.86.108	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file194.79.212.139	Unknown malware botnet C2 server (confidence level: 50%)
file40.83.54.56	Unknown malware botnet C2 server (confidence level: 50%)
file152.54.4.109	Unknown malware botnet C2 server (confidence level: 50%)
file1.7.22.157	Unknown malware botnet C2 server (confidence level: 50%)
file119.198.24.240	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file210.223.3.19	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file81.1.230.242	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file185.39.19.176	SectopRAT botnet C2 server (confidence level: 50%)
file45.60.11.228	Nimplant botnet C2 server (confidence level: 50%)
file103.57.131.226	Nanocore RAT botnet C2 server (confidence level: 50%)
file213.14.143.251	Unknown malware botnet C2 server (confidence level: 50%)
file43.156.239.71	Unknown malware botnet C2 server (confidence level: 50%)
file194.146.36.195	AsyncRAT botnet C2 server (confidence level: 50%)
file194.146.36.195	AsyncRAT botnet C2 server (confidence level: 50%)
file103.170.255.121	Remcos botnet C2 server (confidence level: 50%)
file42.193.243.230	Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.137.221	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.182.120	Cobalt Strike botnet C2 server (confidence level: 100%)
file113.46.142.191	Cobalt Strike botnet C2 server (confidence level: 100%)
file117.72.197.178	Cobalt Strike botnet C2 server (confidence level: 100%)
file208.87.128.140	Sliver botnet C2 server (confidence level: 100%)
file114.132.217.187	Unknown malware botnet C2 server (confidence level: 100%)
file94.228.168.226	Hook botnet C2 server (confidence level: 100%)
file167.86.168.221	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file103.177.46.114	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.53	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.13	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.126	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.124	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.46	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.76	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.80	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.46.80	Meterpreter botnet C2 server (confidence level: 100%)
file3.89.8.210	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.47	Meterpreter botnet C2 server (confidence level: 100%)
file103.177.47.50	Meterpreter botnet C2 server (confidence level: 100%)
file46.224.26.34	Vidar botnet C2 server (confidence level: 100%)
file157.180.113.244	Vidar botnet C2 server (confidence level: 100%)
file213.152.161.201	PureLogs Stealer botnet C2 server (confidence level: 100%)
file69.159.0.133	QakBot botnet C2 server (confidence level: 75%)
file92.119.125.134	Unknown malware botnet C2 server (confidence level: 100%)
file107.172.31.102	AsyncRAT botnet C2 server (confidence level: 100%)
file54.184.44.5	Unknown malware botnet C2 server (confidence level: 100%)
file135.181.44.25	Unknown malware botnet C2 server (confidence level: 100%)
file85.93.105.189	Unknown malware botnet C2 server (confidence level: 100%)
file106.53.68.200	Unknown malware botnet C2 server (confidence level: 100%)
file3.16.112.15	Unknown malware botnet C2 server (confidence level: 100%)
file35.159.131.134	Unknown malware botnet C2 server (confidence level: 100%)
file51.161.92.106	Unknown malware botnet C2 server (confidence level: 100%)
file189.5.64.234	NjRAT botnet C2 server (confidence level: 100%)
file149.56.134.136	XWorm botnet C2 server (confidence level: 100%)
file185.214.10.204	Remcos botnet C2 server (confidence level: 100%)
file136.61.221.144	Remcos botnet C2 server (confidence level: 100%)
file42.192.23.112	Unknown malware botnet C2 server (confidence level: 100%)
file142.171.48.99	Unknown malware botnet C2 server (confidence level: 100%)
file93.232.102.231	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file94.237.120.246	MimiKatz botnet C2 server (confidence level: 100%)
file54.163.54.217	Meterpreter botnet C2 server (confidence level: 100%)
file18.212.193.39	Meterpreter botnet C2 server (confidence level: 100%)
file199.101.111.170	Meterpreter botnet C2 server (confidence level: 100%)
file3.85.93.43	Meterpreter botnet C2 server (confidence level: 100%)
file3.85.93.43	Meterpreter botnet C2 server (confidence level: 100%)
file64.90.54.59	Unknown malware botnet C2 server (confidence level: 100%)
file103.231.14.104	ValleyRAT botnet C2 server (confidence level: 100%)
file103.23.149.233	Cobalt Strike botnet C2 server (confidence level: 100%)
file107.151.212.230	Cobalt Strike botnet C2 server (confidence level: 100%)
file170.64.238.23	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.121.143.60	Cobalt Strike botnet C2 server (confidence level: 100%)
file89.106.84.43	Remcos botnet C2 server (confidence level: 75%)
file89.106.84.43	Remcos botnet C2 server (confidence level: 75%)
file89.106.84.43	Remcos botnet C2 server (confidence level: 75%)
file89.106.84.43	Remcos botnet C2 server (confidence level: 75%)
file45.59.119.252	Meterpreter botnet C2 server (confidence level: 75%)
file185.163.204.192	SectopRAT botnet C2 server (confidence level: 100%)
file18.232.182.46	Unknown malware botnet C2 server (confidence level: 100%)
file118.107.29.158	Unknown RAT botnet C2 server (confidence level: 100%)
file38.45.127.148	Unknown RAT botnet C2 server (confidence level: 100%)
file103.144.29.231	Unknown RAT botnet C2 server (confidence level: 100%)
file202.79.169.170	Unknown RAT botnet C2 server (confidence level: 100%)
file137.220.154.106	Unknown RAT botnet C2 server (confidence level: 100%)
file156.252.60.228	Unknown RAT botnet C2 server (confidence level: 100%)
file38.91.116.46	Unknown RAT botnet C2 server (confidence level: 100%)
file38.91.116.43	Unknown RAT botnet C2 server (confidence level: 100%)
file202.79.169.54	Unknown RAT botnet C2 server (confidence level: 100%)
file38.45.125.94	Unknown RAT botnet C2 server (confidence level: 100%)
file202.79.169.72	Unknown RAT botnet C2 server (confidence level: 100%)
file27.124.17.168	Unknown RAT botnet C2 server (confidence level: 100%)
file154.197.6.225	Unknown RAT botnet C2 server (confidence level: 100%)
file154.197.7.176	Unknown RAT botnet C2 server (confidence level: 100%)
file27.50.59.4	Unknown RAT botnet C2 server (confidence level: 100%)
file154.197.6.178	Unknown RAT botnet C2 server (confidence level: 100%)
file27.50.59.3	Unknown RAT botnet C2 server (confidence level: 100%)
file27.124.17.200	Unknown RAT botnet C2 server (confidence level: 100%)
file202.79.169.189	Unknown RAT botnet C2 server (confidence level: 100%)
file38.45.127.147	Unknown RAT botnet C2 server (confidence level: 100%)
file34.227.28.156	Meterpreter botnet C2 server (confidence level: 100%)
file185.11.61.106	Stealc botnet C2 server (confidence level: 100%)
file52.139.176.27	ValleyRAT botnet C2 server (confidence level: 100%)
file56.155.141.135	VShell botnet C2 server (confidence level: 100%)
file198.23.175.56	Remcos botnet C2 server (confidence level: 100%)
file121.127.232.30	ValleyRAT botnet C2 server (confidence level: 100%)
file27.124.44.169	ValleyRAT botnet C2 server (confidence level: 100%)
file27.124.44.169	ValleyRAT botnet C2 server (confidence level: 100%)
file107.173.187.149	VShell botnet C2 server (confidence level: 100%)
file176.116.0.96	VShell botnet C2 server (confidence level: 100%)
file103.213.244.106	VShell botnet C2 server (confidence level: 100%)
file115.190.200.230	VShell botnet C2 server (confidence level: 100%)
file38.55.205.7	VShell botnet C2 server (confidence level: 100%)
file173.249.13.204	VShell botnet C2 server (confidence level: 100%)
file115.42.60.57	VShell botnet C2 server (confidence level: 100%)
file107.175.76.208	VShell botnet C2 server (confidence level: 100%)
file43.152.234.213	VShell botnet C2 server (confidence level: 100%)
file92.246.87.48	VShell botnet C2 server (confidence level: 100%)
file138.197.201.253	Aisuru botnet C2 server (confidence level: 75%)
file45.55.164.53	Aisuru botnet C2 server (confidence level: 75%)
file165.22.13.36	Aisuru botnet C2 server (confidence level: 75%)
file146.190.73.115	Aisuru botnet C2 server (confidence level: 75%)
file46.101.44.178	Aisuru botnet C2 server (confidence level: 75%)
file111.48.101.123	DeimosC2 botnet C2 server (confidence level: 75%)
file124.198.132.185	AsyncRAT botnet C2 server (confidence level: 75%)
file13.37.104.112	Sliver botnet C2 server (confidence level: 75%)
file185.126.5.113	Sliver botnet C2 server (confidence level: 75%)
file191.112.24.55	QakBot botnet C2 server (confidence level: 75%)
file2.241.216.70	Unknown malware botnet C2 server (confidence level: 75%)
file219.246.21.239	DeimosC2 botnet C2 server (confidence level: 75%)
file221.204.216.18	DeimosC2 botnet C2 server (confidence level: 75%)
file76.29.173.227	Unknown malware botnet C2 server (confidence level: 75%)
file115.42.60.223	VShell botnet C2 server (confidence level: 100%)
file159.75.183.3	VShell botnet C2 server (confidence level: 100%)
file206.206.78.33	VShell botnet C2 server (confidence level: 100%)
file103.30.78.110	VShell botnet C2 server (confidence level: 100%)
file45.129.231.10	VShell botnet C2 server (confidence level: 100%)
file124.223.196.227	Sliver botnet C2 server (confidence level: 100%)
file39.99.41.108	VShell botnet C2 server (confidence level: 100%)
file159.203.139.241	Aisuru botnet C2 server (confidence level: 75%)
file147.182.208.9	Aisuru botnet C2 server (confidence level: 75%)
file138.68.175.243	Aisuru botnet C2 server (confidence level: 75%)
file142.93.43.200	Aisuru botnet C2 server (confidence level: 75%)
file134.209.191.50	Aisuru botnet C2 server (confidence level: 75%)
file188.166.84.84	Aisuru botnet C2 server (confidence level: 75%)
file45.55.34.137	Aisuru botnet C2 server (confidence level: 75%)
file138.197.15.181	Aisuru botnet C2 server (confidence level: 75%)
file167.99.171.110	Aisuru botnet C2 server (confidence level: 75%)
file157.230.152.139	Aisuru botnet C2 server (confidence level: 75%)
file42.194.168.128	VShell botnet C2 server (confidence level: 100%)
file150.158.22.130	VShell botnet C2 server (confidence level: 100%)
file207.180.229.201	Unknown malware botnet C2 server (confidence level: 100%)
file23.235.174.2	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.21	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.12	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.26	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.163.200	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.163.207	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.23	Cobalt Strike botnet C2 server (confidence level: 100%)
file110.40.185.125	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.22	Cobalt Strike botnet C2 server (confidence level: 100%)
file103.41.6.59	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.10	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.163.195	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.13	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.163.216	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.163.201	Cobalt Strike botnet C2 server (confidence level: 100%)
file23.235.174.16	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.92.71.218	Cobalt Strike botnet C2 server (confidence level: 100%)
file14.103.158.185	Cobalt Strike botnet C2 server (confidence level: 100%)
file8.130.74.111	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.59.114.189	Remcos botnet C2 server (confidence level: 100%)
file27.102.127.136	Remcos botnet C2 server (confidence level: 100%)
file45.156.248.2	Sliver botnet C2 server (confidence level: 100%)
file79.141.174.123	Sliver botnet C2 server (confidence level: 100%)
file95.111.221.42	Sliver botnet C2 server (confidence level: 100%)
file82.29.67.221	Unknown malware botnet C2 server (confidence level: 100%)
file45.123.188.140	Unknown malware botnet C2 server (confidence level: 100%)
file111.229.63.20	Unknown malware botnet C2 server (confidence level: 100%)
file117.72.62.70	Unknown malware botnet C2 server (confidence level: 100%)
file193.33.195.32	SectopRAT botnet C2 server (confidence level: 100%)
file157.20.182.45	Unknown malware botnet C2 server (confidence level: 100%)
file77.93.154.243	Hook botnet C2 server (confidence level: 100%)
file39.46.124.69	DCRat botnet C2 server (confidence level: 100%)
file46.246.80.16	DCRat botnet C2 server (confidence level: 100%)
file13.127.36.113	MimiKatz botnet C2 server (confidence level: 100%)
file13.221.127.147	Meterpreter botnet C2 server (confidence level: 100%)
file13.221.127.147	Meterpreter botnet C2 server (confidence level: 100%)
file158.69.62.153	Unknown malware botnet C2 server (confidence level: 100%)
file46.62.249.23	Unknown malware botnet C2 server (confidence level: 100%)
file154.84.86.183	Unknown malware botnet C2 server (confidence level: 100%)
file133.242.169.121	Unknown malware botnet C2 server (confidence level: 100%)
file45.119.98.151	ValleyRAT botnet C2 server (confidence level: 100%)
file167.99.221.18	Aisuru botnet C2 server (confidence level: 75%)
file149.88.81.251	Cobalt Strike botnet C2 server (confidence level: 75%)
file173.225.111.176	NetSupportManager RAT botnet C2 server (confidence level: 100%)

Hash

Value	Description	Copy
hash80	XMRIG botnet C2 server (confidence level: 75%)
hash80	XMRIG botnet C2 server (confidence level: 75%)
hash80	XMRIG botnet C2 server (confidence level: 75%)
hash1566	Unknown RAT botnet C2 server (confidence level: 100%)
hash1566	Unknown RAT botnet C2 server (confidence level: 100%)
hash1999	Mirai botnet C2 server (confidence level: 80%)
hash7777	Mirai botnet C2 server (confidence level: 80%)
hash5000	Remcos botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash443	DCRat botnet C2 server (confidence level: 100%)
hash23	Bashlite botnet C2 server (confidence level: 100%)
hash80	Bashlite botnet C2 server (confidence level: 100%)
hash4321	AdaptixC2 botnet C2 server (confidence level: 100%)
hash33333	Meterpreter botnet C2 server (confidence level: 100%)
hash44183	Meterpreter botnet C2 server (confidence level: 100%)
hash19583	Meterpreter botnet C2 server (confidence level: 100%)
hash14817	Meterpreter botnet C2 server (confidence level: 100%)
hash1337	Empire Downloader botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash79	Cobalt Strike botnet C2 server (confidence level: 75%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash7777	Mirai botnet C2 server (confidence level: 80%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8000	AsyncRAT botnet C2 server (confidence level: 100%)
hash81	AsyncRAT botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash80	Venom RAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash18735	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash23348	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash990	Meterpreter botnet C2 server (confidence level: 100%)
hash14780	Meterpreter botnet C2 server (confidence level: 100%)
hash50580	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash6606	AsyncRAT botnet C2 server (confidence level: 100%)
hash7707	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8888	AsyncRAT botnet C2 server (confidence level: 100%)
hash23789	Mirai botnet C2 server (confidence level: 75%)
hash8889	Cobalt Strike botnet C2 server (confidence level: 50%)
hash55553	Cobalt Strike botnet C2 server (confidence level: 50%)
hash2222	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash1337	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3008	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash444	Unknown RAT botnet C2 server (confidence level: 50%)
hash2083	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash443	Unknown malware botnet C2 server (confidence level: 50%)
hash6000	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash6000	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash3015	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash9000	SectopRAT botnet C2 server (confidence level: 50%)
hash9002	Nimplant botnet C2 server (confidence level: 50%)
hash54984	Nanocore RAT botnet C2 server (confidence level: 50%)
hash4443	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash1604	AsyncRAT botnet C2 server (confidence level: 50%)
hash6000	AsyncRAT botnet C2 server (confidence level: 50%)
hash4504	Remcos botnet C2 server (confidence level: 50%)
hash8899	Cobalt Strike botnet C2 server (confidence level: 100%)
hash30002	Cobalt Strike botnet C2 server (confidence level: 100%)
hash26371	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8888	Cobalt Strike botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8089	Hook botnet C2 server (confidence level: 100%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash51290	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash443	Vidar botnet C2 server (confidence level: 100%)
hash6844	PureLogs Stealer botnet C2 server (confidence level: 100%)
hash2222	QakBot botnet C2 server (confidence level: 75%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8090	AsyncRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash1234	Unknown malware botnet C2 server (confidence level: 100%)
hash33333	Unknown malware botnet C2 server (confidence level: 100%)
hash8999	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash7777	NjRAT botnet C2 server (confidence level: 100%)
hash1337	XWorm botnet C2 server (confidence level: 100%)
hash43210	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash81	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash9999	MimiKatz botnet C2 server (confidence level: 100%)
hash46557	Meterpreter botnet C2 server (confidence level: 100%)
hash16208	Meterpreter botnet C2 server (confidence level: 100%)
hash3790	Meterpreter botnet C2 server (confidence level: 100%)
hash771	Meterpreter botnet C2 server (confidence level: 100%)
hash36321	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash4443	ValleyRAT botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8080	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash5555	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2100	Remcos botnet C2 server (confidence level: 75%)
hash21000	Remcos botnet C2 server (confidence level: 75%)
hash2700	Remcos botnet C2 server (confidence level: 75%)
hash27000	Remcos botnet C2 server (confidence level: 75%)
hash8443	Meterpreter botnet C2 server (confidence level: 75%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash7443	Unknown malware botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash444	Unknown RAT botnet C2 server (confidence level: 100%)
hash17778	Meterpreter botnet C2 server (confidence level: 100%)
hash80	Stealc botnet C2 server (confidence level: 100%)
hash443	ValleyRAT botnet C2 server (confidence level: 100%)
hash443	VShell botnet C2 server (confidence level: 100%)
hash4700	Remcos botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash6666	ValleyRAT botnet C2 server (confidence level: 100%)
hash8888	ValleyRAT botnet C2 server (confidence level: 100%)
hash61239	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash10444	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash12341	VShell botnet C2 server (confidence level: 100%)
hash8085	VShell botnet C2 server (confidence level: 100%)
hash20222	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash9084	VShell botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash8080	AsyncRAT botnet C2 server (confidence level: 75%)
hash8888	Sliver botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 75%)
hash443	QakBot botnet C2 server (confidence level: 75%)
hash7443	Unknown malware botnet C2 server (confidence level: 75%)
hash8860	DeimosC2 botnet C2 server (confidence level: 75%)
hash10250	DeimosC2 botnet C2 server (confidence level: 75%)
hash8096	Unknown malware botnet C2 server (confidence level: 75%)
hash61236	VShell botnet C2 server (confidence level: 100%)
hash7891	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash443	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash8888	Sliver botnet C2 server (confidence level: 100%)
hash1236	VShell botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash4552	VShell botnet C2 server (confidence level: 100%)
hash8084	VShell botnet C2 server (confidence level: 100%)
hash4444	Unknown malware botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash9878	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4444	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2406	Remcos botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash443	Sliver botnet C2 server (confidence level: 100%)
hash8080	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash9000	SectopRAT botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash6906	DCRat botnet C2 server (confidence level: 100%)
hash4444	DCRat botnet C2 server (confidence level: 100%)
hash443	MimiKatz botnet C2 server (confidence level: 100%)
hash6002	Meterpreter botnet C2 server (confidence level: 100%)
hash49152	Meterpreter botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Unknown malware botnet C2 server (confidence level: 100%)
hash6667	ValleyRAT botnet C2 server (confidence level: 100%)
hash8001	Aisuru botnet C2 server (confidence level: 75%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash443	NetSupportManager RAT botnet C2 server (confidence level: 100%)

Url

Value	Description	Copy
urlhttp://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/ejk52zwt2js16ro	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/q7cherolivolejk	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttp://hazystripe2004.shop/b5a52ebb310b65f06dd10cfe69f72363/q38dyv0te345uf4	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://www.chess.com/member/slcbz	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://api.telegram.org/bot8393528187:aahe-fyrlen4e-tne4sqwpojxcobztmq5me/	Agent Tesla botnet C2 (confidence level: 50%)
urlhttp://www.052atelier.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.1wrzv5r.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.39tka.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.4er.online/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.5vip5.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.5x15yrz.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.7xj4xi.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.a2sbn1y.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ainedcapital.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.apwzfssh.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.atecards.pro/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.atio.ee/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.dityahd.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eadpoint.xyz/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ebyarhgo9.info/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.egalsandstone.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.enjajackpot168.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eojgm2.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.erkshireriskservices.ai/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.eucaixaapp.com.br/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ffortlessrules.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.fnciu.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.glychic.store/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hargingstations.be/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.heiliao.wiki/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.heroplu.xyz/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hillipsakers.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.horncast.se/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.hpsvifx.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.i7u6fiq.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.iile.cn/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.indowblindsbd.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.infastvnauto.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ioneerindustriesllc.net/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.itoolstown.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.kwj9ys.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.lirionis.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.mnwp51y.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.n2s37.shop/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oa6yi73.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oadsidearmor.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.obsonadv.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oodgutbug.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oohook.net/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ordfilmpyr.lat/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.oreenheintznotary.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.otelsnearbrentfordstadium.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.otget.net/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ovisque.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.pavk23.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.portmore-iq.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.r5boj.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ritify.info/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rjvc.cn/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.rternhouse.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.sgx60.shop/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ssessxtratrades.ltd/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.stra.parts/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.t2wjl8x.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.umespot.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.yla6phe.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.ytegs.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zlbk7uj.bond/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zm7.top/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://www.zmoonshots.com/rn10/	Formbook botnet C2 (confidence level: 50%)
urlhttp://42.193.243.230:8899/ysih	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://kit.chadamaite.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://kit.asrkala.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://top.chadamaite.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://top.asrkala.top/	Vidar botnet C2 (confidence level: 100%)
urlhttps://46.224.26.34/	Vidar botnet C2 (confidence level: 100%)
urlhttps://157.180.113.244/	Vidar botnet C2 (confidence level: 100%)
urlhttps://185.208.158.230/	Vidar botnet C2 (confidence level: 100%)
urlhttps://val.chadamaite.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://val.asrkala.top/	Vidar botnet C2 (confidence level: 100%)
urlhttp://43.156.137.45:443/jquery-3.3.1.min.js	Cobalt Strike botnet C2 (confidence level: 75%)
urlhttps://lumis.lt/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://fastsolution.asia/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://www.seydap.gr/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttp://45.93.20.34/20e1a9f6de594e28.php	Stealc botnet C2 (confidence level: 100%)
urlhttps://www.dcamargobetoneiras.com.br/	Unknown malware payload delivery URL (confidence level: 90%)
urlhttps://jjjgaasda.live/api/config	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://jjjgaasda.live/api/client	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://steamcommunity.com/profiles/76561199000000002/	Unknown Stealer botnet C2 (confidence level: 100%)
urlhttps://tur.chadamaite.com/	Vidar botnet C2 (confidence level: 100%)
urlhttps://tur.asrkala.top/	Vidar botnet C2 (confidence level: 100%)
urlhttp://196.251.107.23/7ffc7a279c17c091.php	Stealc botnet C2 (confidence level: 100%)

Threat ID: 6941f612d2cd6f6c37b6aef9

Added to database: 12/17/2025, 12:15:14 AM

Last enriched: 12/17/2025, 12:15:33 AM

Last updated: 12/17/2025, 3:53:08 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.